1 # COPYRIGHT NOTICE STARTS HERE
3 # Copyright 2018 © Samsung Electronics Co., Ltd.
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # COPYRIGHT NOTICE ENDS HERE
20 # this file contains shared variables and functions for the onap installer
23 # any script which needs this file can check this variable
24 # and it will know immediately if the functions and variables
25 # are loaded and usable
26 IS_COMMON_FUNCTIONS_SOURCED=YES
28 # setting of the path variables
29 if [ -z "$APROJECT_DIR" ] ; then
30 INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}"
31 APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..)
34 RESOURCES_DIR="$APROJECT_DIR/resources"
35 BASH_SCRIPTS_DIR="$APROJECT_DIR/bash"
36 NEXUS_DATA="$RESOURCES_DIR/nexus_data"
37 CERTS_TARGET_PATH="$APROJECT_DIR/live/certs"
38 NGINX_LOG_DIR="$APROJECT_DIR/live/nginx_logs"
39 GEN_CFG_PATH="$APROJECT_DIR/live/cfg"
40 GIT_REPOS="$RESOURCES_DIR/git-repo"
41 NGINX_HTTP_DIR="$RESOURCES_DIR/http"
42 RHEL_REPO="$RESOURCES_DIR/pkg/rhel"
44 PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
47 # just self-defense against locale
55 registry-1.docker.io \
62 www.springframework.org \
63 registry.hub.docker.com \
66 repo.maven.apache.org"
68 # default credentials to the repository
70 NEXUS_PASSWORD=admin123
71 NEXUS_EMAIL=admin@onap.org
73 # this function is intended to unify the installer output
80 echo 'DEBUG:' "$@" >&2
83 echo 'WARNING [!]:' "$@" >&2
86 echo 'ERROR [!!]:' "$@" >&2
90 echo 'UNKNOWN [?!]:' "$@" >&2
98 # if the environment variable DEBUG is set to DEBUG-ONAP ->
99 # -> this function will print its arguments
100 # otherwise nothing is done
102 [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@"
115 if [ $n -lt $max ]; then
117 message warning "Command ${@} failed. Attempt: $n/$max"
118 message info "waiting 10s for another try..."
121 fail "Command ${@} failed after $n attempts. Better to abort now."
127 # extract and untar to the current directory
128 sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ;
132 if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then
133 message info "simulated domains already in /etc/hosts"
135 echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts
136 message info "simulated domains added to /etc/hosts (please check it)"
139 if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then
140 message info "nexus FQDN already in /etc/hosts"
142 echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts
143 message info "Nexus FQDN added to /etc/hosts (please check it)"
146 if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then
147 message info "custom repo FQDN already in /etc/hosts"
149 echo "$LOCAL_IP repo.install-server" >> /etc/hosts
150 message info "Nexus FQDN added to /etc/hosts (please check it)"
159 value=$(eval "echo \$${name}")
160 if [ -z "$value" ]; then
161 while [ -z "$value" ] ; do
165 value=$(eval "echo \$${name}")
167 echo "${name}='${value}'" >> ./local_repo.conf
171 get_configuration() {
172 if [ -f ./local_repo.conf ]; then
176 if [ -z "${NEXUS_FQDN}" ]; then
177 NEXUS_FQDN="nexus.$HOSTNAME"
178 echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf
181 if [ -z "${ONAP_SCALE}" ]; then
183 echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf
186 # nexus should be configured using those default entries
187 # if it was not put the correct inputs instead
188 if [ -z "${NPM_USERNAME}" ]; then
189 NPM_USERNAME="${NEXUS_USERNAME}"
190 echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf
193 if [ -z "${NPM_PASSWORD}" ]; then
194 NPM_PASSWORD="${NEXUS_PASSWORD}"
195 echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf
198 if [ -z "${NPM_EMAIL}" ]; then
199 NPM_EMAIL="$NEXUS_EMAIL"
200 echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf
211 if [ -z "$LOCAL_IP" ] ; then
213 echo "======= Mandatory configuration ======="
215 message info "fill in these mandatory configuration values"
216 get_cfg_val "LOCAL_IP" "Enter the public IPv4 used for this '$HOSTNAME' install machine," \
217 "\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): "
221 enable_local_repo() {
222 sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo
228 message info "Installing packages"
232 yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm"
236 yum -y install docker-ce dnsmasq icewm firefox tigervnc-server
237 systemctl enable docker
238 systemctl start docker
241 dpkg -i "$APROJECT_DIR/resources/pkg/ubuntu/*.deb"
244 message error "OS release is not supported: $os_id"
245 message info "ABORTING INSTALLATION"
252 message info "installation of external binaries"
253 for binary in kubectl helm rancher jq ; do
254 cp "$APROJECT_DIR/resources/downloads/${binary}" /usr/local/bin/
255 chmod 755 "/usr/local/bin/${binary}"
261 mkdir -p ~/.vnc ~/.icewm
262 echo "onap" | vncpasswd -f > ~/.vnc/passwd
263 chmod 0600 ~/.vnc/passwd
265 cat > ~/.vnc/xstartup <<EOF
268 unset SESSION_MANAGER
269 unset DBUS_SESSION_BUS_ADDRESS
274 chmod +x ~/.vnc/xstartup
276 cat > ~/.icewm/menu <<EOF
277 prog Firefox firefox firefox
284 update_docker_cfg() {
285 if [ -f "/etc/docker/daemon.json" ]; then
286 jq '.dns += ["172.17.0.1"]' /etc/docker/daemon.json > /tmp/daemon.json
287 mv /tmp/daemon.json /etc/docker/daemon.json
289 echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json
294 echo "** Generate certificates **"
295 openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096
297 echo "** Generate self signed ***"
298 openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \
299 -out $CERTS_TARGET_PATH/rootCAcert.pem
303 openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt
308 echo "** Publishing root CA **"
309 if [ "$os" == "redhat" ]; then
311 update-ca-trust force-enable
312 cp $CERTS_TARGET_PATH/rootCAcert.crt /etc/pki/ca-trust/source/anchors/
313 update-ca-trust extract
314 elif [ "$os" == "ubuntu" ]; then
315 mkdir -p /usr/local/share/ca-certificates/extra
316 cp $CERTS_TARGET_PATH/rootCAcert.crt /usr/local/share/ca-certificates/extra
317 update-ca-certificates
319 echo "OS \"$os\" is not supported"
323 echo "** Restart docker (because of reload new CA) **"
324 systemctl restart docker
331 openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096
332 echo "** Generate sig request ***"
333 openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr
335 # v3.ext must be in separate file , because of bug in openssl 1.0
337 openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\
338 -extfile $GEN_CFG_PATH/v3.ext\
339 -CA $CERTS_TARGET_PATH/rootCAcert.crt\
340 -CAkey $CERTS_TARGET_PATH/rootCA.key\
341 -CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256
348 # disable firewall (firewalld on rhel) and cleanup the iptables
349 # args: [<distro>] [<ip>]
350 # if no distro arg then run locally and only cleanup iptables
351 # if no ip arg then run locally
358 message info "Disable firewalld"
359 message warning "Please, if you have some other firewall service - disable it or configure it for this installation to work !"
360 if [ -n "$_node_ip" ] ; then
365 if rpm -ql firewalld ; then
366 systemctl stop firewalld && systemctl disable firewalld
374 message warning "This system is not fully supported!"
375 message warning "The installation can stop working after the reboot - BE WARNED"
376 message warning "Please, if you have some firewall service - disable it or configure it for this installation to work !"
380 message info "Cleanup iptables"
381 if [ -n "$_node_ip" ] ; then
386 iptables -P INPUT ACCEPT && \
387 iptables -P OUTPUT ACCEPT && \
388 iptables -P FORWARD ACCEPT && \
395 distribute_root_CA() {
397 scp $APROJECT_DIR/install_cacert.sh $targetip:.
398 ssh $targetip ./install_cacert.sh
399 echo "** Add DNS record to remote host **"
400 ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf"
403 upload_ansible_pkgs() {
406 #if [[ $os == "ubuntu" ]]; then
407 # those deb & whl packages are needed for sdnc-ansible-server pod
408 # independently on host OS distros
409 echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **"
410 scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:.
414 remote_setup_nfs_server() {
418 scp $APROJECT_DIR/bash/tools/setup_nfs_server_${os}.sh $targetip:setup_nfs_server.sh
419 if [[ $os == "ubuntu" ]]; then
420 scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
421 ssh $targetip dpkg -i *.deb
424 ssh $targetip /bin/bash ./setup_nfs_server.sh "$@"
427 remote_setup_nfs_mount() {
431 scp $APROJECT_DIR/bash/tools/setup_nfs_mount.sh $targetip:.
432 if [[ $os == "ubuntu" ]]; then
433 scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
434 ssh $targetip dpkg -i *.deb
436 ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip
439 enable_remote_repo() {
441 sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo'
444 install_remote_docker() {
447 if [[ $os == "ubuntu" ]]; then
448 scp -r $APROJECT_DIR/resources/pkg/ubuntu/{docker-ce_17.03.2~ce-0~ubuntu-xenial_amd64.deb,libltdl7_2.4.6-0.1_amd64.deb} $targetip:.
449 ssh $targetip dpkg -i *.deb
450 elif [[ $os == "rhel" ]]; then
451 ssh $targetip yum -y install docker-ce
453 ssh $targetip "mkdir -p /etc/docker"
454 scp "$APROJECT_DIR/resources/downloads/jq" $targetip:/usr/local/bin/
455 ssh $targetip "if [[ -f /etc/docker/daemon.json ]]; then
456 jq '.dns += [\"$LOCAL_IP\"]' /etc/docker/daemon.json > /tmp/daemon.json
457 mv /tmp/daemon.json /etc/docker/daemon.json
459 echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json
462 ssh $targetip 'systemctl enable docker; systemctl restart docker'
466 docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \
467 -v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \
468 --name rancher_server rancher/server:v1.6.14 \
469 -c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service"
470 echo "** wait until rancher is ready **"
473 deploy_kubernetes() {
476 for i in `seq 5 -1 1`; do
477 API_RESPONSE=`curl -s 'http://127.0.0.1:8080/v2-beta/apikey' \
478 -d '{"type":"apikey","accountId":"1a1","name":"autoinstall"\
479 ,"description":"autoinstall","created":null,"kind":null,\
480 "removeTime":null,"removed":null,"uuid":null}'`
481 if [[ "$?" -eq 0 ]]; then
482 KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue`
483 KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue`
486 echo "Waiting for rancher server to start"
490 export RANCHER_URL=http://${LOCAL_IP}:8080
491 export RANCHER_ACCESS_KEY=$KEY_PUBLIC
492 export RANCHER_SECRET_KEY=$KEY_SECRET
495 echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
498 rancher env create -t kubernetes onap > kube_env_id.json
499 PROJECT_ID=$(<kube_env_id.json)
500 echo "env id: $PROJECT_ID"
501 export RANCHER_HOST_URL=http://${LOCAL_IP}:8080/v1/projects/$PROJECT_ID
504 status=$(rancher env ls | grep $PROJECT_ID | awk '{print $4}')
505 if [[ "$status" == "active" ]]; then
506 echo "Check on environments again before registering the URL response"
510 echo "Wait for environment to become active"
514 REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$LOCAL_IP"}' "http://$LOCAL_IP:8080/v1/projects/$PROJECT_ID/registrationtokens"`
515 echo "wait for server to finish url configuration - 3 min"
517 # see registrationUrl in
518 REGISTRATION_TOKENS=`curl http://127.0.0.1:8080/v2-beta/registrationtokens`
519 REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image`
520 REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
522 # base64 encode the kubectl token from the auth pair
523 # generate this after the host is registered
524 KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
525 echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}"
526 cat > ~/.kube/config <<EOF
532 insecure-skip-tls-verify: true
533 server: "https://$LOCAL_IP:8080/r/projects/$PROJECT_ID/kubernetes:6443"
540 current-context: "onap"
544 token: "$KUBECTL_TOKEN"
548 if [[ $os == "rhel" ]]; then
549 echo "Upgrade datavolume for RHEL"
550 KUBELET_ID=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/ | jq -r '.data[] | select(.name=="kubelet")'.id`
551 OLD_LAUNCH_CONFIG=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID} | jq '.launchConfig'`
552 NEW_LAUNCH_CONFIG=`echo $OLD_LAUNCH_CONFIG | jq '.dataVolumes[2]="/sys/fs/cgroup:/sys/fs/cgroup:ro,rprivate"'`
555 \"inServiceStrategy\": {
557 \"intervalMillis\": 2000,
558 \"startFirst\": false,
559 \"launchConfig\": ${NEW_LAUNCH_CONFIG},
560 \"secondaryLaunchConfigs\": []
563 curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST -H 'Content-Type: application/json' -d "${DATA}" "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=upgrade" > /dev/null
565 echo "Give environment time to update (30 sec)"
568 curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null
572 deploy_rancher_agent() {
574 if [ -z "$REGISTRATION_DOCKER" ]; then
575 echo "ASSERT: Missing REGISTRATION_DOCKER"
578 if [ -z "$RANCHER_URL" ]; then
579 echo "ASSERT: Missing RANCHER_URL"
582 if [ -z "$REGISTRATION_TOKEN" ]; then
583 echo "ASSERT: Missing REGISTRATION_TOKEN"
587 ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
588 echo "waiting 2 min for creating kubernetes environment"
595 echo "Deploying node $nodeip"
596 disable_firewall $os $nodeip
597 distribute_root_CA $nodeip
598 install_remote_docker $nodeip $os
599 deploy_rancher_agent $nodeip
603 pushd $APROJECT_DIR/resources/oom/kubernetes
604 helm init --upgrade --skip-refresh
607 helm repo remove stable
610 echo "wait a moment before helm will come up ..."
612 helm repo add local http://127.0.0.1:8879
614 #Pass the CA certificate contents directly during installation.
615 helm install local/onap -n dev --namespace onap \
616 --set "global.cacert=$(cat ${CERTS_TARGET_PATH}/rootCAcert.crt)"
622 # print warning if patched file does not exist as some charts
623 # might not be available for some deployments
624 if [ ! -f "$file" ]; then
625 echo "WARNING: Can't patch file $file because this file does not exists."
631 for ivar in "$@" ; do
632 ivalue=$(eval 'echo "$'${ivar}'"')
633 sed -i "s#${ivar}#${ivalue}#g" "$file"
638 if [ -z "$LOCAL_IP" ] ; then
639 echo "ERROR: LOCAL_IP unset"
642 if [ -z "$NEXUS_FQDN" ] ; then
643 echo "ERROR: NEXUS_FQDN unset"
647 UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN"
648 UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\""
650 expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \
653 expand_file $APROJECT_DIR/resources/oom/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml \
659 if [ -z "$LOCAL_IP" ] ; then
660 echo "ERROR: LOCAL_IP unset"
664 UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org"
665 expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \
669 patch_cfy_manager_depl() {
671 file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml"
675 CERT_PATH="/etc/pki/ca-trust/source/anchors"
678 CERT_PATH="/usr/local/share/ca-certificates/extra"
681 echo "ERROR: missing argument"
685 echo "ERROR: unknown OS: ${os}"
690 expand_file "$file" CERT_PATH
693 copy_onap_values_file() {
694 cp "${APROJECT_DIR}/${CUSTOM_CFG_RELPATH:-cfg}/${ONAP_SCALE}_depl_values.yaml" \
695 "${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml"