3 # ============LICENSE_START====================================================
5 # ===========================================================================
6 # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
7 # ===========================================================================
8 # Licensed under the Apache License, Version 2.0 (the "License");
9 # you may not use this file except in compliance with the License.
10 # You may obtain a copy of the License at
12 # http://www.apache.org/licenses/LICENSE-2.0
14 # Unless required by applicable law or agreed to in writing, software
15 # distributed under the License is distributed on an "AS IS" BASIS,
16 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 # See the License for the specific language governing permissions and
18 # limitations under the License.
19 # ============LICENSE_END====================================================
21 # This script is run when starting client Container.
22 # It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
26 # error handling. REQUIRED: if this script fails, it must give non-zero exit value
28 # We exit non-zero with an explanation echod to standard
29 # out in some situations, like bad input or failed keygen.
30 # We exit non-zero without explanation in other situations
31 # like command not found, or file access perms error.
33 # exit without explaining to stdout if some error
36 [ -z "$JAVA_HOME" ] && { echo FAILURE: JAVA_HOME is not set; exit 1;}
37 JAVA=${JAVA_HOME}/bin/java
39 [ -e ${JAVA_HOME} ] || { echo FAILURE: java home does not exist: ${JAVA_HOME}; exit 1;}
40 [ -e ${JAVA} ] || { echo FAILURE: java executable does not exist: ${JAVA}; exit 1;}
42 AAF_INTERFACE_VERSION=2.1
44 # Extract Name, Domain and NS from FQI
45 [ -z "$APP_FQI" ] && { echo FAILURE: APP_FQI is not set; exit 1; }
47 FQIA=($(echo ${APP_FQI} | tr '@' '\n'))
50 [ -z "$FQI_SHORT" ] && { echo FAILURE: malformed APP_FQI, should be like email form: name@domain; exit 1; }
51 [ -z "$FQI_DOMAIN" ] && { echo FAILURE: malformed APP_FQI, should be like email form: name@domain; exit 1; }
53 # Reverse DOMAIN for NS
54 FQIA_E=($(echo ${FQI_DOMAIN} | tr '.' '\n'))
55 for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do
56 NS=${NS}${FQIA_E[i]}'.'
59 CONFIG=${CONFIG:-"/opt/app/aaf_config"}
61 # perhaps AAF HOME? (root of aaf installation)
62 OSAAF=${OSAAF:-"/opt/app/osaaf"}
64 # this is the 'place' operation's destination
65 LOCAL=${LOCAL:-"$OSAAF/local"}
66 DOT_AAF=${DOT_AAF:-"${HOME}/.aaf"}
67 SSO="$DOT_AAF/sso.props"
70 backupDir=${BACKUP_DIR:-${LOCAL}}
72 if [ -e "$CONFIG" ]; then
73 CONFIG_BIN="$CONFIG/bin"
78 AGENT_JAR="$CONFIG_BIN/aaf-cadi-aaf-*-full.jar"
80 JAVA_AGENT="$JAVA -Dcadi_loglevel=DEBUG -Dcadi_etc_dir=${LOCAL} -Dcadi_log_dir=${LOCAL} -jar $AGENT_JAR "
84 if stat -t *.backup > /dev/null 2>&1; then
85 # move them somewhere else?
86 if [ "${backupDir}" != "${LOCAL}" ]; then
88 mv -f ${LOCAL}/*.backup ${backupDir}
93 # Setup SSO info for Deploy ID
94 function sso_encrypt() {
95 $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile || {
96 echo agent fails to digest password
101 # Setup Bash, first time only, Agent only
102 if [ ! -f "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then
103 echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" >> $HOME/.bashrc
104 chmod a+x $CONFIG_BIN/agent.sh
108 if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then
110 base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
113 # Create Deployer Info, located at /root/.aaf
114 if [ ! -e "$DOT_AAF/keyfile" ]; then
116 $JAVA_AGENT cadi keygen $DOT_AAF/keyfile || {
117 echo "Cannot create $DOT_AAF/keyfile"
121 chmod 400 $DOT_AAF/keyfile
125 if [ ! -e "${SSO}" ]; then
126 echo Creating and adding content to ${SSO}
127 echo "cadi_keyfile=$DOT_AAF/keyfile" > ${SSO}
129 # Add Deployer Creds to Root's SSO
130 DEPLOY_FQI="${DEPLOY_FQI:=$app_id}"
131 echo "aaf_id=${DEPLOY_FQI}" >> ${SSO}
132 if [ ! "${DEPLOY_PASSWORD}" = "" ]; then
133 echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO}
136 # Cover case where using app.props
137 aaf_locator_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS}
138 if [ "$aaf_locator_container" = "docker" ]; then
139 echo "aaf_locate_url=https://aaf-locate:8095" >> ${SSO}
140 echo "aaf_url_cm=https://aaf-cm:8150" >> ${SSO}
141 echo "aaf_url=https://aaf-service:8100" >> ${SSO}
143 echo "aaf_locate_url=https://${aaf_locator_fqdn}:8095" >> ${SSO}
144 echo "aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%NS.cm:2.1" >> ${SSO}
145 echo "aaf_url=https://AAF_LOCATE_URL/%CNS.%NS.service:2.1" >> ${SSO}
148 echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO}
149 echo "cadi_truststore_password=changeit" >> ${SSO}
150 echo "cadi_latitude=${LATITUDE}" >> ${SSO}
151 echo "cadi_longitude=${LONGITUDE}" >> ${SSO}
152 echo "hostname=${aaf_locator_fqdn}" >> ${SSO}
154 # Push in all AAF and CADI properties to SSO
156 if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then
157 # Use Deployer ID in ${SSO}
158 if [ "app_id" != "${E%=*}" ]; then
167 echo "Caller Properties Initialized"
172 # Check for local dir
173 if [ -d $LOCAL ]; then
177 echo "Created $LOCAL"
181 echo "Existing files in $LOCAL"
184 # Should we refresh the client version??
185 if [ "${VERSION}" != "$(cat ${LOCAL}/VERSION 2> /dev/null)" ]; then
186 echo "Clean up directory ${LOCAL}"
189 echo "${VERSION}" > $LOCAL/VERSION
191 echo "#!/bin/bash" > $LOCAL/agent
192 echo 'java -jar aaf-cadi-aaf-*-full.jar $*' >> $LOCAL/agent
193 echo "#!/bin/bash" > $LOCAL/cadi
194 echo 'java -jar aaf-cadi-aaf-*-full.jar cadi $*' >> $LOCAL/cadi
195 chmod 755 $LOCAL/agent $LOCAL/cadi
198 echo "Namespace is ${NS}"
200 # Only initialize once, automatically...
201 if [ ! -f $LOCAL/${NS}.props ]; then
202 [ -z "$APP_FQDN" ] && { echo FAILURE: APP_FQDN is not set; exit 1; }
204 echo "#### Create Configuration files "
206 $JAVA_AGENT config $APP_FQI $APP_FQDN --nopasswd || {
207 echo Cannot create config files
213 echo "#### Certificate Authorization Artifact"
218 $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} | tee $TMP ; [ ${PIPESTATUS[0]} -eq 0 ] || {
219 echo Cannot read artificate;
224 if [ -n "$(grep 'Namespace:' $TMP)" ]; then
225 echo "#### Place Certificates (by deployer)"
226 $JAVA_AGENT place $APP_FQI $APP_FQDN || {
227 echo Failed to obtain new certificate
232 if [ -z "$(grep cadi_alias ${LOCAL}/$NS.cred.props)" ]; then
233 echo "FAILED to get Certificate, cadi_alias is not defined."
236 echo "Obtained Certificates"
237 echo "#### Validate Configuration and Certificate with live call"
238 $JAVA_AGENT validate cadi_prop_files=${NS}.props || {
239 echo Failed to validate new certificate
244 echo "#### Certificate Authorization Artifact must be valid to continue"
252 echo "Initialization complete"
263 if [ "$1" = "" ]; then
264 echo "usage: cat <file... ONLY files ending in .props>"
266 if [[ $1 == *.props ]]; then
268 echo "## CONTENTS OF $3"
272 echo "### ERROR ####"
273 echo " \"cat\" may only be used with files ending with \".props\""
278 echo "## Read Artifacts"
279 $JAVA_AGENT read $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=INFO || {
280 echo Command faile, cannot read artifacts
285 echo "## Show Passwords"
286 $JAVA_AGENT showpass $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=ERROR || {
287 echo Failure showing password
292 echo "## Check Certificate"
293 echo "$JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props"
294 # inspects and repots on certificate validation and renewal date
295 $JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props || {
296 echo Checking certificate fails.
301 echo "## validate requested"
302 # attempt to send request to aaf; authenticate with this local certificate
303 $JAVA_AGENT validate $APP_FQI $APP_FQDN || {
304 echo Validation fails.
309 echo "## Renew Certificate"
310 $JAVA_AGENT place $APP_FQI $APP_FQDN cadi_prop_files=${SSO} || {
311 echo Placing certificate fails.
316 echo "## Renew Certificate"
317 $JAVA_AGENT place $APP_FQI $APP_FQDN || {
318 echo Failure renewing certificate
329 FILES=$(grep -l "$1" ./*.props)
330 if [ -z "$FILES" ]; then
339 if [ "$ADD" = "Y" ]; then
340 echo "Changing $1 to $F"
343 echo "Changing $1 in $F"
344 sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
352 FILES=$(grep -l "$1" ./*.props)
353 if [ "$FILES" = "" ]; then
354 FILES=$LOCAL/${NS}.cred.props
358 echo "Changing $1 in $F"
359 if [ "$2" = "" ]; then
360 read -r -p "Password (leave blank to cancel): " -s ORIG_PW
362 if [ "$ORIG_PW" = "" ]; then
369 PWD=$($JAVA_CADI digest "$ORIG_PW" $LOCAL/${NS}.keyfile)
370 if [ "$ADD" = "Y" ]; then
371 echo "$1=enc:$PWD" >> $F
373 sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
379 sh ${OSAAF}/logs/taillog
381 testConnectivity|testconnectivity)
382 echo "--- Test Connectivity ---"
383 $JAVA -cp $AGENT_JAR org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/${NS}.props || {
384 echo Failure while testing connectivity
391 echo "--- Agent Container Comands ---"
392 echo " ls - Lists all files in Configuration"
393 echo " cat <file.props>> - Shows the contents (Prop files only)"
394 echo " validate - Runs a test using Configuration"
395 echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)"
396 echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)"
397 echo " bash - run bash in Container"
398 echo " Note: the following aliases are preset"
399 echo " cadi - CADI CmdLine tool"
400 echo " agent - Agent Java tool (see above help)"
402 echo " --help|-? [cadi|agent] - This help, cadi help or agent help"
405 echo "--- cadi Tool Comands ---"
409 echo "--- agent Tool Comands ---"
413 echo "--- aafcli Tool Comands ---"
421 # echo "--- run Sample Servlet App ---"
422 # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $AGENT_JAR:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
425 $JAVA_AGENT "$CMD" "$@"