Scripts and toolset dockerfile updates
Related-PROD: PROD-36856
Change-Id: Ie55bee2e7357c0f21b2a4d838c3db6ca9736568a
diff --git a/k8s/docker-mos-toolset-full b/k8s/docker-mos-toolset-full
index 161437d..b9a2c28 100644
--- a/k8s/docker-mos-toolset-full
+++ b/k8s/docker-mos-toolset-full
@@ -16,7 +16,7 @@
RUN export TZ="America/Chicago" && \
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && \
- apt-get install -y python3-pip python3-venv vim git iperf3 mtr htop iputils-ping traceroute tcpdump wget iproute2 curl screen
+ apt-get install -y python3-pip python3-venv vim git iperf3 mtr htop iputils-ping traceroute tcpdump wget iproute2 curl screen qemu-utils
RUN pip3 install --no-cache-dir python-openstackclient python-neutronclient python-heatclient pyghmi python-octaviaclient tempestparser python-ironicclient aodhclient gnocchiclient python-barbicanclient python-glanceclient
diff --git a/k8s/rally-pod-init.sh b/k8s/rally-pod-init.sh
new file mode 100644
index 0000000..5015cb5
--- /dev/null
+++ b/k8s/rally-pod-init.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+echo "Updating permnimssions in rally pod"
+kubectl -n qa-space exec --tty --stdin rally -- sudo chown -R rally /artifacts
+echo "Copy mod kubeconfig to rally pod"
+kubectl cp $MY_PROJFOLDER/envs/mos-kubeconfig.yaml qa-space/rally:/artifacts/mos-kubeconfig.yaml
+echo "Copy scenarios to rally pod"
+kubectl cp $MY_PROJFOLDER/res-files/k8s/rally-files qa-space/rally:/artifacts/
+echo "Init rally pod"
+kubectl -n qa-space exec --tty --stdin rally -- bash /artifacts/rally-files/init-rally.sh
+echo "Done"
diff --git a/k8s/si-tests.tgz b/k8s/si-tests.tgz
index 385a410..ea64ae0 100644
--- a/k8s/si-tests.tgz
+++ b/k8s/si-tests.tgz
Binary files differ
diff --git a/scripts/image_cert.cnf b/scripts/image_cert.cnf
new file mode 100644
index 0000000..f56faf4
--- /dev/null
+++ b/scripts/image_cert.cnf
@@ -0,0 +1,34 @@
+# OpenSSL configuration file for creating a CSR for a server certificate
+# Adapt at least the FQDN and ORGNAME lines, and then run
+# openssl req -new -config myserver.cnf -keyout myserver.key -out myserver.csr
+# on the command line.
+
+# the fully qualified server (or service) name
+FQDN = mirantis.com
+
+# the name of your organization
+# (see also https://www.switch.ch/pki/participants/)
+ORGNAME = Mirantis Inc
+
+# subjectAltName entries: to add DNS aliases to the CSR, delete
+# the '#' character in the ALTNAMES line, and change the subsequent
+# 'DNS:' entries accordingly. Please note: all DNS names must
+# resolve to the same IP address as the FQDN.
+ALTNAMES = DNS:$FQDN # , DNS:bar.example.org , DNS:www.foo.example.org
+
+# --- no modifications required below ---
+[ req ]
+default_bits = 2048
+default_md = sha256
+prompt = no
+encrypt_key = no
+distinguished_name = dn
+req_extensions = req_ext
+
+[ dn ]
+C = CH
+O = $ORGNAME
+CN = $FQDN
+
+[ req_ext ]
+subjectAltName = $ALTNAMES
diff --git a/scripts/manual_create_signed_images.sh b/scripts/manual_create_signed_images.sh
index bab2c93..ee596b5 100644
--- a/scripts/manual_create_signed_images.sh
+++ b/scripts/manual_create_signed_images.sh
@@ -1,40 +1,47 @@
#!/bin/bash
-# Preparing secretp
+
+echo "Preparing certs"
openssl genrsa -out image_key.pem 1024
openssl rsa -pubout -in image_key.pem -out image_key.pem.pub
-openssl req -new -key image_key.pem -out image_req.crt
+openssl req -new -key image_key.pem -out image_req.crt -config image_crt.cnf
openssl x509 -req -days 180 -in image_req.crt -signkey image_key.pem -out image_cert.crt
-# Save secret to Barbican storage
-openstack secret store --name cvp.images --algorithm RSA --expiration 2023-06-15 --secret-type certificate --payload-content-type "application/octet-stream" --payload-content-encoding base64 --payload "$(base64 image_cert.crt)"
+echo "Save secret to Barbican storage"
+openstack secret store --name cvp.images --algorithm RSA --expiration $(date +"%Y-%m-%d" -d "180 days") --secret-type certificate --payload-content-type "application/octet-stream" --payload-content-encoding base64 --payload "$(base64 image_cert.crt)"
-# save ID from "Secret href" property
-export s_uuid=1149deef-13b1-4ace-8aef-613466ef6fe7
+echo "Exporting ID from 'Secret href' property"
+export s_uuid=$(openstack secret list --name cvp.images -c "Secret href" -f value | rev | cut -d'/' -f1 | rev)
+echo "Exported '$s_uuid'"
-# To Raw
+echo "Converting images to Raw"
qemu-img convert -f qcow2 -O raw -p cvp.ubuntu.2004 /var/tmp/cvp.ubuntu.2004.raw
qemu-img convert -f qcow2 -O raw -p cvp.ubuntu.1604 /var/tmp/cvp.ubuntu.1604.raw
qemu-img convert -f qcow2 -O raw -p cvp.cirros.51 /var/tmp/cvp.cirros.51.raw
qemu-img convert -f qcow2 -O raw -p cvp.cirros.52 /var/tmp/cvp.cirros.52.raw
-# Sign images
+echo "Signing images"
openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.cirros.51.raw.signature /var/tmp/cvp.cirros.51.raw
openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.cirros.52.raw.signature /var/tmp/cvp.cirros.52.raw
openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.ubuntu.1604.raw.signature /var/tmp/cvp.ubuntu.1604.raw
openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.ubuntu.2004.raw.signature /var/tmp/cvp.ubuntu.2004.raw
+echo "Generating base64 equivalents"
base64 -w 0 cvp.cirros.51.raw.signature >cvp.cirros.51.raw.signature.b64
base64 -w 0 cvp.cirros.52.raw.signature >cvp.cirros.52.raw.signature.b64
base64 -w 0 cvp.ubuntu.1604.raw.signature >cvp.ubuntu.1604.raw.signature.b64
base64 -w 0 cvp.ubuntu.2004.raw.signature >cvp.ubuntu.2004.raw.signature.b64
+echo "Exporting vars"
export cirros51_sign=$(cat cvp.cirros.51.raw.signature.b64)
export cirros52_sign=$(cat cvp.cirros.52.raw.signature.b64)
export ubuntu1604_sign=$(cat cvp.ubuntu.1604.raw.signature.b64)
export ubuntu2004_sign=$(cat cvp.ubuntu.2004.raw.signature.b64)
-# Upload
+echo "Uploading 'cvp.cirros.51.raw.signed''"
glance image-create --name cvp.cirros.51.raw.signed --container-format bare --disk-format raw --property img_signature="$cirros51_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.cirros.51.raw
+echo "Uploading 'cvp.cirros.52.raw.signed''"
glance image-create --name cvp.cirros.52.raw.signed --container-format bare --disk-format raw --property img_signature="$cirros52_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.cirros.52.raw
+echo "Uploading 'cvp.ubuntu.1604.raw.signed''"
glance image-create --name cvp.ubuntu.1604.raw.signed --container-format bare --disk-format raw --property img_signature="$ubuntu1604_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.ubuntu.1604.raw
+echo "Uploading 'cvp.ubuntu.2004.raw.signed''"
glance image-create --name cvp.ubuntu.2004.raw.signed --container-format bare --disk-format raw --property img_signature="$ubuntu2004_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.ubuntu.2004.raw