3 # COPYRIGHT NOTICE STARTS HERE
5 # Copyright 2018-2019 © Samsung Electronics Co., Ltd.
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
19 # COPYRIGHT NOTICE ENDS HERE
21 ### This script prepares Nexus repositories data blobs for ONAP
23 ## The script requires following dependencies are installed: nodejs, jq, docker, twine, expect
24 ## All required resources are expected in the upper directory created during
25 ## download procedure as DATA_DIR or in the directory given as --input-directory
26 ## All lists used must be in project data_lists directory or in the directory given
27 ## as --resource-list-directory
32 TIMESTAMP="date +'%Y-%m-%d_%H-%M-%S'"
33 SCRIPT_LOG="/tmp/$(basename $0)_$(eval ${TIMESTAMP}).log"
36 exec &> >(tee -a "${SCRIPT_LOG}")
38 # Nexus repository location
41 NEXUS_DOCKER_PORT="8082"
42 NPM_REGISTRY="http://${NEXUS_DOMAIN}:${NEXUS_PORT}/repository/npm-private/"
43 PYPI_REGISTRY="http://${NEXUS_DOMAIN}:${NEXUS_PORT}/repository/pypi-private/"
44 DOCKER_REGISTRY="${NEXUS_DOMAIN}:${NEXUS_DOCKER_PORT}"
45 DEFAULT_REGISTRY="docker.io"
47 # Nexus repository credentials
49 NEXUS_PASSWORD=admin123
50 NEXUS_EMAIL=admin@example.org
53 LOCAL_PATH="$(readlink -f $(dirname ${0}))"
57 DATA_DIR="$(realpath ${LOCAL_PATH}/../../resources)"
58 NEXUS_DATA_DIR="${DATA_DIR}/nexus_data"
59 LISTS_DIR="${LOCAL_PATH}/data_lists"
61 # Required dependencies
62 COMMANDS=(jq docker expect npm twine)
65 echo " Example usage: build_nexus_blob.sh --input-directory </path/to/downloaded/files/dir> --output-directory
66 </path/to/output/dir> --resource-list-directory </path/to/dir/with/resource/list> [--load-docker-images]
68 -i | --input-directory directory containing file needed to create nexus blob. The structure of this directory must organized as described in build guide
69 -ld | --load-docker-images load docker images from stored files in the input directory
70 -o | --output-directory
71 -rl | --resource-list-directory directory with files containing docker, pypi and npm lists
77 for REGISTRY in $(sed -n '/\.[^/].*\//p' ${1} | sed -e 's/\/.*$//' | sort -u | grep -v ${DEFAULT_REGISTRY} || true) ${NEXUS_PORT}; do
78 if [[ ${REGISTRY} != *":"* ]]; then
79 if [[ ${PUBLISHED_PORTS} != *"80:${NEXUS_DOCKER_PORT}"* ]]; then
80 PUBLISHED_PORTS="${PUBLISHED_PORTS} -p 80:${NEXUS_DOCKER_PORT}"
83 REGISTRY_PORT="$(sed 's/^.*\:\([[:digit:]]*\)$/\1/' <<< ${REGISTRY})"
84 if [[ ${PUBLISHED_PORTS} != *"${REGISTRY_PORT}:${NEXUS_DOCKER_PORT}"* ]]; then
85 PUBLISHED_PORTS="${PUBLISHED_PORTS} -p ${REGISTRY_PORT}:${NEXUS_DOCKER_PORT}"
92 SIMUL_HOSTS=($(sed -n '/\.[^/].*\//p' ${1} | sed -e 's/\/.*$// ; s/:.*$//' | sort -u | grep -v ${DEFAULT_REGISTRY} || true ) ${NEXUS_DOMAIN})
93 for HOST in "${SIMUL_HOSTS[@]}"; do
94 if ! grep -wq ${HOST} /etc/hosts; then
95 echo "127.0.0.1 ${HOST}" >> /etc/hosts
100 load_docker_images () {
101 for ARCHIVE in $(sed $'s/\r// ; /^#/d ; s/\:/\_/g ; s/\//\_/g ; s/$/\.tar/g' ${1} | awk '{ print $1 }'); do
102 docker load -i ${NXS_SRC_DOCKER_IMG_DIR}/${ARCHIVE}
107 for ARCHIVE in $(sed $'s/\r// ; s/\\@/\-/g ; s/$/\.tgz/g' ${1}); do
108 npm publish --access public ${ARCHIVE} > /dev/null
109 echo "NPM ${ARCHIVE} pushed to Nexus"
114 for PACKAGE in $(sed $'s/\r//; s/==/-/' ${NXS_PYPI_LIST}); do
115 twine upload -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" --repository-url ${PYPI_REGISTRY} ${PACKAGE}*
116 echo "PYPI ${PACKAGE} pushed to Nexus"
121 for REGISTRY in $(sed -n '/\.[^/].*\//p' ${1} | sed -e 's/\/.*$//' | sort -u | grep -v ${DEFAULT_REGISTRY}) ${DOCKER_REGISTRY}; do
122 echo "Docker login to ${REGISTRY}"
123 docker login -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" ${REGISTRY} > /dev/null
128 for IMAGE in $(sed $'s/\r// ; /^#/d' ${1} | awk '{ print $1 }'); do
130 if [[ ${IMAGE} != *"/"* ]]; then
131 PUSH="${DOCKER_REGISTRY}/library/${IMAGE}"
132 elif [[ ${IMAGE} == *"${DEFAULT_REGISTRY}"* ]]; then
133 if [[ ${IMAGE} == *"/"*"/"* ]]; then
134 PUSH="$(sed 's/'"${DEFAULT_REGISTRY}"'/'"${DOCKER_REGISTRY}"'/' <<< ${IMAGE})"
136 PUSH="$(sed 's/'"${DEFAULT_REGISTRY}"'/'"${DOCKER_REGISTRY}"'\/library/' <<< ${IMAGE})"
138 elif [[ -z $(sed -n '/\.[^/].*\//p' <<< ${IMAGE}) ]]; then
139 PUSH="${DOCKER_REGISTRY}/${IMAGE}"
141 if [[ ! -z ${PUSH} ]]; then
142 docker tag ${IMAGE} ${PUSH}
147 echo "${IMAGE} pushed as ${PUSH} to Nexus"
151 # Verify all dependencies are available in PATH
153 for cmd in ${COMMANDS[*]};
155 command -v $cmd >/dev/null 2>&1 || FAILED_COMMANDS+=($cmd)
157 if [ ${#FAILED_COMMANDS[*]} -gt 0 ];
159 echo "Following commands where not found in PATH and are required:"
160 echo ${FAILED_COMMANDS[*]}
165 while [ "${1}" != "" ]; do
167 -i | --input-directory ) shift
170 -ld | --load-docker-images ) DOCKER_LOAD="true"
172 -o | --output-directory ) shift
173 NEXUS_DATA_DIR="${1}"
175 -rl | --resource-list-directory ) shift
185 # Setup directories with resources for docker, npm and pypi
186 NXS_SRC_DOCKER_IMG_DIR="${DATA_DIR}/offline_data/docker_images_for_nexus"
187 NXS_SRC_NPM_DIR="${DATA_DIR}/offline_data/npm_tar"
188 NXS_SRC_PYPI_DIR="${DATA_DIR}/offline_data/pypi"
190 # Setup specific resources lists
191 NXS_DOCKER_IMG_LIST="${LISTS_DIR}/onap_docker_images.list"
192 NXS_NPM_LIST="${LISTS_DIR}/onap_npm.list"
193 NXS_PYPI_LIST="${LISTS_DIR}/onap_pip_packages.list"
195 # Setup Nexus image used for build and install infra
196 INFRA_LIST="${LISTS_DIR}/infra_docker_images.list"
197 NEXUS_IMAGE="$(grep sonatype/nexus3 ${INFRA_LIST})"
198 NEXUS_IMAGE_TAR="${DATA_DIR}/offline_data/docker_images_infra/$(sed 's/\//\_/ ; s/$/\.tar/ ; s/\:/\_/' <<< ${NEXUS_IMAGE})"
201 HOSTS_BACKUP="$(eval ${TIMESTAMP}_hosts.bk)"
202 cp /etc/hosts /etc/${HOSTS_BACKUP}
204 # Backup the current docker registry settings
205 if [ -f ~/.docker/config.json ]; then
206 DOCKER_CONF_BACKUP="$(eval ${TIMESTAMP}_config.json.bk)"
207 mv ~/.docker/config.json ~/.docker/${DOCKER_CONF_BACKUP}
210 # Setup default ports published to host as docker registry
211 PUBLISHED_PORTS="-p ${NEXUS_PORT}:${NEXUS_PORT} -p ${NEXUS_DOCKER_PORT}:${NEXUS_DOCKER_PORT}"
213 # Setup additional ports published to host based on simulated docker registries
214 publish_ports "${NXS_DOCKER_IMG_LIST}"
216 # Setup simulated domain names to be able to push all to private Nexus repository
217 simulated_hosts "${NXS_DOCKER_IMG_LIST}"
219 # Nexus repository configuration setup
220 NEXUS_CONFIG_GROOVY='import org.sonatype.nexus.security.realm.RealmManager
221 import org.sonatype.nexus.repository.attributes.AttributesFacet
222 import org.sonatype.nexus.security.user.UserManager
223 import org.sonatype.nexus.repository.manager.RepositoryManager
224 import org.sonatype.nexus.security.user.UserNotFoundException
225 /* Use the container to look up some services. */
226 realmManager = container.lookup(RealmManager.class)
227 userManager = container.lookup(UserManager.class, "default") //default user manager
228 repositoryManager = container.lookup(RepositoryManager.class)
229 /* Managers are used when scripting api cannot. Note that scripting api can only create mostly, and that creation methods return objects of created entities. */
230 /* Perform cleanup by removing all repos and users. Realms do not need to be re-disabled, admin and anonymous user will not be removed. */
231 userManager.listUserIds().each({ id ->
232 if (id != "anonymous" && id != "admin")
233 userManager.deleteUser(id)
235 repositoryManager.browse().each {
236 repositoryManager.delete(it.getName())
238 /* Add bearer token realms at the end of realm lists... */
239 realmManager.enableRealm("NpmToken")
240 realmManager.enableRealm("DockerToken")
241 realmManager.enableRealm("PypiToken")
242 /* Create the docker user. */
243 security.addUser("docker", "docker", "docker", "docker@example.com", true, "docker", ["nx-anonymous"])
244 /* Create docker, npm and pypi repositories. Their default configuration should be compliant with our requirements, except the docker registry creation. */
245 repository.createNpmHosted("npm-private")
246 repository.createPyPiHosted("pypi-private")
247 def r = repository.createDockerHosted("onap", 8082, 0)
248 /* force basic authentication true by default, must set to false for docker repo. */
249 conf=r.getConfiguration()
250 conf.attributes("docker").set("forceBasicAuth", false)
251 repositoryManager.update(conf)'
253 # Prepare the Nexus configuration
254 NEXUS_CONFIG=$(echo "${NEXUS_CONFIG_GROOVY}" | jq -Rsc '{"name":"configure", "type":"groovy", "content":.}')
256 #################################
257 # Docker repository preparation #
258 #################################
260 if [ "${DOCKER_LOAD}" == "true" ]; then
261 # Load predefined Nexus image
262 docker load -i ${NEXUS_IMAGE_TAR}
263 # Load all necessary images
264 load_docker_images ${NXS_DOCKER_IMG_LIST}
267 ################################
268 # Nexus repository preparation #
269 ################################
271 # Prepare nexus-data directory
272 if [ -d ${NEXUS_DATA_DIR} ]; then
273 if [ "$(docker ps -q -f name="${NEXUS_DOMAIN}")" ]; then
274 echo "Removing container ${NEXUS_DOMAIN}"
275 docker rm -f $(docker ps -aq -f name="${NEXUS_DOMAIN}")
277 pushd ${NEXUS_DATA_DIR}/..
278 NXS_BACKUP="$(eval ${TIMESTAMP})_$(basename ${NEXUS_DATA_DIR})_bk"
279 mv ${NEXUS_DATA_DIR} "${NXS_BACKUP}"
280 echo "${NEXUS_DATA_DIR} already exists - backing up to ${NXS_BACKUP}"
284 mkdir -p ${NEXUS_DATA_DIR}
285 chown 200:200 ${NEXUS_DATA_DIR}
286 chmod 777 ${NEXUS_DATA_DIR}
288 # Save Nexus version to prevent/catch data incompatibility
289 docker images --no-trunc | grep sonatype/nexus3 | awk '{ print $1":"$2" "$3}' > ${NEXUS_DATA_DIR}/nexus.ver
292 NEXUS_CONT_ID=$(docker run -d --rm -v ${NEXUS_DATA_DIR}:/nexus-data:rw --name ${NEXUS_DOMAIN} ${PUBLISHED_PORTS} ${NEXUS_IMAGE})
293 echo "Waiting for Nexus to fully start"
294 until curl -su ${NEXUS_USERNAME}:${NEXUS_PASSWORD} http://${NEXUS_DOMAIN}:${NEXUS_PORT}/service/metrics/healthcheck | grep '"healthy":true' > /dev/null ; do
298 echo -e "\nNexus started"
300 # Configure the nexus repository
301 curl -sX POST --header 'Content-Type: application/json' --data-binary "${NEXUS_CONFIG}" http://${NEXUS_USERNAME}:${NEXUS_PASSWORD}@${NEXUS_DOMAIN}:${NEXUS_PORT}/service/rest/v1/script
302 curl -sX POST --header "Content-Type: text/plain" http://${NEXUS_USERNAME}:${NEXUS_PASSWORD}@${NEXUS_DOMAIN}:${NEXUS_PORT}/service/rest/v1/script/configure/run > /dev/null
304 ###########################
305 # Populate NPM repository #
306 ###########################
308 # Configure NPM registry to our Nexus repository
309 echo "Configure NPM registry to ${NPM_REGISTRY}"
310 npm config set registry "${NPM_REGISTRY}"
312 # Login to NPM registry
313 /usr/bin/expect <<EOF
316 send "${NEXUS_USERNAME}\n"
318 send "${NEXUS_PASSWORD}\n"
320 send "${NEXUS_EMAIL}\n"
324 # Patch problematic package
325 pushd ${NXS_SRC_NPM_DIR}
326 PATCHED_NPM="$(grep tsscmp ${NXS_NPM_LIST} | sed $'s/\r// ; s/\\@/\-/ ; s/$/\.tgz/')"
327 if [[ ! -z "${PATCHED_NPM}" ]] && ! zgrep -aq "${NPM_REGISTRY}" "${PATCHED_NPM}" 2>/dev/null; then
328 tar xzf "${PATCHED_NPM}"
329 rm -f "${PATCHED_NPM}"
330 sed -i 's|\"registry\":\ \".*\"|\"registry\":\ \"'"${NPM_REGISTRY}"'\"|g' package/package.json
331 tar -zcf "${PATCHED_NPM}" package
335 # Push NPM packages to Nexus repository
336 push_npm "${NXS_NPM_LIST}"
339 ###############################
340 ## Populate PyPi repository #
341 ###############################
343 pushd ${NXS_SRC_PYPI_DIR}
344 push_pip "${NXS_PYPI_LIST}"
347 ###############################
348 ## Populate Docker repository #
349 ###############################
351 # Login to simulated docker registries
352 # Push images to private nexus based on the list
353 # Images from default registry need to be tagged to private registry
354 # and those without defined repository in tag uses default repository 'library'
355 docker_login "${NXS_DOCKER_IMG_LIST}"
356 push_docker "${NXS_DOCKER_IMG_LIST}"
358 ##############################
359 # Stop the Nexus and cleanup #
360 ##############################
362 echo "Stopping Nexus and returning backups"
365 docker stop ${NEXUS_CONT_ID} > /dev/null
367 # Return backed up configuration files
368 mv -f "/etc/${HOSTS_BACKUP}" /etc/hosts
370 if [ -f ~/.docker/${DOCKER_CONF_BACKUP} ]; then
371 mv -f ~/.docker/${DOCKER_CONF_BACKUP} ~/.docker/config.json
374 # Return default settings
375 npm config set registry "https://registry.npmjs.org"
377 echo "Nexus blob is built"