AAF Services non root, all platforms

adjust Agent for JDK 11
Included redoing Config and Agent Init Containers
refit for "hello" (sample)

Issue-ID: AAF-1102
Signed-off-by: Instrumental <jgonap@stl.gathman.org>
Change-Id: Ia957b1ccce34d164580ccb0a6d02d7b800e4887e

diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh
index f605a47..bfd592a 100644 (file)
--- a/auth/auth-cass/cass_init/cmd.sh
+++ b/auth/auth-cass/cass_init/cmd.sh
@@ -24,7 +24,7 @@
 DIR="/opt/app/aaf/status"
 INSTALLED_VERSION=/var/lib/cassandra/AAF_VERSION
 AAF_INIT_DATA=/var/lib/cassandra/AAF_INIT_DATA
-CQLSH=${CQLSH:=/opt/cassandra/bin/cqlsh}
+CQLSH=${CQLSH:=/usr/bin/cqlsh}
 
 if [ ! -e /aaf_cmd ]; then
   ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd
@@ -137,7 +137,7 @@ function install_onap {
       bash prep.sh
       status push data to cassandra
       # bash push.sh
-      echo "YES" | bash restore.sh
+      bash push.sh
       cd -
       echo $(date) > $AAF_INIT_DATA
     fi

diff --git a/auth/auth-cass/cass_init/push.sh b/auth/auth-cass/cass_init/push.sh
index f887f07..a6f8277 100644 (file)
--- a/auth/auth-cass/cass_init/push.sh
+++ b/auth/auth-cass/cass_init/push.sh
@@ -22,6 +22,9 @@
 # These are obtained from "gzipped" files, or pre-placed (i.e. initialization) 
 #   in the "dats" directory
 #
+
+CQLSH="${CQLSH:=/usr/bin/cqlsh} -k authz"
+
 DIR=/opt/app/aaf/cass_init
 cd $DIR
 if [ ! -e dats ]; then
@@ -35,7 +38,7 @@ fi
 cd dats
 for T in $(ls *.dat); do
   if [ -s $T ]; then
-    cqlsh --request-timeout=100 -e "COPY authz.${T/.dat/} FROM '$T' WITH DELIMITER='|';";
+    $CQLSH --request-timeout=100 -e "COPY authz.${T/.dat/} FROM '$T' WITH DELIMITER='|';";
   fi
 done
 cd $DIR

diff --git a/auth/auth-cass/cass_init/restore.sh b/auth/auth-cass/cass_init/restore.sh
index ba2c49e..0bf0ea6 100644 (file)
--- a/auth/auth-cass/cass_init/restore.sh
+++ b/auth/auth-cass/cass_init/restore.sh
@@ -4,7 +4,7 @@
 echo `date`
 ENV=DOCKER
 
-CQLSH="${CQLSH:=/opt/cassandra/bin/cqlsh} -k authz"
+CQLSH="${CQLSH:=/usr/bin/cqlsh} -k authz"
 
 cd dats
 if [ "$*" = "" ]; then

diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass
index 5d9c3db..2d60da2 100644 (file)
--- a/auth/auth-cass/docker/Dockerfile.cass
+++ b/auth/auth-cass/docker/Dockerfile.cass
@@ -34,11 +34,12 @@ COPY sample.identities.dat /opt/app/aaf/cass_init/data/identites.dat
 
 RUN mkdir -p /opt/app/aaf/status &&\
     chmod 777 /opt/app/aaf/status && \
-    addgroup ${DUSER} && adduser --ingroup cassandra --disabled-password --gecos "" --shell /bin/bash ${DUSER} && \
-    chown -R ${DUSER}:cassandra /opt/app/aaf/cass_init &&\
-    chown -R ${DUSER}:cassandra /etc/cassandra &&\
-    mkdir -p /var/lib/cassandra/data && chown -R ${DUSER}:cassandra /var/lib/cassandra &&\
-    chown -R ${DUSER}:cassandra /var/log/cassandra &&\
+    if [ ! -z "${DUSER}" ]; then \
+      addgroup --gid 1000 ${DUSER}; \
+      adduser --ingroup ${DUSER} --disabled-password --gecos "" --shell /bin/bash -u 1000 ${DUSER} ; \
+      mkdir -p /var/lib/cassandra/data /var/log/cassandra ; \
+      chown -R 1000:1000 /opt/app/aaf /etc/cassandra /var/log/cassandra /var/lib/cassandra ; \
+      fi && \
     ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd && chmod a+x /aaf_cmd
 
 USER ${DUSER}

diff --git a/auth/docker/Dockerfile.agent b/auth/docker/Dockerfile.agent
index e974dc4..71f7009 100644 (file)
--- a/auth/docker/Dockerfile.agent
+++ b/auth/docker/Dockerfile.agent
@@ -27,9 +27,14 @@ LABEL version=${AAF_VERSION}
 COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh
 COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh
 COPY bin/aaf-cadi-aaf-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
-COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
+#COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
 COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
-RUN chmod 755 /opt/app/aaf_config/bin/* &&\
-    if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
-USER ${DUSER}
+
 CMD []
+
+RUN mkdir -p /opt/app/osaaf/local && \
+     if [ -n "${DUSER}" ]; then \
+      addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+      chown ${DUSER}:${DUSER} /opt/app/osaaf/local; \
+    fi
+# Note: User added if in d.props

diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index 523d63f..4d305d7 100644 (file)
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -18,19 +18,20 @@
 #  ============LICENSE_END====================================================
 #
 # Use dbuild.sh input parameter to set registry
-#FROM ${REGISTRY}/openjdk:11-jre-slim
 #FROM ${REGISTRY}/openjdk:8-jdk-alpine
 FROM ${REGISTRY}/alpine
-#FROM openjdk:12-jdk-alpine
-#FROM openjdk:13-jdk-alpine
 
 MAINTAINER AAF Team, AT&T 2018
 
 LABEL description="aaf_base"
 ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk
-RUN apk --no-cache add openjdk11 &&\
-    apk add --no-cache bash &&\
+
+RUN apk add --no-cache bash &&\
+    apk --no-cache add openjdk11 &&\
     apk add --no-cache openssl &&\
-    apk add --no-cache curl &&\
-    if [ -n "${DUSER}" ]; then addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; fi
+    apk add --no-cache curl 
+
+#  mkdir -p /opt/app/aaf/status
+#  addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash 
+# Note: User added if in d.props
 

diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config
index b2263ec..3d9aa35 100644 (file)
--- a/auth/docker/Dockerfile.config
+++ b/auth/docker/Dockerfile.config
@@ -36,8 +36,16 @@ COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh
 COPY bin/aaf-auth-cmd-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
 COPY bin/aaf-auth-batch-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
 
-RUN mkdir -p /opt/app/osaaf &&\
-    chmod 755 /opt/app/aaf_config/bin/*.sh &&\
-    if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
-USER ${DUSER}
+RUN mkdir -p /opt/app/aaf /opt/app/osaaf/logs && \
+    if [ -n "${DUSER}" ]; then \
+      addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+      chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/osaaf /opt/app/aaf_config; \
+    fi && \
+    chmod 774 /opt/app/aaf_config/bin/*.sh
+ 
 CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
+# Note: User added if in d.props
+#    if [ -n "${DUSER}" ]; then \
+#      addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+#      chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/aaf_config; \
+#    fi && \

diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core
index 4179c5e..206d1c4 100644 (file)
--- a/auth/docker/Dockerfile.core
+++ b/auth/docker/Dockerfile.core
@@ -30,11 +30,11 @@ COPY lib /opt/app/aaf/lib
 COPY bin /opt/app/aaf/bin
 COPY theme/ /opt/app/aaf/theme/
 
-RUN mkdir -p /opt/app/osaaf &&\
-    mkdir -p /opt/app/aaf/status &&\
-    chmod 755 /opt/app/aaf/bin/* &&\
-    if [ -n "${DUSER}" ]; then  chown ${DUSER}:${DUSER} /opt/app/aaf/status \
-      && chown ${DUSER}:${DUSER} /opt/app/osaaf \
-      && chown -R ${DUSER}:${DUSER} /opt/app/aaf;\
+RUN mkdir -p /opt/app/aaf && \
+    if [ -n "${DUSER}" ]; then \
+      addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash ;\
+      chown -R ${DUSER}:${DUSER} /opt/app/aaf ;\
+      chmod 774 /opt/app/aaf/bin/* ;\
     fi
-USER ${DUSER}
+
+# Note: User added if in d.props

diff --git a/auth/docker/Dockerfile.hello b/auth/docker/Dockerfile.hello
index 82d9a9f..e8a6056 100644 (file)
--- a/auth/docker/Dockerfile.hello
+++ b/auth/docker/Dockerfile.hello
@@ -27,15 +27,16 @@ LABEL version=${AAF_VERSION}
 COPY bin/pod_wait.sh /opt/app/aaf/bin/
 COPY lib /opt/app/aaf/lib
 COPY bin/hello /opt/app/aaf/bin/
-COPY etc /opt/app/aaf/etc
-COPY logs /opt/app/aaf/logs
+COPY etc /opt/app/osaaf/etc
+COPY logs /opt/app/osaaf/logs
 
-RUN mkdir -p /opt/app/osaaf &&\
-    mkdir -p /opt/app/aaf/status &&\
-    chmod 755 /opt/app/aaf/bin/* &&\
-    if [ -n "${DUSER}" ]; then  chown ${DUSER}:${DUSER} /opt/app/aaf/status \
-      && chown ${DUSER}:${DUSER} /opt/app/osaaf \
-      && chown -R ${DUSER}:${DUSER} /opt/app/aaf;\
+RUN mkdir -p /opt/app/aaf /opt/app/osaaf/logs/hello /opt/app/osaaf/local && \
+    if [ -n "${DUSER}" ]; then \
+      addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash ;\
+      chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/osaaf;\
+      chmod 774 /opt/app/aaf/bin/* ;\
     fi
-USER ${DUSER}
+
 CMD []
+
+# Note: User added if in d.props

diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index f59bd22..0abce9c 100644 (file)
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -111,8 +111,9 @@ function run_it() {
   fi
   $DOCKER run  -it  --rm \
     ${USER_LINE} \
-    -v "${VOLUME}:/opt/app/osaaf" \
+    -v "${VOLUME}:/opt/app/osaaf/local" \
     --add-host="$AAF_FQDN:$AAF_FQDN_IP" \
+    $USER_LINE \
     --env AAF_FQDN=${AAF_FQDN} \
     --env DEPLOY_FQI=${DEPLOY_FQI} \
     --env DEPLOY_PASSWORD=${DEPLOY_PASSWORD} \
@@ -138,6 +139,7 @@ function reset_sso {
     mkdir -p ~/.aaf
     > $HOME/.aaf/sso.props
     sso aaf_locate_url "https://$AAF_FQDN:8095"
+    sso aaf_url_cm "https://$AAF_FQDN:8150"
     sso cadi_latitude "$LATITUDE"
     sso cadi_longitude "$LONGITUDE"
     sso cadi_loglevel "DEBUG"

diff --git a/auth/docker/components b/auth/docker/components
index 7f58dc3..bb5f27b 100644 (file)
--- a/auth/docker/components
+++ b/auth/docker/components
@@ -3,5 +3,4 @@ locate
 oauth
 cm
 gui
-hello
 fs

diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index 0a81646..e768904 100644 (file)
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
@@ -31,6 +31,19 @@ fi
 # Remove "SNAPSHOT" from AAF Jars in Containers
 JAR_VERSION=${VERSION/-SNAPSHOT/}
 
+function SCP() {
+  SANS=${1/-SNAPSHOT/}
+  echo $1 = $SANS
+  if [ -e $SANS ]; then
+    cp $SANS $2
+  else 
+ 
+    ln $1 $SANS
+    cp $SANS $2
+    rm $SANS
+  fi
+}
+
 # process input. originally, an optional positional parameter is used to designate a component.
 # A flagged parameter has been added to optionally indicate docker pull registry. Ideally, options
 # would be flagged but we're avoiding ripple effect of changing original usage
@@ -46,6 +59,7 @@ if [ $# -gt 0 ]; then
             else
                 DOCKER_PULL_REGISTRY=$3
             fi
+          shift
         fi
     fi
 fi
@@ -54,81 +68,82 @@ grep -v '#' d.props | grep '=' | grep -v -e "=$"
 
 DOCKER=${DOCKER:=docker}
 
-echo "Building Containers for aaf components, version $VERSION"
-# AAF_cass now needs a version...
-echo "### Build Cass"
-cd ../auth-cass/docker
-pwd
-bash ./dbuild.sh $DOCKER_PULL_REGISTRY
-cd -
-
 ########
-# First, build a AAF Base version - set the core image, etc
-echo "### Build Base"
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
-    -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
-    -e 's/${DUSER}/'${DUSER}'/g' \
-    -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \
-    Dockerfile.base > Dockerfile
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} .
-$DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:latest
-rm Dockerfile
-
-function SCP() {
-  SANS=${1/-SNAPSHOT/}
-  echo $1 = $SANS
-  if [ -e $SANS ]; then
-    cp $SANS $2
-  else 
-
-    ln $1 $SANS
-    cp $SANS $2
-    rm $SANS
-  fi
-}
+# Preliminary: if Cass exists, build that first
+if [[ -z "$1" || "$1" = "cass" ]]; then
+  echo "#### Delegate to Cassandra build"
+  echo "Building Containers for aaf components, version $VERSION"
+  # AAF_cass now needs a version...
+  echo "### Build Cass"
+  cd ../auth-cass/docker
+  bash ./dbuild.sh $DOCKER_PULL_REGISTRY
+  cd -
+fi
 
-########
-# Second, Create the AAF Config (Security) Images
+if [[ -z "$1" || "$1" = "base" ]]; then
+  ########
+  # First, build a AAF Base version - set the core image, etc
+  echo "### Build Base"
+  sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+      -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+      -e 's/${DUSER}/'${DUSER}'/g' \
+      -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \
+      Dockerfile.base > Dockerfile
+  $DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} .
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION}
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:latest
+  rm Dockerfile
+fi  
+  
+# Common copies
 cd ..
-# Note: only 2 jars each in Agent/Config
-SCP auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
-SCP auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
 SCP ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin
-SCP ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar sample/bin
-cp -Rf ../conf/CA sample
-
-# AAF Config image (for AAF itself)
-echo "### Build Config"
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
-    -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
-    -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
-    -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
-    -e 's/${DUSER}/'${DUSER}'/g' \
-    docker/Dockerfile.config > sample/Dockerfile
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample
-$DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:latest
-
-
-# AAF Agent Image (for Clients)
-echo "### Build Agent"
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
-    -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
-    -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
-    -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
-    -e 's/${DUSER}/'${DUSER}'/g' \
-    docker/Dockerfile.agent > sample/Dockerfile
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample
-$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
+
+if [[ -z "$1" || "$1" = "config" ]]; then
+  ########
+  # Second, Create the AAF Config (Security) Images
+  # Note: only 2 jars each in Agent/Config
+  SCP auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
+  SCP auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
+  SCP ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar sample/bin
+  cp -Rf ../conf/CA sample
+  
+  # AAF Config image (for AAF itself)
+  echo "### Build Config"
+  sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+      -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+      -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
+      -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+      -e 's/${DUSER}/'${DUSER}'/g' \
+      docker/Dockerfile.config > sample/Dockerfile
+  # Note: do Config as Root, to get directories correct
+  $DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION}
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:latest
+fi  
+
+if [[ -z "$1" || "$1" = "agent" ]]; then
+  # AAF Agent Image (for Clients)
+  echo "### Build Agent"
+  sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+      -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+      -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
+      -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+      -e 's/${DUSER}/'${DUSER}'/g' \
+      docker/Dockerfile.agent > sample/Dockerfile
+  #if [ -n "$DUSER" ]; then
+  # echo "USER $DUSER" >> sample/Dockerfile
+  #fi
+  $DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION}
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
+
+fi
 
 # Clean up 
-rm sample/Dockerfile sample/bin/aaf-*-*.jar 
-rm -Rf sample/CA
+rm -Rf sample/Dockerfile sample/bin/aaf-*-*.jar sample/CA
 cd -
 
-
 ########
 # Third Copy AAF Executables to a BUILD Directory, for easy Cleanup
 echo "### Copy to aaf_DBUILD"
@@ -155,53 +170,65 @@ if [ ! "$VERSION" = "$JAR_VERSION" ]; then
   done
   cd ${START_DIR}
 fi
-
-########
-# Third, build a core Docker Image to be used for all AAF Components
 cp ../sample/bin/pod_wait.sh  ../aaf_DBUILD/bin
-# Apply currrent Properties to Docker file, and put in place.
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
-    -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
-    -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
-    -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
-    -e 's/${DUSER}/'${DUSER}'/g' \
-    Dockerfile.core >../aaf_DBUILD/Dockerfile
-cd ..
-
-echo "### Building Core"
-# Don't need "Hello" App in core
-mv aaf_DBUILD/lib/aaf-auth-hello-${JAR_VERSION}* /tmp
 
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_DBUILD
-$DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:latest
-rm aaf_DBUILD/Dockerfile
-mv /tmp/aaf-auth-hello-${JAR_VERSION}* aaf_DBUILD/lib
-
-########
-# Fourth, do Hello
-# Apply currrent Properties to Docker file, and put in place.
-echo "### Building Hello"
-cd -
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
-    -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
-    -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
-    -e 's/${DUSER}/'${DUSER}'/g' \
-    Dockerfile.hello >../aaf_DBUILD/Dockerfile
-cd ..
-
-cp -Rf sample/etc aaf_DBUILD
-cp -Rf sample/logs aaf_DBUILD
-
-for C in cass certman cmd deforg fs gui locate oauth service; do
-   rm aaf_DBUILD/lib/aaf-auth-$C-*
-done
+if [[ -z "$1" || "$1" = "core" ]]; then
+  ########
+  # Fourth, build a core Docker Image to be used for all AAF Components
+  # Apply currrent Properties to Docker file, and put in place.
+  sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+      -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+      -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
+      -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+      -e 's/${DUSER}/'${DUSER}'/g' \
+      Dockerfile.core >../aaf_DBUILD/Dockerfile
+  if [ -n "$DUSER" ]; then
+    echo "USER $DUSER" >> ../aaf_DBUILD/Dockerfile
+  fi
+  cd ..
+
+  $DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_DBUILD
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION}
+  $DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:latest
+  rm aaf_DBUILD/Dockerfile
+ 
+  cd -
+fi
 
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_hello:${VERSION} aaf_DBUILD
-$DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:latest
+if [[ -z "$1" || "$1" = "hello" ]]; then
+  ########
+  # Fifth, do Hello
+  # Apply currrent Properties to Docker file, and put in place.
+  echo "### Building Hello"
+  cp ../sample/bin/client.sh  ../aaf_DBUILD/bin
+  cp ../sample/hello/init.sh  ../aaf_DBUILD/bin/hello_init.sh
+  SCP ../../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar ../aaf_DBUILD/bin
+
+  sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+      -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+      -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+      -e 's/${DUSER}/'${DUSER}'/g' \
+      Dockerfile.hello >../aaf_DBUILD/Dockerfile
+  #if [ -n "$DUSER" ]; then
+  #  echo "USER $DUSER" >> ../aaf_DBUILD/Dockerfile
+  #fi
+
+  cd ..
+  cp -Rf sample/etc aaf_DBUILD
+  cp -Rf sample/logs aaf_DBUILD
+  cp -Rf sample/cert aaf_DBUILD
+  
+  for C in cass certman cmd deforg fs gui locate oauth service; do
+     rm aaf_DBUILD/lib/aaf-auth-$C-*
+  done
 
+  $DOCKER build -t ${ORG}/${PROJECT}/aaf_hello:${VERSION} aaf_DBUILD
+  if [ -n ${DOCKER_REPOSITORY} ]; then
+    $DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:${VERSION}
+    $DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:latest
+  fi
+  cd -
+fi
 # Final cleanup
-rm -Rf aaf_DBUILD
+rm -Rf ../aaf_DBUILD
 
-cd -

diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh
index f27cc4e..867f4c6 100644 (file)
--- a/auth/docker/dclean.sh
+++ b/auth/docker/dclean.sh
@@ -22,6 +22,10 @@
 . ./d.props
 DOCKER=${DOCKER:=docker}
 
+if [ "$1" == "all" ]; then
+  AAF_COMPONENTS=cass
+  shift
+fi
 if [ "$1" == "" ]; then
     AAF_COMPONENTS="$(cat components) config core agent base "
 else

diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 57a6167..86fe598 100644 (file)
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -34,6 +34,14 @@ else
     AAF_COMPONENTS="$@"
 fi
 
+# All the NORMAL services use common directory
+#  remove this for Hello, which we want non shared
+CONFIG="-v aaf_config:$CONF_ROOT_DIR"
+if [ -n "${DUSER}" ]; then
+  THE_USER="--user $DUSER"
+fi
+IMAGE="${PREFIX}${ORG}/${PROJECT}/aaf_core:${VERSION}"
+
 for AAF_COMPONENT in ${AAF_COMPONENTS}; do
     LINKS=""
     CMD_LINE=""
@@ -75,17 +83,40 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
        CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"
         ;;
     "hello")
-        PUBLISH="--publish 8130:8130"
         LINKS="--link aaf-service --link aaf-locate --link aaf-oauth --link aaf-cm"
-       CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate && exec bin/hello"
+       CONFIG="-v aaf_hello_config:/opt/app/osaaf/local"
+
+       # Since Helm based element have init-containers, take the same approach here.
+        if [ -z "$(docker volume ls | grep aaf_hello_config)" ]; then
+            echo Init Hello Config Container
+
+           echo -n "Creating Volume: "
+            $DOCKER volume create -d local aaf_hello_config
+
+           $DOCKER run --rm --name aaf_hello_config ${LINKS} \
+               $CONFIG \
+               --env AAF_FQDN=$HOSTNAME \
+               --env DEPLOY_FQI=deployer@people.osaaf.org \
+               --env DEPLOY_PASSWORD=demo123456! \
+               --env APP_FQI=aaf@aaf.osaaf.org \
+               --env APP_FQDN=aaf-hello \
+               --env LATITUDE=$LATITUDE \
+               --env LONGITUDE=$LONGITUDE \
+               --env aaf_locator_container_ns=onap \
+               --env aaf_locator_container=docker \
+               $LINKS \
+               "${PREFIX}${ORG}/${PROJECT}/aaf_agent:${VERSION}" \
+               bash -c "bash /opt/app/aaf_config/bin/agent.sh && chown -R ${DUSER}:${DUSER} /opt/app/osaaf/local"
+       fi
+
+        PUBLISH="--publish 8130:8130"
+       #CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate aaf-cm && sleep 240"
+       CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate aaf-cm && exec bin/hello"
+       IMAGE="${PREFIX}${ORG}/${PROJECT}/aaf_hello:${VERSION}"
         ;;
     esac
 
     echo Starting aaf-$AAF_COMPONENT...
-    if [ -n "${DUSER}" ]; then
-       THE_USER="--user $DUSER"
-    fi
-
 
     $DOCKER run  \
         -d \
@@ -104,9 +135,10 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
         --env CASSANDRA_USER=${CASSANDRA_USER} \
         --env CASSANDRA_PASSWORD=${CASSANDRA_PASSWORD} \
         --env CASSANDRA_PORT=${CASSANDRA_PORT} \
-        $PUBLISH \
-        -v "aaf_config:$CONF_ROOT_DIR" \
         -v "aaf_status:/opt/app/aaf/status" \
-        ${PREFIX}${ORG}/${PROJECT}/aaf_core:${VERSION} \
+        $PUBLISH \
+       $CONFIG \
+       $IMAGE \
        /bin/bash -c "$CMD_LINE"
+
 done

diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh
index fce7922..6549f3c 100644 (file)
--- a/auth/docker/dstop.sh
+++ b/auth/docker/dstop.sh
@@ -22,7 +22,11 @@
 . ./d.props
 
 DOCKER=${DOCKER:=docker}
-if [ "$1" == "" ]; then
+if [ "$1" = "all" ]; then
+  AAF_COMPONENTS="cass"
+  shift
+fi
+if [ -z "$1" ]; then
     for C in $(cat components); do 
       AAF_COMPONENTS="$C $AAF_COMPONENTS"
    done
@@ -33,3 +37,4 @@ fi
 for AAF_COMPONENT in ${AAF_COMPONENTS}; do
     $DOCKER stop aaf-$AAF_COMPONENT 
 done
+

diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml
index a79f39e..37127c7 100644 (file)
--- a/auth/helm/aaf-hello/templates/aaf-hello.yaml
+++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml
@@ -56,23 +56,11 @@ spec:
           persistentVolumeClaim:
             claimName: aaf-hello-pvc
       initContainers:
-        - command:
-            - /bin/sh
-            - -c
-            - |
-              chmod -R 775 /opt/app/osaaf
-              chown -R 1000:1000 /opt/app/osaaf
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          name: init-sysctl
-          volumeMounts:
-            - mountPath: /opt/app/osaaf
-              name: aaf-hello-vol
         - name: aaf-hello-config
           image: "{{ .Values.image.repository }}{{ .Values.service.agentImage }}"
           imagePullPolicy: IfNotPresent
           volumeMounts:
-            - mountPath: "/opt/app/osaaf"
+            - mountPath: "/opt/app/osaaf/local"
               name: aaf-hello-vol
           command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
           env:
@@ -106,7 +94,7 @@ spec:
         imagePullPolicy: IfNotPresent
         command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
         volumeMounts:
-        -  mountPath: "/opt/app/osaaf"
+        -  mountPath: "/opt/app/osaaf/local"
            name: aaf-hello-vol
         ports:
         -  name: aaf-hello

diff --git a/auth/helm/aaf/aaf.sh b/auth/helm/aaf/aaf.sh
index 2b94c2f..51a81da 100644 (file)
--- a/auth/helm/aaf/aaf.sh
+++ b/auth/helm/aaf/aaf.sh
@@ -1,5 +1,5 @@
-. ../../docker/aaf.props
-IMAGE=onap/aaf/aaf_config:$VERSION
+. ../../docker/d.props
+IMAGE=$DOCKER_REPOSITORY/onap/aaf/aaf_config:$VERSION
 
 kubectl -n onap run -it --rm aaf-config-$USER --image=$IMAGE --overrides='
 {

diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml
index f4772d6..da1134a 100644 (file)
--- a/auth/helm/aaf/templates/aaf-service.yaml
+++ b/auth/helm/aaf/templates/aaf-service.yaml
@@ -77,7 +77,7 @@ spec:
         - name: aaf-config-container
           image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
           imagePullPolicy: IfNotPresent
-          command: ["bash","/opt/app/aaf_config/bin/agent.sh"]
+          command: ["bash","-c","/opt/app/aaf_config/bin/agent.sh"]
           volumeMounts:
             - mountPath: "/opt/app/osaaf"
               name: aaf-config-vol

diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
index 4132e6c..97a1262 100755 (executable)
--- a/auth/sample/bin/client.sh
+++ b/auth/sample/bin/client.sh
@@ -55,12 +55,13 @@ function sso_encrypt() {
    $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile
 }
 
-# Setup Bash, first time only
-if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then
-  echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" >>$HOME/.bashrc
+# Setup Bash, first time only, Agent only
+if [ -n "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then
+  echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" > $HOME/.bashrc
   chmod a+x $CONFIG_BIN/agent.sh
   . $HOME/.bashrc
 fi
+
 if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then
     mkdir -p $DOT_AAF
     base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
@@ -133,13 +134,22 @@ if [ "${VERSION}" != "$(cat ${LOCAL}/VERSION 2> /dev/null)" ]; then
   echo "Clean up directory ${LOCAL}"
   rm -Rf ${LOCAL}/*
 fi
+
+# update client info
 echo "${VERSION}" > $LOCAL/VERSION
+cp $AGENT_JAR $LOCAL
+echo "#!/bin/bash" > $LOCAL/agent
+     echo 'java -jar aaf-cadi-aaf-*-full.jar $*' >> $LOCAL/agent
+echo "#!/bin/bash" > $LOCAL/cadi
+     echo 'java -jar aaf-cadi-aaf-*-full.jar cadi $*' >> $LOCAL/cadi
+chmod 755 $LOCAL/agent $LOCAL/cadi
 
 echo "Namespace is ${NS}"
 # Only initialize once, automatically...
-if [ ! -e $LOCAL/${NS}.props ]; then
+if [ -n $LOCAL/${NS}.props ]; then
     echo "#### Create Configuration files "
-    $JAVA_AGENT config $APP_FQI $APP_FQDN 
+    > $LOCAL/$NS
+    $JAVA_AGENT config $APP_FQI $APP_FQDN --nopasswd
     cat $LOCAL/$NS.props
 
     echo
@@ -153,7 +163,7 @@ if [ ! -e $LOCAL/${NS}.props ]; then
         $JAVA_AGENT place $APP_FQI $APP_FQDN
     
         if [ -z "$(grep cadi_alias $NS.cred.props)" ]; then
-           echo "FAILED to get Certificate"
+         echo "FAILED to get Certificate"
           INITIALIZED="false"
         else 
           echo "Obtained Certificates"
@@ -284,7 +294,7 @@ else
        ;;
     testConnectivity|testconnectivity)
         echo "--- Test Connectivity ---"
-        $JAVA -cp $CONFIG_BIN/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/org.osaaf.aaf.props 
+        $JAVA -cp $AGENT_JAR org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/org.osaaf.aaf.props 
        ;;
     --help | -?)
         case "$1" in
@@ -320,7 +330,7 @@ else
     ### Possible Dublin
     # sample)
     #    echo "--- run Sample Servlet App ---"
-    #    $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG_BIN/aaf-auth-cmd-*-full.jar:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
+    #    $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $AGENT_JAR:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
     #    ;;
     *)
         $JAVA_AGENT "$CMD" "$@"

diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index 10a3e15..2fd49ca 100644 (file)
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -193,6 +193,10 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then
     fi
     echo "Created AAF Initial Configurations"
     INITIALIZED="true"
+    if [ -n ${DUSER} ]; then
+      mkdir -p /opt/app/osaaf/logs
+      chown -R 1000:1000 /opt/app/aaf /opt/app/osaaf
+    fi
 fi
 
 

diff --git a/cadi/aaf/src/assemble/cadi-aaf.xml b/cadi/aaf/src/assemble/cadi-aaf.xml
index 63741ff..64bc8ee 100644 (file)
--- a/cadi/aaf/src/assemble/cadi-aaf.xml
+++ b/cadi/aaf/src/assemble/cadi-aaf.xml
@@ -12,16 +12,6 @@
     <dependencySet>
       <unpack>true</unpack>
       <scope>compile</scope>
-      <includes>
-       <include>org.onap.aaf.authz:aaf-auth-client</include>
-       <include>org.onap.aaf.authz:aaf-cadi-aaf</include>
-       <include>org.onap.aaf.authz:aaf-cadi-core</include>
-       <include>org.onap.aaf.authz:aaf-cadi-client</include>
-       <include>org.onap.aaf.authz:aaf-misc-env</include>
-       <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
-       <include>javax.xml.bind:jaxb-api</include>
-       <include>org.glassfish.jaxb:jaxb-runtime</include>
-      </includes>
     </dependencySet>
 
   </dependencySets>

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index f6808a9..db606a5 100644 (file)
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -190,11 +190,16 @@ public class Agent {
                 }
 
                 if(access==null) {
+                       boolean createOutsideForLoop = false;
                     for(Entry<Object, Object> es : System.getProperties().entrySet()) {
                         if(Config.CADI_PROP_FILES.equals(es.getKey())) {
-                            access = new PropAccess();
+                            createOutsideForLoop = true;
+                            break;
                         }
                     }
+                    if(createOutsideForLoop) {
+                       access = new PropAccess();
+                    }
                 }
 
                 // When using Config file, check if Cred Exists, and if not, work with Deployer.
@@ -762,7 +767,12 @@ public class Agent {
             machine = fqdns[1];
         } else {
             key = machine;
-            fqdns = machines(cmds);
+            if(cmds.size()>0) {
+               fqdns = machines(cmds);
+            } else {
+               // make sure machine is also in SANS
+               fqdns = new String[] {machine};
+            }
         }
 
         TimeTaken tt = transitiveInfo.start("Place Artifact", Env.REMOTE);