diff options
author | Instrumental <jonathan.gathman@att.com> | 2019-02-22 01:18:51 -0600 |
---|---|---|
committer | Instrumental <jonathan.gathman@att.com> | 2019-02-22 01:24:27 -0600 |
commit | f54a4aad8cdff00f2bbac984b1e98fb1add038be (patch) | |
tree | 2cfb8efaaf083441e67369b0461c9cf2956aff52 | |
parent | 8da0163b75076832417ee9b255f63b4c789e3c12 (diff) |
Refine Local Agent.sh use
Issue-ID: AAF-770
Change-Id: Ic6593bde1e16db35cf538cb1d2caa152016f3a82
Signed-off-by: Instrumental <jonathan.gathman@att.com>
-rw-r--r-- | auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java | 48 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/config.dat | 9 | ||||
-rw-r--r-- | auth/auth-cass/docker/Dockerfile.cass | 2 | ||||
-rw-r--r-- | auth/docker/Dockerfile.base | 2 | ||||
-rw-r--r-- | auth/docker/agent.sh | 11 | ||||
-rw-r--r-- | auth/sample/cass_data/config.dat | 20 | ||||
-rw-r--r-- | cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java | 38 | ||||
-rw-r--r-- | docs/sections/configuration/AAF_4.1_config.rst | 80 |
8 files changed, 112 insertions, 98 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java index 189857c9..bf73c1da 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java @@ -200,30 +200,34 @@ if(!identity.isPerson()) { identity = identity.responsibleTo(); } - for(int i=1;i<nb.escalation();++i) { - if(identity != null) { - if(i==1) { - toList.add(identity.email()); - } else { - identity=identity.responsibleTo(); - ccList.add(identity.email()); + if(identity==null) { + trans.warn().printf("Responsible Identity %s is invalid for this Organization. Skipping notification.",id); + } else { + for(int i=1;i<nb.escalation();++i) { + if(identity != null) { + if(i==1) { + toList.add(identity.email()); + } else { + identity=identity.responsibleTo(); + ccList.add(identity.email()); + } } } - } - - StringBuilder content = new StringBuilder(); - content.append(String.format(header,version,Identity.mixedCase(identity.firstName()))); - - nb.body(noAvg, content, indent, notify, id); - content.append(footer); - - if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) { - nb.inc(); - } else { - trans.error().log("Mailer failed to send Mail"); - } - if(maxEmails>0 && nb.count()>=maxEmails) { - break ONE_EMAIL; + + StringBuilder content = new StringBuilder(); + content.append(String.format(header,version,Identity.mixedCase(identity.firstName()))); + + nb.body(noAvg, content, indent, notify, id); + content.append(footer); + + if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) { + nb.inc(); + } else { + trans.error().log("Mailer failed to send Mail"); + } + if(maxEmails>0 && nb.count()>=maxEmails) { + break ONE_EMAIL; + } } } } catch (OrganizationException e) { diff --git a/auth/auth-cass/cass_init/config.dat b/auth/auth-cass/cass_init/config.dat deleted file mode 100644 index 0e705b92..00000000 --- a/auth/auth-cass/cass_init/config.dat +++ /dev/null @@ -1,9 +0,0 @@ -aaf|aaf_env|DEV
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
-aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
-aaf|cadi_protocols|TLSv1.1,TLSv1.2
-aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
-aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
-aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass index aa6a9efb..f842a962 100644 --- a/auth/auth-cass/docker/Dockerfile.cass +++ b/auth/auth-cass/docker/Dockerfile.cass @@ -17,7 +17,9 @@ # limitations under the License. # ============LICENSE_END==================================================== # +# public, multi-platform base image FROM nexus3.onap.org:10001/cassandra:3.11 +# FROM cassandra:3.11 MAINTAINER AAF Team, AT&T 2018 ENV VERSION=${AAF_VERSION} diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base index af29b951..69627945 100644 --- a/auth/docker/Dockerfile.base +++ b/auth/docker/Dockerfile.base @@ -17,7 +17,9 @@ # limitations under the License. # ============LICENSE_END==================================================== # +# Use Public Image FROM nexus3.onap.org:10001/openjdk:8-jre-alpine +#FROM openjdk:8-jre-alpine MAINTAINER AAF Team, AT&T 2018 LABEL description="aaf_base" diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index 7e7d08c0..4be485b8 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -127,13 +127,13 @@ function run_it() { function sso { if [ -n "$2" ]; then - echo "$1=$2" >> ~/.aaf/sso.props + echo "$1=$2" >> $HOME/.aaf/sso.props fi } function reset_sso { mkdir -p ~/.aaf - > ~/.aaf/sso.props + > $HOME/.aaf/sso.props sso aaf_locate_url "https://$AAF_FQDN:8095" sso cadi_latitude "$LATITUDE" sso cadi_longitude "$LONGITUDE" @@ -160,9 +160,9 @@ case "$1" in shift reset_sso if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then - java -Dcadi_prop_files="~\/.aaf\/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@ + java -Dcadi_prop_files="$HOME/.aaf/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@ else - echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)" + echo "For local use, you need to have 'aaf-auth-cmd-$VERSION*-full.jar' (or newer)" fi ;; local) @@ -186,8 +186,7 @@ case "$1" in sso aaf_id "$DEPLOY_FQI" sso aaf_password "$DEPLOY_PASSWORD" if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then - mkdir -p $APP_FQDN - java -Dcadi_prop_files="~\/.aaf\/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD + java -Dcadi_prop_files="$HOME/.aaf/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD else echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)" fi diff --git a/auth/sample/cass_data/config.dat b/auth/sample/cass_data/config.dat index 46e57b40..606d23d4 100644 --- a/auth/sample/cass_data/config.dat +++ b/auth/sample/cass_data/config.dat @@ -1,11 +1,9 @@ -aaf|aaf_auth2_introspect_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.introspect:2.1/introspect -aaf|aaf_auth2_token_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.token:2.1/token -aaf|aaf_env|DEV -aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect -aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token -aaf|aaf_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.service:2.1 -aaf|cadi_protocols|TLSv1.1,TLSv1.2 -aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -aaf|cm_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.cm:2.1 -aaf|fs_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.fs:2.1 -aaf|gui_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.gui:2.1 +aaf|aaf_env|DEV
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+aaf|cm_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1
+aaf|gui_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java index 461ef43c..bbc3086a 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java @@ -93,20 +93,10 @@ public class PropAccess implements Access { int eq; for (String arg : args) { if ((eq=arg.indexOf('='))>0) { - String key = arg.substring(0, eq); - if(Config.CADI_PROP_FILES.equals(key)) { - nprops.setProperty(key,arg.substring(eq+1)); - } + nprops.setProperty(arg.substring(0, eq),arg.substring(eq+1)); } } init(nprops); - - // Re-overlay Args - for (String arg : args) { - if ((eq=arg.indexOf('='))>0) { - props.setProperty(arg.substring(0, eq),arg.substring(eq+1)); - } - } } protected void init(Properties p) { @@ -115,16 +105,15 @@ public class PropAccess implements Access { level=DEFAULT.maskOf(); props = new Properties(); - - // Find the "cadi_prop_files" - // First in VM Args + // First, load related System Properties for (Entry<Object,Object> es : System.getProperties().entrySet()) { String key = es.getKey().toString(); - if(Config.CADI_PROP_FILES.equals(key)) { - props.put(key,es.getValue().toString()); - } + for (String start : new String[] {"cadi_","aaf_","cm_"}) { + if (key.startsWith(start)) { + props.put(key, es.getValue()); + } + } } - // Second, overlay or fill in with Passed in Props if (p!=null) { props.putAll(p); @@ -133,16 +122,6 @@ public class PropAccess implements Access { // Third, load any Chained Property Files load(props.getProperty(Config.CADI_PROP_FILES)); - // Fourth, System.getProperties takes precedence over Files - for (Entry<Object,Object> es : System.getProperties().entrySet()) { - String key = es.getKey().toString(); - for (String start : new String[] {"HOSTNAME","cadi_","aaf_","cm_"}) { - if (key.startsWith(start)) { - props.put(key, es.getValue()); - } - } - } - String sLevel = props.getProperty(Config.CADI_LOGLEVEL); if (sLevel!=null) { level=Level.valueOf(sLevel).maskOf(); @@ -162,7 +141,8 @@ public class PropAccess implements Access { specialConversions(); } - + + private void specialConversions() { // Critical - if no Security Protocols set, then set it. We'll just get messed up if not if (props.get(Config.CADI_PROTOCOLS)==null) { diff --git a/docs/sections/configuration/AAF_4.1_config.rst b/docs/sections/configuration/AAF_4.1_config.rst index 6bb48749..bac03317 100644 --- a/docs/sections/configuration/AAF_4.1_config.rst +++ b/docs/sections/configuration/AAF_4.1_config.rst @@ -8,9 +8,9 @@ Automated Configuration and Certificates *Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.* --------- -Strategy --------- +================= +Optimal Strategy +================= ONAP is deployed in Docker Containers or Kubernetes managed Docker Containers. Therefore, this instruction utilizes a Docker Container as a standalone Utility... (This means that this container will stop as soon as it is done with its work... it is not a long running daemon) @@ -18,16 +18,38 @@ Given that all ONAP entities are also in Docker Containers, they all can access This tool creates all the Configurations, including Certificates, onto a declared Volume on the directories starting with "/opt/app/osaaf" ------------------- +================== Prerequisites ------------------- - * Docker - * Note: it does NOT have to be the SAME Docker that AAF is deployed on... - | but it DOES have be accessible to the AAF Instance. - * For ONAP, this means - - * Windriver VPN - * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS +================== + * Access to a RUNNING AAF System + + * For ONAP TEST, this means + + * Windriver VPN + * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS + * For Writing to Volumes for Docker or K8s + + * Docker + + * Note: it does NOT have to be the SAME Docker that AAF is deployed on... + + * but it DOES have be accessible to the AAF Instance. + + * For creating Configurations on Local Disk + + * For Development purposes + * For running AAF on Bare Metal (or VM) + * A Truststore that includes your CA + + * for ONAP TEST, you can obtain truststoreONAPall.jks from the `AAF FileServer`_. + + * (You can also get the ONAP TEST Root CA there) + + * the latest aaf-auth-cmd-<VERSION>-full.jar from `ONAP Nexus`_. + * you can still use the same "agent.sh" script below + +.. _AAF FileServer: http://aaf-onap-test.osaaf.org/- +.. _ONAP Nexus: https://nexus.onap.org/#nexus-search;quick~aaf-auth-cmd ----------------------- Obtain the Agent Script @@ -43,10 +65,12 @@ If you don't want to clone all of AAF, just get the "agent.sh" from a Browser: Note: curl/wget returns an html, instead of text. This cannot be used! | You have to mv, and rename it to "agent.sh", but avoids full clone... -------------------------- +============= Run Script -------------------------- - +============= +---------------- +For Docker/K8s +---------------- In your chosen directory :: $ bash agent.sh @@ -55,9 +79,20 @@ The Agent will look for "aaf.props", and if it doesn't exist, or is missing info This file is available to reuse for multiple calls. More importantly, you should use it as a template for auto-configuration. (In ONAP, these are HEAT templates and OOM Helm Charts) ---------------------- +-------------------------- +For Local/BareMetal (VM) +-------------------------- +In your chosen directory :: + + $ bash agent.sh local <instructions> + +The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it. + +======================= 'aaf.prop' Properties ---------------------- +======================= + +These properties will be created when you run "agent.sh". Many of the values will be defaulted, or allow you to change. It will be placed into an "aaf.props" file for you to save, edit or otherwise modify/utilize. ==================== ================= ============ Query Tag Description @@ -74,11 +109,14 @@ App's Volume VOLUME Volume to put the data, see above. ex: 'c DRIVER DRIVER Docker Volume type... See Docker Volume documentation. Default is 'local' LATITUDE of Node LATITUDE Global latitude coordinate of Node (best guess in Kubernetes) LONGITUDE of Node LONGITUDE Global longitude coordinate of Node (best guess in Kubernetes) +HOSTNAME HOSTNAME Defaults to SYSTEM provided "hostname". Use when System doesn't report what is actually needed, such as vanity urls, multi-NIC cards, short names, i.e. htydb77 reported instead of htydb77.some.company.org, etc. +Docker User DUSER User needed inside the Docker Container. Without, this will be root +Container NS CONTAINER_NS The Namespace for the container. Provided for Multi-NS support, this would be "onap" for Test OOM, etc. ==================== ================= ============ -------------------------------- +================================= Typical ONAP Entity Info in AAF -------------------------------- +================================= *This is not intended to be a comprehensive list, but a short list of main entities* ============================= =========================== ======================= ============================================== @@ -115,9 +153,9 @@ If something goes wrong, and Certificate is not created, you can adjust the data root@77777:/opt/app/osaaf/local# exit $ bash agent.sh bash -------------- +=============== Informational -------------- +=============== There are two sets of Credentials at play here. The ability to create the Certificate belongs to one of |