Changes to required to run with ONOS 1.10.3:
* ONOS app versions need to be bumped to 1.3.0-SNAPSHOT
* Different apps are installed on fabric ONOS
* Docker image now based on alpine, so small changes to cert handling
Change-Id: I9e2956ee1b5bf1035c04dc23f7cb42bb310b6543
diff --git a/roles/cord-profile/defaults/main.yml b/roles/cord-profile/defaults/main.yml
index eb11ffd..44e17b9 100644
--- a/roles/cord-profile/defaults/main.yml
+++ b/roles/cord-profile/defaults/main.yml
@@ -142,5 +142,5 @@
fabric_network_cfg_json: "/opt/cord_profile/fabric-network-cfg.json"
# Need to track each application's version separately
-cord_config_app_version: "1.2.0-SNAPSHOT"
-cord_vtn_app_version: "1.2.0-SNAPSHOT"
+cord_config_app_version: "1.3.0-SNAPSHOT"
+cord_vtn_app_version: "1.3.0-SNAPSHOT"
diff --git a/roles/cord-profile/templates/cord-services.yaml.j2 b/roles/cord-profile/templates/cord-services.yaml.j2
index 067b375..bc8a07f 100644
--- a/roles/cord-profile/templates/cord-services.yaml.j2
+++ b/roles/cord-profile/templates/cord-services.yaml.j2
@@ -149,7 +149,7 @@
node: service#vrouter
relationship: tosca.relationships.UsedByService
properties:
- dependencies: org.onosproject.vrouter
+ dependencies: org.onosproject.fpm
autogenerate: vrouter-network-cfg
template#vsg:
diff --git a/roles/cord-profile/templates/fabric-service.yaml.j2 b/roles/cord-profile/templates/fabric-service.yaml.j2
index 6389973..ffbc3e1 100644
--- a/roles/cord-profile/templates/fabric-service.yaml.j2
+++ b/roles/cord-profile/templates/fabric-service.yaml.j2
@@ -55,5 +55,5 @@
node: service#fabric
relationship: tosca.relationships.UsedByService
properties:
- dependencies: org.onosproject.drivers, org.onosproject.openflow-base, org.onosproject.netcfghostprovider, org.onosproject.netcfglinksprovider, org.onosproject.segmentrouting, org.onosproject.vrouter, org.onosproject.hostprovider
+ dependencies: org.onosproject.drivers, org.onosproject.openflow, org.onosproject.netcfghostprovider, org.onosproject.segmentrouting
diff --git a/roles/onos-cord-install/defaults/main.yml b/roles/onos-cord-install/defaults/main.yml
index 5e40bcd..5df6a05 100644
--- a/roles/onos-cord-install/defaults/main.yml
+++ b/roles/onos-cord-install/defaults/main.yml
@@ -34,7 +34,7 @@
pod_sshkey_name: "headnode"
# used for Java KeyStore within ONOS image
-trust_store_pw: 222222
+trust_store_pw: "changeit"
# logging_host should be set to DNS or IP addr of logstash host
logging_host: "cordloghost"
diff --git a/roles/onos-cord-install/templates/Dockerfile.j2 b/roles/onos-cord-install/templates/Dockerfile.j2
index 6fa2a79..c7487ab 100644
--- a/roles/onos-cord-install/templates/Dockerfile.j2
+++ b/roles/onos-cord-install/templates/Dockerfile.j2
@@ -19,26 +19,15 @@
FROM {{ onos_docker_image }}
MAINTAINER Zack Williams <zdw@cs.arizona.edu>
+RUN apk update && apk add java-cacerts
+
# Add SSL certs
COPY cord_root_ca.crt /usr/local/share/ca-certificates/cord_root_ca.crt
COPY cord_{{ site_name }}_im_ca.crt /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.crt
RUN update-ca-certificates
-# Create Java KeyStore from certs
-RUN openssl x509 -in /usr/local/share/ca-certificates/cord_root_ca.crt \
- -outform der -out /usr/local/share/ca-certificates/cord_root_ca.der && \
- openssl x509 -in /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.crt \
- -outform der -out /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.der && \
- keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_root_ca \
- -file /usr/local/share/ca-certificates/cord_root_ca.der \
- -keystore /usr/local/share/ca-certificates/cord_ca_certs.jks && \
- keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_{{ site_name }}_im_ca \
- -file /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.der \
- -keystore /usr/local/share/ca-certificates/cord_ca_certs.jks
-
# Let ONOS know where the keystore is
-ENV JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/local/share/ca-certificates/cord_ca_certs.jks -Djavax.net.ssl.trustStorePassword={{ trust_store_pw }}"
+ENV JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts -Djavax.net.ssl.trustStorePassword={{ trust_store_pw }}"
# Configure ONOS to log with log4j to ElasticStack
COPY org.ops4j.pax.logging.cfg /root/onos/apache-karaf-3.0.5/etc/org.ops4j.pax.logging.cfg
-