From 91bc226dc7c0096fbaa4aa1bf22598a1a55f6a4c Mon Sep 17 00:00:00 2001 From: Milan Verespej Date: Mon, 21 Jan 2019 15:45:42 +0100 Subject: [PATCH] Remove bash version of installer Since bash version of offline installer is not supported in Casablanca release this change removes it and provides small refactor of offline resource building scripts. Change-Id: I953733edc31e994da123b7f0b1c502e156676669 Issue-ID: OOM-1597 Signed-off-by: Milan Verespej --- bash/deploy_onap.sh | 55 -- bash/tools/000cleanup.sh | 41 -- bash/tools/certificates/2create_cert_for_nginx.sh | 47 -- bash/tools/certificates/self_extract_cacert.sh | 55 -- bash/tools/common-functions.sh | 658 --------------------- bash/tools/create_si_cacert_pkg.sh | 29 - bash/tools/create_si_onap_pkg.sh | 88 --- bash/tools/creating_data/docker-login.sh | 38 -- bash/tools/creating_data/load-docker-images.sh | 75 --- bash/tools/creating_data/upload-maven-files.sh | 43 -- bash/tools/creating_data/upload-npm-pkgs.sh | 48 -- bash/tools/deploy_kube.sh | 95 --- bash/tools/deploy_nexus.sh | 194 ------ bash/tools/gather_data_lists.sh | 34 -- bash/tools/load_stored_offline_data.sh | 87 --- bash/tools/setup_nfs_mount.sh | 44 -- bash/tools/setup_nfs_server_rhel.sh | 51 -- bash/tools/setup_nfs_server_ubuntu.sh | 51 -- build/common-functions.sh | 92 +++ .../create_nginx_image/01create-image.sh | 0 .../creating_data/create_nginx_image/Dockerfile | 5 - .../creating_data/create_nginx_image/gitconfig | 0 .../creating_data/download-bin-tools.sh | 5 +- .../creating_data/download-docker-images.sh | 0 .../creating_data/download-files.sh | 0 .../creating_data/download-git-repos.sh | 0 .../creating_data/download-http-files.sh | 0 .../creating_data/download-npm-pkgs.sh | 0 .../tools => build}/creating_data/download-oom.sh | 0 .../tools => build}/creating_data/download-pip.sh | 0 .../tools => build}/creating_data/download-pkg.sh | 0 .../creating_data/make-docker-images-list.sh | 0 .../creating_data/make-git-http-list.sh | 0 .../tools => build}/creating_data/make-npm-list.sh | 0 .../creating_data/remote-list-gathering.sh | 1 - .../creating_data/save-docker-images.sh | 0 .../data_list/docker_image_list.txt | 0 .../data_list/docker_manual_image_list.txt | 0 {bash/tools => build}/data_list/git_manual_list | 0 {bash/tools => build}/data_list/git_repos_list | 0 .../tools => build}/data_list/http_manual_list.txt | 0 {bash/tools => build}/data_list/npm_list.txt | 0 {bash/tools => build}/data_list/pip_list.txt | 0 {bash/tools => build}/data_list/pkg_list.txt | 0 {bash/tools => build}/delete-local-images.sh | 0 .../download_offline_data_by_lists.sh | 4 +- cfg/cacert.cnf | 113 ---- cfg/full_depl_values.yaml | 158 ----- cfg/nexus_cert.cnf | 33 -- cfg/nginx.conf | 110 ---- cfg/v3.ext | 24 - 51 files changed, 95 insertions(+), 2183 deletions(-) delete mode 100755 bash/deploy_onap.sh delete mode 100755 bash/tools/000cleanup.sh delete mode 100755 bash/tools/certificates/2create_cert_for_nginx.sh delete mode 100755 bash/tools/certificates/self_extract_cacert.sh delete mode 100755 bash/tools/common-functions.sh delete mode 100755 bash/tools/create_si_cacert_pkg.sh delete mode 100755 bash/tools/create_si_onap_pkg.sh delete mode 100755 bash/tools/creating_data/docker-login.sh delete mode 100755 bash/tools/creating_data/load-docker-images.sh delete mode 100755 bash/tools/creating_data/upload-maven-files.sh delete mode 100755 bash/tools/creating_data/upload-npm-pkgs.sh delete mode 100755 bash/tools/deploy_kube.sh delete mode 100755 bash/tools/deploy_nexus.sh delete mode 100755 bash/tools/gather_data_lists.sh delete mode 100755 bash/tools/load_stored_offline_data.sh delete mode 100755 bash/tools/setup_nfs_mount.sh delete mode 100755 bash/tools/setup_nfs_server_rhel.sh delete mode 100755 bash/tools/setup_nfs_server_ubuntu.sh create mode 100755 build/common-functions.sh rename {bash/tools => build}/creating_data/create_nginx_image/01create-image.sh (100%) rename {bash/tools => build}/creating_data/create_nginx_image/Dockerfile (84%) rename {bash/tools => build}/creating_data/create_nginx_image/gitconfig (100%) rename {bash/tools => build}/creating_data/download-bin-tools.sh (91%) rename {bash/tools => build}/creating_data/download-docker-images.sh (100%) rename {bash/tools => build}/creating_data/download-files.sh (100%) rename {bash/tools => build}/creating_data/download-git-repos.sh (100%) rename {bash/tools => build}/creating_data/download-http-files.sh (100%) rename {bash/tools => build}/creating_data/download-npm-pkgs.sh (100%) rename {bash/tools => build}/creating_data/download-oom.sh (100%) rename {bash/tools => build}/creating_data/download-pip.sh (100%) rename {bash/tools => build}/creating_data/download-pkg.sh (100%) rename {bash/tools => build}/creating_data/make-docker-images-list.sh (100%) rename {bash/tools => build}/creating_data/make-git-http-list.sh (100%) rename {bash/tools => build}/creating_data/make-npm-list.sh (100%) rename {bash/tools => build}/creating_data/remote-list-gathering.sh (94%) rename {bash/tools => build}/creating_data/save-docker-images.sh (100%) rename {bash/tools => build}/data_list/docker_image_list.txt (100%) rename {bash/tools => build}/data_list/docker_manual_image_list.txt (100%) rename {bash/tools => build}/data_list/git_manual_list (100%) rename {bash/tools => build}/data_list/git_repos_list (100%) rename {bash/tools => build}/data_list/http_manual_list.txt (100%) rename {bash/tools => build}/data_list/npm_list.txt (100%) rename {bash/tools => build}/data_list/pip_list.txt (100%) rename {bash/tools => build}/data_list/pkg_list.txt (100%) rename {bash/tools => build}/delete-local-images.sh (100%) rename {bash/tools => build}/download_offline_data_by_lists.sh (95%) delete mode 100644 cfg/cacert.cnf delete mode 100644 cfg/full_depl_values.yaml delete mode 100644 cfg/nexus_cert.cnf delete mode 100644 cfg/nginx.conf delete mode 100644 cfg/v3.ext diff --git a/bash/deploy_onap.sh b/bash/deploy_onap.sh deleted file mode 100755 index d8ae4f3e..00000000 --- a/bash/deploy_onap.sh +++ /dev/null @@ -1,55 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# fail fast -set -e - -# OS check -. /etc/os-release -OS_ID="${ID}" - -case "$OS_ID" in - centos) - ;; - rhel) - ;; - ubuntu) - ;; - *) - echo This OS is not supported: $OS_ID - exit 1 - ;; -esac - -# boilerplate -RELATIVE_PATH=./tools # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -get_configuration -copy_onap_values_file -patch_npm_oom -patch_spring_oom -patch_cfy_manager_depl $OS_ID -deploy_onap diff --git a/bash/tools/000cleanup.sh b/bash/tools/000cleanup.sh deleted file mode 100755 index 3349c501..00000000 --- a/bash/tools/000cleanup.sh +++ /dev/null @@ -1,41 +0,0 @@ -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - -oldifs=$IFS -IFS=$'\n' - -echo "Deleting containers" -for x in $(docker ps -a); do - cid=$(echo "$x" | awk '{print $1}') - docker rm -f $cid -done - -echo "Deleting volumes" -for x in $(docker volume ls | grep -v 'nexus-data'); do - name=$(echo "$x" | awk '{print $2}') -# echo "A: $name" - docker volume rm $name -done - -echo "Unmounting kubelet pods" -for x in $(mount | grep 'kubelet/pods\|rancher\|docker' | cut -d ' ' -f 3) ; do umount "$x" ; done - -rm -rfd /var/lib/kubelet/* -rm -rfd /var/lib/rancher/* -rm -rfd /var/lib/docker/* - diff --git a/bash/tools/certificates/2create_cert_for_nginx.sh b/bash/tools/certificates/2create_cert_for_nginx.sh deleted file mode 100755 index a9adb520..00000000 --- a/bash/tools/certificates/2create_cert_for_nginx.sh +++ /dev/null @@ -1,47 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# fail fast -set -e - -# boilerplate -RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -message info "Reading configuration" -get_configuration - -update_hosts - -message info "Restarting dnsmasq" -systemctl enable dnsmasq -systemctl restart dnsmasq - -message info "Configure ssl certificates" -create_cert "nexus" - -message info "** Certificates finished **" - -docker restart nginx diff --git a/bash/tools/certificates/self_extract_cacert.sh b/bash/tools/certificates/self_extract_cacert.sh deleted file mode 100755 index 1e7a5abc..00000000 --- a/bash/tools/certificates/self_extract_cacert.sh +++ /dev/null @@ -1,55 +0,0 @@ -#! /bin/sh - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - - -extract_ca() { - cpath=$1 - sed '0,/^#EOF#$/d' $0 > $cpath; - echo "Certificate installed into: $cpath" -} - -OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release) -OS_ID="${OS_ID%\"}" -OS_ID="${OS_ID#\"}" - -if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then - # for centos/ rhel - echo "Detected rhel like distribution" - - update-ca-trust force-enable - extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt - update-ca-trust extract - -elif [ "$OS_ID" = "ubuntu" ]; then - echo "Detected ubuntu distribution" - - mkdir -p /usr/local/share/ca-certificates/extra - extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt - update-ca-certificates -else - echo "OS $OS_ID is not supported" - exit -2 -fi - -echo "** Please restart docker (because of reload new CA) **" - -exit 0 -#EOF# diff --git a/bash/tools/common-functions.sh b/bash/tools/common-functions.sh deleted file mode 100755 index 6ffb42a7..00000000 --- a/bash/tools/common-functions.sh +++ /dev/null @@ -1,658 +0,0 @@ -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - -# -# this file contains shared variables and functions for the onap installer -# - -# any script which needs this file can check this variable -# and it will know immediately if the functions and variables -# are loaded and usable -IS_COMMON_FUNCTIONS_SOURCED=YES - -# setting of the path variables -if [ -z "$APROJECT_DIR" ] ; then - INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}" - APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..) -fi - -RESOURCES_DIR="$APROJECT_DIR/resources" -BASH_SCRIPTS_DIR="$APROJECT_DIR/bash" -NEXUS_DATA="$RESOURCES_DIR/nexus_data" -CERTS_TARGET_PATH="$APROJECT_DIR/live/certs" -NGINX_LOG_DIR="$APROJECT_DIR/live/nginx_logs" -GEN_CFG_PATH="$APROJECT_DIR/live/cfg" -GIT_REPOS="$RESOURCES_DIR/git-repo" -NGINX_HTTP_DIR="$RESOURCES_DIR/http" -RHEL_REPO="$RESOURCES_DIR/pkg/rhel" - -PATH="${PATH}:/usr/local/bin:/usr/local/sbin" -export PATH - -# just self-defense against locale -LANG=C -export LANG - -# dns handling -SIMUL_HOSTS="gcr.io \ -git.rancher.io \ -gerrit.onap.org \ -registry-1.docker.io \ -docker.io \ -registry.npmjs.org \ -nexus3.onap.org \ -nexus.onap.org \ -docker.elastic.co \ -www.getcloudify.org \ -www.springframework.org \ -registry.hub.docker.com \ -git.onap.org \ -repo1.maven.org \ -repo.maven.apache.org" - -# default credentials to the repository -NEXUS_USERNAME=admin -NEXUS_PASSWORD=admin123 -NEXUS_EMAIL=admin@onap.org - -# this function is intended to unify the installer output -message() { - case "$1" in - info) - echo 'INFO:' "$@" - ;; - debug) - echo 'DEBUG:' "$@" >&2 - ;; - warning) - echo 'WARNING [!]:' "$@" >&2 - ;; - error) - echo 'ERROR [!!]:' "$@" >&2 - return 1 - ;; - *) - echo 'UNKNOWN [?!]:' "$@" >&2 - return 2 - ;; - esac - return 0 -} -export message - -# if the environment variable DEBUG is set to DEBUG-ONAP -> -# -> this function will print its arguments -# otherwise nothing is done -debug() { - [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@" -} -export debug - -fail() { - message error "$@" - exit 1 -} - -retry() { - local n=1 - local max=5 - while ! "$@"; do - if [ $n -lt $max ]; then - n=$((n + 1)) - message warning "Command ${@} failed. Attempt: $n/$max" - message info "waiting 10s for another try..." - sleep 10s - else - fail "Command ${@} failed after $n attempts. Better to abort now." - fi - done -} - -may_self_extract() { - # extract and untar to the current directory - sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ; -} - -update_hosts() { - if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then - message info "simulated domains already in /etc/hosts" - else - echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts - message info "simulated domains added to /etc/hosts (please check it)" - fi - - if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then - message info "nexus FQDN already in /etc/hosts" - else - echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts - message info "Nexus FQDN added to /etc/hosts (please check it)" - fi - - if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then - message info "custom repo FQDN already in /etc/hosts" - else - echo "$LOCAL_IP repo.install-server" >> /etc/hosts - message info "Nexus FQDN added to /etc/hosts (please check it)" - fi -} - -get_cfg_val() { - name="$1" - shift - ask="$@" - - value=$(eval "echo \$${name}") - if [ -z "$value" ]; then - while [ -z "$value" ] ; do - printf "${ask}" - read -r $name - - value=$(eval "echo \$${name}") - done - echo "${name}='${value}'" >> ./local_repo.conf - fi -} - -get_configuration() { - if [ -f ./local_repo.conf ]; then - . ./local_repo.conf - fi - - if [ -z "${NEXUS_FQDN}" ]; then - NEXUS_FQDN="nexus.$HOSTNAME" - echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf - fi - - if [ -z "${ONAP_SCALE}" ]; then - ONAP_SCALE=full - echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf - fi - - # nexus should be configured using those default entries - # if it was not put the correct inputs instead - if [ -z "${NPM_USERNAME}" ]; then - NPM_USERNAME="${NEXUS_USERNAME}" - echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf - fi - - if [ -z "${NPM_PASSWORD}" ]; then - NPM_PASSWORD="${NEXUS_PASSWORD}" - echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf - fi - - if [ -z "${NPM_EMAIL}" ]; then - NPM_EMAIL="$NEXUS_EMAIL" - echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf - fi - - export NEXUS_FQDN - export ONAP_SCALE - export NPM_USERNAME - export NPM_PASSWORD - export NPM_EMAIL - - NODE_USERNAME="root" - - if [ -z "$LOCAL_IP" ] ; then - echo - echo "======= Mandatory configuration =======" - echo - message info "fill in these mandatory configuration values" - get_cfg_val "LOCAL_IP" "Enter the public IPv4 used for this '$HOSTNAME' install machine," \ - "\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): " - fi -} - -enable_local_repo() { - sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo -} - -install_packages() { - os_id="$1" - - message info "Installing packages" - - case "$os_id" in - centos) - yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm" - ;; - rhel) - enable_local_repo - yum -y install docker-ce dnsmasq icewm firefox tigervnc-server - systemctl enable docker - systemctl start docker - ;; - ubuntu) - dpkg -i "$APROJECT_DIR/resources/pkg/ubuntu/*.deb" - ;; - *) - message error "OS release is not supported: $os_id" - message info "ABORTING INSTALLATION" - exit 1 - ;; - esac -} - -install_files() { - message info "installation of external binaries" - for binary in kubectl helm rancher jq ; do - cp "$APROJECT_DIR/resources/downloads/${binary}" /usr/local/bin/ - chmod 755 "/usr/local/bin/${binary}" - done - mkdir -p ~/.kube -} - -setup_vnc_server() { - mkdir -p ~/.vnc ~/.icewm - echo "onap" | vncpasswd -f > ~/.vnc/passwd - chmod 0600 ~/.vnc/passwd - - cat > ~/.vnc/xstartup < ~/.icewm/menu < /tmp/daemon.json - mv /tmp/daemon.json /etc/docker/daemon.json - else - echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json - fi -} - -create_root_CA() { - echo "** Generate certificates **" - openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096 - - echo "** Generate self signed ***" - openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \ - -out $CERTS_TARGET_PATH/rootCAcert.pem - - - # convert to crt - openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt -} - -install_root_CA() { - os=$1 - echo "** Publishing root CA **" - if [ "$os" == "redhat" ]; then - # for centos - update-ca-trust force-enable - cp $CERTS_TARGET_PATH/rootCAcert.crt /etc/pki/ca-trust/source/anchors/ - update-ca-trust extract - elif [ "$os" == "ubuntu" ]; then - mkdir -p /usr/local/share/ca-certificates/extra - cp $CERTS_TARGET_PATH/rootCAcert.crt /usr/local/share/ca-certificates/extra - update-ca-certificates - else - echo "OS \"$os\" is not supported" - exit -2 - fi - - echo "** Restart docker (because of reload new CA) **" - systemctl restart docker - -} - -create_cert() { - server_name=$1 - - openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096 - echo "** Generate sig request ***" - openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr - - # v3.ext must be in separate file , because of bug in openssl 1.0 - echo "** sign **" - openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\ - -extfile $GEN_CFG_PATH/v3.ext\ - -CA $CERTS_TARGET_PATH/rootCAcert.crt\ - -CAkey $CERTS_TARGET_PATH/rootCA.key\ - -CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256 -} - -create_all_certs() { - create_cert "nexus" -} - -update_firewall() { -# TODO -#firewall-cmd --permanent --add-port=53/udp -#firewall-cmd --permanent --add-port=53/tcp -#firewall-cmd --permanent --add-port=10001/tcp -#firewall-cmd --permanent --add-port=80/tcp -#firewall-cmd --permanent --add-port=443/tcp -return 0 -} - -distribute_root_CA() { - targetip=$1 - scp $APROJECT_DIR/install_cacert.sh $targetip:. - ssh $targetip ./install_cacert.sh - echo "** Add DNS record to remote host **" - ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf" -} - -upload_ansible_pkgs() { - os=$1 - targetip=$2 - #if [[ $os == "ubuntu" ]]; then - # those deb & whl packages are needed for sdnc-ansible-server pod - # independently on host OS distros - echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **" - scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:. - #fi -} - -remote_setup_nfs_server() { - os=$1 - targetip=$2 - shift 2 - scp $APROJECT_DIR/bash/tools/setup_nfs_server_${os}.sh $targetip:setup_nfs_server.sh - if [[ $os == "ubuntu" ]]; then - scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:. - ssh $targetip dpkg -i *.deb - fi - - ssh $targetip /bin/bash ./setup_nfs_server.sh "$@" -} - -remote_setup_nfs_mount() { - os=$1 - targetip=$2 - nfsip=$3 - scp $APROJECT_DIR/bash/tools/setup_nfs_mount.sh $targetip:. - if [[ $os == "ubuntu" ]]; then - scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:. - ssh $targetip dpkg -i *.deb - fi - ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip -} - -enable_remote_repo() { - targetip=$1 - sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo' -} - -install_remote_docker() { - targetip=$1 - os=$2 - if [[ $os == "ubuntu" ]]; then - scp -r $APROJECT_DIR/resources/pkg/ubuntu/{docker-ce_17.03.2~ce-0~ubuntu-xenial_amd64.deb,libltdl7_2.4.6-0.1_amd64.deb} $targetip:. - ssh $targetip dpkg -i *.deb - elif [[ $os == "rhel" ]]; then - ssh $targetip yum -y install docker-ce - fi - ssh $targetip "mkdir -p /etc/docker" - scp "$APROJECT_DIR/resources/downloads/jq" $targetip:/usr/local/bin/ - ssh $targetip "if [[ -f /etc/docker/daemon.json ]]; then - jq '.dns += [\"$LOCAL_IP\"]' /etc/docker/daemon.json > /tmp/daemon.json - mv /tmp/daemon.json /etc/docker/daemon.json - else - echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json - fi" - - ssh $targetip 'systemctl enable docker; systemctl restart docker' -} - -deploy_rancher() { - docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \ - -v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \ - --name rancher_server rancher/server:v1.6.14 \ - -c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service" - echo "** wait until rancher is ready **" -} - -deploy_kubernetes() { - os=$1 - set +e - for i in `seq 5 -1 1`; do - API_RESPONSE=`curl -s 'http://127.0.0.1:8080/v2-beta/apikey' \ - -d '{"type":"apikey","accountId":"1a1","name":"autoinstall"\ - ,"description":"autoinstall","created":null,"kind":null,\ - "removeTime":null,"removed":null,"uuid":null}'` - if [[ "$?" -eq 0 ]]; then - KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue` - KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue` - break - fi - echo "Waiting for rancher server to start" - sleep 60 - done - set -e - export RANCHER_URL=http://${LOCAL_IP}:8080 - export RANCHER_ACCESS_KEY=$KEY_PUBLIC - export RANCHER_SECRET_KEY=$KEY_SECRET - - rancher env ls - echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one" - sleep 60 - - rancher env create -t kubernetes onap > kube_env_id.json - PROJECT_ID=$( ~/.kube/config < /dev/null - - echo "Give environment time to update (30 sec)" - sleep 30 - - curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null - fi -} - -deploy_rancher_agent() { - nodeip=$1 - if [ -z "$REGISTRATION_DOCKER" ]; then - echo "ASSERT: Missing REGISTRATION_DOCKER" - exit 1 - fi - if [ -z "$RANCHER_URL" ]; then - echo "ASSERT: Missing RANCHER_URL" - exit 1 - fi - if [ -z "$REGISTRATION_TOKEN" ]; then - echo "ASSERT: Missing REGISTRATION_TOKEN" - exit 1 - fi - - ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN" - echo "waiting 2 min for creating kubernetes environment" - sleep 120 -} - -deploy_node() { - nodeip=$1 - os=$2 - echo "Deploying node $nodeip" - distribute_root_CA $nodeip - install_remote_docker $nodeip $os - deploy_rancher_agent $nodeip -} - -deploy_onap() { - pushd $APROJECT_DIR/resources/oom/kubernetes - helm init --upgrade --skip-refresh - # this might fail - set +e - helm repo remove stable - set -e - helm serve & - echo "wait a moment before helm will come up ..." - sleep 5 - helm repo add local http://127.0.0.1:8879 - make all - #Pass the CA certificate contents directly during installation. - helm install local/onap -n dev --namespace onap \ - --set "global.cacert=$(cat ${CERTS_TARGET_PATH}/rootCAcert.crt)" - popd -} - -expand_file() { - file=$1 - # print warning if patched file does not exist as some charts - # might not be available for some deployments - if [ ! -f "$file" ]; then - echo "WARNING: Can't patch file $file because this file does not exists." - return 0 - fi - - shift - - for ivar in "$@" ; do - ivalue=$(eval 'echo "$'${ivar}'"') - sed -i "s#${ivar}#${ivalue}#g" "$file" - done -} - -patch_npm_oom() { - if [ -z "$LOCAL_IP" ] ; then - echo "ERROR: LOCAL_IP unset" - return 1 - fi - if [ -z "$NEXUS_FQDN" ] ; then - echo "ERROR: NEXUS_FQDN unset" - return 1 - fi - - UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN" - UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\"" - - expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \ - UPDATE_HOSTS_FILE \ - UPDATE_NPM_REGISTRY - expand_file $APROJECT_DIR/resources/oom/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml \ - UPDATE_HOSTS_FILE \ - UPDATE_NPM_REGISTRY -} - -patch_spring_oom() { - if [ -z "$LOCAL_IP" ] ; then - echo "ERROR: LOCAL_IP unset" - return 1 - fi - - UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org" - expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \ - UPDATE_HOSTS_FILE -} - -patch_cfy_manager_depl() { - os="$1" - file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml" - - case "$os" in - centos|rhel) - CERT_PATH="/etc/pki/ca-trust/source/anchors" - ;; - ubuntu) - CERT_PATH="/usr/local/share/ca-certificates/extra" - ;; - '') - echo "ERROR: missing argument" - return 1 - ;; - *) - echo "ERROR: unknown OS: ${os}" - return 1 - ;; - esac - - expand_file "$file" CERT_PATH -} - -copy_onap_values_file() { - cp "${APROJECT_DIR}/${CUSTOM_CFG_RELPATH:-cfg}/${ONAP_SCALE}_depl_values.yaml" \ - "${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml" -} diff --git a/bash/tools/create_si_cacert_pkg.sh b/bash/tools/create_si_cacert_pkg.sh deleted file mode 100755 index 197f0c0f..00000000 --- a/bash/tools/create_si_cacert_pkg.sh +++ /dev/null @@ -1,29 +0,0 @@ -#! /bin/bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -self="$0" -tools_dir=$(dirname "$self") - -TARGET_FILE="./install_cacert.sh" - -cat "$tools_dir/certificates/self_extract_cacert.sh" "$tools_dir/../../live/certs/rootCAcert.crt" > $TARGET_FILE -chmod a+x $TARGET_FILE -echo "Created self installation file: $TARGET_FILE" diff --git a/bash/tools/create_si_onap_pkg.sh b/bash/tools/create_si_onap_pkg.sh deleted file mode 100755 index 759a1ebc..00000000 --- a/bash/tools/create_si_onap_pkg.sh +++ /dev/null @@ -1,88 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# fail fast -set -e - -# boilerplate -RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -if [ -z "$1" ]; then - VERSION="RC3" - message info "no argument supplied, keeping default naming: $VERSION" -else - VERSION="$1" -fi - -# name of the self-extract-installer -TARGET_FILE="$APROJECT_DIR/selfinstall_onap_beijing_"$VERSION".sh" - -# inserting the head of the script -cat > "$TARGET_FILE" <> "$TARGET_FILE" -cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_nexus.sh >> "$TARGET_FILE" -cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_kube.sh >> "$TARGET_FILE" - -# finishing touches to the script -cat >> "$TARGET_FILE" <> "$TARGET_FILE" -cd - - -chmod 755 "$TARGET_FILE" -message info "Created Nexus self installation file: $TARGET_FILE" - -exit 0 diff --git a/bash/tools/creating_data/docker-login.sh b/bash/tools/creating_data/docker-login.sh deleted file mode 100755 index d57e23bd..00000000 --- a/bash/tools/creating_data/docker-login.sh +++ /dev/null @@ -1,38 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# boilerplate -RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -echo "Reading configuration" -get_configuration - -docker login -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" -docker login -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" docker.elastic.co -docker login -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" gcr.io -docker login -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" nexus3.onap.org:10001 -docker login -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" registry.hub.docker.com -docker login -u "${NEXUS_USERNAME}" -p "${NEXUS_PASSWORD}" "$NEXUS_FQDN" diff --git a/bash/tools/creating_data/load-docker-images.sh b/bash/tools/creating_data/load-docker-images.sh deleted file mode 100755 index 685bed42..00000000 --- a/bash/tools/creating_data/load-docker-images.sh +++ /dev/null @@ -1,75 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# boilerplate -RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -CLEAN=false - -if [ -z "$NEXUS_HOST" ]; then - echo "Independent run for inserting of additional docker images" - CLEAN=true - mv ~/.docker/config.json ~/.docker/config.json_backup 2>/dev/null - source "$LOCAL_PATH/docker-login.sh" -fi - -IMG_DIR="$1" -if [[ -z "$IMG_DIR" ]]; then - IMG_DIR="$(pwd)/images" -fi - -if [[ ! -d "${IMG_DIR}" ]]; then - echo "No ${IMG_DIR} to load images" - exit 0 -fi - -load_image() { - local image="$1" - echo "[DEBUG] load ${image}" - result=$(docker load -i "${image}") - echo $result - name=$(echo $result | awk '{print $3}') - echo "[DEBUG] pushing $name" - retry docker push "$name" - # delete pushed image from docker - retry docker rmi "$name" -} - -IMAGES=$(find ${IMG_DIR} -name "*.tar" -type f) -lines=$(echo ${IMAGES} | wc -l) -line=1 -for image in ${IMAGES}; do - echo "== pkg #$line of $lines ==" - load_image "$image" - - line=$((line+1)) -done - -if [ "$CLEAN" = true ]; then - # onap is using different credentials for docker login which can be conflicted - # with ours so better to clean this-up - rm ~/.docker/config.json -fi diff --git a/bash/tools/creating_data/upload-maven-files.sh b/bash/tools/creating_data/upload-maven-files.sh deleted file mode 100755 index 07d6e7ab..00000000 --- a/bash/tools/creating_data/upload-maven-files.sh +++ /dev/null @@ -1,43 +0,0 @@ -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - -DATA_DIR="$1" -if [[ -z "$DATA_DIR" ]]; then - # needs for example: /root/onap-offline-installer/http - echo "Mising arg DATA_DIR" - echo "Usage: $0 [...]" - exit 1 -fi - -shift -cd "$DATA_DIR" - -for server in $*; do - echo "Uploading to server: $server" - - lines=$(find $server/ -type f | wc -l) - count=1 - while read -r url; do - echo "== pkg #$count of $lines ==" - count=$((count + 1)) - path="$url" - echo "Uploading file: $url" - curl -u admin:admin123 --upload-file $path http://$url - - done <<< "$(find $server/ -type f)" -done diff --git a/bash/tools/creating_data/upload-npm-pkgs.sh b/bash/tools/creating_data/upload-npm-pkgs.sh deleted file mode 100755 index 9a7ed559..00000000 --- a/bash/tools/creating_data/upload-npm-pkgs.sh +++ /dev/null @@ -1,48 +0,0 @@ -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - -LIST_FILE="$1" -if [[ -z "$LIST_FILE" ]]; then - echo "Mising arg LIST_FILE" - exit 1 -fi - -DATA_DIR="$2" -if [[ -z "$DATA_DIR" ]]; then - echo "Mising arg DATA_DIR" - exit 1 -fi - -NEXUS_HOST="$3" -if [[ -z "$NEXUS_HOST" ]]; then - echo "Mising arg NEXUS_HOST" - exit 1 -fi - -npm config set registry $NEXUS_HOST/repository/npm-private/ -# npm adduser moved to top - -cd "$DATA_DIR" -lines=$(ls *.tgz | wc -l) -cnt=1 -for line in *.tgz; do - echo "== pkg #$cnt of $lines ==" - # yallist@2.1.2 - npm publish --access public "${line}" - cnt=$((cnt+1)) -done diff --git a/bash/tools/deploy_kube.sh b/bash/tools/deploy_kube.sh deleted file mode 100755 index f2a77be1..00000000 --- a/bash/tools/deploy_kube.sh +++ /dev/null @@ -1,95 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# fail fast -set -e - -# OS check -. /etc/os-release -OS_ID="${ID}" - -case "$OS_ID" in - centos) - ;; - rhel) - ;; - ubuntu) - ;; - *) - echo This OS is not supported: $OS_ID - exit 1 - ;; -esac - -# boilerplate -RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -message info "Reading configuration" -get_configuration -if [ -z "$NODES_IPS" ] ; then - get_cfg_val "NODES_IPS" "Enter the public IPv4 addresses of kubernetes nodes separated by space," \ - "\n(for example: 10.0.0.2 10.0.0.3 ...): " -fi - -echo "Wait for nexus startup (1min)" -sleep 60 - - -# on install server -deploy_rancher -deploy_kubernetes "$OS_ID" - -echo "Setting up ONAP Local Repo on Kubernetes nodes" -for node in ${NODES_IPS} ; do - enable_remote_repo $node -done - -# setup NFS on nodes -assort_nodes_ips() { - nfs_server="$1" - shift - nfs_clients="$*" -} -assort_nodes_ips ${NODES_IPS} -if [ -n "${nfs_clients}" ]; then - echo "Setting up NFS" - remote_setup_nfs_server $OS_ID ${nfs_server} ${nfs_clients} - for node in ${nfs_clients} ; do - remote_setup_nfs_mount $OS_ID $node ${nfs_server} - done -else - echo "Only one node set. Skipping nfs configuration" -fi - -echo "Copy ansible packages for onap ansible-server" -for node in ${NODES_IPS} ; do - upload_ansible_pkgs $OS_ID $node -done - -# to nodes -for node in ${NODES_IPS} ; do - deploy_node $node $OS_ID -done diff --git a/bash/tools/deploy_nexus.sh b/bash/tools/deploy_nexus.sh deleted file mode 100755 index 1532c614..00000000 --- a/bash/tools/deploy_nexus.sh +++ /dev/null @@ -1,194 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# fail fast -set -e - -# OS check -. /etc/os-release -OS_ID="${ID}" - -case "$OS_ID" in - centos) - ;; - rhel) - ;; - ubuntu) - ;; - *) - echo This OS is not supported: $OS_ID - exit 1 - ;; -esac - -# boilerplate -RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -# -# local functions -# - -start_nexus() { - echo "** Starting nexus **" - if [[ -z "$NEXUS_DATA" ]]; then - echo "Nexus data env is not set" - exit -3 - fi - - # valid for case of fresh nexus deployment - # data are inserted in later phases - mkdir -p $NEXUS_DATA - # hardening - chmod a+wrX $NEXUS_DATA - chown -R 200:200 $NEXUS_DATA - - docker rm -f nexus 1> /dev/null 2>&1 || true - - docker run -d --name nexus\ - --restart unless-stopped \ - -v $NEXUS_DATA:/nexus-data:rw \ - sonatype/nexus3 - - echo "** Creating docker network **" - docker network create nexus_network - docker network connect nexus_network nexus -} - -start_nginx() { - echo "** Starting reverse proxy - nginx **" - - docker rm -f nginx 1> /dev/null 2>&1 || true - mkdir -p $NGINX_HTTP_DIR/repo.install-server - - mkdir -p "$NGINX_HTTP_DIR/repo.install-server" - - docker run -d -p 80:80 -p 443:443 -p 10001:443 \ - --name nginx \ - --network nexus_network \ - -v $GEN_CFG_PATH/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v $CERTS_TARGET_PATH:/etc/nginx/certs:ro \ - -v $GIT_REPOS:/srv/git:rw \ - -v $NGINX_LOG_DIR:/var/log/nginx:rw \ - -v $NGINX_HTTP_DIR:/srv/http:ro \ - -v $RHEL_REPO:/srv/http/repo.install-server:ro \ - --restart unless-stopped \ - own_nginx -} - -patch_cert() { - file=$1 - cp "$APROJECT_DIR/cfg/$file" "$GEN_CFG_PATH/$file" -# sed "s#countryName =.*#countryName = $CERT_COUNTRY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file -# sed "s#localityName =.*#localityName = $CERT_LOCALITY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file -# sed "s#organizationName =.*#organizationName = $CERT_ORGANIZATION#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file -} - -patch_conf_files() { - # patch nexus and root cert - patch_cert nexus_cert.cnf - patch_cert cacert.cnf - - # patch nexus v3 ext cert - sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/v3.ext" > $GEN_CFG_PATH/v3.ext - - #patch nginx.conf - sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/nginx.conf" > $GEN_CFG_PATH/nginx.conf -} - -# -# body -# - -message info "Nexus will be installed into this directory: $(pwd)" - -if ! [ -f ./local_repo.conf ]; then - printf "[?] > Do you want continue? (if no, hit CTRL+C): " - read x -fi - -message info "Reading configuration" -get_configuration - -mkdir -p "$CERTS_TARGET_PATH" -mkdir -p "$NGINX_LOG_DIR" -mkdir -p "$GEN_CFG_PATH" -if [ "$IS_SELF_EXTRACT" = YES ] ; then - message info "Now I will untar the resources" - message info "This may take a long time..." - sleep 3s - may_self_extract -fi - -# -echo "Cleanup docker (if installed)" -docker rm -f nginx 1> /dev/null 2>&1 || true -docker rm -f nexus 1> /dev/null 2>&1 || true - -install_files -install_packages "$OS_ID" -setup_vnc_server - -update_hosts - -# TODO -#check_dependencies - -echo "Restarting dnsmasq" -# TODO dnsmasq config? -systemctl enable dnsmasq -systemctl restart dnsmasq - -echo "** Generating config files to $GEN_CFG_PATH **" -echo "Configure ssl certificates" - -patch_conf_files -create_root_CA - -# create selfinstall CA cert -$BASH_SCRIPTS_DIR/tools/create_si_cacert_pkg.sh -# run generated file -./install_cacert.sh - -create_cert "nexus" - -echo "** Certificates finished **" - -update_docker_cfg - -echo "Restarting docker" -systemctl enable docker -systemctl restart docker - -update_firewall - -set +e - -echo "** Loading images **" -docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/sonatype_nexus3_latest.tar -docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/own_nginx_latest.tar - -start_nexus -start_nginx diff --git a/bash/tools/gather_data_lists.sh b/bash/tools/gather_data_lists.sh deleted file mode 100755 index 3e046cbe..00000000 --- a/bash/tools/gather_data_lists.sh +++ /dev/null @@ -1,34 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - -script_dir="$(dirname ${BASH_SOURCE[0]})" -tools=$(readlink -f "$script_dir") - -echo "WARNING: This script won't be used except rare internal usage, it's just illustrating how we collected lists of artifacts to be downloaded. It's already deprecated" - -TOOLS="$tools/creating_data" -export LISTS_DIR="$tools/data_list" -export ONAP_SERVERS="oom-beijing-postRC2-master oom-beijing-postRC2-compute1 oom-beijing-postRC2-compute2" -OOM_PATH="$tools/../../resources/oom" - -$TOOLS/remote-list-gathering.sh -$TOOLS/make-git-http-list.sh "$OOM_PATH" - - diff --git a/bash/tools/load_stored_offline_data.sh b/bash/tools/load_stored_offline_data.sh deleted file mode 100755 index c04e9893..00000000 --- a/bash/tools/load_stored_offline_data.sh +++ /dev/null @@ -1,87 +0,0 @@ -#! /usr/bin/env bash - -# COPYRIGHT NOTICE STARTS HERE -# -# Copyright 2018 © Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# COPYRIGHT NOTICE ENDS HERE - - -# boilerplate -RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' -if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then - SCRIPT_DIR=$(dirname "${0}") - LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") - . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh -fi - -tools="${LOCAL_PATH}" -message info "Reading configuration" -get_configuration - -CTOOLS="$tools/creating_data" -LISTS_DIR="$tools/data_list" -DATA_DIR="$tools/../../resources/offline_data" -export NEXUS_HOST="https://$NEXUS_FQDN" -NPM_REGISTRY="$NEXUS_HOST/repository/npm-private/" - -TOTAL=5 -CURR=1 - -message info "Loading started: $(date)" - -# backup config.json before we change it in docker-login -# however no use for restoring it found -mv ~/.docker/config.json ~/.docker/config.json_backup 2>/dev/null - -echo "[Step $((CURR++))/$TOTAL Setting-up docker login for inserting docker images]" -$CTOOLS/docker-login.sh - -echo "[Step $((CURR++))/$TOTAL Inserting docker images into local nexus]" -$CTOOLS/load-docker-images.sh "$DATA_DIR/docker_images_for_nexus" - -echo "[Step $((CURR++))/$TOTAL Setting-up npm for inserting npm pkgs into local nexus]" - -npm config set registry $NPM_REGISTRY - -/usr/bin/expect <&2 + ;; + warning) + echo 'WARNING [!]:' "$@" >&2 + ;; + error) + echo 'ERROR [!!]:' "$@" >&2 + return 1 + ;; + *) + echo 'UNKNOWN [?!]:' "$@" >&2 + return 2 + ;; + esac + return 0 +} +export message + +# if the environment variable DEBUG is set to DEBUG-ONAP -> +# -> this function will print its arguments +# otherwise nothing is done +debug() { + [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@" +} +export debug + +fail() { + message error "$@" + exit 1 +} + +retry() { + local n=1 + local max=5 + while ! "$@"; do + if [ $n -lt $max ]; then + n=$((n + 1)) + message warning "Command ${@} failed. Attempt: $n/$max" + message info "waiting 10s for another try..." + sleep 10s + else + fail "Command ${@} failed after $n attempts. Better to abort now." + fi + done +} + diff --git a/bash/tools/creating_data/create_nginx_image/01create-image.sh b/build/creating_data/create_nginx_image/01create-image.sh similarity index 100% rename from bash/tools/creating_data/create_nginx_image/01create-image.sh rename to build/creating_data/create_nginx_image/01create-image.sh diff --git a/bash/tools/creating_data/create_nginx_image/Dockerfile b/build/creating_data/create_nginx_image/Dockerfile similarity index 84% rename from bash/tools/creating_data/create_nginx_image/Dockerfile rename to build/creating_data/create_nginx_image/Dockerfile index 412d4edb..6a14f221 100644 --- a/bash/tools/creating_data/create_nginx_image/Dockerfile +++ b/build/creating_data/create_nginx_image/Dockerfile @@ -20,13 +20,8 @@ FROM nginx:alpine RUN apk add --no-cache --update fcgiwrap git git-daemon spawn-fcgi -#RUN mkdir /srv/http -#VOLUME ["/var/log/nginx"] - COPY gitconfig /etc/ -#COPY nginx.conf /etc/nginx/nginx.conf CMD spawn-fcgi -M 666 -s /var/run/fcgiwrap.socket /usr/bin/fcgiwrap && \ nginx -g "daemon off;" -#CMD ["spawn-fcgi","-M 666","-s /var/run/fcgiwrap.socket","/usr/sbin/fcgiwrap"] diff --git a/bash/tools/creating_data/create_nginx_image/gitconfig b/build/creating_data/create_nginx_image/gitconfig similarity index 100% rename from bash/tools/creating_data/create_nginx_image/gitconfig rename to build/creating_data/create_nginx_image/gitconfig diff --git a/bash/tools/creating_data/download-bin-tools.sh b/build/creating_data/download-bin-tools.sh similarity index 91% rename from bash/tools/creating_data/download-bin-tools.sh rename to build/creating_data/download-bin-tools.sh index b48cd2df..a0087517 100755 --- a/bash/tools/creating_data/download-bin-tools.sh +++ b/build/creating_data/download-bin-tools.sh @@ -34,9 +34,6 @@ download() { curl --retry 5 -y 10 -Y 10 --location "$url" -o "$file" } -download "https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64" -mv ./jq-linux64 ./jq - download "https://storage.googleapis.com/kubernetes-release/release/v1.8.10/bin/linux/amd64/kubectl" download "https://storage.googleapis.com/kubernetes-helm/helm-v2.8.2-linux-amd64.tar.gz" @@ -48,4 +45,4 @@ tar -xf ./rancher-linux-amd64-v0.6.7.tar.gz ./rancher-v0.6.7/rancher -O > ranche rm ./rancher-linux-amd64-v0.6.7.tar.gz -chmod a+x ./helm ./jq ./kubectl ./rancher +chmod a+x ./helm ./kubectl ./rancher diff --git a/bash/tools/creating_data/download-docker-images.sh b/build/creating_data/download-docker-images.sh similarity index 100% rename from bash/tools/creating_data/download-docker-images.sh rename to build/creating_data/download-docker-images.sh diff --git a/bash/tools/creating_data/download-files.sh b/build/creating_data/download-files.sh similarity index 100% rename from bash/tools/creating_data/download-files.sh rename to build/creating_data/download-files.sh diff --git a/bash/tools/creating_data/download-git-repos.sh b/build/creating_data/download-git-repos.sh similarity index 100% rename from bash/tools/creating_data/download-git-repos.sh rename to build/creating_data/download-git-repos.sh diff --git a/bash/tools/creating_data/download-http-files.sh b/build/creating_data/download-http-files.sh similarity index 100% rename from bash/tools/creating_data/download-http-files.sh rename to build/creating_data/download-http-files.sh diff --git a/bash/tools/creating_data/download-npm-pkgs.sh b/build/creating_data/download-npm-pkgs.sh similarity index 100% rename from bash/tools/creating_data/download-npm-pkgs.sh rename to build/creating_data/download-npm-pkgs.sh diff --git a/bash/tools/creating_data/download-oom.sh b/build/creating_data/download-oom.sh similarity index 100% rename from bash/tools/creating_data/download-oom.sh rename to build/creating_data/download-oom.sh diff --git a/bash/tools/creating_data/download-pip.sh b/build/creating_data/download-pip.sh similarity index 100% rename from bash/tools/creating_data/download-pip.sh rename to build/creating_data/download-pip.sh diff --git a/bash/tools/creating_data/download-pkg.sh b/build/creating_data/download-pkg.sh similarity index 100% rename from bash/tools/creating_data/download-pkg.sh rename to build/creating_data/download-pkg.sh diff --git a/bash/tools/creating_data/make-docker-images-list.sh b/build/creating_data/make-docker-images-list.sh similarity index 100% rename from bash/tools/creating_data/make-docker-images-list.sh rename to build/creating_data/make-docker-images-list.sh diff --git a/bash/tools/creating_data/make-git-http-list.sh b/build/creating_data/make-git-http-list.sh similarity index 100% rename from bash/tools/creating_data/make-git-http-list.sh rename to build/creating_data/make-git-http-list.sh diff --git a/bash/tools/creating_data/make-npm-list.sh b/build/creating_data/make-npm-list.sh similarity index 100% rename from bash/tools/creating_data/make-npm-list.sh rename to build/creating_data/make-npm-list.sh diff --git a/bash/tools/creating_data/remote-list-gathering.sh b/build/creating_data/remote-list-gathering.sh similarity index 94% rename from bash/tools/creating_data/remote-list-gathering.sh rename to build/creating_data/remote-list-gathering.sh index 73fb164a..dde1e0f5 100755 --- a/bash/tools/creating_data/remote-list-gathering.sh +++ b/build/creating_data/remote-list-gathering.sh @@ -18,7 +18,6 @@ if [[ -z "$ONAP_SERVERS" ]]; then -# ONAP_SERVERS="oom-beijing-postRC2-master oom-beijing-postRC2-compute1 oom-beijing-postRC2-compute2" echo "Missing environment ONAP_SERVERS" exit 1 fi diff --git a/bash/tools/creating_data/save-docker-images.sh b/build/creating_data/save-docker-images.sh similarity index 100% rename from bash/tools/creating_data/save-docker-images.sh rename to build/creating_data/save-docker-images.sh diff --git a/bash/tools/data_list/docker_image_list.txt b/build/data_list/docker_image_list.txt similarity index 100% rename from bash/tools/data_list/docker_image_list.txt rename to build/data_list/docker_image_list.txt diff --git a/bash/tools/data_list/docker_manual_image_list.txt b/build/data_list/docker_manual_image_list.txt similarity index 100% rename from bash/tools/data_list/docker_manual_image_list.txt rename to build/data_list/docker_manual_image_list.txt diff --git a/bash/tools/data_list/git_manual_list b/build/data_list/git_manual_list similarity index 100% rename from bash/tools/data_list/git_manual_list rename to build/data_list/git_manual_list diff --git a/bash/tools/data_list/git_repos_list b/build/data_list/git_repos_list similarity index 100% rename from bash/tools/data_list/git_repos_list rename to build/data_list/git_repos_list diff --git a/bash/tools/data_list/http_manual_list.txt b/build/data_list/http_manual_list.txt similarity index 100% rename from bash/tools/data_list/http_manual_list.txt rename to build/data_list/http_manual_list.txt diff --git a/bash/tools/data_list/npm_list.txt b/build/data_list/npm_list.txt similarity index 100% rename from bash/tools/data_list/npm_list.txt rename to build/data_list/npm_list.txt diff --git a/bash/tools/data_list/pip_list.txt b/build/data_list/pip_list.txt similarity index 100% rename from bash/tools/data_list/pip_list.txt rename to build/data_list/pip_list.txt diff --git a/bash/tools/data_list/pkg_list.txt b/build/data_list/pkg_list.txt similarity index 100% rename from bash/tools/data_list/pkg_list.txt rename to build/data_list/pkg_list.txt diff --git a/bash/tools/delete-local-images.sh b/build/delete-local-images.sh similarity index 100% rename from bash/tools/delete-local-images.sh rename to build/delete-local-images.sh diff --git a/bash/tools/download_offline_data_by_lists.sh b/build/download_offline_data_by_lists.sh similarity index 95% rename from bash/tools/download_offline_data_by_lists.sh rename to build/download_offline_data_by_lists.sh index 24cd5789..ff519212 100755 --- a/bash/tools/download_offline_data_by_lists.sh +++ b/build/download_offline_data_by_lists.sh @@ -32,7 +32,7 @@ fi CTOOLS="${LOCAL_PATH}/creating_data" LISTS_DIR="${LOCAL_PATH}/data_list" -DATA_DIR="${LOCAL_PATH}/../../resources" +DATA_DIR="${LOCAL_PATH}/../resources" TOTAL=12 CURR=1 @@ -71,7 +71,7 @@ echo "[Step $((CURR++))/$TOTAL Download rhel pkgs]" $CTOOLS/download-pkg.sh "$DATA_DIR/pkg/rhel" echo "[Step $((CURR++))/$TOTAL Download oom]" -$CTOOLS/download-oom.sh "$DATA_DIR" "${LOCAL_PATH}/../../patches/offline-changes.patch" +$CTOOLS/download-oom.sh "$DATA_DIR" "${LOCAL_PATH}/../patches/offline-changes.patch" echo "[Step $((CURR++))/$TOTAL Download sdnc-ansible-server packages]" $CTOOLS/download-pip.sh "$LISTS_DIR/pip_list.txt" "$DATA_DIR/pkg/ubuntu/ansible_pkg" diff --git a/cfg/cacert.cnf b/cfg/cacert.cnf deleted file mode 100644 index a6917ca9..00000000 --- a/cfg/cacert.cnf +++ /dev/null @@ -1,113 +0,0 @@ -[ ca ] -# `man ca` -default_ca = CA_default - -[ CA_default ] -# Directory and file locations. -dir = ./ -certs = $dir/certs -crl_dir = $dir/crl -new_certs_dir = $dir/newcerts -database = $dir/index.txt -serial = $dir/serial -RANDFILE = $dir/private/.rand - -# The root key and root certificate. -private_key = $dir/private/ca.key.pem -certificate = $dir/certs/ca.cert.pem - -# For certificate revocation lists. -crlnumber = $dir/crlnumber -crl = $dir/crl/ca.crl.pem -crl_extensions = crl_ext -default_crl_days = 30 - -# SHA-1 is deprecated, so use SHA-2 instead. -default_md = sha256 - -name_opt = ca_default -cert_opt = ca_default -default_days = 3750 -preserve = no -policy = policy_strict - -[ policy_strict ] -# The root CA should only sign intermediate certificates that match. -# See the POLICY FORMAT section of `man ca`. -countryName = match -organizationName = match -commonName = supplied - -[ policy_loose ] -# Allow the intermediate CA to sign a more diverse range of certificates. -# See the POLICY FORMAT section of the `ca` man page. -countryName = optional -localityName = optional -organizationName = optional -commonName = supplied - -[ req ] -# Options for the `req` tool (`man req`). -default_bits = 4096 -distinguished_name = req_distinguished_name -string_mask = utf8only -prompt = no - -# SHA-1 is deprecated, so use SHA-2 instead. -default_md = sha256 - -# Extension to add when the -x509 option is used. -x509_extensions = v3_ca - -[ req_distinguished_name ] -# Optionally, specify some defaults. -countryName = PL -localityName = Krakow -organizationName = Samsung -commonName = onap - -[ v3_ca ] -# Extensions for a typical CA (`man x509v3_config`). -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -basicConstraints = critical, CA:true -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -[ v3_intermediate_ca ] -# Extensions for a typical intermediate CA (`man x509v3_config`). -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -basicConstraints = critical, CA:true, pathlen:0 -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -[ usr_cert ] -# Extensions for client certificates (`man x509v3_config`). -basicConstraints = CA:FALSE -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer -keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, emailProtection - -[ server_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = CA:FALSE -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth - -[ crl_ext ] -# Extension for CRLs (`man x509v3_config`). -authorityKeyIdentifier=keyid:always - -[ ocsp ] -# Extension for OCSP signing certificates (`man ocsp`). -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer -keyUsage = critical, digitalSignature -extendedKeyUsage = critical, OCSPSigning diff --git a/cfg/full_depl_values.yaml b/cfg/full_depl_values.yaml deleted file mode 100644 index b16354e9..00000000 --- a/cfg/full_depl_values.yaml +++ /dev/null @@ -1,158 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration overrides. -# -# These overrides will affect all helm charts (ie. applications) -# that are listed below and are 'enabled'. -################################################################# -global: - # Change to an unused port prefix range to prevent port conflicts - # with other instances running within the same k8s cluster - nodePortPrefix: 302 - - # ONAP Repository - # Uncomment the following to enable the use of a single docker - # repository but ONLY if your repository mirrors all ONAP - # docker images. This includes all images from dockerhub and - # any other repository that hosts images for ONAP components. - #repository: nexus3.onap.org:10001 - repositoryCred: - user: docker - password: docker - - # readiness check - temporary repo until images migrated to nexus3 - readinessRepository: oomk8s - # logging agent - temporary repo until images migrated to nexus3 - loggingRepository: docker.elastic.co - - # image pull policy - #pullPolicy: Always - pullPolicy: IfNotPresent - - # default mount path root directory referenced - # by persistent volumes and log files - persistence: - mountPath: /dockerdata-nfs - - # flag to enable debugging - application support required - debugEnabled: false - -# Repository for creation of nexus3.onap.org secret -repository: nexus3.onap.org:10001 - - -################################################################# -# Enable/disable and configure helm charts (ie. applications) -# to customize the ONAP deployment. -################################################################# -aaf: - enabled: true -aai: - enabled: true -appc: - enabled: true - config: - openStackType: OpenStackProvider - openStackName: OpenStack - openStackKeyStoneUrl: FILL-ME - openStackServiceTenantName: FILL-ME - openStackDomain: FILL-ME - openStackUserName: FILL-ME - openStackEncryptedPassword: FILL-ME -clamp: - enabled: true -cli: - enabled: true -consul: - enabled: true -dcaegen2: - enabled: true -dmaap: - enabled: true -esr: - enabled: true -log: - enabled: true -sniro-emulator: - enabled: true -oof: - enabled: true -msb: - enabled: true -multicloud: - enabled: true -nbi: - enabled: true - config: - # openstack configuration - openStackUserName: "FILL-ME" - openStackRegion: "FILL-ME" - openStackKeyStoneUrl: "FILL-ME" - openStackServiceTenantName: "FILL-ME" - openStackEncryptedPasswordHere: "FILL-ME" -policy: - enabled: true -portal: - enabled: true -robot: - enabled: true -sdc: - enabled: true -sdnc: - enabled: true - - replicaCount: 1 - - config: - enableClustering: false - - mysql: - disableNfsProvisioner: true - replicaCount: 1 -so: - enabled: true - - replicaCount: 1 - - liveness: - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - - # so server configuration - config: - # message router configuration - dmaapTopic: "AUTO" - # openstack configuration - openStackUserName: "FILL-ME" - openStackRegion: "FILL-ME" - openStackKeyStoneUrl: "FILL-ME" - openStackServiceTenantName: "FILL-ME" - openStackEncryptedPasswordHere: "FILL-ME" - - # configure embedded mariadb - mariadb: - config: - mariadbRootPassword: password -uui: - enabled: true -vfc: - enabled: true -vid: - enabled: true -vnfsdk: - enabled: true - diff --git a/cfg/nexus_cert.cnf b/cfg/nexus_cert.cnf deleted file mode 100644 index ab8d5477..00000000 --- a/cfg/nexus_cert.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = 4096 -default_keyfile = server-key.pem -distinguished_name = dn -#req_extensions = v3_req -x509_extensions = v3_req -string_mask = utf8only -prompt = no -default_md = sha256 - -[ dn ] - -countryName = PL -localityName = Krakow -organizationName = Samsung -commonName = registry-1.docker.io -#emailAddress - -[ v3_req ] - -#subjectKeyIdentifier = hash -#authorityKeyIdentifier = keyid,issuer - -basicConstraints = CA:FALSE -keyUsage = critical, keyAgreement, nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth -# does not work here because of bug in openssl -#subjectAltName = @alternate_names -nsComment = "OpenSSL Generated Certificate" - -#[ alternate_names ] - -#DNS.4 = ftp.example.com diff --git a/cfg/nginx.conf b/cfg/nginx.conf deleted file mode 100644 index 7317d3f2..00000000 --- a/cfg/nginx.conf +++ /dev/null @@ -1,110 +0,0 @@ -worker_processes 2; - -events { - worker_connections 1024; -} - -http { - error_log /var/log/nginx/error.log debug; - access_log /var/log/nginx/access.log; - - proxy_intercept_errors on; - proxy_send_timeout 120; - proxy_read_timeout 300; - - upstream nexus { - server nexus:8081; - } - - upstream registry { - server nexus:8082; - } - -# http simulations - server { - listen 80; - listen 443 ssl; - server_name _; - ssl_certificate /etc/nginx/certs/nexus_server.crt; - ssl_certificate_key /etc/nginx/certs/nexus_server.key; - - keepalive_timeout 5 5; - - location / { - root /srv/http/$host; - index index.html; - } - } - -# nexus simulations - server { - listen 80; - listen 443 ssl; - server_name nexus.student12 gcr.io registry-1.docker.io docker.io registry.npmjs.org nexus3.onap.org docker.elastic.co registry.hub.docker.com; - ssl_certificate /etc/nginx/certs/nexus_server.crt; - ssl_certificate_key /etc/nginx/certs/nexus_server.key; - - keepalive_timeout 5 5; - proxy_buffering off; - - # allow large uploads - client_max_body_size 3G; - - location /maven2 { - rewrite /maven2/(.*) /repository/maven2/$1 break; - # redirect to docker registry - proxy_pass http://nexus; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location / { - # redirect to docker registry - if ($http_user_agent ~ docker ) { - proxy_pass http://registry; - } - proxy_pass http://nexus; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - -# git simulations - server { - listen 80; - listen 443 ssl; - server_name gerrit.onap.org git.rancher.io github.com; - ssl_certificate /etc/nginx/certs/nexus_server.crt; - ssl_certificate_key /etc/nginx/certs/nexus_server.key; - - keepalive_timeout 5 5; - proxy_buffering off; - - location / { - try_files $uri $uri/ @git; - } - - location @git { - - # Set chunks to unlimited, as the body's can be huge - client_max_body_size 0; - - fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_param PATH_INFO $uri; - - include fastcgi_params; - - fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/; - - # Forward REMOTE_USER as we want to know when we are authenticated - fastcgi_param REMOTE_USER $remote_user; - - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - } -} diff --git a/cfg/v3.ext b/cfg/v3.ext deleted file mode 100644 index b4a6e433..00000000 --- a/cfg/v3.ext +++ /dev/null @@ -1,24 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = nexus.student12 -DNS.2 = gcr.io -DNS.3 = git.rancher.io -DNS.4 = gerrit.onap.org -DNS.5 = registry-1.docker.io -DNS.6 = docker.io -DNS.7 = registry.npmjs.org -DNS.8 = nexus3.onap.org -DNS.9 = nexus.onap.org -DNS.10 = docker.elastic.co -DNS.11 = www.getcloudify.org -DNS.12 = registry.hub.docker.com -DNS.13 = github.com -DNS.14 = repo.maven.apache.org -DNS.15 = www.springframework.org -DNS.16 = repo1.maven.org -DNS.17 = git.onap.org - -- 2.16.6