From 32cdd553a8668e6d03a9cf5b11b360d35a63c87f Mon Sep 17 00:00:00 2001 From: Instrumental Date: Thu, 19 Jul 2018 13:29:32 -0500 Subject: Configuration and Auto-Certificates Issue-ID: AAF-378 Change-Id: Ic820a4e43684a6130f00b28b415a974876099fc3 Signed-off-by: Instrumental --- auth/sample/bin/agent.sh | 162 --------------------------------------- auth/sample/bin/client.sh | 183 +++++++++++++++++++++++++++++++++++++++++++++ auth/sample/bin/service.sh | 162 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 345 insertions(+), 162 deletions(-) delete mode 100644 auth/sample/bin/agent.sh create mode 100644 auth/sample/bin/client.sh create mode 100644 auth/sample/bin/service.sh (limited to 'auth/sample/bin') diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/agent.sh deleted file mode 100644 index 15c3714d..00000000 --- a/auth/sample/bin/agent.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/bash -# This script is run when starting aaf_config Container. -# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) -# -JAVA=/usr/bin/java - -# Only load Identities once -if [ ! -e /opt/app/osaaf/data/identities.dat ]; then - mkdir -p /opt/app/osaaf/data - cp /opt/app/aaf_config/data/sample.identities.dat /opt/app/osaaf/data/identities.dat -fi - -# Only initialize once, automatically... -if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then - rsync -avzh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local - for D in public etc logs; do - rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D - done - - TMP=$(mktemp) - echo aaf_env=${AAF_ENV} >> ${TMP} - echo cadi_latitude=${LATITUDE} >> ${TMP} - echo cadi_longitude=${LONGITUDE} >> ${TMP} - echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP} - echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP} - - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \ - cadi_etc_dir=/opt/app/osaaf/local \ - cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP} - rm ${TMP} - # Default Password for Default Cass - CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) - sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props -fi - -# Now run a command -CMD=$2 -if [ ! "$CMD" = "" ]; then - shift - shift - case "$CMD" in - ls) - echo ls requested - find /opt/app/osaaf -depth - ;; - cat) - if [ "$1" = "" ]; then - echo "usage: cat " - else - if [[ $1 == *.props ]]; then - echo - echo "## CONTENTS OF $3" - echo - cat "$1" - else - echo "### ERROR ####" - echo " \"cat\" may only be used with files ending with \".props\"" - fi - fi - ;; - update) - rsync -uh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local - for D in public data etc logs; do - rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D - done - ;; - validate) - echo "## validate requested" - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props - ;; - bash) - echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc - if [ ! "$(grep aaf_config ~/.bashrc)" = "" ]; then - echo "alias cadi='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY cadi \$*'" >>~/.bashrc - echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc - #. ~/.bashrc - fi - shift - cd /opt/app/osaaf/local || exit - /bin/bash "$@" - ;; - setProp) - cd /opt/app/osaaf/local || exit - FILES=$(grep -l "$1" ./*.props) - if [ "$FILES" = "" ]; then - FILES="$3" - ADD=Y - fi - for F in $FILES; do - echo "Changing $1 in $F" - if [ "$ADD" = "Y" ]; then - echo $2 >> $F - else - sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F - fi - cat $F - done - ;; - encrypt) - cd /opt/app/osaaf/local || exit - echo $1 - FILES=$(grep -l "$1" ./*.props) - if [ "$FILES" = "" ]; then - FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props - ADD=Y - fi - for F in $FILES; do - echo "Changing $1 in $F" - if [ "$2" = "" ]; then - read -r -p "Password (leave blank to cancel): " -s ORIG_PW - echo " " - if [ "$ORIG_PW" = "" ]; then - echo canceling... - break - fi - else - ORIG_PW="$2" - fi - PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) - if [ "$ADD" = "Y" ]; then - echo "$1=enc:$PWD" >> $F - else - sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F - fi - cat $F - done - ;; - taillog) - sh /opt/app/osaaf/logs/taillog - ;; - --help | -?) - case "$1" in - "") - echo "--- Agent Container Comands ---" - echo " ls - Lists all files in Configuration" - echo " cat > - Shows the contents (Prop files only)" - echo " validate - Runs a test using Configuration" - echo " setProp [] - set value on 'tag' (if no value, it will be queried from config)" - echo " encrypt [] - set passwords on Configuration (if no pass, it will be queried)" - echo " bash - run bash in Container" - echo " Note: the following aliases are preset" - echo " cadi - CADI CmdLine tool" - echo " agent - Agent Java tool (see above help)" - echo "" - echo " --help|-? [cadi|agent] - This help, cadi help or agent help" - ;; - cadi) - echo "--- cadi Tool Comands ---" - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 - ;; - agent) - echo "--- agent Tool Comands ---" - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar - ;; - esac - echo "" - ;; - *) - $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" - ;; - esac -fi diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh new file mode 100644 index 00000000..2c736142 --- /dev/null +++ b/auth/sample/bin/client.sh @@ -0,0 +1,183 @@ +#!/bin/bash +# This script is run when starting aaf_config Container. +# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) +# +JAVA=/usr/bin/java +AAF_INTERFACE_VERSION=2.1 + +# Extract Name, Domain and NS from FQI +FQIA=($(echo ${APP_FQI} | tr '@' '\n')) +FQI_SHORT=${FQIA[0]} +FQI_DOMAIN=${FQIA[1]} +# Reverse DOMAIN for NS +FQIA_E=($(echo ${FQI_DOMAIN} | tr '.' '\n')) +for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do + NS=${NS}${FQIA_E[i]}'.' +done +NS=${NS}${FQIA_E[0]} + + +# Setup SSO info for Deploy ID +function sso_encrypt() { + $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine digest ${1} ~/.aaf/keyfile +} + +if [ ! -e " ~/.aaf/keyfile" ]; then + mkdir -p ~/.aaf + SSO=~/.aaf/sso.props + $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine keygen ~/.aaf/keyfile + chmod 400 ~/.aaf/keyfile + echo cadi_latitude=${LATITUDE} > ${SSO} + echo cadi_longitude=${LONGITUDE} >> ${SSO} + echo aaf_id=${DEPLOY_FQI} >> ${SSO} + if [ ! "${DEPLOY_PASSWORD}" = "" ]; then + echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO} + fi + echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO} + echo aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO} + echo cadi_truststore=$(ls /opt/app/aaf_config/public/*trust*) >> ${SSO} + echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} +fi + +# Only initialize once, automatically... +if [ ! -e /opt/app/osaaf/local/${NS}.props ]; then + for D in bin logs; do + rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + + # setup Configs + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config $APP_FQI \ + cadi_etc_dir=/opt/app/osaaf/local + + # Place Certificates + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar place ${APP_FQI} ${APP_FQDN} + + # Validate + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate \ + cadi_prop_files=/opt/app/osaaf/local/${NS}.props +fi + +# Now run a command +CMD=$2 +if [ ! "$CMD" = "" ]; then + shift + shift + case "$CMD" in + ls) + echo ls requested + find /opt/app/osaaf -depth + ;; + cat) + if [ "$1" = "" ]; then + echo "usage: cat " + else + if [[ $1 == *.props ]]; then + echo + echo "## CONTENTS OF $3" + echo + cat "$1" + else + echo "### ERROR ####" + echo " \"cat\" may only be used with files ending with \".props\"" + fi + fi + ;; + update) + for D in bin logs; do + rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + ;; + validate) + echo "## validate requested" + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/${NS}.props + ;; + bash) + if [ ! -e ~/.bash_aliases ]; then + echo "alias cadi='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine \$*'" >~/.bash_aliases + echo "alias agent='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.configure.Agent \$*'" >>~/.bash_aliases + fi + shift + cd /opt/app/osaaf/local || exit + /bin/bash "$@" + ;; + setProp) + cd /opt/app/osaaf/local || exit + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES="$3" + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$ADD" = "Y" ]; then + echo $2 >> $F + else + sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F + fi + cat $F + done + ;; + encrypt) + cd /opt/app/osaaf/local || exit + echo $1 + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES=/opt/app/osaaf/local/${NS}.cred.props + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$2" = "" ]; then + read -r -p "Password (leave blank to cancel): " -s ORIG_PW + echo " " + if [ "$ORIG_PW" = "" ]; then + echo canceling... + break + fi + else + ORIG_PW="$2" + fi + PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/${NS}.keyfile) + if [ "$ADD" = "Y" ]; then + echo "$1=enc:$PWD" >> $F + else + sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + fi + cat $F + done + ;; + taillog) + sh /opt/app/osaaf/logs/taillog + ;; + --help | -?) + case "$1" in + "") + echo "--- Agent Container Comands ---" + echo " ls - Lists all files in Configuration" + echo " cat > - Shows the contents (Prop files only)" + echo " validate - Runs a test using Configuration" + echo " setProp [] - set value on 'tag' (if no value, it will be queried from config)" + echo " encrypt [] - set passwords on Configuration (if no pass, it will be queried)" + echo " bash - run bash in Container" + echo " Note: the following aliases are preset" + echo " cadi - CADI CmdLine tool" + echo " agent - Agent Java tool (see above help)" + echo "" + echo " --help|-? [cadi|agent] - This help, cadi help or agent help" + ;; + cadi) + echo "--- cadi Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 + ;; + agent) + echo "--- agent Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar + ;; + esac + echo "" + ;; + *) + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" + ;; + esac +fi diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh new file mode 100644 index 00000000..15c3714d --- /dev/null +++ b/auth/sample/bin/service.sh @@ -0,0 +1,162 @@ +#!/bin/bash +# This script is run when starting aaf_config Container. +# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) +# +JAVA=/usr/bin/java + +# Only load Identities once +if [ ! -e /opt/app/osaaf/data/identities.dat ]; then + mkdir -p /opt/app/osaaf/data + cp /opt/app/aaf_config/data/sample.identities.dat /opt/app/osaaf/data/identities.dat +fi + +# Only initialize once, automatically... +if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then + rsync -avzh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local + for D in public etc logs; do + rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + + TMP=$(mktemp) + echo aaf_env=${AAF_ENV} >> ${TMP} + echo cadi_latitude=${LATITUDE} >> ${TMP} + echo cadi_longitude=${LONGITUDE} >> ${TMP} + echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP} + echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP} + + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \ + cadi_etc_dir=/opt/app/osaaf/local \ + cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP} + rm ${TMP} + # Default Password for Default Cass + CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) + sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props +fi + +# Now run a command +CMD=$2 +if [ ! "$CMD" = "" ]; then + shift + shift + case "$CMD" in + ls) + echo ls requested + find /opt/app/osaaf -depth + ;; + cat) + if [ "$1" = "" ]; then + echo "usage: cat " + else + if [[ $1 == *.props ]]; then + echo + echo "## CONTENTS OF $3" + echo + cat "$1" + else + echo "### ERROR ####" + echo " \"cat\" may only be used with files ending with \".props\"" + fi + fi + ;; + update) + rsync -uh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local + for D in public data etc logs; do + rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + ;; + validate) + echo "## validate requested" + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props + ;; + bash) + echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc + if [ ! "$(grep aaf_config ~/.bashrc)" = "" ]; then + echo "alias cadi='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY cadi \$*'" >>~/.bashrc + echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc + #. ~/.bashrc + fi + shift + cd /opt/app/osaaf/local || exit + /bin/bash "$@" + ;; + setProp) + cd /opt/app/osaaf/local || exit + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES="$3" + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$ADD" = "Y" ]; then + echo $2 >> $F + else + sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F + fi + cat $F + done + ;; + encrypt) + cd /opt/app/osaaf/local || exit + echo $1 + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$2" = "" ]; then + read -r -p "Password (leave blank to cancel): " -s ORIG_PW + echo " " + if [ "$ORIG_PW" = "" ]; then + echo canceling... + break + fi + else + ORIG_PW="$2" + fi + PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) + if [ "$ADD" = "Y" ]; then + echo "$1=enc:$PWD" >> $F + else + sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + fi + cat $F + done + ;; + taillog) + sh /opt/app/osaaf/logs/taillog + ;; + --help | -?) + case "$1" in + "") + echo "--- Agent Container Comands ---" + echo " ls - Lists all files in Configuration" + echo " cat > - Shows the contents (Prop files only)" + echo " validate - Runs a test using Configuration" + echo " setProp [] - set value on 'tag' (if no value, it will be queried from config)" + echo " encrypt [] - set passwords on Configuration (if no pass, it will be queried)" + echo " bash - run bash in Container" + echo " Note: the following aliases are preset" + echo " cadi - CADI CmdLine tool" + echo " agent - Agent Java tool (see above help)" + echo "" + echo " --help|-? [cadi|agent] - This help, cadi help or agent help" + ;; + cadi) + echo "--- cadi Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6 + ;; + agent) + echo "--- agent Tool Comands ---" + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar + ;; + esac + echo "" + ;; + *) + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@" + ;; + esac +fi -- cgit 1.2.3-korg