From: Ubuntu <ra1926@att.com>
Date: Wed, 20 Feb 2019 20:13:42 +0000 (+0000)
Subject: add aafshiro feature config files
X-Git-Tag: 1.5.1~51^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=sdnc%2Foam.git;a=commitdiff_plain;h=52a9e3fd6c17ae3c0faa4d190894e148fcb61598

add aafshiro feature config files

and and update configuration files to support AAF

Change-Id: I2362383091d78981c293fb536a1735e1352ebdc6
Issue-ID: SDNC-485
Signed-off-by: Ubuntu <ra1926@att.com>

Former-commit-id: 3b73876ac29a3fd3391fdcff43236014e518501e
---

diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml
index c26b4361..0a748e3e 100644
--- a/installation/sdnc/pom.xml
+++ b/installation/sdnc/pom.xml
@@ -17,7 +17,8 @@
     <description>Creates SDN Controller Docker container</description>
 
     <properties>
-        <image.name>onap/sdnc-image</image.name>
+        <image.name>onap/sdnc-aaf-image</image.name>
+        <standalone.image.name>onap/sdnc-image</standalone.image.name>
         <sdnc.project.version>${project.version}</sdnc.project.version>
         <sdnc.build.timestamp>${maven.build.timestamp}</sdnc.build.timestamp>
         <sdnc.northbound.version>1.5.1-SNAPSHOT</sdnc.northbound.version>
@@ -84,23 +85,6 @@
                 <artifactId>docker-maven-plugin</artifactId>
                 <version>0.28.0</version>
                 <inherited>false</inherited>
-                <configuration>
-                    <images>
-                        <image>
-                            <name>${image.name}</name>
-                            <build>
-                                <cleanup>try</cleanup>
-                                <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
-                                <dockerFile>Dockerfile</dockerFile>
-                                <tags>
-                                    <tag>${project.docker.latestminortag.version}</tag>
-                                    <tag>${project.docker.latestfulltag.version}</tag>
-                                    <tag>${project.docker.latesttagtimestamp.version}</tag>
-                                </tags>
-                            </build>
-                        </image>
-                    </images>
-                </configuration>
                 <executions>
                     <execution>
                         <id>generate-images</id>
@@ -108,21 +92,100 @@
                         <goals>
                             <goal>build</goal>
                         </goals>
+                        <configuration>
+                           <images>
+                            <image>
+                             <name>${image.name}</name>
+                             <build>
+                              <cleanup>try</cleanup>
+                              <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+                              <dockerFile>Dockerfile</dockerFile>
+                              <tags>
+                                 <tag>${project.docker.latestminortag.version}</tag>
+                                 <tag>${project.docker.latestfulltag.version}</tag>
+                                 <tag>${project.docker.latesttagtimestamp.version}</tag>
+                              </tags>
+                             </build>
+                            </image>
+                           </images>
+                          </configuration>
                     </execution>
-
                     <execution>
-                        <id>push-images</id>
-                        <phase>${docker.push.phase}</phase>
-                        <goals>
-                            <goal>build</goal>
-                            <goal>push</goal>
-                        </goals>
-                    </execution>
+                      <id>push-images</id>
+                      <phase>${docker.push.phase}</phase>
+                      <goals>
+                       <goal>build</goal>
+                       <goal>push</goal>
+                      </goals>
+                       <configuration>
+                        <images>
+                         <image>
+                          <name>${image.name}</name>
+                          <build>
+                           <cleanup>try</cleanup>
+                           <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+                           <dockerFile>Dockerfile</dockerFile>
+                           <tags>
+                              <tag>${project.docker.latestminortag.version}</tag>
+                              <tag>${project.docker.latestfulltag.version}</tag>
+                              <tag>${project.docker.latesttagtimestamp.version}</tag>
+                           </tags>
+                          </build>
+                         </image>
+                        </images>
+                       </configuration>
+                   </execution>
+                   <execution>
+                     <id>generate-standalone-images</id>
+                     <phase>package</phase>
+                     <goals>
+                      <goal>build</goal>
+                     </goals>
+                     <configuration>
+                      <images>
+                       <image>
+                        <name>${standalone.image.name}</name>
+                        <build>
+                         <cleanup>try</cleanup>
+                         <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+                         <dockerFile>standalone.Dockerfile</dockerFile>
+                         <tags>
+                             <tag>${project.docker.latestminortag.version}</tag>
+                             <tag>${project.docker.latestfulltag.version}</tag>
+                             <tag>${project.docker.latesttagtimestamp.version}</tag>
+                         </tags>
+                        </build>
+                       </image>
+                      </images>
+                     </configuration>
+                   </execution>
+                   <execution>
+                     <id>push-standalone-images</id>
+                     <phase>${docker.push.phase}</phase>
+                     <goals>
+                      <goal>build</goal>
+                      <goal>push</goal>
+                     </goals>
+                     <configuration>
+                       <images>
+                        <image>
+                         <name>${standalone.image.name}</name>
+                         <build>
+                          <cleanup>try</cleanup>
+                          <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+                          <dockerFile>standalone.Dockerfile</dockerFile>
+                          <tags>
+                             <tag>${project.docker.latestminortag.version}</tag>
+                             <tag>${project.docker.latestfulltag.version}</tag>
+                             <tag>${project.docker.latesttagtimestamp.version}</tag>
+                          </tags>
+                         </build>
+                        </image>
+                       </images>
+                     </configuration>
+                  </execution>
                 </executions>
             </plugin>
-
-
-
             <plugin>
                 <artifactId>maven-resources-plugin</artifactId>
                 <version>2.6</version>
@@ -140,6 +203,7 @@
                                     <directory>src/main/docker</directory>
                                     <includes>
                                         <include>Dockerfile</include>
+                                        <include>standalone.Dockerfile</include>
                                     </includes>
                                     <filtering>true</filtering>
                                 </resource>
@@ -157,8 +221,8 @@
                             <resources>
                                 <resource>
                                     <directory>src/main/scripts</directory>
-				    <includes>
-					<include>*.py</include>
+                                    <includes>
+                                        <include>*.py</include>
                                         <include>*.sh</include>
                                     </includes>
                                     <filtering>false</filtering>
@@ -179,8 +243,8 @@
                                     <directory>src/main/resources</directory>
                                     <includes>
                                         <include>idmlight.db.mv.db</include>
-                                        <include>AAF_RootCA.cer</include>
                                         <include>truststoreONAPall.jks</include>
+                                        <include>aaa-app-config.xml</include>
                                     </includes>
                                     <filtering>false</filtering>
                                 </resource>
@@ -219,6 +283,8 @@
                                     <directory>../src/main/properties</directory>
                                     <includes>
                                         <include>*.properties</include>
+                                        <include>*.props</include>
+                                        <include>*.csv</include>
                                     </includes>
                                     <filtering>false</filtering>
                                 </resource>
@@ -238,6 +304,8 @@
                                     <directory>../src/main/stores</directory>
                                     <includes>
                                         <include>*.jks</include>
+                                        <include>*.keyfile</include>
+                                        <include>*.p12</include>
                                     </includes>
                                     <filtering>false</filtering>
                                 </resource>
@@ -287,7 +355,6 @@
                 <groupId>org.codehaus.mojo</groupId>
                 <version>1.5.0</version>
                 <executions>
-
                     <execution>
                         <id>change shell permissions</id>
                         <phase>process-sources</phase>
@@ -310,10 +377,7 @@
                     </execution>
                 </executions>
             </plugin>
-
-
         </plugins>
-
     </build>
     <organization>
         <name>ONAP</name>
diff --git a/installation/sdnc/src/main/docker/Dockerfile b/installation/sdnc/src/main/docker/Dockerfile
index d8ab5c39..315d023a 100755
--- a/installation/sdnc/src/main/docker/Dockerfile
+++ b/installation/sdnc/src/main/docker/Dockerfile
@@ -12,18 +12,8 @@ ENV SSL_CERTS_DIR /etc/ssl/certs
 ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
 ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features
 
-
 USER root
 
-
-# imstall ssl and java certificates
-COPY AAF_RootCA.cer $SSL_CERTS_DIR
-COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
-COPY AAF_RootCA.cer $SDNC_STORE_DIR
-COPY truststoreONAPall.jks $SDNC_STORE_DIR
-
-RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts  -deststorepass changeit
-
 # copy onap
 COPY opt /opt
 RUN test -L /opt/sdnc || ln -s /opt/onap/sdnc /opt/sdnc
@@ -39,6 +29,16 @@ RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|"  $ODL_HOME/
 RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-northbound-all|"  $ODL_HOME/etc/org.apache.karaf.features.cfg
 RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-topology/g"  $ODL_HOME/etc/org.apache.karaf.features.cfg
 
+# install AAF configs
+COPY aaa-app-config.xml $ODL_HOME/etc/opendaylight/datastore/initial/config/
+RUN echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+
+# install ssl and java certificates
+COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
+COPY truststoreONAPall.jks $SDNC_STORE_DIR
+
+RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts  -deststorepass changeit
+
 RUN chown -R odl /opt
 USER odl
 
diff --git a/installation/sdnc/src/main/docker/standalone.Dockerfile b/installation/sdnc/src/main/docker/standalone.Dockerfile
new file mode 100755
index 00000000..f271ca01
--- /dev/null
+++ b/installation/sdnc/src/main/docker/standalone.Dockerfile
@@ -0,0 +1,42 @@
+# Base ubuntu with added packages needed for open ecomp
+FROM onap/ccsdk-odlsli-alpine-image:${ccsdk.docker.version}
+
+MAINTAINER SDN-C Team (sdnc@lists.onap.org)
+
+#ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
+ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
+ENV ODL_HOME /opt/opendaylight
+ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
+ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores
+ENV SSL_CERTS_DIR /etc/ssl/certs
+ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
+ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features
+
+USER root
+
+# copy onap
+COPY opt /opt
+RUN test -L /opt/sdnc || ln -s /opt/onap/sdnc /opt/sdnc
+RUN mkdir /opt/opendaylight/current/certs
+
+# copy SDNC mvn artifacts to ODL repository
+COPY system /tmp/system
+RUN rsync -a /tmp/system $ODL_HOME && rm -rf /tmp/system
+
+# Add SDNC repositories to boot repositories
+RUN cp $ODL_HOME/etc/org.apache.karaf.features.cfg $ODL_HOME/etc/org.apache.karaf.features.cfg.orig
+RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|"  $ODL_HOME/etc/org.apache.karaf.features.cfg
+RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-northbound-all|"  $ODL_HOME/etc/org.apache.karaf.features.cfg
+RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-connector-all,odl-netconf-clustered-topology/g"  $ODL_HOME/etc/org.apache.karaf.features.cfg
+
+# install ssl and java certificates
+COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
+COPY truststoreONAPall.jks $SDNC_STORE_DIR
+
+RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts  -deststorepass changeit
+
+RUN chown -R odl /opt
+USER odl
+
+ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh
+EXPOSE 8181
diff --git a/installation/sdnc/src/main/resources/AAF_RootCA.cer b/installation/sdnc/src/main/resources/AAF_RootCA.cer
deleted file mode 100755
index e9a50d7e..00000000
--- a/installation/sdnc/src/main/resources/AAF_RootCA.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/installation/sdnc/src/main/resources/aaa-app-config.xml b/installation/sdnc/src/main/resources/aaa-app-config.xml
new file mode 100644
index 00000000..86e66674
--- /dev/null
+++ b/installation/sdnc/src/main/resources/aaa-app-config.xml
@@ -0,0 +1,320 @@
+<?xml version="1.0" ?>
+<!--
+     Copyright (c) 2017 Inocybe Technologies and others.  All rights reserved.
+
+     This program and the accompanying materials are made available under the
+     terms of the Eclipse Public License v1.0 which accompanies this distribution,
+     and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+
+<!--
+  ///////////////////////////////////////////////////////////////////////////////////////
+  // clustered-app-config instance responsible for AAA configuration.  In the future,  //
+  // this will contain all AAA related configuration.                                  //
+  ///////////////////////////////////////////////////////////////////////////////////////
+-->
+
+<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+
+    <!--
+      ///////////////////////////////////////////////////////////////////////////////////
+      // shiro-configuration is the model based container that contains all shiro      //
+      // related information used in ODL AAA configuration.  It is the sole pain of    //
+      // glass for shiro related configuration, and is how to configure shiro concepts //
+      // such as:                                                                      //
+      // * realms                                                                      //
+      // * urls                                                                        //
+      // * security manager settings                                                   //
+      //                                                                               //
+      // In general, you really shouldn't muck with the settings in this file.  The    //
+      // way an operator should configure AAA shiro settings is through one of ODL's   //
+      // northbound interfaces (i.e., RESTCONF or NETCONF).  These are just the        //
+      // defaults if no values are specified in MD-SAL.  The reason this file is so    //
+      // verbose is for two reasons:                                                   //
+      // 1) to demonstrate payload examples for plausible configuration scenarios      //
+      // 2) to allow bootstrap of the controller (first time start) since otherwise    //
+      //    configuration becomes a chicken and the egg problem.                       //
+      //                                                                               //
+      ///////////////////////////////////////////////////////////////////////////////////
+    -->
+
+    <!--
+      ===================================================================================
+      =                                                                                 =
+      =                                                                                 =
+      =                                      MAIN                                       =
+      =                                                                                 =
+      =                                                                                 =
+      ===================================================================================
+    -->
+
+    <!--
+      ===================================================================================
+      ============================ ODLJndiLdapRealmAuthNOnly ============================
+      ===================================================================================
+      =                                                                                 =
+      = Description:  A Realm implementation aimed at federating with an external LDAP  =
+      =               server for authentication only.  For authorization support, refer =
+      =               to ODLJndiLdapRealm.                                              =
+      ===================================================================================
+    -->
+    <!-- Start ldapRealm commented out
+    <main>
+        <pair-key>ldapRealm</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value>
+    </main>
+    <main>
+        <pair-key>ldapRealm.userDnTemplate</pair-key>
+        <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value>
+    </main>
+    <main>
+        <pair-key>ldapRealm.contextFactory.url</pair-key>
+        <pair-value>ldap://&lt;URL&gt;:389</pair-value>
+    </main>
+    <main>
+        <pair-key>ldapRealm.searchBase</pair-key>
+        <pair-value>dc=DOMAIN,dc=TLD</pair-value>
+    </main>
+    <main>
+        <pair-key>ldapRealm.groupRolesMap</pair-key>
+        <pair-value>&quot;person&quot;:&quot;admin&quot;, &quot;organizationalPerson&quot;:&quot;user&quot;</pair-value>
+    </main>
+    <main>
+        <pair-key>ldapRealm.ldapAttributeForComparison</pair-key>
+        <pair-value>objectClass</pair-value>
+    </main>
+    End ldapRealm commented out-->
+
+    <!--
+      ===================================================================================
+      ============================= ODLActiveDirectoryRealm =============================
+      ===================================================================================
+      =                                                                                 =
+      = Description:  A Realm implementation aimed at federating with an external AD    =
+      =               IDP server.                                                       =
+      ===================================================================================
+    -->
+    <!-- Start adRealm commented out
+    <main>
+        <pair-key>adRealm</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value>
+    </main>
+    <main>
+        <pair-key>adRealm.searchBase</pair-key>
+        <pair-value>&quot;CN=Users,DC=example,DC=com&quot;</pair-value>
+    </main>
+    <main>
+        <pair-key>adRealm.systemUsername</pair-key>
+        <pair-value>aduser@example.com</pair-value>
+    </main>
+    <main>
+        <pair-key>adRealm.systemPassword</pair-key>
+        <pair-value>adpassword</pair-value>
+    </main>
+    <main>
+        <pair-key>adRealm.url</pair-key>
+        <pair-value>ldaps://adserver:636</pair-value>
+    </main>
+    <main>
+        <pair-key>adRealm.groupRolesMap</pair-key>
+        <pair-value>&quot;CN=sysadmin,CN=Users,DC=example,DC=com&quot;:&quot;admin&quot;, &quot;CN=unprivileged,CN=Users,DC=example,DC=com&quot;:&quot;user&quot;</pair-value>
+    </main>
+    End adRealm commented out-->
+
+    <!--
+      ===================================================================================
+      ================================== ODLJdbcRealm ===================================
+      ===================================================================================
+      =                                                                                 =
+      = Description:  A Realm implementation aimed at federating with an external JDBC  =
+      =               DBMS.                                                             =
+      ===================================================================================
+    -->
+    <!-- Start jdbcRealm commented out
+    <main>
+        <pair-key>ds</pair-key>
+        <pair-value>com.mysql.jdbc.Driver</pair-value>
+    </main>
+    <main>
+        <pair-key>ds.serverName</pair-key>
+        <pair-value>localhost</pair-value>
+    </main>
+    <main>
+        <pair-key>ds.user</pair-key>
+        <pair-value>user</pair-value>
+    </main>
+    <main>
+        <pair-key>ds.password</pair-key>
+        <pair-value>password</pair-value>
+    </main>
+    <main>
+        <pair-key>ds.databaseName</pair-key>
+        <pair-value>db_name</pair-value>
+    </main>
+    <main>
+        <pair-key>jdbcRealm</pair-key>
+        <pair-value>ODLJdbcRealm</pair-value>
+    </main>
+    <main>
+        <pair-key>jdbcRealm.dataSource</pair-key>
+        <pair-value>$ds</pair-value>
+    </main>
+    <main>
+        <pair-key>jdbcRealm.authenticationQuery</pair-key>
+        <pair-value>&quot;SELECT password FROM users WHERE user_name = ?&quot;</pair-value>
+    </main>
+    <main>
+        <pair-key>jdbcRealm.userRolesQuery</pair-key>
+        <pair-value>&quot;SELECT role_name FROM user_rolesWHERE user_name = ?&quot;</pair-value>
+    </main>
+    End jdbcRealm commented out-->
+
+    <!--
+      ===================================================================================
+      ================================= TokenAuthRealm ==================================
+      ===================================================================================
+      =                                                                                 =
+      = Description:  A Realm implementation utilizing a per node H2 database store.    =
+      ===================================================================================
+    -->
+    <main>
+        <pair-key>tokenAuthRealm</pair-key>
+	<pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value>
+        <!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
+    </main>
+
+    <!--
+      ===================================================================================
+      =================================== MdsalRealm ====================================
+      ===================================================================================
+      =                                                                                 =
+      = Description:  A Realm implementation utilizing the aaa.yang model.              =
+      ===================================================================================
+    -->
+    <!-- Start mdsalRealm commented out
+    <main>
+        <pair-key>mdsalRealm</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value>
+    </main>
+    End mdsalRealm commented out-->
+
+    <!--
+      ===================================================================================
+      ================================= MoonAuthRealm ===================================
+      ===================================================================================
+      =                                                                                 =
+      = Description:  A Realm implementation aimed at federating with OPNFV Moon.       =
+      ===================================================================================
+    -->
+    <!-- Start moonAuthRealm commented out
+    <main>
+        <pair-key>moonAuthRealm</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value>
+    </main>
+    <main>
+        <pair-key>moonAuthRealm.moonServerURL</pair-key>
+        <pair-value>http://&lt;host&gt;:&lt;port&gt;</pair-value>
+    </main>
+    End moonAuthRealm commented out-->
+
+    <!--
+      ===================================================================================
+      ================================= KeystoneAuthRealm == ============================
+      ===================================================================================
+      =                                                                                 =
+      = Description:  A Realm implementation aimed at federating with an OpenStack      =
+      =               Keystone.                                                         =
+      ===================================================================================
+    -->
+    <!-- Start keystoneAuthRealm commented out
+    <main>
+        <pair-key>keystoneAuthRealm</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value>
+    </main>
+    <main>
+        <pair-key>keystoneAuthRealm.url</pair-key>
+        <pair-value>https://&lt;host&gt;:&lt;port&gt;</pair-value>
+    </main>
+    <main>
+        <pair-key>keystoneAuthRealm.sslVerification</pair-key>
+        <pair-value>true</pair-value>
+    </main>
+    <main>
+        <pair-key>keystoneAuthRealm.defaultDomain</pair-key>
+        <pair-value>Default</pair-value>
+    </main>
+    -->
+
+    <!--
+    Add tokenAuthRealm as the only realm.  To enable mdsalRealm, add it to the list to he right of tokenAuthRealm.
+    -->
+    <main>
+        <pair-key>securityManager.realms</pair-key>
+        <pair-value>$tokenAuthRealm</pair-value>
+    </main>
+    <!-- Used to support OAuth2 use case. -->
+    <main>
+        <pair-key>authcBasic</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
+    </main>
+
+    <!-- Start moonAuthRealm commented out
+    <main>
+        <pair-key>rest</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value>
+    </main>
+    End moonAuthRealm commented out-->
+
+    <!-- in order to track AAA challenge attempts -->
+    <main>
+        <pair-key>accountingListener</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
+    </main>
+    <main>
+        <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
+        <pair-value>$accountingListener</pair-value>
+    </main>
+
+    <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
+    <main>
+        <pair-key>dynamicAuthorization</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+    </main>
+
+
+    <!--
+      ===================================================================================
+      =                                                                                 =
+      =                                                                                 =
+      =                                      URLS                                       =
+      =                                                                                 =
+      =                                                                                 =
+      ===================================================================================
+    -->
+    <!-- Start moonAuthRealm commented out
+    <urls>
+        <pair-key>/token</pair-key>
+        <pair-value>rest</pair-value>
+    </urls>
+    End moonAuthRealm commented out-->
+   <!-- URLS comment out
+    <urls>
+        <pair-key>/operations/cluster-admin**</pair-key>
+        <pair-value>authcBasic, roles[admin]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/v1/**</pair-key>
+        <pair-value>authcBasic, roles[admin]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/config/aaa*/**</pair-key>
+        <pair-value>authcBasic, roles[admin]</pair-value>
+    </urls>
+    End URLS commented out -->
+    <urls>
+        <pair-key>/**</pair-key>
+        <!-- <pair-value>authcBasic</pair-value> -->
+        <pair-value>authcBasic, rest[org.onap.sdnc.odl:odl-api]</pair-value>
+    </urls>
+</shiro-configuration>
+
diff --git a/installation/src/main/properties/bath_config.csv b/installation/src/main/properties/bath_config.csv
new file mode 100644
index 00000000..b6db7784
--- /dev/null
+++ b/installation/src/main/properties/bath_config.csv
@@ -0,0 +1 @@
+Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
diff --git a/installation/src/main/properties/org.onap.sdnc.cred.props b/installation/src/main/properties/org.onap.sdnc.cred.props
new file mode 100644
index 00000000..bf17c8fa
--- /dev/null
+++ b/installation/src/main/properties/org.onap.sdnc.cred.props
@@ -0,0 +1,16 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+#   by root
+#   on 2019-02-15T20:08:10.860+0000
+# @copyright 2016, AT&T
+############################################################
+Challenge=enc:oGjvjifDJqw2I9ipISWLXcNZSimLv-lxGBbQV0MXl8yTlDok71cU9bZZPSXhY6Uo
+cadi_alias=sdnc@sdnc.onap.org
+cadi_key_password=enc:tz_2Pq5zN4PnVC0pUsWUBnzDtqBaZXkdgZB-DlU3gS4PFSjKifMnJxGg5rFZzZNe
+cadi_keyfile=/opt/sdnc/data/stores/org.onap.sdnc.keyfile
+cadi_keystore=/opt/sdnc/data/stores/org.onap.sdnc.p12
+cadi_keystore_password=enc:JetlhxTZNNDxsOvg-ZpBuRBJBFP8LN1UkFkkjT4aiEZExnglL717p-YVl2Lf3wMq
+cadi_keystore_password_p12=enc:JetlhxTZNNDxsOvg-ZpBuRBJBFP8LN1UkFkkjT4aiEZExnglL717p-YVl2Lf3wMq
+cadi_truststore=/opt/sdnc/data/stores/org.onap.sdnc.trust.jks
+cadi_truststore_password=enc:QrEzLSaLryxoB2Z2UXJEbRWxZRAhs2i4BAvKIcNYgbDPZY4gnpJWUhEbIwqnbGEn
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=ATT AAF CADI Issuing CA 01, OU=CSO, O=ATT, C=US:CN=ATT AAF CADI Issuing CA 02, OU=CSO, O=ATT, C=US
diff --git a/installation/src/main/properties/org.onap.sdnc.props b/installation/src/main/properties/org.onap.sdnc.props
new file mode 100644
index 00000000..5b96b907
--- /dev/null
+++ b/installation/src/main/properties/org.onap.sdnc.props
@@ -0,0 +1,15 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+#   by root
+#   on 2019-02-15T20:08:07.125+0000
+# @copyright 2016, AT&T
+############################################################
+aaf_id=sdnc@sdnc.onap.org
+aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
+cadi_etc_dir=/opt/sdnc/data/stores
+cadi_latitude=38.432899
+cadi_longitude=-90.43248
+cadi_prop_files=/opt/sdnc/data/properties/org.onap.sdnc.cred.props
+cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+cadi_bath_convert=/opt/sdnc/data/properties/bath_config.csv
diff --git a/installation/src/main/stores/org.onap.sdnc.keyfile b/installation/src/main/stores/org.onap.sdnc.keyfile
new file mode 100644
index 00000000..2aa22f05
--- /dev/null
+++ b/installation/src/main/stores/org.onap.sdnc.keyfile
@@ -0,0 +1,27 @@
+__xWcKUL9kIQ-CVozfIv2AEmpntzCP8U9jWKxgnMJFHHlp2yPPpyPxYzigQX54HU9rtM4mfB5nob
+TzJw7zNzgmOlBbysPQNNoZwekF2vCR3YAtU_9cAzd9_rp8AS_XhaILCxCk3btgVWp-deoAMdvkdS
+3VYd7DQvSqZbuKOdTsQDJo1xrCEs3nblVoeBPglYrsBcgqEA-m7caibASeDmm8S2AXpelZXCRSQU
+u4xNFGp02GFiezSQTDoH7LWjbwI3j3nuJbSjjtQbNGPZKii6CrYDwrA9MSXXiR4XBWJR4aNj52KH
+QlYZdezYZTjsGuReqnov3SqjPmPhzyYqxmmRGQFrOO_U1ITqeVgnrZdL6mSSljqoqw5GzSrHRk8A
+EL26hEM9pExJdGvJOj9q9z7wjpfz4bJ4xddEnwccbK0mHDv2aW1oTCRZXe7tlhFujstFY5ONaZIi
+IINmYSW8-yy_pq62rndmG-wv4HsiuBocxUZhJPOlPewCar3Jm4Nr4RTyEBXPWIm3bgbzPnOYQuKw
+22K_XkTdbEHWK4_jVV8k_kvxb1Gnf9eelcZOVE5sc7Qm1ulW5E5x21AeM277QtYHubyCQpaLZ-dS
+2ZJHHdS6m11rc-kI_rAs6lq-ZgzR_AfbqTdgTRbt5ydjCPSR5Z7akIYjiNLXhH2rqPAczsPZ19D7
+obI6gd67db0S1GJuCni7AAFWaEmyhwjjqF-UoUGXaBMJG5DDlq14-fkCGvSPI_A8Bs9IrRaIF7Un
+6WDQklz0keTp3g9FL8DWT2YMus35Gy2-5xckotOOSuANT0rLrtH4VDDufB-5IukTbe3g3KALNl96
+DLIthbH_5wsje0LHi5a4DBfYZCJuqL5-dtpcjaozywNbDUPkoGGA3gHsj5ymB0uP1xWGg2HL5L8B
+XIVS1JziY9wJH2eOdTAemoh2QAiJ07HksKIrI0BshmFi3yqMG3WNDaLPT9lqdGIeu4cSGjG9gFk1
+1IdfP0lhIVuNDqXkDdyQ1isw_pDJPTWAh86kS6e5iWu2Nz12vv1Yz0r0D8KAtMFiqtQOWCyDIT9l
+n64p_-1swaeOASoK3xXf4s53EOOOD91iwUf3t2PkAQwPGHrEYcc1pCT6xy0mSOx3pSN10ez0_-Y8
+ANYRCarVOp0IWdIf4ZmIMK76ITbu4iRMKVtYNJH1J8IPsYI75cULyzL1G9q1DFWGWpB25KCPAird
+kJmUoT_pI82tFJt7tCTACsdQ5_5uEoACF9crth2MBE0D_fRb6PhEZrZqW4JpRRSDpZHOEredQY5k
+QV119KaN5GtuKwb45wzxyGR6c6MvIGYQ3-0ni1xGde84lUI8gEtIOhzLE8W54m52BE27UC78G3oq
+WUwIaHxxMDfGKxxRJNgovIyXuyLXPOZaU_hivgNxniLy_PrSihUZ6vM7Mku18_p8pAQtjKryWbpg
+39SY2GeTodUNYznRB94n2ob4yDt85H_zDvyDpcLj91W5vMMaQb8skoA-x_pTxJvrcx-Iq9U-XaNl
+nf4BonnggI9E0YL3GH_-pg-bVlO7rzZ9EGQI1omhRBrinawMKdoVIXD9L4y8pULgZZNSQuI6AAKu
+jwwT3ALe_PUJaPNZNR4ldiAfURAqQtVLUrHMX1O3cptkju3lMiURJO7-Xrr6jwR078IiS5RNKACB
+EAvX8zVON3Ggt101NgFKgdYEy5JaoUvazndLGnoqos3LEMVNm6Ukx1U56AP27Yq-xaqdpnICupiz
+M6LCCAgdksyn84IFexB2y_oxsBppvTNwqGsMQvVTiVkKXGWHcunzVr8eQdwrGWFoU_Qi6XG9V2mO
+i5kIulkzEgjaBsG2VErF8DfTWXUcv2HYk9kRAQQ8ABRbiRwHdVjwPvXIlTLgrKxF_LhmFIBhrI1W
+5BHEKF9FQb6DGI-vNrqFSaVjDSGAT-r5SBZFPkkiO7yg5E4L9LnB4zGc4IbwDAjYuzXooo73FuHs
+EdLz0GTc_4DUDXe0T-OnUzq4mZevZ9KxvgvVSRcPIwvYh26p3IPyeurK_OwDI6KevAo2Lady
\ No newline at end of file
diff --git a/installation/src/main/stores/org.onap.sdnc.p12 b/installation/src/main/stores/org.onap.sdnc.p12
new file mode 100644
index 00000000..d3e4d9d2
Binary files /dev/null and b/installation/src/main/stores/org.onap.sdnc.p12 differ
diff --git a/installation/src/main/stores/org.onap.sdnc.trust.jks b/installation/src/main/stores/org.onap.sdnc.trust.jks
new file mode 100644
index 00000000..fdb8cdf7
Binary files /dev/null and b/installation/src/main/stores/org.onap.sdnc.trust.jks differ
diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml
index 38522518..12ca37bb 100644
--- a/installation/src/main/yaml/docker-compose.yml
+++ b/installation/src/main/yaml/docker-compose.yml
@@ -66,6 +66,8 @@ services:
       options:
         max-size: "30m"
         max-file: "5"
+    extra_hosts:
+        aaf.osaaf.org: 10.12.6.214
 
 
   web: