bash/tools/common-functions.sh

   1 #   COPYRIGHT NOTICE STARTS HERE
   2 #
   3 #   Copyright 2018 © Samsung Electronics Co., Ltd.
   4 #
   5 #   Licensed under the Apache License, Version 2.0 (the "License");
   6 #   you may not use this file except in compliance with the License.
   7 #   You may obtain a copy of the License at
   8 #
   9 #       http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 #   Unless required by applicable law or agreed to in writing, software
  12 #   distributed under the License is distributed on an "AS IS" BASIS,
  13 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 #   See the License for the specific language governing permissions and
  15 #   limitations under the License.
  16 #
  17 #   COPYRIGHT NOTICE ENDS HERE
  18
  19 #
  20 # this file contains shared variables and functions for the onap installer
  21 #
  22
  23 # any script which needs this file can check this variable
  24 # and it will know immediately if the functions and variables
  25 # are loaded and usable
  26 IS_COMMON_FUNCTIONS_SOURCED=YES
  27
  28 # setting of the path variables
  29 if [ -z "$APROJECT_DIR" ] ; then
  30     INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}"
  31     APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..)
  32 fi
  33
  34 RESOURCES_DIR="$APROJECT_DIR/resources"
  35 BASH_SCRIPTS_DIR="$APROJECT_DIR/bash"
  36 NEXUS_DATA="$RESOURCES_DIR/nexus_data"
  37 CERTS_TARGET_PATH="$APROJECT_DIR/live/certs"
  38 NGINX_LOG_DIR="$APROJECT_DIR/live/nginx_logs"
  39 GEN_CFG_PATH="$APROJECT_DIR/live/cfg"
  40 GIT_REPOS="$RESOURCES_DIR/git-repo"
  41 NGINX_HTTP_DIR="$RESOURCES_DIR/http"
  42 RHEL_REPO="$RESOURCES_DIR/pkg/rhel"
  43
  44 PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
  45 export PATH
  46
  47 # just self-defense against locale
  48 LANG=C
  49 export LANG
  50
  51 # dns handling
  52 SIMUL_HOSTS="gcr.io \
  53 git.rancher.io \
  54 gerrit.onap.org \
  55 registry-1.docker.io \
  56 docker.io \
  57 registry.npmjs.org \
  58 nexus3.onap.org \
  59 nexus.onap.org \
  60 docker.elastic.co \
  61 www.getcloudify.org \
  62 www.springframework.org \
  63 registry.hub.docker.com \
  64 git.onap.org \
  65 repo1.maven.org \
  66 repo.maven.apache.org"
  67
  68 # default credentials to the repository
  69 NEXUS_USERNAME=admin
  70 NEXUS_PASSWORD=admin123
  71 NEXUS_EMAIL=admin@onap.org
  72
  73 # this function is intended to unify the installer output
  74 message() {
  75     case "$1" in
  76         info)
  77             echo 'INFO:' "$@"
  78             ;;
  79         debug)
  80             echo 'DEBUG:' "$@" >&2
  81             ;;
  82         warning)
  83             echo 'WARNING [!]:' "$@" >&2
  84             ;;
  85         error)
  86             echo 'ERROR [!!]:' "$@" >&2
  87             return 1
  88             ;;
  89         *)
  90             echo 'UNKNOWN [?!]:' "$@" >&2
  91             return 2
  92             ;;
  93     esac
  94     return 0
  95 }
  96 export message
  97
  98 # if the environment variable DEBUG is set to DEBUG-ONAP ->
  99 #  -> this function will print its arguments
 100 # otherwise nothing is done
 101 debug() {
 102     [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@"
 103 }
 104 export debug
 105
 106 fail() {
 107     message error "$@"
 108     exit 1
 109 }
 110
 111 retry() {
 112     local n=1
 113     local max=5
 114     while ! "$@"; do
 115         if [ $n -lt $max ]; then
 116             n=$((n + 1))
 117             message warning "Command ${@} failed. Attempt: $n/$max"
 118             message info "waiting 10s for another try..."
 119             sleep 10s
 120         else
 121             fail "Command ${@} failed after $n attempts. Better to abort now."
 122         fi
 123     done
 124 }
 125
 126 may_self_extract() {
 127     # extract and untar to the current directory
 128     sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ;
 129 }
 130
 131 update_hosts() {
 132     if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then
 133         message info "simulated domains already in /etc/hosts"
 134     else
 135         echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts
 136         message info "simulated domains added to /etc/hosts (please check it)"
 137     fi
 138
 139     if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then
 140         message info "nexus FQDN already in /etc/hosts"
 141     else
 142         echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts
 143         message info "Nexus FQDN added to /etc/hosts (please check it)"
 144     fi
 145
 146     if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then
 147         message info "custom repo FQDN already in /etc/hosts"
 148     else
 149         echo "$LOCAL_IP repo.install-server" >> /etc/hosts
 150         message info "Nexus FQDN added to /etc/hosts (please check it)"
 151     fi
 152 }
 153
 154 get_cfg_val() {
 155     name="$1"
 156     shift
 157     ask="$@"
 158
 159     value=$(eval "echo \$${name}")
 160     if [ -z "$value" ]; then
 161         while [ -z "$value" ] ; do
 162             printf "${ask}"
 163             read -r $name
 164
 165             value=$(eval "echo \$${name}")
 166         done
 167         echo "${name}='${value}'" >> ./local_repo.conf
 168     fi
 169 }
 170
 171 get_configuration() {
 172     if [ -f ./local_repo.conf ]; then
 173         . ./local_repo.conf
 174     fi
 175
 176     if [ -z "${NEXUS_FQDN}" ]; then
 177         NEXUS_FQDN="nexus.$HOSTNAME"
 178         echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf
 179     fi
 180
 181     if [ -z "${ONAP_SCALE}" ]; then
 182         ONAP_SCALE=full
 183         echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf
 184     fi
 185
 186     # nexus should be configured using those default entries
 187     # if it was not put the correct inputs instead
 188     if [ -z "${NPM_USERNAME}" ]; then
 189         NPM_USERNAME="${NEXUS_USERNAME}"
 190         echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf
 191     fi
 192
 193     if [ -z "${NPM_PASSWORD}" ]; then
 194         NPM_PASSWORD="${NEXUS_PASSWORD}"
 195         echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf
 196     fi
 197
 198     if [ -z "${NPM_EMAIL}" ]; then
 199         NPM_EMAIL="$NEXUS_EMAIL"
 200         echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf
 201     fi
 202
 203     export NEXUS_FQDN
 204     export ONAP_SCALE
 205     export NPM_USERNAME
 206     export NPM_PASSWORD
 207     export NPM_EMAIL
 208
 209     NODE_USERNAME="root"
 210
 211     if [ -z "$LOCAL_IP" ] ; then
 212         echo
 213         echo "======= Mandatory configuration ======="
 214         echo
 215         message info "fill in these mandatory configuration values"
 216         get_cfg_val "LOCAL_IP" "Enter the public IPv4 used for this '$HOSTNAME' install machine," \
 217             "\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): "
 218     fi
 219 }
 220
 221 enable_local_repo() {
 222     sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo
 223 }
 224
 225 install_packages() {
 226     os_id="$1"
 227
 228     message info "Installing packages"
 229
 230     case "$os_id" in
 231         centos)
 232             yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm"
 233             ;;
 234         rhel)
 235             enable_local_repo
 236             yum -y install docker-ce dnsmasq icewm firefox tigervnc-server
 237             systemctl enable docker
 238             systemctl start docker
 239             ;;
 240         ubuntu)
 241             dpkg -i "$APROJECT_DIR/resources/pkg/ubuntu/*.deb"
 242             ;;
 243         *)
 244             message error "OS release is not supported: $os_id"
 245             message info "ABORTING INSTALLATION"
 246             exit 1
 247             ;;
 248     esac
 249 }
 250
 251 install_files() {
 252     message info "installation of external binaries"
 253     for binary in kubectl helm rancher jq ; do
 254         cp "$APROJECT_DIR/resources/downloads/${binary}" /usr/local/bin/
 255         chmod 755 "/usr/local/bin/${binary}"
 256     done
 257     mkdir -p ~/.kube
 258 }
 259
 260 setup_vnc_server() {
 261     mkdir -p ~/.vnc ~/.icewm
 262     echo "onap" | vncpasswd -f > ~/.vnc/passwd
 263     chmod 0600 ~/.vnc/passwd
 264
 265     cat > ~/.vnc/xstartup <<EOF
 266 #!/bin/sh
 267
 268 unset SESSION_MANAGER
 269 unset DBUS_SESSION_BUS_ADDRESS
 270 exec icewm-session
 271
 272 EOF
 273
 274 chmod +x ~/.vnc/xstartup
 275
 276     cat > ~/.icewm/menu <<EOF
 277 prog Firefox firefox firefox
 278 separator
 279
 280 EOF
 281 vncserver
 282 }
 283
 284 update_docker_cfg() {
 285     if [ -f "/etc/docker/daemon.json" ]; then
 286         jq '.dns += ["172.17.0.1"]' /etc/docker/daemon.json > /tmp/daemon.json
 287         mv /tmp/daemon.json /etc/docker/daemon.json
 288     else
 289         echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json
 290     fi
 291 }
 292
 293 create_root_CA() {
 294     echo "** Generate certificates **"
 295     openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096
 296
 297     echo "** Generate self signed ***"
 298     openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \
 299                   -out $CERTS_TARGET_PATH/rootCAcert.pem
 300
 301
 302     # convert to crt
 303     openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt
 304 }
 305
 306 install_root_CA() {
 307     os=$1
 308     echo "** Publishing root CA **"
 309     if [ "$os" == "redhat" ]; then
 310         # for centos
 311         update-ca-trust force-enable
 312         cp $CERTS_TARGET_PATH/rootCAcert.crt /etc/pki/ca-trust/source/anchors/
 313         update-ca-trust extract
 314     elif [ "$os" == "ubuntu" ]; then
 315         mkdir -p /usr/local/share/ca-certificates/extra
 316         cp $CERTS_TARGET_PATH/rootCAcert.crt /usr/local/share/ca-certificates/extra
 317         update-ca-certificates
 318     else
 319         echo "OS \"$os\" is not supported"
 320         exit -2
 321     fi
 322
 323     echo "** Restart docker (because of reload new CA) **"
 324     systemctl restart docker
 325
 326 }
 327
 328 create_cert() {
 329     server_name=$1
 330
 331     openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096
 332     echo "** Generate sig request ***"
 333     openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr
 334
 335     # v3.ext must be in separate file , because of bug in openssl 1.0
 336     echo "** sign **"
 337     openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\
 338     -extfile $GEN_CFG_PATH/v3.ext\
 339     -CA $CERTS_TARGET_PATH/rootCAcert.crt\
 340     -CAkey $CERTS_TARGET_PATH/rootCA.key\
 341     -CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256
 342 }
 343
 344 create_all_certs() {
 345     create_cert "nexus"
 346 }
 347
 348 # disable firewall (firewalld on rhel) and cleanup the iptables
 349 # args: [<distro>] [<ip>]
 350 # if no distro arg then run locally and only cleanup iptables
 351 # if no ip arg then run locally
 352 disable_firewall() {
 353     _distro="$1"
 354     _node_ip="$2"
 355
 356     case "$_distro" in
 357         rhel)
 358             message info "Disable firewalld"
 359             message warning "Please, if you have some other firewall service - disable it or configure it for this installation to work !"
 360             if [ -n "$_node_ip" ] ; then
 361                 ssh -T "$_node_ip"
 362             else
 363                 sh
 364             fi <<EOF
 365 if rpm -ql firewalld ; then
 366     systemctl stop firewalld && systemctl disable firewalld
 367     exit \$?
 368 else
 369     exit 0
 370 fi 2>&1 >/dev/null
 371 EOF
 372             ;;
 373         *)
 374             message warning "This system is not fully supported!"
 375             message warning "The installation can stop working after the reboot - BE WARNED"
 376             message warning "Please, if you have some firewall service - disable it or configure it for this installation to work !"
 377             ;;
 378     esac
 379
 380     message info "Cleanup iptables"
 381     if [ -n "$_node_ip" ] ; then
 382         ssh -T "$_node_ip"
 383     else
 384         sh
 385     fi <<EOF
 386 iptables -P INPUT ACCEPT && \
 387 iptables -P OUTPUT ACCEPT && \
 388 iptables -P FORWARD ACCEPT && \
 389 iptables -F
 390 EOF
 391
 392     return 0
 393 }
 394
 395 distribute_root_CA() {
 396     targetip=$1
 397     scp $APROJECT_DIR/install_cacert.sh $targetip:.
 398     ssh $targetip ./install_cacert.sh
 399     echo "** Add DNS record to remote host **"
 400     ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf"
 401 }
 402
 403 upload_ansible_pkgs() {
 404     os=$1
 405     targetip=$2
 406     #if [[ $os == "ubuntu" ]]; then
 407     # those deb & whl packages are needed for sdnc-ansible-server pod
 408     # independently on host OS distros
 409     echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **"
 410     scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:.
 411     #fi
 412 }
 413
 414 remote_setup_nfs_server() {
 415     os=$1
 416     targetip=$2
 417     shift 2
 418     scp $APROJECT_DIR/bash/tools/setup_nfs_server_${os}.sh $targetip:setup_nfs_server.sh
 419     if [[ $os == "ubuntu" ]]; then
 420         scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
 421         ssh $targetip dpkg -i *.deb
 422     fi
 423
 424     ssh $targetip /bin/bash ./setup_nfs_server.sh "$@"
 425 }
 426
 427 remote_setup_nfs_mount() {
 428     os=$1
 429     targetip=$2
 430     nfsip=$3
 431     scp $APROJECT_DIR/bash/tools/setup_nfs_mount.sh $targetip:.
 432     if [[ $os == "ubuntu" ]]; then
 433         scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
 434         ssh $targetip dpkg -i *.deb
 435     fi
 436     ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip
 437 }
 438
 439 enable_remote_repo() {
 440     targetip=$1
 441     sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo'
 442 }
 443
 444 install_remote_docker() {
 445     targetip=$1
 446     os=$2
 447     if [[ $os == "ubuntu" ]]; then
 448         scp -r $APROJECT_DIR/resources/pkg/ubuntu/{docker-ce_17.03.2~ce-0~ubuntu-xenial_amd64.deb,libltdl7_2.4.6-0.1_amd64.deb} $targetip:.
 449         ssh $targetip dpkg -i *.deb
 450     elif [[ $os == "rhel" ]]; then
 451         ssh $targetip yum -y install docker-ce
 452     fi
 453     ssh $targetip "mkdir -p /etc/docker"
 454     scp "$APROJECT_DIR/resources/downloads/jq" $targetip:/usr/local/bin/
 455     ssh $targetip "if [[ -f /etc/docker/daemon.json ]]; then
 456                        jq '.dns += [\"$LOCAL_IP\"]' /etc/docker/daemon.json > /tmp/daemon.json
 457                        mv /tmp/daemon.json /etc/docker/daemon.json
 458                    else
 459                        echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json
 460                    fi"
 461
 462     ssh $targetip 'systemctl enable docker; systemctl restart docker'
 463 }
 464
 465 deploy_rancher() {
 466     docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \
 467     -v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \
 468     --name rancher_server rancher/server:v1.6.14 \
 469     -c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service"
 470     echo "** wait until rancher is ready **"
 471 }
 472
 473 deploy_kubernetes() {
 474     os=$1
 475     set +e
 476     for i in `seq 5 -1 1`; do
 477         API_RESPONSE=`curl -s 'http://127.0.0.1:8080/v2-beta/apikey' \
 478             -d '{"type":"apikey","accountId":"1a1","name":"autoinstall"\
 479                  ,"description":"autoinstall","created":null,"kind":null,\
 480                  "removeTime":null,"removed":null,"uuid":null}'`
 481         if [[ "$?" -eq 0 ]]; then
 482             KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue`
 483             KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue`
 484             break
 485         fi
 486         echo "Waiting for rancher server to start"
 487         sleep 60
 488     done
 489     set -e
 490     export RANCHER_URL=http://${LOCAL_IP}:8080
 491     export RANCHER_ACCESS_KEY=$KEY_PUBLIC
 492     export RANCHER_SECRET_KEY=$KEY_SECRET
 493
 494     rancher env ls
 495     echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
 496     sleep 60
 497
 498     rancher env create -t kubernetes onap > kube_env_id.json
 499     PROJECT_ID=$(<kube_env_id.json)
 500     echo "env id: $PROJECT_ID"
 501     export RANCHER_HOST_URL=http://${LOCAL_IP}:8080/v1/projects/$PROJECT_ID
 502
 503     for i in `seq 5`; do
 504         status=$(rancher env ls | grep $PROJECT_ID | awk '{print $4}')
 505         if [[ "$status" == "active" ]]; then
 506             echo "Check on environments again before registering the URL response"
 507             rancher env ls
 508             break
 509         fi
 510         echo "Wait for environment to become active"
 511         sleep 30
 512     done
 513
 514     REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$LOCAL_IP"}' "http://$LOCAL_IP:8080/v1/projects/$PROJECT_ID/registrationtokens"`
 515     echo "wait for server to finish url configuration - 3 min"
 516     sleep 180
 517     # see registrationUrl in
 518     REGISTRATION_TOKENS=`curl http://127.0.0.1:8080/v2-beta/registrationtokens`
 519     REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image`
 520     REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
 521
 522     # base64 encode the kubectl token from the auth pair
 523     # generate this after the host is registered
 524     KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
 525     echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}"
 526     cat > ~/.kube/config <<EOF
 527 apiVersion: v1
 528 kind: Config
 529 clusters:
 530 - cluster:
 531     api-version: v1
 532     insecure-skip-tls-verify: true
 533     server: "https://$LOCAL_IP:8080/r/projects/$PROJECT_ID/kubernetes:6443"
 534   name: "onap"
 535 contexts:
 536 - context:
 537     cluster: "onap"
 538     user: "onap"
 539   name: "onap"
 540 current-context: "onap"
 541 users:
 542 - name: "onap"
 543   user:
 544     token: "$KUBECTL_TOKEN"
 545
 546 EOF
 547
 548     if [[ $os == "rhel" ]]; then
 549         echo "Upgrade datavolume for RHEL"
 550         KUBELET_ID=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/ | jq -r '.data[] | select(.name=="kubelet")'.id`
 551         OLD_LAUNCH_CONFIG=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID} | jq  '.launchConfig'`
 552         NEW_LAUNCH_CONFIG=`echo $OLD_LAUNCH_CONFIG | jq '.dataVolumes[2]="/sys/fs/cgroup:/sys/fs/cgroup:ro,rprivate"'`
 553
 554         DATA="{
 555                 \"inServiceStrategy\": {
 556                   \"batchSize\": 1,
 557                   \"intervalMillis\": 2000,
 558                   \"startFirst\": false,
 559                   \"launchConfig\": ${NEW_LAUNCH_CONFIG},
 560                   \"secondaryLaunchConfigs\": []
 561                 }
 562         }"
 563         curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST -H 'Content-Type: application/json' -d "${DATA}" "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=upgrade" > /dev/null
 564
 565         echo "Give environment time to update (30 sec)"
 566         sleep 30
 567
 568         curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null
 569     fi
 570 }
 571
 572 deploy_rancher_agent() {
 573     nodeip=$1
 574     if [ -z "$REGISTRATION_DOCKER" ]; then
 575         echo "ASSERT: Missing REGISTRATION_DOCKER"
 576         exit 1
 577     fi
 578     if [ -z "$RANCHER_URL" ]; then
 579         echo "ASSERT: Missing RANCHER_URL"
 580         exit 1
 581     fi
 582     if [ -z "$REGISTRATION_TOKEN" ]; then
 583         echo "ASSERT: Missing REGISTRATION_TOKEN"
 584         exit 1
 585     fi
 586
 587     ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
 588     echo "waiting 2 min for creating kubernetes environment"
 589     sleep 120
 590 }
 591
 592 deploy_node() {
 593     nodeip=$1
 594     os=$2
 595     echo "Deploying node $nodeip"
 596     disable_firewall $os $nodeip
 597     distribute_root_CA $nodeip
 598     install_remote_docker $nodeip $os
 599     deploy_rancher_agent $nodeip
 600 }
 601
 602 deploy_onap() {
 603     pushd $APROJECT_DIR/resources/oom/kubernetes
 604     helm init --upgrade --skip-refresh
 605     # this might fail
 606     set +e
 607     helm repo remove stable
 608     set -e
 609     helm serve &
 610     echo "wait a moment before helm will come up ..."
 611     sleep 5
 612     helm repo add local http://127.0.0.1:8879
 613     make all
 614     #Pass the CA certificate contents directly during installation.
 615     helm install local/onap -n dev --namespace onap \
 616       --set "global.cacert=$(cat ${CERTS_TARGET_PATH}/rootCAcert.crt)"
 617     popd
 618 }
 619
 620 expand_file() {
 621     file=$1
 622     # print warning if patched file does not exist as some charts
 623     # might not be available for some deployments
 624     if [ ! -f "$file" ]; then
 625       echo "WARNING: Can't patch file $file because this file does not exists."
 626       return 0
 627     fi
 628
 629     shift
 630
 631     for ivar in "$@" ; do
 632         ivalue=$(eval 'echo "$'${ivar}'"')
 633         sed -i "s#${ivar}#${ivalue}#g" "$file"
 634     done
 635 }
 636
 637 patch_npm_oom() {
 638     if [ -z "$LOCAL_IP" ] ; then
 639         echo "ERROR: LOCAL_IP unset"
 640         return 1
 641     fi
 642     if [ -z "$NEXUS_FQDN" ] ; then
 643         echo "ERROR: NEXUS_FQDN unset"
 644         return 1
 645     fi
 646
 647     UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN"
 648     UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\""
 649
 650     expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \
 651         UPDATE_HOSTS_FILE \
 652         UPDATE_NPM_REGISTRY
 653     expand_file $APROJECT_DIR/resources/oom/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml \
 654         UPDATE_HOSTS_FILE \
 655         UPDATE_NPM_REGISTRY
 656 }
 657
 658 patch_spring_oom() {
 659     if [ -z "$LOCAL_IP" ] ; then
 660         echo "ERROR: LOCAL_IP unset"
 661         return 1
 662     fi
 663
 664     UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org"
 665     expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \
 666         UPDATE_HOSTS_FILE
 667 }
 668
 669 patch_cfy_manager_depl() {
 670     os="$1"
 671     file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml"
 672
 673     case "$os" in
 674         centos|rhel)
 675             CERT_PATH="/etc/pki/ca-trust/source/anchors"
 676             ;;
 677         ubuntu)
 678             CERT_PATH="/usr/local/share/ca-certificates/extra"
 679             ;;
 680         '')
 681             echo "ERROR: missing argument"
 682             return 1
 683             ;;
 684         *)
 685             echo "ERROR: unknown OS: ${os}"
 686             return 1
 687             ;;
 688     esac
 689
 690     expand_file "$file" CERT_PATH
 691 }
 692
 693 copy_onap_values_file() {
 694     cp "${APROJECT_DIR}/${CUSTOM_CFG_RELPATH:-cfg}/${ONAP_SCALE}_depl_values.yaml" \
 695         "${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml"
 696 }