Add new configuration and scripts to automate the credential creation and passing... 44/344/1
authorZhe Huang <zhehuang@research.att.com>
Fri, 14 Jun 2019 15:46:59 +0000 (11:46 -0400)
committerZhe Huang <zhehuang@research.att.com>
Fri, 14 Jun 2019 15:46:59 +0000 (11:46 -0400)
Signed-off-by: Zhe Huang <zhehuang@research.att.com>
Change-Id: I0ccc33e0a6a94c5d292826545e04de2e1ffc4500

22 files changed:
RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE [new file with mode: 0644]
RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE [new file with mode: 0644]
RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE [moved from RECIPE_EXAMPLE/RECIPE_EXAMPLE with 86% similarity]
bin/deploy-ric-infra [new file with mode: 0755]
etc/ric-infra.conf [new file with mode: 0644]
ric-infra/10-Nexus/bin/change_password [new file with mode: 0755]
ric-infra/10-Nexus/bin/deploy_nexus_data [new file with mode: 0755]
ric-infra/10-Nexus/bin/install
ric-infra/10-Nexus/etc/nexus.conf
ric-infra/10-Nexus/helm/templates/deployment.yaml
ric-infra/10-Nexus/helm/templates/helmingress.yaml [new file with mode: 0644]
ric-infra/10-Nexus/helm/templates/ingress.yaml
ric-infra/10-Nexus/helm/templates/persistentVolume.yaml [new file with mode: 0644]
ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml [new file with mode: 0644]
ric-infra/10-Nexus/helm/templates/save-secret-job.yaml
ric-infra/10-Nexus/helm/templates/secret-helm.yaml [new file with mode: 0644]
ric-infra/10-Nexus/helm/templates/storageClass.yaml [new file with mode: 0644]
ric-infra/10-Nexus/helm/values.yaml
ric-infra/20-Credential/helm/templates/_helper.tpl
ric-infra/20-Credential/helm/values.yaml
ric-platform/50-RIC-Platform/helm/appmgr/values.yaml
ric-platform/50-RIC-Platform/helm/common/templates/_helmrepo.tpl

diff --git a/RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE b/RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE
new file mode 100644 (file)
index 0000000..cb494e4
--- /dev/null
@@ -0,0 +1,59 @@
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+###############################################################################
+
+#-------------------------------------------------------------------------
+# Global common setting
+#-------------------------------------------------------------------------
+global:
+  # Docker registry from which RIC platform components pull the images
+  repository: nexus3.o-ran-sc.org:10004
+  
+  # Name of the K8S docker credential that is onboarded by 20-credential 
+  repositoryCred: docker-reg-cred
+
+  # Docker image pull policy
+  imagePullPolicy: Always
+
+  # Helm repo that will be used by xApp manager
+  helmRepository: nexus.ricinfra.local
+
+  # Certificate of the helm repo
+  helmRepositoryCert: xapp-mgr-certs
+
+  # Name of the K8S secret that contains the credential of the helm repo
+  helmRepositoryCred: xapp-mgr-creds
+
+  # The name of the tiller that xApp helm client talks to
+  helmRepositoryTiller: tiller-deploy
+
+  # The namespace of the xApp helm tiller
+  helmRepositoryTillerNamespace: kube-system
+
+  # The port the xApp helm tiller is listening to
+  helmRepositoryTillerPort: 44134
+
+
+
+  
+#-------------------------------------------------------------------------
+# Auxiliary Functions
+#-------------------------------------------------------------------------
+dashboard:
+  image:
+    name:: ric-dash-be
+    tag: 1.0.0-SNAPSHOT
+
diff --git a/RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE b/RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE
new file mode 100644 (file)
index 0000000..65a0f07
--- /dev/null
@@ -0,0 +1,72 @@
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+###############################################################################
+
+#-------------------------------------------------------------------------
+# Global common setting
+#-------------------------------------------------------------------------
+global:
+  # Docker registry from which RIC platform components pull the images
+  repository: nexus3.o-ran-sc.org:10004
+  
+  # Name of the K8S docker credential that is onboarded by 20-credential 
+  repositoryCred: docker-reg-cred
+
+  # Docker image pull policy
+  imagePullPolicy: Always
+
+  # Helm repo that will be used by xApp manager
+  helmRepository: nexus.ricinfra.local
+
+  # Certificate of the helm repo
+  helmRepositoryCert: xapp-mgr-certs
+
+  # Name of the K8S secret that contains the credential of the helm repo
+  helmRepositoryCred: xapp-mgr-creds
+
+  # The name of the tiller that xApp helm client talks to
+  helmRepositoryTiller: tiller-deploy
+
+  # The namespace of the xApp helm tiller
+  helmRepositoryTillerNamespace: kube-system
+
+  # The port the xApp helm tiller is listening to
+  helmRepositoryTillerPort: 44134
+
+#-------------------------------------------------------------------------
+# Infrastructure
+#-------------------------------------------------------------------------
+
+cluster:
+  deployK8S: false
+  deployNexus: false
+  useLocalHelmRepo: false
+  useLocalDockerRegistry: false
+
+
+repositoryCredential:
+  user: "docker"
+  password: "haha"
+
+
+helmrepoCredential:
+  user: "helm"
+  password: "hehe"
+
+
+adminPassword: admin123
+
+datapath: /tmp/nexus3-data/
similarity index 86%
rename from RECIPE_EXAMPLE/RECIPE_EXAMPLE
rename to RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE
index e90af68..97103b4 100644 (file)
@@ -29,7 +29,7 @@ global:
   imagePullPolicy: Always
 
   # Helm repo that will be used by xApp manager
-  helmRepository: nexus.ricinfra.local
+  helmRepository: helm.ricinfra.local
 
   # Certificate of the helm repo
   helmRepositoryCert: xapp-mgr-certs
@@ -46,20 +46,6 @@ global:
   # The port the xApp helm tiller is listening to
   helmRepositoryTillerPort: 44134
 
-#-------------------------------------------------------------------------
-# Infrastructure
-#-------------------------------------------------------------------------
-
-
-
-  
-#-------------------------------------------------------------------------
-# Auxiliary Functions
-#-------------------------------------------------------------------------
-dashboard:
-  image:
-    name:: ric-dash-be
-    tag: 1.0.0-SNAPSHOT
 
 #-------------------------------------------------------------------------
 # Platform Components 
diff --git a/bin/deploy-ric-infra b/bin/deploy-ric-infra
new file mode 100755 (executable)
index 0000000..508bcbd
--- /dev/null
@@ -0,0 +1,104 @@
+#!/bin/bash
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+# This script deploys RIC auxiliary function components automatically
+
+OVERRIDEYAML=$1
+
+
+
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+source $DIR/../etc/ric-infra.conf
+
+export RICINFRA_RELEASE_NAME=$ric_infra_helm_release_name
+
+export RICINFRA_NAMESPACE=$ric_infra_namespace
+
+export DEPLOY_K8S=$deployK8S
+
+export DEPLOY_NEXUS=$deployNexus
+
+export USE_LOCAL_HELM_REPO=$useLocalHelmRepo
+
+export USE_LOCAL_DOCKER_REGISTRY=$useLocalDockerRegistry
+
+
+
+
+
+source $DIR/../etc/ric-platform.conf
+
+export RICPLT_RELEASE_NAME=$ric_platform_helm_release_name
+
+export RICPLT_NAMESPACE=$ric_platform_namespace
+
+
+
+
+if [ -z "$OVERRIDEYAML" ];then
+       echo "****************************************************************************************************************"
+       echo "                                                     WARNING                                                    "
+       echo "****************************************************************************************************************"
+       echo "Deploying RIC infrastructure components without deployment recipe. Default configurations are used."
+       echo "****************************************************************************************************************"
+
+else
+
+       export DEPLOY_K8S=$(cat $OVERRIDEYAML | grep deployK8S | awk '{print $2}')
+       export DEPLOY_NEXUS=$(cat $OVERRIDEYAML | grep deployNexus | awk '{print $2}')
+       export USE_LOCAL_HELM_REPO=$(cat $OVERRIDEYAML | grep useLocalHelmRepo | awk '{print $2}')
+       export USE_LOCAL_DOCKER_REGISTRY=$(cat $OVERRIDEYAML | grep useLocalDockerRegistry | awk '{print $2}')
+fi
+
+
+
+if $USE_LOCAL_HELM_REPO  &&  [ "$DEPLOY_NEXUS" != "true" ];then
+       echo "****************************************************************************************************************"
+        echo "                                                     ERROR                                                    "
+        echo "****************************************************************************************************************"
+        echo "Local helm repo cannot be used if Nexus is not installed. Please change your configurations in the deployment recipe."
+        echo "****************************************************************************************************************"
+       exit 1
+fi
+
+
+if $USE_LOCAL_DOCKER_REGISTRY  &&  [ "$DEPLOY_NEXUS" != "true" ];then
+       echo "****************************************************************************************************************"
+        echo "                                                     ERROR                                                    "
+        echo "****************************************************************************************************************"
+        echo "Local docker registry cannot be used if Nexus is not installed. Please change your configurations in the deployment recipe."
+        echo "****************************************************************************************************************"
+       exit 1
+fi
+
+
+if $DEPLOY_K8S; then
+       echo "Deploying K8S. Please make sure that you configure files in ./ric-infra/00-Kubernetes/etc correctly."
+       . ../ric-infra/00-Kubernetes/bin/install
+fi
+
+
+if $DEPLOY_NEXUS; then
+       echo "Deploying Nexus."
+       . ../ric-infra/10-Nexus/bin/install $OVERRIDEYAML
+fi
+
+
+
diff --git a/etc/ric-infra.conf b/etc/ric-infra.conf
new file mode 100644 (file)
index 0000000..a5ddb27
--- /dev/null
@@ -0,0 +1,36 @@
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+# -------------------  RIC AUX ---------------------------------------
+
+# release name helm will use to deploy RIC infrastructure componenets
+ric_infra_helm_release_name=r0
+
+# namespace that helm will use to deploy RIC infrastructure componenets
+ric_infra_namespace=ricinfra
+
+# deploy the kubernete cluster
+deployK8S=false
+
+# deploy a nexus repository manager
+deployNexus=true
+
+# use the local helm repo
+useLocalHelmRepo=true
+
+# use the local docker registry
+useLocalDockerRegistry=false
diff --git a/ric-infra/10-Nexus/bin/change_password b/ric-infra/10-Nexus/bin/change_password
new file mode 100755 (executable)
index 0000000..1a727d3
--- /dev/null
@@ -0,0 +1,225 @@
+#!/bin/bash
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+OVERRIDEYAML=$1
+
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+source $DIR/../etc/nexus.conf
+
+if [ -z "$RICINFRA_RELEASE_NAME" ];then
+   RELEASE_NAME=$helm_release_name
+else
+   RELEASE_NAME=$RICINFRA_RELEASE_NAME
+fi
+if [ -z "$RICINFRA_NAMESPACE" ];then
+   NAMESPACE=$namespace
+else
+   NAMESPACE=$RICINFRA_NAMESPACE
+fi
+if [ -z "$INGRESS_PORT" ];then
+   INGRESS_PORT_NEXUS=$ingress_port
+else
+   INGRESS_PORT_NEXUS=$INGRESS_PORT
+fi
+
+if [ -z "$DEFAULT_NEXUS_ADMIN_PASSWORD" ];then
+   NEXUS_ADMIN_PASSWORD=$default_admin_password
+else
+   NEXUS_ADMIN_PASSWORD=$DEFAULT_NEXUS_ADMIN_PASSWORD
+fi
+
+
+
+HOSTPOSTFIX=$(cat $DIR/../helm/values.yaml  | grep hostpostfix | awk '{print $2}')
+
+
+
+
+
+
+
+
+
+NEXUS_URL="http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS"
+
+
+
+
+
+
+if [ -z $OVERRIDEYAML ]; then
+
+  DOCKERPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*repositoryCredential:.*/{getline; getline;  print substr($2, 2, length($2)-2);}')
+  HELMPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*helmrepoCredential:.*/{getline; getline;  print substr($2, 2, length($2)-2);}')
+  ADMINPASSWORD=$(cat $DIR/../helm/values.yaml | awk '/^.*adminPassword:.*/{print $2}')
+
+else
+
+
+
+  DOCKERPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*repositoryCredential:.*/{getline; getline;  print substr($2, 2, length($2)-2);}')
+
+
+
+  if [ -z $DOCKERPASSWORD ]; then
+    DOCKERPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*repositoryCredential:.*/{getline; getline;  print substr($2, 2, length($2)-2);}')
+  fi
+
+  HELMPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*helmrepoCredential:.*/{getline; getline;  print substr($2, 2, length($2)-2);}')
+  if [ -z $HELMPASSWORD ]; then
+    HELMPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*helmrepoCredential:.*/{getline; getline;  print substr($2, 2, length($2)-2);}')
+  fi
+
+  ADMINPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*adminPassword:.*/{print $2;}')
+  if [ -z $ADMINPASSWORD ]; then
+    ADMINPASSWORD=$(cat $DIR/../helm/values.yaml | awk '/^.*adminPassword:.*/{print $2;}')
+  fi
+
+fi
+
+
+
+
+#echo $DOCKERPASSWORD, $HELMPASSWORD, $ADMINPASSWORD
+
+
+
+
+DOCKERPORT=$(cat $DIR/../helm/templates/deployment.yaml  | awk '/.*- name: docker.*/{getline; print $2}')
+
+
+DOCKERREPOSCRIPT="{\"name\":\"docker_changepassword\",\
+    \"type\":\"groovy\",\
+    \"content\":\"security.securitySystem.changePassword('docker',  '$DOCKERPASSWORD')\"}"
+
+
+
+
+# This line uses the default admin password
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$DOCKERREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script)
+
+
+if [ "${STATUS}" != "204" ];then
+    echo "> script upload failed!"
+fi
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/docker_changepassword/run)
+
+
+if [ "${STATUS}" == "200" ];then
+    echo "> docker password change succeeded!"
+else
+    echo "> docker password change failed!"
+fi
+
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/docker_changepassword)
+
+
+if [ "${STATUS}" != "204" ];then
+    echo "> script deletion failed!"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+HELMREPOSCRIPT="{\"name\":\"helm_changepassword\",\
+    \"type\":\"groovy\",\
+    \"content\":\"security.securitySystem.changePassword('helm',  '$HELMPASSWORD')\"}"
+
+
+
+# This line uses the default admin password
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$HELMREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script)
+
+
+if [ "${STATUS}" != "204" ];then
+    echo "> script upload failed!"
+fi
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/helm_changepassword/run)
+
+
+if [ "${STATUS}" == "200" ];then
+    echo "> helm password change succeeded!"
+else
+    echo "> helm password change failed!"
+fi
+
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/helm_changepassword)
+
+
+if [ "${STATUS}" != "204" ];then
+    echo "> script deletion failed!"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+ADMINSCRIPT="{\"name\":\"admin_changepassword\",\
+    \"type\":\"groovy\",\
+    \"content\":\"security.securitySystem.changePassword('admin',  '$ADMINPASSWORD')\"}"
+
+
+
+# This line uses the default admin password
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$ADMINSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script)
+
+
+if [ "${STATUS}" != "204" ];then
+    echo "> script upload failed!"
+fi
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/admin_changepassword/run)
+
+
+if [ "${STATUS}" == "200" ];then
+    echo "> admin password change succeeded!"
+else
+    echo "> admin password change failed!"
+fi
+
+NEXUS_ADMIN_PASSWORD=$ADMINPASSWORD
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/admin_changepassword)
+
+
+if [ "${STATUS}" != "204" ];then
+    echo "> script deletion failed!"
+fi
+
diff --git a/ric-infra/10-Nexus/bin/deploy_nexus_data b/ric-infra/10-Nexus/bin/deploy_nexus_data
new file mode 100755 (executable)
index 0000000..8c630f0
--- /dev/null
@@ -0,0 +1,70 @@
+#!/bin/bash
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+OVERRIDEYAML=$1
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+
+
+
+
+
+if [ -z $OVERRIDEYAML ]; then
+
+  DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}')
+  
+else
+
+  DATAPATH=$(cat $OVERRIDEYAML | awk '/^.*datapath:.*/{ print $2;}')
+
+
+  if [ -z $DATAPATH ]; then
+    DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}')
+  fi
+
+fi
+
+if [ -e $DATAPATH ]; then
+       if [ ! -w $DATAPATH ]; then
+               echo "Error: you don't have write permission to directory $DATAPATH"
+               echo "Deployment terminated."
+               exit 1
+       fi
+
+       rm -rf $DATAPATH
+
+       mkdir -p $DATAPATH
+
+       tar -xf $DIR/../etc/conf.tar -C $DATAPATH
+
+       chmod -R a+rwx $DATAPATH
+else
+       mkdir -p $DATAPATH
+        if [ $? -eq 0 ]; then
+          tar -xf $DIR/../etc/conf.tar -C $DATAPATH
+          chmod -R a+rwx $DATAPATH
+        else
+         echo "Error: you don't have write permission to directory $DATAPATH"
+          echo "Deployment terminated."
+          exit 1
+       fi
+
+
+fi
+
+
index c0c5ed0..452924b 100755 (executable)
@@ -57,6 +57,18 @@ echo "You can access this nexus here: http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NE
 echo "If nexus.$HOSTPOSTFIX is not resolved by your DNS server, please add an entry in your /etc/hosts file."
 echo "****************************************************************************************************************"
 
+. ./deploy_nexus_data $OVERRIDEYAML
+
+
+
+NODENAME=$(kubectl get node | awk 'NR==2{print $1}')
+kubectl label --overwrite nodes $NODENAME nexus-node=enable
+
+
+
+
+
+
 COMMON_CHART_VERSION=$(cat $DIR/../../../ric-platform/50-RIC-Platform/helm/common/Chart.yaml | grep version | awk '{print $2}')
 helm package -d /tmp $DIR/../../../ric-platform/50-RIC-Platform/helm/common
 
@@ -70,9 +82,10 @@ else
 helm install -f $OVERRIDEYAML --namespace "${NAMESPACE}" --name "${RELEASE_NAME}-nexus" $DIR/../helm
 fi
 
-NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep ContainerCreating | awk '{print $1}')
 
 
+NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep -v "Terminating" | awk '{print $1}')
+
 
 echo "Waiting Nexus to be ready."
 echo " "
@@ -102,23 +115,7 @@ done
 echo $IS_NEXUS_READY
 
 
-DOCKERPORT=$(cat $DIR/../helm/templates/deployment.yaml  | awk '/.*- name: docker.*/{getline; print $2}')
-
-
-DOCKERREPOSCRIPT="{\"name\":\"create_docker_repo\",\
-    \"type\":\"groovy\",\
-    \"content\":\"repository.createDockerHosted('docker.snapshot',\
-    $DOCKERPORT, null, 'default', false, true)\"}"
-
-echo $DOCKERREPOSCRIPT
-
-# This line uses the default admin password
-curl -u admin:admin123 -X POST -H "Content-Type: application/json" --data "$DOCKERREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script
-
-curl -u admin:admin123 -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/create_docker_repo/run
-
-
-
+. ./change_password $OVERRIDEYAML
 
 
 
index cd40a73..ce00f72 100644 (file)
@@ -28,3 +28,6 @@ namespace=ric-infra
 # ingress port number of the K8S cluster
 # It will be overrided by INGRESS_PORT
 ingress_port=30000
+
+
+default_admin_password=admin123
index 65c5c23..2ba358c 100644 (file)
@@ -51,6 +51,15 @@ spec:
             - name: docker
               containerPort: 10001
               protocol: TCP
+          volumeMounts:
+            - name: nexus-config
+              mountPath: /nexus-data
+      volumes:
+        - name: nexus-config
+          persistentVolumeClaim:
+            claimName: nexus-claim
+      
+      
               #          livenessProbe:
               #            httpGet:
               #              path: /
diff --git a/ric-infra/10-Nexus/helm/templates/helmingress.yaml b/ric-infra/10-Nexus/helm/templates/helmingress.yaml
new file mode 100644 (file)
index 0000000..291a103
--- /dev/null
@@ -0,0 +1,40 @@
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /repository/helm.local/
+  name: {{ include "nexus.fullname" . }}-helm
+  labels:
+    app: {{ template "nexus.name" . }}
+    chart: {{ template "nexus.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  tls:
+    - hosts:
+      - helm.{{ .Values.ingress.hostpostfix }}
+      secretName: {{ include "common.helmrepositorycert" . }}
+  rules:
+    - host: helm.{{ .Values.ingress.hostpostfix }}
+      http:
+        paths:
+          - backend:
+              serviceName: {{ include "nexus.fullname" . }}
+              servicePort: nexus
+            path: /
index 3609022..d1bbf2a 100644 (file)
@@ -25,9 +25,9 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   tls:
-  - hosts:
-    - docker.{{ .Values.ingress.hostpostfix }}
-    secretName: {{ include "common.repositorycert" . }}
+    - hosts:
+      - docker.{{ .Values.ingress.hostpostfix }}
+      secretName: {{ include "common.repositorycert" . }}
   rules:
     - host: nexus.{{ .Values.ingress.hostpostfix }}
       http:
diff --git a/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml b/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml
new file mode 100644 (file)
index 0000000..dfdbd21
--- /dev/null
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nexus3-configuration
+spec:
+  capacity:
+    storage: {{ .Values.storagesize }}
+  accessModes:
+  - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nexus3-storage
+  local:
+    path: {{ .Values.datapath }}
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: nexus-node
+          operator: In
+          values:
+          - enable
diff --git a/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml b/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml
new file mode 100644 (file)
index 0000000..b0f29ba
--- /dev/null
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: nexus-claim
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: nexus3-storage 
+  resources:
+    requests:
+      storage: {{ .Values.storagesize }}
index 44b75ef..1d0e1be 100644 (file)
@@ -25,18 +25,24 @@ spec:
       containers:
       - name: cert-copy
         image: alpine
-        command: ["cp", "-rL", "/var/run/certs/..data/tls.crt", "/var/run/certs-copy/"]
+        command: [ "/bin/sh","-c","cp -rL /var/run/dockercerts/..data/tls.crt /var/run/certs-copy/dockertls.crt && cp -rL /var/run/helmcerts/..data/tls.crt /var/run/certs-copy/helmtls.crt"]
         #        command: ["tail", "-f", "/dev/null"]
         volumeMounts:
-        - name: certs
-          mountPath: /var/run/certs
+        - name: dockercerts
+          mountPath: /var/run/dockercerts
+          readOnly: true
+        - name: helmcerts
+          mountPath: /var/run/helmcerts
           readOnly: true
         - name:  write-to-volume
           mountPath: /var/run/certs-copy
       volumes:
-      - name: certs
+      - name: dockercerts
         secret:
           secretName: {{ include "common.repositorycert" . }}
+      - name: helmcerts
+        secret:
+          secretName: {{ include "common.helmrepositorycert" . }}
       - name: write-to-volume
         hostPath:
           path: /tmp
diff --git a/ric-infra/10-Nexus/helm/templates/secret-helm.yaml b/ric-infra/10-Nexus/helm/templates/secret-helm.yaml
new file mode 100644 (file)
index 0000000..49e47da
--- /dev/null
@@ -0,0 +1,32 @@
+################################################################################
+#   Copyright (c) 2019 AT&T Intellectual Property.                             #
+#   Copyright (c) 2019 Nokia.                                                  #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+  name: {{ include "common.helmrepositorycert" . }}
+  labels:
+    app: {{ template "nexus.name" . }}
+    chart: {{ template "nexus.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  annotations:
+    "helm.sh/hook": "pre-install"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
+data:
+{{ ( include "common.helmrepository.gen-certs" . ) | indent 2 }}
diff --git a/ric-infra/10-Nexus/helm/templates/storageClass.yaml b/ric-infra/10-Nexus/helm/templates/storageClass.yaml
new file mode 100644 (file)
index 0000000..97ccd0f
--- /dev/null
@@ -0,0 +1,6 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: nexus3-storage
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
index b35bd0c..31f8a72 100644 (file)
@@ -26,6 +26,15 @@ replicaCount: 1
 # repositoryCertOverride: ""
 repositoryCert: docker-reg-certs
 
+# This is the name of K8S secret that contains the helm repository cert
+# You can override this by using
+# helmRepositoryCertOverride: ""
+helmRepositoryCert: xapp-mgr-certs
+
+
+# This is the admin password
+adminPassword: admin123
+
 # This is designed to be deployed using local image
 image:
   repository: nexus-repository-helm-apt
@@ -39,3 +48,6 @@ service:
 ingress:
   hostpostfix: ricinfra.local
 
+
+storagesize: 20Gi
+datapath: /tmp/nexus3-data/
index 67274f0..83d4967 100644 (file)
@@ -59,7 +59,7 @@ Create chart name and version as used by the chart label.
 */}}
 {{- define "repository.secret" -}}
   {{- $repo := include "common.repository" . }}
-  {{- $cred := .Values.repositoryCred }}
+  {{- $cred := .Values.repositoryCredential }}
   {{- $user := default "docker" $cred.user }}
   {{- $password := default "docker" $cred.password }}
   {{- $mail := default "@" $cred.mail }}
@@ -70,12 +70,12 @@ Create chart name and version as used by the chart label.
 
 
 {{- define "helmrepo.secret.user" -}}
-  {{- $user := default "helm" .Values.helmrepoCred.user -}}
+  {{- $user := default "helm" .Values.helmrepoCredential.user -}}
   {{- printf "%s" $user |b64enc }}
 {{- end -}}
 
 
 {{- define "helmrepo.secret.password" -}}
-  {{- $pass := default "helm" .Values.helmrepoCred.password -}}
+  {{- $pass := default "helm" .Values.helmrepoCredential.password -}}
   {{- printf "%s" $pass |b64enc }}
 {{- end -}}
index 8f37004..ad22a1a 100644 (file)
 # Values for setting up Kubernetes resources for accessing infrastructure such as docker registry
 # helm repo, etc.
 
+repository: "nexus3.o-ran-sc.org:10004"
 
-repositoryCred:
+repositoryCredential:
   user: "docker"
   password: "docker"
 
 
-helmrepoCred:
+helmrepoCredential:
   user: "helm"
   password: "helm"
index ffe2934..fef7eb9 100644 (file)
@@ -24,7 +24,7 @@ repositoryCred: docker-reg-cred
 # By default a local helm repo is used. The global setting will override
 # the default value. You can further override using
 #helmRepositoryOverride: ""
-helmRepository: "snapshot.helm.local.ric.org
+helmRepository: "helm.ricinfra.local
 
 # Default secret name for Helm Repo credential. .Value.golbal.helmRepositoryCred will
 # override the default value. You can further override uing
index 30846dc..4143ce3 100644 (file)
     {{- end -}}
   {{- end -}}
 {{- end -}}
+
+{{/*
+Generate certificates for the helm repo
+*/}}
+{{- define "common.helmrepository.gen-certs" -}}
+{{- $altNames := list ( printf "helm.%s" .Values.ingress.hostpostfix ) -}}
+{{- $ca := genCA "helm-repository-ca" 365 -}}
+{{- $cert := genSignedCert ( include "nexus.name" . ) nil $altNames 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end -}}
+