Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- set -e
- kafkaProducer() {
- echo "Post Kafka message for resource with id $1"
- KAFKA_POST_MSG="bin/kafka-console-producer.sh --producer.config /opt/kafka/ssl/vault/client-ssl.properties --broker-list kafka-svc:9092 --topic rawUCMDBNotification --property 'parse.key=true' --property 'key.separator=@' <<EOF
- UKEY470@{\"action\":\"DELETE\",\"time\":\"2018-12-14T13:24:32Z\",\"ci\":{\"ucmdbId\":\"$1\",\"type\":\"host_node\",\"properties\":{}}}
- EOF"
- echo "KAFKA POST MSG:"
- echo "$KAFKA_POST_MSG"
- kubectl exec -t -n ${DCA_NS} ${KAFKA_POD} -c kafka -- sh -c "$KAFKA_POST_MSG"
- }
- setupKafka() {
- KAFKA_POD=`kubectl get po -n${DCA_NS} | grep -i running | grep kafka-broker-1 | grep -Po "^\S+"`
- echo "Using KAFKA pod: ${KAFKA_POD}"
- KAFKA_CLIENT_SCRIPT="cat << EOF > test-kafka-client2.sh
- #!/bin/bash
- cd /opt/kafka/ssl/vault
- openssl pkcs12 -export -name servercert -in server.crt -inkey server.key -out keystore.p12 -password pass:changeit
- keytool -delete -alias servercert -destkeystore keystore.jks -deststorepass changeit || true
- keytool -noprompt -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias servercert -srcstorepass changeit -deststorepass changeit
- (csplit -z -f singlecert- issue_ca.crt '/-----BEGIN CERTIFICATE-----/' '{*}' && \
- ls singlecert-* | xargs -i{} -n1 keytool -delete -alias {} -file {} -keystore cacerts -storepass changeit -noprompt; \
- ls singlecert-* | xargs -i{} -n1 keytool -importcert -alias {} -trustcacerts -file {} -keystore cacerts -storepass changeit -noprompt; \
- rm -rf singlecert-* )
- touch client-ssl.properties
- echo 'security.protocol=SSL
- ssl.truststore.location=/opt/kafka/ssl/vault/cacerts
- ssl.truststore.password=changeit
- ssl.keystore.location=/opt/kafka/ssl/vault/keystore.jks
- ssl.keystore.password=changeit' > client-ssl.properties
- EOF
- chmod +x test-kafka-client2.sh
- ./test-kafka-client2.sh
- "
- kubectl exec -t -n ${DCA_NS} ${KAFKA_POD} -c kafka -- sh -c "$KAFKA_CLIENT_SCRIPT"
- }
- INGRESS_FQDN=`hostname -f`
- echo "Using Ingress FQDN: ${INGRESS_FQDN}"
- DCA_NS=`kubectl get ns | grep dca | cut -f1 -d" "`
- echo "Using DCA namespace: ${DCA_NS}"
- DCA_API_POD=`kubectl get po -n${DCA_NS} | grep -i running | grep dca-api-deploy- | grep -Po "^\S+"`
- echo "Using DCA API pod: ${DCA_API_POD}"
- echo "Retrieving DCA admin credentials..."
- DCA_ADMIN_USER=`kubectl exec -ti -n${DCA_NS} ${DCA_API_POD} -c dca-api -- get_secret DCA_USERNAME_KEY | sed 's/PASS=//' | tr -d '\r'`
- DCA_ADMIN_PASSWORD=`kubectl exec -ti -n${DCA_NS} ${DCA_API_POD} -c dca-api -- get_secret DCA_PASSWORD_KEY | sed 's/PASS=//' | tr -d '\r'`
- echo "Retrieving IDM transport credentials..."
- IDM_TRANSPORT_USER=`kubectl exec -ti -n${DCA_NS} ${DCA_API_POD} -c dca-api -- get_secret IDM_TRANSPORT_USERNAME_KEY | sed 's/PASS=//' | tr -d '\r'`
- IDM_TRANSPORT_PASSWORD=`kubectl exec -ti -n${DCA_NS} ${DCA_API_POD} -c dca-api -- get_secret IDM_TRANSPORT_PASSWORD_KEY | sed 's/PASS=//' | tr -d '\r'`
- IDM_BASIC_AUTH=`echo -n ${IDM_TRANSPORT_USER}:${IDM_TRANSPORT_PASSWORD} | base64`
- echo "Retrieving IDM auth token ..."
- IDM_AUTH_RESPONSE=`curl -ks -H "Content-Type: application/json;charset=utf-8" -H "Authorization: Basic $IDM_BASIC_AUTH" -d @- "https://$INGRESS_FQDN:5443/idm-service/v2.0/tokens" <<EOF
- {"passwordCredentials": {"password": "$DCA_ADMIN_PASSWORD","username": "$DCA_ADMIN_USER"},"tenantName": "provider"}
- EOF`
- XAUTH_TOKEN=`echo "$IDM_AUTH_RESPONSE" | jq -r .token.id`
- echo "Retrieving all DCA resources"
- PGUSER=`kubectl exec -ti -ndca1 $DCA_API_POD -c dca-api -- get_secret DCA_DB_USER_KEY | sed 's/PASS=//' | tr -d '\r'`
- PGPASSWORD=`kubectl exec -ti -ndca1 $DCA_API_POD -c dca-api -- get_secret DCA_DB_PASSWORD_KEY | sed 's/PASS=//' | tr -d '\r'`
- PGNODE1=`kubectl get po -n core | grep itom-postgresql-node1- | grep -Po "^\S+"`
- kubectl exec -t -ncore $PGNODE1 -c itom-postgresql-node1 -- sh -c "PGPASSWORD=$PGPASSWORD psql -t -U db_admin -h cdf-pgnode1 -d dca_db -c 'SELECT resource_uuid FROM RESOURCE_VW;'" | tr -d '\r' | head -n -1 | sed 's/^ *//' > all-dca-resources.txt
- echo "Determining the list of DCA resources that are not available in UCMDB"
- UCMDB_PASSWORD=`kubectl exec -ti -n${DCA_NS} ${DCA_API_POD} -c dca-api -- get_secret ADMIN_PASSWORD_VAULT_KEY | sed 's/PASS=//' | tr -d '\r'`
- UCMDB_AUTH_RESPONSE=`curl -X POST -ks -d @- -H "Content-Type: application/json" "https://${INGRESS_FQDN}:33111/rest-api/authenticate"<<EOF
- {"username": "admin", "password": "$UCMDB_PASSWORD", "clientContext": 1}
- EOF`
- UCMDB_AUTH_TOKEN=`echo "$UCMDB_AUTH_RESPONSE" | jq -r .token`
- for RESOURCE_ID in $(cat all-dca-resources.txt)
- do
- RESP_CODE=`curl -ks -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${UCMDB_AUTH_TOKEN}" "https://${INGRESS_FQDN}:33111/rest-api/dataModel/ci/${RESOURCE_ID}"`
- if [ "$RESP_CODE" -eq "200" ] ; then
- echo "Resource $RESOURCE_ID found in UCMDB"
- # remove next line in prod.
- elif [ "$RESP_CODE" -eq "404" ] ; then
- echo "Resource $RESOURCE_ID does not exist in UCMDB"
- echo $RESOURCE_ID >> dca-resources-not-in-ucmdb.txt
- else
- echo "The call to UCMDB failed: HTTP [${RESP_CODE}]"
- fi
- done
- echo "Setup Kafka client"
- setupKafka
- echo "Removing DCA resources not fuond in UCMDB"
- for RESOURCE_ID in $(cat dca-resources-not-in-ucmdb.txt)
- do
- kafkaProducer $RESOURCE_ID
- done
- echo "All done! exiting..."
- set +e
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement