summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2019-02-22 01:18:51 -0600
committerInstrumental <jonathan.gathman@att.com>2019-02-22 01:24:27 -0600
commitf54a4aad8cdff00f2bbac984b1e98fb1add038be (patch)
tree2cfb8efaaf083441e67369b0461c9cf2956aff52
parent8da0163b75076832417ee9b255f63b4c789e3c12 (diff)
Refine Local Agent.sh use
Issue-ID: AAF-770 Change-Id: Ic6593bde1e16db35cf538cb1d2caa152016f3a82 Signed-off-by: Instrumental <jonathan.gathman@att.com>
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java48
-rw-r--r--auth/auth-cass/cass_init/config.dat9
-rw-r--r--auth/auth-cass/docker/Dockerfile.cass2
-rw-r--r--auth/docker/Dockerfile.base2
-rw-r--r--auth/docker/agent.sh11
-rw-r--r--auth/sample/cass_data/config.dat20
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java38
-rw-r--r--docs/sections/configuration/AAF_4.1_config.rst80
8 files changed, 112 insertions, 98 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
index 189857c9..bf73c1da 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
@@ -200,30 +200,34 @@
if(!identity.isPerson()) {
identity = identity.responsibleTo();
}
- for(int i=1;i<nb.escalation();++i) {
- if(identity != null) {
- if(i==1) {
- toList.add(identity.email());
- } else {
- identity=identity.responsibleTo();
- ccList.add(identity.email());
+ if(identity==null) {
+ trans.warn().printf("Responsible Identity %s is invalid for this Organization. Skipping notification.",id);
+ } else {
+ for(int i=1;i<nb.escalation();++i) {
+ if(identity != null) {
+ if(i==1) {
+ toList.add(identity.email());
+ } else {
+ identity=identity.responsibleTo();
+ ccList.add(identity.email());
+ }
}
}
- }
-
- StringBuilder content = new StringBuilder();
- content.append(String.format(header,version,Identity.mixedCase(identity.firstName())));
-
- nb.body(noAvg, content, indent, notify, id);
- content.append(footer);
-
- if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) {
- nb.inc();
- } else {
- trans.error().log("Mailer failed to send Mail");
- }
- if(maxEmails>0 && nb.count()>=maxEmails) {
- break ONE_EMAIL;
+
+ StringBuilder content = new StringBuilder();
+ content.append(String.format(header,version,Identity.mixedCase(identity.firstName())));
+
+ nb.body(noAvg, content, indent, notify, id);
+ content.append(footer);
+
+ if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) {
+ nb.inc();
+ } else {
+ trans.error().log("Mailer failed to send Mail");
+ }
+ if(maxEmails>0 && nb.count()>=maxEmails) {
+ break ONE_EMAIL;
+ }
}
}
} catch (OrganizationException e) {
diff --git a/auth/auth-cass/cass_init/config.dat b/auth/auth-cass/cass_init/config.dat
deleted file mode 100644
index 0e705b92..00000000
--- a/auth/auth-cass/cass_init/config.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-aaf|aaf_env|DEV
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
-aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
-aaf|cadi_protocols|TLSv1.1,TLSv1.2
-aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
-aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
-aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass
index aa6a9efb..f842a962 100644
--- a/auth/auth-cass/docker/Dockerfile.cass
+++ b/auth/auth-cass/docker/Dockerfile.cass
@@ -17,7 +17,9 @@
# limitations under the License.
# ============LICENSE_END====================================================
#
+# public, multi-platform base image
FROM nexus3.onap.org:10001/cassandra:3.11
+# FROM cassandra:3.11
MAINTAINER AAF Team, AT&T 2018
ENV VERSION=${AAF_VERSION}
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index af29b951..69627945 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -17,7 +17,9 @@
# limitations under the License.
# ============LICENSE_END====================================================
#
+# Use Public Image
FROM nexus3.onap.org:10001/openjdk:8-jre-alpine
+#FROM openjdk:8-jre-alpine
MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index 7e7d08c0..4be485b8 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -127,13 +127,13 @@ function run_it() {
function sso {
if [ -n "$2" ]; then
- echo "$1=$2" >> ~/.aaf/sso.props
+ echo "$1=$2" >> $HOME/.aaf/sso.props
fi
}
function reset_sso {
mkdir -p ~/.aaf
- > ~/.aaf/sso.props
+ > $HOME/.aaf/sso.props
sso aaf_locate_url "https://$AAF_FQDN:8095"
sso cadi_latitude "$LATITUDE"
sso cadi_longitude "$LONGITUDE"
@@ -160,9 +160,9 @@ case "$1" in
shift
reset_sso
if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then
- java -Dcadi_prop_files="~\/.aaf\/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@
+ java -Dcadi_prop_files="$HOME/.aaf/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@
else
- echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)"
+ echo "For local use, you need to have 'aaf-auth-cmd-$VERSION*-full.jar' (or newer)"
fi
;;
local)
@@ -186,8 +186,7 @@ case "$1" in
sso aaf_id "$DEPLOY_FQI"
sso aaf_password "$DEPLOY_PASSWORD"
if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then
- mkdir -p $APP_FQDN
- java -Dcadi_prop_files="~\/.aaf\/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD
+ java -Dcadi_prop_files="$HOME/.aaf/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD
else
echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)"
fi
diff --git a/auth/sample/cass_data/config.dat b/auth/sample/cass_data/config.dat
index 46e57b40..606d23d4 100644
--- a/auth/sample/cass_data/config.dat
+++ b/auth/sample/cass_data/config.dat
@@ -1,11 +1,9 @@
-aaf|aaf_auth2_introspect_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.introspect:2.1/introspect
-aaf|aaf_auth2_token_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.token:2.1/token
-aaf|aaf_env|DEV
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
-aaf|aaf_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.service:2.1
-aaf|cadi_protocols|TLSv1.1,TLSv1.2
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-aaf|cm_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.cm:2.1
-aaf|fs_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.fs:2.1
-aaf|gui_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.gui:2.1
+aaf|aaf_env|DEV
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+aaf|cm_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1
+aaf|gui_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index 461ef43c..bbc3086a 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -93,20 +93,10 @@ public class PropAccess implements Access {
int eq;
for (String arg : args) {
if ((eq=arg.indexOf('='))>0) {
- String key = arg.substring(0, eq);
- if(Config.CADI_PROP_FILES.equals(key)) {
- nprops.setProperty(key,arg.substring(eq+1));
- }
+ nprops.setProperty(arg.substring(0, eq),arg.substring(eq+1));
}
}
init(nprops);
-
- // Re-overlay Args
- for (String arg : args) {
- if ((eq=arg.indexOf('='))>0) {
- props.setProperty(arg.substring(0, eq),arg.substring(eq+1));
- }
- }
}
protected void init(Properties p) {
@@ -115,16 +105,15 @@ public class PropAccess implements Access {
level=DEFAULT.maskOf();
props = new Properties();
-
- // Find the "cadi_prop_files"
- // First in VM Args
+ // First, load related System Properties
for (Entry<Object,Object> es : System.getProperties().entrySet()) {
String key = es.getKey().toString();
- if(Config.CADI_PROP_FILES.equals(key)) {
- props.put(key,es.getValue().toString());
- }
+ for (String start : new String[] {"cadi_","aaf_","cm_"}) {
+ if (key.startsWith(start)) {
+ props.put(key, es.getValue());
+ }
+ }
}
-
// Second, overlay or fill in with Passed in Props
if (p!=null) {
props.putAll(p);
@@ -133,16 +122,6 @@ public class PropAccess implements Access {
// Third, load any Chained Property Files
load(props.getProperty(Config.CADI_PROP_FILES));
- // Fourth, System.getProperties takes precedence over Files
- for (Entry<Object,Object> es : System.getProperties().entrySet()) {
- String key = es.getKey().toString();
- for (String start : new String[] {"HOSTNAME","cadi_","aaf_","cm_"}) {
- if (key.startsWith(start)) {
- props.put(key, es.getValue());
- }
- }
- }
-
String sLevel = props.getProperty(Config.CADI_LOGLEVEL);
if (sLevel!=null) {
level=Level.valueOf(sLevel).maskOf();
@@ -162,7 +141,8 @@ public class PropAccess implements Access {
specialConversions();
}
-
+
+
private void specialConversions() {
// Critical - if no Security Protocols set, then set it. We'll just get messed up if not
if (props.get(Config.CADI_PROTOCOLS)==null) {
diff --git a/docs/sections/configuration/AAF_4.1_config.rst b/docs/sections/configuration/AAF_4.1_config.rst
index 6bb48749..bac03317 100644
--- a/docs/sections/configuration/AAF_4.1_config.rst
+++ b/docs/sections/configuration/AAF_4.1_config.rst
@@ -8,9 +8,9 @@ Automated Configuration and Certificates
*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.*
---------
-Strategy
---------
+=================
+Optimal Strategy
+=================
ONAP is deployed in Docker Containers or Kubernetes managed Docker Containers. Therefore, this instruction utilizes a Docker Container as a standalone Utility... (This means that this container will stop as soon as it is done with its work... it is not a long running daemon)
@@ -18,16 +18,38 @@ Given that all ONAP entities are also in Docker Containers, they all can access
This tool creates all the Configurations, including Certificates, onto a declared Volume on the directories starting with "/opt/app/osaaf"
-------------------
+==================
Prerequisites
-------------------
- * Docker
- * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
- | but it DOES have be accessible to the AAF Instance.
- * For ONAP, this means
-
- * Windriver VPN
- * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+==================
+ * Access to a RUNNING AAF System
+
+ * For ONAP TEST, this means
+
+ * Windriver VPN
+ * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+ * For Writing to Volumes for Docker or K8s
+
+ * Docker
+
+ * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
+
+ * but it DOES have be accessible to the AAF Instance.
+
+ * For creating Configurations on Local Disk
+
+ * For Development purposes
+ * For running AAF on Bare Metal (or VM)
+ * A Truststore that includes your CA
+
+ * for ONAP TEST, you can obtain truststoreONAPall.jks from the `AAF FileServer`_.
+
+ * (You can also get the ONAP TEST Root CA there)
+
+ * the latest aaf-auth-cmd-<VERSION>-full.jar from `ONAP Nexus`_.
+ * you can still use the same "agent.sh" script below
+
+.. _AAF FileServer: http://aaf-onap-test.osaaf.org/-
+.. _ONAP Nexus: https://nexus.onap.org/#nexus-search;quick~aaf-auth-cmd
-----------------------
Obtain the Agent Script
@@ -43,10 +65,12 @@ If you don't want to clone all of AAF, just get the "agent.sh" from a Browser:
Note: curl/wget returns an html, instead of text. This cannot be used!
| You have to mv, and rename it to "agent.sh", but avoids full clone...
--------------------------
+=============
Run Script
--------------------------
-
+=============
+----------------
+For Docker/K8s
+----------------
In your chosen directory ::
$ bash agent.sh
@@ -55,9 +79,20 @@ The Agent will look for "aaf.props", and if it doesn't exist, or is missing info
This file is available to reuse for multiple calls. More importantly, you should use it as a template for auto-configuration. (In ONAP, these are HEAT templates and OOM Helm Charts)
----------------------
+--------------------------
+For Local/BareMetal (VM)
+--------------------------
+In your chosen directory ::
+
+ $ bash agent.sh local <instructions>
+
+The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it.
+
+=======================
'aaf.prop' Properties
----------------------
+=======================
+
+These properties will be created when you run "agent.sh". Many of the values will be defaulted, or allow you to change. It will be placed into an "aaf.props" file for you to save, edit or otherwise modify/utilize.
==================== ================= ============
Query Tag Description
@@ -74,11 +109,14 @@ App's Volume VOLUME Volume to put the data, see above. ex: 'c
DRIVER DRIVER Docker Volume type... See Docker Volume documentation. Default is 'local'
LATITUDE of Node LATITUDE Global latitude coordinate of Node (best guess in Kubernetes)
LONGITUDE of Node LONGITUDE Global longitude coordinate of Node (best guess in Kubernetes)
+HOSTNAME HOSTNAME Defaults to SYSTEM provided "hostname". Use when System doesn't report what is actually needed, such as vanity urls, multi-NIC cards, short names, i.e. htydb77 reported instead of htydb77.some.company.org, etc.
+Docker User DUSER User needed inside the Docker Container. Without, this will be root
+Container NS CONTAINER_NS The Namespace for the container. Provided for Multi-NS support, this would be "onap" for Test OOM, etc.
==================== ================= ============
--------------------------------
+=================================
Typical ONAP Entity Info in AAF
--------------------------------
+=================================
*This is not intended to be a comprehensive list, but a short list of main entities*
============================= =========================== ======================= ==============================================
@@ -115,9 +153,9 @@ If something goes wrong, and Certificate is not created, you can adjust the data
root@77777:/opt/app/osaaf/local# exit
$ bash agent.sh bash
--------------
+===============
Informational
--------------
+===============
There are two sets of Credentials at play here. The ability to create the Certificate belongs to one of