Orchestration updated with adapter-cli integration

modules/fmo-adapter/assets/orchestrate.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 
 CWD=${PWD}
 RUNNING=/tmp/orchestrate_running
-PROVISIONED=/tmp/provisioned_drones
+PREPARED=/tmp/prepared_drones
 STARTED=/tmp/started_drones
 
 if [ -f ${RUNNING} ]; then
@@ -14,7 +14,7 @@ fi
 
 touch ${STARTED}
 touch ${RUNNING}
-rm -f ${PROVISIONED}
+rm -f ${PREPARED}
 
 RET=2
 DEFAULT_DIR="/var/lib/fogdata/adapter"
@@ -32,12 +32,6 @@ do_exit() {
         fi
     fi
 
-    local prov_pid=$(ps f -u ${USER} | grep "provisioning-server" | grep -v grep | awk '{print $1}')
-    if [ "${prov_pid}x" != "x" ]; then
-        echo "Stopping provisioning-server..."
-        kill ${prov_pid}
-    fi
-
     if [ "${PCSCD_PID}x" != "x" ]; then
         echo "Stopping pcscd..."
         kill ${PCSCD_PID}
@@ -61,8 +55,6 @@ COMPOSE_IMAGE=""
 # Components
 COMPONENT_FILE=""
 MANIFEST_FILE=""
-PROVISIONING_IMAGE=""
-REGISTRATION_IMAGE=""
 
 docker_login() {
     docker-login.sh
@@ -128,59 +120,17 @@ get_compose_data() {
 prepare_components() {
     # extract required components' images into ${COMPONENT_FILE}
     jq '[ .Components[] |
-        select(.Name == "registration-agent" or .Name == "pkcs11-proxy" or
+        select(.Name == "pkcs11-proxy" or
         .Name == "certificate-setup" or .Name == "fog-navigation-lite" or
         .Name == "telem-nats" or .Name == "path-worker" or
         .Name == "swarm-agent" or .Name == "sec-udp-rev-proxy" or
         .Name == "nats-server-swarm" or .Name == "mocap-pose" or
-        .Name == "ntrip-client" or .Name == "trajectory-multicast" or
-        .Name == "provisioning-server") |
+        .Name == "ntrip-client" or .Name == "trajectory-multicast") |
         {(.Name|tostring): .Artifacts[].ImageRef}] | add' ${MANIFEST_FILE} >${COMPONENT_FILE}
-
-    REGISTRATION_IMAGE=$(grep "registration-agent" ${COMPONENT_FILE} | awk '{print $2}' | tr -d '",')
-    PROVISIONING_IMAGE=$(grep "provisioning-server" ${COMPONENT_FILE} | awk '{print $2}' | tr -d '",')
-}
-
-# Using local provisioning server instance for convenience because
-# 1. using an official provisioning server requires waking up internal wifi adapter
-#    and some forwarding rules in place
-# 2. official provisioning server is not always in your reach
-start_provisioning_server() {
-    local container_id=$(docker create ${PROVISIONING_IMAGE})
-    docker cp $container_id:/app/provisioning-server ${WORK_DIR}
-    docker rm $container_id
-
-    local cfg_file=$(find ./data -name "*_cfg.json" | head -1)
-
-    echo "Using ${cfg_file} for provisioning server configuration"
-
-    mustache --override ${COMPONENT_FILE} ${cfg_file} ${WORK_DIR}/templates/provisioning-server-env.template >${WORK_DIR}/.env
-
-    local PKCS11_MODULE=/run/current-system/sw/lib/libykcs11.so
-    if [ ! -f ${PKCS11_MODULE} ]; then
-        echo 'Could not locate "libykcs11.so", exiting'
-        do_exit
-    fi
-
-    local ENGINE=$(find /run/current-system/sw/lib/ -name "libpkcs11.so" | grep "engine" | head -1)
-    if [ ! -f ${ENGINE} ]; then
-        echo 'Could not locate PKCS#11 engine, exiting'
-        do_exit
-    fi
-
-    sed -i "s|xyzPATHxyz|${WORK_DIR}|g" ${WORK_DIR}/.env
-    sed -i "s|xyzPKCS11xyz|${PKCS11_MODULE}|g" ${WORK_DIR}/.env
-    sed -i "s|xyzPINxyz|${PIN}|g" ${WORK_DIR}/.env
-    sed -i "s|xyzENGINExyz|${ENGINE}|g" ${WORK_DIR}/.env
-
-    ${WORK_DIR}/provisioning-server &
-    # A nap to get output synced
-    sleep 1
-    echo "Provisioning server started..."
 }
 
 prepare_drones() {
-    for cfg_file in ${WORK_DIR}/data/*_cfg.json; do
+    for cfg_file in $(find ${WORK_DIR}/data/devices/ -name "*_cfg.json"); do
         local reply=""
         read -p "Do you want to add device configuration $(basename ${cfg_file}) to adapter [Y/n]: " reply
         if [ "${reply^^}" == "N" ]; then
@@ -190,6 +140,18 @@ prepare_drones() {
         local device_alias=$(grep "device_alias" ${cfg_file} | awk '{print $2}' | tr -d '",')
         local device_dir="${WORK_DIR}/devices/${device_alias}"
 
+        if [ -d ${device_dir} ]; then
+            reply=""
+            read -p "Device configuration already exists, override [Y/n]: " reply
+            if [ "${reply^^}" == "N" ]; then
+                echo "Skipping ${device_alias}."
+                continue
+            fi
+
+            echo "Removing existing ${device_dir} with sudo to remove any related HSM."
+            sudo rm -rf ${device_dir}
+        fi
+
         mkdir -p ${device_dir}
         mkdir -p ${device_dir}/cfg
         mkdir -p ${device_dir}/cfg/sec-udp
@@ -205,68 +167,32 @@ prepare_drones() {
         cp ${WORK_DIR}/data/DEFAULT_FASTRTPS_PROFILES_1.xml ${device_dir}/mount
         cp ${WORK_DIR}/templates/softhsm2.conf ${device_dir}/softhsm
 
-        grep "provisioning_nats_url" ${cfg_file} | awk '{print $2}' | tr -d '",' >${device_dir}/cfg/service_nats_url.txt
+        local src_dir=$(dirname ${cfg_file})
+
+        cp ${src_dir}/device-provisioned.json ${device_dir}/cfg/
+        cp ${src_dir}/device-registered.txt ${device_dir}/cfg/
+        cp ${src_dir}/serial-number.txt ${device_dir}/cfg/
+        cp ${src_dir}/service_nats_url.txt ${device_dir}/cfg/
+
+        cp ${src_dir}/*.pem ${device_dir}/cert/
 
-        mustache --override ${COMPONENT_FILE} ${cfg_file} ${WORK_DIR}/templates/register-env.template >${device_dir}/register-env.list
         mustache --override ${COMPONENT_FILE} ${cfg_file} ${WORK_DIR}/templates/compose.template >${device_dir}/docker-compose.yaml
-        mustache --override ${COMPONENT_FILE} ${cfg_file} ${WORK_DIR}/templates/certificate-setup.template >${device_dir}/certificate-setup.json
+        mustache --override ${src_dir}/device-provisioned.json ${cfg_file} ${WORK_DIR}/templates/certificate-setup.template >${device_dir}/certificate-setup.json
         mustache --override ${COMPONENT_FILE} ${cfg_file} ${WORK_DIR}/templates/proxy.template >${device_dir}/proxy-compose.yaml
         mustache ${cfg_file} ${WORK_DIR}/templates/nats-server-conf.template >${device_dir}/cfg/nats-server.conf
         mustache ${cfg_file} ${WORK_DIR}/templates/config-fmo-mavlink.template >${device_dir}/cfg/sec-udp/config-fmo-mavlink.yaml
 
-        docker run --network host --rm --name registration-agent \
-            --env-file ${device_dir}/register-env.list --volume ${device_dir}:/data \
-            --user $(id -u ${USER}):$(id -g ${USER}) ${REGISTRATION_IMAGE} provision
-        if (( $? != 0 )); then
-            echo "Provisioning device \"${device_alias}\" failed."
-            reply=""
-            read -p "Do you want to check configuration and retry provisioning [Y/n]" reply
-            if [ "${reply^^}" == "N" ]; then
-                continue
-            fi
-
-            read -p "Press <Enter> when ready to retry"
-            docker run --network host --rm --name registration-agent \
-                --env-file ${device_dir}/register-env.list --volume ${device_dir}:/data \
-                --user $(id -u ${USER}):$(id -g ${USER}) ${REGISTRATION_IMAGE} provision
-            if (( $? != 0 )); then
-                echo "Provisioning device \"${device_alias}\" failed again, skipping it."
-                continue
-            fi
-        fi
-
-        mustache ${cfg_file} ${WORK_DIR}/templates/serial-number.template >${device_dir}/cfg/serial-number.txt
-        mustache ${cfg_file} ${WORK_DIR}/templates/device-registered.template >${device_dir}/cfg/device-registered.txt
-
-        # Registering to be implemented in a later phase
-        # docker run --network host --rm --name registration-agent \
-        #     --env-file ${device_dir}/register-env.list --volume ${device_dir}:/data \
-        #     --user $(id -u ${USER}):$(id -g ${USER}) ${REGISTRATION_IMAGE} register
-
-        # if [ ! -f ${device_dir}/device-registered.txt ]; then
-        #     echo "Provisioning device \"${device_alias}\" failed."
-        #     do_exit
-        # fi
-
-        local drone_device_id=$(openssl x509 -in ${device_dir}/cert/client-certificate.pem -text | grep "Subject: CN" | awk '{split($0,a,"/"); print a[4]}')
-        local swarm_id=$(cat ${device_dir}/cfg/device-registered.txt | grep "\"swarm\"" | awk '{print $2}' | tr -d '",')
-
-        sed -i "s/xyzXYZxyz/${drone_device_id}/g" ${device_dir}/docker-compose.yaml
-        sed -i "s/xyzXYZxyz/${drone_device_id}/g" ${device_dir}/cfg/device-registered.txt
-        sed -i "s/xyzSWARMxyz/${swarm_id}/g" ${device_dir}/certificate-setup.json
-        sed -i "s/xyzXYZxyz/${drone_device_id}/g" ${device_dir}/certificate-setup.json
-
         setup_certificates ${device_alias} ${cfg_file}
 
         local profiles=$(grep "\"profiles\"" ${cfg_file} | awk '{print $2}' | tr -d '"')
         if [ "${profiles}x" != "x" ]; then
             device_alias="${device_alias},${profiles}"
         fi
 
-        echo "${device_alias}" >>${PROVISIONED}
+        echo "${device_alias}" >>${PREPARED}
     done
 
-    read -p "Drones provisioned, Yubikey may be removed, press <Enter> to continue"
+    read -p "Drones prepared, Yubikey may be removed, press <Enter> to continue"
 }
 
 setup_certificates() {
@@ -284,10 +210,10 @@ setup_certificates() {
 }
 
 start_drones() {
-    local provisioned=$(cat ${PROVISIONED} | sort -u)
+    local prepared=$(cat ${PREPARED} | sort -u)
     local started=$(cat ${STARTED})
 
-    for drone in ${provisioned[@]}; do
+    for drone in ${prepared[@]}; do
         local split=(${drone//,/ })
         local device_alias=${split[0]}
 
@@ -406,8 +332,8 @@ mkdir -p ${WORK_DIR}/devices/common
 COMPONENT_FILE="${WORK_DIR}/data/components.json"
 MANIFEST_FILE="${WORK_DIR}/data/manifest.json"
 
-# echo "Logging in ghcr.io"
-# docker_login
+echo "Logging in ghcr.io"
+docker_login
 echo "Starting Smart Card daemon if needed"
 start_pcscd
 echo "Checking Yubikey accessibility"
@@ -416,8 +342,6 @@ echo "Acquiring adapter configuration and data"
 get_compose_data
 echo "Preparing needed components"
 prepare_components
-echo "Starting local provisioning server instance"
-start_provisioning_server
 
 create_pkcs11_network