if(!identity.isPerson()) {
identity = identity.responsibleTo();
}
- for(int i=1;i<nb.escalation();++i) {
- if(identity != null) {
- if(i==1) {
- toList.add(identity.email());
- } else {
- identity=identity.responsibleTo();
- ccList.add(identity.email());
+ if(identity==null) {
+ trans.warn().printf("Responsible Identity %s is invalid for this Organization. Skipping notification.",id);
+ } else {
+ for(int i=1;i<nb.escalation();++i) {
+ if(identity != null) {
+ if(i==1) {
+ toList.add(identity.email());
+ } else {
+ identity=identity.responsibleTo();
+ ccList.add(identity.email());
+ }
}
}
- }
-
- StringBuilder content = new StringBuilder();
- content.append(String.format(header,version,Identity.mixedCase(identity.firstName())));
-
- nb.body(noAvg, content, indent, notify, id);
- content.append(footer);
-
- if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) {
- nb.inc();
- } else {
- trans.error().log("Mailer failed to send Mail");
- }
- if(maxEmails>0 && nb.count()>=maxEmails) {
- break ONE_EMAIL;
+
+ StringBuilder content = new StringBuilder();
+ content.append(String.format(header,version,Identity.mixedCase(identity.firstName())));
+
+ nb.body(noAvg, content, indent, notify, id);
+ content.append(footer);
+
+ if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) {
+ nb.inc();
+ } else {
+ trans.error().log("Mailer failed to send Mail");
+ }
+ if(maxEmails>0 && nb.count()>=maxEmails) {
+ break ONE_EMAIL;
+ }
}
}
} catch (OrganizationException e) {
+++ /dev/null
-aaf|aaf_env|DEV\r
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US\r
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect\r
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token\r
-aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1\r
-aaf|cadi_protocols|TLSv1.1,TLSv1.2\r
-aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1\r
-aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1\r
-aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1\r
# limitations under the License.
# ============LICENSE_END====================================================
#
+# public, multi-platform base image
FROM nexus3.onap.org:10001/cassandra:3.11
+# FROM cassandra:3.11
MAINTAINER AAF Team, AT&T 2018
ENV VERSION=${AAF_VERSION}
# limitations under the License.
# ============LICENSE_END====================================================
#
+# Use Public Image
FROM nexus3.onap.org:10001/openjdk:8-jre-alpine
+#FROM openjdk:8-jre-alpine
MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
function sso {
if [ -n "$2" ]; then
- echo "$1=$2" >> ~/.aaf/sso.props
+ echo "$1=$2" >> $HOME/.aaf/sso.props
fi
}
function reset_sso {
mkdir -p ~/.aaf
- > ~/.aaf/sso.props
+ > $HOME/.aaf/sso.props
sso aaf_locate_url "https://$AAF_FQDN:8095"
sso cadi_latitude "$LATITUDE"
sso cadi_longitude "$LONGITUDE"
shift
reset_sso
if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then
- java -Dcadi_prop_files="~\/.aaf\/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@
+ java -Dcadi_prop_files="$HOME/.aaf/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@
else
- echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)"
+ echo "For local use, you need to have 'aaf-auth-cmd-$VERSION*-full.jar' (or newer)"
fi
;;
local)
sso aaf_id "$DEPLOY_FQI"
sso aaf_password "$DEPLOY_PASSWORD"
if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then
- mkdir -p $APP_FQDN
- java -Dcadi_prop_files="~\/.aaf\/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD
+ java -Dcadi_prop_files="$HOME/.aaf/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD
else
echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)"
fi
-aaf|aaf_auth2_introspect_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.introspect:2.1/introspect
-aaf|aaf_auth2_token_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.token:2.1/token
-aaf|aaf_env|DEV
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
-aaf|aaf_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.service:2.1
-aaf|cadi_protocols|TLSv1.1,TLSv1.2
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-aaf|cm_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.cm:2.1
-aaf|fs_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.fs:2.1
-aaf|gui_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.gui:2.1
+aaf|aaf_env|DEV\r
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect\r
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token\r
+aaf|aaf_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1\r
+aaf|cadi_protocols|TLSv1.1,TLSv1.2\r
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US\r
+aaf|cm_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1\r
+aaf|fs_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1\r
+aaf|gui_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1\r
int eq;
for (String arg : args) {
if ((eq=arg.indexOf('='))>0) {
- String key = arg.substring(0, eq);
- if(Config.CADI_PROP_FILES.equals(key)) {
- nprops.setProperty(key,arg.substring(eq+1));
- }
+ nprops.setProperty(arg.substring(0, eq),arg.substring(eq+1));
}
}
init(nprops);
-
- // Re-overlay Args
- for (String arg : args) {
- if ((eq=arg.indexOf('='))>0) {
- props.setProperty(arg.substring(0, eq),arg.substring(eq+1));
- }
- }
}
protected void init(Properties p) {
level=DEFAULT.maskOf();
props = new Properties();
-
- // Find the "cadi_prop_files"
- // First in VM Args
+ // First, load related System Properties
for (Entry<Object,Object> es : System.getProperties().entrySet()) {
String key = es.getKey().toString();
- if(Config.CADI_PROP_FILES.equals(key)) {
- props.put(key,es.getValue().toString());
- }
+ for (String start : new String[] {"cadi_","aaf_","cm_"}) {
+ if (key.startsWith(start)) {
+ props.put(key, es.getValue());
+ }
+ }
}
-
// Second, overlay or fill in with Passed in Props
if (p!=null) {
props.putAll(p);
// Third, load any Chained Property Files
load(props.getProperty(Config.CADI_PROP_FILES));
- // Fourth, System.getProperties takes precedence over Files
- for (Entry<Object,Object> es : System.getProperties().entrySet()) {
- String key = es.getKey().toString();
- for (String start : new String[] {"HOSTNAME","cadi_","aaf_","cm_"}) {
- if (key.startsWith(start)) {
- props.put(key, es.getValue());
- }
- }
- }
-
String sLevel = props.getProperty(Config.CADI_LOGLEVEL);
if (sLevel!=null) {
level=Level.valueOf(sLevel).maskOf();
specialConversions();
}
-
+
+
private void specialConversions() {
// Critical - if no Security Protocols set, then set it. We'll just get messed up if not
if (props.get(Config.CADI_PROTOCOLS)==null) {
*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.*
---------
-Strategy
---------
+=================
+Optimal Strategy
+=================
ONAP is deployed in Docker Containers or Kubernetes managed Docker Containers. Therefore, this instruction utilizes a Docker Container as a standalone Utility... (This means that this container will stop as soon as it is done with its work... it is not a long running daemon)
This tool creates all the Configurations, including Certificates, onto a declared Volume on the directories starting with "/opt/app/osaaf"
-------------------
+==================
Prerequisites
-------------------
- * Docker
- * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
- | but it DOES have be accessible to the AAF Instance.
- * For ONAP, this means
-
- * Windriver VPN
- * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+==================
+ * Access to a RUNNING AAF System
+
+ * For ONAP TEST, this means
+
+ * Windriver VPN
+ * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+ * For Writing to Volumes for Docker or K8s
+
+ * Docker
+
+ * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
+
+ * but it DOES have be accessible to the AAF Instance.
+
+ * For creating Configurations on Local Disk
+
+ * For Development purposes
+ * For running AAF on Bare Metal (or VM)
+ * A Truststore that includes your CA
+
+ * for ONAP TEST, you can obtain truststoreONAPall.jks from the `AAF FileServer`_.
+
+ * (You can also get the ONAP TEST Root CA there)
+
+ * the latest aaf-auth-cmd-<VERSION>-full.jar from `ONAP Nexus`_.
+ * you can still use the same "agent.sh" script below
+
+.. _AAF FileServer: http://aaf-onap-test.osaaf.org/-
+.. _ONAP Nexus: https://nexus.onap.org/#nexus-search;quick~aaf-auth-cmd
-----------------------
Obtain the Agent Script
Note: curl/wget returns an html, instead of text. This cannot be used!
| You have to mv, and rename it to "agent.sh", but avoids full clone...
--------------------------
+=============
Run Script
--------------------------
-
+=============
+----------------
+For Docker/K8s
+----------------
In your chosen directory ::
$ bash agent.sh
This file is available to reuse for multiple calls. More importantly, you should use it as a template for auto-configuration. (In ONAP, these are HEAT templates and OOM Helm Charts)
----------------------
+--------------------------
+For Local/BareMetal (VM)
+--------------------------
+In your chosen directory ::
+
+ $ bash agent.sh local <instructions>
+
+The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it.
+
+=======================
'aaf.prop' Properties
----------------------
+=======================
+
+These properties will be created when you run "agent.sh". Many of the values will be defaulted, or allow you to change. It will be placed into an "aaf.props" file for you to save, edit or otherwise modify/utilize.
==================== ================= ============
Query Tag Description
DRIVER DRIVER Docker Volume type... See Docker Volume documentation. Default is 'local'
LATITUDE of Node LATITUDE Global latitude coordinate of Node (best guess in Kubernetes)
LONGITUDE of Node LONGITUDE Global longitude coordinate of Node (best guess in Kubernetes)
+HOSTNAME HOSTNAME Defaults to SYSTEM provided "hostname". Use when System doesn't report what is actually needed, such as vanity urls, multi-NIC cards, short names, i.e. htydb77 reported instead of htydb77.some.company.org, etc.
+Docker User DUSER User needed inside the Docker Container. Without, this will be root
+Container NS CONTAINER_NS The Namespace for the container. Provided for Multi-NS support, this would be "onap" for Test OOM, etc.
==================== ================= ============
--------------------------------
+=================================
Typical ONAP Entity Info in AAF
--------------------------------
+=================================
*This is not intended to be a comprehensive list, but a short list of main entities*
============================= =========================== ======================= ==============================================
root@77777:/opt/app/osaaf/local# exit
$ bash agent.sh bash
--------------
+===============
Informational
--------------
+===============
There are two sets of Credentials at play here. The ability to create the Certificate belongs to one of
Code Review / aaf / authz.git / commitdiff