set up ONOS to use SSL
diff --git a/roles/onos-vm-install/files/Dockerfile.xos-onos b/roles/onos-vm-install/files/Dockerfile.xos-onos
new file mode 100644
index 0000000..deb28ba
--- /dev/null
+++ b/roles/onos-vm-install/files/Dockerfile.xos-onos
@@ -0,0 +1,17 @@
+# ONOS dockerfile with XOS additions
+
+FROM onosproject/onos
+MAINTAINER Zack Williams <zdw@cs.arizona.edu>
+
+# Include SSL certs
+COPY xos-certs.crt /usr/local/share/ca-certificates/xos-certs.crt
+RUN update-ca-certificates
+
+# Create Java KeyStore from certs
+RUN openssl x509 -in /usr/local/share/ca-certificates/xos-certs.crt -outform der -out /usr/local/share/ca-certificates/xos-certs.der
+RUN keytool -import -noprompt -storepass 222222 -alias xos-certs -file /usr/local/share/ca-certificates/xos-certs.der -keystore /usr/local/share/ca-certificates/xos-certs.jks
+
+# Updated onos-service to use the jks
+COPY onos-service /root/bin/onos-service
+RUN chmod 755 /root/bin/onos-service
+
diff --git a/roles/onos-vm-install/files/docker-compose.yml b/roles/onos-vm-install/files/docker-compose.yml
deleted file mode 100644
index 9b16c4d..0000000
--- a/roles/onos-vm-install/files/docker-compose.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-onos:
- image: onosproject/onos
- expose:
- - "6653"
- - "8101"
- - "8181"
- - "9876"
- net: host
- volumes:
- - ./id_rsa:/root/node_key:ro
diff --git a/roles/onos-vm-install/files/onos-docker-compose.yml b/roles/onos-vm-install/files/onos-docker-compose.yml
new file mode 100644
index 0000000..09255fa
--- /dev/null
+++ b/roles/onos-vm-install/files/onos-docker-compose.yml
@@ -0,0 +1,19 @@
+# ONOS with XOS features for docker-compose
+version: '2'
+
+services:
+
+ xos-onos:
+ build:
+ context: .
+ dockerfile: Dockerfile.xos-onos
+ image: xos/onos
+ expose:
+ - "6653"
+ - "8101"
+ - "8181"
+ - "9876"
+ network_mode: host
+ volumes:
+ - ./id_rsa:/root/node_key:ro
+
diff --git a/roles/onos-vm-install/files/onos-service b/roles/onos-vm-install/files/onos-service
new file mode 100644
index 0000000..7d810c4
--- /dev/null
+++ b/roles/onos-vm-install/files/onos-service
@@ -0,0 +1,53 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Starts ONOS Apache Karaf container
+# -----------------------------------------------------------------------------
+
+# uncomment the following line for performance testing
+#export JAVA_OPTS="${JAVA_OPTS:--Xms8G -Xmx8G -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+PrintGCDetails -XX:+PrintGCTimeStamps}"
+
+# uncomment the following line for Netty TLS encryption
+# Do modify the keystore location/password and truststore location/password accordingly
+#export JAVA_OPTS="${JAVA_OPTS:--DenableNettyTLS=true -Djavax.net.ssl.keyStore=/home/ubuntu/onos.jks -Djavax.net.ssl.keyStorePassword=222222 -Djavax.net.ssl.trustStore=/home/ubuntu/onos.jks -Djavax.net.ssl.trustStorePassword=222222}"
+
+export JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/local/share/ca-certificates/xos-certs.jks -Djavax.net.ssl.trustStorePassword=222222"
+
+set -e # exit on error
+set -u # exit on undefined variable
+
+# If ONOS_HOME is set, respect its value.
+# If ONOS_HOME is not set (e.g. in the init or service environment),
+# set it based on this script's path.
+ONOS_HOME=${ONOS_HOME:-$(cd $(dirname $0)/.. >/dev/null 2>&1 && pwd)}
+KARAF_ARGS=
+SYS_APPS=drivers
+ONOS_APPS=${ONOS_APPS:-} # Empty means don't activate any new apps
+
+cd $ONOS_HOME
+
+# Parse out arguments destinted for karaf invocation v. arguments that
+# will be processed in line
+while [ $# -gt 0 ]; do
+ case $1 in
+ apps-clean)
+ # Deactivate all applications
+ find ${ONOS_HOME}/apps -name "active" -exec rm \{\} \;
+ ;;
+ *)
+ KARAF_ARGS+=" $1"
+ ;;
+ esac
+ shift
+done
+
+# Activate the system required applications (SYS_APPS) as well as any
+# specified applications in the var ONOS_APPS
+for app in ${SYS_APPS//,/ } ${ONOS_APPS//,/ }; do
+ if [[ "$app" =~ \. ]]; then
+ touch ${ONOS_HOME}/apps/$app/active
+ else
+ touch ${ONOS_HOME}/apps/org.onosproject.$app/active
+ fi
+done
+
+exec ${ONOS_HOME}/apache-karaf-3.0.5/bin/karaf $KARAF_ARGS
diff --git a/roles/onos-vm-install/files/onos-setup-playbook.yml b/roles/onos-vm-install/files/onos-setup-playbook.yml
index 5a28625..e02b15a 100644
--- a/roles/onos-vm-install/files/onos-setup-playbook.yml
+++ b/roles/onos-vm-install/files/onos-setup-playbook.yml
@@ -62,8 +62,20 @@
- id_rsa
- id_rsa.pub
+ - name: Copy SSL Certs so docker-compose can find it
+ command: "mv /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt {{ ansible_user_dir }}/cord/xos-certs.crt"
+ creates: "{{ ansible_user_dir }}/cord/xos-certs.crt"
+
+ - name: Copy over files to build XOS variant of ONOS
+ copy:
+ src="~/{{ item }}"
+ dest="{{ ansible_user_dir }}/cord/{{ item }}"
+ with_items:
+ - Dockerfile.xos-onos
+ - onos-service
+
- name: Copy over docker-compose.yml files
copy:
- src=~/docker-compose.yml
+ src=~/onos-docker-compose.yml
dest={{ ansible_user_dir }}/cord/docker-compose.yml