diff options
Diffstat (limited to 'auth/sample/bin')
-rw-r--r-- | auth/sample/bin/client.sh | 76 | ||||
-rw-r--r-- | auth/sample/bin/pod_wait.sh | 50 | ||||
-rw-r--r-- | auth/sample/bin/service.sh | 131 |
3 files changed, 198 insertions, 59 deletions
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index a8b8b9a6..ded8c409 100644 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -15,18 +15,29 @@ for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do NS=${NS}${FQIA_E[i]}'.' done NS=${NS}${FQIA_E[0]} - +CONFIG="/opt/app/aaf_config" +LOCAL="/opt/app/osaaf/local" +DOT_AAF="$HOME/.aaf" +SSO="$DOT_AAF/sso.props" + +# Setup Bash, first time only +if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep aaf_config $HOME/.bash_aliases)" ]; then + echo "alias cadi='$CONFIG/bin/agent.sh EMPTY cadi \$*'" >>$HOME/.bash_aliases + echo "alias agent='$CONFIG/bin/agent.sh EMPTY \$*'" >>$HOME/.bash_aliases + chmod a+x $CONFIG/bin/agent.sh + . $HOME/.bash_aliases +fi # Setup SSO info for Deploy ID function sso_encrypt() { - $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine digest ${1} ~/.aaf/keyfile + $JAVA -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine digest ${1} $DOT_AAF/keyfile } -if [ ! -e " ~/.aaf/keyfile" ]; then - mkdir -p ~/.aaf - SSO=~/.aaf/sso.props - $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine keygen ~/.aaf/keyfile - chmod 400 ~/.aaf/keyfile + +if [ ! -e "$DOT_AAF/keyfile" ]; then + mkdir -p $DOT_AAF + $JAVA -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine keygen $DOT_AAF/keyfile + chmod 400 $DOT_AAF/keyfile echo cadi_latitude=${LATITUDE} > ${SSO} echo cadi_longitude=${LONGITUDE} >> ${SSO} echo aaf_id=${DEPLOY_FQI} >> ${SSO} @@ -35,26 +46,29 @@ if [ ! -e " ~/.aaf/keyfile" ]; then fi echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO} echo aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO} - echo cadi_truststore=$(ls /opt/app/aaf_config/public/*trust*) >> ${SSO} + + base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks + echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO} echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} fi # Only initialize once, automatically... -if [ ! -e /opt/app/osaaf/local/${NS}.props ]; then +if [ ! -e $LOCAL/${NS}.props ]; then + mkdir -p $LOCAL for D in bin logs; do - rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + rsync -avzh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D done # setup Configs - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config $APP_FQI \ - cadi_etc_dir=/opt/app/osaaf/local + $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar config $APP_FQI \ + cadi_etc_dir=$LOCAL cadi_prop_files=$SSO # Place Certificates - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar place ${APP_FQI} ${APP_FQDN} + $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar place ${APP_FQI} ${APP_FQDN} # Validate - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate \ - cadi_prop_files=/opt/app/osaaf/local/${NS}.props + $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar validate \ + cadi_prop_files=$LOCAL/${NS}.props fi # Now run a command @@ -84,31 +98,31 @@ if [ ! "$CMD" = "" ]; then ;; update) for D in bin logs; do - rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + rsync -uh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D done ;; showpass) echo "## Show Passwords" - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar showpass ${APP_FQI} ${APP_FQDN} + $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar showpass ${APP_FQI} ${APP_FQDN} ;; check) - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar check ${APP_FQI} ${APP_FQDN} + $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar check ${APP_FQI} ${APP_FQDN} ;; validate) echo "## validate requested" - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate /opt/app/osaaf/local/${NS}.props + $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar validate $LOCAL/${NS}.props ;; bash) - if [ ! -e ~/.bash_aliases ]; then - echo "alias cadi='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine \$*'" >~/.bash_aliases - echo "alias agent='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.configure.Agent \$*'" >>~/.bash_aliases - fi + #if [ ! -e $HOME/bash_aliases ]; then + # echo "alias cadi='$JAVA -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine \$*'" >$HOME/bash_aliases + # echo "alias agent='/bin/bash $CONFIG/bin/agent.sh no-op \$*'" >>$HOME/bash_aliases + #fi shift - cd /opt/app/osaaf/local || exit + cd $LOCAL || exit /bin/bash "$@" ;; setProp) - cd /opt/app/osaaf/local || exit + cd $LOCAL || exit FILES=$(grep -l "$1" ./*.props) if [ "$FILES" = "" ]; then FILES="$3" @@ -125,11 +139,11 @@ if [ ! "$CMD" = "" ]; then done ;; encrypt) - cd /opt/app/osaaf/local || exit + cd $LOCAL || exit echo $1 FILES=$(grep -l "$1" ./*.props) if [ "$FILES" = "" ]; then - FILES=/opt/app/osaaf/local/${NS}.cred.props + FILES=$LOCAL/${NS}.cred.props ADD=Y fi for F in $FILES; do @@ -144,7 +158,7 @@ if [ ! "$CMD" = "" ]; then else ORIG_PW="$2" fi - PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/${NS}.keyfile) + PWD=$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" $LOCAL/${NS}.keyfile) if [ "$ADD" = "Y" ]; then echo "$1=enc:$PWD" >> $F else @@ -174,17 +188,17 @@ if [ ! "$CMD" = "" ]; then ;; cadi) echo "--- cadi Tool Comands ---" - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 + $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 ;; agent) echo "--- agent Tool Comands ---" - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar + $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar ;; esac echo "" ;; *) - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" + $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" ;; esac fi diff --git a/auth/sample/bin/pod_wait.sh b/auth/sample/bin/pod_wait.sh new file mode 100644 index 00000000..71773be7 --- /dev/null +++ b/auth/sample/bin/pod_wait.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# +# A Script for use in Pods... Check for status files, and validate before moving on. +# +DIR="/opt/app/aaf/status" +APP=$1 +shift +OTHER=$1 +shift + +function status { + if [ -d "$DIR" ]; then + echo "$@" > $DIR/$APP + fi +} + +echo $APP $OTHER + +function check { + if [ -d "$DIR" ]; then + if [ -e "$DIR/$OTHER" ]; then + echo "$(cat $DIR/$OTHER)" + else + echo "$DIR/$OTHER does not exist" + fi + else + echo "$DIR does not exist" + fi +} + +echo "App $APP is waiting to start until $OTHER is ready" +status "waiting for $OTHER" + +n=0 +while [ $n -lt 40 ]; do + rv="$(check)" + echo "$OTHER is $rv" + if [ "$rv" = "ready" ]; then + # This is critical. Until status is literally "ready" in the status directory, no processes will start + status ready + echo "Starting $@" + n=10000 + else + (( ++n )) + echo "Sleep 10 (iteration $n)" + sleep 10 + fi +done + +eval "$@" diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index 33dca67f..da2eb855 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -3,36 +3,114 @@ # It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) # JAVA=/usr/bin/java +LOCAL=/opt/app/osaaf/local +DATA=/opt/app/osaaf/data +PUBLIC=/opt/app/osaaf/public +CONFIG=/opt/app/aaf_config +# Temp use for clarity of code +FILE= + +# Setup Bash, first time only +if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep aaf_config $HOME/.bash_aliases)" ]; then + echo "alias cadi='$CONFIG/bin/agent.sh EMPTY cadi \$*'" >>$HOME/.bash_aliases + echo "alias agent='$CONFIG/bin/agent.sh EMPTY \$*'" >>$HOME/.bash_aliases + chmod a+x $CONFIG/bin/agent.sh + . $HOME/.bash_aliases +fi # Only load Identities once -if [ ! -e /opt/app/osaaf/data/identities.dat ]; then - mkdir -p /opt/app/osaaf/data - cp /opt/app/aaf_config/data/sample.identities.dat /opt/app/osaaf/data/identities.dat +# echo "Check Identities" +FILE="$DATA/identities.dat" +if [ ! -e $FILE ]; then + mkdir -p $DATA + cp $CONFIG/data/sample.identities.dat $FILE +fi + +# Load up Cert/X509 Artifacts +# echo "Check Signer Keyfile" +FILE="$LOCAL/org.osaaf.aaf.signer.p12" +if [ ! -e $FILE ]; then + mkdir -p $LOCAL + mkdir -p $PUBLIC + if [ -e $CONFIG/cert/org.osaaf.aaf.signer.p12 ]; then + cp $CONFIG/cert/org.osaaf.aaf.signer.p12 $FILE + else + echo "Decode" + base64 -d $CONFIG/cert/demoONAPsigner.p12.b64 > $FILE + base64 -d $CONFIG/cert/truststoreONAP.p12.b64 > $PUBLIC/truststoreONAP.p12 + base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $PUBLIC/truststoreONAPall.jks + ln -s $PUBLIC/truststoreONAPall.jks $LOCAL + cp $CONFIG/cert/AAF_RootCA.cer $PUBLIC + CM_TRUST_CAS="$PUBLIC/AAF_RootCA.cer" + echo "cadi_keystore_password=something easy" >> $CONFIG/local/aaf.props + fi +fi + +# echo "Check keyfile" +FILE="$LOCAL/org.osaaf.aaf.p12" +if [ ! -e $FILE ]; then + if [ -e $CONFIG/cert/org.osaaf.aaf.p12 ]; then + cp $CONFIG/cert/org.osaaf.aaf.p12 $FILE + else + echo "Bootstrap Creation of Keystore from Signer" + cd $CONFIG/CA + + # Remove this after Casablanca + CADI_X509_ISSUERS="CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" + bash bootstrap.sh $LOCAL/org.osaaf.aaf.signer.p12 'something easy' + cp aaf.bootstrap.p12 $FILE + if [ -n "$CADI_X509_ISSUERS" ]; then + CADI_X509_ISSUERS="$CADI_X509_ISSUERS:" + fi + BOOT_ISSUER="$(cat aaf.bootstrap.issuer)" + CADI_X509_ISSUERS="$CADI_X509_ISSUERS$BOOT_ISSUER" + + I=${BOOT_ISSUER##CN=};I=${I%%,*} + CM_CA_PASS="something easy" + CM_CA_LOCAL="org.onap.aaf.auth.cm.ca.LocalCA,$LOCAL/org.osaaf.aaf.signer.p12;aaf_intermediate_9;enc:" + CM_TRUST_CAS="$PUBLIC/AAF_RootCA.cer" + fi fi # Only initialize once, automatically... -if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then - rsync -avzh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local +if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then + rsync -avzh --exclude=.gitignore $CONFIG/local/org.osaaf.aaf* $LOCAL for D in public etc logs; do - rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + rsync -avzh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D done TMP=$(mktemp) echo aaf_env=${AAF_ENV} >> ${TMP} echo cadi_latitude=${LATITUDE} >> ${TMP} echo cadi_longitude=${LONGITUDE} >> ${TMP} + echo cadi_x509_issuers=${CADI_X509_ISSUERS} >> ${TMP} echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP} echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP} - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \ - cadi_etc_dir=/opt/app/osaaf/local \ - cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP} + cat $TMP + + $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \ + cadi_etc_dir=$LOCAL \ + cadi_prop_files=$CONFIG/local/initialConfig.props:$CONFIG/local/aaf.props:${TMP} rm ${TMP} # Default Password for Default Cass - CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) - sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props + CASS_PASS=$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" $LOCAL/org.osaaf.aaf.keyfile) + sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" $LOCAL/org.osaaf.aaf.cassandra.props + + if [ -n "$CM_CA_LOCAL" ]; then + if [ -n "$CM_CA_PASS" ]; then + CM_CA_LOCAL=$CM_CA_LOCAL$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "$CM_CA_PASS" $LOCAL/org.osaaf.aaf.keyfile) + fi + # Move and copy method, rather than sed, because of slashes in CM_CA_LOCAL makes too complex + FILE=$LOCAL/org.osaaf.aaf.cm.ca.props + mv $FILE $FILE.backup + grep -v "cm_ca.local=" $FILE.backup > $FILE + echo "cm_ca.local=$CM_CA_LOCAL" >> $FILE + echo "cm_trust_cas=$CM_TRUST_CAS" >> $FILE + fi fi + # Now run a command CMD=$2 if [ ! "$CMD" = "" ]; then @@ -59,28 +137,25 @@ if [ ! "$CMD" = "" ]; then fi ;; update) - rsync -uh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local + rsync -uh --exclude=.gitignore $CONFIG/local/org.osaaf.aaf* $LOCAL for D in public data etc logs; do - rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + rsync -uh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D done ;; validate) echo "## validate requested" - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props + $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=$LOCAL/org.osaaf.aaf.props ;; + onap) + echo Initializing ONAP configurations. + ;; bash) - echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc - if [ ! "$(grep aaf_config ~/.bashrc)" = "" ]; then - echo "alias cadi='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY cadi \$*'" >>~/.bashrc - echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc - #. ~/.bashrc - fi shift - cd /opt/app/osaaf/local || exit + cd $LOCAL || exit /bin/bash "$@" ;; setProp) - cd /opt/app/osaaf/local || exit + cd $LOCAL || exit FILES=$(grep -l "$1" ./*.props) if [ "$FILES" = "" ]; then FILES="$3" @@ -98,11 +173,11 @@ if [ ! "$CMD" = "" ]; then done ;; encrypt) - cd /opt/app/osaaf/local || exit + cd $LOCAL || exit echo $1 FILES=$(grep -l "$1" ./*.props) if [ "$FILES" = "" ]; then - FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props + FILES=$LOCAL/org.osaaf.aaf.cred.props ADD=Y fi for F in $FILES; do @@ -117,7 +192,7 @@ if [ ! "$CMD" = "" ]; then else ORIG_PW="$2" fi - PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) + PWD=$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" $LOCAL/org.osaaf.aaf.keyfile) if [ "$ADD" = "Y" ]; then echo "$1=enc:$PWD" >> $F else @@ -147,17 +222,17 @@ if [ ! "$CMD" = "" ]; then ;; cadi) echo "--- cadi Tool Comands ---" - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 + $JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 ;; agent) echo "--- agent Tool Comands ---" - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar + $JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar ;; esac echo "" ;; *) - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" + $JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" ;; esac fi |