From 96bf6a2771dfe992fb27bd6361d191d83b6ff605 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Tue, 24 Mar 2020 17:07:27 -0500 Subject: [PATCH] AAF Services non root, all platforms adjust Agent for JDK 11 Included redoing Config and Agent Init Containers refit for "hello" (sample) Issue-ID: AAF-1102 Signed-off-by: Instrumental Change-Id: Ia957b1ccce34d164580ccb0a6d02d7b800e4887e --- auth/auth-cass/cass_init/cmd.sh | 4 +- auth/auth-cass/cass_init/push.sh | 5 +- auth/auth-cass/cass_init/restore.sh | 2 +- auth/auth-cass/docker/Dockerfile.cass | 11 +- auth/docker/Dockerfile.agent | 13 +- auth/docker/Dockerfile.base | 15 +- auth/docker/Dockerfile.config | 16 +- auth/docker/Dockerfile.core | 14 +- auth/docker/Dockerfile.hello | 19 +- auth/docker/agent.sh | 4 +- auth/docker/components | 1 - auth/docker/dbuild.sh | 249 ++++++++++++--------- auth/docker/dclean.sh | 4 + auth/docker/drun.sh | 50 ++++- auth/docker/dstop.sh | 7 +- auth/helm/aaf-hello/templates/aaf-hello.yaml | 16 +- auth/helm/aaf/aaf.sh | 4 +- auth/helm/aaf/templates/aaf-service.yaml | 2 +- auth/sample/bin/client.sh | 26 ++- auth/sample/bin/service.sh | 4 + cadi/aaf/src/assemble/cadi-aaf.xml | 10 - .../java/org/onap/aaf/cadi/configure/Agent.java | 14 +- 22 files changed, 290 insertions(+), 200 deletions(-) diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh index f605a472..bfd592a3 100644 --- a/auth/auth-cass/cass_init/cmd.sh +++ b/auth/auth-cass/cass_init/cmd.sh @@ -24,7 +24,7 @@ DIR="/opt/app/aaf/status" INSTALLED_VERSION=/var/lib/cassandra/AAF_VERSION AAF_INIT_DATA=/var/lib/cassandra/AAF_INIT_DATA -CQLSH=${CQLSH:=/opt/cassandra/bin/cqlsh} +CQLSH=${CQLSH:=/usr/bin/cqlsh} if [ ! -e /aaf_cmd ]; then ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd @@ -137,7 +137,7 @@ function install_onap { bash prep.sh status push data to cassandra # bash push.sh - echo "YES" | bash restore.sh + bash push.sh cd - echo $(date) > $AAF_INIT_DATA fi diff --git a/auth/auth-cass/cass_init/push.sh b/auth/auth-cass/cass_init/push.sh index f887f077..a6f8277d 100644 --- a/auth/auth-cass/cass_init/push.sh +++ b/auth/auth-cass/cass_init/push.sh @@ -22,6 +22,9 @@ # These are obtained from "gzipped" files, or pre-placed (i.e. initialization) # in the "dats" directory # + +CQLSH="${CQLSH:=/usr/bin/cqlsh} -k authz" + DIR=/opt/app/aaf/cass_init cd $DIR if [ ! -e dats ]; then @@ -35,7 +38,7 @@ fi cd dats for T in $(ls *.dat); do if [ -s $T ]; then - cqlsh --request-timeout=100 -e "COPY authz.${T/.dat/} FROM '$T' WITH DELIMITER='|';"; + $CQLSH --request-timeout=100 -e "COPY authz.${T/.dat/} FROM '$T' WITH DELIMITER='|';"; fi done cd $DIR diff --git a/auth/auth-cass/cass_init/restore.sh b/auth/auth-cass/cass_init/restore.sh index ba2c49eb..0bf0ea65 100644 --- a/auth/auth-cass/cass_init/restore.sh +++ b/auth/auth-cass/cass_init/restore.sh @@ -4,7 +4,7 @@ echo `date` ENV=DOCKER -CQLSH="${CQLSH:=/opt/cassandra/bin/cqlsh} -k authz" +CQLSH="${CQLSH:=/usr/bin/cqlsh} -k authz" cd dats if [ "$*" = "" ]; then diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass index 5d9c3db9..2d60da2e 100644 --- a/auth/auth-cass/docker/Dockerfile.cass +++ b/auth/auth-cass/docker/Dockerfile.cass @@ -34,11 +34,12 @@ COPY sample.identities.dat /opt/app/aaf/cass_init/data/identites.dat RUN mkdir -p /opt/app/aaf/status &&\ chmod 777 /opt/app/aaf/status && \ - addgroup ${DUSER} && adduser --ingroup cassandra --disabled-password --gecos "" --shell /bin/bash ${DUSER} && \ - chown -R ${DUSER}:cassandra /opt/app/aaf/cass_init &&\ - chown -R ${DUSER}:cassandra /etc/cassandra &&\ - mkdir -p /var/lib/cassandra/data && chown -R ${DUSER}:cassandra /var/lib/cassandra &&\ - chown -R ${DUSER}:cassandra /var/log/cassandra &&\ + if [ ! -z "${DUSER}" ]; then \ + addgroup --gid 1000 ${DUSER}; \ + adduser --ingroup ${DUSER} --disabled-password --gecos "" --shell /bin/bash -u 1000 ${DUSER} ; \ + mkdir -p /var/lib/cassandra/data /var/log/cassandra ; \ + chown -R 1000:1000 /opt/app/aaf /etc/cassandra /var/log/cassandra /var/lib/cassandra ; \ + fi && \ ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd && chmod a+x /aaf_cmd USER ${DUSER} diff --git a/auth/docker/Dockerfile.agent b/auth/docker/Dockerfile.agent index e974dc49..71f70098 100644 --- a/auth/docker/Dockerfile.agent +++ b/auth/docker/Dockerfile.agent @@ -27,9 +27,14 @@ LABEL version=${AAF_VERSION} COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh COPY bin/aaf-cadi-aaf-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/ -COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/ +#COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/ COPY cert/*trust*.b64 /opt/app/aaf_config/cert/ -RUN chmod 755 /opt/app/aaf_config/bin/* &&\ - if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi -USER ${DUSER} + CMD [] + +RUN mkdir -p /opt/app/osaaf/local && \ + if [ -n "${DUSER}" ]; then \ + addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \ + chown ${DUSER}:${DUSER} /opt/app/osaaf/local; \ + fi +# Note: User added if in d.props diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base index 523d63f0..4d305d7a 100644 --- a/auth/docker/Dockerfile.base +++ b/auth/docker/Dockerfile.base @@ -18,19 +18,20 @@ # ============LICENSE_END==================================================== # # Use dbuild.sh input parameter to set registry -#FROM ${REGISTRY}/openjdk:11-jre-slim #FROM ${REGISTRY}/openjdk:8-jdk-alpine FROM ${REGISTRY}/alpine -#FROM openjdk:12-jdk-alpine -#FROM openjdk:13-jdk-alpine MAINTAINER AAF Team, AT&T 2018 LABEL description="aaf_base" ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk -RUN apk --no-cache add openjdk11 &&\ - apk add --no-cache bash &&\ + +RUN apk add --no-cache bash &&\ + apk --no-cache add openjdk11 &&\ apk add --no-cache openssl &&\ - apk add --no-cache curl &&\ - if [ -n "${DUSER}" ]; then addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; fi + apk add --no-cache curl + +# mkdir -p /opt/app/aaf/status +# addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash +# Note: User added if in d.props diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config index b2263ecc..3d9aa352 100644 --- a/auth/docker/Dockerfile.config +++ b/auth/docker/Dockerfile.config @@ -36,8 +36,16 @@ COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh COPY bin/aaf-auth-cmd-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/ COPY bin/aaf-auth-batch-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/ -RUN mkdir -p /opt/app/osaaf &&\ - chmod 755 /opt/app/aaf_config/bin/*.sh &&\ - if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi -USER ${DUSER} +RUN mkdir -p /opt/app/aaf /opt/app/osaaf/logs && \ + if [ -n "${DUSER}" ]; then \ + addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \ + chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/osaaf /opt/app/aaf_config; \ + fi && \ + chmod 774 /opt/app/aaf_config/bin/*.sh + CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] +# Note: User added if in d.props +# if [ -n "${DUSER}" ]; then \ +# addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \ +# chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/aaf_config; \ +# fi && \ diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core index 4179c5e7..206d1c4d 100644 --- a/auth/docker/Dockerfile.core +++ b/auth/docker/Dockerfile.core @@ -30,11 +30,11 @@ COPY lib /opt/app/aaf/lib COPY bin /opt/app/aaf/bin COPY theme/ /opt/app/aaf/theme/ -RUN mkdir -p /opt/app/osaaf &&\ - mkdir -p /opt/app/aaf/status &&\ - chmod 755 /opt/app/aaf/bin/* &&\ - if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \ - && chown ${DUSER}:${DUSER} /opt/app/osaaf \ - && chown -R ${DUSER}:${DUSER} /opt/app/aaf;\ +RUN mkdir -p /opt/app/aaf && \ + if [ -n "${DUSER}" ]; then \ + addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash ;\ + chown -R ${DUSER}:${DUSER} /opt/app/aaf ;\ + chmod 774 /opt/app/aaf/bin/* ;\ fi -USER ${DUSER} + +# Note: User added if in d.props diff --git a/auth/docker/Dockerfile.hello b/auth/docker/Dockerfile.hello index 82d9a9f5..e8a60566 100644 --- a/auth/docker/Dockerfile.hello +++ b/auth/docker/Dockerfile.hello @@ -27,15 +27,16 @@ LABEL version=${AAF_VERSION} COPY bin/pod_wait.sh /opt/app/aaf/bin/ COPY lib /opt/app/aaf/lib COPY bin/hello /opt/app/aaf/bin/ -COPY etc /opt/app/aaf/etc -COPY logs /opt/app/aaf/logs +COPY etc /opt/app/osaaf/etc +COPY logs /opt/app/osaaf/logs -RUN mkdir -p /opt/app/osaaf &&\ - mkdir -p /opt/app/aaf/status &&\ - chmod 755 /opt/app/aaf/bin/* &&\ - if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \ - && chown ${DUSER}:${DUSER} /opt/app/osaaf \ - && chown -R ${DUSER}:${DUSER} /opt/app/aaf;\ +RUN mkdir -p /opt/app/aaf /opt/app/osaaf/logs/hello /opt/app/osaaf/local && \ + if [ -n "${DUSER}" ]; then \ + addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash ;\ + chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/osaaf;\ + chmod 774 /opt/app/aaf/bin/* ;\ fi -USER ${DUSER} + CMD [] + +# Note: User added if in d.props diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index f59bd228..0abce9c6 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -111,8 +111,9 @@ function run_it() { fi $DOCKER run -it --rm \ ${USER_LINE} \ - -v "${VOLUME}:/opt/app/osaaf" \ + -v "${VOLUME}:/opt/app/osaaf/local" \ --add-host="$AAF_FQDN:$AAF_FQDN_IP" \ + $USER_LINE \ --env AAF_FQDN=${AAF_FQDN} \ --env DEPLOY_FQI=${DEPLOY_FQI} \ --env DEPLOY_PASSWORD=${DEPLOY_PASSWORD} \ @@ -138,6 +139,7 @@ function reset_sso { mkdir -p ~/.aaf > $HOME/.aaf/sso.props sso aaf_locate_url "https://$AAF_FQDN:8095" + sso aaf_url_cm "https://$AAF_FQDN:8150" sso cadi_latitude "$LATITUDE" sso cadi_longitude "$LONGITUDE" sso cadi_loglevel "DEBUG" diff --git a/auth/docker/components b/auth/docker/components index 7f58dc33..bb5f27b2 100644 --- a/auth/docker/components +++ b/auth/docker/components @@ -3,5 +3,4 @@ locate oauth cm gui -hello fs diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 0a816461..e768904b 100644 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -31,6 +31,19 @@ fi # Remove "SNAPSHOT" from AAF Jars in Containers JAR_VERSION=${VERSION/-SNAPSHOT/} +function SCP() { + SANS=${1/-SNAPSHOT/} + echo $1 = $SANS + if [ -e $SANS ]; then + cp $SANS $2 + else + + ln $1 $SANS + cp $SANS $2 + rm $SANS + fi +} + # process input. originally, an optional positional parameter is used to designate a component. # A flagged parameter has been added to optionally indicate docker pull registry. Ideally, options # would be flagged but we're avoiding ripple effect of changing original usage @@ -46,6 +59,7 @@ if [ $# -gt 0 ]; then else DOCKER_PULL_REGISTRY=$3 fi + shift fi fi fi @@ -54,81 +68,82 @@ grep -v '#' d.props | grep '=' | grep -v -e "=$" DOCKER=${DOCKER:=docker} -echo "Building Containers for aaf components, version $VERSION" -# AAF_cass now needs a version... -echo "### Build Cass" -cd ../auth-cass/docker -pwd -bash ./dbuild.sh $DOCKER_PULL_REGISTRY -cd - - ######## -# First, build a AAF Base version - set the core image, etc -echo "### Build Base" -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ - -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ - -e 's/${DUSER}/'${DUSER}'/g' \ - -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \ - Dockerfile.base > Dockerfile -$DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} . -$DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION} -$DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:latest -rm Dockerfile - -function SCP() { - SANS=${1/-SNAPSHOT/} - echo $1 = $SANS - if [ -e $SANS ]; then - cp $SANS $2 - else - - ln $1 $SANS - cp $SANS $2 - rm $SANS - fi -} +# Preliminary: if Cass exists, build that first +if [[ -z "$1" || "$1" = "cass" ]]; then + echo "#### Delegate to Cassandra build" + echo "Building Containers for aaf components, version $VERSION" + # AAF_cass now needs a version... + echo "### Build Cass" + cd ../auth-cass/docker + bash ./dbuild.sh $DOCKER_PULL_REGISTRY + cd - +fi -######## -# Second, Create the AAF Config (Security) Images +if [[ -z "$1" || "$1" = "base" ]]; then + ######## + # First, build a AAF Base version - set the core image, etc + echo "### Build Base" + sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ + -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \ + Dockerfile.base > Dockerfile + $DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} . + $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION} + $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:latest + rm Dockerfile +fi + +# Common copies cd .. -# Note: only 2 jars each in Agent/Config -SCP auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin -SCP auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin SCP ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin -SCP ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar sample/bin -cp -Rf ../conf/CA sample - -# AAF Config image (for AAF itself) -echo "### Build Config" -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ - -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ - -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ - -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ - -e 's/${DUSER}/'${DUSER}'/g' \ - docker/Dockerfile.config > sample/Dockerfile -$DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample -$DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION} -$DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:latest - - -# AAF Agent Image (for Clients) -echo "### Build Agent" -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ - -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ - -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ - -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ - -e 's/${DUSER}/'${DUSER}'/g' \ - docker/Dockerfile.agent > sample/Dockerfile -$DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample -$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION} -$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest + +if [[ -z "$1" || "$1" = "config" ]]; then + ######## + # Second, Create the AAF Config (Security) Images + # Note: only 2 jars each in Agent/Config + SCP auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin + SCP auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin + SCP ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar sample/bin + cp -Rf ../conf/CA sample + + # AAF Config image (for AAF itself) + echo "### Build Config" + sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ + -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ + -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ + docker/Dockerfile.config > sample/Dockerfile + # Note: do Config as Root, to get directories correct + $DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample + $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION} + $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:latest +fi + +if [[ -z "$1" || "$1" = "agent" ]]; then + # AAF Agent Image (for Clients) + echo "### Build Agent" + sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ + -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ + -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ + docker/Dockerfile.agent > sample/Dockerfile + #if [ -n "$DUSER" ]; then + # echo "USER $DUSER" >> sample/Dockerfile + #fi + $DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample + $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION} + $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest + +fi # Clean up -rm sample/Dockerfile sample/bin/aaf-*-*.jar -rm -Rf sample/CA +rm -Rf sample/Dockerfile sample/bin/aaf-*-*.jar sample/CA cd - - ######## # Third Copy AAF Executables to a BUILD Directory, for easy Cleanup echo "### Copy to aaf_DBUILD" @@ -155,53 +170,65 @@ if [ ! "$VERSION" = "$JAR_VERSION" ]; then done cd ${START_DIR} fi - -######## -# Third, build a core Docker Image to be used for all AAF Components cp ../sample/bin/pod_wait.sh ../aaf_DBUILD/bin -# Apply currrent Properties to Docker file, and put in place. -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ - -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ - -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ - -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ - -e 's/${DUSER}/'${DUSER}'/g' \ - Dockerfile.core >../aaf_DBUILD/Dockerfile -cd .. - -echo "### Building Core" -# Don't need "Hello" App in core -mv aaf_DBUILD/lib/aaf-auth-hello-${JAR_VERSION}* /tmp -$DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_DBUILD -$DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION} -$DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:latest -rm aaf_DBUILD/Dockerfile -mv /tmp/aaf-auth-hello-${JAR_VERSION}* aaf_DBUILD/lib - -######## -# Fourth, do Hello -# Apply currrent Properties to Docker file, and put in place. -echo "### Building Hello" -cd - -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ - -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ - -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ - -e 's/${DUSER}/'${DUSER}'/g' \ - Dockerfile.hello >../aaf_DBUILD/Dockerfile -cd .. - -cp -Rf sample/etc aaf_DBUILD -cp -Rf sample/logs aaf_DBUILD - -for C in cass certman cmd deforg fs gui locate oauth service; do - rm aaf_DBUILD/lib/aaf-auth-$C-* -done +if [[ -z "$1" || "$1" = "core" ]]; then + ######## + # Fourth, build a core Docker Image to be used for all AAF Components + # Apply currrent Properties to Docker file, and put in place. + sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ + -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ + -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ + Dockerfile.core >../aaf_DBUILD/Dockerfile + if [ -n "$DUSER" ]; then + echo "USER $DUSER" >> ../aaf_DBUILD/Dockerfile + fi + cd .. + + $DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_DBUILD + $DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION} + $DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:latest + rm aaf_DBUILD/Dockerfile + + cd - +fi -$DOCKER build -t ${ORG}/${PROJECT}/aaf_hello:${VERSION} aaf_DBUILD -$DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:${VERSION} -$DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:latest +if [[ -z "$1" || "$1" = "hello" ]]; then + ######## + # Fifth, do Hello + # Apply currrent Properties to Docker file, and put in place. + echo "### Building Hello" + cp ../sample/bin/client.sh ../aaf_DBUILD/bin + cp ../sample/hello/init.sh ../aaf_DBUILD/bin/hello_init.sh + SCP ../../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar ../aaf_DBUILD/bin + + sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \ + -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ + Dockerfile.hello >../aaf_DBUILD/Dockerfile + #if [ -n "$DUSER" ]; then + # echo "USER $DUSER" >> ../aaf_DBUILD/Dockerfile + #fi + + cd .. + cp -Rf sample/etc aaf_DBUILD + cp -Rf sample/logs aaf_DBUILD + cp -Rf sample/cert aaf_DBUILD + + for C in cass certman cmd deforg fs gui locate oauth service; do + rm aaf_DBUILD/lib/aaf-auth-$C-* + done + $DOCKER build -t ${ORG}/${PROJECT}/aaf_hello:${VERSION} aaf_DBUILD + if [ -n ${DOCKER_REPOSITORY} ]; then + $DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:${VERSION} + $DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:latest + fi + cd - +fi # Final cleanup -rm -Rf aaf_DBUILD +rm -Rf ../aaf_DBUILD -cd - diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh index f27cc4ec..867f4c69 100644 --- a/auth/docker/dclean.sh +++ b/auth/docker/dclean.sh @@ -22,6 +22,10 @@ . ./d.props DOCKER=${DOCKER:=docker} +if [ "$1" == "all" ]; then + AAF_COMPONENTS=cass + shift +fi if [ "$1" == "" ]; then AAF_COMPONENTS="$(cat components) config core agent base " else diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 57a61676..86fe5984 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -34,6 +34,14 @@ else AAF_COMPONENTS="$@" fi +# All the NORMAL services use common directory +# remove this for Hello, which we want non shared +CONFIG="-v aaf_config:$CONF_ROOT_DIR" +if [ -n "${DUSER}" ]; then + THE_USER="--user $DUSER" +fi +IMAGE="${PREFIX}${ORG}/${PROJECT}/aaf_core:${VERSION}" + for AAF_COMPONENT in ${AAF_COMPONENTS}; do LINKS="" CMD_LINE="" @@ -75,17 +83,40 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs" ;; "hello") - PUBLISH="--publish 8130:8130" LINKS="--link aaf-service --link aaf-locate --link aaf-oauth --link aaf-cm" - CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate && exec bin/hello" + CONFIG="-v aaf_hello_config:/opt/app/osaaf/local" + + # Since Helm based element have init-containers, take the same approach here. + if [ -z "$(docker volume ls | grep aaf_hello_config)" ]; then + echo Init Hello Config Container + + echo -n "Creating Volume: " + $DOCKER volume create -d local aaf_hello_config + + $DOCKER run --rm --name aaf_hello_config ${LINKS} \ + $CONFIG \ + --env AAF_FQDN=$HOSTNAME \ + --env DEPLOY_FQI=deployer@people.osaaf.org \ + --env DEPLOY_PASSWORD=demo123456! \ + --env APP_FQI=aaf@aaf.osaaf.org \ + --env APP_FQDN=aaf-hello \ + --env LATITUDE=$LATITUDE \ + --env LONGITUDE=$LONGITUDE \ + --env aaf_locator_container_ns=onap \ + --env aaf_locator_container=docker \ + $LINKS \ + "${PREFIX}${ORG}/${PROJECT}/aaf_agent:${VERSION}" \ + bash -c "bash /opt/app/aaf_config/bin/agent.sh && chown -R ${DUSER}:${DUSER} /opt/app/osaaf/local" + fi + + PUBLISH="--publish 8130:8130" + #CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate aaf-cm && sleep 240" + CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate aaf-cm && exec bin/hello" + IMAGE="${PREFIX}${ORG}/${PROJECT}/aaf_hello:${VERSION}" ;; esac echo Starting aaf-$AAF_COMPONENT... - if [ -n "${DUSER}" ]; then - THE_USER="--user $DUSER" - fi - $DOCKER run \ -d \ @@ -104,9 +135,10 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do --env CASSANDRA_USER=${CASSANDRA_USER} \ --env CASSANDRA_PASSWORD=${CASSANDRA_PASSWORD} \ --env CASSANDRA_PORT=${CASSANDRA_PORT} \ - $PUBLISH \ - -v "aaf_config:$CONF_ROOT_DIR" \ -v "aaf_status:/opt/app/aaf/status" \ - ${PREFIX}${ORG}/${PROJECT}/aaf_core:${VERSION} \ + $PUBLISH \ + $CONFIG \ + $IMAGE \ /bin/bash -c "$CMD_LINE" + done diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh index fce79226..6549f3cf 100644 --- a/auth/docker/dstop.sh +++ b/auth/docker/dstop.sh @@ -22,7 +22,11 @@ . ./d.props DOCKER=${DOCKER:=docker} -if [ "$1" == "" ]; then +if [ "$1" = "all" ]; then + AAF_COMPONENTS="cass" + shift +fi +if [ -z "$1" ]; then for C in $(cat components); do AAF_COMPONENTS="$C $AAF_COMPONENTS" done @@ -33,3 +37,4 @@ fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do $DOCKER stop aaf-$AAF_COMPONENT done + diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml index a79f39ed..37127c73 100644 --- a/auth/helm/aaf-hello/templates/aaf-hello.yaml +++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml @@ -56,23 +56,11 @@ spec: persistentVolumeClaim: claimName: aaf-hello-pvc initContainers: - - command: - - /bin/sh - - -c - - | - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: busybox:1.28 - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: init-sysctl - volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-hello-vol - name: aaf-hello-config image: "{{ .Values.image.repository }}{{ .Values.service.agentImage }}" imagePullPolicy: IfNotPresent volumeMounts: - - mountPath: "/opt/app/osaaf" + - mountPath: "/opt/app/osaaf/local" name: aaf-hello-vol command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] env: @@ -106,7 +94,7 @@ spec: imagePullPolicy: IfNotPresent command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] volumeMounts: - - mountPath: "/opt/app/osaaf" + - mountPath: "/opt/app/osaaf/local" name: aaf-hello-vol ports: - name: aaf-hello diff --git a/auth/helm/aaf/aaf.sh b/auth/helm/aaf/aaf.sh index 2b94c2ff..51a81da5 100644 --- a/auth/helm/aaf/aaf.sh +++ b/auth/helm/aaf/aaf.sh @@ -1,5 +1,5 @@ -. ../../docker/aaf.props -IMAGE=onap/aaf/aaf_config:$VERSION +. ../../docker/d.props +IMAGE=$DOCKER_REPOSITORY/onap/aaf/aaf_config:$VERSION kubectl -n onap run -it --rm aaf-config-$USER --image=$IMAGE --overrides=' { diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml index f4772d67..da1134ac 100644 --- a/auth/helm/aaf/templates/aaf-service.yaml +++ b/auth/helm/aaf/templates/aaf-service.yaml @@ -77,7 +77,7 @@ spec: - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent - command: ["bash","/opt/app/aaf_config/bin/agent.sh"] + command: ["bash","-c","/opt/app/aaf_config/bin/agent.sh"] volumeMounts: - mountPath: "/opt/app/osaaf" name: aaf-config-vol diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index 4132e6ca..97a1262f 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -55,12 +55,13 @@ function sso_encrypt() { $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile } -# Setup Bash, first time only -if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then - echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" >>$HOME/.bashrc +# Setup Bash, first time only, Agent only +if [ -n "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then + echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" > $HOME/.bashrc chmod a+x $CONFIG_BIN/agent.sh . $HOME/.bashrc fi + if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then mkdir -p $DOT_AAF base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks @@ -133,13 +134,22 @@ if [ "${VERSION}" != "$(cat ${LOCAL}/VERSION 2> /dev/null)" ]; then echo "Clean up directory ${LOCAL}" rm -Rf ${LOCAL}/* fi + +# update client info echo "${VERSION}" > $LOCAL/VERSION +cp $AGENT_JAR $LOCAL +echo "#!/bin/bash" > $LOCAL/agent + echo 'java -jar aaf-cadi-aaf-*-full.jar $*' >> $LOCAL/agent +echo "#!/bin/bash" > $LOCAL/cadi + echo 'java -jar aaf-cadi-aaf-*-full.jar cadi $*' >> $LOCAL/cadi +chmod 755 $LOCAL/agent $LOCAL/cadi echo "Namespace is ${NS}" # Only initialize once, automatically... -if [ ! -e $LOCAL/${NS}.props ]; then +if [ -n $LOCAL/${NS}.props ]; then echo "#### Create Configuration files " - $JAVA_AGENT config $APP_FQI $APP_FQDN + > $LOCAL/$NS + $JAVA_AGENT config $APP_FQI $APP_FQDN --nopasswd cat $LOCAL/$NS.props echo @@ -153,7 +163,7 @@ if [ ! -e $LOCAL/${NS}.props ]; then $JAVA_AGENT place $APP_FQI $APP_FQDN if [ -z "$(grep cadi_alias $NS.cred.props)" ]; then - echo "FAILED to get Certificate" + echo "FAILED to get Certificate" INITIALIZED="false" else echo "Obtained Certificates" @@ -284,7 +294,7 @@ else ;; testConnectivity|testconnectivity) echo "--- Test Connectivity ---" - $JAVA -cp $CONFIG_BIN/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/org.osaaf.aaf.props + $JAVA -cp $AGENT_JAR org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/org.osaaf.aaf.props ;; --help | -?) case "$1" in @@ -320,7 +330,7 @@ else ### Possible Dublin # sample) # echo "--- run Sample Servlet App ---" - # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG_BIN/aaf-auth-cmd-*-full.jar:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props + # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $AGENT_JAR:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props # ;; *) $JAVA_AGENT "$CMD" "$@" diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index 10a3e15e..2fd49cac 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -193,6 +193,10 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then fi echo "Created AAF Initial Configurations" INITIALIZED="true" + if [ -n ${DUSER} ]; then + mkdir -p /opt/app/osaaf/logs + chown -R 1000:1000 /opt/app/aaf /opt/app/osaaf + fi fi diff --git a/cadi/aaf/src/assemble/cadi-aaf.xml b/cadi/aaf/src/assemble/cadi-aaf.xml index 63741ffa..64bc8eec 100644 --- a/cadi/aaf/src/assemble/cadi-aaf.xml +++ b/cadi/aaf/src/assemble/cadi-aaf.xml @@ -12,16 +12,6 @@ true compile - - org.onap.aaf.authz:aaf-auth-client - org.onap.aaf.authz:aaf-cadi-aaf - org.onap.aaf.authz:aaf-cadi-core - org.onap.aaf.authz:aaf-cadi-client - org.onap.aaf.authz:aaf-misc-env - org.onap.aaf.authz:aaf-misc-rosetta - javax.xml.bind:jaxb-api - org.glassfish.jaxb:jaxb-runtime - diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java index f6808a90..db606a50 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java @@ -190,11 +190,16 @@ public class Agent { } if(access==null) { + boolean createOutsideForLoop = false; for(Entry es : System.getProperties().entrySet()) { if(Config.CADI_PROP_FILES.equals(es.getKey())) { - access = new PropAccess(); + createOutsideForLoop = true; + break; } } + if(createOutsideForLoop) { + access = new PropAccess(); + } } // When using Config file, check if Cred Exists, and if not, work with Deployer. @@ -762,7 +767,12 @@ public class Agent { machine = fqdns[1]; } else { key = machine; - fqdns = machines(cmds); + if(cmds.size()>0) { + fqdns = machines(cmds); + } else { + // make sure machine is also in SANS + fqdns = new String[] {machine}; + } } TimeTaken tt = transitiveInfo.start("Place Artifact", Env.REMOTE); -- 2.16.6