Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
function usage(){
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
echo -e "usage: $0 [OPTIONS]"
echo -e "Install Juju for OSM"
echo -e " OPTIONS"
echo -e " -h / --help: print this help"
echo -e " -D <devops path> use local devops installation path"
echo -e " -s <stack name> or <namespace> user defined stack name when installed using swarm or namespace when installed using k8s, default is osm"
echo -e " -H <VCA host> use specific juju host controller IP"
echo -e " -S <VCA secret> use VCA/juju secret key"
echo -e " -P <VCA pubkey> use VCA/juju public key file"
echo -e " -l: LXD cloud yaml file"
echo -e " -L: LXD credentials yaml file"
echo -e " -K: Specifies the name of the controller to use - The controller must be already bootstrapped"
echo -e " --debug: debug mode"
echo -e " --cachelxdimages: cache local lxd images, create cronjob for that cache (will make installation longer)"
echo -e " --nojuju: do not juju, assumes already installed"
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
}
function update_juju_images(){
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
crontab -l | grep update-juju-lxc-images || (crontab -l 2>/dev/null; echo "0 4 * * 6 $USER ${OSM_DEVOPS}/installers/update-juju-lxc-images --xenial --bionic") | crontab -
${OSM_DEVOPS}/installers/update-juju-lxc-images --xenial --bionic
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
}
function install_juju_client() {
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
echo "Installing juju client"
sudo snap install juju --classic --channel=$JUJU_VERSION/stable
[[ ":$PATH": != *":/snap/bin:"* ]] && PATH="/snap/bin:${PATH}"
[ -n "$INSTALL_CACHELXDIMAGES" ] && update_juju_images
echo "Finished installation of juju client"
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
return 0
}
function juju_createcontroller_k8s(){
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
cat $HOME/.kube/config | juju add-k8s $OSM_VCA_K8S_CLOUDNAME --client \
|| FATAL_TRACK juju "Failed to add K8s endpoint and credential for client in cloud $OSM_VCA_K8S_CLOUDNAME"
JUJU_BOOTSTRAP_OPTS=""
if [ -n "${OSM_BEHIND_PROXY}" ] ; then
K8S_SVC_CLUSTER_IP=$(kubectl get svc/kubernetes -o jsonpath='{.spec.clusterIP}')
NO_PROXY="${NO_PROXY},${K8S_SVC_CLUSTER_IP},.svc,.cluster.local"
mkdir -p /tmp/.osm
JUJU_MODEL_CONFIG_FILE=/tmp/.osm/model-config.yaml
cat << EOF > $JUJU_MODEL_CONFIG_FILE
apt-http-proxy: ${HTTP_PROXY}
apt-https-proxy: ${HTTPS_PROXY}
juju-http-proxy: ${HTTP_PROXY}
juju-https-proxy: ${HTTPS_PROXY}
juju-no-proxy: ${NO_PROXY}
snap-http-proxy: ${HTTP_PROXY}
snap-https-proxy: ${HTTPS_PROXY}
EOF
JUJU_BOOTSTRAP_OPTS="--model-default /tmp/.osm/model-config.yaml"
fi
juju bootstrap -v --debug $OSM_VCA_K8S_CLOUDNAME $OSM_NAMESPACE \
--config controller-service-type=loadbalancer \
--agent-version=$JUJU_AGENT_VERSION \
${JUJU_BOOTSTRAP_OPTS} \
|| FATAL_TRACK juju "Failed to bootstrap controller $OSM_NAMESPACE in cloud $OSM_VCA_K8S_CLOUDNAME"
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
}
function juju_addlxd_cloud(){
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
mkdir -p /tmp/.osm
OSM_VCA_CLOUDNAME="lxd-cloud"
LXDENDPOINT=$DEFAULT_IP
LXD_CLOUD=/tmp/.osm/lxd-cloud.yaml
LXD_CREDENTIALS=/tmp/.osm/lxd-credentials.yaml
cat << EOF > $LXD_CLOUD
clouds:
$OSM_VCA_CLOUDNAME:
type: lxd
auth-types: [certificate]
endpoint: "https://$LXDENDPOINT:8443"
config:
ssl-hostname-verification: false
EOF
openssl req -nodes -new -x509 -keyout /tmp/.osm/client.key -out /tmp/.osm/client.crt -days 365 -subj "/C=FR/ST=Nice/L=Nice/O=ETSI/OU=OSM/CN=osm.etsi.org"
cat << EOF > $LXD_CREDENTIALS
credentials:
$OSM_VCA_CLOUDNAME:
lxd-cloud:
auth-type: certificate
server-cert: /var/snap/lxd/common/lxd/server.crt
client-cert: /tmp/.osm/client.crt
client-key: /tmp/.osm/client.key
EOF
lxc config trust add local: /tmp/.osm/client.crt
juju add-cloud -c $OSM_NAMESPACE $OSM_VCA_CLOUDNAME $LXD_CLOUD --force
juju add-credential -c $OSM_NAMESPACE $OSM_VCA_CLOUDNAME -f $LXD_CREDENTIALS
sg lxd -c "lxd waitready"
juju controller-config features=[k8s-operators]
if [ -n "${OSM_BEHIND_PROXY}" ] ; then
if [ -n "${HTTP_PROXY}" ]; then
juju model-default lxd-cloud apt-http-proxy="$HTTP_PROXY"
juju model-default lxd-cloud juju-http-proxy="$HTTP_PROXY"
juju model-default lxd-cloud snap-http-proxy="$HTTP_PROXY"
fi
if [ -n "${HTTPS_PROXY}" ]; then
juju model-default lxd-cloud apt-https-proxy="$HTTPS_PROXY"
juju model-default lxd-cloud juju-https-proxy="$HTTPS_PROXY"
juju model-default lxd-cloud snap-https-proxy="$HTTPS_PROXY"
fi
[ -n "${NO_PROXY}" ] && juju model-default lxd-cloud juju-no-proxy="$NO_PROXY"
fi
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
}
#Safe unattended install of iptables-persistent
function check_install_iptables_persistent(){
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
echo -e "\nChecking required packages: iptables-persistent"
if ! dpkg -l iptables-persistent &>/dev/null; then
echo -e " Not installed.\nInstalling iptables-persistent requires root privileges"
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt-get -yq install iptables-persistent
fi
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
}
function juju_createproxy() {
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
check_install_iptables_persistent
if ! sudo iptables -t nat -C PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then
sudo iptables -t nat -A PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST
sudo netfilter-persistent save
fi
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
}
DEBUG_INSTALL=""
INSTALL_CACHELXDIMAGES=""
INSTALL_NOJUJU=""
OSM_BEHIND_PROXY=""
OSM_NAMESPACE=osm
OSM_VCA_HOST=
OSM_VCA_CLOUDNAME="localhost"
OSM_VCA_K8S_CLOUDNAME="k8scloud"
RE_CHECK='^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
while getopts ":D:i:s:H:l:L:K:-: hP" o; do
case "${o}" in
D)
OSM_DEVOPS="${OPTARG}"
;;
i)
DEFAULT_IP="${OPTARG}"
;;
s)
OSM_NAMESPACE="${OPTARG}" && [[ ! "${OPTARG}" =~ $RE_CHECK ]] && echo "Namespace $OPTARG is invalid. Regex used for validation is $RE_CHECK" && exit 0
;;
H)
OSM_VCA_HOST="${OPTARG}"
;;
l)
LXD_CLOUD_FILE="${OPTARG}"
;;
L)
LXD_CRED_FILE="${OPTARG}"
;;
K)
CONTROLLER_NAME="${OPTARG}"
;;
P)
OSM_BEHIND_PROXY="y"
;;
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
-)
[ "${OPTARG}" == "help" ] && usage && exit 0
[ "${OPTARG}" == "debug" ] && DEBUG_INSTALL="--debug" && continue
[ "${OPTARG}" == "nojuju" ] && INSTALL_NOJUJU="y" && continue
[ "${OPTARG}" == "cachelxdimages" ] && INSTALL_CACHELXDIMAGES="y" && continue
echo -e "Invalid option: '--$OPTARG'\n" >&2
usage && exit 1
;;
:)
echo "Option -$OPTARG requires an argument" >&2
usage && exit 1
;;
\?)
echo -e "Invalid option: '-$OPTARG'\n" >&2
usage && exit 1
;;
h)
usage && exit 0
;;
*)
usage && exit 1
;;
esac
done
source $OSM_DEVOPS/common/logging
source $OSM_DEVOPS/common/track
echo "DEBUG_INSTALL=$DEBUG_INSTALL"
echo "DEFAULT_IP=$DEFAULT_IP"
echo "OSM_BEHIND_PROXY=$OSM_BEHIND_PROXY"
echo "OSM_DEVOPS=$OSM_DEVOPS"
echo "HOME=$HOME"
[ -z "$INSTALL_NOJUJU" ] && install_juju_client
if [ -z "$OSM_VCA_HOST" ]; then
if [ -z "$CONTROLLER_NAME" ]; then
juju_createcontroller_k8s
juju_addlxd_cloud
if [ -n "$LXD_CLOUD_FILE" ]; then
[ -z "$LXD_CRED_FILE" ] && FATAL_TRACK juju "The installer needs the LXD credential yaml if the LXD is external"
OSM_VCA_CLOUDNAME="lxd-cloud"
juju add-cloud $OSM_VCA_CLOUDNAME $LXD_CLOUD_FILE --force || juju update-cloud $OSM_VCA_CLOUDNAME --client -f $LXD_CLOUD_FILE
juju add-credential $OSM_VCA_CLOUDNAME -f $LXD_CRED_FILE || juju update-credential $OSM_VCA_CLOUDNAME lxd-cloud-creds -f $LXD_CRED_FILE
fi
juju_createproxy
else
OSM_VCA_CLOUDNAME="lxd-cloud"
if [ -n "$LXD_CLOUD_FILE" ]; then
[ -z "$LXD_CRED_FILE" ] && FATAL_TRACK juju "The installer needs the LXD credential yaml if the LXD is external"
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
juju add-cloud -c $CONTROLLER_NAME $OSM_VCA_CLOUDNAME $LXD_CLOUD_FILE --force || juju update-cloud lxd-cloud -c $CONTROLLER_NAME -f $LXD_CLOUD_FILE
juju add-credential -c $CONTROLLER_NAME $OSM_VCA_CLOUDNAME -f $LXD_CRED_FILE || juju update-credential lxd-cloud -c $CONTROLLER_NAME -f $LXD_CRED_FILE
else
mkdir -p ~/.osm
cat << EOF > ~/.osm/lxd-cloud.yaml
clouds:
lxd-cloud:
type: lxd
auth-types: [certificate]
endpoint: "https://$DEFAULT_IP:8443"
config:
ssl-hostname-verification: false
EOF
openssl req -nodes -new -x509 -keyout ~/.osm/client.key -out ~/.osm/client.crt -days 365 -subj "/C=FR/ST=Nice/L=Nice/O=ETSI/OU=OSM/CN=osm.etsi.org"
local server_cert=`cat /var/snap/lxd/common/lxd/server.crt | sed 's/^/ /'`
local client_cert=`cat ~/.osm/client.crt | sed 's/^/ /'`
local client_key=`cat ~/.osm/client.key | sed 's/^/ /'`
cat << EOF > ~/.osm/lxd-credentials.yaml
credentials:
lxd-cloud:
lxd-cloud:
auth-type: certificate
server-cert: |
$server_cert
client-cert: |
$client_cert
client-key: |
$client_key
EOF
lxc config trust add local: ~/.osm/client.crt
juju add-cloud -c $CONTROLLER_NAME $OSM_VCA_CLOUDNAME ~/.osm/lxd-cloud.yaml --force || juju update-cloud lxd-cloud -c $CONTROLLER_NAME -f ~/.osm/lxd-cloud.yaml
juju add-credential -c $CONTROLLER_NAME $OSM_VCA_CLOUDNAME -f ~/.osm/lxd-credentials.yaml || juju update-credential lxd-cloud -c $CONTROLLER_NAME -f ~/.osm/lxd-credentials.yaml
fi
fi
[ -z "$CONTROLLER_NAME" ] && OSM_VCA_HOST=`sg lxd -c "juju show-controller $OSM_NAMESPACE"|grep api-endpoints|awk -F\' '{print $2}'|awk -F\: '{print $1}'`
[ -n "$CONTROLLER_NAME" ] && OSM_VCA_HOST=`juju show-controller $CONTROLLER_NAME |grep api-endpoints|awk -F\' '{print $2}'|awk -F\: '{print $1}'`
[ -z "$OSM_VCA_HOST" ] && FATAL_TRACK juju "Cannot obtain juju controller IP address"
track juju juju_controller_ok