Updating onos-setup-karaf for security-mode ONOS

Change-Id: I8e9dd907e5a135262603694753fd8008289c0d35

Updating onos-setup-karaf for security-mode ONOS
Change-Id: I8e9dd907e5a135262603694753fd8008289c0d35
Brian O'Connor · Gerrit Code Review
Commit bcfc054fed070785e15aca4231713d607b5dfbd1 bcfc054f 1 parent dfe13c8b
Showing 1 changed file with 48 additions and 7 deletions
tools/dev/bin/onos-setup-karaf
--- a/tools/dev/bin/onos-setup-karaf
View file @bcfc054
+++ b/tools/dev/bin/onos-setup-karaf
View file @bcfc054
@@ -20,12 +20,23 @@ function validateIp {
     ifconfig | awk '{ print $2}' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep $1
 }
-# Clean the previous Karaf directory if requested and if it exists.
+# Parse optional arguments
-if [ "$1" = "clean" ]; then
+while [[ $# > 0 ]]; do
-    shift
+case $1 in
-    CLEAN="true"
+    clean)
-    [ -d $KARAF_ROOT ] && rm -fr $KARAF_ROOT $STAGE/apps $STAGE/config
+        # Clean the previous Karaf directory if requested and if it exists.
-fi
+        CLEAN="true"
+        [ -d $KARAF_ROOT ] && rm -fr $KARAF_ROOT $STAGE/apps $STAGE/config
+    ;;
+    secure)
+        SECURE="true"
+    ;;
+    *)
+        break
+    ;;
+esac
+shift
+done
 ONOS_IP=${ONOS_IP:-127.0.0.1}
 IP="${1:-$ONOS_IP}"
@@ -43,7 +54,7 @@ fi
 # If IP is still not surmised or if usage was requested, show usage and IPs.
 if [ -z "$IP" -o "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]; then
-    echo "usage: $(basename $0) [clean] <ip-address>"
+    echo "usage: $(basename $0) [clean] [secure] <ip-address>"
     echo "Available IP addresses are:"
     validateIp .
     exit 1
@@ -71,6 +82,32 @@ if [ ! -d $KARAF_ROOT ]; then
     rm -rf $KARAF_ROOT/demos
 fi
+if [ "$SECURE" = "true" ]; then
+    echo "Enabling security mode ONOS..."
+
+    # SM-ONOS step 1: downgrade felix config admin
+    FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
+    if [ ! -f $FELIX_CFG_ADMIN ]; then
+        echo "Downloading $FELIX_CFG_ADMIN..."
+        curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
+    fi
+    [ ! -f $FELIX_CFG_ADMIN ] && \
+        echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
+
+    mkdir -p $KARAF_ROOT/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    cp $FELIX_CFG_ADMIN $KARAF_ROOT/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    perl -pi.old -e "s|org.apache.felix.configadmin/1.8.0|org.apache.felix.configadmin/1.6.0|g" \
+        $KARAF_ROOT/etc/startup.properties
+
+    # SM-ONOS step 2: stage ONOS Felix framework security (will get downloaded on demand); end
+
+    # SM-ONOS step 3.1: configure karaf
+    perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
+        $KARAF_ROOT/etc/system.properties
+    perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
+        $KARAF_ROOT/etc/system.properties
+fi
+
 if ! grep -q "/onos-features/" $KARAF_ROOT/etc/org.apache.karaf.features.cfg; then
     # Patch the Apache Karaf distribution file to add ONOS features repository
     echo "Adding ONOS feature repository..."
@@ -81,6 +118,10 @@ fi
 if ! grep -q ",onos-api," $KARAF_ROOT/etc/org.apache.karaf.features.cfg; then
     # Patch the Apache Karaf distribution file to load default ONOS boot features
     export BOOT_FEATURES="webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
+    if [ "$SECURE" = "true" ]; then
+        # SM-ONOS Step 3.2: add onos-security to featuresBoot
+        export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
+    fi
     echo "Adding ONOS boot features $BOOT_FEATURES..."
     perl -pi.old -e "s|^(featuresBoot=.*)|\1,$BOOT_FEATURES|" \
         $KARAF_ROOT/etc/org.apache.karaf.features.cfg