String realm = env.getProperty(Config.AAF_DEFAULT_REALM,"people.osaaf.org");
defaultOrg = cnst.newInstance(env,realm);
} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) {
- env.warn().log("Not Organization Moduled linked in",e);
+ env.warn().log("Default Organization Module not linked in",e);
}
}
if (defaultOrg == null) {
LABEL version=${AAF_VERSION}
COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh
+COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh
COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
COPY logs /opt/app/aaf_config/logs
COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
-
-RUN if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
+RUN chmod 755 /opt/app/aaf_config/bin/* &&\
+ if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
CMD []
MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
-RUN apk add --no-cache bash
-RUN apk add --no-cache openssl
-RUN apk add --no-cache curl
-RUN if [ -n "${DUSER}" ]; then addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; fi
+RUN apk add --no-cache bash &&\
+ apk add --no-cache openssl &&\
+ apk add --no-cache curl &&\
+ if [ -n "${DUSER}" ]; then addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; fi
COPY public /opt/app/aaf_config/public
COPY CA /opt/app/aaf_config/CA
COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh
-COPY bin/pod_wait.sh /opt/app/aaf_config/bin/
+COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh
COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
-RUN mkdir -p /opt/app/osaaf
-RUN if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
+RUN mkdir -p /opt/app/osaaf &&\
+ chmod 755 /opt/app/aaf_config/bin/*.sh &&\
+ if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
COPY bin/pod_wait.sh /opt/app/aaf/bin/
COPY etc /opt/app/osaaf/etc
-RUN mkdir -p /opt/app/aaf/status
-RUN if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \
- && chown ${DUSER}:${DUSER} /opt/app/osaaf \
- && chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi
+RUN mkdir -p /opt/app/aaf/status && chmod 755 /opt/app/aaf/bin/* &&\
+ if [ -n "${DUSER}" ]; then \
+ chown ${DUSER}:${DUSER} /opt/app/aaf/status &&\
+ chown ${DUSER}:${DUSER} /opt/app/osaaf &&\
+ chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi
CMD []
LABEL version=${AAF_VERSION}
COPY bin/pod_wait.sh /opt/app/aaf/bin/
-RUN mkdir -p /opt/app/osaaf
-RUN mkdir -p /opt/app/aaf/status
-RUN if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \
+RUN mkdir -p /opt/app/osaaf &&\
+ mkdir -p /opt/app/aaf/status &&\
+ chmod 755 /opt/app/aaf/bin/* &&\
+ if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \
&& chown ${DUSER}:${DUSER} /opt/app/osaaf \
&& chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi
protocol: TCP
port: {{.Values.services.cass.native_trans_port}}
containerPort: {{.Values.services.cass.native_trans_port}}
+ - name: rpc
+ protocol: TCP
+ port: {{.Values.services.cass.rpc_port}}
+ containerPort: {{.Values.services.cass.rpc_port}}
---
apiVersion: apps/v1
kind: Deployment
fieldRef:
fieldPath: metadata.namespace
- name: aaf_locate_url
- value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
+ value: "https://aaf-locate.{{.Release.Namespace }}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
- name: aaf_locator_name
- name: aaf-cm
image: {{ .Values.image.repository }}onap/aaf/aaf_cm:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"]
+ command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm nc aaf-cass.{{ .Release.Namespace }} {{ .Values.services.cass.native_trans_port }} aaf-locate && exec bin/cm"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
fieldRef:
fieldPath: status.podIP
- name: aaf_locate_url
- value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
+ value: "https://aaf-locate.{{.Release.Namespace }}:{{.Values.services.locate.internal_port}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
fieldRef:
fieldPath: metadata.namespace
- name: aaf_locate_url
- value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
+ value: "https://aaf-locate.{{.Release.Namespace }}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
- name: aaf_locator_name
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
+ - mountPath: "/opt/app/aaf/status"
+ name: aaf-status-vol
env:
- name: AAF_ENV
value: "{{ .Values.services.aaf_env }}"
fieldRef:
fieldPath: metadata.namespace
- name: aaf_locate_url
- value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
+ value: "https://aaf-locate.{{.Release.Namespace }}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
- name: aaf_locator_name
- name: aaf_locator_name_helm
value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
- value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
+ value: "{{.Values.services.cass.fqdn}}.{{.Release.Namespace}}"
# - name: CASSANDRA_USER
# value: ""
# - name: CASSANDRA_PASSWORD
- name: aaf-locate
image: {{ .Values.image.repository }}onap/aaf/aaf_locate:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"]
+ command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate nc aaf-cass.{{ .Release.Namespace }} {{ .Values.services.cass.native_trans_port }} aaf-service && exec bin/locate"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
fieldRef:
fieldPath: metadata.namespace
- name: aaf_locate_url
- value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
+ value: "https://aaf-locate.{{.Release.Namespace }}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
- name: aaf_locator_name
- name: aaf-oauth
image: {{ .Values.image.repository }}onap/aaf/aaf_oauth:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"]
+ command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth nc aaf-cass.{{ .Release.Namespace }} {{ .Values.services.cass.native_trans_port }} aaf-service && exec bin/oauth"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
- name: aaf_locator_container_ns
value: "{{ .Release.Namespace }}"
- name: aaf_locate_url
- value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
+ value: "https://aaf-locate.{{.Release.Namespace }}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
- name: aaf_locator_name
- name: aaf-service
image: {{ .Values.image.repository }}onap/aaf/aaf_service:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"]
+ command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-service nc aaf-cass.{{ .Release.Namespace }} {{ .Values.services.cass.native_trans_port }} aaf-cass && exec bin/service"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
cadi_longitude: "-72.0"
cass:
replicas: 1
+ fqdn: "aaf-cass"
cluster_name: "osaaf"
heap_new_size: "512M"
max_heap_size: "1024M"
if [ -n "$INITIALIZED" ]; then
echo "Initialization complete"
else
- $JAVA_AGENT
+ $JAVA_AGENT_SELF validate $FQI $FQDN
fi
else
shift
;;
validate)
echo "## validate requested"
- $JAVA_AGENT_SELF validate
+ $JAVA_AGENT_SELF validate $FQI $FQDN
;;
renew)
echo "## Renew Certificate"
DIR="/opt/app/aaf/status"
APP=$1
shift
-OTHER=$1
-shift
function status {
if [ -d "$DIR" ]; then
done
}
+function wait_nc {
+ n=0
+ while [ $n -lt 40 ]; do
+ echo "Waiting for Network Access to $@"
+ status "Waiting for Network Access to $1 $2"
+ rv="$(nc -zvw 5 $1 $2 2>&1 | grep -e "[open|succeed]")"
+ echo $rv
+
+ if [[ "$rv" == *open* ]] || [[ "$rv" == *succeeded* ]]; then
+ status "Network Connectable to $1 $2"
+ n=10000
+ else
+ (( ++n ))
+ echo "Sleep 10 (iteration $n)"
+ sleep 10
+ fi
+ done
+}
+
function start {
n=0
while [ $n -lt 40 ]; do
done
}
-case "$OTHER" in
- sleep)
- echo "Sleeping $1"
- status "Sleeping $1"
- sleep $1
- shift
- status "ready"
- echo "Done"
+while [ ! -z "$1" ]; do
+ OTHER=$1
+ shift
+ case "$OTHER" in
+ nc)
+ H=$1
+ shift
+ P=$1
+ shift
+ wait_nc "$H" "$P"
+ if [ -z "$@" ]; then
+ echo "ready"
+ status "ready"
+ fi
+ ;;
+ sleep)
+ echo "Sleeping $1"
+ status "Sleeping $1"
+ sleep $1
+ shift
+ if [ -z "$@" ]; then
+ echo "ready"
+ status "ready"
+ fi
+ echo "Done"
+ ;;
+ remove)
+ echo "Removing $DIR/$APP-$HOSTNAME"
+ rm -f $DIR/$APP-$HOSTNAME
+ ;;
+ wait)
+ OTHER="$1"
+ shift
+ wait
+ ;;
+ *)
+ echo "App $APP is waiting to start until $OTHER is ready"
+ status "waiting for $OTHER"
+
+ start
+ break
;;
- stop)
- echo "Removing $DIR/$APP-$HOSTNAME"
- rm $DIR/$APP-$HOSTNAME
- ;;
- wait)
- OTHER="$1"
- shift
- wait
- ;;
- *)
- echo "App $APP is waiting to start until $OTHER is ready"
- status "waiting for $OTHER"
-
- start
- ;;
-esac
-
-eval "$@"
+ esac
+done
# This script is run when starting aaf_config Container.
# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
#
+
+echo "# Properties passed in"
+ for P in `env`; do
+ if [[ "$P" == cadi* ]] || [[ "$P" == aaf* ]] || [[ "$P" == HOSTNAME* ]]; then
+ S="${P/_helm/.helm}"
+ S="${S/_oom/.oom}"
+ echo "$S"
+ fi
+ done
+
+# Set from CAP Based PROPS, if necessary
+aaf_env=${aaf_env:-"${AAF_ENV}"}
+aaf_release=${aaf_release:-"${VERSION}"}
+cadi_latitude=${cadi_latitude:-"${LATITUDE}"}
+cadi_longitude=${cadi_longitude:-"${LONGITUDE}"}
+cadi_x509_issuers=${cadi_x509_issuers:-"${CADI_X509_ISSUERS}"}
+aaf_locate_url=${aaf_locate_url:-"https://${HOSTNAME}:8095"}
+
JAVA=/usr/bin/java
OSAAF=/opt/app/osaaf
done
TMP=$(mktemp)
- echo aaf_env=${AAF_ENV} >> ${TMP}
- echo aaf_release=${VERSION} >> ${TMP}
- echo cadi_latitude=${LATITUDE} >> ${TMP}
- echo cadi_longitude=${LONGITUDE} >> ${TMP}
- echo cadi_x509_issuers=${CADI_X509_ISSUERS} >> ${TMP}
- AAF_LOCATE_URL=${aaf_locate_url:="https://${HOSTNAME}:8095"}
- echo aaf_locate_url=${AAF_LOCATE_URL} >> ${TMP}
for P in `env`; do
- if [[ "$P" == aaf_locator* ]]; then
+ if [[ "$P" == aaf_* ]] || [[ "$P" == cadi_* ]]; then
S="${P/_helm/.helm}"
S="${S/_oom/.oom}"
echo "$S" >> ${TMP}
CASS_HOST=${CASS_HOST:="aaf-cass"}
CASS_PASS=$($JAVA_CADI digest "${CASSANDRA_PASSWORD:-cassandra}" $LOCAL/org.osaaf.aaf.keyfile)
CASS_NAME=${CASS_HOST/:*/}
- sed -i.backup -e "s/\\(cassandra.clusters=\\).*/\\1${CASSANDRA_CLUSTERS:=$CASS_HOST}/" \
+ sed -i.backup -e "s/\\(cassandra.clusters=\\).*/\\1${CASSANDRA_CLUSTER:=$CASS_HOST}/" \
-e "s/\\(cassandra.clusters.user=\\).*/\\1${CASSANDRA_USER:=cassandra}/" \
-e "s/\\(cassandra.clusters.password=enc:\\).*/\\1$CASS_PASS/" \
-e "s/\\(cassandra.clusters.port=\\).*/\\1${CASSANDRA_PORT:=9042}/" \
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
cred.add(Config.CADI_KEYFILE, cred.getKeyPath());
final String ssoAppID = propAccess.getProperty(Config.AAF_APPID);
- if(fqi.equals(ssoAppID)) {
+ if(fqi!=null && fqi.equals(ssoAppID)) {
cred.addEnc(Config.AAF_APPPASS, propAccess, null);
// only Ask for Password when starting scratch
} else if(propAccess.getProperty(Config.CADI_PROP_FILES)==null) {
}
app.add(Config.AAF_LOCATE_URL, propAccess, null);
+ app.add(Config.AAF_ENV,propAccess, "DEV");
+ String release = propAccess.getProperty(Config.AAF_RELEASE);
+ if(release!=null) {
+ app.add(Config.AAF_RELEASE, release);
+ }
for(Entry<Object, Object> aaf_loc_prop : propAccess.getProperties().entrySet()) {
String key = aaf_loc_prop.getKey().toString();
- if("aaf_env".equals(key) || key.startsWith("aaf_locator")) {
+ if(key.startsWith("aaf_locator")) {
app.add(key, aaf_loc_prop.getValue().toString());
}
}
NAME=aaf.bootstrap
HOSTNAME="${HOSTNAME:=$(hostname -)}"
-FQDN="${aaf_locator_fqdn:=$HOSTNAME}"
+PUBLIC_FQDN="${aaf_locator_public_fqdn:=$HOSTNAME}"
+FQDN="${aaf_locator_fqdn:=$PUBLIC_FQDN}"
FQI=aaf@aaf.osaaf.org
SUBJECT="/CN=$FQDN/OU=$FQI`cat subject.aaf`"
SIGNER_P12=$1
Code Review / aaf / authz.git / commitdiff