X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Ffull_install_osm.sh;h=7b45761a1467a9984c681c9ae9e443bf6048bb57;hb=a7e5d0103241459c2aae06c53931bebed13b4cec;hp=7fb9587eeaa28e74bc1bf3b9f557d424c759c189;hpb=f9f6d9db32aebaa6ef9934c04440a8f886db78ec;p=osm%2Fdevops.git

diff --git a/installers/full_install_osm.sh b/installers/full_install_osm.sh
index 7fb9587e..7b45761a 100755
--- a/installers/full_install_osm.sh
+++ b/installers/full_install_osm.sh
@@ -31,6 +31,7 @@ function usage(){
     echo -e "     -S <VCA secret> use VCA/juju secret key"
     echo -e "     -P <VCA pubkey> use VCA/juju public key file"
     echo -e "     -C <VCA cacert> use VCA/juju CA certificate file"
+    echo -e "     -A <VCA apiproxy> use VCA/juju API proxy"
     echo -e "     --vimemu:       additionally deploy the VIM emulator as a docker container"
     echo -e "     --elk_stack:    additionally deploy an ELK docker stack for event logging"
     echo -e "     --pm_stack:     additionally deploy a Prometheus+Grafana stack for performance monitoring (PM)"
@@ -630,7 +631,7 @@ function install_docker_compose() {
 
 function install_juju() {
     echo "Installing juju"
-    sudo snap install juju --classic --channel=2.5/stable
+    sudo snap install juju --classic
     [ -z "$INSTALL_NOLXD" ] && sudo dpkg-reconfigure -p medium lxd
     echo "Finished installation of juju"
     return 0
@@ -644,6 +645,17 @@ function juju_createcontroller() {
     [ $(juju controllers | awk "/^${OSM_STACK_NAME}[\*| ]/{print $1}"|wc -l) -eq 1 ] || FATAL "Juju installation failed"
 }
 
+function juju_createproxy() {
+    echo -e "\nChecking required packages: iptables-persistent"
+    dpkg -l iptables-persistent &>/dev/null || ! echo -e "    Not installed.\nInstalling iptables-persistent requires root privileges" || \
+    sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install iptables-persistent
+
+    if ! sudo iptables -t nat -C PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then
+        sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST
+        sudo netfilter-persistent save
+    fi
+}
+
 function generate_docker_images() {
     echo "Pulling and generating docker images"
     _build_from=$COMMIT_ID
@@ -790,11 +802,17 @@ function generate_docker_env_files() {
         $WORKDIR_SUDO sed -i "s|OSMLCM_VCA_PUBKEY.*|OSMLCM_VCA_PUBKEY=\"${OSM_VCA_PUBKEY}\"|g" $OSM_DOCKER_WORK_DIR/lcm.env
     fi
 
-    #if ! grep -Fq "OSMLCM_VCA_CACERT" $OSM_DOCKER_WORK_DIR/lcm.env; then
-    #    echo "OSMLCM_VCA_CACERT=\"${OSM_VCA_CACERT}\"" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/lcm.env
-    #else
-    #    $WORKDIR_SUDO sed -i "s|OSMLCM_VCA_CACERT.*|OSMLCM_VCA_CACERT=\"${OSM_VCA_CACERT}\"|g" $OSM_DOCKER_WORK_DIR/lcm.env
-    #fi
+    if ! grep -Fq "OSMLCM_VCA_CACERT" $OSM_DOCKER_WORK_DIR/lcm.env; then
+       echo "OSMLCM_VCA_CACERT=${OSM_VCA_CACERT}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/lcm.env
+    else
+       $WORKDIR_SUDO sed -i "s|OSMLCM_VCA_CACERT.*|OSMLCM_VCA_CACERT=${OSM_VCA_CACERT}|g" $OSM_DOCKER_WORK_DIR/lcm.env
+    fi
+
+    if ! grep -Fq "OSMLCM_VCA_APIPROXY" $OSM_DOCKER_WORK_DIR/lcm.env; then
+        echo "OSMLCM_VCA_APIPROXY=${OSM_VCA_APIPROXY}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/lcm.env
+    else
+        $WORKDIR_SUDO sed -i "s|OSMLCM_VCA_APIPROXY.*|OSMLCM_VCA_APIPROXY=${OSM_VCA_APIPROXY}|g" $OSM_DOCKER_WORK_DIR/lcm.env
+    fi
 
     # RO
     MYSQL_ROOT_PASSWORD=$(generate_secret)
@@ -1042,10 +1060,16 @@ function install_lightweight() {
         OSM_VCA_PUBKEY=$(cat $HOME/.local/share/juju/ssh/juju_id_rsa.pub)
         [ -z "$OSM_VCA_PUBKEY" ] && FATAL "Cannot obtain juju public key"
     fi
-    #if [ -z "$OSM_VCA_CACERT" ]; then
-	#OSM_VCA_CACERT=$(juju controllers --format json | jq -r '.controllers["osm"]["ca-cert"]' | grep -v "\-\-\-\-\-.*CERTIFICATE\-\-\-\-\-")
-    #    [ -z "$OSM_VCA_CACERT" ] && FATAL "Cannot obtain juju CA certificate"
-    #fi
+    if [ -z "$OSM_VCA_APIPROXY" ]; then
+        OSM_VCA_APIPROXY=$DEFAULT_IP
+        [ -z "$OSM_VCA_APIPROXY" ] && FATAL "Cannot obtain juju api proxy"
+    fi
+    juju_createproxy
+
+    if [ -z "$OSM_VCA_CACERT" ]; then
+	OSM_VCA_CACERT=$(juju controllers --format json | jq -r '.controllers["osm"]["ca-cert"]' | base64 | tr -d \\n)
+       [ -z "$OSM_VCA_CACERT" ] && FATAL "Cannot obtain juju CA certificate"
+    fi
     if [ -z "$OSM_DATABASE_COMMONKEY" ]; then
         OSM_DATABASE_COMMONKEY=$(generate_secret)
         [ -z "OSM_DATABASE_COMMONKEY" ] && FATAL "Cannot generate common db secret"
@@ -1215,7 +1239,7 @@ OSM_DATABASE_COMMONKEY=
 ELASTIC_VERSION=6.4.2
 ELASTIC_CURATOR_VERSION=5.5.4
 
-while getopts ":hy-:b:r:k:u:R:l:p:D:o:m:H:S:s:w:t:U:P:" o; do
+while getopts ":hy-:b:r:k:u:R:l:p:D:o:m:H:S:s:w:t:U:P:A:" o; do
     case "${o}" in
         h)
             usage && exit 0
@@ -1264,6 +1288,9 @@ while getopts ":hy-:b:r:k:u:R:l:p:D:o:m:H:S:s:w:t:U:P:" o; do
         P)
             OSM_VCA_PUBKEY=$(cat ${OPTARG})
             ;;
+        A)
+            OSM_VCA_APIPROXY="${OPTARG}"
+            ;;
         w)
             # when specifying workdir, do not use sudo for access
             WORKDIR_SUDO=