Updating onos-setup-karaf for security-mode ONOS

Change-Id: I8e9dd907e5a135262603694753fd8008289c0d35

Updating onos-setup-karaf for security-mode ONOS
Change-Id: I8e9dd907e5a135262603694753fd8008289c0d35
Brian O'Connor · Gerrit Code Review
Commit bcfc054fed070785e15aca4231713d607b5dfbd1 bcfc054f 1 parent dfe13c8b
Showing 1 changed file with 46 additions and 5 deletions
tools/dev/bin/onos-setup-karaf
--- a/tools/dev/bin/onos-setup-karaf
View file @bcfc054
+++ b/tools/dev/bin/onos-setup-karaf
View file @bcfc054
@@ -20,12 +20,23 @@ function validateIp {
     ifconfig | awk '{ print $2}' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep $1
 }
 
- # Clean the previous Karaf directory if requested and if it exists.
- if [ "$1" = "clean" ]; then
-     shift
+ # Parse optional arguments
+ while [[ $# > 0 ]]; do
+ case $1 in
+     clean)
+         # Clean the previous Karaf directory if requested and if it exists.
         CLEAN="true"
         [ -d $KARAF_ROOT ] && rm -fr $KARAF_ROOT $STAGE/apps $STAGE/config
- fi
+     ;;
+     secure)
+         SECURE="true"
+     ;;
+     *)
+         break
+     ;;
+ esac
+ shift
+ done
 
 ONOS_IP=${ONOS_IP:-127.0.0.1}
 IP="${1:-$ONOS_IP}"
@@ -43,7 +54,7 @@ fi
 
 # If IP is still not surmised or if usage was requested, show usage and IPs.
 if [ -z "$IP" -o "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]; then
-     echo "usage: $(basename $0) [clean] <ip-address>"
+     echo "usage: $(basename $0) [clean] [secure] <ip-address>"
     echo "Available IP addresses are:"
     validateIp .
     exit 1
@@ -71,6 +82,32 @@ if [ ! -d $KARAF_ROOT ]; then
     rm -rf $KARAF_ROOT/demos
 fi
 
+ if [ "$SECURE" = "true" ]; then
+     echo "Enabling security mode ONOS..."
+ 
+     # SM-ONOS step 1: downgrade felix config admin
+     FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
+     if [ ! -f $FELIX_CFG_ADMIN ]; then
+         echo "Downloading $FELIX_CFG_ADMIN..."
+         curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
+     fi
+     [ ! -f $FELIX_CFG_ADMIN ] && \
+         echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
+ 
+     mkdir -p $KARAF_ROOT/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+     cp $FELIX_CFG_ADMIN $KARAF_ROOT/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+     perl -pi.old -e "s|org.apache.felix.configadmin/1.8.0|org.apache.felix.configadmin/1.6.0|g" \
+         $KARAF_ROOT/etc/startup.properties
+ 
+     # SM-ONOS step 2: stage ONOS Felix framework security (will get downloaded on demand); end
+ 
+     # SM-ONOS step 3.1: configure karaf
+     perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
+         $KARAF_ROOT/etc/system.properties
+     perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
+         $KARAF_ROOT/etc/system.properties
+ fi
+ 
 if ! grep -q "/onos-features/" $KARAF_ROOT/etc/org.apache.karaf.features.cfg; then
     # Patch the Apache Karaf distribution file to add ONOS features repository
     echo "Adding ONOS feature repository..."
@@ -81,6 +118,10 @@ fi
 if ! grep -q ",onos-api," $KARAF_ROOT/etc/org.apache.karaf.features.cfg; then
     # Patch the Apache Karaf distribution file to load default ONOS boot features
     export BOOT_FEATURES="webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
+     if [ "$SECURE" = "true" ]; then
+         # SM-ONOS Step 3.2: add onos-security to featuresBoot
+         export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
+     fi
     echo "Adding ONOS boot features $BOOT_FEATURES..."
     perl -pi.old -e "s|^(featuresBoot=.*)|\1,$BOOT_FEATURES|" \
         $KARAF_ROOT/etc/org.apache.karaf.features.cfg