CORD-1151
Make cord_dir and cord_profile_dir local to config node
use head_* and config_* prefixes to avoid hardcoding paths
config-side ssh key generation+
fix frontend & mock builds
[build] group in inventory
fix inventory strangeness
raise privs when creating ssh_pki_dir
move admin-openrc.sh.j2 to cord-profile
add copy-cord-playbook.yml, clarify where it runs
fix paths for head_cord_profile_dir with mock/frontend
use /opt/cord_profile/admin-openrc.sh rather than ~/admin-openrc.sh
install pki
make comment in do-enlist-compute-node accurate, set correct interface
remove hardcoded credential path
logging and ssh key fixes
Change-Id: Ie7560c911dce1558e09806c9997884dfbd475e9c
diff --git a/roles/onos-cord-install/templates/Dockerfile.j2 b/roles/onos-cord-install/templates/Dockerfile.j2
index 263767f..3886943 100644
--- a/roles/onos-cord-install/templates/Dockerfile.j2
+++ b/roles/onos-cord-install/templates/Dockerfile.j2
@@ -5,19 +5,19 @@
# Add SSL certs
COPY cord_root_ca.crt /usr/local/share/ca-certificates/cord_root_ca.crt
-COPY cord_intermediate_ca.crt /usr/local/share/ca-certificates/cord_intermediate_ca.crt
+COPY cord_{{ site_name }}_im_ca.crt /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.crt
RUN update-ca-certificates
# Create Java KeyStore from certs
RUN openssl x509 -in /usr/local/share/ca-certificates/cord_root_ca.crt \
-outform der -out /usr/local/share/ca-certificates/cord_root_ca.der && \
- openssl x509 -in /usr/local/share/ca-certificates/cord_intermediate_ca.crt \
- -outform der -out /usr/local/share/ca-certificates/cord_intermediate_ca.der && \
+ openssl x509 -in /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.crt \
+ -outform der -out /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.der && \
keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_root_ca \
-file /usr/local/share/ca-certificates/cord_root_ca.der \
-keystore /usr/local/share/ca-certificates/cord_ca_certs.jks && \
- keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_intermediate_ca \
- -file /usr/local/share/ca-certificates/cord_intermediate_ca.der \
+ keytool -import -noprompt -storepass {{ trust_store_pw }} -alias cord_{{ site_name }}_im_ca \
+ -file /usr/local/share/ca-certificates/cord_{{ site_name }}_im_ca.der \
-keystore /usr/local/share/ca-certificates/cord_ca_certs.jks
# Updated onos-service to use the jks
diff --git a/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2 b/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2
index 2761c7e..d1c712a 100644
--- a/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2
+++ b/roles/onos-cord-install/templates/org.ops4j.pax.logging.cfg.j2
@@ -18,7 +18,7 @@
################################################################################
# Root logger
-log4j.rootLogger=INFO, out, logstash, osgi:*
+log4j.rootLogger={{ onos_log_level }}, out, logstash, osgi:*
log4j.throwableRenderer=org.apache.log4j.OsgiThrowableRenderer
# CONSOLE appender not used by default
@@ -28,7 +28,6 @@
# logstash log4j appender
log4j.appender.logstash=org.apache.log4j.net.SocketAppender
-log4j.appender.logstash.threshold=DEBUG
log4j.appender.logstash.Port={{ log4j_port }}
log4j.appender.logstash.RemoteHost={{ logging_host }}
log4j.appender.logstash.ReconnectionDelay=5000