From bb1fc90414831c6aedae01995a6bfb878373f43d Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Thu, 16 Aug 2018 17:16:56 -0500
Subject: [PATCH] Adjust aaf HEAT shs

Issue-ID: AAF-419
Change-Id: Id4fbce7fb25c703a74f93afbbb519b980d5b96dd
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 heat/ONAP/cloud-config/aaf_install.sh           | 489 ++----------------------
 heat/ONAP/cloud-config/aaf_vm_init.sh           | 117 ++++--
 heat/ONAP/cloud-config/sample_ca/.gitignore     |   1 +
 heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 | Bin 0 -> 2850 bytes
 4 files changed, 125 insertions(+), 482 deletions(-)
 create mode 100644 heat/ONAP/cloud-config/sample_ca/.gitignore
 create mode 100644 heat/ONAP/cloud-config/sample_ca/aaf.signer.p12

diff --git a/heat/ONAP/cloud-config/aaf_install.sh b/heat/ONAP/cloud-config/aaf_install.sh
index 61f23daa..c2389d03 100644
--- a/heat/ONAP/cloud-config/aaf_install.sh
+++ b/heat/ONAP/cloud-config/aaf_install.sh
@@ -1,453 +1,46 @@
 #!/bin/bash
-
-# Read configuration files
-GERRIT_BRANCH=$(cat /opt/config/gerrit_branch.txt)
-CODE_REPO=$(cat /opt/config/remote_repo.txt)
-HTTP_PROXY=$(cat /opt/config/http_proxy.txt)
-HTTPS_PROXY=$(cat /opt/config/https_proxy.txt)
-
-if [ $HTTP_PROXY != "no_proxy" ]
-then
-    export http_proxy=$HTTP_PROXY
-    export https_proxy=$HTTPS_PROXY
+ 
+CURRENT_DIR=$(pwd)
+export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
+ 
+NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
+NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
+NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
+HOSTNAME=`hostname -f`
+FQDN=aaf.api.simpledemo.onap.org
+HOST_IP=$(cat /opt/config/local_ip.txt)
+ 
+echo "$NEXUS_PASSWD" | docker login -u $NEXUS_USERNAME --password-stdin $NEXUS_DOCKER_REPO
+
+if [ -e "/opt/authz" ]; then
+  cd /opt/authz
+  git pull
+else
+  cd /opt
+  git clone https://gerrit.onap.org/r/aaf/authz
+  cd authz
 fi
 
-
-# Download dependencies
-echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >>  /etc/apt/sources.list.d/java.list
-echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >>  /etc/apt/sources.list.d/java.list
-apt-get update
-apt-get install --allow-unauthenticated -y openjdk-8-jdk maven
-
-# Clone Gerrit repository and run docker containers
-cd /opt
-git clone -b $GERRIT_BRANCH --single-branch $CODE_REPO
-chmod +x /opt/authz/auth/auth-cass/docker/dinstall.sh
-chmod +x /opt/authz/auth/auth-cass/docker/backup/backup.sh
-chmod +x /opt/authz/auth/docker/dbuild.sh
-chmod +x /opt/authz/auth/docker/drun.sh
-chmod +x /opt/authz/auth/docker/dstart.sh
-chmod +x /opt/authz/auth/docker/dstop.sh
-
-#Update maven settings
-cat > /usr/share/maven/conf/settings.xml << EOF
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<!--
- | This is the configuration file for Maven. It can be specified at two levels:
- |
- |  1. User Level. This settings.xml file provides configuration for a single user,
-|                 and is normally provided in \${user.home}/.m2/settings.xml.
- |
- |                 NOTE: This location can be overridden with the CLI option:
- |
- |                 -s /path/to/user/settings.xml
- |
- |  2. Global Level. This settings.xml file provides configuration for all Maven
- |                 users on a machine (assuming they're all using the same Maven
- |                 installation). It's normally provided in
-|                 \${maven.home}/conf/settings.xml.
- |
- |                 NOTE: This location can be overridden with the CLI option:
- |
- |                 -gs /path/to/global/settings.xml
- |
- | The sections in this sample file are intended to give you a running start at
- | getting the most out of your Maven installation. Where appropriate, the default
- | values (values used when the setting is not specified) are provided.
- |
- |-->
-<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
-  <!-- localRepository
-   | The path to the local repository maven will use to store artifacts.
-   |
-| Default: \${user.home}/.m2/repository
-  <localRepository>/path/to/local/repo</localRepository>
-  -->
-
-  <!-- interactiveMode
-   | This will determine whether maven prompts you when it needs input. If set to false,
-   | maven will use a sensible default value, perhaps based on some other setting, for
-   | the parameter in question.
-   |
-   | Default: true
-  <interactiveMode>true</interactiveMode>
-  -->
-
-  <!-- offline
-   | Determines whether maven should attempt to connect to the network when executing a build.
-   | This will have an effect on artifact downloads, artifact deployment, and others.
-   |
-   | Default: false
-  <offline>false</offline>
-  -->
-
-  <!-- pluginGroups
-   | This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
-   | when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
-   | "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
-   |-->
-  <pluginGroups>
-    <!-- pluginGroup
-     | Specifies a further group identifier to use for plugin lookup.
-    <pluginGroup>com.your.plugins</pluginGroup>
-    -->
-  </pluginGroups>
-
-EOF
-
-if [[ $(cat /opt/config/https_proxy.txt) != "no_proxy" ]]; then
-  HTTPS_PROXY_HOST=$(cat /opt/config/https_proxy.txt | cut -d ':' -f1)
-  HTTPS_PROXY_PORT=$(cat /opt/config/https_proxy.txt | cut -d ':' -f2)
-
-  cat >> settings.xml << EOF
-  <!-- proxies
-   | This is a list of proxies which can be used on this machine to connect to the network.
-   | Unless otherwise specified (by system property or command-line switch), the first proxy
-   | specification in this list marked as active will be used.
-   |-->
-  <proxies>
-    <proxy>
-      <id>optional</id>
-      <active>true</active>
-      <protocol>http</protocol>
-      <username>proxyuser</username>
-      <password>proxypass</password>
-      <host>$HTTPS_PROXY_HOST</host>
-      <port>$HTTPS_PROXY_PORT</port>
-      <nonProxyHosts>local.net|some.host.com</nonProxyHosts>
-    </proxy>
-    <proxy>
-      <id>optional</id>
-      <active>true</active>
-      <protocol>https</protocol>
-      <username>proxyuser</username>
-      <password>proxypass</password>
-      <host>$HTTPS_PROXY_HOST</host>
-      <port>$HTTPS_PROXY_PORT</port>
-      <nonProxyHosts>local.net|some.host.com</nonProxyHosts>
-    </proxy>
-  </proxies>
-
-EOF
+cd /opt/authz/auth/auth-cass/docker
+if [ "`docker container ls | grep aaf_cass`" = "" ]; then
+   # Cassandra Install
+   echo Phase 1 Cassandra Install
+   /bin/bash ./dinstall.sh
 fi
+ 
+CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
+CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
+ 
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_config:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_core:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_cm:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_fs:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_gui:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_hello:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_locate:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_oauth:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_service:latest
+ 
+cd $CURRENT_DIR
+/bin/bash ./aaf_vm_init.sh 
 
-cat >> settings.xml << EOF
-
-  <!-- servers
-   | This is a list of authentication profiles, keyed by the server-id used within the system.
-   | Authentication profiles can be used whenever maven must make a connection to a remote server.
-   |-->
-  <servers>
-    <!-- server
-     | Specifies the authentication information to use when connecting to a particular server, identified by
-     | a unique name within the system (referred to by the 'id' attribute below).
-     |
-     | NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
-     |       used together.
-     |
-    <server>
-      <id>deploymentRepo</id>
-      <username>repouser</username>
-      <password>repopwd</password>
-    </server>
-    -->
-
-    <!-- Another sample, using keys to authenticate.
-    <server>
-      <id>siteServer</id>
-      <privateKey>/path/to/private/key</privateKey>
-      <passphrase>optional; leave empty if not used.</passphrase>
-    </server>
-    -->
-  </servers>
-
-  <!-- mirrors
-   | This is a list of mirrors to be used in downloading artifacts from remote repositories.
-   |
-   | It works like this: a POM may declare a repository to use in resolving certain artifacts.
-   | However, this repository may have problems with heavy traffic at times, so people have mirrored
-   | it to several places.
-   |
-   | That repository definition will have a unique id, so we can create a mirror reference for that
-   | repository, to be used as an alternate download site. The mirror site will be the preferred
-   | server for that repository.
-   |-->
-
-  <!-- profiles
-   | This is a list of profiles which can be activated in a variety of ways, and which can modify
-   | the build process. Profiles provided in the settings.xml are intended to provide local machine-
-   | specific paths and repository locations which allow the build to work in the local environment.
-   |
-   | For example, if you have an integration testing plugin - like cactus - that needs to know where
-   | your Tomcat instance is installed, you can provide a variable here such that the variable is
-   | dereferenced during the build process to configure the cactus plugin.
-   |
-   | As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
-   | section of this document (settings.xml) - will be discussed later. Another way essentially
-   | relies on the detection of a system property, either matching a particular value for the property,
-   | or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
-   | value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
-   | Finally, the list of active profiles can be specified directly from the command line.
-   |
-   | NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
-   |       repositories, plugin repositories, and free-form properties to be used as configuration
-   |       variables for plugins in the POM.
-   |
-   |-->
-
-
-
-  
-  
-  <profiles>
-      <profile>
-          
-          <id>10_nexus</id>
-          <!--Enable snapshots for the built in central repo to direct -->
-          <!--all requests to nexus via the mirror -->
-          <repositories>
-              <repository>
-                  <id>10_nexus</id>
-                  <url>http://repo.maven.apache.org/maven2/</url>
-                  <releases><enabled>true</enabled></releases>
-                  <snapshots><enabled>true</enabled></snapshots>
-              </repository>
-          </repositories>
-          
-          <pluginRepositories>
-              <pluginRepository>
-                  <id>10_nexus</id>
-                  <url>http://repo.maven.apache.org/maven2/</url>
-                  <releases><enabled>true</enabled></releases>
-                  <snapshots><enabled>true</enabled></snapshots>
-              </pluginRepository>
-          </pluginRepositories>
-          
-      </profile>
-      <profile>
-          <id>20_openecomp-public</id>
-          <repositories>
-              <repository>
-                  <id>20_openecomp-public</id>
-                  <name>20_openecomp-public</name>
-                  <url>https://nexus.onap.org/content/repositories/public/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </repository>
-          </repositories>
-          <pluginRepositories>
-              <pluginRepository>
-                  <id>20_openecomp-public</id>
-                  <name>20_openecomp-public</name>
-                  <url>https://nexus.onap.org/content/repositories/public/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </pluginRepository>
-          </pluginRepositories>
-      </profile>
-      <profile>
-          <id>30_openecomp-staging</id>
-          <repositories>
-              <repository>
-                  <id>30_openecomp-staging</id>
-                  <name>30_openecomp-staging</name>
-                  <url>https://nexus.onap.org/content/repositories/staging/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </repository>
-          </repositories>
-          <pluginRepositories>
-              <pluginRepository>
-                  <id>30_openecomp-staging</id>
-                  <name>30_openecomp-staging</name>
-                  <url>https://nexus.onap.org/content/repositories/staging/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </pluginRepository>
-          </pluginRepositories>
-      </profile>
-      <profile>
-          <id>40_openecomp-release</id>
-          <repositories>
-              <repository>
-                  <id>40_openecomp-release</id>
-                  <name>40_openecomp-release</name>
-                  <url>https://nexus.onap.org/content/repositories/releases/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </repository>
-          </repositories>
-          <pluginRepositories>
-              <pluginRepository>
-                  <id>40_openecomp-release</id>
-                  <name>40_openecomp-release</name>
-                  <url>https://nexus.onap.org/content/repositories/releases/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </pluginRepository>
-          </pluginRepositories>
-      </profile>
-      
-      <profile>
-          <id>50_openecomp-snapshots</id>
-          <repositories>
-              <repository>
-                  <id>50_openecomp-snapshot</id>
-                  <name>50_openecomp-snapshot</name>
-                  <url>https://nexus.onap.org/content/repositories/snapshots/</url>
-                  <releases>
-                      <enabled>false</enabled>
-                  </releases>
-                  <snapshots>
-                      <enabled>true</enabled>
-                  </snapshots>
-              </repository>
-          </repositories>
-          <pluginRepositories>
-              <pluginRepository>
-                  <id>50_openecomp-snapshot</id>
-                  <name>50_openecomp-snapshot</name>
-                  <url>https://nexus.onap.org/content/repositories/snapshots/</url>
-                  <releases>
-                      <enabled>false</enabled>
-                  </releases>
-                  <snapshots>
-                      <enabled>true</enabled>
-                  </snapshots>
-              </pluginRepository>
-          </pluginRepositories>
-      </profile>
-      <profile>
-          <id>60_opendaylight-release</id>
-          <repositories>
-              <repository>
-                  <id>60_opendaylight-mirror</id>
-                  <name>60_opendaylight-mirror</name>
-                  <url>https://nexus.opendaylight.org/content/repositories/public/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </repository>
-          </repositories>
-          <pluginRepositories>
-              <pluginRepository>
-                  <id>60_opendaylight-mirror</id>
-                  <name>60_opendaylight-mirror</name>
-                  <url>https://nexus.opendaylight.org/content/repositories/public/</url>
-                  <releases>
-                      <enabled>true</enabled>
-                      <updatePolicy>daily</updatePolicy>
-                  </releases>
-                  <snapshots>
-                      <enabled>false</enabled>
-                  </snapshots>
-              </pluginRepository>
-          </pluginRepositories>
-      </profile>
-      
-      <profile>
-          <id>70_opendaylight-snapshots</id>
-          <repositories>
-              <repository>
-                  <id>70_opendaylight-snapshot</id>
-                  <name>70_opendaylight-snapshot</name>
-                  <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
-                  <releases>
-                      <enabled>false</enabled>
-                  </releases>
-                  <snapshots>
-                      <enabled>true</enabled>
-                  </snapshots>
-              </repository>
-          </repositories>
-          <pluginRepositories>
-              <pluginRepository>
-                  <id>70_opendaylight-snapshot</id>
-                  <name>70_opendaylight-snapshot</name>
-                  <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
-                  <releases>
-                      <enabled>false</enabled>
-                  </releases>
-                  <snapshots>
-                      <enabled>true</enabled>
-                  </snapshots>
-              </pluginRepository>
-          </pluginRepositories>
-      </profile>
-  </profiles>
-  
-  <activeProfiles>
-      <activeProfile>10_nexus</activeProfile>
-      <activeProfile>20_openecomp-public</activeProfile>
-      <activeProfile>30_openecomp-staging</activeProfile>
-      <activeProfile>40_openecomp-release</activeProfile>
-      <activeProfile>50_openecomp-snapshots</activeProfile>
-      <activeProfile>60_opendaylight-release</activeProfile>
-      <activeProfile>70_opendaylight-snapshots</activeProfile>
-
-  </activeProfiles>
-  
-</settings>
-EOF
-
-cd /opt/authz
-mvn install -Dmaven.test.skip=true
-
-cd /opt
-./aaf_vm_init.sh
diff --git a/heat/ONAP/cloud-config/aaf_vm_init.sh b/heat/ONAP/cloud-config/aaf_vm_init.sh
index a388bf2f..59486e94 100644
--- a/heat/ONAP/cloud-config/aaf_vm_init.sh
+++ b/heat/ONAP/cloud-config/aaf_vm_init.sh
@@ -1,55 +1,104 @@
 #!/bin/bash
 
+CURRENT_DIR=$(pwd)
+
 NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
 NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
-NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
-DOCKER_IMAGE_VERSION=$(cat /opt/config/docker_version.txt)
-HOSTNAME=`hostname`
-FQDN=aaf.api.simpledemo.onap.org
-HOST_IP=$(cat /opt/config/local_ip.txt)
-
-docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWD $NEXUS_DOCKER_REPO
+if [ -e /opt/authz/auth/docker/d.props ]; then
+  NEXUS_DOCKER_REPO=`grep "DOCKER_REPOSITORY=" /opt/authz/auth/docker/d.props`
+else 
+  NEXUS_DOCKER_REPO="DOCKER_REPOSITORY="
+fi
 
-cd /opt/authz
-git pull
+if [ "$NEXUS_DOCKER_REPO" = "DOCKER_REPOSITORY=" ]; then
+  NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
+else
+  NEXUS_DOCKER_REPO=${NEXUS_DOCKER_REPO#DOCKER_REPOSITORY=}
+fi
 
+echo $NEXUS_DOCKER_REPO
+HOSTNAME=`hostname -f`
+FQDN=aaf.api.simpledemo.onap.org
+HOST_IP=$(cat /opt/config/local_ip.txt)
 
 cd /opt/authz/auth/auth-cass/docker
 if [ "`docker container ls | grep aaf_cass`" = "" ]; then
   # Cassandra Install
   echo Phase 1 Cassandra Install
-  ./dinstall.sh
+  bash ./dinstall.sh
 fi
 
+if [ ! -e /opt/authz/auth/docker/d.props ]; then
+  cp /opt/authz/auth/docker/d.props.init /opt/authz/auth/docker/d.props
+fi
+
+VERSION=$(grep VERSION /opt/authz/auth/docker/d.props)
+VERSION=${VERSION#VERSION=}
 CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
 CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
-
-sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY="$NEXUS_DOCKER_REPO"/g" /opt/authz/auth/docker/d.props
-#sed -i "s/VERSION=.*/VERSION="$DOCKER_IMAGE_VERSION"/g" /opt/authz/auth/docker/d.props
-sed -i "s/HOSTNAME=.*/HOSTNAME="$HOSTNAME"/g" /opt/authz/auth/docker/d.props
-sed -i "s/HOST_IP=.*/HOST_IP="$HOST_IP"/g" /opt/authz/auth/docker/d.props
-sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/d.props
-
-if [ ! -e "/opt/app/osaaf/etc" ]; then
-  # Nothing installed, install sample
-  mkdir -p /opt/app/osaaf/logs
-  cd /opt/app/osaaf/logs
-  mkdir fs cm gui hello locate oauth service
-  cd /opt
-  cp -Rf /opt/authz/auth/sample/* /opt/app/osaaf
+if [ ! -e /opt/authz/auth/docker/cass.props ]; then
+  cp /opt/authz/auth/docker/cass.props.init /opt/authz/auth/docker/cass.props
 fi
-# Set Location information
-# Need new Deployment system properties
+
+sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/cass.props
+# TODO Pull from Config Dir
 CADI_LATITUDE=37.781
 CADI_LONGITUDE=-122.261
 
-CADI_TRUST_MASKS="${HOST_IP%\.[0-9]*}\\/24,${CASS_IP%\.[0-9]*}\\/24"
-sed -i "s/cadi_latitude=.*/cadi_latitude="$CADI_LATITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_longitude=.*/cadi_longitude="$CADI_LONGITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_registration_hostname=.*/cadi_registration_hostname="$FQDN"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_trust_masks=.*/cadi_trust_masks="$CADI_TRUST_MASKS"/g" /opt/app/osaaf/local/org.osaaf.location.props
+sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY=$NEXUS_DOCKER_REPO/g" /opt/authz/auth/docker/d.props
+sed -i "s/VERSION=.*/VERSION=$VERSION/g" /opt/authz/auth/docker/d.props
+sed -i "s/HOSTNAME=.*/HOSTNAME=$HOSTNAME/g" /opt/authz/auth/docker/d.props
+sed -i "s/HOST_IP=.*/HOST_IP=$HOST_IP/g" /opt/authz/auth/docker/d.props
+sed -i "s/LATITUDE=.*/LATITUDE=$CADI_LATITUDE/g" /opt/authz/auth/docker/d.props
+sed -i "s/LONGITUDE=.*/LONGITUDE=$CADI_LONGITUDE/g" /opt/authz/auth/docker/d.props
+
+SIGNER_P12="$CURRENT_DIR/sample_ca/aaf.signer.p12"
+AAF_P12="$CURRENT_DIR/sample_ca/aaf.bootstrap.p12"
+P12_PASSWORD="something easy"
+
+if [ ! -e "$AAF_P12" ]; then
+  mkdir -p $CURRENT_DIR/sample_ca
+  cd /opt/authz/conf/CA 
+  /bin/bash bootstrap.sh $SIGNER_P12 "$P12_PASSWORD"
+  if [ ! -e "aaf.bootstrap.p12" ]; then
+	  echo "Certificates NOT created.  Stopping installation"
+	  exit
+  else
+	  mv aaf.bootstrap.p12 $AAF_P12
+  fi
+  cd -
+fi 
+
+if [ -e "$AAF_P12" ]; then
+    sed -i "s/AAF_INITIAL_X509_P12=.*/AAF_INITIAL_X509_P12=${AAF_P12//\//\\/}/g" /opt/authz/auth/docker/d.props
+    sed -i "s/AAF_INITIAL_X509_PASSWORD=.*/AAF_INITIAL_X509_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props
+fi
+
+if [ -e "$SIGNER_P12" ]; then
+    if [ -e "/opt/config/cadi_x509_issuers.txt" ]; then
+	    ISSUERS=$(cat "/opt/config/cadi_x509_issuers.txt")":"
+    fi
+    # Pick the REAL subject off the P12
+    SUBJECT=$(echo "$P12_PASSWORD" | openssl pkcs12 -info -clcerts -in $SIGNER_P12 -nokeys -passin stdin | grep subject)
+    SUBJECT=${SUBJECT//\// }
+    SUBJECT=${SUBJECT/subject= /}
+    # Needs to be reversed, separated by ", "
+    for S in $SUBJECT ; do
+	if [ "$RSUBJECT" = "" ]; then
+	   RSUBJECT=$S
+	else
+	   RSUBJECT="$S, $RSUBJECT"
+        fi
+    done
+    ISSUERS="$ISSUERS$RSUBJECT"
+    sed -i "s/CADI_X509_ISSUERS=.*/CADI_X509_ISSUERS=\"$ISSUERS\"/g" /opt/authz/auth/docker/d.props
+    sed -i "s/AAF_SIGNER_P12=.*/AAF_SIGNER_P12=${SIGNER_P12//\//\\/}/g" /opt/authz/auth/docker/d.props
+    sed -i "s/AAF_SIGNER_PASSWORD=.*/AAF_SIGNER_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props
+fi
 
 cd /opt/authz/auth/docker
-./dbuild.sh
-sleep 5
-./drun.sh
+# Need new Deployment system properties
+bash ./aaf.sh
+
+# run it
+bash ./drun.sh
diff --git a/heat/ONAP/cloud-config/sample_ca/.gitignore b/heat/ONAP/cloud-config/sample_ca/.gitignore
new file mode 100644
index 00000000..5f8bc015
--- /dev/null
+++ b/heat/ONAP/cloud-config/sample_ca/.gitignore
@@ -0,0 +1 @@
+aaf.bootstrap.p12
diff --git a/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12
new file mode 100644
index 0000000000000000000000000000000000000000..8de21238f7167687c8b5aa83622b1fa8a7269f7b
GIT binary patch
literal 2850
zcmY+^cQhOP8VB$oR!YqpwW_GCi5gWacC8vw^2R8tLXAYJRkR`~wW(3FUW8PmO;JVB
z+B*cbwf3I1g6n$kx%a;Jp5J+X&w0Mj@BIG!fH9W@si|nd7|=W&qg2%0s6%Edda42p
zXc&kA4P3;%U<|F<-z&NT3@!8`Qlq8<Tr|bMH&kGLI?%s=V4|V}Uj{O8p+cJ`z_An5
z)C_<Z7+Qu#k8XTaap&k2`gQ|dgf^GwcTne@PCd_rudg%sc6HqIvcmpsGD#9jcihPx
zitlaYQTODgCQe4XA&q?0+xIOAN%*R?TsyG=q96^e70vS|l{+&W*(=03(xHcZ&gERT
z5+p6US0J{1^RaV`%{>MIapN`O22QmCys6eC)x$EHHCUE2Fnf2>hue*o)t4tkfIZ$w
zbSK@hEjx8@b7akG@;K4mRSu2uDcX<PI~&~XjMC5qwOF=(s$z8A_ZGH5n?AN47GWFv
z(X=pKcs{3WStlwyuV)?z<5<##Ol0X)c@l&N?zB%fcocnlG8Oq-QsvuomsTmf@H%L{
zW}Jj|EZMSEA|h%J5}IvHoPLTBzyU3mtbQPIR?cFP<eSuhUCT-wJ$**XZ3PLJr_(Gb
z|CIuz*u49PW`(7ia#hY-S1d{Im3t75%&)FiGV)qnKJn{{iK|}6;?Zg}k0=!`vPZlI
zE1O{s@*$O`*X0??8sd}6Bv-cB#7eX>)8iUhi0WPJjb>>;4YaYC_%rQ6ta?J&2xC8^
z!OCynxBRKX@X~hr>wFWDzreD>&)k{6ieO8$1k<6J9J;CDd=UCzm5gxRQ8&Jah2kP}
z+jiB>($3M1cxv=r!hHX)$anmE*G3_ZLR$_J2F|CD)16xd5z#|)1~WfGRd!BH>eD2y
zJ-^#&F-9hThZV4^;_xjs1fJHx-sC#UJ_2MYyVOBV0^ca;T+bDEL9lj=lw7KP*&73G
zZFVaQ+9lTLs)Ks!N9xt!x+B32p<nN~*zKK}uYSeBO-^1ei%ef76}yadaCOjzX~8WN
z?OVRA?>RY)Te+9V9&u(2^AcVr)tj=@9hsJx8^(QX*Up}goDl(sA_JfKIBGAUycg69
zK6wIRPM!B{^YmqA?a6Jvm_-sZ2UgKQhioypA{<XEL^Y{h1$}>8vA5!GZ$}WSQtBrl
z{-b<5te3*U=-b5G4|(D}v%;bns{myJCqE04Jla;u%T(dT&EN{<z%5h^zLN#x3yAG|
zl?iNxp1{za7`SVS4Q{%(+ZWC^+R-_9M(uV<zduPLWxrhXX>S71*mPcSouKV9o@-51
z(l;X8J~{8!NGeQ8SXPxhbf&YZQuNfaAQlzz<Y7rS>HR31$VP$Fs%_(KWN1m7t&nDQ
z4qJeG-VYX`zN-l;@IV}@JCGRxq3t$N<g_*WkPorW2E;Vd*(s37?A;-IKr**X7FW-k
ziCF4^7+Nm2l4fOY3TfHa<W<u7ORIbSnacfJiumlX^4^Ua3a3dzMu!~1X@mdUeHlsr
zgRxghg@}>%y6gk5ot?!V-(ru{RAQ8C)mGUgxvp^yRv~xn8|UWj1P&~!MA60JZ}z^<
zvkV~ceVsLLBn-{sG*M+34hcK1+UU?=Sa`*upwO~m8+uJoXnBK)+0rQiT6~{IU|YbU
zqk?M03#@2t{~40UrLI&SH=_vRZA)<OXxhAaGne!l$YBt{1ciT4)g7F6bCaJQdU-|m
zRq2V*@jz`XX)s6|2JNDM$J+fdwj<Mv=RW-o`ezNZg2-o%HUR|~jy!T4>!07O&8}~Z
z&kGZAku&FTj1bVlCJ%ftk`Ag}d5bTL(ar4hxMls$Ac_<(^H#@v=wXp}!i6`<AAA_M
zeCa}``dQ5E?I*<ehgy&`Y0QN1)~Y~Xgm*bjnXm}wt47(Z0vo-F3poA%2hIypkw6UX
z!;ARAMcL9_`VXTZD(V6Za1)FHuKu5{G=J#|lP5HFUd59C(iMmScBqfCQ(hYtPYN$S
z{)fl!pEBcoQ`IlzHr?f#4c)JRiVU>Pxj8jpqwp8Erz#hl2OdXKPICoTu&O19QEmGD
zn#oG{2cJXiIhC)We14|8#G~sK#bQ*-;TW1Lg;+a2?ap*v_?UhER-!{RMj6V+B^+UL
zld9HeQ%V@gGo0%E^l={6*mNy1!25C-&-f#4!$v)|^Oz{iqQ2|`M2BfmXyS8naO?b?
zFYh%4)Nj`qEY07uLS7p?#7+CAKv4xGW>wom&EkQd^^1vkRf=yMyMnAAV|nos2_dzS
z;LD?3Ivd3>>VtrfK_hiHP4)YE`9RrlV^M<6Dzj{zAW<q!>ZyiTjkEAcqN<Gp>a5A=
z#HThI?PlU=kyhfbW3*y(eE-|Db2y$<gn2Z@=-SeK6d@3x&)CB5S{s5XN;u0o!j1((
zg@iNL^ak%9R#KTmY*!tU^6k^qxe1yy+;K9u#$GEOHAbiR{eebxx()Xjo8fd0!{5Bd
z)tH_Jkd|P(p~!sZyo?|5ihiVb%U|vx2#ex|OS4+PBvoTBYwg(p@v!{sL4wm`AR9$l
zp@fD43dKLmVuzBM!)jkmj#@hxLa%xC^#$q~;ksL6(Vm>r$OE%}`ev2#m?FbIE!W<;
z411Ht{>0s32PrSKGZISU!}`+N@RMvhmEQGA0xFTKJfO`^)SP#{!Y2FuoOAypPEX7D
zkIpkJsv;<p?ck7;DJgw)PRj=ORF}-|Mrn3_GV~2hl?WpG(iqOC$EEg5*)I36^!<sH
zGO;EyE7HGHI9EEhc9m9&K6{2GTH$^n9)5>EZNRm)>5=)c^2*vCeliiIiyGm3Yln^^
z;6T=u&Xh7gYeE8M`V7E(l*;dE^T%cID%<{5@<YnhZcTJyU1TXflz}_h0e!ymVye!(
z(}Oy~YOy-!1})b$9W6SMMV)$Zht4qCd$o4S#WeVMbn(={A;8%MIX@@e7n3;0*hIJg
z$Sde5O8gDk;~v95YQJV>Pd26ur@EeoXfUxu*MCQ(oL>`D+IJMhiu#a;KnpryT>^Yg
zzeyU&ar+Mpm+o4okpl9<gSKhjwFz*+MCCM(?PS<0IzQ>2oaKrFj`HQ&8@$*~<%zL3
zm==%hn7(E&+&h?eep`KhNl4#O5vIBxesZUQ2|VA16v|hf=d2U_)fMRGo4g!2s*aNL
z++IkW{?vbXOPaM1r`h}7pQX?*L}CBMm#*=Q#-mYSEPKmTc<ylfZI|F+^46=7L$R3{
z?ltIXtDJwIrR;UBh*W#}-@K<%1N%ezVT(VQ58^9JZ%NBMY}3z?Rv@UdOX;HOtqI;D
ztKS<K)l-GIN@m?9)IH5LC2w7NB6nW)=6TpCZ}Iv24_&{)y42!_qS~*6*d;)sa#Yh$
zvkj5kQ#o@Ab%$lVs6&XM#LjFYjg0??xuGq*&j-7iu!Vqw$ZX_Zd2sSny7;_P^-D3e
z_OZ70;fE3V&q48Yc>c$%xjYjIkdIJGe;du4zAirW7Y!IMMa>p&2JzDS(F7o22fo3K
z33baQS8%$mrxnN&(z*7oUU-X;ZQbgLEWhJwR<)m`v<0HZs^as=TNJ%h%xdlYLY`nu
z@KO!gN;!i^a#DpR#8euB0E_%rN5(4<E+8j$46mJaXVb4k@o6Q%lY{)ojX(<c*58jf
zAvXj?0Ztdk74QJy4)6x}0UiOK0K6`4my6lyU-JWi3K#+w1~bypN?)d-zDf%Ka^@SR
i!6yZRMw1&<{X;`_PQ-r%iUS$yPq-=$MjgigqV=C`mqz;l

literal 0
HcmV?d00001

-- 
2.16.6