From fccfb7f10a74d6e8961b3f1550321b77ee073fbc Mon Sep 17 00:00:00 2001
From: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
Date: Thu, 3 Dec 2020 05:51:10 +0100
Subject: [PATCH] Stop SDNC on problem in certificate provisioning

Stop SDNC on problem in certificate provisioning

Issue-ID: SDNC-1418
Change-Id: I4c946cac7702a6812f600515634cfe361df7c155
Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>

Former-commit-id: 9f517f4b1ac0e32d322a964d7f87296b3540545e
---
 installation/sdnc/src/main/scripts/installCerts.py | 42 ++++++++++++++++++----
 .../sdnc/src/main/scripts/monitorCertsInstall.sh   | 35 ++++++++++++++++++
 installation/sdnc/src/main/scripts/startODL.sh     |  2 ++
 3 files changed, 72 insertions(+), 7 deletions(-)
 create mode 100755 installation/sdnc/src/main/scripts/monitorCertsInstall.sh

diff --git a/installation/sdnc/src/main/scripts/installCerts.py b/installation/sdnc/src/main/scripts/installCerts.py
index d3072847..6ca3bbc9 100644
--- a/installation/sdnc/src/main/scripts/installCerts.py
+++ b/installation/sdnc/src/main/scripts/installCerts.py
@@ -22,6 +22,7 @@
 
 # coding=utf-8
 import os
+import sys
 import re
 import http.client
 import base64
@@ -158,17 +159,23 @@ def makeRestconfPost(conn, json_file, apiCall):
     req = conn.request("POST", apiCall, json_file, headers=headers)
     res = conn.getresponse()
     res.read()
-    if res.status != 200:
+    if res.status != 200 and res.status != 204:
         logging.error("Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason))
+        writeCertInstallStatus("NOTOK")
     else:
         logging.debug("Response :%s Reason :%s ",res.status, res.reason)
 
 def extractZipFiles(zipFileList, count):
     for zipFolder in zipFileList:
-        with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
-            zip_ref.extractall(Path)
-        folder = zipFolder.rsplit(".")[0]
-        processFiles(folder, count)
+        try:
+                with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
+                    zip_ref.extractall(Path)
+                folder = zipFolder.rsplit(".")[0]
+                processFiles(folder, count)
+        except Exception as e:
+                logging.error("Error while extracting zip file(s). Exiting Certificate Installation.")
+                logging.info("Error details : %s" % e)
+                writeCertInstallStatus("NOTOK")
 
 def processFiles(folder, count):
     logging.info('Process folder: %d %s', count, folder)
@@ -182,6 +189,7 @@ def processFiles(folder, count):
                 clientCrt = readFile(folder, file.strip())
         else:
             logging.error("Could not find file %s" % file.strip())
+            writeCertInstallStatus("NOTOK")
     shutil.rmtree(Path + "/" + folder)
     post_content(clientKey, clientCrt, certList, count)
 
@@ -227,6 +235,7 @@ def makeHealthcheckCall(headers, timePassed):
 
     if timePassed > TIMEOUT:
         logging.error("TIME OUT: Healthcheck not passed in  %d seconds... Could cause problems for testing activities..." %TIMEOUT)
+        writeCertInstallStatus("NOTOK")
 
     return connected
 
@@ -244,7 +253,7 @@ def get_pass(file_name):
         return "'{}'".format(password)
     except Exception as e:
         logging.error("Error occurred while fetching password : %s", e)
-        exit()
+        writeCertInstallStatus("NOTOK")
 
 def cleanup():
     for file in os.listdir(Path):
@@ -268,6 +277,7 @@ def jks_to_p12(file, password):
              return file
     except Exception as e:
         logging.error("Error occurred while converting jks to p12 format : %s", e)
+        writeCertInstallStatus("NOTOK")
 
 
 def make_cert_chain(cert_chain, pattern):
@@ -323,8 +333,10 @@ def process_jks_files(count):
             logging.debug("No JKS files found in %s directory" % Path)
     except subprocess.CalledProcessError as err:
         print("CalledProcessError Execution of OpenSSL command failed: %s" % err)
+        writeCertInstallStatus("NOTOK")
     except Exception as e:
         logging.error("UnExpected Error while processing JKS files at {0}, Caused by: {1}".format(Path, e))
+        writeCertInstallStatus("NOTOK")
 
 def replaceAdminPassword(username, password, newpassword):
     if newpassword is None:
@@ -346,6 +358,7 @@ def replaceAdminPassword(username, password, newpassword):
                 logging.debug("Password change was not possible. Problem code was: %d", httpStatus)
         except:
             logging.error("Cannot execute REST call to set password.")
+            writeCertInstallStatus("NOTOK")
 
 
 def readCertProperties():
@@ -373,7 +386,22 @@ def readCertProperties():
             logging.debug("No certs.properties/zip files exist at: " + Path)
             logging.info("Processing any  available jks/p12 files under cert directory")
             process_jks_files(count)
-
+    else:
+        logging.info('Connected status: %s', connected)
+        logging.info('Stopping SDNR due to inability to install certificates')
+        writeCertInstallStatus("NOTOK")
+        
+def writeCertInstallStatus(installStatus):
+    if installStatus == "NOTOK":
+        with open(os.path.join(log_directory, 'INSTALLCERTSFAIL'), 'w') as fp:
+            pass
+            sys.exit(1)
+    elif installStatus == "OK":
+        with open(os.path.join(log_directory, 'INSTALLCERTSPASS'), 'w') as fp:
+            pass
+            sys.exit(0)
 
 readCertProperties()
 logging.info('Cert installation ending')
+writeCertInstallStatus("OK")
+
diff --git a/installation/sdnc/src/main/scripts/monitorCertsInstall.sh b/installation/sdnc/src/main/scripts/monitorCertsInstall.sh
new file mode 100755
index 00000000..a90b0f25
--- /dev/null
+++ b/installation/sdnc/src/main/scripts/monitorCertsInstall.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+OKFILE=${ODL_HOME}/data/log/INSTALLCERTSPASS
+NOTOKFILE=${ODL_HOME}/data/log/INSTALLCERTSFAIL
+INSTALLCOMPLETE=false
+elapsedTime=0
+
+printInstallCertsLog() {
+  printf "################ Contents of ${ODL_HOME}/data/log/installCerts.log ################ \n"
+  cat ${ODL_HOME}/data/log/installCerts.log
+}
+
+while [[ $INSTALLCOMPLETE != true ]]; do
+  printf "Certificate installation in progress. Elapsed time - $elapsedTime secs. Waiting for 10 secs before checking the status.. \n"
+  sleep 10
+  elapsedTime=$((elapsedTime + 10))
+  pid=$(pgrep -f installCerts.py)
+  if [[ $? != 0 ]]; then
+     INSTALLCOMPLETE=true
+  fi
+done
+
+printf "Certificate installation script completed execution \n"
+if [ -f $OKFILE ]; then
+  #do nothing
+  printf "Everything OK in Certificate Installation \n"
+elif [ -f $NOTOKFILE ]; then
+  # Terminate SDNR container
+  printf "Problems encountered in Certificate Installation \n"
+  printInstallCertsLog
+  printf "Stoppping SDNR container due to failure in installing Certificates \n"
+  pid=`pgrep java`
+  kill -SIGKILL $pid
+fi
+
diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh
index 8b496311..d1223027 100755
--- a/installation/sdnc/src/main/scripts/startODL.sh
+++ b/installation/sdnc/src/main/scripts/startODL.sh
@@ -389,6 +389,8 @@ else
   printf "Start background cert installer\n"
   mkdir -p /opt/opendaylight/data/log
   nohup python3 "${SDNC_BIN}"/installCerts.py &
+  printf "Start monitoring certificate installation. \n"
+  nohup sh "${SDNC_BIN}"/monitorCertsInstall.sh &
 fi
 
 printf "Startup opendaylight\n"
-- 
2.16.6