diff options
| author |   Jonathan Gathman <jgonap@stl.gathman.org> | 2020-04-25 14:28:13 -0500 |
|---|---|---|
| committer | Instrumental <jgonap@stl.gathman.org> | 2020-04-25 15:40:38 -0500 |
| commit | 475da40b0d58acdf4dd1a3590c490ce7b95a1af8 (patch) | |
| tree | 6ada2fd4e98522c4e942121f1c20f22343e450d3 | |
| parent | 861b557b294032f9443ee1fca6b42d7252e92481 (diff) | |
Add StandAlone Unix Configurations
Include scripts, podman starts, minor code changes.
Issue-ID: AAF-1137
Signed-off-by: Jonathan Gathman <jgonap@stl.gathman.org>
Change-Id: Ief72d93e607dbe62875f592978ee15084c8310d2
| -rw-r--r-- | auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java | 28 | ||||
| -rw-r--r-- | auth/auth-cass/cass_init/minimal.cql | 59 | ||||
| -rw-r--r-- | auth/auth-cass/docker/drun.sh | 19 | ||||
| -rw-r--r-- | auth/auth-certman/pom.xml | 1 | ||||
| -rw-r--r-- | auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java | 2 | ||||
| -rw-r--r-- | auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java | 5 | ||||
| -rw-r--r-- | auth/docker/.gitignore | 1 | ||||
| -rw-r--r-- | auth/docker/aaf.sh | 15 | ||||
| -rw-r--r-- | auth/docker/podman_create.sh | 5 | ||||
| -rw-r--r-- | auth/unix/.gitignore | 2 | ||||
| -rw-r--r-- | auth/unix/firstAsRoot.sh | 20 | ||||
| -rw-r--r-- | auth/unix/install.sh | 308 | ||||
| -rw-r--r-- | auth/unix/l.props.init | 24 | ||||
| -rw-r--r-- | conf/CA/deploy.sh | 38 | ||||
| -rw-r--r-- | releases/2.1.20.yaml | 4 | ||||
| -rw-r--r-- | version.properties | 4 |
16 files changed, 499 insertions, 36 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java index f346f7dd..4d6af8a0 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java @@ -48,7 +48,7 @@ public class ApprovedRpt extends Batch { private Date now; private Writer approvedW; private CSV historyR; - private static String yr_mon; + private static String yearMon; public ApprovedRpt(AuthzTrans trans) throws APIException, IOException, OrganizationException { super(trans.env()); @@ -64,7 +64,7 @@ public class ApprovedRpt extends Batch { historyR = new CSV(env.access(),args()[1]).setDelimiter('|'); - yr_mon = args()[0]; + yearMon = args()[0]; } finally { tt0.done(); } @@ -73,34 +73,12 @@ public class ApprovedRpt extends Batch { @Override protected void run(AuthzTrans trans) { try { -// ResultSet results; -// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" ); -// results = session.execute(stmt); -// Iterator<Row> iter = results.iterator(); -// Row row; - /* - * while (iter.hasNext()) { - ++totalLoaded; - row = iter.next(); - d = row.getTimestamp(0); - if(d.after(begin)) { - approvedW.row("aprvd", - Chrono.dateOnlyStamp(d), - row.getString(1), - row.getString(2), - row.getString(3), - row.getString(4), - row.getString(5) - ); - } - } - */ GregorianCalendar gc = new GregorianCalendar(); gc.add(GregorianCalendar.MONTH, -2); approvedW.comment("date, approver, status, user, role, memo"); historyR.visit(row -> { String s = row.get(7); - if(s.equals(yr_mon)) { + if(s.equals(yearMon)) { String target = row.get(5); if("user_role".equals(target)) { String action = row.get(1); diff --git a/auth/auth-cass/cass_init/minimal.cql b/auth/auth-cass/cass_init/minimal.cql new file mode 100644 index 00000000..af8f8c60 --- /dev/null +++ b/auth/auth-cass/cass_init/minimal.cql @@ -0,0 +1,59 @@ +USE authz; + +// Create 'org' root NS +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org','Root Namespace','.',1,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Org Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Org Write Access'); + + +// Create org.osaaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf','OSAAF Namespace','org',2,2); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access'); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access'); + +// Create org.osaaf.aaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners'); + +// OSAAF Root +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin'); + + diff --git a/auth/auth-cass/docker/drun.sh b/auth/auth-cass/docker/drun.sh index cd8ab78c..33b59d7c 100644 --- a/auth/auth-cass/docker/drun.sh +++ b/auth/auth-cass/docker/drun.sh @@ -23,8 +23,22 @@ if [ -e ../../docker/d.props ]; then . ../../docker/d.props fi DOCKER=${DOCKER:-docker} - -if [ "$1" = "publish" ]; then +if [ "$DOCKER" = "podman" ]; then + PODNAME=aaf-cass.onap + if $(podman pod exists $PODNAME); then + echo "Using existing 'podman' pod $PODNAME" + POD="--pod $PODNAME " + else + echo "Create new 'podman' pod $PODNAME" + # Note: Cassandra needs "infra" to work + # Keep in separate pod + #podman pod create --infra=true -n $PODNAME --publish 9042:9042 + podman pod create --infra=false -n $PODNAME + #POD="--pod new:$PODNAME " + POD="--pod $PODNAME " + PUBLISH='--publish 9042:9042 ' + fi +else PUBLISH='--publish 9042:9042 ' fi @@ -47,6 +61,7 @@ if [ "`$DOCKER ps -a | grep aaf-cass`" == "" ]; then -e CASSANDRA_CLUSTER_NAME=osaaf \ -v "aaf_cass_data:/var/lib/cassandra" \ -v "aaf_status:/opt/app/aaf/status" \ + ${POD} \ $PUBLISH \ -d ${PREFIX}${ORG}/${PROJECT}/aaf_cass:${VERSION} "onap" else diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml index 0adce9cc..9f0d962d 100644 --- a/auth/auth-certman/pom.xml +++ b/auth/auth-certman/pom.xml @@ -129,6 +129,7 @@ <commandLineArguments> <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.cm.props</commandLineArgument> <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/cm</commandLineArgument> + <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument> </commandLineArguments> </program> </programs> diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java index fcdcf878..af549356 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java @@ -157,7 +157,7 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr } if(deleted) { service.access.log(Level.INIT, "Deleted Status",status.getAbsolutePath()); - } else { + } else if(status.exists()) { service.access.log(Level.INIT, "Status not deleted: ",status.getAbsolutePath()); } service.destroy(); diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 307c9c95..1822e990 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -68,13 +68,12 @@ public class DefaultOrg implements Organization { root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF); try { - String defFile; - String temp=env.getProperty(defFile = (getClass().getName()+".file")); + String temp=env.getProperty(realm +".file"); File fIdentities=null; if (temp==null) { temp = env.getProperty(AAF_DATA_DIR); if (temp!=null) { - env.warn().log(defFile, " is not defined. Using default: ",temp+"/identities.dat"); + env.warn().log("Datafile for " + realm + " is not defined. Using default: ",temp+"/identities.dat"); File dir = new File(temp); fIdentities=new File(dir,"identities.dat"); diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore index f3a8bcb9..ed908238 100644 --- a/auth/docker/.gitignore +++ b/auth/docker/.gitignore @@ -16,3 +16,4 @@ /sdnc /working /target +/ldrun.sh diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh index b498428b..d0393d0a 100644 --- a/auth/docker/aaf.sh +++ b/auth/docker/aaf.sh @@ -21,9 +21,18 @@ . ./d.props -DOCKER=${DOCKER:=docker} -# if something, may not want CASS attached all the tim -#LINKS="--link $CASSANDRA_DOCKER" +DOCKER=${DOCKER:-docker} +if [ "$DOCKER" = "podman" ]; then + PODNAME=${PODNAME:-$HOSTNAME} + if $(podman pod exists $PODNAME); then + echo "Using existing 'podman' pod $PODNAME" + LINKS="--pod $PODNAME " + #else + #echo "Create new 'podman' pod $PODNAME" + #podman pod create --infra=true -n $PODNAME --publish 8100:8100 + fi + LINKS="--pod $PODNAME " +fi # DOCKER doesn't have DNS out of the box, only links. # so we add cm_always_ignore_ips in --env diff --git a/auth/docker/podman_create.sh b/auth/docker/podman_create.sh new file mode 100644 index 00000000..ad164e91 --- /dev/null +++ b/auth/docker/podman_create.sh @@ -0,0 +1,5 @@ +podman pod create --name "aaf.gathsys.com" --publish 9042,8100 + +#--publish 8095:8095 --publish 8140:8140 --publish 8150:8150 --publish 8200:8200 --publish 8130:8130 --publish 9042:9042 + +# --publish 80:8096 diff --git a/auth/unix/.gitignore b/auth/unix/.gitignore new file mode 100644 index 00000000..01d95ac9 --- /dev/null +++ b/auth/unix/.gitignore @@ -0,0 +1,2 @@ +l.props +*.swp diff --git a/auth/unix/firstAsRoot.sh b/auth/unix/firstAsRoot.sh new file mode 100644 index 00000000..8a66130b --- /dev/null +++ b/auth/unix/firstAsRoot.sh @@ -0,0 +1,20 @@ +# +. ./l.props +if [ -z "$1" ]; then + echo "Enter 'user:group' for the directory after creation" + read CHOWN +else + CHOWN="$1" +fi + + +for D in $INSTALL_DIR $ORG_DIR; do + if [ -e $D ]; then + echo "$D already exists" + else + mkdir -p $D + echo "$D created" + fi + echo "Setting Ownership of $D to $CHOWN" + chown $CHOWN $D +done diff --git a/auth/unix/install.sh b/auth/unix/install.sh new file mode 100644 index 00000000..da072bfd --- /dev/null +++ b/auth/unix/install.sh @@ -0,0 +1,308 @@ +#! /bin/sh + +############################## +# STATICALLY Named Properties +# The Batch class to start +BATCH_CLS="${CATCH_CLS:=org.onap.aaf.auth.batch.Batch}" + +############################## +# Initial Setup for AAF, on regular UNIX O/Ss (not Docker) +. ./l.props + +############################## +# Functions + +# SED needs escaped slashes +function escSlash { + echo "${1//\//\\\/}" +} + +function debug { + if [ -n "$DEBUG" ]; then + echo "$*" + fi +} + + +############################## +# TEST if ORG_DIR and INSTALL_DIR are writable by this script +if [ -z "$ORG_DIR" ]; then echo "Shell variable ORG_DIR must be set"; exit 1; fi +if [ -z "$INSTALL_DIR" ]; then echo "Shell variable INSTALL_DIR must be set"; exit 1; fi + +for D in "$ORG_DIR" "$INSTALL_DIR"; do + if [ -w "$D" ]; then + debug "$D is writable by $USER" + else + echo "$D must be writable by $USER to continue..." + echo "You may run 'firstAsRoot.sh <user>:<group>' as root to fix this issue, or fix manually" + exit 1 + fi +done + +# If not set, use HOSTNAME +CASSANDRA_CLUSTERS=${CASSANDRA_CLUSTERS:=$HOSTNAME} +ORIG_NS="org.osaaf.aaf" +ROOT_NS="${ROOT_NS:=$ORIG_NS}" +AAF_ID="${AAF_ID:=aaf@aaf.osaaf.org}" + +############################## +# DEFINES +JAVA_AGENT="-Dcadi_prop_files=$ORG_DIR/local/$ROOT_NS.props org.onap.aaf.cadi.configure.Agent" + +############################## +# Create directory Structure +INSTALL_DIR=${INSTALL_DIR:=/opt/app/aaf} +for D in "" "status" "cass_init" "cass_init/dats"; do + if [ -e "$INSTALL_DIR/$D" ]; then + debug "$INSTALL_DIR/$D exists" + else + mkdir -p "$INSTALL_DIR/$D" + debug "created $INSTALL_DIR/$D " + fi +done + +############################## +# Check for previous install, backup as necessary +if [[ -e $INSTALL_DIR/AAF_VERSION && "$VERSION" = "$(cat $INSTALL_DIR/AAF_VERSION)" ]]; then + echo Current Version +elif [ -e $INSTALL_DIR/lib ]; then + PREV_VER="$(cat $INSTALL_DIR/AAF_VERSION)" + echo Backing up $PREV_VER + if [ -e $INSTALL_DIR/$PREV_VER ]; then + rm -Rf $INSTALL_DIR/$PREV_VER + fi + mkdir $INSTALL_DIR/$PREV_VER + mv $INSTALL_DIR/bin $INSTALL_DIR/lib $INSTALL_DIR/theme $INSTALL_DIR/$PREV_VER + echo "Backed up bin,lib and theme to $INSTALL_DIR/$PREV_VER" +fi + +############################## +# Copy from Compiled Version +cp -Rf ../aaf_$VERSION/* $INSTALL_DIR +echo $VERSION > $INSTALL_DIR/AAF_VERSION + +############################## +# Add Theme links +for D in "$ORG_DIR" "$ORG_DIR/public"; do + if [ -e "$D/theme" ]; then + debug "$D/theme exists" + else + debug "Soft Linking theme $INSTALL_DIR/theme to $D" + ln -s "$INSTALL_DIR/theme" "$D" + fi +done + +############################## +# Copy from Cass Samples +debug "Copying Casssandra Samples to $INSTALL_DIR/cass_init" +cp ../auth-cass/cass_init/*.cql $INSTALL_DIR/cass_init +cp $(ls ../auth-cass/cass_init/*.sh | grep -v push.sh | grep -v restore.sh) $INSTALL_DIR/cass_init + +############################## +# adjust push.sh and restore.sh +BATCH_JAR=$(find .. -name aaf-auth-batch-$VERSION.jar) +if [ -z "$BATCH_JAR" ]; then + if [ -z "$INSTALL_DIR/lib/aaf-auth-batch-$VERSION.jar" ]; then + echo "You need to build the AAF Jars with 'mvn' for $VERSION to continue this configuration" + exit 1 + fi +else + debug "Copying $BATCH_JAR to $INSTALL_DIR/lib" + cp $BATCH_JAR $INSTALL_DIR/lib +fi + +DEF_ORG_JAR=$(find .. -name aaf-auth-deforg-$VERSION.jar | head -1) +if [ -z "$DEF_ORG_JAR" ]; then + echo "You need to build the deforg jar to continue this configuration" + exit 1 +else + echo "Copying $DEF_ORG_JAR to $INSTALL_DIR/lib" + cp $DEF_ORG_JAR $INSTALL_DIR/lib +fi + +# Note: Docker Cass only needs Batch Jar, but AAF on the disk can have only one lib +# so we copy just the Batch jar +for S in push.sh restore.sh; do + debug "Writing Cassandra $INSTALL_DIR/cass_init/$S script with replacements" + sed -e "/CQLSH=.*/s//CQLSH=\"cqlsh -k authz $CASSANDRA_CLUSTERS\"/" \ + -e "/-jar .*full.jar/s//-cp .:$(escSlash $INSTALL_DIR/lib/)* $BATCH_CLS /" \ + ../auth-cass/cass_init/$S > $INSTALL_DIR/cass_init/$S +done + +############################## +# adjust authBatch.props +CHANGES="-e /GUI_URL=.*/s//GUI_URL=https:\/\/$HOSTNAME:8095\/gui/" + +for TAG in "LATITUDE" "LONGITUDE"; do + CHANGES="$CHANGES -e /${TAG,,}=.*/s//cadi_${TAG,,}=${!TAG}/" +done + +CHANGES="$CHANGES -e /aaf_data_dir=.*/s//aaf_data_dir=$(escSlash $ORG_DIR/data)/" + +# Cassandra Properties have dots in them, which cause problems for BASH processing +for TAG in "CASSANDRA_CLUSTERS" "CASSANDRA_CLUSTERS_PORT" "CASSANDRA_CLUSTERS_USER" "CASSANDRA_CLUSTERS_PASSWORD"; do + VALUE="${!TAG}" + if [ ! -z "$VALUE" ]; then + DOTTED="${TAG//_/.}" + NTAG=${DOTTED,,} + CHANGES="$CHANGES -e /${NTAG}=.*/s//${NTAG}=${!TAG}/" + fi +done + +echo "Writing Batch Properties with conversions to $INSTALL_DIR/cass_init/authBatch.props" +debug "Conversions: $CHANGES" +sed $CHANGES ../auth-cass/cass_init/authBatch.props > $INSTALL_DIR/cass_init/authBatch.props + +############################## +# Setup Organizational Data Directories +for D in $ORG_DIR/data $ORG_DIR/local $ORG_DIR/logs $ORG_DIR/public $ORG_DIR/etc $ORG_DIR/bin; do + if [ ! -e $D ]; then + debug "Creating $D" + mkdir -p $D + fi +done + +############################## +# Convert generated bin files to correct ORG DIR +for B in $(ls $INSTALL_DIR/bin | grep -v .bat); do + sed -e "/cadi_prop_files=/s//aaf_log4j_prefix=$ROOT_NS cadi_prop_files=/" \ + -e "/$ORIG_NS/s//$ROOT_NS/g" \ + -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \ + -e "/^CLASSPATH=.*/s//CLASSPATH=$(escSlash $INSTALL_DIR/lib/)*/" \ + $INSTALL_DIR/bin/$B > $ORG_DIR/bin/$B + chmod u+x $ORG_DIR/bin/$B + debug "Converted generated app $B and placed in $INSTALL_DIR/bin" +done + +############################## +# Create new Initialized Data from ONAP "sample" +if [ "$1" = "sample" ]; then + ############################## + # Copy sample dat files + # (ONAP Samples) + echo "### Copying all ONAP Sample data" + cp ../sample/cass_data/*.dat $INSTALL_DIR/cass_init/dats + + # Scrub data, because it is coming from ONAP Test systems, + # and also, need current dates + echo "### Scrubbing ONAP Sample data" + mkdir -p $INSTALL_DIR/cass_init/data + cp ../sample/data/sample.identities.dat $INSTALL_DIR/cass_init/data + CURR=$(pwd) + cd $INSTALL_DIR/cass_init/dats + bash $CURR/../sample/cass_data/scrub.sh + cd $CURR + rm -Rf $INSTALL_DIR/cass_init/data + + ############################## + # Sample Identities + # Only create if not exists. DO NOT OVERWRITE after that + if [ ! -e $ORG_DIR/data/identities.dat ]; then + cp ../sample/data/sample.identities.dat $ORG_DIR/data/identities.dat + fi + + ############################## + # ONAP Test Certs and p12s + cp ../sample/cert/AAF_RootCA.cer $ORG_DIR/public + for F in $(ls ../sample/cert | grep b64); do + if [ ! -e "$F" ]; then + if [[ $F = "trust"* ]]; then + SUB=public + else + SUB=local + fi + if [[ $F = "demoONAPsigner"* ]]; then + FILENAME="$ROOT_NS.signer.p12" + else + FILENAME="${F/.b64/}" + fi + base64 -d ../sample/cert/$F > $ORG_DIR/$SUB/$FILENAME + fi + done + + if [ ! -e "$ORG_DIR/CA" ]; then + cp -Rf ../../conf/CA $ORG_DIR + fi + + FILE="$ORG_DIR/local/$ROOT_NS.p12" + if [ ! -e $FILE ]; then + echo "Bootstrap Creation of Keystore from Signer" + cd $ORG_DIR/CA + + # Redo all of this after Dublin + export cadi_x509_issuers="CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" + export signer_subj="/CN=intermediateCA_9/OU=OSAAF/O=ONAP/C=US" + bash bootstrap.sh $ORG_DIR/local/$ROOT_NS.signer.p12 'something easy' + cp aaf.bootstrap.p12 $FILE + + cd - +# if [ -n "$CADI_X509_ISSUERS" ]; then +# CADI_X509_ISSUERS="$CADI_X509_ISSUERS:" +# fi +# BOOT_ISSUER="$(cat aaf.bootstrap.issuer)" +# CADI_X509_ISSUERS="$CADI_X509_ISSUERS$BOOT_ISSUER" +# +# I=${BOOT_ISSUER##CN=};I=${I%%,*} +# CM_CA_PASS="something easy" +# CM_CA_LOCAL="org.onap.aaf.auth.cm.ca.LocalCA,$LOCAL/$ROOT_NS.signer.p12;aaf_intermediate_9;enc:" +# CM_TRUST_CAS="$PUBLIC/AAF_RootCA.cer" +# echo "Generated ONAP Test AAF certs" + fi + + ############################## + # Initial Properties + debug "Create Initial Properties" + if [ ! -e $ORG_DIR/local/$ROOT_NS.props ]; then + for F in $(ls ../sample/local/$ORIG_NS.*); do + NEWFILE="$ORG_DIR/local/${F/*$ORIG_NS./$ROOT_NS.}" + sed -e "/$ORIG_NS/s//$ROOT_NS/g" \ + $F > $NEWFILE + debug "Created $NEWFILE" + done + for D in public etc logs; do + for F in $(ls ../sample/$D); do + NEWFILE="$ORG_DIR/$D/${F/*$ORIG_NS./$ROOT_NS.}" + sed -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \ + -e "/$ORIG_NS/s//$ROOT_NS/g" \ + ../sample/$D/$F > $NEWFILE + echo "Created $NEWFILE" + done + done + + ############################## + # Set Cassandra Variables + CHANGES="" + for TAG in "CASSANDRA_CLUSTERS" "CASSANDRA_CLUSTERS_PORT" "CASSANDRA_CLUSTERS_USER" "CASSANDRA_CLUSTERS_PASSWORD"; do + VALUE="${!TAG}" + if [ ! -z "$VALUE" ]; then + DOTTED="${TAG//_/.}" + NTAG=${DOTTED,,} + CHANGES="$CHANGES -e /${NTAG}=.*/s//${NTAG}=${!TAG}/" + fi + done + mv $ORG_DIR/local/$ROOT_NS.cassandra.props $ORG_DIR/local/$ROOT_NS.cassandra.props.backup + sed $CHANGES $ORG_DIR/local/$ROOT_NS.cassandra.props.backup > $ORG_DIR/local/$ROOT_NS.cassandra.props + + ############################## + # CADI Config Tool + + # Change references to /opt/app/osaaf to ORG_DIR + sed -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \ + -e "/$ORIG_NS/s//$ROOT_NS/" \ + -e "/$ORIG_AAF_ID/s//$AAF_ID/" \ + ../sample/local/aaf.props > _temp.props + + java -cp $INSTALL_DIR/lib/\* $JAVA_AGENT config \ + $AAF_ID \ + aaf_root_ns=$ROOT_NS \ + cadi_etc_dir=$ORG_DIR/local \ + cadi_latitude=${LATITUDE} \ + cadi_longitude=${LONGITUDE} \ + aaf_data_dir=$ORG_DIR/data \ + aaf_locate_url=${AAF_LOCATE_URL:=https://$HOSTNAME:8095} \ + cadi_prop_files=_temp.props:../sample/local/initialConfig.props + rm _temp.props + fi + +fi + diff --git a/auth/unix/l.props.init b/auth/unix/l.props.init new file mode 100644 index 00000000..c9726ded --- /dev/null +++ b/auth/unix/l.props.init @@ -0,0 +1,24 @@ +# Properties about your machine +ROOT_NS=org.test.aaf +AAF_ID=aaf@aaf.test.org +ORG_DIR=/opt/app/test +INSTALL_DIR=/opt/app/aaf +ORG_DIR=/opt/app/osaaf +VERSION=2.1.20-SNAPSHOT + +# Add Debugging Messages +# DEBUG=true + +# If you need a Locator URL that isn't this HOSTNAME, then set here +# AAF_LOCATE_URL=https://<vanity>:8095 + +# Note: If you do not know your machine's GPS Coord, http://bing.com/maps shows by directory +LATITUDE=38.0 +LONGITUDE=-90.0 + +# CASSANDRA - Assumes out-of-the-box Passwords until changed, or adding CADI Security +#CASSANDRA_CLUSTERS= +CASSANDRA_CLUSTERS_PORT=9042 +CASSANDRA_CLUSTERS_USER=cassandra +CASSANDRA_CLUSTERS_PASSWORD=cassandra + diff --git a/conf/CA/deploy.sh b/conf/CA/deploy.sh new file mode 100644 index 00000000..031f9575 --- /dev/null +++ b/conf/CA/deploy.sh @@ -0,0 +1,38 @@ +# SED needs escaped slashes +function escSlash { + echo "${1//\//\\\/}" +} + +NS="$(cat ns.aaf)" +DEPLOY_DIR=${PWD/\/CA/} +read -p "AAF Config Directory: [$DEPLOY_DIR]: " input +DEPLOY_DIR=${input:-$DEPLOY_DIR} + +echo "Deploying to $DEPLOY_DIR" + +APP_NAME="${DEPLOY_DIR##*/}" +CA_CRT="CA_${APP_NAME^^}.crt" +cp -v certs/ca.crt $DEPLOY_DIR/public/$CA_CRT +sed -i.bak \ + -e "/cm_public_dir=.*/s//cm_public_dir=$(escSlash $DEPLOY_DIR/public)/" \ + -e "/cm_trust_cas=.*/s//cm_trust_cas=${CA_CRT}/" \ + $DEPLOY_DIR/etc/org.osaaf.aaf.cm.props + +INT_DIR="intermediate_$(cat intermediate.serial)" + +cp -v $INT_DIR/certs/ca.crt $DEPLOY_DIR/public/${APP_NAME^^}_SIGNER.crt +SIGNER=${NS}.signer.p12 +cp -v $INT_DIR/aaf_$INT_DIR.p12 $DEPLOY_DIR/local/${SIGNER} + +CADI="java -jar /opt/app/aaf/lib/aaf-cadi-core-*.jar" +KEYFILE="$DEPLOY_DIR/local/org.osaaf.aaf.keyfile" +if [ ! -f "$KEYFILE" ]; then + echo $CADI keygen $KEYFILE +fi + +echo "Enter Issuer Key Password " +read -s ISSUER_PASS +ISSUER_PASS=$($CADI digest "$ISSUER_PASS" $KEYFILE) +sed -i.bak \ + -e "/cm_ca.local=.*/s//cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,$(escSlash $DEPLOY_DIR/local/$SIGNER);aaf_$INT_DIR;enc:$ISSUER_PASS/" \ + $DEPLOY_DIR/local/org.osaaf.aaf.cm.ca.props diff --git a/releases/2.1.20.yaml b/releases/2.1.20.yaml new file mode 100644 index 00000000..a08b3f08 --- /dev/null +++ b/releases/2.1.20.yaml @@ -0,0 +1,4 @@ +distribution_type: 'maven' +version: '2.1.20' +project: 'aaf-authz' +log_dir: 'aaf-authz-maven-stage-master/344/' diff --git a/version.properties b/version.properties index bb43fd28..02ce0893 100644 --- a/version.properties +++ b/version.properties @@ -24,10 +24,10 @@ # Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) # because they are used in Jenkins, whose plug-in doesn't support -# This TAG <version>2.1.19-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries: +# This TAG <version>2.1.21-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries: major=2 minor=1 -patch=19 +patch=21 base_version=${major}.${minor}.${patch} |