# limitations under the License.
#
# COPYRIGHT NOTICE ENDS HERE
+
#
# this file contains shared variables and functions for the onap installer
#
+
# any script which needs this file can check this variable
# and it will know immediately if the functions and variables
# are loaded and usable
IS_COMMON_FUNCTIONS_SOURCED=YES
+
# setting of the path variables
if [ -z "$APROJECT_DIR" ] ; then
INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}"
APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..)
fi
+
RESOURCES_DIR="$APROJECT_DIR/resources"
BASH_SCRIPTS_DIR="$APROJECT_DIR/bash"
NEXUS_DATA="$RESOURCES_DIR/nexus_data"
GIT_REPOS="$RESOURCES_DIR/git-repo"
NGINX_HTTP_DIR="$RESOURCES_DIR/http"
RHEL_REPO="$RESOURCES_DIR/pkg/rhel"
+
PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
export PATH
+
# just self-defense against locale
LANG=C
export LANG
+
# dns handling
SIMUL_HOSTS="gcr.io \
git.rancher.io \
git.onap.org \
repo1.maven.org \
repo.maven.apache.org"
+
# default credentials to the repository
NEXUS_USERNAME=admin
NEXUS_PASSWORD=admin123
NEXUS_EMAIL=admin@onap.org
+
# this function is intended to unify the installer output
message() {
case "$1" in
return 0
}
export message
+
# if the environment variable DEBUG is set to DEBUG-ONAP ->
# -> this function will print its arguments
# otherwise nothing is done
[ "$DEBUG" = DEBUG-ONAP ] && message debug "$@"
}
export debug
+
fail() {
message error "$@"
exit 1
}
+
retry() {
local n=1
local max=5
fi
done
}
+
may_self_extract() {
# extract and untar to the current directory
sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ;
}
+
update_hosts() {
if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then
message info "simulated domains already in /etc/hosts"
echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts
message info "simulated domains added to /etc/hosts (please check it)"
fi
+
if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then
message info "nexus FQDN already in /etc/hosts"
else
echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts
message info "Nexus FQDN added to /etc/hosts (please check it)"
fi
+
if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then
message info "custom repo FQDN already in /etc/hosts"
else
message info "Nexus FQDN added to /etc/hosts (please check it)"
fi
}
+
get_cfg_val() {
name="$1"
shift
ask="$@"
+
value=$(eval "echo \$${name}")
if [ -z "$value" ]; then
while [ -z "$value" ] ; do
printf "${ask}"
read -r $name
+
value=$(eval "echo \$${name}")
done
echo "${name}='${value}'" >> ./local_repo.conf
fi
}
+
get_configuration() {
if [ -f ./local_repo.conf ]; then
. ./local_repo.conf
fi
+
if [ -z "${NEXUS_FQDN}" ]; then
NEXUS_FQDN="nexus.$HOSTNAME"
echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf
fi
+
if [ -z "${ONAP_SCALE}" ]; then
ONAP_SCALE=full
echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf
fi
+
# nexus should be configured using those default entries
# if it was not put the correct inputs instead
if [ -z "${NPM_USERNAME}" ]; then
NPM_USERNAME="${NEXUS_USERNAME}"
echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf
fi
+
if [ -z "${NPM_PASSWORD}" ]; then
NPM_PASSWORD="${NEXUS_PASSWORD}"
echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf
fi
+
if [ -z "${NPM_EMAIL}" ]; then
NPM_EMAIL="$NEXUS_EMAIL"
echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf
fi
+
export NEXUS_FQDN
export ONAP_SCALE
export NPM_USERNAME
export NPM_PASSWORD
export NPM_EMAIL
+
NODE_USERNAME="root"
+
if [ -z "$LOCAL_IP" ] ; then
echo
echo "======= Mandatory configuration ======="
"\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): "
fi
}
+
enable_local_repo() {
sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo
}
+
install_packages() {
os_id="$1"
+
message info "Installing packages"
+
case "$os_id" in
centos)
yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm"
;;
esac
}
+
install_files() {
message info "installation of external binaries"
for binary in kubectl helm rancher jq ; do
done
mkdir ~/.kube
}
+
setup_vnc_server() {
mkdir -p ~/.vnc ~/.icewm
echo "onap" | vncpasswd -f > ~/.vnc/passwd
chmod 0600 ~/.vnc/passwd
+
cat > ~/.vnc/xstartup <<EOF
#!/bin/sh
+
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec icewm-session
+
EOF
+
chmod +x ~/.vnc/xstartup
+
cat > ~/.icewm/menu <<EOF
prog Firefox firefox firefox
separator
+
EOF
vncserver
}
+
update_docker_cfg() {
if [ -f "/etc/docker/daemon.json" ]; then
jq '.dns += ["172.17.0.1"]' /etc/docker/daemon.json > /tmp/daemon.json
echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json
fi
}
+
create_root_CA() {
echo "** Generate certificates **"
openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096
+
echo "** Generate self signed ***"
openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \
-out $CERTS_TARGET_PATH/rootCAcert.pem
+
+
# convert to crt
openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt
}
+
install_root_CA() {
os=$1
echo "** Publishing root CA **"
echo "OS \"$os\" is not supported"
exit -2
fi
+
echo "** Restart docker (because of reload new CA) **"
systemctl restart docker
+
}
+
create_cert() {
server_name=$1
+
openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096
echo "** Generate sig request ***"
openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr
+
# v3.ext must be in separate file , because of bug in openssl 1.0
echo "** sign **"
openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\
-CAkey $CERTS_TARGET_PATH/rootCA.key\
-CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256
}
+
create_all_certs() {
create_cert "nexus"
}
+
update_firewall() {
-#TODO
+# TODO
+#firewall-cmd --permanent --add-port=53/udp
+#firewall-cmd --permanent --add-port=53/tcp
+#firewall-cmd --permanent --add-port=10001/tcp
+#firewall-cmd --permanent --add-port=80/tcp
+#firewall-cmd --permanent --add-port=443/tcp
return 0
}
+
distribute_root_CA() {
targetip=$1
scp $APROJECT_DIR/install_cacert.sh $targetip:.
echo "** Add DNS record to remote host **"
ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf"
}
+
+upload_ansible_pkgs() {
+ os=$1
+ targetip=$2
+ #if [[ $os == "ubuntu" ]]; then
+ # those deb & whl packages are needed for sdnc-ansible-server pod
+ # independently on host OS distros
+ echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **"
+ scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:.
+ #fi
+}
+
remote_setup_nfs_server() {
os=$1
targetip=$2
scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
ssh $targetip dpkg -i *.deb
fi
+
ssh $targetip /bin/bash ./setup_nfs_server.sh "$@"
}
+
remote_setup_nfs_mount() {
os=$1
targetip=$2
fi
ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip
}
+
enable_remote_repo() {
targetip=$1
sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo'
}
+
install_remote_docker() {
targetip=$1
os=$2
else
echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json
fi"
+
ssh $targetip 'systemctl enable docker; systemctl restart docker'
}
+
deploy_rancher() {
docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \
-v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \
-c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service"
echo "** wait until rancher is ready **"
}
+
deploy_kubernetes() {
os=$1
set +e
export RANCHER_URL=http://${LOCAL_IP}:8080
export RANCHER_ACCESS_KEY=$KEY_PUBLIC
export RANCHER_SECRET_KEY=$KEY_SECRET
+
rancher env ls
echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
sleep 60
+
rancher env create -t kubernetes onap > kube_env_id.json
PROJECT_ID=$(<kube_env_id.json)
echo "env id: $PROJECT_ID"
export RANCHER_HOST_URL=http://${LOCAL_IP}:8080/v1/projects/$PROJECT_ID
+
for i in `seq 5`; do
status=$(rancher env ls | grep $PROJECT_ID | awk '{print $4}')
if [[ "$status" == "active" ]]; then
echo "Wait for environment to become active"
sleep 30
done
+
REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$LOCAL_IP"}' "http://$LOCAL_IP:8080/v1/projects/$PROJECT_ID/registrationtokens"`
echo "wait for server to finish url configuration - 3 min"
sleep 180
REGISTRATION_TOKENS=`curl http://127.0.0.1:8080/v2-beta/registrationtokens`
REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image`
REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
+
# base64 encode the kubectl token from the auth pair
# generate this after the host is registered
KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
- name: "onap"
user:
token: "$KUBECTL_TOKEN"
+
EOF
+
if [[ $os == "rhel" ]]; then
echo "Upgrade datavolume for RHEL"
KUBELET_ID=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/ | jq -r '.data[] | select(.name=="kubelet")'.id`
OLD_LAUNCH_CONFIG=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID} | jq '.launchConfig'`
NEW_LAUNCH_CONFIG=`echo $OLD_LAUNCH_CONFIG | jq '.dataVolumes[2]="/sys/fs/cgroup:/sys/fs/cgroup:ro,rprivate"'`
+
DATA="{
\"inServiceStrategy\": {
\"batchSize\": 1,
}
}"
curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST -H 'Content-Type: application/json' -d "${DATA}" "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=upgrade" > /dev/null
+
echo "Give environment time to update (30 sec)"
sleep 30
+
curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null
fi
}
+
deploy_rancher_agent() {
nodeip=$1
if [ -z "$REGISTRATION_DOCKER" ]; then
echo "ASSERT: Missing REGISTRATION_TOKEN"
exit 1
fi
+
ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
echo "waiting 2 min for creating kubernetes environment"
sleep 120
}
+
deploy_node() {
nodeip=$1
os=$2
install_remote_docker $nodeip $os
deploy_rancher_agent $nodeip
}
+
deploy_onap() {
pushd $APROJECT_DIR/resources/oom/kubernetes
helm init --upgrade --skip-refresh
--set "global.cacert=$(cat ${CERTS_TARGET_PATH}/rootCAcert.crt)"
popd
}
+
expand_file() {
file=$1
# print warning if patched file does not exist as some charts
echo "WARNING: Can't patch file $file because this file does not exists."
return 0
fi
+
shift
+
for ivar in "$@" ; do
ivalue=$(eval 'echo "$'${ivar}'"')
sed -i "s#${ivar}#${ivalue}#g" "$file"
done
}
+
patch_npm_oom() {
if [ -z "$LOCAL_IP" ] ; then
echo "ERROR: LOCAL_IP unset"
echo "ERROR: NEXUS_FQDN unset"
return 1
fi
+
UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN"
UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\""
+
expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \
UPDATE_HOSTS_FILE \
UPDATE_NPM_REGISTRY
UPDATE_HOSTS_FILE \
UPDATE_NPM_REGISTRY
}
+
patch_spring_oom() {
if [ -z "$LOCAL_IP" ] ; then
echo "ERROR: LOCAL_IP unset"
return 1
fi
+
UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org"
expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \
UPDATE_HOSTS_FILE
}
+
patch_cfy_manager_depl() {
os="$1"
file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml"
+
case "$os" in
centos|rhel)
CERT_PATH="/etc/pki/ca-trust/source/anchors"
return 1
;;
esac
+
expand_file "$file" CERT_PATH
}
+
copy_onap_values_file() {
- cp "${APROJECT_DIR}/cfg/${ONAP_SCALE}_depl_values.yaml" \
+ cp "${APROJECT_DIR}/${CUSTOM_CFG_RELPATH:-cfg}/${ONAP_SCALE}_depl_values.yaml" \
"${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml"
-}
\ No newline at end of file
+}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ #pullPolicy: Always
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+# Repository for creation of nexus3.onap.org secret
+repository: nexus3.onap.org:10001
+
+
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: true
+aai:
+ enabled: true
+appc:
+ enabled: true
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: FILL-ME
+ openStackServiceTenantName: FILL-ME
+ openStackDomain: FILL-ME
+ openStackUserName: FILL-ME
+ openStackEncryptedPassword: FILL-ME
+clamp:
+ enabled: true
+cli:
+ enabled: true
+consul:
+ enabled: true
+dcaegen2:
+ enabled: true
+dmaap:
+ enabled: true
+esr:
+ enabled: true
+log:
+ enabled: true
+sniro-emulator:
+ enabled: true
+oof:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: true
+nbi:
+ enabled: true
+ config:
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+policy:
+ enabled: true
+portal:
+ enabled: true
+robot:
+ enabled: true
+sdc:
+ enabled: true
+sdnc:
+ enabled: true
+
+ replicaCount: 1
+
+ config:
+ enableClustering: false
+
+ mysql:
+ disableNfsProvisioner: true
+ replicaCount: 1
+so:
+ enabled: true
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+
+ # configure embedded mariadb
+ mariadb:
+ config:
+ mariadbRootPassword: password
+uui:
+ enabled: true
+vfc:
+ enabled: true
+vid:
+ enabled: true
+vnfsdk:
+ enabled: true
+
Code Review / oom / offline-installer.git / commitdiff