X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=installation%2Fsdnc%2Fsrc%2Fmain%2Fscripts%2FinstallCerts.py;h=2aaa20276c32b2eb831d4857c157a4f4101b3aa0;hb=235822c81f892d32eb015cae7a1488319d76bc3b;hp=d00db39382279b9fd6c0c483091a87890ccc6a7a;hpb=7484523c5b15b7dc1f00aae044d6ab5527147b6e;p=sdnc%2Foam.git diff --git a/installation/sdnc/src/main/scripts/installCerts.py b/installation/sdnc/src/main/scripts/installCerts.py index d00db393..2aaa2027 100644 --- a/installation/sdnc/src/main/scripts/installCerts.py +++ b/installation/sdnc/src/main/scripts/installCerts.py @@ -1,6 +1,9 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # ================================================================================ +# extended by highstreet technologies GmbH (c) 2020 +# Copyright (c) 2021 Nokia Intellectual Property. +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -20,6 +23,7 @@ # coding=utf-8 import os +import sys import re import http.client import base64 @@ -29,15 +33,20 @@ import shutil import subprocess import logging - -log_file = '/opt/opendaylight/data/log/installCerts.log' -with open(os.path.join('/opt/opendaylight/data/log', 'installCerts.log'), 'w') as fp: +odl_home = os.environ['ODL_HOME'] +log_directory = odl_home + '/data/log/' +log_file = log_directory + 'installCerts.log' +with open(os.path.join(log_directory, 'installCerts.log'), 'w') as fp: pass - log_format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" +if not os.path.exists(log_directory): + os.makedirs(log_directory) logging.basicConfig(filename=log_file,level=logging.DEBUG,filemode='w',format=log_format) +print ('Start cert provisioning. Log file: ' + log_file); Path = "/tmp" +if "ODL_CERT_DIR" in os.environ: + Path = os.environ['ODL_CERT_DIR'] zipFileList = [] @@ -59,6 +68,18 @@ keystore_file = Path + '/keystore.jks' jks_files = [truststore_pass_file, keystore_pass_file, keystore_file, truststore_file] +envOdlFeaturesBoot='ODL_FEATURES_BOOT' +# Strategy sli-api is default +certreadyCmd="POST" +certreadyUrl="/rests/operations/SLI-API:healthcheck" + +if "SDNRWT" in os.environ: + sdnrWt = os.environ['SDNRWT'] + if sdnrWt == "true": + certreadyCmd="GET" + certreadyUrl="/rests/data/network-topology:network-topology" +logging.info('ODL ready strategy with command %s and url %s', certreadyCmd, certreadyUrl) + odl_port = 8181 cred_string = username + ":" + password headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).decode(), @@ -67,7 +88,6 @@ headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).d 'Accept':"application/json", 'Content-type':"application/yang-data+json"} - def readFile(folder, file): key = open(Path + "/" + folder + "/" + file, "r") fileRead = key.read() @@ -75,7 +95,6 @@ def readFile(folder, file): fileRead = "\n".join(fileRead.splitlines()[1:-1]) return fileRead - def readTrustedCertificate(folder, file): listCert = list() caPem = "" @@ -93,7 +112,6 @@ def readTrustedCertificate(folder, file): caPem = "" return listCert - def makeKeystoreKey(clientKey, count): odl_private_key = "ODL_private_key_%d" %count @@ -104,7 +122,6 @@ def makeKeystoreKey(clientKey, count): return json_keystore_key - def makePrivateKey(clientKey, clientCrt, certList, count): caPem = "" if certList: @@ -122,7 +139,6 @@ def makePrivateKey(clientKey, clientCrt, certList, count): return json_private_key - def makeTrustedCertificate(certList, count): number = 0 json_cert_format = "" @@ -143,21 +159,26 @@ def makeRestconfPost(conn, json_file, apiCall): req = conn.request("POST", apiCall, json_file, headers=headers) res = conn.getresponse() res.read() - if res.status != 200: + if res.status != 200 and res.status != 204: logging.error("Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason)) + writeCertInstallStatus("NOTOK") else: logging.debug("Response :%s Reason :%s ",res.status, res.reason) - def extractZipFiles(zipFileList, count): for zipFolder in zipFileList: - with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref: - zip_ref.extractall(Path) - folder = zipFolder.rsplit(".")[0] - processFiles(folder, count) - + try: + with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref: + zip_ref.extractall(Path) + folder = zipFolder.rsplit(".")[0] + processFiles(folder, count) + except Exception as e: + logging.error("Error while extracting zip file(s). Exiting Certificate Installation.") + logging.info("Error details : %s" % e) + writeCertInstallStatus("NOTOK") def processFiles(folder, count): + logging.info('Process folder: %d %s', count, folder) for file in os.listdir(Path + "/" + folder): if os.path.isfile(Path + "/" + folder + "/" + file.strip()): if ".key" in file: @@ -168,11 +189,12 @@ def processFiles(folder, count): clientCrt = readFile(folder, file.strip()) else: logging.error("Could not find file %s" % file.strip()) + writeCertInstallStatus("NOTOK") shutil.rmtree(Path + "/" + folder) post_content(clientKey, clientCrt, certList, count) - def post_content(clientKey, clientCrt, certList, count): + logging.info('Post content: %d', count) conn = http.client.HTTPConnection("localhost",odl_port) if clientKey: @@ -197,21 +219,24 @@ def makeHealthcheckCall(headers, timePassed): while timePassed < TIMEOUT: try: conn = http.client.HTTPConnection("localhost",odl_port) - req = conn.request("POST", "/rests/operations/SLI-API:healthcheck",headers=headers) + req = conn.request(certreadyCmd, certreadyUrl,headers=headers) res = conn.getresponse() res.read() - if res.status == 200: + httpStatus = res.status + if httpStatus == 200: logging.debug("Healthcheck Passed in %d seconds." %timePassed) connected = True break else: - logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds. Problem code was: %d" %(INTERVAL, timePassed, TIMEOUT, httpStatus)) except: - logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds." %(INTERVAL, timePassed, TIMEOUT)) timePassed = timeIncrement(timePassed) if timePassed > TIMEOUT: logging.error("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT) + writeCertInstallStatus("NOTOK") + return connected @@ -228,32 +253,37 @@ def get_pass(file_name): return "'{}'".format(password) except Exception as e: logging.error("Error occurred while fetching password : %s", e) - exit() - + writeCertInstallStatus("NOTOK") def cleanup(): - for file in jks_files: - if os.path.isfile(file): - logging.debug("Cleaning up the file %s", file) - os.remove(file) + for file in os.listdir(Path): + if os.path.isfile(Path + '/' + file): + logging.debug("Cleaning up the file %s", Path + '/'+ file) + os.remove(Path + '/'+ file) def jks_to_p12(file, password): """Converts jks format into p12""" try: - p12_file = file.replace('.jks', '.p12') - jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password) - logging.debug("Converting %s into p12 format", file) - os.system(jks_cmd) - file = p12_file - return file + certList = [] + key = None + cert = None + if (file.endswith('.jks')): + p12_file = file.replace('.jks', '.p12') + jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password) + logging.debug("Converting %s into p12 format", file) + os.system(jks_cmd) + file = p12_file + return file except Exception as e: logging.error("Error occurred while converting jks to p12 format : %s", e) + writeCertInstallStatus("NOTOK") def make_cert_chain(cert_chain, pattern): cert_list = [] if cert_chain: + cert_chain = cert_chain.decode('utf-8') matches = re.findall(pattern, cert_chain, re.DOTALL | re.MULTILINE) for cert in matches: cert_list.append(cert.strip()) @@ -304,9 +334,10 @@ def process_jks_files(count): logging.debug("No JKS files found in %s directory" % Path) except subprocess.CalledProcessError as err: print("CalledProcessError Execution of OpenSSL command failed: %s" % err) + writeCertInstallStatus("NOTOK") except Exception as e: logging.error("UnExpected Error while processing JKS files at {0}, Caused by: {1}".format(Path, e)) - + writeCertInstallStatus("NOTOK") def readCertProperties(): ''' @@ -316,7 +347,7 @@ def readCertProperties(): If not foud, it searches for jks certificates. ''' connected = makeHealthcheckCall(headers, timePassed) - + logging.info('Connected status: %s', connected) if connected: count = 0 if os.path.isfile(Path + "/certs.properties"): @@ -330,7 +361,24 @@ def readCertProperties(): del zipFileList[:] else: logging.debug("No certs.properties/zip files exist at: " + Path) + logging.info("Processing any available jks/p12 files under cert directory") process_jks_files(count) - + else: + logging.info('Connected status: %s', connected) + logging.info('Stopping SDNR due to inability to install certificates') + writeCertInstallStatus("NOTOK") + +def writeCertInstallStatus(installStatus): + if installStatus == "NOTOK": + with open(os.path.join(log_directory, 'INSTALLCERTSFAIL'), 'w') as fp: + pass + sys.exit(1) + elif installStatus == "OK": + with open(os.path.join(log_directory, 'INSTALLCERTSPASS'), 'w') as fp: + pass + sys.exit(0) readCertProperties() +logging.info('Cert installation ending') +writeCertInstallStatus("OK") +