Eliminating use of Apache Karaf CLI client and of ONOS_USE_SSH env. variable.
All CLI access is now through the raw SSH client.
To enable passwordless access, the 'onos-user-key' tool should be used to add user keys.
Added 'onos-user-password' tool in the similar vein and usage as the 'onos-user-key' tool.
Change-Id: Ic5482fc8012369edc818691402ba45d13f130452
diff --git a/tools/build/onos-package b/tools/build/onos-package
index 4576aa0..1700b3c 100755
--- a/tools/build/onos-package
+++ b/tools/build/onos-package
@@ -56,8 +56,6 @@
# Patch-in proper Karaf version into the startup script
sed "s/\$KARAF_VERSION/$KARAF_VERSION/g" \
$ONOS_ROOT/tools/package/bin/onos-service > bin/onos-service
- sed "s/\$KARAF_VERSION/$KARAF_VERSION/g" \
- $ONOS_ROOT/tools/package/bin/onos-client > bin/onos
chmod a+x bin/onos-service bin/onos
if [ -d $ONOS_ROOT/tools/package/karaf-assembly/target/repo ]; then
diff --git a/tools/dev/bash_profile b/tools/dev/bash_profile
index 0f27638..7b599f4 100644
--- a/tools/dev/bash_profile
+++ b/tools/dev/bash_profile
@@ -35,9 +35,6 @@
export ONOS_WEB_USER=onos
export ONOS_WEB_PASS=rocks
-# Use raw SSH client for CLI console access by default
-export ONOS_USE_SSH=true
-
# Setup default location of test scenarios
export ONOS_SCENARIOS=$ONOS_ROOT/tools/test/scenarios
diff --git a/tools/package/bin/onos-ssh b/tools/package/bin/onos
similarity index 79%
rename from tools/package/bin/onos-ssh
rename to tools/package/bin/onos
index 7e082aa..8614256 100755
--- a/tools/package/bin/onos-ssh
+++ b/tools/package/bin/onos
@@ -3,4 +3,4 @@
# ONOS command-line client that uses raw ssh.
# -----------------------------------------------------------------------------
-ssh -p 8101 localhost "$@"
\ No newline at end of file
+ssh -p 8101 -o StrictHostKeyChecking=no localhost "$@"
\ No newline at end of file
diff --git a/tools/package/bin/onos-client b/tools/package/bin/onos-client
deleted file mode 100755
index 2a37087..0000000
--- a/tools/package/bin/onos-client
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-# -----------------------------------------------------------------------------
-# ONOS command-line client that uses the built-in Apache Karaf client.
-# -----------------------------------------------------------------------------
-
-if [ -z "${JAVA_HOME}" ]; then
- if [ -x /usr/libexec/java_home ]; then
- export JAVA_HOME=$(/usr/libexec/java_home -v 1.8)
- elif [ -d /usr/lib/jvm/java-8-oracle ]; then
- export JAVA_HOME="/usr/lib/jvm/java-8-oracle"
- elif [ -d /usr/lib/jvm/java-7-openjdk-amd64 ]; then
- export JAVA_HOME="/usr/lib/jvm/java-7-openjdk-amd64"
- fi
-fi
-
-cd $(dirname $0)/../apache-karaf-$KARAF_VERSION/bin
-./client -h localhost -u karaf "$@"
diff --git a/tools/package/bin/onos-config b/tools/package/bin/onos-config
deleted file mode 100755
index 2265d00..0000000
--- a/tools/package/bin/onos-config
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-echo "This command has been deprecated as this step is no longer required."
\ No newline at end of file
diff --git a/tools/package/bin/onos-secure-ssh b/tools/package/bin/onos-secure-ssh
index eab5d7a..fba3a03 100755
--- a/tools/package/bin/onos-secure-ssh
+++ b/tools/package/bin/onos-secure-ssh
@@ -1,40 +1,3 @@
#!/bin/bash
-# -----------------------------------------------------------------------------
-# Enables secure access to ONOS console by removing default users & keys.
-# -----------------------------------------------------------------------------
-
-# Remove the "unsecure" shell client which uses karaf "client" which is used
-# by default; we will install the "secure" client that just uses raw ssh later.
-rm -f $(dirname $0)/onos
-
-set -e
-
-# Scan arguments for user/password or other options...
-while getopts u:p: o; do
- case "$o" in
- u) user=$OPTARG;;
- p) password=$OPTARG;;
- esac
-done
-password=${password:-$user} # password defaults to the user if not specified
-let OPC=$OPTIND-1
-shift $OPC
-
-cd $(dirname $0)/../apache-karaf-*/etc
-USERS=users.properties
-KEYS=keys.properties
-
-# Remove the built-in users and keys to secure the access implicitly.
-egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
-egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
-
-# Remove any previous known keys for the local host.
-ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
-
-# Swap the onos client to use the SSH variant.
-ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos
-
-# If user and password options were given, setup the user/password.
-if [ -n "$user" -a -n "$password" ]; then
- echo "$user = $password,_g_:admingroup" >> $USERS
-fi
\ No newline at end of file
+echo "This command has been deprecated!"
+echo "Please use 'onos-user-key' and 'onos-user-password' commands instead."
\ No newline at end of file
diff --git a/tools/package/bin/onos-user-key b/tools/package/bin/onos-user-key
index db24da1..9a6aff3 100755
--- a/tools/package/bin/onos-user-key
+++ b/tools/package/bin/onos-user-key
@@ -1,20 +1,28 @@
#!/bin/bash
# -----------------------------------------------------------------------------
-# Adds or removes a user key for managing passwordless loging to ONOS console.
+# Adds or removes a user key for managing passwordless login to ONOS console.
# -----------------------------------------------------------------------------
-[ $# -lt 2 ] && echo "usage: $(basename $0) user {key|remove}" && exit 1
+usage="usage: $(basename $0) user {key|key-file|--remove}"
+
+[ $# -lt 2 ] && echo "$usage" >&2 && exit 1
set -e
user=$1
[ -f $2 ] && key=$(cut -d\ -f2 $2) || key=$2
+[ -z "$user" -o -z "$key" ] && echo "$usage" >&2 && exit 1
+
cd $(dirname $0)/../apache-karaf-*/etc
KEYS=keys.properties
# Remove the user key first, in case one was already present
-egrep -v "^$user[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
-if [ $key != "remove" ]; then
+egrep -v "^($user|karaf)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
+if [ $key != "--remove" ]; then
echo "$user=$key,_g_:admingroup" >> $KEYS
fi
+
+# Also, remove any previous known keys for the localhost.
+ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
+
diff --git a/tools/package/bin/onos-user-password b/tools/package/bin/onos-user-password
new file mode 100755
index 0000000..a7c638c
--- /dev/null
+++ b/tools/package/bin/onos-user-password
@@ -0,0 +1,24 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Adds or removes the specified user and password to secure ONOS GUI and
+# ONOS REST API; also removes the default user/password entry.
+# -----------------------------------------------------------------------------
+
+usage="usage: $(basename $0) user {password|--remove}"
+
+user=$1
+password=$2
+
+[ -z "$user" -o -z "$password" ] && echo "$usage" >&2 && exit 1
+
+cd $(dirname $0)/../apache-karaf-*/etc
+USERS=users.properties
+
+# Remove the user entry first, in case one was already present.
+# Also remove the built-in user to implicitly secure access.
+egrep -v "^($user|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
+
+# Add the user and the password to the user properties file.
+if [ $password != "--remove" ]; then
+ echo "$user = $password,_g_:admingroup" >> $USERS
+fi
diff --git a/tools/package/onos-prep-karaf b/tools/package/onos-prep-karaf
index 4eb72c0..6d33273 100755
--- a/tools/package/onos-prep-karaf
+++ b/tools/package/onos-prep-karaf
@@ -27,9 +27,7 @@
# Patch-in proper Karaf version into the startup script
sed -i.bk "s/apache-karaf-\$KARAF_VERSION/$KARAF_DIR/g" bin/onos-service
-sed -i.bk "s/apache-karaf-\$KARAF_VERSION/$KARAF_DIR/g" bin/onos-client
rm -f bin/*.bk
-mv bin/onos-client bin/onos
chmod a+x bin/onos-service bin/onos
export BOOT_FEATURES="standard,ssh,scr,war,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
diff --git a/tools/package/onos-run-karaf b/tools/package/onos-run-karaf
index f27428e..3f369a3 100755
--- a/tools/package/onos-run-karaf
+++ b/tools/package/onos-run-karaf
@@ -48,10 +48,9 @@
export ONOS_HOME=$PWD
# Run using the secure SSH client
- export ONOS_USE_SSH=true
[ ! -f ~/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' -q
$ONOS_HOME/bin/onos-user-key $(id -un) "$(cut -d\ -f2 ~/.ssh/id_rsa.pub)"
- $ONOS_HOME/bin/onos-secure-ssh -u onos -p rocks
+ $ONOS_HOME/bin/onos-user-password onos rocks
# Create config/cluster.json (cluster metadata)
IP=${ONOS_IP:-127.0.0.1}
@@ -80,7 +79,7 @@
function killServer() {
echo "Killing ONOS server..."
- kill -9 $(cat /tmp/onos.pid) 2>/dev/null
+ cat /tmp/onos.pid | xargs kill -9
}
# Hang-on a bit and then start tailing the ONOS log output
diff --git a/tools/test/bin/onos b/tools/test/bin/onos
index 222ab99..44ba393 100755
--- a/tools/test/bin/onos
+++ b/tools/test/bin/onos
@@ -10,7 +10,7 @@
flags:
- -w : Waits for ONOS instance to reach run-level 100, i.e. to be fully started.
-- -f : (Affects non-secure client only) - use bash's IFS expansion of positional parameters
+- -f : Deprecated - use bash's IFS expansion of positional parameters
options:
- [node] : the node to attach to
@@ -30,19 +30,8 @@
. $ONOS_ROOT/tools/test/bin/find-node.sh
[ "$1" = "-w" ] && shift && onos-wait-for-start $1
-[ "$1" = "-f" ] && shift && flat=1
+[ "$1" = "-f" ] && shift # Deprecated
[ -n "$1" ] && OCI=$(find_node $1) && shift
-if which client 1>/dev/null 2>&1 && [ -z "$ONOS_USE_SSH" ]; then
- # Use Karaf client only if we can and are allowed to
- unset KARAF_HOME
- if [ -z "$flat" ]; then
- client -h $OCI -u karaf "$@" 2>/dev/null
- else
- client -h $OCI -u karaf "$*" 2>/dev/null
- fi
-else
- # Otherwise use raw ssh; strict checking is off for dev environments only
- ssh -p 8101 -o StrictHostKeyChecking=no $OCI "$@"
-fi
+ssh -p 8101 -o StrictHostKeyChecking=no $OCI "$@"
diff --git a/tools/test/bin/onos-check-apps b/tools/test/bin/onos-check-apps
index 55e94f0..f4b21b7 100755
--- a/tools/test/bin/onos-check-apps
+++ b/tools/test/bin/onos-check-apps
@@ -10,11 +10,11 @@
trap "rm -f $aux $aux.1 $aux.2 2>/dev/null" EXIT
for attempt in {1..30}; do
- onos ${1:-$OCI} "onos:apps -s -a" | grep -v /bin/client > $aux
+ onos ${1:-$OCI} "onos:apps -s -a" > $aux
cat $aux
# Normalize the installed apps
- cut -c7- $aux | grep -v '/bin/client' | cut -d\ -f1 | sort > $aux.1
+ cut -c7- $aux | cut -d\ -f1 | sort > $aux.1
# Normalize the expected apps
apps=${2:-$ONOS_APPS}
diff --git a/tools/test/bin/onos-check-node-status b/tools/test/bin/onos-check-node-status
index ba86703..39628b8 100755
--- a/tools/test/bin/onos-check-node-status
+++ b/tools/test/bin/onos-check-node-status
@@ -7,7 +7,7 @@
trap "rm -f $aux 2>/dev/null" EXIT
for attempt in {1..10}; do
- onos ${1:-$OCI} "onos:nodes" | grep -v /bin/client > $aux
+ onos ${1:-$OCI} "onos:nodes" > $aux
cat $aux
# Normalize the node status
diff --git a/tools/test/bin/onos-check-nodes b/tools/test/bin/onos-check-nodes
index 69187b6..5433f38 100755
--- a/tools/test/bin/onos-check-nodes
+++ b/tools/test/bin/onos-check-nodes
@@ -6,7 +6,7 @@
aux=/tmp/stc-$$.log
trap "rm -f $aux $aux.1 $aux.2 2>/dev/null" EXIT
-onos ${1:-$OCI} "onos:nodes" | grep -v /bin/client > $aux
+onos ${1:-$OCI} "onos:nodes" > $aux
cat $aux
# Normalize the nodes
diff --git a/tools/test/bin/onos-secure-ssh b/tools/test/bin/onos-secure-ssh
index d869c67..24a5a48 100755
--- a/tools/test/bin/onos-secure-ssh
+++ b/tools/test/bin/onos-secure-ssh
@@ -28,7 +28,7 @@
ssh $ONOS_USER@$node "
[ ! -f ~/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' -q
$ONOS_INSTALL_DIR/bin/onos-user-key \$(id -un) \$(cut -d\\ -f2 ~/.ssh/id_rsa.pub)
- $ONOS_INSTALL_DIR/bin/onos-secure-ssh -u $user -p $password
+ $ONOS_INSTALL_DIR/bin/onos-user-password $user $password
# Implicitly accept the new server key in dev/test environments
while ! ssh -p 8101 -o StrictHostKeyChecking=no localhost list 2>/dev/null; do
diff --git a/tools/test/bin/onos-user-key b/tools/test/bin/onos-user-key
index b324c1a..df4379f 100755
--- a/tools/test/bin/onos-user-key
+++ b/tools/test/bin/onos-user-key
@@ -1,6 +1,6 @@
#!/bin/bash
# -----------------------------------------------------------------------------
-# Adds or removes a user key for managing passwordless loging to ONOS console.
+# Adds or removes a user key for managing passwordless login to ONOS console.
# -----------------------------------------------------------------------------
[ ! -d "$ONOS_ROOT" ] && echo "ONOS_ROOT is not defined" >&2 && exit 1
diff --git a/tools/test/cells/demo b/tools/test/cells/demo
index bb765bb..6211ed9 100644
--- a/tools/test/cells/demo
+++ b/tools/test/cells/demo
@@ -6,7 +6,6 @@
export OC3="10.0.3.103"
export OCN="10.0.3.1"
-unset ONOS_USE_SSH
export ONOS_APPS=drivers,openflow,proxyarp
alias sshnet="ssh onos@$OCN"
diff --git a/tools/test/cells/demo-eu b/tools/test/cells/demo-eu
index 6fb46ce..414fddd 100644
--- a/tools/test/cells/demo-eu
+++ b/tools/test/cells/demo-eu
@@ -11,7 +11,6 @@
export ONOS_SCENARIOS=$ONOS/tools/test/scenarios
export ONOS_TOPO=geant
export ONOS_USER=sdn
-export ONOS_USE_SSH=true
export ONOS_WEB_PASS=rocks
export ONOS_WEB_USER=onos
alias demo-reset='stc net-teardown; stc teardown; topo geant; stc setup && stc net-setup'
diff --git a/tools/test/cells/office b/tools/test/cells/office
index 906694d..09405f3 100644
--- a/tools/test/cells/office
+++ b/tools/test/cells/office
@@ -3,5 +3,4 @@
export ONOS_NIC="10.1.10.*"
export OC1="10.1.10.223"
-unset ONOS_USE_SSH
export ONOS_APPS="drivers,openflow,fwd,proxyarp,mobility"
diff --git a/tools/test/cells/simon-uk b/tools/test/cells/simon-uk
index 6b0fa9a..703be03 100644
--- a/tools/test/cells/simon-uk
+++ b/tools/test/cells/simon-uk
@@ -22,7 +22,6 @@
# onos4 RUNNING 10.0.3.14 - YES
#============================================
-export ONOS_USE_SSH=true
export ONOS_NIC="10.0.3.*"
## ONOS instances (LXC containers)
diff --git a/tools/test/cells/simon-uk4 b/tools/test/cells/simon-uk4
index b86d853..58ea829 100644
--- a/tools/test/cells/simon-uk4
+++ b/tools/test/cells/simon-uk4
@@ -22,7 +22,6 @@
# onos4 RUNNING 10.0.3.14 - YES
#============================================
-export ONOS_USE_SSH=true
export ONOS_NIC="10.0.3.*"
## ONOS instances (LXC containers)
diff --git a/tools/test/cells/tutorial b/tools/test/cells/tutorial
index 28186f4..4e06eed 100644
--- a/tools/test/cells/tutorial
+++ b/tools/test/cells/tutorial
@@ -6,5 +6,4 @@
export OC3="10.0.3.103"
export OCN="10.0.3.1"
-unset ONOS_USE_SSH
export ONOS_APPS=drivers,openflow,proxyarp
diff --git a/tools/test/cells/virtual b/tools/test/cells/virtual
index 0cac447..aa6589e 100644
--- a/tools/test/cells/virtual
+++ b/tools/test/cells/virtual
@@ -6,7 +6,6 @@
export OC3="192.168.56.103"
export OCN="192.168.56.100"
-export ONOS_USE_SSH=true
export ONOS_APPS="drivers,openflow,fwd,proxyarp,mobility"
export ONOS_USER=sdn
diff --git a/tools/test/scenarios/prerequisites.xml b/tools/test/scenarios/prerequisites.xml
index ad6545d..e9dcc29 100644
--- a/tools/test/scenarios/prerequisites.xml
+++ b/tools/test/scenarios/prerequisites.xml
@@ -17,8 +17,6 @@
<group name="Prerequisites">
<step name="Check-Environment"
exec="test -n ${ONOS_ROOT} -a -n ${ONOS_NIC} -a -n ${OC1}"/>
- <step name="Check-Secure-SSH"
- exec="test '${ONOS_USE_SSH}' == 'true' -o '${ONOS_USE_SSH}' == ''"/>
<step name="Check-ONOS-Bits" exec="onos-check-bits"/>
<parallel var="${OC#}">
<step name="Check-Passwordless-Login-${#}"
diff --git a/tools/test/scenarios/setup.xml b/tools/test/scenarios/setup.xml
index dd3db19..845380e 100644
--- a/tools/test/scenarios/setup.xml
+++ b/tools/test/scenarios/setup.xml
@@ -30,8 +30,7 @@
requires="Kill-${#},Push-Bits-${#},Push-Bits"/>
<step name="Secure-SSH-${#}" requires="Install-${#}"
- exec="onos-secure-ssh -u ${ONOS_WEB_USER} -p ${ONOS_WEB_PASS} ${OC#}"
- if="${ONOS_USE_SSH}"/>
+ exec="onos-secure-ssh -u ${ONOS_WEB_USER} -p ${ONOS_WEB_PASS} ${OC#}"/>
<step name="Wait-for-Start-${#}" exec="onos-wait-for-start ${OC#}"
requires="Install-${#},~Secure-SSH-${#}"/>
diff --git a/tools/test/scenarios/tar-setup.xml b/tools/test/scenarios/tar-setup.xml
index a0b5f47..c6e8201 100644
--- a/tools/test/scenarios/tar-setup.xml
+++ b/tools/test/scenarios/tar-setup.xml
@@ -16,7 +16,7 @@
<scenario name="tar-setup" description="ONOS cluster setup via onos.tar.gz">
<group name="Setup-Instances">
<step name="Push-Bits" exec="onos-push-bits-through-proxy" if="${OCT}"/>
- <step name="Secure-SSH" exec="onos-secure-ssh -u ${ONOS_WEB_USER} -p ${ONOS_WEB_PASS}" if="${ONOS_USE_SSH}"/>
+ <step name="Secure-SSH" exec="onos-secure-ssh -u ${ONOS_WEB_USER} -p ${ONOS_WEB_PASS}"/>
<parallel var="${OC#}">
<step name="Push-Bits-${#}" exec="onos-push-bits ${OC#}" unless="${OCT}"/>