From ec7c75e84977916ae0262c10a0f4401d946e4dfd Mon Sep 17 00:00:00 2001
From: "Agarwal, Ruchira (ra1926)" <ra1926@att.com>
Date: Tue, 1 Oct 2019 17:36:24 +0000
Subject: [PATCH] aaf auto cert generation

Add support for AAF init container for config and cert generation

Issue-ID: SDNC-755
Signed-off-by: Agarwal, Ruchira (ra1926) <ra1926@att.com>
Change-Id: I06ee7921b6dbb1b4b9ca64cf276a374256af3a45
Signed-off-by: Agarwal, Ruchira (ra1926) <ra1926@att.com>
---
 kubernetes/sdnc/resources/config/bin/startODL.sh | 21 ++++++++-
 kubernetes/sdnc/resources/env.yaml               |  1 +
 kubernetes/sdnc/templates/secret-aaf.yaml        | 15 +++++++
 kubernetes/sdnc/templates/service.yaml           |  5 +++
 kubernetes/sdnc/templates/statefulset.yaml       | 55 ++++++++++++++++++++++++
 kubernetes/sdnc/values.yaml                      | 14 +++++-
 6 files changed, 108 insertions(+), 3 deletions(-)
 create mode 100644 kubernetes/sdnc/templates/secret-aaf.yaml

diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh
index 5586ebbca6..5f5f811fd0 100755
--- a/kubernetes/sdnc/resources/config/bin/startODL.sh
+++ b/kubernetes/sdnc/resources/config/bin/startODL.sh
@@ -120,6 +120,7 @@ SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
 CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
 ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
 GEO_ENABLED=${GEO_ENABLED:-false}
+SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
 SDNRWT=${SDNRWT:-false}
 SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
 export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
@@ -128,8 +129,24 @@ echo "Settings:"
 echo "  ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
 echo "  SDNC_REPLICAS=$SDNC_REPLICAS"
 echo "  SDNRWT=$SDNRWT"
-
-
+echo "  AAF_ENABLED=$SDNC_AAF_ENABLED"
+
+
+if $SDNC_AAF_ENABLED; then
+	export SDNC_STORE_DIR=/opt/app/osaaf/local
+	export SDNC_CONFIG_DIR=/opt/app/osaaf/local
+	export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
+	export SDNC_KEYSTORE=org.onap.sdnc.p12
+	sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
+	echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+
+	sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
+	sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
+	sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
+	echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+	echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+	echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+fi
 
 if [ ! -f ${SDNC_HOME}/.installed ]
 then
diff --git a/kubernetes/sdnc/resources/env.yaml b/kubernetes/sdnc/resources/env.yaml
index 2ad42f79a6..6e38ae99d6 100644
--- a/kubernetes/sdnc/resources/env.yaml
+++ b/kubernetes/sdnc/resources/env.yaml
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}"
 SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}"
 SDNC_IS_PRIMARY_CLUSTER: "{{ .Values.config.isPrimaryCluster }}"
 SDNC_ODL_COUNT: "{{ .Values.replicaCount }}"
diff --git a/kubernetes/sdnc/templates/secret-aaf.yaml b/kubernetes/sdnc/templates/secret-aaf.yaml
new file mode 100644
index 0000000000..cd2e539b28
--- /dev/null
+++ b/kubernetes/sdnc/templates/secret-aaf.yaml
@@ -0,0 +1,15 @@
+{{ if .Values.global.aafEnabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-aaf
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.fullname" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+ aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }}
+{{ end }}
diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml
index db6d73a3c5..d2136ccb0b 100644
--- a/kubernetes/sdnc/templates/service.yaml
+++ b/kubernetes/sdnc/templates/service.yaml
@@ -40,6 +40,9 @@ spec:
     {{if eq .Values.service.type "NodePort" -}}
     - port: {{ .Values.service.externalPort }}
       targetPort: {{ .Values.service.internalPort }}
+      {{ if not .Values.global.aafEnabled }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+      {{ end }}
       name: "{{ .Values.service.portName }}-8282"
     - port: {{ .Values.service.externalPort2 }}
       targetPort: {{ .Values.service.internalPort2 }}
@@ -50,7 +53,9 @@ spec:
       name: "{{ .Values.service.portName }}-8280"
     - port: {{ .Values.service.externalPort4 }}
       targetPort: {{ .Values.service.internalPort4 }}
+      {{ if .Values.global.aafEnabled }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+      {{ end }}
       name: "{{ .Values.service.portName }}-8443"
     {{- else -}}
     - port: {{ .Values.service.externalPort }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 4ab8d1ccfe..536eaaf552 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -47,6 +47,59 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      {{ if .Values.global.aafEnabled }}
+      - name: {{ include "common.name" . }}-aaf-readiness
+        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - /root/ready.py
+        args:
+        - --container-name
+        - aaf-locate
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-aaf
+        image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+          - mountPath: {{ .Values.certpersistence.certPath }}
+            name: {{ include "common.fullname" . }}-certs
+        command:
+        - bash
+        - -c
+        - |
+          /opt/app/aaf_config/bin/agent.sh &&
+          cd /opt/app/osaaf/local &&
+          /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1
+        env:
+          - name: APP_FQI
+            value: "{{ .Values.aaf_init.fqi }}"
+          - name: aaf_locate_url
+            value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+          - name: aaf_locator_container
+            value: "oom"
+          - name: aaf_locator_container_ns
+            value: "{{ .Release.Namespace }}"
+          - name: aaf_locator_fqdn
+            value: "{{ .Values.aaf_init.fqdn }}"
+          - name: aaf_locator_app_ns
+            value: "{{ .Values.aaf_init.app_ns }}"
+          - name: DEPLOY_FQI
+            value: "{{ .Values.aaf_init.deploy_fqi }}"
+          - name: DEPLOY_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "common.fullname" .}}-aaf
+                key: aaf-password
+          - name: cadi_longitude
+            value: "{{ .Values.aaf_init.cadi_longitude }}"
+          - name: cadi_latitude
+            value: "{{ .Values.aaf_init.cadi_latitude }}"
+      {{ end }}
       - name: {{ include "common.name" . }}-chown
         image: "busybox"
         command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certpersistence.certPath }}"]
@@ -99,6 +152,8 @@ spec:
               value: "{{ .Values.config.isPrimaryCluster }}"
             - name: GEO_ENABLED
               value: "{{ .Values.config.geoEnabled}}"
+            - name: SDNC_AAF_ENABLED
+              value: "{{ .Values.global.aafEnabled}}"
             - name: SDNC_REPLICAS
               value: "{{ .Values.replicaCount }}"
             - name: MYSQL_HOST
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 555409f747..4447a7dfaa 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -25,6 +25,7 @@ global:
   loggingImage: beats/filebeat:5.5.0
   persistence:
     mountPath: /dockerdata-nfs
+  aafEnabled: true
 
 #################################################################
 # Application configuration defaults.
@@ -102,6 +103,17 @@ config:
     internalPort: 3306
 
 # dependency / sub-chart configuration
+aaf_init:
+  agentImage: onap/aaf/aaf_agent:2.1.15
+  app_ns: "org.osaaf.aaf"
+  fqi: "sdnc@sdnc.onap.org"
+  fqdn: "sdnc"
+  public_fqdn: "sdnc.onap.org"
+  deploy_fqi: "deployer@people.osaaf.org"
+  deploy_pass: "demo123456!"
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+
 cds:
   enabled: false
 
@@ -250,7 +262,7 @@ certpersistence:
   size: 50Mi
   mountPath: /dockerdata-nfs
   mountSubPath: sdnc/certs
-  certPath: /opt/opendaylight/current/certs
+  certPath: /opt/app/osaaf
   ##storageClass: "manual"
 
 ingress:
-- 
2.16.6