summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-cass/cass_init/minimal.cql59
-rw-r--r--auth/auth-cass/docker/drun.sh19
-rw-r--r--auth/auth-certman/pom.xml1
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java2
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java5
-rw-r--r--auth/docker/.gitignore1
-rw-r--r--auth/docker/aaf.sh15
-rw-r--r--auth/docker/podman_create.sh5
-rw-r--r--auth/unix/.gitignore2
-rw-r--r--auth/unix/firstAsRoot.sh20
-rw-r--r--auth/unix/install.sh308
-rw-r--r--auth/unix/l.props.init24
-rw-r--r--conf/CA/deploy.sh38
13 files changed, 490 insertions, 9 deletions
diff --git a/auth/auth-cass/cass_init/minimal.cql b/auth/auth-cass/cass_init/minimal.cql
new file mode 100644
index 00000000..af8f8c60
--- /dev/null
+++ b/auth/auth-cass/cass_init/minimal.cql
@@ -0,0 +1,59 @@
+USE authz;
+
+// Create 'org' root NS
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org','Root Namespace','.',1,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Org Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Org Write Access');
+
+
+// Create org.osaaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf','OSAAF Namespace','org',2,2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access');
+
+// Create org.osaaf.aaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+
+// OSAAF Root
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+
diff --git a/auth/auth-cass/docker/drun.sh b/auth/auth-cass/docker/drun.sh
index cd8ab78c..33b59d7c 100644
--- a/auth/auth-cass/docker/drun.sh
+++ b/auth/auth-cass/docker/drun.sh
@@ -23,8 +23,22 @@ if [ -e ../../docker/d.props ]; then
. ../../docker/d.props
fi
DOCKER=${DOCKER:-docker}
-
-if [ "$1" = "publish" ]; then
+if [ "$DOCKER" = "podman" ]; then
+ PODNAME=aaf-cass.onap
+ if $(podman pod exists $PODNAME); then
+ echo "Using existing 'podman' pod $PODNAME"
+ POD="--pod $PODNAME "
+ else
+ echo "Create new 'podman' pod $PODNAME"
+ # Note: Cassandra needs "infra" to work
+ # Keep in separate pod
+ #podman pod create --infra=true -n $PODNAME --publish 9042:9042
+ podman pod create --infra=false -n $PODNAME
+ #POD="--pod new:$PODNAME "
+ POD="--pod $PODNAME "
+ PUBLISH='--publish 9042:9042 '
+ fi
+else
PUBLISH='--publish 9042:9042 '
fi
@@ -47,6 +61,7 @@ if [ "`$DOCKER ps -a | grep aaf-cass`" == "" ]; then
-e CASSANDRA_CLUSTER_NAME=osaaf \
-v "aaf_cass_data:/var/lib/cassandra" \
-v "aaf_status:/opt/app/aaf/status" \
+ ${POD} \
$PUBLISH \
-d ${PREFIX}${ORG}/${PROJECT}/aaf_cass:${VERSION} "onap"
else
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index 56efc8d9..a4d7fd45 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -129,6 +129,7 @@
<commandLineArguments>
<commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.cm.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/cm</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
</program>
</programs>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
index fcdcf878..af549356 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
@@ -157,7 +157,7 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr
}
if(deleted) {
service.access.log(Level.INIT, "Deleted Status",status.getAbsolutePath());
- } else {
+ } else if(status.exists()) {
service.access.log(Level.INIT, "Status not deleted: ",status.getAbsolutePath());
}
service.destroy();
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 307c9c95..1822e990 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -68,13 +68,12 @@ public class DefaultOrg implements Organization {
root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
try {
- String defFile;
- String temp=env.getProperty(defFile = (getClass().getName()+".file"));
+ String temp=env.getProperty(realm +".file");
File fIdentities=null;
if (temp==null) {
temp = env.getProperty(AAF_DATA_DIR);
if (temp!=null) {
- env.warn().log(defFile, " is not defined. Using default: ",temp+"/identities.dat");
+ env.warn().log("Datafile for " + realm + " is not defined. Using default: ",temp+"/identities.dat");
File dir = new File(temp);
fIdentities=new File(dir,"identities.dat");
diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore
index f3a8bcb9..ed908238 100644
--- a/auth/docker/.gitignore
+++ b/auth/docker/.gitignore
@@ -16,3 +16,4 @@
/sdnc
/working
/target
+/ldrun.sh
diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh
index b498428b..d0393d0a 100644
--- a/auth/docker/aaf.sh
+++ b/auth/docker/aaf.sh
@@ -21,9 +21,18 @@
. ./d.props
-DOCKER=${DOCKER:=docker}
-# if something, may not want CASS attached all the tim
-#LINKS="--link $CASSANDRA_DOCKER"
+DOCKER=${DOCKER:-docker}
+if [ "$DOCKER" = "podman" ]; then
+ PODNAME=${PODNAME:-$HOSTNAME}
+ if $(podman pod exists $PODNAME); then
+ echo "Using existing 'podman' pod $PODNAME"
+ LINKS="--pod $PODNAME "
+ #else
+ #echo "Create new 'podman' pod $PODNAME"
+ #podman pod create --infra=true -n $PODNAME --publish 8100:8100
+ fi
+ LINKS="--pod $PODNAME "
+fi
# DOCKER doesn't have DNS out of the box, only links.
# so we add cm_always_ignore_ips in --env
diff --git a/auth/docker/podman_create.sh b/auth/docker/podman_create.sh
new file mode 100644
index 00000000..ad164e91
--- /dev/null
+++ b/auth/docker/podman_create.sh
@@ -0,0 +1,5 @@
+podman pod create --name "aaf.gathsys.com" --publish 9042,8100
+
+#--publish 8095:8095 --publish 8140:8140 --publish 8150:8150 --publish 8200:8200 --publish 8130:8130 --publish 9042:9042
+
+# --publish 80:8096
diff --git a/auth/unix/.gitignore b/auth/unix/.gitignore
new file mode 100644
index 00000000..01d95ac9
--- /dev/null
+++ b/auth/unix/.gitignore
@@ -0,0 +1,2 @@
+l.props
+*.swp
diff --git a/auth/unix/firstAsRoot.sh b/auth/unix/firstAsRoot.sh
new file mode 100644
index 00000000..8a66130b
--- /dev/null
+++ b/auth/unix/firstAsRoot.sh
@@ -0,0 +1,20 @@
+#
+. ./l.props
+if [ -z "$1" ]; then
+ echo "Enter 'user:group' for the directory after creation"
+ read CHOWN
+else
+ CHOWN="$1"
+fi
+
+
+for D in $INSTALL_DIR $ORG_DIR; do
+ if [ -e $D ]; then
+ echo "$D already exists"
+ else
+ mkdir -p $D
+ echo "$D created"
+ fi
+ echo "Setting Ownership of $D to $CHOWN"
+ chown $CHOWN $D
+done
diff --git a/auth/unix/install.sh b/auth/unix/install.sh
new file mode 100644
index 00000000..da072bfd
--- /dev/null
+++ b/auth/unix/install.sh
@@ -0,0 +1,308 @@
+#! /bin/sh
+
+##############################
+# STATICALLY Named Properties
+# The Batch class to start
+BATCH_CLS="${CATCH_CLS:=org.onap.aaf.auth.batch.Batch}"
+
+##############################
+# Initial Setup for AAF, on regular UNIX O/Ss (not Docker)
+. ./l.props
+
+##############################
+# Functions
+
+# SED needs escaped slashes
+function escSlash {
+ echo "${1//\//\\\/}"
+}
+
+function debug {
+ if [ -n "$DEBUG" ]; then
+ echo "$*"
+ fi
+}
+
+
+##############################
+# TEST if ORG_DIR and INSTALL_DIR are writable by this script
+if [ -z "$ORG_DIR" ]; then echo "Shell variable ORG_DIR must be set"; exit 1; fi
+if [ -z "$INSTALL_DIR" ]; then echo "Shell variable INSTALL_DIR must be set"; exit 1; fi
+
+for D in "$ORG_DIR" "$INSTALL_DIR"; do
+ if [ -w "$D" ]; then
+ debug "$D is writable by $USER"
+ else
+ echo "$D must be writable by $USER to continue..."
+ echo "You may run 'firstAsRoot.sh <user>:<group>' as root to fix this issue, or fix manually"
+ exit 1
+ fi
+done
+
+# If not set, use HOSTNAME
+CASSANDRA_CLUSTERS=${CASSANDRA_CLUSTERS:=$HOSTNAME}
+ORIG_NS="org.osaaf.aaf"
+ROOT_NS="${ROOT_NS:=$ORIG_NS}"
+AAF_ID="${AAF_ID:=aaf@aaf.osaaf.org}"
+
+##############################
+# DEFINES
+JAVA_AGENT="-Dcadi_prop_files=$ORG_DIR/local/$ROOT_NS.props org.onap.aaf.cadi.configure.Agent"
+
+##############################
+# Create directory Structure
+INSTALL_DIR=${INSTALL_DIR:=/opt/app/aaf}
+for D in "" "status" "cass_init" "cass_init/dats"; do
+ if [ -e "$INSTALL_DIR/$D" ]; then
+ debug "$INSTALL_DIR/$D exists"
+ else
+ mkdir -p "$INSTALL_DIR/$D"
+ debug "created $INSTALL_DIR/$D "
+ fi
+done
+
+##############################
+# Check for previous install, backup as necessary
+if [[ -e $INSTALL_DIR/AAF_VERSION && "$VERSION" = "$(cat $INSTALL_DIR/AAF_VERSION)" ]]; then
+ echo Current Version
+elif [ -e $INSTALL_DIR/lib ]; then
+ PREV_VER="$(cat $INSTALL_DIR/AAF_VERSION)"
+ echo Backing up $PREV_VER
+ if [ -e $INSTALL_DIR/$PREV_VER ]; then
+ rm -Rf $INSTALL_DIR/$PREV_VER
+ fi
+ mkdir $INSTALL_DIR/$PREV_VER
+ mv $INSTALL_DIR/bin $INSTALL_DIR/lib $INSTALL_DIR/theme $INSTALL_DIR/$PREV_VER
+ echo "Backed up bin,lib and theme to $INSTALL_DIR/$PREV_VER"
+fi
+
+##############################
+# Copy from Compiled Version
+cp -Rf ../aaf_$VERSION/* $INSTALL_DIR
+echo $VERSION > $INSTALL_DIR/AAF_VERSION
+
+##############################
+# Add Theme links
+for D in "$ORG_DIR" "$ORG_DIR/public"; do
+ if [ -e "$D/theme" ]; then
+ debug "$D/theme exists"
+ else
+ debug "Soft Linking theme $INSTALL_DIR/theme to $D"
+ ln -s "$INSTALL_DIR/theme" "$D"
+ fi
+done
+
+##############################
+# Copy from Cass Samples
+debug "Copying Casssandra Samples to $INSTALL_DIR/cass_init"
+cp ../auth-cass/cass_init/*.cql $INSTALL_DIR/cass_init
+cp $(ls ../auth-cass/cass_init/*.sh | grep -v push.sh | grep -v restore.sh) $INSTALL_DIR/cass_init
+
+##############################
+# adjust push.sh and restore.sh
+BATCH_JAR=$(find .. -name aaf-auth-batch-$VERSION.jar)
+if [ -z "$BATCH_JAR" ]; then
+ if [ -z "$INSTALL_DIR/lib/aaf-auth-batch-$VERSION.jar" ]; then
+ echo "You need to build the AAF Jars with 'mvn' for $VERSION to continue this configuration"
+ exit 1
+ fi
+else
+ debug "Copying $BATCH_JAR to $INSTALL_DIR/lib"
+ cp $BATCH_JAR $INSTALL_DIR/lib
+fi
+
+DEF_ORG_JAR=$(find .. -name aaf-auth-deforg-$VERSION.jar | head -1)
+if [ -z "$DEF_ORG_JAR" ]; then
+ echo "You need to build the deforg jar to continue this configuration"
+ exit 1
+else
+ echo "Copying $DEF_ORG_JAR to $INSTALL_DIR/lib"
+ cp $DEF_ORG_JAR $INSTALL_DIR/lib
+fi
+
+# Note: Docker Cass only needs Batch Jar, but AAF on the disk can have only one lib
+# so we copy just the Batch jar
+for S in push.sh restore.sh; do
+ debug "Writing Cassandra $INSTALL_DIR/cass_init/$S script with replacements"
+ sed -e "/CQLSH=.*/s//CQLSH=\"cqlsh -k authz $CASSANDRA_CLUSTERS\"/" \
+ -e "/-jar .*full.jar/s//-cp .:$(escSlash $INSTALL_DIR/lib/)* $BATCH_CLS /" \
+ ../auth-cass/cass_init/$S > $INSTALL_DIR/cass_init/$S
+done
+
+##############################
+# adjust authBatch.props
+CHANGES="-e /GUI_URL=.*/s//GUI_URL=https:\/\/$HOSTNAME:8095\/gui/"
+
+for TAG in "LATITUDE" "LONGITUDE"; do
+ CHANGES="$CHANGES -e /${TAG,,}=.*/s//cadi_${TAG,,}=${!TAG}/"
+done
+
+CHANGES="$CHANGES -e /aaf_data_dir=.*/s//aaf_data_dir=$(escSlash $ORG_DIR/data)/"
+
+# Cassandra Properties have dots in them, which cause problems for BASH processing
+for TAG in "CASSANDRA_CLUSTERS" "CASSANDRA_CLUSTERS_PORT" "CASSANDRA_CLUSTERS_USER" "CASSANDRA_CLUSTERS_PASSWORD"; do
+ VALUE="${!TAG}"
+ if [ ! -z "$VALUE" ]; then
+ DOTTED="${TAG//_/.}"
+ NTAG=${DOTTED,,}
+ CHANGES="$CHANGES -e /${NTAG}=.*/s//${NTAG}=${!TAG}/"
+ fi
+done
+
+echo "Writing Batch Properties with conversions to $INSTALL_DIR/cass_init/authBatch.props"
+debug "Conversions: $CHANGES"
+sed $CHANGES ../auth-cass/cass_init/authBatch.props > $INSTALL_DIR/cass_init/authBatch.props
+
+##############################
+# Setup Organizational Data Directories
+for D in $ORG_DIR/data $ORG_DIR/local $ORG_DIR/logs $ORG_DIR/public $ORG_DIR/etc $ORG_DIR/bin; do
+ if [ ! -e $D ]; then
+ debug "Creating $D"
+ mkdir -p $D
+ fi
+done
+
+##############################
+# Convert generated bin files to correct ORG DIR
+for B in $(ls $INSTALL_DIR/bin | grep -v .bat); do
+ sed -e "/cadi_prop_files=/s//aaf_log4j_prefix=$ROOT_NS cadi_prop_files=/" \
+ -e "/$ORIG_NS/s//$ROOT_NS/g" \
+ -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \
+ -e "/^CLASSPATH=.*/s//CLASSPATH=$(escSlash $INSTALL_DIR/lib/)*/" \
+ $INSTALL_DIR/bin/$B > $ORG_DIR/bin/$B
+ chmod u+x $ORG_DIR/bin/$B
+ debug "Converted generated app $B and placed in $INSTALL_DIR/bin"
+done
+
+##############################
+# Create new Initialized Data from ONAP "sample"
+if [ "$1" = "sample" ]; then
+ ##############################
+ # Copy sample dat files
+ # (ONAP Samples)
+ echo "### Copying all ONAP Sample data"
+ cp ../sample/cass_data/*.dat $INSTALL_DIR/cass_init/dats
+
+ # Scrub data, because it is coming from ONAP Test systems,
+ # and also, need current dates
+ echo "### Scrubbing ONAP Sample data"
+ mkdir -p $INSTALL_DIR/cass_init/data
+ cp ../sample/data/sample.identities.dat $INSTALL_DIR/cass_init/data
+ CURR=$(pwd)
+ cd $INSTALL_DIR/cass_init/dats
+ bash $CURR/../sample/cass_data/scrub.sh
+ cd $CURR
+ rm -Rf $INSTALL_DIR/cass_init/data
+
+ ##############################
+ # Sample Identities
+ # Only create if not exists. DO NOT OVERWRITE after that
+ if [ ! -e $ORG_DIR/data/identities.dat ]; then
+ cp ../sample/data/sample.identities.dat $ORG_DIR/data/identities.dat
+ fi
+
+ ##############################
+ # ONAP Test Certs and p12s
+ cp ../sample/cert/AAF_RootCA.cer $ORG_DIR/public
+ for F in $(ls ../sample/cert | grep b64); do
+ if [ ! -e "$F" ]; then
+ if [[ $F = "trust"* ]]; then
+ SUB=public
+ else
+ SUB=local
+ fi
+ if [[ $F = "demoONAPsigner"* ]]; then
+ FILENAME="$ROOT_NS.signer.p12"
+ else
+ FILENAME="${F/.b64/}"
+ fi
+ base64 -d ../sample/cert/$F > $ORG_DIR/$SUB/$FILENAME
+ fi
+ done
+
+ if [ ! -e "$ORG_DIR/CA" ]; then
+ cp -Rf ../../conf/CA $ORG_DIR
+ fi
+
+ FILE="$ORG_DIR/local/$ROOT_NS.p12"
+ if [ ! -e $FILE ]; then
+ echo "Bootstrap Creation of Keystore from Signer"
+ cd $ORG_DIR/CA
+
+ # Redo all of this after Dublin
+ export cadi_x509_issuers="CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US"
+ export signer_subj="/CN=intermediateCA_9/OU=OSAAF/O=ONAP/C=US"
+ bash bootstrap.sh $ORG_DIR/local/$ROOT_NS.signer.p12 'something easy'
+ cp aaf.bootstrap.p12 $FILE
+
+ cd -
+# if [ -n "$CADI_X509_ISSUERS" ]; then
+# CADI_X509_ISSUERS="$CADI_X509_ISSUERS:"
+# fi
+# BOOT_ISSUER="$(cat aaf.bootstrap.issuer)"
+# CADI_X509_ISSUERS="$CADI_X509_ISSUERS$BOOT_ISSUER"
+#
+# I=${BOOT_ISSUER##CN=};I=${I%%,*}
+# CM_CA_PASS="something easy"
+# CM_CA_LOCAL="org.onap.aaf.auth.cm.ca.LocalCA,$LOCAL/$ROOT_NS.signer.p12;aaf_intermediate_9;enc:"
+# CM_TRUST_CAS="$PUBLIC/AAF_RootCA.cer"
+# echo "Generated ONAP Test AAF certs"
+ fi
+
+ ##############################
+ # Initial Properties
+ debug "Create Initial Properties"
+ if [ ! -e $ORG_DIR/local/$ROOT_NS.props ]; then
+ for F in $(ls ../sample/local/$ORIG_NS.*); do
+ NEWFILE="$ORG_DIR/local/${F/*$ORIG_NS./$ROOT_NS.}"
+ sed -e "/$ORIG_NS/s//$ROOT_NS/g" \
+ $F > $NEWFILE
+ debug "Created $NEWFILE"
+ done
+ for D in public etc logs; do
+ for F in $(ls ../sample/$D); do
+ NEWFILE="$ORG_DIR/$D/${F/*$ORIG_NS./$ROOT_NS.}"
+ sed -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \
+ -e "/$ORIG_NS/s//$ROOT_NS/g" \
+ ../sample/$D/$F > $NEWFILE
+ echo "Created $NEWFILE"
+ done
+ done
+
+ ##############################
+ # Set Cassandra Variables
+ CHANGES=""
+ for TAG in "CASSANDRA_CLUSTERS" "CASSANDRA_CLUSTERS_PORT" "CASSANDRA_CLUSTERS_USER" "CASSANDRA_CLUSTERS_PASSWORD"; do
+ VALUE="${!TAG}"
+ if [ ! -z "$VALUE" ]; then
+ DOTTED="${TAG//_/.}"
+ NTAG=${DOTTED,,}
+ CHANGES="$CHANGES -e /${NTAG}=.*/s//${NTAG}=${!TAG}/"
+ fi
+ done
+ mv $ORG_DIR/local/$ROOT_NS.cassandra.props $ORG_DIR/local/$ROOT_NS.cassandra.props.backup
+ sed $CHANGES $ORG_DIR/local/$ROOT_NS.cassandra.props.backup > $ORG_DIR/local/$ROOT_NS.cassandra.props
+
+ ##############################
+ # CADI Config Tool
+
+ # Change references to /opt/app/osaaf to ORG_DIR
+ sed -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \
+ -e "/$ORIG_NS/s//$ROOT_NS/" \
+ -e "/$ORIG_AAF_ID/s//$AAF_ID/" \
+ ../sample/local/aaf.props > _temp.props
+
+ java -cp $INSTALL_DIR/lib/\* $JAVA_AGENT config \
+ $AAF_ID \
+ aaf_root_ns=$ROOT_NS \
+ cadi_etc_dir=$ORG_DIR/local \
+ cadi_latitude=${LATITUDE} \
+ cadi_longitude=${LONGITUDE} \
+ aaf_data_dir=$ORG_DIR/data \
+ aaf_locate_url=${AAF_LOCATE_URL:=https://$HOSTNAME:8095} \
+ cadi_prop_files=_temp.props:../sample/local/initialConfig.props
+ rm _temp.props
+ fi
+
+fi
+
diff --git a/auth/unix/l.props.init b/auth/unix/l.props.init
new file mode 100644
index 00000000..c9726ded
--- /dev/null
+++ b/auth/unix/l.props.init
@@ -0,0 +1,24 @@
+# Properties about your machine
+ROOT_NS=org.test.aaf
+AAF_ID=aaf@aaf.test.org
+ORG_DIR=/opt/app/test
+INSTALL_DIR=/opt/app/aaf
+ORG_DIR=/opt/app/osaaf
+VERSION=2.1.20-SNAPSHOT
+
+# Add Debugging Messages
+# DEBUG=true
+
+# If you need a Locator URL that isn't this HOSTNAME, then set here
+# AAF_LOCATE_URL=https://<vanity>:8095
+
+# Note: If you do not know your machine's GPS Coord, http://bing.com/maps shows by directory
+LATITUDE=38.0
+LONGITUDE=-90.0
+
+# CASSANDRA - Assumes out-of-the-box Passwords until changed, or adding CADI Security
+#CASSANDRA_CLUSTERS=
+CASSANDRA_CLUSTERS_PORT=9042
+CASSANDRA_CLUSTERS_USER=cassandra
+CASSANDRA_CLUSTERS_PASSWORD=cassandra
+
diff --git a/conf/CA/deploy.sh b/conf/CA/deploy.sh
new file mode 100644
index 00000000..031f9575
--- /dev/null
+++ b/conf/CA/deploy.sh
@@ -0,0 +1,38 @@
+# SED needs escaped slashes
+function escSlash {
+ echo "${1//\//\\\/}"
+}
+
+NS="$(cat ns.aaf)"
+DEPLOY_DIR=${PWD/\/CA/}
+read -p "AAF Config Directory: [$DEPLOY_DIR]: " input
+DEPLOY_DIR=${input:-$DEPLOY_DIR}
+
+echo "Deploying to $DEPLOY_DIR"
+
+APP_NAME="${DEPLOY_DIR##*/}"
+CA_CRT="CA_${APP_NAME^^}.crt"
+cp -v certs/ca.crt $DEPLOY_DIR/public/$CA_CRT
+sed -i.bak \
+ -e "/cm_public_dir=.*/s//cm_public_dir=$(escSlash $DEPLOY_DIR/public)/" \
+ -e "/cm_trust_cas=.*/s//cm_trust_cas=${CA_CRT}/" \
+ $DEPLOY_DIR/etc/org.osaaf.aaf.cm.props
+
+INT_DIR="intermediate_$(cat intermediate.serial)"
+
+cp -v $INT_DIR/certs/ca.crt $DEPLOY_DIR/public/${APP_NAME^^}_SIGNER.crt
+SIGNER=${NS}.signer.p12
+cp -v $INT_DIR/aaf_$INT_DIR.p12 $DEPLOY_DIR/local/${SIGNER}
+
+CADI="java -jar /opt/app/aaf/lib/aaf-cadi-core-*.jar"
+KEYFILE="$DEPLOY_DIR/local/org.osaaf.aaf.keyfile"
+if [ ! -f "$KEYFILE" ]; then
+ echo $CADI keygen $KEYFILE
+fi
+
+echo "Enter Issuer Key Password "
+read -s ISSUER_PASS
+ISSUER_PASS=$($CADI digest "$ISSUER_PASS" $KEYFILE)
+sed -i.bak \
+ -e "/cm_ca.local=.*/s//cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,$(escSlash $DEPLOY_DIR/local/$SIGNER);aaf_$INT_DIR;enc:$ISSUER_PASS/" \
+ $DEPLOY_DIR/local/org.osaaf.aaf.cm.ca.props