commit c989f26c89e1b2e829810bf359da4c59f7db474a
author Zack Williams <zdw@cs.arizona.edu> Thu May 11 13:02:59 2017 -0700
committer Zack Williams <zdw@cs.arizona.edu> Sat Jun 03 18:52:00 2017 -0700
tree dd1299a417d9281a33c3577592a02f558e20b64a
parent 3e58914dc7fe60fb67c7476489b22a0f23e58849

CORD-1151
Make cord_dir and cord_profile_dir local to config node
use head_* and config_* prefixes to avoid hardcoding paths
config-side ssh key generation+
fix frontend & mock builds
[build] group in inventory
fix inventory strangeness
raise privs when creating ssh_pki_dir
move admin-openrc.sh.j2 to cord-profile
add copy-cord-playbook.yml, clarify where it runs
fix paths for head_cord_profile_dir with mock/frontend
use /opt/cord_profile/admin-openrc.sh rather than ~/admin-openrc.sh
install pki
make comment in do-enlist-compute-node accurate, set correct interface
remove hardcoded credential path
logging and ssh key fixes

Change-Id: Ie7560c911dce1558e09806c9997884dfbd475e9c

roles/onos-cord-install/defaults/main.yml

diff --git a/roles/onos-cord-install/defaults/main.yml b/roles/onos-cord-install/defaults/main.yml
index 9b43adc..bdf6d18 100644
--- a/roles/onos-cord-install/defaults/main.yml
+++ b/roles/onos-cord-install/defaults/main.yml
@@ -1,15 +1,23 @@
 ---
-# onos-vm-install/defaults/main.yml
+# onos-cord-install/defaults/main.yml
 
+# paths
+pki_dir: "{{ playbook_dir }}/pki"
+ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
+head_onos_cord_dir: "/opt/onos_cord"
+
+# Should probably be set to a specific version
+onos_docker_image: "opencord/onos:latest"
+
+# log level for ONOS
+onos_log_level: "INFO"
+
+# name of master ssh key for this pod
+pod_sshkey_name: "headnode"
+
+# used for Java KeyStore within ONOS image
 trust_store_pw: 222222
 
-# ONOS 1.7 not tagged yet, but latest is 1.7
-onos_docker_image: "onosproject/onos:latest"
-
-onos_cord_dest: "{{ ansible_user_dir }}/onos-cord/"
-
-node_private_key: "{{ ansible_user_dir }}/node_key"
-
 # logging_host should be set to DNS or IP addr of logstash host
 logging_host: "cordloghost"
 log4j_port: 4560

roles/onos-cord-install/tasks/main.yml

diff --git a/roles/onos-cord-install/tasks/main.yml b/roles/onos-cord-install/tasks/main.yml
index 441dc07..86ec128 100644
--- a/roles/onos-cord-install/tasks/main.yml
+++ b/roles/onos-cord-install/tasks/main.yml
@@ -1,29 +1,31 @@
 ---
-# Common ONOS setup
+# onos-cord-install/tasks/main.yml
 
-# onos_cord_dest: {{ ansible_user_dir }}/onos-cord/
-
-- name: Pull docker image for ONOS
-  become: yes
-  command: "docker pull {{ onos_docker_image }}"
-  tags:
-    - skip_ansible_lint # Should replace with http://docs.ansible.com/ansible/docker_module.html, when replacements are stable
+- name: Pull base docker image for ONOS
+  docker_image:
+    name: "{{ onos_docker_image }}"
 
 - name: Create dest directory
-  file: path="{{ onos_cord_dest }}" state=directory
+  become: yes
+  file:
+    path: "{{ head_onos_cord_dir }}"
+    state: directory
+    owner: "{{ ansible_user_id }}"
+    group: "{{ ansible_user_gid }}"
+    mode: 0755
 
 - name: Copy over SSH key
   copy:
-    remote_src: True
-    src: "{{ node_private_key }}"
-    dest: "{{ onos_cord_dest }}/node_key"
+    src: "{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey"
+    dest: "{{ head_onos_cord_dir }}/node_key"
     owner: "{{ ansible_user_id }}"
+    group: "{{ ansible_user_gid }}"
     mode: 0600
 
 - name: Create templated ONOS files
   template:
     src: "{{ item }}.j2"
-    dest: "{{ onos_cord_dest }}/{{ item }}"
+    dest: "{{ head_onos_cord_dir }}/{{ item }}"
   with_items:
     - Dockerfile
     - onos-service
@@ -32,27 +34,26 @@
 - name: Copy over ONOS playbook and other files
   copy:
     src: "onos-cord-docker-compose.yml"
-    dest: "{{ onos_cord_dest }}/docker-compose.yml"
+    dest: "{{ head_onos_cord_dir }}/docker-compose.yml"
 
-# TODO: Find the proper place for this on the dev machine rather than
-#       copying it within the head node machine.
-
-- name: Copy SSL Certs to ONOS so docker-compose can find it
+- name: Copy SSL Certs to ONOS so docker-compose can find them
   copy:
-    src: "/usr/local/share/ca-certificates/{{ item }}"
-    dest: "{{ onos_cord_dest }}/{{ item }}"
+    src: "{{ pki_dir }}/{{ item.src }}"
+    dest: "{{ head_onos_cord_dir }}/{{ item.dest }}"
     owner: "{{ ansible_user_id }}"
-    remote_src: True
   with_items:
-    - "cord_root_ca.crt"
-    - "cord_intermediate_ca.crt"
+    - src: "root_ca/certs/ca_cert.pem"
+      dest: "cord_root_ca.crt"
+    - src: "{{ site_name }}_im_ca/certs/im_cert.pem"
+      dest: "cord_{{ site_name }}_im_ca.crt"
 
-- name: Build onos image
-  command: docker-compose build chdir={{ onos_cord_dest }}
-  tags:
-    - skip_ansible_lint
+- name: Build xos/onos docker image
+  docker_image:
+    name: "xos/onos"
+    path: "{{ head_onos_cord_dir }}"
+    dockerfile: "Dockerfile"
 
-- name: Start ONOS
-  command: chdir="{{ onos_cord_dest }}" docker-compose up -d
-  tags:
-    - skip_ansible_lint
+- name: Start ONOS for CORD
+  docker_service:
+    project_src: "{{ head_onos_cord_dir }}"
+

roles/onos-cord-install/templates/Dockerfile.j2

diff --git a/roles/onos-cord-install/templates/Dockerfile.j2 b/roles/onos-cord-install/templates/Dockerfile.j2
index 263767f..3886943 100644
--- a/roles/onos-cord-install/templates/Dockerfile.j2
+++ b/roles/onos-cord-install/templates/Dockerfile.j2
@@ -5,19 +5,19 @@
 
 # Add SSL certs
 COPY cord_root_ca.crt /usr/local/share/ca-certificates/cord_root_ca.crt
-COPY cord_intermediate_ca.crt /usr/local/share/ca-certificates/cord_intermediate_ca.crt
+COPY cord_{{ site_name }}_im_ca.crt /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.crt
 RUN update-ca-certificates
 
 # Create Java KeyStore from certs
 RUN openssl x509 -in /usr/local/share/ca-certificates/cord_root_ca.crt \
       -outform der -out /usr/local/share/ca-certificates/cord_root_ca.der && \
-    openssl x509 -in /usr/local/share/ca-certificates/cord_intermediate_ca.crt \
-      -outform der -out /usr/local/share/ca-certificates/cord_intermediate_ca.der && \
+    openssl x509 -in /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.crt \
+      -outform der -out /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.der && \
     keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_root_ca \
       -file /usr/local/share/ca-certificates/cord_root_ca.der \
       -keystore /usr/local/share/ca-certificates/cord_ca_certs.jks && \
-    keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_intermediate_ca \
-      -file /usr/local/share/ca-certificates/cord_intermediate_ca.der \
+    keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_{{ site_name }}_im_ca \
+      -file /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.der \
       -keystore /usr/local/share/ca-certificates/cord_ca_certs.jks
 
 # Updated onos-service to use the jks

roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2

diff --git a/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2 b/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2
index 2761c7e..d1c712a 100644
--- a/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2
+++ b/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2
@@ -18,7 +18,7 @@
 ################################################################################
 
 # Root logger
-log4j.rootLogger=INFO, out, logstash, osgi:*
+log4j.rootLogger={{ onos_log_level }}, out, logstash, osgi:*
 log4j.throwableRenderer=org.apache.log4j.OsgiThrowableRenderer
 
 # CONSOLE appender not used by default
@@ -28,7 +28,6 @@
 
 # logstash log4j appender
 log4j.appender.logstash=org.apache.log4j.net.SocketAppender
-log4j.appender.logstash.threshold=DEBUG
 log4j.appender.logstash.Port={{ log4j_port }}
 log4j.appender.logstash.RemoteHost={{ logging_host }}
 log4j.appender.logstash.ReconnectionDelay=5000