X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Ffull_install_osm.sh;h=fbfa12a669572cbaf90d418dfb16cf2880cccae1;hb=refs%2Fheads%2FWIM;hp=40700984da768abc254b396213ddac7537811eed;hpb=6259144a75e944a76ff148776043d8dc9f50d978;p=osm%2Fdevops.git diff --git a/installers/full_install_osm.sh b/installers/full_install_osm.sh index 40700984..fbfa12a6 100755 --- a/installers/full_install_osm.sh +++ b/installers/full_install_osm.sh @@ -105,6 +105,10 @@ function parse_juju_password { }' } +function generate_secret() { + head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 +} + function remove_volumes() { stack=$1 volumes="mongo_db mon_db osm_packages ro_db" @@ -384,7 +388,7 @@ function configure_RO(){ function configure_VCA(){ echo -e " Configuring VCA" - JUJU_PASSWD=`date +%s | sha256sum | base64 | head -c 32` + JUJU_PASSWD=$(generate_secret) echo -e "$JUJU_PASSWD\n$JUJU_PASSWD" | lxc exec VCA -- juju change-user-password } @@ -660,22 +664,34 @@ function generate_docker_images() { sg docker -c "docker pull prom/prometheus:${PROMETHEUS_TAG}" || FATAL "cannot get prometheus docker image" fi + if [ -z "$TO_REBUILD" ] || echo $TO_REBUILD | grep -q KEYSTONE-DB ; then + sg docker -c "docker pull mariadb:${KEYSTONEDB_TAG}" || FATAL "cannot get keystone-db docker image" + fi + if [ -n "$PULL_IMAGES" ]; then sg docker -c "docker pull ${DOCKER_USER}/mon:${OSM_DOCKER_TAG}" || FATAL "cannot pull MON docker image" - sg docker -c "docker pull ${DOCKER_USER}/pol:${OSM_DOCKER_TAG}" || FATAL "cannot pull POL docker image" elif [ -z "$TO_REBUILD" ] || echo $TO_REBUILD | grep -q MON ; then git -C ${LWTEMPDIR} clone https://osm.etsi.org/gerrit/osm/MON git -C ${LWTEMPDIR}/MON checkout ${COMMIT_ID} sg docker -c "docker build ${LWTEMPDIR}/MON -f ${LWTEMPDIR}/MON/docker/Dockerfile -t osm/mon --no-cache" || FATAL "cannot build MON docker image" - sg docker -c "docker build ${LWTEMPDIR}/MON/policy_module -f ${LWTEMPDIR}/MON/policy_module/Dockerfile -t osm/pm --no-cache" || FATAL "cannot build PM docker image" + fi + + if [ -n "$PULL_IMAGES" ]; then + sg docker -c "docker pull ${DOCKER_USER}/pol:${OSM_DOCKER_TAG}" || FATAL "cannot pull POL docker image" + elif [ -z "$TO_REBUILD" ] || echo $TO_REBUILD | grep -q MON ; then + git -C ${LWTEMPDIR} clone https://osm.etsi.org/gerrit/osm/POL + git -C ${LWTEMPDIR}/POL checkout ${COMMIT_ID} + sg docker -c "docker build ${LWTEMPDIR}/POL -f ${LWTEMPDIR}/POL/docker/Dockerfile -t osm/pol --no-cache" || FATAL "cannot build PM docker image" fi if [ -n "$PULL_IMAGES" ]; then sg docker -c "docker pull ${DOCKER_USER}/nbi:${OSM_DOCKER_TAG}" || FATAL "cannot pull NBI docker image" + sg docker -c "docker pull ${DOCKER_USER}/keystone:${OSM_DOCKER_TAG}" || FATAL "cannot pull KEYSTONE docker image" elif [ -z "$TO_REBUILD" ] || echo $TO_REBUILD | grep -q NBI ; then git -C ${LWTEMPDIR} clone https://osm.etsi.org/gerrit/osm/NBI git -C ${LWTEMPDIR}/NBI checkout ${COMMIT_ID} sg docker -c "docker build ${LWTEMPDIR}/NBI -f ${LWTEMPDIR}/NBI/Dockerfile.local -t osm/nbi --no-cache" || FATAL "cannot build NBI docker image" + sg docker -c "docker build ${LWTEMPDIR}/NBI/keystone -f ${LWTEMPDIR}/NBI/keystone/Dockerfile -t osm/keystone --no-cache" || FATAL "cannot build KEYSTONE docker image" fi if [ -n "$PULL_IMAGES" ]; then @@ -700,7 +716,7 @@ function generate_docker_images() { elif [ -z "$TO_REBUILD" ] || echo $TO_REBUILD | grep -q LW-UI ; then git -C ${LWTEMPDIR} clone https://osm.etsi.org/gerrit/osm/LW-UI git -C ${LWTEMPDIR}/LW-UI checkout ${COMMIT_ID} - sg docker -c "docker build ${LWTEMPDIR}/LW-UI -t osm/light-ui -f ${LWTEMPDIR}/LW-UI/Dockerfile --no-cache" || FATAL "cannot build LW-UI docker image" + sg docker -c "docker build ${LWTEMPDIR}/LW-UI -t osm/light-ui -f ${LWTEMPDIR}/LW-UI/docker/Dockerfile --no-cache" || FATAL "cannot build LW-UI docker image" fi if [ -n "$PULL_IMAGES" ]; then @@ -732,10 +748,25 @@ function generate_config_log_folders() { function generate_docker_env_files() { echo "Generating docker env files" - echo "OSMLCM_VCA_HOST=${OSMLCM_VCA_HOST}" | $WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/lcm.env - echo "OSMLCM_VCA_SECRET=${OSMLCM_VCA_SECRET}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/lcm.env + # LCM + if [ ! -f $OSM_DOCKER_WORK_DIR/lcm.env ]; then + echo "OSMLCM_DATABASE_COMMONKEY=${OSM_DATABASE_COMMONKEY}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/lcm.env + fi + + if ! grep -Fq "OSMLCM_VCA_HOST" $OSM_DOCKER_WORK_DIR/lcm.env; then + echo "OSMLCM_VCA_HOST=${OSM_VCA_HOST}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/lcm.env + else + $WORKDIR_SUDO sed -i "s|OSMLCM_VCA_HOST.*|OSMLCM_VCA_HOST=$OSM_VCA_HOST|g" $OSM_DOCKER_WORK_DIR/lcm.env + fi - MYSQL_ROOT_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` + if ! grep -Fq "OSMLCM_VCA_SECRET" $OSM_DOCKER_WORK_DIR/lcm.env; then + echo "OSMLCM_VCA_SECRET=${OSM_VCA_SECRET}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/lcm.env + else + $WORKDIR_SUDO sed -i "s|OSMLCM_VCA_SECRET.*|OSMLCM_VCA_SECRET=$OSM_VCA_SECRET|g" $OSM_DOCKER_WORK_DIR/lcm.env + fi + + # RO + MYSQL_ROOT_PASSWORD=$(generate_secret) if [ ! -f $OSM_DOCKER_WORK_DIR/ro-db.env ]; then echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/ro-db.env fi @@ -743,31 +774,53 @@ function generate_docker_env_files() { echo "RO_DB_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/ro.env fi - MYSQL_ROOT_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` && sleep 1 - KEYSTONE_DB_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` && sleep 1 - #ADMIN_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` && sleep 1 - NBI_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` + # Keystone + MYSQL_ROOT_PASSWORD=$(generate_secret) + KEYSTONE_DB_PASSWORD=$(generate_secret) + NBI_PASSWORD=$(generate_secret) if [ ! -f $OSM_DOCKER_WORK_DIR/keystone-db.env ]; then echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone-db.env fi if [ ! -f $OSM_DOCKER_WORK_DIR/keystone.env ]; then echo "ROOT_DB_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone.env echo "KEYSTONE_DB_PASSWORD=${KEYSTONE_DB_PASSWORD}" |$WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/keystone.env - #echo "ADMIN_PASSWORD=${ADMIN_PASSWORD}" |$WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/keystone.env echo "NBI_PASSWORD=${NBI_PASSWORD}" |$WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/keystone.env fi + # NBI if [ ! -f $OSM_DOCKER_WORK_DIR/nbi.env ]; then echo "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD=${NBI_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/nbi.env + echo "OSMNBI_DATABASE_COMMONKEY=${OSM_DATABASE_COMMONKEY}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/nbi.env + fi + + # MON + if [ ! -f $OSM_DOCKER_WORK_DIR/mon.env ]; then + echo "OSMMON_DATABASE_COMMONKEY=${OSM_DATABASE_COMMONKEY}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/mon.env + fi + + if ! grep -Fq "OS_NOTIFIER_URI" $OSM_DOCKER_WORK_DIR/mon.env; then + echo "OS_NOTIFIER_URI=http://${DEFAULT_IP}:8662" |$WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/mon.env + else + $WORKDIR_SUDO sed -i "s|OS_NOTIFIER_URI.*|OS_NOTIFIER_URI=http://$DEFAULT_IP:8662|g" $OSM_DOCKER_WORK_DIR/mon.env fi - echo "OS_NOTIFIER_URI=http://${DEFAULT_IP}:8662" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/mon.env + if ! grep -Fq "OSMMON_VCA_HOST" $OSM_DOCKER_WORK_DIR/mon.env; then + echo "OSMMON_VCA_HOST=${OSM_VCA_HOST}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/mon.env + else + $WORKDIR_SUDO sed -i "s|OSMMON_VCA_HOST.*|OSMMON_VCA_HOST=$OSM_VCA_HOST|g" $OSM_DOCKER_WORK_DIR/mon.env + fi + + if ! grep -Fq "OSMMON_VCA_SECRET" $OSM_DOCKER_WORK_DIR/mon.env; then + echo "OSMMON_VCA_SECRET=${OSM_VCA_SECRET}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/mon.env + else + $WORKDIR_SUDO sed -i "s|OSMMON_VCA_SECRET.*|OSMMON_VCA_SECRET=$OSM_VCA_SECRET|g" $OSM_DOCKER_WORK_DIR/mon.env + fi echo "Finished generation of docker env files" } function generate_osmclient_script () { - echo "docker run -ti --network net${OSM_STACK_NAME} osm/osmclient:${OSM_DOCKER_TAG}" | $WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/osm + echo "docker run -ti --network net${OSM_STACK_NAME} ${DOCKER_USER}/osmclient:${OSM_DOCKER_TAG}" | $WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/osm $WORKDIR_SUDO chmod +x "$OSM_DOCKER_WORK_DIR/osm" echo "osmclient sidecar container can be found at: $OSM_DOCKER_WORK_DIR/osm" } @@ -826,6 +879,7 @@ function deploy_lightweight() { echo "export DOCKER_USER=${DOCKER_USER}" | $WORKDIR_SUDO tee --append $OSM_DOCKER_WORK_DIR/osm_ports.sh echo "export KAFKA_TAG=${KAFKA_TAG}" | $WORKDIR_SUDO tee --append $OSM_DOCKER_WORK_DIR/osm_ports.sh echo "export PROMETHEUS_TAG=${PROMETHEUS_TAG}" | $WORKDIR_SUDO tee --append $OSM_DOCKER_WORK_DIR/osm_ports.sh + echo "export KEYSTONEDB_TAG=${KEYSTONEDB_TAG}" | $WORKDIR_SUDO tee --append $OSM_DOCKER_WORK_DIR/osm_ports.sh @@ -915,7 +969,7 @@ function install_lightweight() { DEFAULT_MTU=$(ip addr show ${DEFAULT_IF} | perl -ne 'if (/mtu\s(\d+)/) {print $1;}') # if no host is passed in, we need to install lxd/juju, unless explicilty asked not to - if [ -z "$OSMLCM_VCA_HOST" ] && [ -z "$INSTALL_NOLXD" ]; then + if [ -z "$OSM_VCA_HOST" ] && [ -z "$INSTALL_NOLXD" ]; then need_packages_lw="lxd snapd" echo -e "Checking required packages: $need_packages_lw" dpkg -l $need_packages_lw &>/dev/null \ @@ -930,26 +984,31 @@ function install_lightweight() { track prereqok [ -z "$INSTALL_NOJUJU" ] && install_juju - if [ -z "$OSMLCM_VCA_HOST" ]; then + if [ -z "$OSM_VCA_HOST" ]; then juju_createcontroller - OSMLCM_VCA_HOST=`sg lxd -c "juju show-controller $OSM_STACK_NAME"|grep api-endpoints|awk -F\' '{print $2}'|awk -F\: '{print $1}'` - [ -z "$OSMLCM_VCA_HOST" ] && FATAL "Cannot obtain juju controller IP address" + OSM_VCA_HOST=`sg lxd -c "juju show-controller $OSM_STACK_NAME"|grep api-endpoints|awk -F\' '{print $2}'|awk -F\: '{print $1}'` + [ -z "$OSM_VCA_HOST" ] && FATAL "Cannot obtain juju controller IP address" fi - if [ -z "$OSMLCM_VCA_SECRET" ]; then - OSMLCM_VCA_SECRET=$(parse_juju_password $OSM_STACK_NAME) - [ -z "$OSMLCM_VCA_SECRET" ] && FATAL "Cannot obtain juju secret" + if [ -z "$OSM_VCA_SECRET" ]; then + OSM_VCA_SECRET=$(parse_juju_password $OSM_STACK_NAME) + [ -z "$OSM_VCA_SECRET" ] && FATAL "Cannot obtain juju secret" + fi + + if [ -z "$OSM_DATABASE_COMMONKEY" ]; then + OSM_DATABASE_COMMONKEY=$(generate_secret) + [ -z "OSM_DATABASE_COMMONKEY" ] && FATAL "Cannot generate common db secret" fi track juju [ -n "$INSTALL_NODOCKER" ] || install_docker_ce track docker_ce #install_docker_compose + [ -n "$INSTALL_NODOCKER" ] || init_docker_swarm [ -z "$DOCKER_NOBUILD" ] && generate_docker_images track docker_build generate_docker_env_files generate_config_log_folders - [ -n "$INSTALL_NODOCKER" ] || init_docker_swarm # remove old stack remove_stack $OSM_STACK_NAME create_docker_network @@ -1069,8 +1128,8 @@ NOCONFIGURE="" RELEASE_DAILY="" SESSION_ID=`date +%s` OSM_DEVOPS= -OSMLCM_VCA_HOST= -OSMLCM_VCA_SECRET= +OSM_VCA_HOST= +OSM_VCA_SECRET= OSM_STACK_NAME=osm NO_HOST_PORTS="" DOCKER_NOBUILD="" @@ -1082,6 +1141,8 @@ OSM_DOCKER_TAG=latest DOCKER_USER=osm KAFKA_TAG=2.11-1.0.2 PROMETHEUS_TAG=v2.4.3 +KEYSTONEDB_TAG=10 +OSM_DATABASE_COMMONKEY= while getopts ":hy-:b:r:k:u:R:l:p:D:o:m:H:S:s:w:t:" o; do case "${o}" in @@ -1120,10 +1181,10 @@ while getopts ":hy-:b:r:k:u:R:l:p:D:o:m:H:S:s:w:t:" o; do OSM_STACK_NAME="${OPTARG}" ;; H) - OSMLCM_VCA_HOST="${OPTARG}" + OSM_VCA_HOST="${OPTARG}" ;; S) - OSMLCM_VCA_SECRET="${OPTARG}" + OSM_VCA_SECRET="${OPTARG}" ;; w) # when specifying workdir, do not use sudo for access