From 7bf306eeb0f6be832558c6edb48b78f5909b2831 Mon Sep 17 00:00:00 2001 From: "guillaume.lambert" Date: Wed, 8 Sep 2021 12:03:22 +0200 Subject: [PATCH] [COMMON] Replace tabs by 4 ws in shell scripts with the following command $ find . -not -path '*/\.*' -name *.sh -exec sed -i 's/\t/ /g' {} + then realign manually what deserves it and in particular, unindent some EOF scripting tags so they do not trigger errors. Issue-ID: OOM-2643 Signed-off-by: guillaume.lambert Change-Id: Ibfa463ec8083d5a39de18a54d9c1d8746710fe03 --- kubernetes/common/cassandra/resources/restore.sh | 88 ++-- kubernetes/config/prepull_docker.sh | 2 +- .../deploy_dns.sh | 82 +-- .../install-metallb-on-cluster.sh | 42 +- kubernetes/helm/plugins/deploy/deploy.sh | 16 +- .../msb-consul/resources/docker-entrypoint.sh | 2 +- kubernetes/policy/resources/config/db.sh | 4 +- .../resources/config/mariadb/docker-entrypoint.sh | 554 ++++++++++----------- kubernetes/robot/demo-k8s.sh | 250 +++++----- .../robot/scripts/etescript/hvves-etescript.sh | 34 +- .../robot/scripts/etescript/security-etescript.sh | 18 +- .../sdnc/resources/config/bin/createLinks.sh | 7 +- .../sdnc/resources/config/bin/installSdncDb.sh | 3 +- .../98-create-so-user.sh | 2 +- .../99-create-so-admin.sh | 2 +- .../docker-files/scripts/start-jboss-server.sh | 6 +- 16 files changed, 555 insertions(+), 557 deletions(-) diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh index 7f271d262f..0df2d79fc6 100644 --- a/kubernetes/common/cassandra/resources/restore.sh +++ b/kubernetes/common/cassandra/resources/restore.sh @@ -20,25 +20,25 @@ find_target_table_name () print_usage () { - echo "NAME" - echo " Script to restore Cassandra database from Nuvo/Cain snapshot" - echo "SYNOPSIS" - echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]" - echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name" - echo "DESCRIPTION" - echo " --base_db_dir, -b" - echo " Location of running Cassandra database" - echo " --snapshot_dir, -s" - echo " Snapshot location of Cassandra database taken by Nuvo/Cain" - echo " --keyspace, -k" - echo " Name of the keyspace to restore" - echo "EXAMPLE" - echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567" - exit + echo "NAME" + echo " Script to restore Cassandra database from Nuvo/Cain snapshot" + echo "SYNOPSIS" + echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]" + echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name" + echo "DESCRIPTION" + echo " --base_db_dir, -b" + echo " Location of running Cassandra database" + echo " --snapshot_dir, -s" + echo " Snapshot location of Cassandra database taken by Nuvo/Cain" + echo " --keyspace, -k" + echo " Name of the keyspace to restore" + echo "EXAMPLE" + echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567" + exit } if [ $# -eq 0 ] then - print_usage + print_usage fi while [ $# -gt 0 ] @@ -47,40 +47,40 @@ key="$1" shift case $key in - -h|--help) - print_usage - ;; - -b|--base_db_dir) - base_db_dir="$1" - shift - ;; - -s|--snapshot_dir) - ss_dir="$1" - shift - ;; - -k|--keyspace) - keyspace_name="$1" - ;; - -t|--tag) - tag_name="$1" - ;; - --default) - DEFAULT=YES - shift - ;; - *) - # unknown option - ;; + -h|--help) + print_usage + ;; + -b|--base_db_dir) + base_db_dir="$1" + shift + ;; + -s|--snapshot_dir) + ss_dir="$1" + shift + ;; + -k|--keyspace) + keyspace_name="$1" + ;; + -t|--tag) + tag_name="$1" + ;; + --default) + DEFAULT=YES + shift + ;; + *) + # unknown option + ;; esac done # Validate inputs if [ "$base_db_dir" = "" ] || [ "$ss_dir" = "" ] || [ "$keyspace_name" = "" ] then - echo "" - echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>" - echo "" - print_usage + echo "" + echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>" + echo "" + print_usage fi # Remove commit logs from current data dir diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh index efd0bd14d3..54d7a2d7ff 100755 --- a/kubernetes/config/prepull_docker.sh +++ b/kubernetes/config/prepull_docker.sh @@ -110,7 +110,7 @@ do #remove attional prefix and postfix imageNameFinal=`echo "$imageName" | sed -e 's/^"//' -e 's/"$//' ` - #check if line contain Version as a subtag in lines if yes then call docker pull with version + #check if line contain Version as a subtag in lines if yes then call docker pull with version if echo $line | grep -q $IMAGE_VERSION_TEXT ; then echo docker pull "$imageNameWithVersion":"$imageNameFinal" docker pull $imageNameWithVersion:$imageNameFinal & diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh index 460c046632..7e9077d972 100755 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -24,9 +24,9 @@ SPATH="$( dirname "$( which "$0" )" )" usage() { cat << ==usage $0 [cluster_domain] [lb_ip] [helm_chart_args] ... - [cluster_domain] Default value simpledemo.onap.org - [lb_ip] Default value LoadBalancer IP - [helm_chart_args] ... Optional arguments passed to helm install command + [cluster_domain] Default value simpledemo.onap.org + [lb_ip] Default value LoadBalancer IP + [helm_chart_args] ... Optional arguments passed to helm install command $0 --help This message $0 --info Display howto configure target machine ==usage @@ -37,10 +37,10 @@ target_machine_notice_info() { cat << ==infodeploy Extra DNS server already deployed: 1. You can add the DNS server to the target machine using following commands: - sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT - sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT - sudo sysctl -w net.ipv4.conf.all.route_localnet=1 - sudo sysctl -w net.ipv4.ip_forward=1 + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine ==infodeploy } @@ -48,51 +48,51 @@ Extra DNS server already deployed: list_node_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') - for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') - if [ $internal_ip != $external_ip ]; then - echo $external_ip - break - fi - done + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + break + fi + done } ingress_controller_ip() { - local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) - if [ -z $metal_ns ]; then - echo $CLUSTER_IP - else - list_node_with_external_addrs - fi + local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) + if [ -z $metal_ns ]; then + echo $CLUSTER_IP + else + list_node_with_external_addrs + fi } deploy() { - local ingress_ip=$(ingress_controller_ip) - initdir = $(pwd) - cd $SPATH/bind9dns - if [ $# -eq 0 ]; then - local cl_domain="simpledemo.onap.org" - else - local cl_domain=$1 - shift - fi - if [ $# -ne 0 ]; then - ingress_ip=$1 - shift - fi - helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ - cd $initdir - target_machine_notice_info + local ingress_ip=$(ingress_controller_ip) + initdir = $(pwd) + cd $SPATH/bind9dns + if [ $# -eq 0 ]; then + local cl_domain="simpledemo.onap.org" + else + local cl_domain=$1 + shift + fi + if [ $# -ne 0 ]; then + ingress_ip=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ + cd $initdir + target_machine_notice_info } if [ $# -eq 1 ] && [ "$1" = "-h" ]; then - usage + usage elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then - usage + usage elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then target_machine_notice_info else - deploy $@ + deploy $@ fi diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh index bf2bc121a7..ce5a19ba25 100755 --- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh +++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh @@ -27,14 +27,14 @@ $0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges find_nodes_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') - for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') - if [ $internal_ip != $external_ip ]; then - echo $external_ip - fi - done + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + fi + done } generate_config_map() @@ -56,32 +56,32 @@ CNFEOF } generate_config_from_single_addr() { - generate_config_map "$1 - $1" + generate_config_map "$1 - $1" } install_metallb() { - kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml - kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml - # Only when install - kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml + # Only when install + kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" } automatic_configuration() { - install_metallb - generate_config_from_single_addr $(find_nodes_with_external_addrs) + install_metallb + generate_config_from_single_addr $(find_nodes_with_external_addrs) } manual_configuration() { - install_metallb - generate_config_map $@ + install_metallb + generate_config_map $@ } if [ $# -eq 1 ] && [ "$1" = "-h" ]; then - usage + usage if [ $# -eq 1 ] && [ "$1" = "--help" ]; then - usage + usage elif [ $# -eq 0 ]; then - automatic_configuration + automatic_configuration else - manual_configuration $@ + manual_configuration $@ fi diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 2182dde1d6..5820e77521 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -22,13 +22,13 @@ You can specify the '--values'/'-f' flag multiple times. The priority will be gi last (right-most) file specified. For example, if both myvalues.yaml and override.yaml contained a key called 'Test', the value set in override.yaml would take precedence: - $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml + $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml You can specify the '--set' flag multiple times. The priority will be given to the last (right-most) set specified. For example, if both 'bar' and 'newbar' values are set for a key called 'foo', the 'newbar' value would take precedence: - $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false + $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false Usage: helm deploy [RELEASE] [CHART] [flags] @@ -242,17 +242,17 @@ deploy() { else echo "release \"${RELEASE}-${subchart}\" deployed" fi - # Add annotation last-applied-configuration if set-last-applied flag is set + # Add annotation last-applied-configuration if set-last-applied flag is set if [ "$SET_LAST_APPLIED" = "true" ]; then helm get manifest "${RELEASE}-${subchart}" \ | kubectl apply set-last-applied --create-annotation -n onap -f - \ - > $LOG_FILE.log 2>&1 + > $LOG_FILE.log 2>&1 fi fi - if [ "$DELAY" = "true" ]; then - echo sleep 3m - sleep 180 - fi + if [ "$DELAY" = "true" ]; then + echo sleep 3m + sleep 180 + fi else array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) n=${#array[*]} diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh index cbcbf7a8bf..2b42402102 100755 --- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh +++ b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh @@ -48,7 +48,7 @@ CONSUL_CONFIG_DIR=/consul/config # You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some # Consul configuration JSON without having to bind any volumes. if [ -n "$CONSUL_LOCAL_CONFIG" ]; then - echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json" + echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json" fi # If the user is trying to run Consul directly with some arguments, then diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 90c987984f..08d84928e1 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -20,8 +20,8 @@ mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory do - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" done mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index f5dcbff6bf..a363ab3bb0 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -5,18 +5,18 @@ shopt -s nullglob # logging functions mysql_log() { - local type="$1"; shift - printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" + local type="$1"; shift + printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" } mysql_note() { - mysql_log Note "$@" + mysql_log Note "$@" } mysql_warn() { - mysql_log Warn "$@" >&2 + mysql_log Warn "$@" >&2 } mysql_error() { - mysql_log ERROR "$@" >&2 - exit 1 + mysql_log ERROR "$@" >&2 + exit 1 } # usage: file_env VAR [DEFAULT] @@ -24,170 +24,170 @@ mysql_error() { # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - mysql_error "Both $var and $fileVar are set (but are exclusive)" - fi - local val="$def" - # val="${!var}" - # val="$(< "${!fileVar}")" - # eval replacement of the bashism equivalents above presents no security issue here - # since var and fileVar variables contents are derived from the file_env() function arguments. - # This method is only called inside this script with a limited number of possible values. - if [ "${!var:-}" ]; then - eval val=\$$var - elif [ "${!fileVar:-}" ]; then - val="$(< "$(eval echo "\$$fileVar")")" - fi - export "$var"="$val" - unset "$fileVar" + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + mysql_error "Both $var and $fileVar are set (but are exclusive)" + fi + local val="$def" + # val="${!var}" + # val="$(< "${!fileVar}")" + # eval replacement of the bashism equivalents above presents no security issue here + # since var and fileVar variables contents are derived from the file_env() function arguments. + # This method is only called inside this script with a limited number of possible values. + if [ "${!var:-}" ]; then + eval val=\$$var + elif [ "${!fileVar:-}" ]; then + val="$(< "$(eval echo "\$$fileVar")")" + fi + export "$var"="$val" + unset "$fileVar" } # check to see if this file is being run or sourced from another script _is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] } # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions docker_process_init_files() { - # mysql here for backwards compatibility "${mysql[@]}" - mysql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - mysql_note "$0: running $f" - "$f" - else - mysql_note "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; - *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) mysql_warn "$0: ignoring $f" ;; - esac - echo - done + # mysql here for backwards compatibility "${mysql[@]}" + mysql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + mysql_note "$0: running $f" + "$f" + else + mysql_note "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; + *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) mysql_warn "$0: ignoring $f" ;; + esac + echo + done } mysql_check_config() { - local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors" - fi + local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors + if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then + mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors" + fi } # Fetch value from server config # We use mysqld --verbose --help instead of my_print_defaults because the # latter only show values present in config files, and not server defaults mysql_get_config() { - local conf="$1"; shift - "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ - | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' - # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" + local conf="$1"; shift + "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ + | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" } # Do a temporary startup of the MySQL server, for init purposes docker_temp_server_start() { - "$@" --skip-networking --socket="${SOCKET}" & - mysql_note "Waiting for server startup" - local i - for i in $(seq 30 -1 0); do - # only use the root password if the database has already been initializaed - # so that it won't try to fill in a password file when it hasn't been set yet - extraArgs="" - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - extraArgs=${extraArgs}" --dont-use-mysql-root-password" - fi - if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then - break - fi - sleep 1 - done - if [ "$i" = 0 ]; then - mysql_error "Unable to start server." - fi + "$@" --skip-networking --socket="${SOCKET}" & + mysql_note "Waiting for server startup" + local i + for i in $(seq 30 -1 0); do + # only use the root password if the database has already been initializaed + # so that it won't try to fill in a password file when it hasn't been set yet + extraArgs="" + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + extraArgs=${extraArgs}" --dont-use-mysql-root-password" + fi + if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then + break + fi + sleep 1 + done + if [ "$i" = 0 ]; then + mysql_error "Unable to start server." + fi } # Stop the server. When using a local socket file mysqladmin will block until # the shutdown is complete. docker_temp_server_stop() { - if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then - mysql_error "Unable to shut down server." - fi + if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then + mysql_error "Unable to shut down server." + fi } # Verify that the minimally required password settings are set for new databases. docker_verify_minimum_env() { - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')" - fi + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')" + fi } # creates folders for the database # also ensures permission for user mysql of run as root docker_create_db_directories() { - local user; user="$(id -u)" + local user; user="$(id -u)" - # TODO other directories that are used by default? like /var/lib/mysql-files - # see https://github.com/docker-library/mysql/issues/562 - mkdir -p "$DATADIR" + # TODO other directories that are used by default? like /var/lib/mysql-files + # see https://github.com/docker-library/mysql/issues/562 + mkdir -p "$DATADIR" - if [ "$user" = "0" ]; then - # this will cause less disk access than `chown -R` - find "$DATADIR" \! -user mysql -exec chown mysql '{}' + - fi + if [ "$user" = "0" ]; then + # this will cause less disk access than `chown -R` + find "$DATADIR" \! -user mysql -exec chown mysql '{}' + + fi } # initializes the database directory docker_init_database_dir() { - mysql_note "Initializing database files" - installArgs=" --datadir=$DATADIR --rpm " - if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then - # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password - # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 - # (this flag doesn't exist in 10.0 and below) - installArgs=${installArgs}" --auth-root-authentication-method=normal" - fi - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')" - mysql_note "Database files initialized" + mysql_note "Initializing database files" + installArgs=" --datadir=$DATADIR --rpm " + if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then + # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password + # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 + # (this flag doesn't exist in 10.0 and below) + installArgs=${installArgs}" --auth-root-authentication-method=normal" + fi + # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) + mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')" + mysql_note "Database files initialized" } # Loads various settings that are used elsewhere in the script # This should be called after mysql_check_config, but before any other functions docker_setup_env() { - # Get config - declare -g DATADIR SOCKET - DATADIR="$(mysql_get_config 'datadir' "$@")" - SOCKET="$(mysql_get_config 'socket' "$@")" - - # Initialize values that might be stored in a file - file_env 'MYSQL_ROOT_HOST' '%' - file_env 'MYSQL_DATABASE' - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - file_env 'MYSQL_ROOT_PASSWORD' - file_env 'PORTAL_DB_TABLES' - - declare -g DATABASE_ALREADY_EXISTS - if [ -d "$DATADIR/mysql" ]; then - DATABASE_ALREADY_EXISTS='true' - fi + # Get config + declare -g DATADIR SOCKET + DATADIR="$(mysql_get_config 'datadir' "$@")" + SOCKET="$(mysql_get_config 'socket' "$@")" + + # Initialize values that might be stored in a file + file_env 'MYSQL_ROOT_HOST' '%' + file_env 'MYSQL_DATABASE' + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + file_env 'MYSQL_ROOT_PASSWORD' + file_env 'PORTAL_DB_TABLES' + + declare -g DATABASE_ALREADY_EXISTS + if [ -d "$DATADIR/mysql" ]; then + DATABASE_ALREADY_EXISTS='true' + fi } # Execute sql script, passed via stdin @@ -195,178 +195,178 @@ docker_setup_env() { # ie: docker_process_sql --database=mydb <<<'INSERT ...' # ie: docker_process_sql --dont-use-mysql-root-password --database=mydb /dev/null; then - set -- mysqld "$@" - fi - - # skip setup if they aren't running mysqld or want an option that stops mysqld - if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then - mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started." - - mysql_check_config "$@" - # Load various environment variables - docker_setup_env "$@" - docker_create_db_directories - - # If container is started as root user, restart as dedicated mysql user - if [ "$(id -u)" = "0" ]; then - mysql_note "Switching to dedicated user 'mysql'" - exec gosu mysql "$0" "$@" - fi - - # there's no database, so it needs to be initialized - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir "$@" - - mysql_note "Starting temporary server" - docker_temp_server_start "$@" - mysql_note "Temporary server started." - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g") - do - echo "Granting portal user ALL PRIVILEGES for table $i" - echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - done - - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" - - echo - mysql_note "MySQL init process done. Ready for start up." - echo - fi - fi - exec "$@" + # if command starts with an option, prepend mysqld + if echo "$1" | grep '^-' >/dev/null; then + set -- mysqld "$@" + fi + + # skip setup if they aren't running mysqld or want an option that stops mysqld + if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then + mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started." + + mysql_check_config "$@" + # Load various environment variables + docker_setup_env "$@" + docker_create_db_directories + + # If container is started as root user, restart as dedicated mysql user + if [ "$(id -u)" = "0" ]; then + mysql_note "Switching to dedicated user 'mysql'" + exec gosu mysql "$0" "$@" + fi + + # there's no database, so it needs to be initialized + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir "$@" + + mysql_note "Starting temporary server" + docker_temp_server_start "$@" + mysql_note "Temporary server started." + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g") + do + echo "Granting portal user ALL PRIVILEGES for table $i" + echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + done + + mysql_note "Stopping temporary server" + docker_temp_server_stop + mysql_note "Temporary server stopped" + + echo + mysql_note "MySQL init process done. Ready for start up." + echo + fi + fi + exec "$@" } # If we are sourced from elsewhere, don't perform any further actions if ! _is_sourced; then - _main "$@" + _main "$@" fi diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh index 0d30557220..37631bc673 100755 --- a/kubernetes/robot/demo-k8s.sh +++ b/kubernetes/robot/demo-k8s.sh @@ -19,46 +19,46 @@ # usage () { - echo "Usage: demo-k8s.sh [] [execscript]" - echo " " - echo " demo-k8s.sh init" - echo " - Execute both init_customer + distribute" - echo " " - echo " demo-k8s.sh init_customer" - echo " - Create demo customer (Demonstration) and services, etc." - echo " " - echo " demo-k8s.sh distribute []" - echo " - Distribute demo models (demoVFW and demoVLB)" - echo " " - echo " demo-k8s.sh preload " - echo " - Preload data for VNF for the " - echo " " - echo " demo-k8s.sh appc " - echo " - provide APPC with vFW module mount point for closed loop" - echo " " - echo " demo-k8s.sh init_robot [ ]" - echo " - Initialize robot after all ONAP VMs have started" - echo " " - echo " demo-k8s.sh instantiateVFW" - echo " - Instantiate vFW module for the demo customer (DemoCust)" - echo " " - echo " demo-k8s.sh instantiateVFWdirectso csar_filename" - echo " - Instantiate vFW module using direct SO interface using previously distributed model " + echo "Usage: demo-k8s.sh [] [execscript]" + echo " " + echo " demo-k8s.sh init" + echo " - Execute both init_customer + distribute" + echo " " + echo " demo-k8s.sh init_customer" + echo " - Create demo customer (Demonstration) and services, etc." + echo " " + echo " demo-k8s.sh distribute []" + echo " - Distribute demo models (demoVFW and demoVLB)" + echo " " + echo " demo-k8s.sh preload " + echo " - Preload data for VNF for the " + echo " " + echo " demo-k8s.sh appc " + echo " - provide APPC with vFW module mount point for closed loop" + echo " " + echo " demo-k8s.sh init_robot [ ]" + echo " - Initialize robot after all ONAP VMs have started" + echo " " + echo " demo-k8s.sh instantiateVFW" + echo " - Instantiate vFW module for the demo customer (DemoCust)" + echo " " + echo " demo-k8s.sh instantiateVFWdirectso csar_filename" + echo " - Instantiate vFW module using direct SO interface using previously distributed model " echo " that is in /tmp/csar in robot container" - echo " " + echo " " echo " demo-k8s.sh instantiateVLB_CDS" echo " - Instantiate vLB module using CDS with a preloaded CBA " echo " " - echo " demo-k8s.sh deleteVNF " - echo " - Delete the module created by instantiateVFW" - echo " " - echo " demo-k8s.sh vfwclosedloop " + echo " demo-k8s.sh deleteVNF " + echo " - Delete the module created by instantiateVFW" + echo " " + echo " demo-k8s.sh vfwclosedloop " echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy " echo " kicks in to modulate the rates back to medium" - echo " " - echo " demo-k8s.sh [] execscript" - echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory" - echo " " + echo " " + echo " demo-k8s.sh [] execscript" + echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory" + echo " " } # Check if execscript flag is used and drop it from input arguments @@ -74,8 +74,8 @@ echo "Number of parameters:" echo $# if [ $# -lt 2 ];then - usage - exit + usage + exit fi NAMESPACE=$1 @@ -86,80 +86,80 @@ shift ## while [ $# -gt 0 ] do - key="$1" + key="$1" echo "KEY:" echo $key - case $key in - init_robot) - TAG="UpdateWebPage" - echo "WEB Site Password for user 'test': " - stty -echo - read WEB_PASSWORD - stty echo - if [ "$WEB_PASSWORD" = "" ]; then - echo "" - echo "WEB Password is required for user 'test'" - exit - fi - VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD" - shift - if [ $# -eq 2 ];then - VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1" - fi - shift - ;; - init) - TAG="InitDemo" - shift - ;; - vescollector) - TAG="vescollector" - shift - ;; + case $key in + init_robot) + TAG="UpdateWebPage" + echo "WEB Site Password for user 'test': " + stty -echo + read WEB_PASSWORD + stty echo + if [ "$WEB_PASSWORD" = "" ]; then + echo "" + echo "WEB Password is required for user 'test'" + exit + fi + VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD" + shift + if [ $# -eq 2 ];then + VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1" + fi + shift + ;; + init) + TAG="InitDemo" + shift + ;; + vescollector) + TAG="vescollector" + shift + ;; distribute_vcpe) - TAG="distributeVCPE" - shift - ;; - init_customer) - TAG="InitCustomer" - shift - ;; - distribute) - TAG="InitDistribution" - shift - if [ $# -eq 1 ];then - VARIABLES="$VARIABLES -v DEMO_PREFIX:$1" - fi - shift - ;; - preload) - TAG="PreloadDemo" - shift - if [ $# -ne 2 ];then - echo "Usage: demo-k8s.sh preload " - exit - fi - VARIABLES="$VARIABLES -v VNF_NAME:$1" - shift - VARIABLES="$VARIABLES -v MODULE_NAME:$1" - shift - ;; - appc) - TAG="APPCMountPointDemo" - shift - if [ $# -ne 1 ];then - echo "Usage: demo-k8s.sh appc " - exit - fi - VARIABLES="$VARIABLES -v MODULE_NAME:$1" - shift - ;; - instantiateVFW) - TAG="instantiateVFW" - VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" - shift - ;; + TAG="distributeVCPE" + shift + ;; + init_customer) + TAG="InitCustomer" + shift + ;; + distribute) + TAG="InitDistribution" + shift + if [ $# -eq 1 ];then + VARIABLES="$VARIABLES -v DEMO_PREFIX:$1" + fi + shift + ;; + preload) + TAG="PreloadDemo" + shift + if [ $# -ne 2 ];then + echo "Usage: demo-k8s.sh preload " + exit + fi + VARIABLES="$VARIABLES -v VNF_NAME:$1" + shift + VARIABLES="$VARIABLES -v MODULE_NAME:$1" + shift + ;; + appc) + TAG="APPCMountPointDemo" + shift + if [ $# -ne 1 ];then + echo "Usage: demo-k8s.sh appc " + exit + fi + VARIABLES="$VARIABLES -v MODULE_NAME:$1" + shift + ;; + instantiateVFW) + TAG="instantiateVFW" + VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" + shift + ;; instantiateVFWdirectso) TAG="instantiateVFWdirectso" shift @@ -175,21 +175,21 @@ do VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" shift ;; - deleteVNF) - TAG="deleteVNF" - shift - if [ $# -ne 1 ];then - echo "Usage: demo-k8s.sh deleteVNF " - exit - fi - VARFILE=$1.py - VARIABLES="$VARIABLES -V /share/${VARFILE}" - shift - ;; - cds) - TAG="cds" - shift - ;; + deleteVNF) + TAG="deleteVNF" + shift + if [ $# -ne 1 ];then + echo "Usage: demo-k8s.sh deleteVNF " + exit + fi + VARFILE=$1.py + VARIABLES="$VARIABLES -V /share/${VARFILE}" + shift + ;; + cds) + TAG="cds" + shift + ;; distributeVFWNG) TAG="distributeVFWNG" shift @@ -208,10 +208,10 @@ do VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1" shift ;; - *) - usage - exit - esac + *) + usage + exit + esac done set -x diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh index 63e90cdec6..eb04e07fa1 100755 --- a/kubernetes/robot/scripts/etescript/hvves-etescript.sh +++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh @@ -24,46 +24,46 @@ HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:m generate_ca_key_cert () { - openssl genrsa -out $1/ca.key 2048 - openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap + openssl genrsa -out $1/ca.key 2048 + openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap } generate_server_key_csr () { - openssl genrsa -out $1/server.key 2048 - openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap + openssl genrsa -out $1/server.key 2048 + openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap } generate_client_key_csr () { - openssl genrsa -out $1/client.key 2048 - openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap + openssl genrsa -out $1/client.key 2048 + openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap } sign_server_and_client_cert () { - openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00 - openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00 + openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00 + openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00 } create_pkcs12_ca_and_server () { - openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass: - openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass: + openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass: + openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass: } copy_server_certs_to_hvves () { - for f in ca.p12 server.p12 - do - kubectl cp $1/$f $2/$3:$4 - done + for f in ca.p12 server.p12 + do + kubectl cp $1/$f $2/$3:$4 + done } copy_client_certs_to_robot () { - for f in ca.pem client.key client.pem - do + for f in ca.pem client.key client.pem + do kubectl cp $1/$f $2/$3:$4 done } cleanup () { - rm -f $1/ca.??? $1/server.??? s$1/client.??? + rm -f $1/ca.??? $1/server.??? s$1/client.??? } diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh index 1cd911ca60..bf51329431 100755 --- a/kubernetes/robot/scripts/etescript/security-etescript.sh +++ b/kubernetes/robot/scripts/etescript/security-etescript.sh @@ -25,29 +25,29 @@ TMPTPL='onap_security' CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))' FILTER="$(tr -d [:space:] <