Bootstrap initial CA

author Instrumental <jonathan.gathman@att.com>

Mon, 20 Aug 2018 19:31:35 +0000 (14:31 -0500)

committer Instrumental <jonathan.gathman@att.com>

Mon, 20 Aug 2018 19:31:42 +0000 (14:31 -0500)
author Instrumental <jonathan.gathman@att.com>
Mon, 20 Aug 2018 19:31:35 +0000 (14:31 -0500)
committer Instrumental <jonathan.gathman@att.com>
Mon, 20 Aug 2018 19:31:42 +0000 (14:31 -0500)
diff --git a/auth/auth-cass/docker/.gitignore b/auth/auth-cass/docker/.gitignore

new file mode 100644 (file)

index 0000000..10d00b5
--- /dev/null
+++ b/auth/auth-cass/docker/.gitignore
@@ -0,0 +1 @@
+*.gz
diff --git a/auth/auth-cass/docker/backup.sh b/auth/auth-cass/docker/backup.sh

new file mode 100644 (file)

index 0000000..31a1214
--- /dev/null
+++ b/auth/auth-cass/docker/backup.sh
@@ -0,0 +1,11 @@
+
+DIR=$(date +%Y%m%d)
+echo $DIR
+mkdir -p $DIR
+docker container cp cbackup.sh aaf_cass:/opt/app/cass_backup
+docker container exec -it aaf_cass bash -e '/opt/app/cass_backup/cbackup.sh'
+docker container cp aaf_cass:/opt/app/cass_backup/ $DIR/
+mv $DIR/cass_backup/*.dat $DIR
+tar -cvzf $DIR.gz $DIR
+rm -Rf $DIR
+
diff --git a/auth/auth-cass/docker/backup/backup.sh b/auth/auth-cass/docker/backup/backup.sh

deleted file mode 100644 (file)

index 1359d3d..0000000
--- a/auth/auth-cass/docker/backup/backup.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-# BEGIN Store prev
-BD=/opt/app/osaaf/backup
-if [ -e "$BD/6day" ]; then
-   rm -Rf $BD/6day
-fi
-
-PREV=$BD/6day
-for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do
-   if [ -e "$D" ]; then
-      mv "$D" "$PREV"
-   fi
-   PREV="$D"
-done
-
-if [ -e "$BD/today" ]; then
-    if [ -e "$BD/backup.log" ]; then
-       mv $BD/backup.log $BD/today
-    fi
-    gzip $BD/today/*
-    mv $BD/today $BD/yesterday
-fi
-
-mkdir $BD/today
-
-# END Store prev
-date
-docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup"
-docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh
-# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh"
-docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh
-docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today
-date
diff --git a/auth/auth-cass/docker/backup/cbackup.sh b/auth/auth-cass/docker/cbackup.sh

similarity index 100%

rename from auth/auth-cass/docker/backup/cbackup.sh

rename to auth/auth-cass/docker/cbackup.sh
diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh

index a54c54a..efd4fe3 100644 (file)
--- a/auth/docker/aaf.sh
+++ b/auth/docker/aaf.sh
@@ -1,9 +1,8 @@
  #!/bin/bash
  . ./d.props
  
-docker run \
-    -it \
-    --rm \
+function run_it() {
+  docker run $@ \
      --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \
      --add-host="$HOSTNAME:$HOST_IP" \
      --add-host="aaf.osaaf.org:$HOST_IP" \
@@ -13,4 +12,45 @@ docker run \
      --env LONGITUDE=${LONGITUDE} \
      --name aaf_config_$USER \
      $PREFIX${ORG}/${PROJECT}/aaf_config:${VERSION} \
-    /bin/bash "$@"
+    /bin/bash $PARAMS
+}
+
+function encrypt_it() {
+  docker exec -t aaf_config_$USER /bin/bash /opt/app/aaf_config/bin/agent.sh NOOP encrypt "$1" "$2"
+}
+
+P12_LOAD="no"
+
+for PROP in AAF_INITIAL_X509_P12 AAF_INITIAL_X509_PASSWORD AAF_SIGNER_P12 AAF_SIGNER_PASSWORD; do
+    if [ "${!PROP}" != "" ]; then
+         P12_LOAD='yes'
+         break;
+    fi 
+done
+
+# First Time Run does a bit more setup
+if [ "$(docker volume ls | grep aaf_config)" = "" ] && [ ${P12_LOAD} = "yes" ]; then
+  echo "Initializing first aaf_config"
+  if [ "$(docker container ls | grep aaf_config_$USER)" = "" ]; then
+       PARAMS="bash"
+       run_it -t -d 
+  else 
+       echo "aaf_config_$USER is already running"
+  fi   
+  docker container cp ${AAF_INITIAL_X509_P12} aaf_config_$USER:/opt/app/osaaf/local/org.osaaf.aaf.p12
+  docker container cp ${AAF_SIGNER_P12} aaf_config_$USER:/opt/app/osaaf/local/org.osaaf.aaf.signer.p12
+
+  encrypt_it cadi_keystore_password "${AAF_INITIAL_X509_PASSWORD}"
+  encrypt_it cm_ca.local "${AAF_SIGNER_PASSWORD}"
+
+  echo -n "Stopping "
+  docker container stop aaf_config_$USER 
+  echo -n "Removing "
+  docker container rm aaf_config_$USER
+fi
+
+PARAMS="$@"
+if [ "$PARAMS" != "" ]; then
+  run_it -it --rm 
+fi
+
diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init

index 1394c76..782f0c3 100644 (file)
--- a/auth/docker/d.props.init
+++ b/auth/docker/d.props.init
@@ -16,3 +16,11 @@ AAF_ENV=DEV
  AAF_REGISTER_AS=$HOSTNAME
  LATITUDE=
  LONGITUDE=
+#
+# Initial AAF Certificate (not Generated)
+AAF_INITIAL_X509_P12=
+AAF_INITIAL_X509_PASSWORD=
+
+# CA info (leave blank unless functioning as CA)
+AAF_SIGNER_P12=
+AAF_SIGNER_PASSWORD=
diff --git a/auth/docker/dpush.sh b/auth/docker/dpush.sh

index f6ea970..d7ba9fb 100644 (file)
--- a/auth/docker/dpush.sh
+++ b/auth/docker/dpush.sh
@@ -4,12 +4,7 @@
  # Pull in Variables from d.props
  . ./d.props
  
-f [ "$1" == "" ]; then
-    AAF_COMPONENTS=$(cat components)
-else
-    AAF_COMPONENTS="$@"
-fi
-
+AAF_COMPONENTS=$(cat components)
  
  for AAF_COMPONENT in ${AAF_COMPONENTS}; do
          # docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION}
diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props

index f8c4f88..71ba73a 100644 (file)
--- a/auth/sample/local/aaf.props
+++ b/auth/sample/local/aaf.props
@@ -15,7 +15,7 @@ cadi_alias=aaf@aaf.osaaf.org
  cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
  cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks
  cadi_truststore_password=changeit
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
  
  # Other
  aaf_data_dir=/opt/app/osaaf/data
diff --git a/auth/sample/local/org.osaaf.aaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props

index 5c692f4..98e16ce 100644 (file)
--- a/auth/sample/local/org.osaaf.aaf.cm.ca.props
+++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props
@@ -4,7 +4,7 @@
  ##
  
  #Certman
-cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.signer.p12;aaf_intermediate_7;enc:
+cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.signer.p12;aaf_intermediate_9;enc:
  cm_ca.local.idDomains=org.osaaf
  cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US
  cm_ca.local.perm_type=org.osaaf.aaf.ca
author	Instrumental <jonathan.gathman@att.com>
	Mon, 20 Aug 2018 19:31:35 +0000 (14:31 -0500)
committer	Instrumental <jonathan.gathman@att.com>
	Mon, 20 Aug 2018 19:31:42 +0000 (14:31 -0500)
auth/auth-cass/docker/.gitignore	[new file with mode: 0644]	patch \| blob
auth/auth-cass/docker/backup.sh	[new file with mode: 0644]	patch \| blob
auth/auth-cass/docker/backup/backup.sh	[deleted file]	patch \| blob \| history
auth/auth-cass/docker/cbackup.sh	[moved from auth/auth-cass/docker/backup/cbackup.sh with 100% similarity]	patch \| blob \| history
auth/docker/aaf.sh		patch \| blob \| history
auth/docker/d.props.init		patch \| blob \| history
auth/docker/dpush.sh		patch \| blob \| history
auth/sample/local/aaf.props		patch \| blob \| history
auth/sample/local/org.osaaf.aaf.cm.ca.props		patch \| blob \| history