summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-cass/src/main/cql/pull.sh9
-rw-r--r--auth/auth-cass/src/main/cql/push.sh11
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java4
-rw-r--r--auth/docker/agent.sh12
-rw-r--r--docs/sections/installation/client_vol.rst98
5 files changed, 104 insertions, 30 deletions
diff --git a/auth/auth-cass/src/main/cql/pull.sh b/auth/auth-cass/src/main/cql/pull.sh
index f4db573a..01fa52bf 100644
--- a/auth/auth-cass/src/main/cql/pull.sh
+++ b/auth/auth-cass/src/main/cql/pull.sh
@@ -1,5 +1,10 @@
-for T in x509 ns_attrib config cred user_role perm role artifact ns; do
+mkdir -p dats
+cd dats
+for T in ns ns_attrib cred user_role perm role config artifact ; do
cqlsh -e "use authz; COPY $T TO '$T.dat' WITH DELIMITER='|';"
done
-tar -cvzf dat.gz *.dat
+tar -cvzf ../dat.gz *.dat
+rm *.dat
+cd -
+rmdir dats
diff --git a/auth/auth-cass/src/main/cql/push.sh b/auth/auth-cass/src/main/cql/push.sh
index 8026c9f9..330326d5 100644
--- a/auth/auth-cass/src/main/cql/push.sh
+++ b/auth/auth-cass/src/main/cql/push.sh
@@ -1,5 +1,8 @@
-tar -xvf dat.gz
-for T in x509 ns_attrib config cred user_role perm role artifact ns; do
- cqlsh -e "use authz; COPY $T FROM '$T.dat' WITH DELIMITER='|';"
+mkdir -p dats
+cd dats
+tar -xvf ../dat.gz
+for T in $(ls *.dat); do
+ cqlsh -e "use authz; COPY ${T%.dat} FROM '$T' WITH DELIMITER='|';"
done
-
+cd -
+rm -Rf dats
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java
index d423731a..6d4e167a 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java
@@ -102,7 +102,7 @@ public class CMArtifactShow extends Page {
"&machine='+machine.value,'_self');"
).end(js);
hgen.leaf("input","id=machine","style=margin:1em 1em 1em 1em;width:30%").end();
- hgen.leaf(HTMLGen.A,"class=greenbutton","href=javascript:newArtifact()","style=color:white;").text("New Machine").end();
+ hgen.leaf(HTMLGen.A,"class=greenbutton","href=javascript:newArtifact()","style=color:white;").text("New FQDN").end();
}
});
}
@@ -146,7 +146,7 @@ public class CMArtifactShow extends Page {
this.sc = sc;
}
- private static final String[] headers = new String[]{"Machine","Directory","CA","Renews","Expires",""};
+ private static final String[] headers = new String[]{"FQDN","Directory","CA","Renews","Expires",""};
@Override
public String[] headers() {
return headers;
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index aa3db663..eb0bf3aa 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -40,11 +40,11 @@ done
. ./aaf.props
# Need AAF_FQDN's IP, because not might not be available in mini-container
-if [ "$AAF_AAF_FQDN_IP" = "" ]; then
- AAF_AAF_FQDN_IP=$(host $AAF_FQDN | grep "has address" | tail -1 | cut -f 4 -d ' ')
- if [ "$AAF_AAF_FQDN_IP" = "" ]; then
- read -p "IP of $AAF_FQDN: " AAF_AAF_FQDN_IP
- echo "AAF_AAF_FQDN_IP=$AAF_AAF_FQDN_IP" >> ./aaf.props
+if [ "$AAF_FQDN_IP" = "" ]; then
+ AAF_FQDN_IP=$(host $AAF_FQDN | grep "has address" | tail -1 | cut -f 4 -d ' ')
+ if [ "$AAF_FQDN_IP" = "" ]; then
+ read -p "IP of $AAF_FQDN: " AAF_FQDN_IP
+ echo "AAF_FQDN_IP=$AAF_FQDN_IP" >> ./aaf.props
fi
fi
@@ -58,7 +58,7 @@ docker run \
-it \
--rm \
--mount 'type=volume,src='${VOLUME}',dst=/opt/app/osaaf,volume-driver='${DRIVER} \
- --add-host="$AAF_FQDN:$AAF_AAF_FQDN_IP" \
+ --add-host="$AAF_FQDN:$AAF_FQDN_IP" \
--env AAF_FQDN=${AAF_FQDN} \
--env DEPLOY_FQI=${DEPLOY_FQI} \
--env DEPLOY_PASSWORD=${DEPLOY_PASSWORD} \
diff --git a/docs/sections/installation/client_vol.rst b/docs/sections/installation/client_vol.rst
index ea98e5f2..fc33e1bb 100644
--- a/docs/sections/installation/client_vol.rst
+++ b/docs/sections/installation/client_vol.rst
@@ -26,8 +26,8 @@ Prerequisites
| but it DOES have be accessible to the AAF Instance.
* For ONAP, this means
- * Windriver VPN
- * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+ * Windriver VPN
+ * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
-----------------------
Obtain the Agent Script
@@ -49,22 +49,88 @@ In your chosen directory ::
$ bash agent.sh
-The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it
+The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it.
+This file is available to reuse for multiple calls. More importantly, you should use it as a template for auto-configuration. (In ONAP, these are HEAT templates and OOM Helm Charts)
---------------- ---------------
-Tag Value
---------------- ---------------
-CADI Version Defaults to CADI version of this
-AAF's FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
-Deployer's FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
-App's Root FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
-App's FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
-App's Volume Volume to put the data, see above. ex: clamp_aaf
-DRIVER Docker Volume type... See Docker Volume documentation
-LATITUDE Global latitude coordinate of Node (best guess for Kubernetes)
-LONGITUDE Global longitude coordinate of Node (best guess for Kubernetes)
---------------- ---------------
+---------------------
+'aaf.prop' Properties
+---------------------
+=================== =============== ============
+Query Tag Description
+=================== =============== ============
+CADI Version VERSION Defaults to CADI version of this
+AAF's FQDN AAF_FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
+Deployer's FQI DEPLOY_FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
+App's Root FQDN APP_FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
+App's FQI APP_FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
+App's Volume VOLUME Volume to put the data, see above. ex: clamp_aaf
+DRIVER DRIVER Docker Volume type... See Docker Volume documentation
+LATITUDE of Node LATITUDE Global latitude coordinate of Node (best guess in Kubernetes)
+LONGITUDE of Node LONGITUDE Global longitude coordinate of Node (best guess in Kubernetes)
+=================== =============== ============
+
+---------------------
+Dynamic Properties
+---------------------
+
+These Properties do not automatically save in 'aaf.props', because...
+
+ | Passwords should not be stored clear text, with the possible exception of constant Environment Recreation, where it is impractical.
+ | The IP of the AAF's FQDN is looked up, if possible. It can be set, however, when lookup isn't available.
+
+=================== =============== ============
+Query Tag Description
+=================== =============== ============
+Deployer's Password DEPLOY_PASSWORD Password for the Deployer. Avoids storing, except where impossible otherwise.
+IP of <AAF_FQDN> AAF_FQDN_IP IP for Name of AAF FQDN, if not available by normal lookup means
+=================== =============== ============
+
+-----------------------
+ONAP Entity Info in AAF
+-----------------------
+
+============================= =========================== =======================
+ONAP Namespaces APP FQI APP FQDN
+============================= =========================== =======================
+org.onap.aaf-sms aaf-sms@aaf-sms.onap.org aaf-sms
+org.onap.aai aai@aai.onap.org aai
+org.onap.appc appc@appc.onap.org appc
+org.onap.clamp clamp@clamp.onap.org clamp
+org.onap.dcae dcae@dcae.onap.org dcae
+org.onap.dmaap-bc dmaap-bc@dmaap-bc.onap.org dmaap-bc
+org.onap.dmaap-mr dmaap-mr@dmaap-mr.onap.org dmaap-mr
+org.onap.oof oof@oof.onap.org oof
+org.onap.sdnc sdnc@sdnc.onap.org sdnc
+============================= =========================== =======================
+
+*Note: FQDNs are set in AAF's Credential Artifact data, accessible in "Cred Details" from Namespace Page*
+
+If something goes wrong, and Certificate is not created, you can adjust the data, remove the data from the Container's /opt/app/osaaf/local dir, and it will generate again. ::
+
+ root@77777:/opt/app/osaaf/local# rm *
+ root@77777:/opt/app/osaaf/local# exit
+ $ bash agent.sh bash
+
+-------------
+Informational
+-------------
+
+There are two sets of Credentials at play here. The ability to create the Certificate belongs to one of
+
+ * The person responsible for the ID in the Organization
+ * A delegated deployer
+
+It is expected in large organizations that Individual Employees are given the responsibility of an ID for an APP they are responsible for.
+
+ In ONAP test, to simplify create/tear-down environment...
+ | The **Owner** is always "mmanager@people.osaaf.org".
+ | The **Sponsor** is always "aaf_admin@people.osaaf.org".
+
+In a large org, there are probably many Operations teams to support many different apps.
+
+ In ONAP test,
+ The **Deployer** is always set to "deploy@people.osaaf.org" for all Apps.