diff --git a/installer/fileserver/tasks.go b/installer/fileserver/tasks.go index 94ea8c0cdf..b13e621a19 100644 --- a/installer/fileserver/tasks.go +++ b/installer/fileserver/tasks.go @@ -65,6 +65,14 @@ func registerWithPSC(ctx context.Context) error { } admiralPort := ovf.Properties["management_portal.port"] + // Out of the box users + defCreateUsers, foundCreateUsers := ovf.Properties["default_users.create_def_users"] + defPrefix, foundPrefix := ovf.Properties["default_users.def_user_prefix"] + defPassword, foundPassword := ovf.Properties["default_users.def_user_password"] + + log.Infof("PSC Out of the box users. CreateUsers: %s, FoundCreateUsers: %v, Prefix: %s", + defCreateUsers, foundCreateUsers, defPrefix) + // Register all VIC components with PSC cmdName := "/usr/bin/java" for _, client := range []string{"harbor", "engine", "admiral"} { @@ -83,6 +91,18 @@ func registerWithPSC(ctx context.Context) error { "--configDir=" + pscConfDir, } + if client == "admiral" && foundCreateUsers && strings.ToLower(defCreateUsers) == "true" { + if foundPrefix && defPrefix != "" { + arg := "--defaultUserPrefix=" + defPrefix + cmdArgs = append(cmdArgs, arg) + } + + if foundPassword && defPrefix != "" && defPassword != "" { + arg := "--defaultUserPassword=" + defPassword + cmdArgs = append(cmdArgs, arg) + } + } + // #nosec: Subprocess launching with variable. // This runs the PSC tool's register command. cmd := exec.Command(cmdName, cmdArgs...) diff --git a/installer/packer/packer-vic.json b/installer/packer/packer-vic.json index a0f0e9f3a0..e6d0bf7872 100644 --- a/installer/packer/packer-vic.json +++ b/installer/packer/packer-vic.json @@ -287,6 +287,11 @@ "source": "scripts/systemd/admiral/admiral.service", "destination": "/usr/lib/systemd/system/admiral.service" }, + { + "type": "file", + "source": "scripts/systemd/admiral/admiral_default_users.service", + "destination": "/usr/lib/systemd/system/admiral_default_users.service" + }, { "type": "file", "source": "scripts/admiral/configure_admiral.sh", @@ -297,6 +302,11 @@ "source": "scripts/admiral/start_admiral.sh", "destination": "/etc/vmware/admiral/start_admiral.sh" }, + { + "type": "file", + "source": "scripts/admiral/add_default_users.sh", + "destination": "/etc/vmware/admiral/add_default_users.sh" + }, { "type": "file", "source": "scripts/systemd/psc/get_token.service", diff --git a/installer/packer/scripts/admiral/add_default_users.sh b/installer/packer/scripts/admiral/add_default_users.sh new file mode 100755 index 0000000000..f6505e8f91 --- /dev/null +++ b/installer/packer/scripts/admiral/add_default_users.sh @@ -0,0 +1,151 @@ +#!/usr/bin/bash +# Copyright 2017 VMware, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +set -uf -o pipefail + +# Populated by configure_admiral.sh +ADMIRAL_EXPOSED_PORT="" +ADMIRAL_DATA_LOCATION="" +OVA_VM_IP="" + +# Add default users +# Usage: get_property FILE KEY +function get_property +{ + grep "^$2=" "$1" | cut -d'=' -f2 +} + +create_def_users=$(ovfenv -k default_users.create_def_users) +user_prefix=$(ovfenv -k default_users.def_user_prefix) +user_password=$(ovfenv -k default_users.def_user_password) + +echo "add_default_users: $create_def_users, $user_prefix" + +if [ ${create_def_users} != "True" ] || [ -z ${user_prefix} ] || [ -z ${user_password} ]; then + echo "add_default_users, not creating default users" + exit 0 +fi + +psc_prop_file=${ADMIRAL_DATA_LOCATION}/configs/psc-config.properties +token_file=/etc/vmware/psc/admiral/tokens.properties + +echo "add_default_users wating for token" +token_tries=0 +while true ; do + if [ -f $token_file ]; then + break; + fi + ((token_tries++)) + sleep 1 + if [ ${token_tries} -eq 60 ]; then + echo "add_default_users, admiral start up failed, no tokens after one minute" + exit -1 + fi +done + +token=`cat $token_file` + +echo "add_default_users loaded token" + +tenant=`get_property $psc_prop_file "tenant"` +defuser_prefix=`get_property $psc_prop_file "default-user-prefix"` +admiral_url=`get_property $psc_prop_file admiral-url` +# remove backslashes +admiral_url=`echo $admiral_url | sed 's/\\\//g'` + +cloud_admin_name=$defuser_prefix +cloud_admin_name+="-cloud-admin" +cloud_admin_name+="@" +cloud_admin_name+=$tenant + +# Wait for admiral to come up, max 1 minute +check_admiral_url=$admiral_url +check_admiral_url+="/projects" + +echo "add_default_user wating for ping" +current_tries=0 +while true ; do + http_code=`curl -s -o /dev/null \ + -w "%{http_code}" \ + -H 'cache-control: no-cache' \ + -H "x-xenon-auth-token: $token" \ + --insecure \ + --max-time 2 \ + ${check_admiral_url}` + + echo "add_default_users ping result: ${http_code}" + + if [ ${http_code} -eq "200" ]; then + break; + fi + + echo "add_default_users ping failed" + + sleep 1 + ((current_tries++)) + if [ ${current_tries} -eq 30 ]; then + echo "add_default_users Admiral startup failed, no ping after one minute" + exit -1 + fi +done + +echo "add_default_users successful ping" + +add_cloud_admin_url=$admiral_url +add_cloud_admin_url+="/auth/idm/principals/" +add_cloud_admin_url+=$cloud_admin_name +add_cloud_admin_url+="/roles" + +echo $add_cloud_admin_url + +curl -X PATCH \ + -s \ + -H 'cache-control: no-cache' \ + -H 'content-type: application/json' \ + -H "x-xenon-auth-token: $token" \ + -d '{ "add":["CLOUD_ADMIN"] }' \ + --insecure \ + $add_cloud_admin_url + +echo +echo "add_default_users added cloud-admin" + +add_users_to_project_url=$admiral_url +add_users_to_project_url+="/projects/default-project" + +echo $add_users_to_project_url + +project_admin_name=$defuser_prefix +project_admin_name+="-project-admin" +project_admin_name+="@" +project_admin_name+=$tenant + +project_dev_name=$defuser_prefix +project_dev_name+="-developer" +project_dev_name+="@" +project_dev_name+=$tenant + +curl -X PATCH \ + -s \ + -H 'cache-control: no-cache' \ + -H 'content-type: application/json' \ + -H "x-xenon-auth-token: $token" \ + -d "{ \"administrators\": { \"add\" : [\"$project_admin_name\"] }, \"members\": { \"add\" : [\"$project_dev_name\"] } }" \ + --insecure \ + $add_users_to_project_url + +echo +echo "add_default_users added project-admin" + +echo \ No newline at end of file diff --git a/installer/packer/scripts/admiral/configure_admiral.sh b/installer/packer/scripts/admiral/configure_admiral.sh index cc00b48f47..dd32431947 100755 --- a/installer/packer/scripts/admiral/configure_admiral.sh +++ b/installer/packer/scripts/admiral/configure_admiral.sh @@ -26,6 +26,7 @@ keytool="/usr/bin/keytool" cert_dir="${data_dir}/cert" flag="${data_dir}/cert_gen_type" admiral_start_script="${conf_dir}/start_admiral.sh" +admiral_add_default_users_script=${conf_dir}/add_default_users.sh ca_download_dir="${data_dir}/ca_download" mkdir -p "${cert_dir}" @@ -40,14 +41,15 @@ ca_cert="${cert_dir}/ca.crt" ca_key="${cert_dir}/ca.key" ext="${cert_dir}/extfile.cnf" -# Configure attr in start_admiral.sh -function configureAdmiralStart { - cfg_key=$1 - cfg_value=$2 +#Configure attr in script +function configureScript { + script_name=$1 + cfg_key=$2 + cfg_value=$3 if [ -n "$cfg_key" ]; then cfg_value=$(echo "$cfg_value" | sed -r -e 's%[\/&%]%\\&%g') - sed -i -r "s%#?$cfg_key\s*=\s*.*%$cfg_key=$cfg_value%" $admiral_start_script + sed -i -r "s%#?$cfg_key\s*=\s*.*%$cfg_key=$cfg_value%" $script_name fi } @@ -164,7 +166,7 @@ ip_address=$(ip addr show dev eth0 | sed -nr 's/.*inet ([^ ]+)\/.*/\1/p') detectHostname if [[ x$hostname != "x" ]]; then echo "Hostname: ${hostname}" - configureAdmiralStart "hostname" ${hostname} + configureScript $admiral_start_script "hostname" ${hostname} else echo "Hostname is null, set it to IP" hostname=${ip_address} @@ -176,9 +178,13 @@ $script_dir/set_guestinfo.sh admiral.endpoint https://"$ip_address":"$ADMIRAL_PO # Init certs secure -configureAdmiralStart ADMIRAL_DATA_LOCATION $data_dir -configureAdmiralStart ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT" -configureAdmiralStart OVA_VM_IP "$ip_address" +configureScript $admiral_start_script ADMIRAL_DATA_LOCATION $data_dir +configureScript $admiral_start_script ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT" +configureScript $admiral_start_script OVA_VM_IP "$ip_address" + +configureScript $admiral_add_default_users_script ADMIRAL_DATA_LOCATION $data_dir +configureScript $admiral_add_default_users_script ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT" +configureScript $admiral_add_default_users_script OVA_VM_IP "$ip_address" iptables -w -A INPUT -j ACCEPT -p tcp --dport "$ADMIRAL_PORT" diff --git a/installer/packer/scripts/systemd/admiral/admiral_default_users.service b/installer/packer/scripts/systemd/admiral/admiral_default_users.service new file mode 100644 index 0000000000..5f29899014 --- /dev/null +++ b/installer/packer/scripts/systemd/admiral/admiral_default_users.service @@ -0,0 +1,12 @@ +[Unit] +Description=Admiral Default Users +Documentation=http://github.com/vmware/admiral +After=admiral.service get_token.service +Requires=iptables.service data.mount + +[Service] +Type=oneshot +ExecStart=/usr/bin/bash /etc/vmware/admiral/add_default_users.sh + +[Install] +WantedBy=multi-user.target diff --git a/installer/packer/scripts/systemd/admiral/admiral_startup.service b/installer/packer/scripts/systemd/admiral/admiral_startup.service index b579ce8a99..0a890b6a56 100644 --- a/installer/packer/scripts/systemd/admiral/admiral_startup.service +++ b/installer/packer/scripts/systemd/admiral/admiral_startup.service @@ -9,6 +9,7 @@ Type=oneshot ExecStart=/usr/bin/bash /etc/vmware/admiral/configure_admiral.sh ExecStartPost=/usr/bin/systemctl start admiral.service ExecStartPost=/usr/bin/systemctl start get_token.service +ExecStartPost=/usr/bin/systemctl start admiral_default_users.service [Install] WantedBy=multi-user.target diff --git a/installer/packer/vic-unified.ovf b/installer/packer/vic-unified.ovf index 151c42f043..7c74ff20a7 100644 --- a/installer/packer/vic-unified.ovf +++ b/installer/packer/vic-unified.ovf @@ -278,6 +278,22 @@ EVALUATION LICENSE. If You are licensing the Software for evaluation purposes, Y Specifies the port on which fileserver will be published. + + Out-of-the-box VIC users + 7. Out-of-the box-users configuration + + + Uncheck to skip creation of out-of-the-box users. + + + + Prefix to be used to create out-of-the-box VIC users. + + + + Password to be used to create out-of-the-box VIC users. The password must follow the rules set for vSphere. + + VM specific properties