Merge pull request #13 from fortinet-solutions-cse/v1.3

V1.3

Dockerfile

@@ -2,11 +2,15 @@
 #build cmd:
 # docker build --force-rm -t fortistacks-cli:1.2 .
 # docker build --force-rm -t fortistacks-cli .
-FROM ubuntu:16.04
-MAINTAINER Nicolas Thomas <thomnico@gmail.com>
+FROM ubuntu:18.04
+MAINTAINER Nicolas Thomas <nthomas@fortinet.com>
 #Update the Ubuntu software repository inside the dockerfile with the 'RUN' command.
-# Update Ubuntu Software repository
-RUN apt update && apt -y upgrade && apt -y install git python-pip wget  zile byobu bash sudo python-virtualenv wget git cloud-image-utils
-RUN pip install --upgrade pip && pip install python-novaclient==9.1.1 python-openstackclient python-heatclient
+RUN apt-get update && apt-get -y upgrade
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt -y install git python-pip wget zile byobu bash sudo python-virtualenv wget git cloud-image-utils python-openstackclient sudo
 RUN apt clean
+
+RUN groupadd -r ubuntu && useradd  -g ubuntu -G adm,sudo ubuntu -m -p fortinet && \
+    echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-nopasswd && chmod 640 /etc/sudoers.d/99-nopasswd
+USER ubuntu
 CMD ["/bin/bash"]

README-DockerClient.md

@@ -9,7 +9,7 @@ Copy your .rc file with the openstack credentials in fortistacks folder.
 
 From fortistacks folder:
 ```shell
-docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/root/.ssh/ --rm -i  --name fortistacks-cli  -h fortistacks-cli -t thomnico/fortinet-cse:fortistacks-cli-1.2
+docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/home/ubuntu/.ssh/ --rm -i  --name fortistacks-cli  -h fortistacks-cli -t thomnico/fortinet-cse:fortistacks-cli-1.3
 ```
 Or adapt to your folder layout.
 
@@ -27,6 +27,6 @@ Check Dockerfile in this folder to see how it is done.
 Have to use pinpoint version due to weeks long bugs in openstack clients.
 
 ```shell
-$ docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/root/.ssh/ --rm -i  --name fortistacks-cli  -h fortistacks-cli -t fortistacks-cli:1.2 
+$ docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/home/ubuntu/.ssh/ --rm -i  --name fortistacks-cli  -h fortistacks-cli -t fortistacks-cli:1.3 
  ```
 

cloudify/config.yaml

@@ -0,0 +1,343 @@
+manager:
+  # The manager's private IP address. This is the address which will be used by
+  # agent hosts to connect to the Manager's fileserver and message broker.
+  private_ip: ''
+
+  # An IP address by which the Manager is accessible externally, such as via the CLI
+  # or external clients. If not applicable, provide the same value as "private_ip".
+  public_ip: ''
+
+  # Provide an IP or hostname to be used in the local CLI profile on the manager.
+  # This might be useful when providing an external certificate.
+  cli_local_profile_host_name: 'localhost'
+
+  ######################################################################################
+  #
+  # As long as you have set the config entries above, you can install the manager with:
+  # cfy_manager install
+  # The rest of the configuration is only required if you need to change the defaults.
+  #
+  ######################################################################################
+
+  # This is set by the installer build script. Changing this will not change the edition
+  # you are using, but may cause interesting problems.
+  premium_edition: true
+
+  # Sets whether the first time the manager's VM is booted from a Cloudify manager image
+  # its private IP will be propagated to all relevant configuration files.
+  set_manager_ip_on_boot: false
+  security:
+    # When enabled, the external REST communication will be performed over HTTPS
+    ssl_enabled: false
+
+    # Username and password of the Cloudify Manager administrator.
+    admin_username: admin
+    # If admin_password is left blank, a password will be generated for you and provided
+    # to you at the end of the install process.
+    admin_password: ''
+
+manager-ip-setter:
+  sources:
+    manager_ip_setter_rpm: cloudify-manager-ip-setter-*.rpm
+
+provider_context:
+  workflows:
+    # Sets the number of times a failed task will be retried on recoverable error.
+    task_retries: 60
+
+    # Sets the interval between retry attempts in seconds.
+    task_retry_interval: 15
+
+  policy_engine:
+    start_timeout: 30
+
+  # An imported URL is prefix-matched against the key in each entry. If a match is found,
+  # then the URL prefix is replaced with the value of the corresponding entry.
+  # That allows serving YAML files from within the manager, even when the imported URL
+  # points to the external network.
+  import_resolver:
+    parameters:
+      rules:
+        - {'http://www.getcloudify.org/spec': 'file:///opt/manager/resources/spec'}
+        - {'http://cloudify.co/spec': 'file:///opt/manager/resources/spec'}
+        - {'https://www.getcloudify.org/spec': 'file:///opt/manager/resources/spec'}
+        - {'https://cloudify.co/spec': 'file:///opt/manager/resources/spec'}
+
+agent:
+  # A dict of network names and IP addresses associated with them.
+  # By default, there is only a "default" network, with the manager's
+  # private IP associated with it. This network can be overwritten
+  networks: {}
+  broker_port: 5671
+  min_workers: 2
+  max_workers: 5
+
+amqpinflux:
+  sources:
+    amqpinflux_source_url: cloudify-amqp-influx-*.x86_64.rpm
+
+influxdb:
+  # An IP Endpoint of your InfluxDB Cluster.
+  endpoint_ip: ''
+  sources:
+    influxdb_source_url: influxdb-0.8.8-1.x86_64.rpm
+
+rabbitmq:
+  # Sets the username/password to use for clients such as celery to connect to
+  # the rabbitmq broker. It is recommended that you set both the username and
+  # password to something reasonably secure.
+  username: cloudify
+  password: c10udify
+
+  # Sets the File Descriptor limit for the rabbitmq user.
+  # Not used if an external endpoint is used.
+  fd_limit: 102400
+  nodename: cloudify-manager@localhost
+  sources:
+    erlang_rpm_source_url: erlang-17.4-1.el6.x86_64.rpm
+    rabbitmq_rpm_source_url: rabbitmq-server-3.5.3-1.noarch.rpm
+    cloudify_rabbitmq_package: cloudify-rabbitmq-*.noarch.rpm
+
+  policy_metrics:
+    # Sets the number of milliseconds to wait before a message expires
+    # in the events queue. Not used if an external endpoint is used.
+    events_queue_message_ttl: 60000
+
+    # Sets the number of messages the events queue can hold. Note this is NOT
+    # the message byte length! Not used if an external endpoint is used.
+    # Note that for each of the queue length limit properties, new messages
+    # will be queued in RabbitMQ and old messages will be deleted once the
+    # limit is reached! https://www.rabbitmq.com/maxlength.html
+    events_queue_length_limit: 1000000
+
+    # Sets the number of milliseconds to wait before a message expires
+    # in the logs queue. Not used if an external endpoint is used.
+    logs_queue_message_ttl: 60000
+
+    # Sets the number of messages the logs queue can hold. Note this is NOT
+    # the message byte length! Not used if an external endpoint is used.
+    logs_queue_length_limit: 1000000
+
+    # Sets the number of milliseconds to wait before a message expires
+    # in the metrics queues. Not used if an external endpoint is used.
+    metrics_queue_message_ttl: 60000
+
+    # Sets the number of messages the metrics queues can hold. This applies to
+    # both the queue that amqp-influx pulls from and the ones Riemann pulls
+    # from. Note this is NOT the message byte length! Not used if an external
+    # endpoint is used.
+    metrics_queue_length_limit: 1000000
+
+postgresql:
+  sources:
+    libxslt_rpm_url: libxslt-1.1.28-5.el7.x86_64.rpm
+    ps_libs_rpm_url: postgresql95-libs-9.5.3-2PGDG.rhel7.x86_64.rpm
+    ps_rpm_url: postgresql95-9.5.3-2PGDG.rhel7.x86_64.rpm
+    ps_contrib_rpm_url: postgresql95-contrib-9.5.3-2PGDG.rhel7.x86_64.rpm
+    ps_server_rpm_url: postgresql95-server-9.5.3-2PGDG.rhel7.x86_64.rpm
+    ps_devel_rpm_url: postgresql95-devel-9.5.3-2PGDG.rhel7.x86_64.rpm
+    psycopg2_rpm_url: python-psycopg2-2.5.1-3.el7.x86_64.rpm
+
+  # Default values for the Postgres DB name, host, username and password
+  db_name: cloudify_db
+  host: localhost
+  username: cloudify
+  password: cloudify
+
+java:
+  sources:
+    java_source_url: jre1.8.0_45-1.8.0_45-fcs.x86_64.rpm
+
+logstash:
+  sources:
+    cloudify_logstash_source_url: cloudify-logstash-*.rpm
+
+stage:
+  # If set to true, Cloudify UI will not be installed
+  skip_installation: false
+  sources:
+    nodejs_source_url: node-v8.9.1-linux-x64.tar.xz
+    stage_source_url: cloudify-stage-*.tgz
+
+composer:
+  # If set to true, Cloudify Composer will not be installed
+  skip_installation: false
+  sources:
+    composer_source_url: cloudify-blueprint-composer-*.tgz
+
+python:
+  # Some plugins installed from sources require compilation - installs a
+  # compiler and the python headers to allow that.
+  install_python_compilers: false
+
+  # If set to true, python sources (e.g. pip) will be removed when
+  # uninstalling the Cloudify Manager. NOTE: only set to true if those
+  # dependencies weren't available before Cloudify Manager installation
+  remove_on_teardown: false
+  sources:
+    pip_source_url: python-pip-7.1.0-1.el7.noarch.rpm
+
+riemann:
+  sources:
+    daemonize_source_url: daemonize-1.7.3-7.el7.x86_64.rpm
+    riemann_source_url: riemann-0.2.6-1.noarch.rpm
+    cloudify_riemann_url: cloudify-riemann-*.rpm
+
+restservice:
+  log:
+    # Logging level for the REST service. Defaults to 'INFO', as 'DEBUG' may
+    # end up logging sensitive information.
+    level: INFO
+
+    # The size, in MB, that the REST service log file may grow to before it's
+    # rotated.
+    file_size: 100
+
+    # Number of historical log files to keep when rotating the REST service logs.
+    files_backup_count: 20
+
+  gunicorn:
+    # The number of gunicorn worker processes for handling requests. If the
+    # default value (0) is set, then min((2 * cpu_count + 1 processes), 12)
+    # will be used.
+    worker_count: 0
+
+    # Maximum number of gunicorn workers (if calculated automatically)
+    max_worker_count: 12
+
+    # The maximum number of requests a worker will process before restarting.
+    # If this is set to zero then the automatic worker restarts are disabled.
+    max_requests: 1000
+
+  ldap:
+    # LDAP server, admin username, admin password and domain
+    server: ''
+    username: ''
+    password: ''
+    domain: ''
+
+    # True if Active Directory will be used as the LDAP authenticator
+    is_active_directory: true
+
+    # Any extra LDAP information (separated by the `;` sign. e.g. a=1;b=2)
+    dn_extra: ''
+
+  sources:
+    agents_source_url: cloudify-agents-*.rpm
+    restservice_source_url: cloudify-rest-service-*.x86_64.rpm
+    premium_source_url: cloudify-premium-*.x86_64.rpm
+
+  # Minimum available memory for running list query on Manager host in MB.
+  min_available_memory_mb: 100
+
+  # Disables insecure REST endpoints
+  insecure_endpoints_disabled: true
+
+  # Port to be used by the REST service
+  port: 8100
+
+nginx:
+  sources:
+    nginx_source_url: nginx-1.13.7-1.el7_4.ngx.x86_64.rpm
+
+mgmtworker:
+  sources:
+    mgmtworker_source_url: cloudify-management-worker-*.x86_64.rpm
+
+  # Sets the logging level to use for the management workers. This affects the
+  # logging performed by the manager during the execution of management tasks,
+  # such as deployment creation and deployment deletion. NOTE: specifying
+  # "debug" will result in considerable amount of logging activity. Consider
+  # using "info" (or a more restrictive level) for production environments.
+  log_level: INFO
+
+  # Minimum number of worker processes maintained by the management worker.
+  min_workers: 2
+
+  # Maximum number of worker processes started by the management worker.
+  max_workers: 100
+
+  # Maximum number of manager-side tasks that can be performed concurrently.
+  # This is a performance measure to avoid deployments' starvation, in case
+  # a rogue deployment takes over all management workers.
+  gatekeeper_bucket_size: 25
+
+  # Additional environment variables to add to the management worker's service
+  # file.
+  extra_env: {}
+
+cli:
+  sources:
+    cli_source_url: cloudify-cli-*.x86_64.rpm
+
+sanity:
+  # If set to true, the sanity blueprint install/uninstall will not be
+  # performed during Cloudify Manager installation
+  skip_sanity: true
+  sources:
+    sanity_source_url: cloudify-hello-world-example-*.tar.gz
+
+dev:
+  # Constraints (in standard `pip` constraints format) to pass on to `pip`
+  # when installing overlays (such as `rest_service_source_url`, `dsl_parser_source_url`
+  # and so on). Example:
+  # requests==2.13.0
+  # requests-toolbelt==0.7.1
+  pip_constraints: ''
+  sources:
+    cloudify_resources_url: ''
+    amqpinflux_source_url: ''
+    rest_client_source_url: ''
+    plugins_common_source_url: ''
+    script_plugin_source_url: ''
+    agent_source_url: ''
+    dsl_parser_source_url: ''
+
+
+validations:
+  # If set to true, install/configuration validations will not be performed
+  skip_validations: false
+
+  # These allow to override specific validation values
+  # NOTE: We do not recommend changing these values unless you know exactly
+  # what you're doing.
+  minimum_required_total_physical_memory_in_mb: 3700
+
+  # Minimum required disk space on Manager host in GB.
+  minimum_required_available_disk_space_in_gb: 5
+
+  # Python version expected to be found on the machine
+  expected_python_version: '2.7'
+
+  # The only Linux distros fully supported, on which a Cloudify Manager can
+  # be installed
+  supported_distros: ['centos', 'redhat']
+
+  # The supported versions of the above distros
+  supported_distro_versions: ['7']
+
+ssl_inputs:
+  external_cert_path: ''
+  external_key_path: ''
+  internal_cert_path: ''
+  internal_key_path: ''
+  ca_cert_path: ''
+  ca_key_path: ''
+  ca_key_password: ''
+
+usage_collector:
+  collect_cloudify_uptime:
+    # True if the uptime collector will be installed
+    active: true
+
+    # Sets the interval between running the uptime collector in hours
+    interval_in_hours: 2
+
+  collect_cloudify_usage:
+    # True if the usage collector will be installed
+    active: true
+
+    # Sets the interval between running the usage collector in days
+    interval_in_days: 1
+
+flask_security: {}