aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2019-03-26 13:35:36 +0000
committerGerrit Code Review <gerrit@onap.org>2019-03-26 13:35:36 +0000
commit0b444df21c00b225a1e1c86da506aa5a2131f58b (patch)
tree99d6582295a809e72d09a51a4c5a93bebf77faef
parent5c1314e5e7c89923e408cf8d60f44c15db6dac89 (diff)
parentd12485a21f4393c3f43b5eb19f64a9cb1018a551 (diff)
Merge "SDNC-665: Python script for adding to ODL keystore"
Former-commit-id: 220ebdca39a85491b22acc7ed9024a348652b1b0
-rw-r--r--installation/sdnc/pom.xml5
-rwxr-xr-xinstallation/sdnc/src/main/docker/Dockerfile1
-rw-r--r--installation/sdnc/src/main/scripts/installCerts.py205
-rwxr-xr-xinstallation/sdnc/src/main/scripts/startODL.sh5
4 files changed, 213 insertions, 3 deletions
diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml
index 7948f3ed..fe5d9258 100644
--- a/installation/sdnc/pom.xml
+++ b/installation/sdnc/pom.xml
@@ -146,7 +146,6 @@
</resources>
</configuration>
</execution>
-
<execution>
<id>copy-scripts</id>
<goals>
@@ -158,7 +157,8 @@
<resources>
<resource>
<directory>src/main/scripts</directory>
- <includes>
+ <includes>
+ <include>*.py</include>
<include>*.sh</include>
</includes>
<filtering>false</filtering>
@@ -166,7 +166,6 @@
</resources>
</configuration>
</execution>
-
<execution>
<id>copy-tarballs</id>
<goals>
diff --git a/installation/sdnc/src/main/docker/Dockerfile b/installation/sdnc/src/main/docker/Dockerfile
index e7d592eb..a9aa42ec 100755
--- a/installation/sdnc/src/main/docker/Dockerfile
+++ b/installation/sdnc/src/main/docker/Dockerfile
@@ -27,6 +27,7 @@ RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jk
# copy onap
COPY opt /opt
RUN test -L /opt/sdnc || ln -s /opt/onap/sdnc /opt/sdnc
+RUN mkdir /opt/opendaylight/current/certs
# copy SDNC mvn artifacts to ODL repository
COPY system /tmp/system
diff --git a/installation/sdnc/src/main/scripts/installCerts.py b/installation/sdnc/src/main/scripts/installCerts.py
new file mode 100644
index 00000000..47e28c0b
--- /dev/null
+++ b/installation/sdnc/src/main/scripts/installCerts.py
@@ -0,0 +1,205 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+
+# coding=utf-8
+import os
+import httplib
+import base64
+import time
+import zipfile
+import shutil
+
+Path = "/tmp"
+
+zipFileList = []
+username = "admin"
+password = "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"
+
+TIME_OUT=1000
+INTERVAL=30
+TIME=0
+
+postKeystore= "/restconf/operations/netconf-keystore:add-keystore-entry"
+postPrivateKey= "/restconf/operations/netconf-keystore:add-private-key"
+postTrustedCertificate= "/restconf/operations/netconf-keystore:add-trusted-certificate"
+
+
+headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password),
+ 'X-FromAppId': 'csit-sdnc',
+ 'X-TransactionId': 'csit-sdnc',
+ 'Accept':"application/json",
+ 'Content-type':"application/json"}
+
+def readFile(folder, file):
+ key = open(Path + "/" + folder + "/" + file, "r")
+ fileRead = key.read()
+ key.close()
+ fileRead = "\n".join(fileRead.splitlines()[1:-1])
+ return fileRead
+
+def readTrustedCertificate(folder, file):
+ caPem = ""
+ serverCrt = ""
+ startCa = False
+ startCrt = False
+ key = open(Path + "/" + folder + "/" + file, "r")
+ lines = key.readlines()
+ for line in lines:
+ if not "BEGIN CERTIFICATE CA.pem" in line and not "END CERTIFICATE CA.pem" in line and startCa:
+ caPem += line
+ elif "BEGIN CERTIFICATE CA.pem" in line:
+ startCa = True
+ elif "END CERTIFICATE CA.pem" in line:
+ startCa = False
+
+ if not "BEGIN CERTIFICATE Server.crt" in line and not "END CERTIFICATE Server.crt" in line and startCrt:
+ serverCrt += line
+ elif "BEGIN CERTIFICATE Server.crt" in line:
+ startCrt = True
+ elif "END CERTIFICATE Server.crt" in line:
+ startCrt = False
+ return caPem, serverCrt
+
+def makeKeystoreKey(clientKey, count):
+ odl_private_key="ODL_private_key_%d" %count
+
+ json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \
+ '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format(
+ odl_private_key=odl_private_key,
+ clientKey=clientKey)
+
+ return json_keystore_key
+
+
+
+def makePrivateKey(clientKey, clientCrt, caPem, count):
+ odl_private_key="ODL_private_key_%d" %count
+
+ json_private_key='{{\"input\": {{ \"private-key\":{{\"name\": \"{odl_private_key}\", \"data\" : ' \
+ '\"{clientKey}\",\"certificate-chain\":[\"{clientCrt}\",\"{caPem}\"]}}}}}}'.format(
+ odl_private_key=odl_private_key,
+ clientKey=clientKey,
+ clientCrt=clientCrt,
+ caPem=caPem)
+
+ return json_private_key
+
+def makeTrustedCertificate(serverCrt, caPem, count):
+ trusted_cert_name = "xNF_Server_certificate_%d" %count
+ trusted_name = "xNF_CA_certificate_%d" %count
+
+ json_trusted_cert='{{\"input\": {{ \"trusted-certificate\": [{{\"name\":\"{trusted_cert_name}\",\"certificate\" : ' \
+ '\"{serverCrt}\"}},{{\"name\": \"{trusted_name}\",\"certificate\":\"{caPem}\"}}]}}}}'.format(
+ trusted_cert_name=trusted_cert_name,
+ serverCrt=serverCrt,
+ trusted_name=trusted_name,
+ caPem=caPem)
+
+ return json_trusted_cert
+
+
+def makeRestconfPost(conn, json_file, apiCall):
+ req = conn.request("POST", apiCall, json_file, headers=headers)
+ res = conn.getresponse()
+ res.read()
+ if res.status != 200:
+ print "Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason)
+ else:
+ print res.status, res.reason
+
+def extractZipFiles(zipFileList, count):
+ for zipFolder in zipFileList:
+ with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
+ zip_ref.extractall(Path)
+ folder = zipFolder.rsplit(".")[0]
+ processFiles(folder, count)
+
+def processFiles(folder, count):
+ conn = httplib.HTTPConnection("localhost",8181)
+ for file in os.listdir(Path + "/" + folder):
+ if os.path.isfile(Path + "/" + folder + "/" + file.strip()):
+ if ".key" in file:
+ clientKey = readFile(folder, file.strip())
+ elif "trustedCertificate" in file:
+ caPem, serverCrt = readTrustedCertificate(folder, file.strip())
+ elif ".crt" in file:
+ clientCrt = readFile(folder, file.strip())
+ else:
+ print "Could not find file %s" % file.strip()
+ shutil.rmtree(Path + "/" + folder)
+ json_keystore_key = makeKeystoreKey(clientKey, count)
+ json_private_key = makePrivateKey(clientKey, clientCrt, caPem, count)
+ json_trusted_cert = makeTrustedCertificate(serverCrt, caPem, count)
+
+ makeRestconfPost(conn, json_keystore_key, postKeystore)
+ makeRestconfPost(conn, json_private_key, postPrivateKey)
+ makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate)
+
+def makeHealthcheckCall(headers):
+ conn = httplib.HTTPConnection("localhost",8181)
+ req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers)
+ res = conn.getresponse()
+ res.read()
+ if res.status == 200:
+ print ("Healthcheck Passed in %d seconds." %TIME)
+ else:
+ print ("Sleep: %d seconds before testing if Healtcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, TIME, TIME_OUT))
+ return res.status
+
+
+def timeIncrement(TIME):
+ time.sleep(INTERVAL)
+ TIME = TIME + INTERVAL
+ return TIME
+
+def healthcheck(TIME):
+ # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200
+ while TIME < TIME_OUT:
+ try:
+ status = makeHealthcheckCall(headers)
+ if status == 200:
+ connected = True
+ break
+ except:
+ print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, TIME, TIME_OUT))
+
+ TIME = timeIncrement(TIME)
+
+ if TIME > TIME_OUT:
+ print ("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIME_OUT)
+
+ if connected:
+ count = 0
+ if os.path.isfile(Path + "/certs.properties"):
+ with open(Path + "/certs.properties", "r") as f:
+ for line in f:
+ if not "*****" in line:
+ zipFileList.append(line)
+ else:
+ extractZipFiles(zipFileList, count)
+ count += 1
+ del zipFileList[:]
+ else:
+ print "Error: File not found in path entered"
+ else:
+ print "This was a problem here, Healthcheck never passed, please check is your instance up and running."
+
+
+healthcheck(TIME)
diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh
index 9a795cab..73e3eaa7 100755
--- a/installation/sdnc/src/main/scripts/startODL.sh
+++ b/installation/sdnc/src/main/scripts/startODL.sh
@@ -73,6 +73,7 @@ function enable_odl_cluster(){
ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
+SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
SLEEP_TIME=${SLEEP_TIME:-120}
MYSQL_PASSWD=${MYSQL_PASSWD:-openECOMP1.0}
@@ -117,4 +118,8 @@ then
echo "Installed at `date`" > ${INSTALLED_DIR}/.installed
fi
+cp /opt/opendaylight/current/certs/* /tmp
+
+nohup python ${SDNC_BIN}/installCerts.py &
+
exec ${ODL_HOME}/bin/karaf server