diff options
| author |   Instrumental <jonathan.gathman@att.com> | 2018-07-19 13:29:32 -0500 |
|---|---|---|
| committer | Instrumental <jonathan.gathman@att.com> | 2018-07-19 13:29:44 -0500 |
| commit | 32cdd553a8668e6d03a9cf5b11b360d35a63c87f (patch) | |
| tree | 48c02e4be820d87efb777d7be20bad57d517b61c /auth/sample | |
| parent | 9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (diff) | |
Configuration and Auto-Certificates
Issue-ID: AAF-378
Change-Id: Ic820a4e43684a6130f00b28b415a974876099fc3
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/sample')
| -rw-r--r-- | auth/sample/bin/client.sh | 183 | ||||
| -rw-r--r-- | auth/sample/bin/service.sh (renamed from auth/sample/bin/agent.sh) | 0 | ||||
| -rw-r--r-- | auth/sample/data/identities.dat | 27 | ||||
| -rw-r--r-- | auth/sample/data/sample.identities.dat | 24 | ||||
| -rw-r--r-- | auth/sample/etc/org.osaaf.aaf.cm.props | 4 | ||||
| -rw-r--r-- | auth/sample/etc/org.osaaf.aaf.fs.props | 2 | ||||
| -rw-r--r-- | auth/sample/etc/org.osaaf.aaf.gui.props | 2 | ||||
| -rw-r--r-- | auth/sample/etc/org.osaaf.aaf.hello.props | 2 | ||||
| -rw-r--r-- | auth/sample/etc/org.osaaf.aaf.locate.props | 4 | ||||
| -rw-r--r-- | auth/sample/etc/org.osaaf.aaf.oauth.props | 2 | ||||
| -rw-r--r-- | auth/sample/etc/org.osaaf.aaf.service.props | 2 | ||||
| -rw-r--r-- | auth/sample/local/aaf.props | 3 | ||||
| -rw-r--r-- | auth/sample/local/initialConfig.props | 2 | ||||
| -rw-r--r-- | auth/sample/logs/taillog | 3 |
14 files changed, 228 insertions, 32 deletions
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh new file mode 100644 index 00000000..2c736142 --- /dev/null +++ b/auth/sample/bin/client.sh @@ -0,0 +1,183 @@ +#!/bin/bash +# This script is run when starting aaf_config Container. +# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) +# +JAVA=/usr/bin/java +AAF_INTERFACE_VERSION=2.1 + +# Extract Name, Domain and NS from FQI +FQIA=($(echo ${APP_FQI} | tr '@' '\n')) +FQI_SHORT=${FQIA[0]} +FQI_DOMAIN=${FQIA[1]} +# Reverse DOMAIN for NS +FQIA_E=($(echo ${FQI_DOMAIN} | tr '.' '\n')) +for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do + NS=${NS}${FQIA_E[i]}'.' +done +NS=${NS}${FQIA_E[0]} + + +# Setup SSO info for Deploy ID +function sso_encrypt() { + $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine digest ${1} ~/.aaf/keyfile +} + +if [ ! -e " ~/.aaf/keyfile" ]; then + mkdir -p ~/.aaf + SSO=~/.aaf/sso.props + $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine keygen ~/.aaf/keyfile + chmod 400 ~/.aaf/keyfile + echo cadi_latitude=${LATITUDE} > ${SSO} + echo cadi_longitude=${LONGITUDE} >> ${SSO} + echo aaf_id=${DEPLOY_FQI} >> ${SSO} + if [ ! "${DEPLOY_PASSWORD}" = "" ]; then + echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO} + fi + echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO} + echo aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO} + echo cadi_truststore=$(ls /opt/app/aaf_config/public/*trust*) >> ${SSO} + echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} +fi + +# Only initialize once, automatically... +if [ ! -e /opt/app/osaaf/local/${NS}.props ]; then + for D in bin logs; do + rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + + # setup Configs + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config $APP_FQI \ + cadi_etc_dir=/opt/app/osaaf/local + + # Place Certificates + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar place ${APP_FQI} ${APP_FQDN} + + # Validate + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate \ + cadi_prop_files=/opt/app/osaaf/local/${NS}.props +fi + +# Now run a command +CMD=$2 +if [ ! "$CMD" = "" ]; then + shift + shift + case "$CMD" in + ls) + echo ls requested + find /opt/app/osaaf -depth + ;; + cat) + if [ "$1" = "" ]; then + echo "usage: cat <file... ONLY files ending in .props>" + else + if [[ $1 == *.props ]]; then + echo + echo "## CONTENTS OF $3" + echo + cat "$1" + else + echo "### ERROR ####" + echo " \"cat\" may only be used with files ending with \".props\"" + fi + fi + ;; + update) + for D in bin logs; do + rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + ;; + validate) + echo "## validate requested" + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/${NS}.props + ;; + bash) + if [ ! -e ~/.bash_aliases ]; then + echo "alias cadi='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine \$*'" >~/.bash_aliases + echo "alias agent='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.configure.Agent \$*'" >>~/.bash_aliases + fi + shift + cd /opt/app/osaaf/local || exit + /bin/bash "$@" + ;; + setProp) + cd /opt/app/osaaf/local || exit + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES="$3" + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$ADD" = "Y" ]; then + echo $2 >> $F + else + sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F + fi + cat $F + done + ;; + encrypt) + cd /opt/app/osaaf/local || exit + echo $1 + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES=/opt/app/osaaf/local/${NS}.cred.props + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$2" = "" ]; then + read -r -p "Password (leave blank to cancel): " -s ORIG_PW + echo " " + if [ "$ORIG_PW" = "" ]; then + echo canceling... + break + fi + else + ORIG_PW="$2" + fi + PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/${NS}.keyfile) + if [ "$ADD" = "Y" ]; then + echo "$1=enc:$PWD" >> $F + else + sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + fi + cat $F + done + ;; + taillog) + sh /opt/app/osaaf/logs/taillog + ;; + --help | -?) + case "$1" in + "") + echo "--- Agent Container Comands ---" + echo " ls - Lists all files in Configuration" + echo " cat <file.props>> - Shows the contents (Prop files only)" + echo " validate - Runs a test using Configuration" + echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)" + echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)" + echo " bash - run bash in Container" + echo " Note: the following aliases are preset" + echo " cadi - CADI CmdLine tool" + echo " agent - Agent Java tool (see above help)" + echo "" + echo " --help|-? [cadi|agent] - This help, cadi help or agent help" + ;; + cadi) + echo "--- cadi Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 + ;; + agent) + echo "--- agent Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar + ;; + esac + echo "" + ;; + *) + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" + ;; + esac +fi diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/service.sh index 15c3714d..15c3714d 100644 --- a/auth/sample/bin/agent.sh +++ b/auth/sample/bin/service.sh diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index b5c6ce5a..54c0a15d 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -26,11 +26,22 @@ ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contract iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager osaaf|ID of AAF|osaaf|AAF Application|||a|bdevl # ONAP default Users -demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager -jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager -cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager -jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager -op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager -gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager - - +aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager +deploy|Deployer|Deployer|Depoyer|||e|aaf_admin +demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf +jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf +cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf +jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf +op0001|PORTAL OPS|PORTAL|OPS|||e|aaf +gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf +# ONAP App IDs +aaf|AAF Application|AAF|Application|||a|aaf_admin +aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin +clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin +aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin +appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin +dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin +dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf +dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin +oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin +sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat index 13e94b13..05ed0cc1 100644 --- a/auth/sample/data/sample.identities.dat +++ b/auth/sample/data/sample.identities.dat @@ -25,6 +25,8 @@ mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager # ONAP default Users +aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager +deploy|Deployer|Deployer|Depoyer|||e|aaf_admin demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf @@ -32,15 +34,13 @@ jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf op0001|PORTAL OPS|PORTAL|OPS|||e|aaf gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf # ONAP App IDs -aaf|AAF Application|AAF|Application|||a|bdevl -aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf -clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf -aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf -appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf -dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf -dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf -dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf -oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf -sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf - - +aaf|AAF Application|AAF|Application|||a|aaf_admin +aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin +clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin +aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin +appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin +dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin +dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf +dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin +oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin +sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin diff --git a/auth/sample/etc/org.osaaf.aaf.cm.props b/auth/sample/etc/org.osaaf.aaf.cm.props index 628b5fd3..661d8bb8 100644 --- a/auth/sample/etc/org.osaaf.aaf.cm.props +++ b/auth/sample/etc/org.osaaf.aaf.cm.props @@ -3,8 +3,8 @@ ## AAF Certificate Manager properties ## Note: Link to CA Properties in "local" dir ## -cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.aaf.cm.ca.props -aaf_component=AAF_NS.cm:2.1.0.0 +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cm.ca.props +aaf_component=AAF_NS.cm:2.1.2 port=8150 #Certman diff --git a/auth/sample/etc/org.osaaf.aaf.fs.props b/auth/sample/etc/org.osaaf.aaf.fs.props index 7307f626..d0aac3ae 100644 --- a/auth/sample/etc/org.osaaf.aaf.fs.props +++ b/auth/sample/etc/org.osaaf.aaf.fs.props @@ -3,7 +3,7 @@ ## AAF Fileserver Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props -aaf_component=AAF_NS.fs:2.1.0.0 +aaf_component=AAF_NS.fs:2.1.2 port=8096 aaf_public_dir=/opt/app/osaaf/public diff --git a/auth/sample/etc/org.osaaf.aaf.gui.props b/auth/sample/etc/org.osaaf.aaf.gui.props index 619d60f5..3cff29ba 100644 --- a/auth/sample/etc/org.osaaf.aaf.gui.props +++ b/auth/sample/etc/org.osaaf.aaf.gui.props @@ -3,7 +3,7 @@ ## AAF GUI Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props -aaf_component=AAF_NS.gui:2.1.0.0 +aaf_component=AAF_NS.gui:2.1.2 port=8200 aaf_gui_title=AAF diff --git a/auth/sample/etc/org.osaaf.aaf.hello.props b/auth/sample/etc/org.osaaf.aaf.hello.props index d26c1049..db64baf5 100644 --- a/auth/sample/etc/org.osaaf.aaf.hello.props +++ b/auth/sample/etc/org.osaaf.aaf.hello.props @@ -3,6 +3,6 @@ ## AAF Hello Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props -aaf_component=AAF_NS.hello:2.1.0.0 +aaf_component=AAF_NS.hello:2.1.2 port=8130 diff --git a/auth/sample/etc/org.osaaf.aaf.locate.props b/auth/sample/etc/org.osaaf.aaf.locate.props index 521d63b7..90c2c57f 100644 --- a/auth/sample/etc/org.osaaf.aaf.locate.props +++ b/auth/sample/etc/org.osaaf.aaf.locate.props @@ -2,7 +2,7 @@ ## org.osaaf.aaf.locate ## AAF Locator Properties ## -cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props -aaf_component=AAF_NS.locator:2.1.0.0 +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opts/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props +aaf_component=AAF_NS.locator:2.1.2 port=8095 diff --git a/auth/sample/etc/org.osaaf.aaf.oauth.props b/auth/sample/etc/org.osaaf.aaf.oauth.props index ce67de4d..ac8b9a54 100644 --- a/auth/sample/etc/org.osaaf.aaf.oauth.props +++ b/auth/sample/etc/org.osaaf.aaf.oauth.props @@ -3,6 +3,6 @@ ## AAF OAuth2 Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props -aaf_component=AAF_NS.oauth:2.1.0.0 +aaf_component=AAF_NS.oauth:2.1.2 port=8140 diff --git a/auth/sample/etc/org.osaaf.aaf.service.props b/auth/sample/etc/org.osaaf.aaf.service.props index 5472d820..ab050985 100644 --- a/auth/sample/etc/org.osaaf.aaf.service.props +++ b/auth/sample/etc/org.osaaf.aaf.service.props @@ -3,6 +3,6 @@ ## AAF Service Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props -aaf_component=AAF_NS.service:2.1.0.0 +aaf_component=AAF_NS.service:2.1.2 port=8100 diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props index c9fb8f98..f8c4f886 100644 --- a/auth/sample/local/aaf.props +++ b/auth/sample/local/aaf.props @@ -3,7 +3,7 @@ # # Controlling NS aaf_root_ns=org.osaaf.aaf -aaf_trust_perm=org.osaaf.aaf|org.onap|trust +aaf_trust_perm=org.osaaf.aaf.appid|org|trust # Domains and Realms aaf_domain_support=.com:.org @@ -19,3 +19,4 @@ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_ # Other aaf_data_dir=/opt/app/osaaf/data +cadi_token_dir=/opt/app/osaaf/tokens diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props index 13704244..2f599cdb 100644 --- a/auth/sample/local/initialConfig.props +++ b/auth/sample/local/initialConfig.props @@ -1,4 +1,4 @@ -aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
+aaf_locate_url=https://meriadoc.mithril.sbc.com:8095
aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog index 2b3de6e5..5689caa4 100644 --- a/auth/sample/logs/taillog +++ b/auth/sample/logs/taillog @@ -1,2 +1,3 @@ +#!/bin/bash cd /opt/app/osaaf/logs -tail -f `find . -name *service*.log -ctime 0` +tail -f `find ./$1 -name *service*.log -ctime 0` |