in infrastructure-provisioning/src/general/lib/os/redhat/ssn_lib.py [0:0]
def start_ss(keyfile, host_string, datalab_conf_dir, web_path,
os_user, mongo_passwd, keystore_passwd, cloud_provider,
service_base_name, tag_resource_id, billing_tag, account_id, billing_bucket,
aws_job_enabled, datalab_path, billing_enabled, cloud_params,
authentication_file, offer_number, currency,
locale, region_info, ldap_login, tenant_id,
application_id, hostname, data_lake_name, subscription_id,
validate_permission_scope, datalab_id, usage_date, product,
usage_type, usage, cost, resource_id, tags, billing_dataset_name, keycloak_client_id,
keycloak_client_secret, keycloak_auth_server_url, report_path=''):
try:
if not exists(conn,'{}tmp/ss_started'.format(os.environ['ssn_datalab_path'])):
java_path = conn.sudo("alternatives --display java | grep 'slave jre: ' | awk '{print $3}'").stdout.replace('\n','')
supervisor_conf = '/etc/supervisord.d/supervisor_svc.ini'
conn.local('sed -i "s|MONGO_PASSWORD|{}|g" /root/templates/ssn.yml'.format(mongo_passwd))
conn.local('sed -i "s|KEYSTORE_PASSWORD|{}|g" /root/templates/ssn.yml'.format(keystore_passwd))
conn.local('sed -i "s|CLOUD_PROVIDER|{}|g" /root/templates/ssn.yml'.format(cloud_provider))
conn.local('sed -i "s|\${JRE_HOME}|' + java_path + '|g" /root/templates/ssn.yml')
conn.sudo('sed -i "s|KEYNAME|{}|g" {}/webapp/provisioning-service/conf/provisioning.yml'.
format(os.environ['conf_key_name'], datalab_path))
conn.put('/root/templates/ssn.yml', '/tmp/ssn.yml')
conn.sudo('mv /tmp/ssn.yml ' + os.environ['ssn_datalab_path'] + 'conf/')
conn.put('/root/templates/proxy_location_webapp_template.conf', '/tmp/proxy_location_webapp_template.conf')
conn.sudo('mv /tmp/proxy_location_webapp_template.conf ' + os.environ['ssn_datalab_path'] + 'tmp/')
if cloud_provider == 'gcp':
conf_parameter_name = '--spring.config.location='
with open('/root/templates/supervisor_svc.conf', 'r') as f:
text = f.read()
text = text.replace('WEB_CONF', datalab_conf_dir).replace('OS_USR', os_user) \
.replace('CONF_PARAMETER_NAME', conf_parameter_name)
with open('/root/templates/supervisor_svc.conf', 'w') as f:
f.write(text)
elif cloud_provider == 'aws' or 'azure':
conf_parameter_name = '--conf '
with open('/root/templates/supervisor_svc.conf', 'r') as f:
text = f.read()
text = text.replace('WEB_CONF', datalab_conf_dir).replace('OS_USR', os_user) \
.replace('CONF_PARAMETER_NAME', conf_parameter_name)
with open('/root/templates/supervisor_svc.conf', 'w') as f:
f.write(text)
conn.put('/root/templates/supervisor_svc.conf', '/tmp/supervisor_svc.conf')
conn.sudo('mv /tmp/supervisor_svc.conf ' + os.environ['ssn_datalab_path'] + 'tmp/')
conn.sudo('cp ' + os.environ['ssn_datalab_path'] +
'tmp/proxy_location_webapp_template.conf /etc/nginx/locations/proxy_location_webapp.conf')
conn.sudo('cp ' + os.environ['ssn_datalab_path'] + 'tmp/supervisor_svc.conf {}'.format(supervisor_conf))
conn.sudo('sed -i \'s=WEB_APP_DIR={}=\' {}'.format(web_path, supervisor_conf))
try:
conn.sudo('mkdir -p /var/log/application')
conn.run('mkdir -p /tmp/yml_tmp/')
for service in ['self-service', 'provisioning-service', 'billing']:
jar = conn.sudo('''bash -c 'cd {0}{1}/lib/; find {1}*.jar -type f' '''.format(web_path, service)).stdout
conn.sudo('ln -s {0}{2}/lib/{1} {0}{2}/{2}.jar '.format(web_path, jar, service))
conn.sudo('cp {0}/webapp/{1}/conf/*.yml /tmp/yml_tmp/'.format(datalab_path, service))
# Replacing Keycloak and cloud parameters
for item in json.loads(cloud_params):
if "KEYCLOAK_" in item['key']:
conn.sudo('sed -i "s|{0}|{1}|g" /tmp/yml_tmp/self-service.yml'.format(
item['key'], item['value']))
conn.sudo('sed -i "s|{0}|{1}|g" /tmp/yml_tmp/provisioning.yml'.format(
item['key'], item['value']))
conn.sudo('sed -i "s|SERVICE_BASE_NAME|{0}|g" /tmp/yml_tmp/self-service.yml'.format(service_base_name))
conn.sudo('sed -i "s|OPERATION_SYSTEM|redhat|g" /tmp/yml_tmp/self-service.yml')
conn.sudo('sed -i "s|<SSN_INSTANCE_SIZE>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(
os.environ['{0}_ssn_instance_size'.format(os.environ['conf_cloud_provider'])]))
if os.environ['conf_cloud_provider'] == 'azure':
conn.sudo('sed -i "s|<LOGIN_USE_LDAP>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(ldap_login))
conn.sudo('sed -i "s|<LOGIN_TENANT_ID>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(tenant_id))
conn.sudo('sed -i "s|<LOGIN_APPLICATION_ID>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(application_id))
conn.sudo('sed -i "s|<DATALAB_SUBSCRIPTION_ID>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(
subscription_id))
conn.sudo('sed -i "s|<MANAGEMENT_API_AUTH_FILE>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(
authentication_file))
conn.sudo('sed -i "s|<VALIDATE_PERMISSION_SCOPE>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(validate_permission_scope))
conn.sudo('sed -i "s|<LOGIN_APPLICATION_REDIRECT_URL>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(hostname))
conn.sudo('sed -i "s|<LOGIN_PAGE>|{0}|g" /tmp/yml_tmp/self-service.yml'.format(hostname))
# if os.environ['azure_datalake_enable'] == 'true':
# permission_scope = 'subscriptions/{}/resourceGroups/{}/providers/Microsoft.DataLakeStore/accounts/{}/providers/Microsoft.Authorization/'.format(
# subscription_id, service_base_name, data_lake_name
# )
# else:
# permission_scope = 'subscriptions/{}/resourceGroups/{}/providers/Microsoft.Authorization/'.format(
# subscription_id, service_base_name
# )
conn.sudo('mv /tmp/yml_tmp/* ' + os.environ['ssn_datalab_path'] + 'conf/')
conn.sudo('rmdir /tmp/yml_tmp/')
except Exception as err:
traceback.print_exc()
append_result("Unable to upload webapp jars. ", str(err))
sys.exit(1)
if billing_enabled:
conn.local('rsync -e "ssh -i {}" /root/scripts/configure_billing.py {}:/tmp/configure_billing.py'.format(keyfile,
host_string))
params = '--cloud_provider {} ' \
'--infrastructure_tag {} ' \
'--tag_resource_id {} ' \
'--billing_tag {} ' \
'--account_id {} ' \
'--billing_bucket {} ' \
'--aws_job_enabled {} ' \
'--report_path "{}" ' \
'--mongo_password {} ' \
'--datalab_dir {} ' \
'--authentication_file "{}" ' \
'--offer_number {} ' \
'--currency {} ' \
'--locale {} ' \
'--region_info {} ' \
'--datalab_id {} ' \
'--usage_date {} ' \
'--product {} ' \
'--usage_type {} ' \
'--usage {} ' \
'--cost {} ' \
'--resource_id {} ' \
'--tags {} ' \
'--billing_dataset_name "{}" ' \
'--keycloak_client_id {} ' \
'--keycloak_client_secret {} ' \
'--keycloak_auth_server_url {} '. \
format(cloud_provider,
service_base_name,
tag_resource_id,
billing_tag,
account_id,
billing_bucket,
aws_job_enabled,
report_path,
mongo_passwd,
datalab_path,
authentication_file,
offer_number,
currency,
locale,
region_info,
datalab_id,
usage_date,
product,
usage_type,
usage,
cost,
resource_id,
tags,
billing_dataset_name,
keycloak_client_id,
keycloak_client_secret,
keycloak_auth_server_url)
conn.sudo('python3 /tmp/configure_billing.py {}'.format(params))
try:
if os.environ['conf_stepcerts_enabled'] == 'true':
conn.sudo(
'openssl pkcs12 -export -in /etc/ssl/certs/datalab.crt -inkey /etc/ssl/certs/datalab.key -name ssn '
'-out ssn.p12 -password pass:{0}'.format(keystore_passwd))
conn.sudo('keytool -importkeystore -srckeystore ssn.p12 -srcstoretype PKCS12 -alias ssn -destkeystore '
'/home/{0}/keys/ssn.keystore.jks -deststorepass "{1}" -srcstorepass "{1}"'.format(
os_user, keystore_passwd))
conn.sudo('keytool -keystore /home/{0}/keys/ssn.keystore.jks -alias step-ca -import -file '
'/etc/ssl/certs/root_ca.crt -deststorepass "{1}" -srcstorepass "{1}" -noprompt'.format(
os_user, keystore_passwd))
conn.sudo('keytool -importcert -trustcacerts -alias step-ca -file /etc/ssl/certs/root_ca.crt '
'-noprompt -storepass changeit -keystore {1}/lib/security/cacerts'.format(os_user, java_path))
conn.sudo('keytool -importcert -trustcacerts -alias ssn -file /etc/ssl/certs/datalab.crt -noprompt '
'-storepass changeit -keystore {0}/lib/security/cacerts'.format(java_path))
else:
if os.environ['conf_letsencrypt_enabled'] == 'true':
print(
'Lets Encrypt certificates are not supported for redhat in datalab. Using self signed certificates')
conn.sudo('keytool -genkeypair -alias ssn -keyalg RSA -validity 730 -storepass {1} -keypass {1} \
-keystore /home/{0}/keys/ssn.keystore.jks -keysize 2048 -dname "CN=localhost"'.format(
os_user, keystore_passwd))
conn.sudo('keytool -exportcert -alias ssn -storepass {1} -file /etc/ssl/certs/datalab.crt \
-keystore /home/{0}/keys/ssn.keystore.jks'.format(os_user, keystore_passwd))
conn.sudo('keytool -importcert -trustcacerts -alias ssn -file /etc/ssl/certs/datalab.crt -noprompt \
-storepass changeit -keystore {1}/lib/security/cacerts'.format(os_user, java_path))
except:
append_result("Unable to generate cert and copy to java keystore")
sys.exit(1)
conn.sudo('systemctl restart supervisord')
conn.sudo('service nginx restart')
conn.sudo('touch ' + os.environ['ssn_datalab_path'] + 'tmp/ss_started')
except Exception as err:
traceback.print_exc()
print('Failed to start Self-service: ', str(err))
sys.exit(1)