diff --git a/installer/fileserver/tasks.go b/installer/fileserver/tasks.go
index 94ea8c0cdf..b13e621a19 100644
--- a/installer/fileserver/tasks.go
+++ b/installer/fileserver/tasks.go
@@ -65,6 +65,14 @@ func registerWithPSC(ctx context.Context) error {
}
admiralPort := ovf.Properties["management_portal.port"]
+ // Out of the box users
+ defCreateUsers, foundCreateUsers := ovf.Properties["default_users.create_def_users"]
+ defPrefix, foundPrefix := ovf.Properties["default_users.def_user_prefix"]
+ defPassword, foundPassword := ovf.Properties["default_users.def_user_password"]
+
+ log.Infof("PSC Out of the box users. CreateUsers: %s, FoundCreateUsers: %v, Prefix: %s",
+ defCreateUsers, foundCreateUsers, defPrefix)
+
// Register all VIC components with PSC
cmdName := "/usr/bin/java"
for _, client := range []string{"harbor", "engine", "admiral"} {
@@ -83,6 +91,18 @@ func registerWithPSC(ctx context.Context) error {
"--configDir=" + pscConfDir,
}
+ if client == "admiral" && foundCreateUsers && strings.ToLower(defCreateUsers) == "true" {
+ if foundPrefix && defPrefix != "" {
+ arg := "--defaultUserPrefix=" + defPrefix
+ cmdArgs = append(cmdArgs, arg)
+ }
+
+ if foundPassword && defPrefix != "" && defPassword != "" {
+ arg := "--defaultUserPassword=" + defPassword
+ cmdArgs = append(cmdArgs, arg)
+ }
+ }
+
// #nosec: Subprocess launching with variable.
// This runs the PSC tool's register command.
cmd := exec.Command(cmdName, cmdArgs...)
diff --git a/installer/packer/packer-vic.json b/installer/packer/packer-vic.json
index a0f0e9f3a0..e6d0bf7872 100644
--- a/installer/packer/packer-vic.json
+++ b/installer/packer/packer-vic.json
@@ -287,6 +287,11 @@
"source": "scripts/systemd/admiral/admiral.service",
"destination": "/usr/lib/systemd/system/admiral.service"
},
+ {
+ "type": "file",
+ "source": "scripts/systemd/admiral/admiral_default_users.service",
+ "destination": "/usr/lib/systemd/system/admiral_default_users.service"
+ },
{
"type": "file",
"source": "scripts/admiral/configure_admiral.sh",
@@ -297,6 +302,11 @@
"source": "scripts/admiral/start_admiral.sh",
"destination": "/etc/vmware/admiral/start_admiral.sh"
},
+ {
+ "type": "file",
+ "source": "scripts/admiral/add_default_users.sh",
+ "destination": "/etc/vmware/admiral/add_default_users.sh"
+ },
{
"type": "file",
"source": "scripts/systemd/psc/get_token.service",
diff --git a/installer/packer/scripts/admiral/add_default_users.sh b/installer/packer/scripts/admiral/add_default_users.sh
new file mode 100755
index 0000000000..f6505e8f91
--- /dev/null
+++ b/installer/packer/scripts/admiral/add_default_users.sh
@@ -0,0 +1,151 @@
+#!/usr/bin/bash
+# Copyright 2017 VMware, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+set -uf -o pipefail
+
+# Populated by configure_admiral.sh
+ADMIRAL_EXPOSED_PORT=""
+ADMIRAL_DATA_LOCATION=""
+OVA_VM_IP=""
+
+# Add default users
+# Usage: get_property FILE KEY
+function get_property
+{
+ grep "^$2=" "$1" | cut -d'=' -f2
+}
+
+create_def_users=$(ovfenv -k default_users.create_def_users)
+user_prefix=$(ovfenv -k default_users.def_user_prefix)
+user_password=$(ovfenv -k default_users.def_user_password)
+
+echo "add_default_users: $create_def_users, $user_prefix"
+
+if [ ${create_def_users} != "True" ] || [ -z ${user_prefix} ] || [ -z ${user_password} ]; then
+ echo "add_default_users, not creating default users"
+ exit 0
+fi
+
+psc_prop_file=${ADMIRAL_DATA_LOCATION}/configs/psc-config.properties
+token_file=/etc/vmware/psc/admiral/tokens.properties
+
+echo "add_default_users wating for token"
+token_tries=0
+while true ; do
+ if [ -f $token_file ]; then
+ break;
+ fi
+ ((token_tries++))
+ sleep 1
+ if [ ${token_tries} -eq 60 ]; then
+ echo "add_default_users, admiral start up failed, no tokens after one minute"
+ exit -1
+ fi
+done
+
+token=`cat $token_file`
+
+echo "add_default_users loaded token"
+
+tenant=`get_property $psc_prop_file "tenant"`
+defuser_prefix=`get_property $psc_prop_file "default-user-prefix"`
+admiral_url=`get_property $psc_prop_file admiral-url`
+# remove backslashes
+admiral_url=`echo $admiral_url | sed 's/\\\//g'`
+
+cloud_admin_name=$defuser_prefix
+cloud_admin_name+="-cloud-admin"
+cloud_admin_name+="@"
+cloud_admin_name+=$tenant
+
+# Wait for admiral to come up, max 1 minute
+check_admiral_url=$admiral_url
+check_admiral_url+="/projects"
+
+echo "add_default_user wating for ping"
+current_tries=0
+while true ; do
+ http_code=`curl -s -o /dev/null \
+ -w "%{http_code}" \
+ -H 'cache-control: no-cache' \
+ -H "x-xenon-auth-token: $token" \
+ --insecure \
+ --max-time 2 \
+ ${check_admiral_url}`
+
+ echo "add_default_users ping result: ${http_code}"
+
+ if [ ${http_code} -eq "200" ]; then
+ break;
+ fi
+
+ echo "add_default_users ping failed"
+
+ sleep 1
+ ((current_tries++))
+ if [ ${current_tries} -eq 30 ]; then
+ echo "add_default_users Admiral startup failed, no ping after one minute"
+ exit -1
+ fi
+done
+
+echo "add_default_users successful ping"
+
+add_cloud_admin_url=$admiral_url
+add_cloud_admin_url+="/auth/idm/principals/"
+add_cloud_admin_url+=$cloud_admin_name
+add_cloud_admin_url+="/roles"
+
+echo $add_cloud_admin_url
+
+curl -X PATCH \
+ -s \
+ -H 'cache-control: no-cache' \
+ -H 'content-type: application/json' \
+ -H "x-xenon-auth-token: $token" \
+ -d '{ "add":["CLOUD_ADMIN"] }' \
+ --insecure \
+ $add_cloud_admin_url
+
+echo
+echo "add_default_users added cloud-admin"
+
+add_users_to_project_url=$admiral_url
+add_users_to_project_url+="/projects/default-project"
+
+echo $add_users_to_project_url
+
+project_admin_name=$defuser_prefix
+project_admin_name+="-project-admin"
+project_admin_name+="@"
+project_admin_name+=$tenant
+
+project_dev_name=$defuser_prefix
+project_dev_name+="-developer"
+project_dev_name+="@"
+project_dev_name+=$tenant
+
+curl -X PATCH \
+ -s \
+ -H 'cache-control: no-cache' \
+ -H 'content-type: application/json' \
+ -H "x-xenon-auth-token: $token" \
+ -d "{ \"administrators\": { \"add\" : [\"$project_admin_name\"] }, \"members\": { \"add\" : [\"$project_dev_name\"] } }" \
+ --insecure \
+ $add_users_to_project_url
+
+echo
+echo "add_default_users added project-admin"
+
+echo
\ No newline at end of file
diff --git a/installer/packer/scripts/admiral/configure_admiral.sh b/installer/packer/scripts/admiral/configure_admiral.sh
index cc00b48f47..dd32431947 100755
--- a/installer/packer/scripts/admiral/configure_admiral.sh
+++ b/installer/packer/scripts/admiral/configure_admiral.sh
@@ -26,6 +26,7 @@ keytool="/usr/bin/keytool"
cert_dir="${data_dir}/cert"
flag="${data_dir}/cert_gen_type"
admiral_start_script="${conf_dir}/start_admiral.sh"
+admiral_add_default_users_script=${conf_dir}/add_default_users.sh
ca_download_dir="${data_dir}/ca_download"
mkdir -p "${cert_dir}"
@@ -40,14 +41,15 @@ ca_cert="${cert_dir}/ca.crt"
ca_key="${cert_dir}/ca.key"
ext="${cert_dir}/extfile.cnf"
-# Configure attr in start_admiral.sh
-function configureAdmiralStart {
- cfg_key=$1
- cfg_value=$2
+#Configure attr in script
+function configureScript {
+ script_name=$1
+ cfg_key=$2
+ cfg_value=$3
if [ -n "$cfg_key" ]; then
cfg_value=$(echo "$cfg_value" | sed -r -e 's%[\/&%]%\\&%g')
- sed -i -r "s%#?$cfg_key\s*=\s*.*%$cfg_key=$cfg_value%" $admiral_start_script
+ sed -i -r "s%#?$cfg_key\s*=\s*.*%$cfg_key=$cfg_value%" $script_name
fi
}
@@ -164,7 +166,7 @@ ip_address=$(ip addr show dev eth0 | sed -nr 's/.*inet ([^ ]+)\/.*/\1/p')
detectHostname
if [[ x$hostname != "x" ]]; then
echo "Hostname: ${hostname}"
- configureAdmiralStart "hostname" ${hostname}
+ configureScript $admiral_start_script "hostname" ${hostname}
else
echo "Hostname is null, set it to IP"
hostname=${ip_address}
@@ -176,9 +178,13 @@ $script_dir/set_guestinfo.sh admiral.endpoint https://"$ip_address":"$ADMIRAL_PO
# Init certs
secure
-configureAdmiralStart ADMIRAL_DATA_LOCATION $data_dir
-configureAdmiralStart ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT"
-configureAdmiralStart OVA_VM_IP "$ip_address"
+configureScript $admiral_start_script ADMIRAL_DATA_LOCATION $data_dir
+configureScript $admiral_start_script ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT"
+configureScript $admiral_start_script OVA_VM_IP "$ip_address"
+
+configureScript $admiral_add_default_users_script ADMIRAL_DATA_LOCATION $data_dir
+configureScript $admiral_add_default_users_script ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT"
+configureScript $admiral_add_default_users_script OVA_VM_IP "$ip_address"
iptables -w -A INPUT -j ACCEPT -p tcp --dport "$ADMIRAL_PORT"
diff --git a/installer/packer/scripts/systemd/admiral/admiral_default_users.service b/installer/packer/scripts/systemd/admiral/admiral_default_users.service
new file mode 100644
index 0000000000..5f29899014
--- /dev/null
+++ b/installer/packer/scripts/systemd/admiral/admiral_default_users.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Admiral Default Users
+Documentation=http://github.com/vmware/admiral
+After=admiral.service get_token.service
+Requires=iptables.service data.mount
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/bash /etc/vmware/admiral/add_default_users.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/installer/packer/scripts/systemd/admiral/admiral_startup.service b/installer/packer/scripts/systemd/admiral/admiral_startup.service
index b579ce8a99..0a890b6a56 100644
--- a/installer/packer/scripts/systemd/admiral/admiral_startup.service
+++ b/installer/packer/scripts/systemd/admiral/admiral_startup.service
@@ -9,6 +9,7 @@ Type=oneshot
ExecStart=/usr/bin/bash /etc/vmware/admiral/configure_admiral.sh
ExecStartPost=/usr/bin/systemctl start admiral.service
ExecStartPost=/usr/bin/systemctl start get_token.service
+ExecStartPost=/usr/bin/systemctl start admiral_default_users.service
[Install]
WantedBy=multi-user.target
diff --git a/installer/packer/vic-unified.ovf b/installer/packer/vic-unified.ovf
index 151c42f043..7c74ff20a7 100644
--- a/installer/packer/vic-unified.ovf
+++ b/installer/packer/vic-unified.ovf
@@ -278,6 +278,22 @@ EVALUATION LICENSE. If You are licensing the Software for evaluation purposes, Y
Specifies the port on which fileserver will be published.
+
+ Out-of-the-box VIC users
+ 7. Out-of-the box-users configuration
+
+
+ Uncheck to skip creation of out-of-the-box users.
+
+
+
+ Prefix to be used to create out-of-the-box VIC users.
+
+
+
+ Password to be used to create out-of-the-box VIC users. The password must follow the rules set for vSphere.
+
+
VM specific properties