Updating onos-setup-karaf for security-mode ONOS
Change-Id: I8e9dd907e5a135262603694753fd8008289c0d35
diff --git a/tools/dev/bin/onos-setup-karaf b/tools/dev/bin/onos-setup-karaf
index 7a0493d..7aeb01a 100755
--- a/tools/dev/bin/onos-setup-karaf
+++ b/tools/dev/bin/onos-setup-karaf
@@ -20,12 +20,23 @@
ifconfig | awk '{ print $2}' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep $1
}
-# Clean the previous Karaf directory if requested and if it exists.
-if [ "$1" = "clean" ]; then
- shift
- CLEAN="true"
- [ -d $KARAF_ROOT ] && rm -fr $KARAF_ROOT $STAGE/apps $STAGE/config
-fi
+# Parse optional arguments
+while [[ $# > 0 ]]; do
+case $1 in
+ clean)
+ # Clean the previous Karaf directory if requested and if it exists.
+ CLEAN="true"
+ [ -d $KARAF_ROOT ] && rm -fr $KARAF_ROOT $STAGE/apps $STAGE/config
+ ;;
+ secure)
+ SECURE="true"
+ ;;
+ *)
+ break
+ ;;
+esac
+shift
+done
ONOS_IP=${ONOS_IP:-127.0.0.1}
IP="${1:-$ONOS_IP}"
@@ -43,7 +54,7 @@
# If IP is still not surmised or if usage was requested, show usage and IPs.
if [ -z "$IP" -o "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]; then
- echo "usage: $(basename $0) [clean] <ip-address>"
+ echo "usage: $(basename $0) [clean] [secure] <ip-address>"
echo "Available IP addresses are:"
validateIp .
exit 1
@@ -71,6 +82,32 @@
rm -rf $KARAF_ROOT/demos
fi
+if [ "$SECURE" = "true" ]; then
+ echo "Enabling security mode ONOS..."
+
+ # SM-ONOS step 1: downgrade felix config admin
+ FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
+ if [ ! -f $FELIX_CFG_ADMIN ]; then
+ echo "Downloading $FELIX_CFG_ADMIN..."
+ curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
+ fi
+ [ ! -f $FELIX_CFG_ADMIN ] && \
+ echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
+
+ mkdir -p $KARAF_ROOT/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+ cp $FELIX_CFG_ADMIN $KARAF_ROOT/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+ perl -pi.old -e "s|org.apache.felix.configadmin/1.8.0|org.apache.felix.configadmin/1.6.0|g" \
+ $KARAF_ROOT/etc/startup.properties
+
+ # SM-ONOS step 2: stage ONOS Felix framework security (will get downloaded on demand); end
+
+ # SM-ONOS step 3.1: configure karaf
+ perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
+ $KARAF_ROOT/etc/system.properties
+ perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
+ $KARAF_ROOT/etc/system.properties
+fi
+
if ! grep -q "/onos-features/" $KARAF_ROOT/etc/org.apache.karaf.features.cfg; then
# Patch the Apache Karaf distribution file to add ONOS features repository
echo "Adding ONOS feature repository..."
@@ -81,6 +118,10 @@
if ! grep -q ",onos-api," $KARAF_ROOT/etc/org.apache.karaf.features.cfg; then
# Patch the Apache Karaf distribution file to load default ONOS boot features
export BOOT_FEATURES="webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
+ if [ "$SECURE" = "true" ]; then
+ # SM-ONOS Step 3.2: add onos-security to featuresBoot
+ export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
+ fi
echo "Adding ONOS boot features $BOOT_FEATURES..."
perl -pi.old -e "s|^(featuresBoot=.*)|\1,$BOOT_FEATURES|" \
$KARAF_ROOT/etc/org.apache.karaf.features.cfg