From 4ad4763d8c9191998cc671a884d1af5da6ba8bb9 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Fri, 13 Jul 2018 15:49:26 -0500 Subject: [PATCH] Make Container Config Strategy Issue-ID: AAF-378 Change-Id: I57186f66b9713262643e0f440f5b9eb78154c155 Signed-off-by: Instrumental --- auth/auth-cass/docker/dinstall.sh | 15 +- auth/auth-cass/src/main/cql/init.cql | 7 + auth/auth-certman/pom.xml | 2 +- auth/auth-fs/pom.xml | 3 +- auth/auth-gui/pom.xml | 3 +- auth/auth-hello/pom.xml | 3 +- auth/auth-locate/pom.xml | 3 +- auth/auth-oauth/pom.xml | 3 +- auth/auth-service/pom.xml | 3 +- auth/docker/.gitignore | 1 + auth/docker/Dockerfile | 24 ---- auth/docker/Dockerfile.config | 2 +- auth/docker/Dockerfile.ms | 2 + auth/docker/README.txt | 31 ++++ auth/docker/agent.sh | 15 +- auth/docker/dbounce.sh | 4 + auth/docker/dbuild.sh | 28 ++-- auth/docker/dclean.sh | 9 +- auth/docker/dpush.sh | 4 +- auth/docker/drun.sh | 101 ++++++------- auth/docker/dstart.sh | 9 +- auth/docker/dstop.sh | 8 +- auth/pom.xml | 4 +- auth/sample/.gitignore | 1 + auth/sample/bin/agent.sh | 181 +++++++++++++++--------- auth/sample/etc/org.osaaf.aaf.cm.props | 2 +- auth/sample/local/.dockerignore | 1 + auth/sample/local/.gitignore | 2 - auth/sample/local/aaf.props | 6 +- auth/sample/local/org.osaaf.aaf.cassandra.props | 2 +- auth/sample/local/org.osaaf.aaf.cm.ca.props | 6 +- conf/CA/{newca.sh => newCA.sh} | 2 + conf/CA/newIntermediate.sh | 2 + 33 files changed, 281 insertions(+), 208 deletions(-) delete mode 100644 auth/docker/Dockerfile create mode 100644 auth/docker/README.txt create mode 100644 auth/docker/dbounce.sh create mode 100644 auth/sample/.gitignore create mode 100644 auth/sample/local/.dockerignore rename conf/CA/{newca.sh => newCA.sh} (96%) diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh index 44ee7130..bdbadf68 100644 --- a/auth/auth-cass/docker/dinstall.sh +++ b/auth/auth-cass/docker/dinstall.sh @@ -7,11 +7,24 @@ else echo Docker not available in /usr/bin or /usr/local/bin exit fi + +if [ "$($DOCKER volume ls | grep aaf_cass_data)" = "" ]; then + $DOCKER volume create aaf_cass_data + echo "Created Cassandra Volume aaf_cass_data" +fi + echo "Running DInstall" if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then echo "starting Cass from 'run'" # NOTE: These HEAP Sizes are minimal. Not set for full organizations. - $DOCKER run --name aaf_cass -e HEAP_NEWSIZE=512M -e MAX_HEAP_SIZE=1024M -e CASSANDRA_DC=dc1 -e CASSANDRA_CLUSTER_NAME=osaaf -d cassandra:3.11 + $DOCKER run \ + --name aaf_cass \ + -e HEAP_NEWSIZE=512M \ + -e MAX_HEAP_SIZE=1024M \ + -e CASSANDRA_DC=dc1 \ + -e CASSANDRA_CLUSTER_NAME=osaaf \ + --mount 'type=volume,src=aaf_cass_data,dst=/var/lib/cassandra,volume-driver=local' \ + -d cassandra:3.11 # Set on local Disk # -v /opt/app/cass:/var/lib/cassandra echo "aaf_cass Starting" diff --git a/auth/auth-cass/src/main/cql/init.cql b/auth/auth-cass/src/main/cql/init.cql index c06e5ee9..bf75998d 100644 --- a/auth/auth-cass/src/main/cql/init.cql +++ b/auth/auth-cass/src/main/cql/init.cql @@ -264,3 +264,10 @@ CREATE TABLE run_lock ( start timestamp, PRIMARY KEY ((class)) ); + +CREATE TABLE config ( + name varchar, + tag varchar, + value varchar, + PRIMARY KEY (name,tag) +); diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml index f0dc08ff..26c3c678 100644 --- a/auth/auth-certman/pom.xml +++ b/auth/auth-certman/pom.xml @@ -120,7 +120,7 @@ org.onap.aaf.auth.cm.AAF_CM cm - cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.cm.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.cm.props cadi_log_dir=${project.ext_root_dir}/logs/cm diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml index 0559bed1..93b55e97 100644 --- a/auth/auth-fs/pom.xml +++ b/auth/auth-fs/pom.xml @@ -112,8 +112,9 @@ org.onap.aaf.auth.fs.AAF_FS fs - cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.fs.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.fs.props cadi_log_dir=${project.ext_root_dir}/logs/fs + cadi_etc_dir=${project.ext_root_dir}/etc diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml index 6b02437e..dde1a5d8 100644 --- a/auth/auth-gui/pom.xml +++ b/auth/auth-gui/pom.xml @@ -117,8 +117,9 @@ org.onap.aaf.auth.gui.AAF_GUI gui - cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.gui.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.gui.props cadi_log_dir=${project.ext_root_dir}/logs/gui + cadi_etc_dir=${project.ext_root_dir}/etc diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index b913b6c0..db732a68 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -89,8 +89,9 @@ org.onap.aaf.auth.hello.AAF_Hello hello - cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.hello.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.hello.props cadi_log_dir=${project.ext_root_dir}/logs/hello + cadi_etc_dir=${project.ext_root_dir}/etc diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml index 13640b53..76fe2a19 100644 --- a/auth/auth-locate/pom.xml +++ b/auth/auth-locate/pom.xml @@ -106,8 +106,9 @@ org.onap.aaf.auth.locate.AAF_Locate locate - cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.locate.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.locate.props cadi_log_dir=${project.ext_root_dir}/logs/locate + cadi_etc_dir=${project.ext_root_dir}/etc diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml index 65100700..fdd236ac 100644 --- a/auth/auth-oauth/pom.xml +++ b/auth/auth-oauth/pom.xml @@ -92,8 +92,9 @@ org.onap.aaf.auth.oauth.AAF_OAuth oauth - cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.oauth.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.oauth.props cadi_log_dir=${project.ext_root_dir}/logs/oauth + cadi_etc_dir=${project.ext_root_dir}/etc diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml index 244e1e83..6ad719b1 100644 --- a/auth/auth-service/pom.xml +++ b/auth/auth-service/pom.xml @@ -120,8 +120,9 @@ org.onap.aaf.auth.service.AAF_Service service - cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.service.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.service.props cadi_log_dir=${project.ext_root_dir}/logs/service + cadi_etc_dir=${project.ext_root_dir}/etc diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore index f08acc75..a03737d0 100644 --- a/auth/docker/.gitignore +++ b/auth/docker/.gitignore @@ -1 +1,2 @@ +local d.props diff --git a/auth/docker/Dockerfile b/auth/docker/Dockerfile deleted file mode 100644 index d744d69c..00000000 --- a/auth/docker/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM rmannfv/aaf-base:xenial -MAINTAINER AAF Team, AT&T 2018 -ENV VERSION=${AAF_VERSION} - -LABEL description="aaf ${AAF_COMPONENT}" -LABEL version=${AAF_VERSION} - - -COPY lib /opt/app/aaf/${AAF_COMPONENT}/lib -COPY theme /opt/app/aaf/${AAF_COMPONENT}/theme -COPY bin /opt/app/aaf/${AAF_COMPONENT}/bin - -CMD ["/bin/bash","-c","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] - -# For Debugging installation -# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] -# Java Debugging VM Args -# "-Xdebug",\ -# "-Xnoagent",\ -# "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000",\ - -# TLS Debugging VM Args -# "-Djavax.net.debug","ssl", \ - diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config index a5811e09..1855fae2 100644 --- a/auth/docker/Dockerfile.config +++ b/auth/docker/Dockerfile.config @@ -7,7 +7,7 @@ LABEL version=${AAF_VERSION} COPY data/sample.identities.dat /opt/app/aaf_config/data/ COPY etc /opt/app/aaf_config/etc -COPY local/*.props /opt/app/aaf_config/local/ +COPY local /opt/app/aaf_config/local COPY public /opt/app/aaf_config/public COPY logs /opt/app/aaf_config/logs COPY bin /opt/app/aaf_config/bin diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms index 121bd06c..b8ef6d9a 100644 --- a/auth/docker/Dockerfile.ms +++ b/auth/docker/Dockerfile.ms @@ -5,6 +5,8 @@ ENV VERSION=${AAF_VERSION} LABEL description="aaf_${AAF_COMPONENT}" LABEL version=${AAF_VERSION} +COPY theme /opt/app/aaf/theme + CMD ["/bin/bash","-c","/opt/app/aaf/bin/${AAF_COMPONENT}"] # For Debugging installation diff --git a/auth/docker/README.txt b/auth/docker/README.txt new file mode 100644 index 00000000..32ed3489 --- /dev/null +++ b/auth/docker/README.txt @@ -0,0 +1,31 @@ +# Start the container in bash mode, so it stays up +sh agent.sh bash + + +# in another shell, find out your Container name +docker container ls | grep aaf_agent + +# copy keystore for this AAF Env +docker container cp -L org.osaaf.aaf.p12 :/opt/app/osaaf/local +# (in Agent Window) +agent encrypt cadi_keystore_password + +# If you intend to use Certman to sign certs, it is a "local" CA +# copy Signing Keystore into container +docker container cp -L org.osaaf.aaf.signer.p12 :/opt/app/osaaf/local +# (in Agent Window) +agent encrypt cm_ca.local + +# Add in Cassandra Password +agent encrypt cassandra.clusters.password + +# Check to make sure all passwords are set +grep "enc:" *.props + + +# When good, run AAF +bash drun.sh + +# watch logs in Agent Window +cd ../logs +sh taillog diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index 68027947..f734c629 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -1,9 +1,12 @@ #!/bin/bash . ./d.props + docker run \ - -it \ - --mount 'type=volume,src=aaf_config,dst=/opt/app/osaaf,volume-driver=local' \ - --name aaf_agent_$USER \ - ${ORG}/${PROJECT}/aaf_config:${VERSION} \ - /bin/bash $* -docker container rm aaf_agent_$USER > /dev/null + -it \ + --rm \ + --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \ + --add-host="$HOSTNAME:$HOST_IP" \ + --add-host="aaf.osaaf.org:$HOST_IP" \ + --name aaf_agent_$USER \ + ${ORG}/${PROJECT}/aaf_config:${VERSION} \ + /bin/bash "$@" diff --git a/auth/docker/dbounce.sh b/auth/docker/dbounce.sh new file mode 100644 index 00000000..e6367957 --- /dev/null +++ b/auth/docker/dbounce.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +sh ./dstop.sh "$@" +sh ./dstart.sh "$@" diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index ec5cd5cb..ba7a8095 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -1,46 +1,42 @@ -#!/bin/bash +#!/bin/bash # # Docker Building Script. Reads all the components generated by install, on per-version basis # # Pull in Variables from d.props if [ ! -e ./d.props ]; then - cp d.props.init d.props + cp d.props.init d.props fi . ./d.props # Create the Config (Security) Image -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.config > ../sample/Dockerfile +sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.config >../sample/Dockerfile cd .. cp ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin docker build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar cd - -exit - # Second, build a core Docker Image echo Building aaf_$AAF_COMPONENT... # Apply currrent Properties to Docker file, and put in place. -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.core > ../aaf_${VERSION}/Dockerfile +sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.core >../aaf_${VERSION}/Dockerfile cd .. docker build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_${VERSION} rm aaf_${VERSION}/Dockerfile cd - if ["$1" == ""]; then - AAF_COMPONENTS=`ls ../aaf_*HOT/bin | grep -v '\.'` + AAF_COMPONENTS=$(ls ../aaf_*HOT/bin | grep -v '\.') else - AAF_COMPONENTS=$1 + AAF_COMPONENTS=$1 fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do - echo Building aaf_$AAF_COMPONENT... - sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.ms > ../aaf_${VERSION}/Dockerfile - cd .. - docker build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} - rm aaf_${VERSION}/Dockerfile - cd - + echo Building aaf_$AAF_COMPONENT... + sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.ms >../aaf_${VERSION}/Dockerfile + cd .. + docker build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} + rm aaf_${VERSION}/Dockerfile + cd - done - - diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh index 163272d0..0bca9ef7 100644 --- a/auth/docker/dclean.sh +++ b/auth/docker/dclean.sh @@ -1,17 +1,18 @@ -#!/bin/bash +#!/bin/bash # Pull in Variables from d.props . ./d.props if [ "$1" == "" ]; then - AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'` + AAF_COMPONENTS=$(ls ../aaf_${VERSION}/bin | grep -v '\.') else - AAF_COMPONENTS=$1 + AAF_COMPONENTS=$1 fi +docker image rm $ORG/$PROJECT/aaf_config:${VERSION} docker image rm $ORG/$PROJECT/aaf_core:${VERSION} echo "Y" | docker container prune for AAF_COMPONENT in ${AAF_COMPONENTS}; do - docker image rm $ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION} + docker image rm $ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION} done echo "Y" | docker image prune diff --git a/auth/docker/dpush.sh b/auth/docker/dpush.sh index 78129796..761ae2a8 100644 --- a/auth/docker/dpush.sh +++ b/auth/docker/dpush.sh @@ -12,7 +12,7 @@ fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION} - docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} - docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION} + docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} + docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION} done diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index a7378b75..c62adfc2 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -1,65 +1,52 @@ -#!/bin/bash +#!/bin/bash # Pull in Variables from d.props . ./d.props -# Create Volumes, if not exist already -for VOL in aaf_config aaf_cass_data; do - HAS_VOLUME=`docker volume ls | grep $VOL` - if [ "$HAS_VOLUME" = "" ]; then - docker volume create --name $VOL - fi -done - docker run \ - -d \ - --name aaf_config \ - --mount 'type=volume,src=aaf_config,dst=/opt/app/osaaf,volume-driver=local' \ - ${ORG}/${PROJECT}/aaf_agent:${VERSION} - if [ "$1" == "" ]; then - AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'` + AAF_COMPONENTS=$(ls -r ../aaf_${VERSION}/bin | grep -v '\.') else - AAF_COMPONENTS=$1 + AAF_COMPONENTS="$@" fi - -for AAF_COMPONENT in ${AAF_COMPONENTS}; do - case "$AAF_COMPONENT" in - "service") - PORTMAP="8100:8100" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" - ;; - "locate") - PORTMAP="8095:8095" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" - ;; - "oauth") - PORTMAP="8140:8140" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" - ;; - "gui") - PORTMAP="8200:8200" - ;; - "cm") - PORTMAP="8150:8150" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" - ;; - "hello") - PORTMAP="8130:8130" - ;; - "fs") - PORTMAP="80:8096" - ;; - esac - - echo Starting aaf_$AAF_COMPONENT... - docker run \ - -d \ - --name aaf_$AAF_COMPONENT \ - --hostname="${AAF_COMPONENT}.aaf.osaaf.org" \ - --add-host="$HOSTNAME:$HOST_IP" \ - --add-host="aaf.osaaf.org:$HOST_IP" \ - ${LINKS} \ - --publish $PORTMAP \ - --mount type=bind,source=$CONF_ROOT_DIR,target=/opt/app/osaaf \ - ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} +for AAF_COMPONENT in ${AAF_COMPONENTS}; do + case "$AAF_COMPONENT" in + "service") + PORTMAP="8100:8100" + LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + ;; + "locate") + PORTMAP="8095:8095" + LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + ;; + "oauth") + PORTMAP="8140:8140" + LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + ;; + "gui") + PORTMAP="8200:8200" + ;; + "cm") + PORTMAP="8150:8150" + LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + ;; + "hello") + PORTMAP="8130:8130" + ;; + "fs") + PORTMAP="80:8096" + ;; + esac + + echo Starting aaf_$AAF_COMPONENT... + + docker run \ + -d \ + --name aaf_$AAF_COMPONENT \ + --hostname="${AAF_COMPONENT}.aaf.osaaf.org" \ + --add-host="$HOSTNAME:$HOST_IP" \ + --add-host="aaf.osaaf.org:$HOST_IP" \ + ${LINKS} \ + --publish $PORTMAP \ + --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \ + ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} done diff --git a/auth/docker/dstart.sh b/auth/docker/dstart.sh index ae6ed02d..4c0a46f4 100644 --- a/auth/docker/dstart.sh +++ b/auth/docker/dstart.sh @@ -1,14 +1,13 @@ -#!/bin/bash +#!/bin/bash # Pull in Props . ./d.props - if [ "$1" == "" ]; then - AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'` + AAF_COMPONENTS=$(ls -r ../aaf_${VERSION}/bin | grep -v '\.') else - AAF_COMPONENTS=$1 + AAF_COMPONENTS="$@" fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do - docker start aaf_$AAF_COMPONENT + docker start aaf_$AAF_COMPONENT done diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh index 4c8d4425..c6e1cfeb 100644 --- a/auth/docker/dstop.sh +++ b/auth/docker/dstop.sh @@ -1,13 +1,13 @@ -#!/bin/bash +#!/bin/bash # Pull in Properties . ./d.props if [ "$1" == "" ]; then - AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'` + AAF_COMPONENTS=$(ls ../aaf_${VERSION}/bin | grep -v '\.') else - AAF_COMPONENTS=$1 + AAF_COMPONENTS="$@" fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do - docker stop aaf_$AAF_COMPONENT + docker stop aaf_$AAF_COMPONENT done diff --git a/auth/pom.xml b/auth/pom.xml index 193565d6..8e6045cc 100644 --- a/auth/pom.xml +++ b/auth/pom.xml @@ -57,9 +57,7 @@ 3.4.0 4.1.22.Final - + /opt/app/osaaf diff --git a/auth/sample/.gitignore b/auth/sample/.gitignore new file mode 100644 index 00000000..62fd177d --- /dev/null +++ b/auth/sample/.gitignore @@ -0,0 +1 @@ +theme diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/agent.sh index b4ea272e..5d34a8a9 100644 --- a/auth/sample/bin/agent.sh +++ b/auth/sample/bin/agent.sh @@ -1,3 +1,4 @@ +#!/bin/bash # This script is run when starting aaf_config Container. # It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) # @@ -5,81 +6,121 @@ JAVA=/usr/bin/java # Only load Identities once if [ ! -e /opt/app/osaaf/data/identities.dat ]; then - mkdir -p /opt/app/osaaf/data - cp /opt/app/aaf_config/data/sample.identities.dat /opt/app/osaaf/data/identities.dat + mkdir -p /opt/app/osaaf/data + cp /opt/app/aaf_config/data/sample.identities.dat /opt/app/osaaf/data/identities.dat fi # Only initialize once, automatically... if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then - for D in local; do - rsync -avzh /opt/app/aaf_config/$D/org.osaaf.aaf* /opt/app/osaaf/$D - done - for D in public etc logs; do - rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D - done - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config osaaf@aaf.osaaf.org \ - cadi_etc_dir=/opt/app/osaaf/local \ - cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props \ - cadi_latitude=38.4329 \ - cadi_longitude=-90.43248 - #cp /opt/app/aaf_config/ -else - CMD=$2 - shift - if [ "$CMD" = "" ]; then - echo "AAF already configured for this Volume" - else + rsync -avzh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local + for D in public etc logs; do + rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config osaaf@aaf.osaaf.org \ + cadi_etc_dir=/opt/app/osaaf/local \ + cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props \ + cadi_latitude=38.4329 \ + cadi_longitude=-90.43248 +fi + +# Now run a command +CMD=$2 +if [ ! "$CMD" = "" ]; then + shift + shift case "$CMD" in - ls) - echo ls requested - find /opt/app/osaaf -depth - ;; - cat) - if [ "$1" = "" ]; then - echo "usage: cat " - else - if [[ $1 == *.props ]]; then - echo - echo "## CONTENTS OF $3" - echo - cat $1 - else - echo "### ERROR ####" - echo " \"cat\" may only be used with files ending with \".props\"" - fi + ls) + echo ls requested + find /opt/app/osaaf -depth + ;; + cat) + if [ "$1" = "" ]; then + echo "usage: cat " + else + if [[ $1 == *.props ]]; then + echo + echo "## CONTENTS OF $3" + echo + cat "$1" + else + echo "### ERROR ####" + echo " \"cat\" may only be used with files ending with \".props\"" + fi fi - ;; - update) - for D in public data etc local logs; do - rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D /opt/app/osaaf + ;; + update) + rsync -uh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local + for D in public data etc logs; do + rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D done - ;; - validate) - echo "## validate requested" - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props - ;; - bash) - if [ ! "grep aaf_config ~/.bashrc" == "" ]; then - echo "alias cadi='/bin/bash /opt/app/aaf_config/bin/agent.sh $*'" >> ~/.bashrc - . ~/.bashrc - fi - shift - /bin/bash $* - ;; - encrypt) - echo $1 $2 $3 - cd /opt/app/osaaf/local - - for F in `grep -l $2 *.props`; do - echo "Changing $F" - PWD=`$JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest $3 /opt/app/osaaf/local/org.osaaf.aaf.keyfile` - sed -i.old -e "s/\($2=\).*/\1enc=$PWD/" /opt/app/osaaf/local/org.osaaf.aaf.cred.props - cat $F - done - ;; - *) - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar $* + ;; + validate) + echo "## validate requested" + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props + ;; + bash) + echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc + if [ ! "$(grep aaf_config ~/.bashrc)" = "" ]; then + echo "alias cadi='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY cadi \$*'" >>~/.bashrc + echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc + #. ~/.bashrc + fi + shift + cd /opt/app/osaaf/local || exit + /bin/bash "$@" + ;; + encrypt) + cd /opt/app/osaaf/local || exit + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props + echo "$1=enc:" >>FILES + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$2" = "" ]; then + read -r -p "Password (leave blank to cancel): " -s ORIG_PW + echo " " + if [ "$ORIG_PW" = "" ]; then + echo canceling... + break + fi + else + ORIG_PW="$2" + fi + PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) + sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + cat $F + done + ;; + --help | -?) + case "$1" in + "") + echo "--- Agent Container Comands ---" + echo " ls - Lists all files in Configuration" + echo " cat > - Shows the contents (Prop files only)" + echo " validate - Runs a test using Configuration" + echo " encrypt [] - set passwords on Configuration (if no pass, it will be queried)" + echo " bash - run bash in Container" + echo " Note: the following aliases are preset" + echo " cadi - CADI CmdLine tool" + echo " agent - Agent Java tool (see above help)" + echo "" + echo " --help|-? [cadi|agent] - This help, cadi help or agent help" + ;; + cadi) + echo "--- cadi Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 + ;; + agent) + echo "--- agent Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar + ;; + esac + echo "" + ;; + *) + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" + ;; esac - fi -fi - +fi diff --git a/auth/sample/etc/org.osaaf.aaf.cm.props b/auth/sample/etc/org.osaaf.aaf.cm.props index 1fa13fe3..628b5fd3 100644 --- a/auth/sample/etc/org.osaaf.aaf.cm.props +++ b/auth/sample/etc/org.osaaf.aaf.cm.props @@ -3,7 +3,7 @@ ## AAF Certificate Manager properties ## Note: Link to CA Properties in "local" dir ## -cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.aaf.cm.ca.props aaf_component=AAF_NS.cm:2.1.0.0 port=8150 diff --git a/auth/sample/local/.dockerignore b/auth/sample/local/.dockerignore new file mode 100644 index 00000000..6c7b69a0 --- /dev/null +++ b/auth/sample/local/.dockerignore @@ -0,0 +1 @@ +.gitignore diff --git a/auth/sample/local/.gitignore b/auth/sample/local/.gitignore index 362863ac..e69de29b 100644 --- a/auth/sample/local/.gitignore +++ b/auth/sample/local/.gitignore @@ -1,2 +0,0 @@ -truststoreONAPall.jks -org.osaaf.aaf.signer.p12 diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props index 6b08d9a0..8237c4e9 100644 --- a/auth/sample/local/aaf.props +++ b/auth/sample/local/aaf.props @@ -10,9 +10,13 @@ aaf_domain_support=.com:.org aaf_default_realm=people.osaaf.org # Initial Passwords and such -aaf_password=osaaf_admin +aaf_password=startup +cadi_alias=osaaf@aaf.osaaf.org +cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 +cadi_keystore_password=kumquat cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks cadi_truststore_password=changeit # Other aaf_data_dir=/opt/app/osaaf/data +cadi_registration_hostname=meriadoc.mithril.sbc.com diff --git a/auth/sample/local/org.osaaf.aaf.cassandra.props b/auth/sample/local/org.osaaf.aaf.cassandra.props index 692e57f9..9e29d834 100644 --- a/auth/sample/local/org.osaaf.aaf.cassandra.props +++ b/auth/sample/local/org.osaaf.aaf.cassandra.props @@ -7,7 +7,7 @@ cassandra.clusters=cass.aaf.osaaf.org cassandra.clusters.port=9042 #need this to be fully qualified name when REAL AAF integration cassandra.clusters.user=cassandra -cassandra.clusters.password=enc: +cassandra.clusters.password=enc: # Name for exception that has happened in the past cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" diff --git a/auth/sample/local/org.osaaf.aaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props index 59242995..92d55f92 100644 --- a/auth/sample/local/org.osaaf.aaf.cm.ca.props +++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props @@ -1,10 +1,10 @@ ## -## org.osaaf.aaf.cm.ca.props -## Properties to access Certificate Authority +## org.osaaf.cm.ca.props +## Properties to access Certifiate Authority ## #Certman -cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc: +cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/aaf_intermediate_1.p12;aaf_intermediate_1;enc: cm_ca.local.idDomains=org.osaaf cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US cm_ca.local.perm_type=org.osaaf.aaf.ca diff --git a/conf/CA/newca.sh b/conf/CA/newCA.sh similarity index 96% rename from conf/CA/newca.sh rename to conf/CA/newCA.sh index 5f49f38a..49b12c3f 100644 --- a/conf/CA/newca.sh +++ b/conf/CA/newCA.sh @@ -6,6 +6,8 @@ mkdir -p private certs newcerts chmod 700 private chmod 755 certs newcerts touch index.txt +echo "unique_subject = no" > index.txt.attr + if [ ! -e serial ]; then echo '01' > serial fi diff --git a/conf/CA/newIntermediate.sh b/conf/CA/newIntermediate.sh index 94103051..303c22e1 100644 --- a/conf/CA/newIntermediate.sh +++ b/conf/CA/newIntermediate.sh @@ -13,6 +13,8 @@ mkdir -p $DIR/private $DIR/certs $DIR/newcerts chmod 700 $DIR/private chmod 755 $DIR/certs $DIR/newcerts touch $DIR/index.txt +echo "unique_subject = no" > $DIR/index.txt.attr + if [ ! -e $DIR/serial ]; then echo '01' > $DIR/serial fi -- 2.16.6