From 72069511cae9028d54b8d99fa373b5f4f691e981 Mon Sep 17 00:00:00 2001 From: Zhe Huang Date: Fri, 14 Jun 2019 11:46:59 -0400 Subject: [PATCH] Add new configuration and scripts to automate the credential creation and passing among installations. Signed-off-by: Zhe Huang Change-Id: I0ccc33e0a6a94c5d292826545e04de2e1ffc4500 --- RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE | 59 ++++++ RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE | 72 +++++++ ...{RECIPE_EXAMPLE => RIC_PLATFORM_RECIPE_EXAMPLE} | 16 +- bin/deploy-ric-infra | 104 ++++++++++ etc/ric-infra.conf | 36 ++++ ric-infra/10-Nexus/bin/change_password | 225 +++++++++++++++++++++ ric-infra/10-Nexus/bin/deploy_nexus_data | 70 +++++++ ric-infra/10-Nexus/bin/install | 33 ++- ric-infra/10-Nexus/etc/nexus.conf | 3 + ric-infra/10-Nexus/helm/templates/deployment.yaml | 9 + ric-infra/10-Nexus/helm/templates/helmingress.yaml | 40 ++++ ric-infra/10-Nexus/helm/templates/ingress.yaml | 6 +- .../10-Nexus/helm/templates/persistentVolume.yaml | 21 ++ .../helm/templates/persistentVolumeClaim.yaml | 11 + .../10-Nexus/helm/templates/save-secret-job.yaml | 14 +- ric-infra/10-Nexus/helm/templates/secret-helm.yaml | 32 +++ .../10-Nexus/helm/templates/storageClass.yaml | 6 + ric-infra/10-Nexus/helm/values.yaml | 12 ++ ric-infra/20-Credential/helm/templates/_helper.tpl | 6 +- ric-infra/20-Credential/helm/values.yaml | 5 +- .../50-RIC-Platform/helm/appmgr/values.yaml | 2 +- .../helm/common/templates/_helmrepo.tpl | 12 ++ 22 files changed, 748 insertions(+), 46 deletions(-) create mode 100644 RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE create mode 100644 RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE rename RECIPE_EXAMPLE/{RECIPE_EXAMPLE => RIC_PLATFORM_RECIPE_EXAMPLE} (86%) create mode 100755 bin/deploy-ric-infra create mode 100644 etc/ric-infra.conf create mode 100755 ric-infra/10-Nexus/bin/change_password create mode 100755 ric-infra/10-Nexus/bin/deploy_nexus_data create mode 100644 ric-infra/10-Nexus/helm/templates/helmingress.yaml create mode 100644 ric-infra/10-Nexus/helm/templates/persistentVolume.yaml create mode 100644 ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml create mode 100644 ric-infra/10-Nexus/helm/templates/secret-helm.yaml create mode 100644 ric-infra/10-Nexus/helm/templates/storageClass.yaml diff --git a/RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE b/RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE new file mode 100644 index 00000000..cb494e4b --- /dev/null +++ b/RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE @@ -0,0 +1,59 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################### + +#------------------------------------------------------------------------- +# Global common setting +#------------------------------------------------------------------------- +global: + # Docker registry from which RIC platform components pull the images + repository: nexus3.o-ran-sc.org:10004 + + # Name of the K8S docker credential that is onboarded by 20-credential + repositoryCred: docker-reg-cred + + # Docker image pull policy + imagePullPolicy: Always + + # Helm repo that will be used by xApp manager + helmRepository: nexus.ricinfra.local + + # Certificate of the helm repo + helmRepositoryCert: xapp-mgr-certs + + # Name of the K8S secret that contains the credential of the helm repo + helmRepositoryCred: xapp-mgr-creds + + # The name of the tiller that xApp helm client talks to + helmRepositoryTiller: tiller-deploy + + # The namespace of the xApp helm tiller + helmRepositoryTillerNamespace: kube-system + + # The port the xApp helm tiller is listening to + helmRepositoryTillerPort: 44134 + + + + +#------------------------------------------------------------------------- +# Auxiliary Functions +#------------------------------------------------------------------------- +dashboard: + image: + name:: ric-dash-be + tag: 1.0.0-SNAPSHOT + diff --git a/RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE b/RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE new file mode 100644 index 00000000..65a0f07e --- /dev/null +++ b/RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE @@ -0,0 +1,72 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################### + +#------------------------------------------------------------------------- +# Global common setting +#------------------------------------------------------------------------- +global: + # Docker registry from which RIC platform components pull the images + repository: nexus3.o-ran-sc.org:10004 + + # Name of the K8S docker credential that is onboarded by 20-credential + repositoryCred: docker-reg-cred + + # Docker image pull policy + imagePullPolicy: Always + + # Helm repo that will be used by xApp manager + helmRepository: nexus.ricinfra.local + + # Certificate of the helm repo + helmRepositoryCert: xapp-mgr-certs + + # Name of the K8S secret that contains the credential of the helm repo + helmRepositoryCred: xapp-mgr-creds + + # The name of the tiller that xApp helm client talks to + helmRepositoryTiller: tiller-deploy + + # The namespace of the xApp helm tiller + helmRepositoryTillerNamespace: kube-system + + # The port the xApp helm tiller is listening to + helmRepositoryTillerPort: 44134 + +#------------------------------------------------------------------------- +# Infrastructure +#------------------------------------------------------------------------- + +cluster: + deployK8S: false + deployNexus: false + useLocalHelmRepo: false + useLocalDockerRegistry: false + + +repositoryCredential: + user: "docker" + password: "haha" + + +helmrepoCredential: + user: "helm" + password: "hehe" + + +adminPassword: admin123 + +datapath: /tmp/nexus3-data/ diff --git a/RECIPE_EXAMPLE/RECIPE_EXAMPLE b/RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE similarity index 86% rename from RECIPE_EXAMPLE/RECIPE_EXAMPLE rename to RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE index e90af68f..97103b4f 100644 --- a/RECIPE_EXAMPLE/RECIPE_EXAMPLE +++ b/RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE @@ -29,7 +29,7 @@ global: imagePullPolicy: Always # Helm repo that will be used by xApp manager - helmRepository: nexus.ricinfra.local + helmRepository: helm.ricinfra.local # Certificate of the helm repo helmRepositoryCert: xapp-mgr-certs @@ -46,20 +46,6 @@ global: # The port the xApp helm tiller is listening to helmRepositoryTillerPort: 44134 -#------------------------------------------------------------------------- -# Infrastructure -#------------------------------------------------------------------------- - - - - -#------------------------------------------------------------------------- -# Auxiliary Functions -#------------------------------------------------------------------------- -dashboard: - image: - name:: ric-dash-be - tag: 1.0.0-SNAPSHOT #------------------------------------------------------------------------- # Platform Components diff --git a/bin/deploy-ric-infra b/bin/deploy-ric-infra new file mode 100755 index 00000000..508bcbdf --- /dev/null +++ b/bin/deploy-ric-infra @@ -0,0 +1,104 @@ +#!/bin/bash +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# This script deploys RIC auxiliary function components automatically + +OVERRIDEYAML=$1 + + + + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" + +source $DIR/../etc/ric-infra.conf + +export RICINFRA_RELEASE_NAME=$ric_infra_helm_release_name + +export RICINFRA_NAMESPACE=$ric_infra_namespace + +export DEPLOY_K8S=$deployK8S + +export DEPLOY_NEXUS=$deployNexus + +export USE_LOCAL_HELM_REPO=$useLocalHelmRepo + +export USE_LOCAL_DOCKER_REGISTRY=$useLocalDockerRegistry + + + + + +source $DIR/../etc/ric-platform.conf + +export RICPLT_RELEASE_NAME=$ric_platform_helm_release_name + +export RICPLT_NAMESPACE=$ric_platform_namespace + + + + +if [ -z "$OVERRIDEYAML" ];then + echo "****************************************************************************************************************" + echo " WARNING " + echo "****************************************************************************************************************" + echo "Deploying RIC infrastructure components without deployment recipe. Default configurations are used." + echo "****************************************************************************************************************" + +else + + export DEPLOY_K8S=$(cat $OVERRIDEYAML | grep deployK8S | awk '{print $2}') + export DEPLOY_NEXUS=$(cat $OVERRIDEYAML | grep deployNexus | awk '{print $2}') + export USE_LOCAL_HELM_REPO=$(cat $OVERRIDEYAML | grep useLocalHelmRepo | awk '{print $2}') + export USE_LOCAL_DOCKER_REGISTRY=$(cat $OVERRIDEYAML | grep useLocalDockerRegistry | awk '{print $2}') +fi + + + +if $USE_LOCAL_HELM_REPO && [ "$DEPLOY_NEXUS" != "true" ];then + echo "****************************************************************************************************************" + echo " ERROR " + echo "****************************************************************************************************************" + echo "Local helm repo cannot be used if Nexus is not installed. Please change your configurations in the deployment recipe." + echo "****************************************************************************************************************" + exit 1 +fi + + +if $USE_LOCAL_DOCKER_REGISTRY && [ "$DEPLOY_NEXUS" != "true" ];then + echo "****************************************************************************************************************" + echo " ERROR " + echo "****************************************************************************************************************" + echo "Local docker registry cannot be used if Nexus is not installed. Please change your configurations in the deployment recipe." + echo "****************************************************************************************************************" + exit 1 +fi + + +if $DEPLOY_K8S; then + echo "Deploying K8S. Please make sure that you configure files in ./ric-infra/00-Kubernetes/etc correctly." + . ../ric-infra/00-Kubernetes/bin/install +fi + + +if $DEPLOY_NEXUS; then + echo "Deploying Nexus." + . ../ric-infra/10-Nexus/bin/install $OVERRIDEYAML +fi + + + diff --git a/etc/ric-infra.conf b/etc/ric-infra.conf new file mode 100644 index 00000000..a5ddb27a --- /dev/null +++ b/etc/ric-infra.conf @@ -0,0 +1,36 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# ------------------- RIC AUX --------------------------------------- + +# release name helm will use to deploy RIC infrastructure componenets +ric_infra_helm_release_name=r0 + +# namespace that helm will use to deploy RIC infrastructure componenets +ric_infra_namespace=ricinfra + +# deploy the kubernete cluster +deployK8S=false + +# deploy a nexus repository manager +deployNexus=true + +# use the local helm repo +useLocalHelmRepo=true + +# use the local docker registry +useLocalDockerRegistry=false diff --git a/ric-infra/10-Nexus/bin/change_password b/ric-infra/10-Nexus/bin/change_password new file mode 100755 index 00000000..1a727d3f --- /dev/null +++ b/ric-infra/10-Nexus/bin/change_password @@ -0,0 +1,225 @@ +#!/bin/bash +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +OVERRIDEYAML=$1 + + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" +source $DIR/../etc/nexus.conf + +if [ -z "$RICINFRA_RELEASE_NAME" ];then + RELEASE_NAME=$helm_release_name +else + RELEASE_NAME=$RICINFRA_RELEASE_NAME +fi +if [ -z "$RICINFRA_NAMESPACE" ];then + NAMESPACE=$namespace +else + NAMESPACE=$RICINFRA_NAMESPACE +fi +if [ -z "$INGRESS_PORT" ];then + INGRESS_PORT_NEXUS=$ingress_port +else + INGRESS_PORT_NEXUS=$INGRESS_PORT +fi + +if [ -z "$DEFAULT_NEXUS_ADMIN_PASSWORD" ];then + NEXUS_ADMIN_PASSWORD=$default_admin_password +else + NEXUS_ADMIN_PASSWORD=$DEFAULT_NEXUS_ADMIN_PASSWORD +fi + + + +HOSTPOSTFIX=$(cat $DIR/../helm/values.yaml | grep hostpostfix | awk '{print $2}') + + + + + + + + + +NEXUS_URL="http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS" + + + + + + +if [ -z $OVERRIDEYAML ]; then + + DOCKERPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*repositoryCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}') + HELMPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*helmrepoCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}') + ADMINPASSWORD=$(cat $DIR/../helm/values.yaml | awk '/^.*adminPassword:.*/{print $2}') + +else + + + + DOCKERPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*repositoryCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}') + + + + if [ -z $DOCKERPASSWORD ]; then + DOCKERPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*repositoryCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}') + fi + + HELMPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*helmrepoCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}') + + if [ -z $HELMPASSWORD ]; then + HELMPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*helmrepoCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}') + fi + + ADMINPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*adminPassword:.*/{print $2;}') + if [ -z $ADMINPASSWORD ]; then + ADMINPASSWORD=$(cat $DIR/../helm/values.yaml | awk '/^.*adminPassword:.*/{print $2;}') + fi + +fi + + + + +#echo $DOCKERPASSWORD, $HELMPASSWORD, $ADMINPASSWORD + + + + +DOCKERPORT=$(cat $DIR/../helm/templates/deployment.yaml | awk '/.*- name: docker.*/{getline; print $2}') + + +DOCKERREPOSCRIPT="{\"name\":\"docker_changepassword\",\ + \"type\":\"groovy\",\ + \"content\":\"security.securitySystem.changePassword('docker', '$DOCKERPASSWORD')\"}" + + + + +# This line uses the default admin password +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$DOCKERREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script) + + +if [ "${STATUS}" != "204" ];then + echo "> script upload failed!" +fi + +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/docker_changepassword/run) + + +if [ "${STATUS}" == "200" ];then + echo "> docker password change succeeded!" +else + echo "> docker password change failed!" +fi + + +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/docker_changepassword) + + +if [ "${STATUS}" != "204" ];then + echo "> script deletion failed!" +fi + + + + + + + + + + + + + +HELMREPOSCRIPT="{\"name\":\"helm_changepassword\",\ + \"type\":\"groovy\",\ + \"content\":\"security.securitySystem.changePassword('helm', '$HELMPASSWORD')\"}" + + + +# This line uses the default admin password +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$HELMREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script) + + +if [ "${STATUS}" != "204" ];then + echo "> script upload failed!" +fi + +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/helm_changepassword/run) + + +if [ "${STATUS}" == "200" ];then + echo "> helm password change succeeded!" +else + echo "> helm password change failed!" +fi + + +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/helm_changepassword) + + +if [ "${STATUS}" != "204" ];then + echo "> script deletion failed!" +fi + + + + + + + + + + + + + +ADMINSCRIPT="{\"name\":\"admin_changepassword\",\ + \"type\":\"groovy\",\ + \"content\":\"security.securitySystem.changePassword('admin', '$ADMINPASSWORD')\"}" + + + +# This line uses the default admin password +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$ADMINSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script) + + +if [ "${STATUS}" != "204" ];then + echo "> script upload failed!" +fi + +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/admin_changepassword/run) + + +if [ "${STATUS}" == "200" ];then + echo "> admin password change succeeded!" +else + echo "> admin password change failed!" +fi + +NEXUS_ADMIN_PASSWORD=$ADMINPASSWORD +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/admin_changepassword) + + +if [ "${STATUS}" != "204" ];then + echo "> script deletion failed!" +fi + diff --git a/ric-infra/10-Nexus/bin/deploy_nexus_data b/ric-infra/10-Nexus/bin/deploy_nexus_data new file mode 100755 index 00000000..8c630f08 --- /dev/null +++ b/ric-infra/10-Nexus/bin/deploy_nexus_data @@ -0,0 +1,70 @@ +#!/bin/bash +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +OVERRIDEYAML=$1 +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" + + + + + + +if [ -z $OVERRIDEYAML ]; then + + DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}') + +else + + DATAPATH=$(cat $OVERRIDEYAML | awk '/^.*datapath:.*/{ print $2;}') + + + if [ -z $DATAPATH ]; then + DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}') + fi + +fi + +if [ -e $DATAPATH ]; then + if [ ! -w $DATAPATH ]; then + echo "Error: you don't have write permission to directory $DATAPATH" + echo "Deployment terminated." + exit 1 + fi + + rm -rf $DATAPATH + + mkdir -p $DATAPATH + + tar -xf $DIR/../etc/conf.tar -C $DATAPATH + + chmod -R a+rwx $DATAPATH +else + mkdir -p $DATAPATH + if [ $? -eq 0 ]; then + tar -xf $DIR/../etc/conf.tar -C $DATAPATH + chmod -R a+rwx $DATAPATH + else + echo "Error: you don't have write permission to directory $DATAPATH" + echo "Deployment terminated." + exit 1 + fi + + +fi + + diff --git a/ric-infra/10-Nexus/bin/install b/ric-infra/10-Nexus/bin/install index c0c5ed04..452924b9 100755 --- a/ric-infra/10-Nexus/bin/install +++ b/ric-infra/10-Nexus/bin/install @@ -57,6 +57,18 @@ echo "You can access this nexus here: http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NE echo "If nexus.$HOSTPOSTFIX is not resolved by your DNS server, please add an entry in your /etc/hosts file." echo "****************************************************************************************************************" +. ./deploy_nexus_data $OVERRIDEYAML + + + +NODENAME=$(kubectl get node | awk 'NR==2{print $1}') +kubectl label --overwrite nodes $NODENAME nexus-node=enable + + + + + + COMMON_CHART_VERSION=$(cat $DIR/../../../ric-platform/50-RIC-Platform/helm/common/Chart.yaml | grep version | awk '{print $2}') helm package -d /tmp $DIR/../../../ric-platform/50-RIC-Platform/helm/common @@ -70,9 +82,10 @@ else helm install -f $OVERRIDEYAML --namespace "${NAMESPACE}" --name "${RELEASE_NAME}-nexus" $DIR/../helm fi -NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep ContainerCreating | awk '{print $1}') +NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep -v "Terminating" | awk '{print $1}') + echo "Waiting Nexus to be ready." echo " " @@ -102,23 +115,7 @@ done echo $IS_NEXUS_READY -DOCKERPORT=$(cat $DIR/../helm/templates/deployment.yaml | awk '/.*- name: docker.*/{getline; print $2}') - - -DOCKERREPOSCRIPT="{\"name\":\"create_docker_repo\",\ - \"type\":\"groovy\",\ - \"content\":\"repository.createDockerHosted('docker.snapshot',\ - $DOCKERPORT, null, 'default', false, true)\"}" - -echo $DOCKERREPOSCRIPT - -# This line uses the default admin password -curl -u admin:admin123 -X POST -H "Content-Type: application/json" --data "$DOCKERREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script - -curl -u admin:admin123 -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/create_docker_repo/run - - - +. ./change_password $OVERRIDEYAML diff --git a/ric-infra/10-Nexus/etc/nexus.conf b/ric-infra/10-Nexus/etc/nexus.conf index cd40a738..ce00f724 100644 --- a/ric-infra/10-Nexus/etc/nexus.conf +++ b/ric-infra/10-Nexus/etc/nexus.conf @@ -28,3 +28,6 @@ namespace=ric-infra # ingress port number of the K8S cluster # It will be overrided by INGRESS_PORT ingress_port=30000 + + +default_admin_password=admin123 diff --git a/ric-infra/10-Nexus/helm/templates/deployment.yaml b/ric-infra/10-Nexus/helm/templates/deployment.yaml index 65c5c235..2ba358c2 100644 --- a/ric-infra/10-Nexus/helm/templates/deployment.yaml +++ b/ric-infra/10-Nexus/helm/templates/deployment.yaml @@ -51,6 +51,15 @@ spec: - name: docker containerPort: 10001 protocol: TCP + volumeMounts: + - name: nexus-config + mountPath: /nexus-data + volumes: + - name: nexus-config + persistentVolumeClaim: + claimName: nexus-claim + + # livenessProbe: # httpGet: # path: / diff --git a/ric-infra/10-Nexus/helm/templates/helmingress.yaml b/ric-infra/10-Nexus/helm/templates/helmingress.yaml new file mode 100644 index 00000000..291a1030 --- /dev/null +++ b/ric-infra/10-Nexus/helm/templates/helmingress.yaml @@ -0,0 +1,40 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/rewrite-target: /repository/helm.local/ + name: {{ include "nexus.fullname" . }}-helm + labels: + app: {{ template "nexus.name" . }} + chart: {{ template "nexus.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + tls: + - hosts: + - helm.{{ .Values.ingress.hostpostfix }} + secretName: {{ include "common.helmrepositorycert" . }} + rules: + - host: helm.{{ .Values.ingress.hostpostfix }} + http: + paths: + - backend: + serviceName: {{ include "nexus.fullname" . }} + servicePort: nexus + path: / diff --git a/ric-infra/10-Nexus/helm/templates/ingress.yaml b/ric-infra/10-Nexus/helm/templates/ingress.yaml index 36090229..d1bbf2af 100644 --- a/ric-infra/10-Nexus/helm/templates/ingress.yaml +++ b/ric-infra/10-Nexus/helm/templates/ingress.yaml @@ -25,9 +25,9 @@ metadata: heritage: {{ .Release.Service }} spec: tls: - - hosts: - - docker.{{ .Values.ingress.hostpostfix }} - secretName: {{ include "common.repositorycert" . }} + - hosts: + - docker.{{ .Values.ingress.hostpostfix }} + secretName: {{ include "common.repositorycert" . }} rules: - host: nexus.{{ .Values.ingress.hostpostfix }} http: diff --git a/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml b/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml new file mode 100644 index 00000000..dfdbd21c --- /dev/null +++ b/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nexus3-configuration +spec: + capacity: + storage: {{ .Values.storagesize }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: nexus3-storage + local: + path: {{ .Values.datapath }} + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: nexus-node + operator: In + values: + - enable diff --git a/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml b/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml new file mode 100644 index 00000000..b0f29ba4 --- /dev/null +++ b/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: nexus-claim +spec: + accessModes: + - ReadWriteOnce + storageClassName: nexus3-storage + resources: + requests: + storage: {{ .Values.storagesize }} diff --git a/ric-infra/10-Nexus/helm/templates/save-secret-job.yaml b/ric-infra/10-Nexus/helm/templates/save-secret-job.yaml index 44b75ef1..1d0e1be2 100644 --- a/ric-infra/10-Nexus/helm/templates/save-secret-job.yaml +++ b/ric-infra/10-Nexus/helm/templates/save-secret-job.yaml @@ -25,18 +25,24 @@ spec: containers: - name: cert-copy image: alpine - command: ["cp", "-rL", "/var/run/certs/..data/tls.crt", "/var/run/certs-copy/"] + command: [ "/bin/sh","-c","cp -rL /var/run/dockercerts/..data/tls.crt /var/run/certs-copy/dockertls.crt && cp -rL /var/run/helmcerts/..data/tls.crt /var/run/certs-copy/helmtls.crt"] # command: ["tail", "-f", "/dev/null"] volumeMounts: - - name: certs - mountPath: /var/run/certs + - name: dockercerts + mountPath: /var/run/dockercerts + readOnly: true + - name: helmcerts + mountPath: /var/run/helmcerts readOnly: true - name: write-to-volume mountPath: /var/run/certs-copy volumes: - - name: certs + - name: dockercerts secret: secretName: {{ include "common.repositorycert" . }} + - name: helmcerts + secret: + secretName: {{ include "common.helmrepositorycert" . }} - name: write-to-volume hostPath: path: /tmp diff --git a/ric-infra/10-Nexus/helm/templates/secret-helm.yaml b/ric-infra/10-Nexus/helm/templates/secret-helm.yaml new file mode 100644 index 00000000..49e47da6 --- /dev/null +++ b/ric-infra/10-Nexus/helm/templates/secret-helm.yaml @@ -0,0 +1,32 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ include "common.helmrepositorycert" . }} + labels: + app: {{ template "nexus.name" . }} + chart: {{ template "nexus.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": "before-hook-creation" +data: +{{ ( include "common.helmrepository.gen-certs" . ) | indent 2 }} diff --git a/ric-infra/10-Nexus/helm/templates/storageClass.yaml b/ric-infra/10-Nexus/helm/templates/storageClass.yaml new file mode 100644 index 00000000..97ccd0f9 --- /dev/null +++ b/ric-infra/10-Nexus/helm/templates/storageClass.yaml @@ -0,0 +1,6 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: nexus3-storage +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer diff --git a/ric-infra/10-Nexus/helm/values.yaml b/ric-infra/10-Nexus/helm/values.yaml index b35bd0ca..31f8a72c 100644 --- a/ric-infra/10-Nexus/helm/values.yaml +++ b/ric-infra/10-Nexus/helm/values.yaml @@ -26,6 +26,15 @@ replicaCount: 1 # repositoryCertOverride: "" repositoryCert: docker-reg-certs +# This is the name of K8S secret that contains the helm repository cert +# You can override this by using +# helmRepositoryCertOverride: "" +helmRepositoryCert: xapp-mgr-certs + + +# This is the admin password +adminPassword: admin123 + # This is designed to be deployed using local image image: repository: nexus-repository-helm-apt @@ -39,3 +48,6 @@ service: ingress: hostpostfix: ricinfra.local + +storagesize: 20Gi +datapath: /tmp/nexus3-data/ diff --git a/ric-infra/20-Credential/helm/templates/_helper.tpl b/ric-infra/20-Credential/helm/templates/_helper.tpl index 67274f0d..83d49679 100644 --- a/ric-infra/20-Credential/helm/templates/_helper.tpl +++ b/ric-infra/20-Credential/helm/templates/_helper.tpl @@ -59,7 +59,7 @@ Create chart name and version as used by the chart label. */}} {{- define "repository.secret" -}} {{- $repo := include "common.repository" . }} - {{- $cred := .Values.repositoryCred }} + {{- $cred := .Values.repositoryCredential }} {{- $user := default "docker" $cred.user }} {{- $password := default "docker" $cred.password }} {{- $mail := default "@" $cred.mail }} @@ -70,12 +70,12 @@ Create chart name and version as used by the chart label. {{- define "helmrepo.secret.user" -}} - {{- $user := default "helm" .Values.helmrepoCred.user -}} + {{- $user := default "helm" .Values.helmrepoCredential.user -}} {{- printf "%s" $user |b64enc }} {{- end -}} {{- define "helmrepo.secret.password" -}} - {{- $pass := default "helm" .Values.helmrepoCred.password -}} + {{- $pass := default "helm" .Values.helmrepoCredential.password -}} {{- printf "%s" $pass |b64enc }} {{- end -}} diff --git a/ric-infra/20-Credential/helm/values.yaml b/ric-infra/20-Credential/helm/values.yaml index 8f37004a..ad22a1ab 100644 --- a/ric-infra/20-Credential/helm/values.yaml +++ b/ric-infra/20-Credential/helm/values.yaml @@ -18,12 +18,13 @@ # Values for setting up Kubernetes resources for accessing infrastructure such as docker registry # helm repo, etc. +repository: "nexus3.o-ran-sc.org:10004" -repositoryCred: +repositoryCredential: user: "docker" password: "docker" -helmrepoCred: +helmrepoCredential: user: "helm" password: "helm" diff --git a/ric-platform/50-RIC-Platform/helm/appmgr/values.yaml b/ric-platform/50-RIC-Platform/helm/appmgr/values.yaml index ffe29342..fef7eb9b 100644 --- a/ric-platform/50-RIC-Platform/helm/appmgr/values.yaml +++ b/ric-platform/50-RIC-Platform/helm/appmgr/values.yaml @@ -24,7 +24,7 @@ repositoryCred: docker-reg-cred # By default a local helm repo is used. The global setting will override # the default value. You can further override using #helmRepositoryOverride: "" -helmRepository: "snapshot.helm.local.ric.org" +helmRepository: "helm.ricinfra.local" # Default secret name for Helm Repo credential. .Value.golbal.helmRepositoryCred will # override the default value. You can further override uing diff --git a/ric-platform/50-RIC-Platform/helm/common/templates/_helmrepo.tpl b/ric-platform/50-RIC-Platform/helm/common/templates/_helmrepo.tpl index 30846dc4..4143ce35 100644 --- a/ric-platform/50-RIC-Platform/helm/common/templates/_helmrepo.tpl +++ b/ric-platform/50-RIC-Platform/helm/common/templates/_helmrepo.tpl @@ -167,3 +167,15 @@ {{- end -}} {{- end -}} {{- end -}} + +{{/* +Generate certificates for the helm repo +*/}} +{{- define "common.helmrepository.gen-certs" -}} +{{- $altNames := list ( printf "helm.%s" .Values.ingress.hostpostfix ) -}} +{{- $ca := genCA "helm-repository-ca" 365 -}} +{{- $cert := genSignedCert ( include "nexus.name" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + -- 2.16.6