. ./aaf.props
# Need AAF_FQDN's IP, because not might not be available in mini-container
-if [ "$AAF_AAF_FQDN_IP" = "" ]; then
- AAF_AAF_FQDN_IP=$(host $AAF_FQDN | grep "has address" | tail -1 | cut -f 4 -d ' ')
- if [ "$AAF_AAF_FQDN_IP" = "" ]; then
- read -p "IP of $AAF_FQDN: " AAF_AAF_FQDN_IP
- echo "AAF_AAF_FQDN_IP=$AAF_AAF_FQDN_IP" >> ./aaf.props
+if [ "$AAF_FQDN_IP" = "" ]; then
+ AAF_FQDN_IP=$(host $AAF_FQDN | grep "has address" | tail -1 | cut -f 4 -d ' ')
+ if [ "$AAF_FQDN_IP" = "" ]; then
+ read -p "IP of $AAF_FQDN: " AAF_FQDN_IP
+ echo "AAF_FQDN_IP=$AAF_FQDN_IP" >> ./aaf.props
fi
fi
-it \
--rm \
--mount 'type=volume,src='${VOLUME}',dst=/opt/app/osaaf,volume-driver='${DRIVER} \
- --add-host="$AAF_FQDN:$AAF_AAF_FQDN_IP" \
+ --add-host="$AAF_FQDN:$AAF_FQDN_IP" \
--env AAF_FQDN=${AAF_FQDN} \
--env DEPLOY_FQI=${DEPLOY_FQI} \
--env DEPLOY_PASSWORD=${DEPLOY_PASSWORD} \
| but it DOES have be accessible to the AAF Instance.
* For ONAP, this means
- * Windriver VPN
- * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+ * Windriver VPN
+ * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
-----------------------
Obtain the Agent Script
$ bash agent.sh
-The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it
+The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it.
+This file is available to reuse for multiple calls. More importantly, you should use it as a template for auto-configuration. (In ONAP, these are HEAT templates and OOM Helm Charts)
---------------- ---------------
-Tag Value
---------------- ---------------
-CADI Version Defaults to CADI version of this
-AAF's FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
-Deployer's FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
-App's Root FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
-App's FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
-App's Volume Volume to put the data, see above. ex: clamp_aaf
-DRIVER Docker Volume type... See Docker Volume documentation
-LATITUDE Global latitude coordinate of Node (best guess for Kubernetes)
-LONGITUDE Global longitude coordinate of Node (best guess for Kubernetes)
---------------- ---------------
+---------------------
+'aaf.prop' Properties
+---------------------
+=================== =============== ============
+Query Tag Description
+=================== =============== ============
+CADI Version VERSION Defaults to CADI version of this
+AAF's FQDN AAF_FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
+Deployer's FQI DEPLOY_FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
+App's Root FQDN APP_FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
+App's FQI APP_FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
+App's Volume VOLUME Volume to put the data, see above. ex: clamp_aaf
+DRIVER DRIVER Docker Volume type... See Docker Volume documentation
+LATITUDE of Node LATITUDE Global latitude coordinate of Node (best guess in Kubernetes)
+LONGITUDE of Node LONGITUDE Global longitude coordinate of Node (best guess in Kubernetes)
+=================== =============== ============
+
+---------------------
+Dynamic Properties
+---------------------
+
+These Properties do not automatically save in 'aaf.props', because...
+
+ | Passwords should not be stored clear text, with the possible exception of constant Environment Recreation, where it is impractical.
+ | The IP of the AAF's FQDN is looked up, if possible. It can be set, however, when lookup isn't available.
+
+=================== =============== ============
+Query Tag Description
+=================== =============== ============
+Deployer's Password DEPLOY_PASSWORD Password for the Deployer. Avoids storing, except where impossible otherwise.
+IP of <AAF_FQDN> AAF_FQDN_IP IP for Name of AAF FQDN, if not available by normal lookup means
+=================== =============== ============
+
+-----------------------
+ONAP Entity Info in AAF
+-----------------------
+
+============================= =========================== =======================
+ONAP Namespaces APP FQI APP FQDN
+============================= =========================== =======================
+org.onap.aaf-sms aaf-sms@aaf-sms.onap.org aaf-sms
+org.onap.aai aai@aai.onap.org aai
+org.onap.appc appc@appc.onap.org appc
+org.onap.clamp clamp@clamp.onap.org clamp
+org.onap.dcae dcae@dcae.onap.org dcae
+org.onap.dmaap-bc dmaap-bc@dmaap-bc.onap.org dmaap-bc
+org.onap.dmaap-mr dmaap-mr@dmaap-mr.onap.org dmaap-mr
+org.onap.oof oof@oof.onap.org oof
+org.onap.sdnc sdnc@sdnc.onap.org sdnc
+============================= =========================== =======================
+
+*Note: FQDNs are set in AAF's Credential Artifact data, accessible in "Cred Details" from Namespace Page*
+
+If something goes wrong, and Certificate is not created, you can adjust the data, remove the data from the Container's /opt/app/osaaf/local dir, and it will generate again. ::
+
+ root@77777:/opt/app/osaaf/local# rm *
+ root@77777:/opt/app/osaaf/local# exit
+ $ bash agent.sh bash
+
+-------------
+Informational
+-------------
+
+There are two sets of Credentials at play here. The ability to create the Certificate belongs to one of
+
+ * The person responsible for the ID in the Organization
+ * A delegated deployer
+
+It is expected in large organizations that Individual Employees are given the responsibility of an ID for an APP they are responsible for.
+
+ In ONAP test, to simplify create/tear-down environment...
+ | The **Owner** is always "mmanager@people.osaaf.org".
+ | The **Sponsor** is always "aaf_admin@people.osaaf.org".
+
+In a large org, there are probably many Operations teams to support many different apps.
+
+ In ONAP test,
+ The **Deployer** is always set to "deploy@people.osaaf.org" for all Apps.
Code Review / aaf / authz.git / commitdiff