Init dcae.demo.startup.aaf

Change-Id: Ia1877e76b040b9831950b8c27dde687a2664783e
Signed-off-by: lj1412 <lji@research.att.com>

15 files changed, 576 insertions, 0 deletions

diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..e047c62
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,4 @@
+[gerrit]
+host=gerrit.openecomp.org
+port=29418
+project=dcae/demo/startup/aaf.git
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..30471b5
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,22 @@
+
+/*-
+ * ============LICENSE_START==========================================
+ * OPENECOMP - DCAE
+ * ===================================================================
+ * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0 
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ */
+	
+ECOMP and OpenECOMP are trademarks and service marks of AT&T Intellectual Property.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bb0d209
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+This project hosts the configurations and start-up scripts for instantiating the Open eCOMP AAF Server 
+
+To deploy an Open eCOMP AAF server to a host:
+
+0. prepare the docker host:
+   a. install the following software:  git, docker, docker-compose
+1. login to the docker host
+2. git clone this project:
+     git clone https://23.253.149.175/dcae-startup/dcae-startup-vm-aaf.git
+3. change dir to dcae-startup-vm-aaf
+   edit the deploy.sh file with local configurations such as docker-compose 
+4. run the deploy.sh as root
+
+
+
diff --git a/deploy.sh b/deploy.sh
new file mode 100755
index 0000000..46af1d1
--- /dev/null
+++ b/deploy.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+# do not change this, it is already matched with the git repo file structure
+DOCKER_FILE_DIR="./docker_files"
+
+# commands to run docker and docker-compose
+DOCKER_COMPOSE_EXE="/opt/docker/docker-compose"
+DOCKER_EXE="docker"
+
+
+cd ${DOCKER_FILE_DIR}
+
+echo "prep any files with local configurations"
+if ls __* 1> /dev/null 2>&1; then
+   IP_DOCKER0=`ifconfig docker0 |grep "inet addr" | cut -d: -f2 |cut -d" " -f1`
+   TEMPLATES=`ls -1 __*`
+   for TEMPLATE in $TEMPLATES
+   do
+      FILENAME=${TEMPLATE//_}
+      if [ ! -z ${IP_DOCKER0} ]; then
+         sed -e "s/{{ ip.docker0 }}/${IP_DOCKER0}/" $TEMPLATE > $FILENAME
+      fi
+   done
+fi
+
+echo "starting docker operations"
+#${DOCKER_EXE} login --username=${DOCKER_REGISTRY_USERNAME} --password=${DOCKER_REGISTRY_PASSWORD} ${DOCKER_REGISTRY}
+${DOCKER_COMPOSE_EXE} up -d
+
diff --git a/docker_files/aafcli.sh b/docker_files/aafcli.sh
new file mode 100755
index 0000000..89e9a4e
--- /dev/null
+++ b/docker_files/aafcli.sh
@@ -0,0 +1,9 @@
+DIR=`pwd`
+DME2REG=$DIR/../dme2reg
+CLASSPATH=etc:target/authz-cmd-2.0.15-jar-with-dependencies.jar
+
+java -cp $CLASSPATH \
+	-Dcadi_prop_files=../authz-service/src/main/sample/authAPI.props \
+	-DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG \
+	com.att.cmd.AAFcli $*
+
diff --git a/docker_files/data/ecomp.cql b/docker_files/data/ecomp.cql
new file mode 100755
index 0000000..421cad4
--- /dev/null
+++ b/docker_files/data/ecomp.cql
@@ -0,0 +1,123 @@
+USE authz;
+
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+  VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+  VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+  VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+
+// Create 'com' root NS
+INSERT INTO ns (name,scope,description,parent,type)
+  VALUES('com',1,'Root Namespace',null,1);
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('com','admin',{'com.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('com','owner',{'com.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');
+
+// Create org root NS
+INSERT INTO ns (name,scope,description,parent,type)
+  VALUES('org',1,'Root Namespace Org',null,1);
+
+INSERT INTO ns (name,scope,description,parent,type)
+  VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3);
+
+INSERT INTO ns (name,scope,description,parent,type)
+  VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3);
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org','admin',{'org.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org','owner',{'org.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');
+
+
+// Create org.openecomp
+INSERT INTO ns (name,scope,description,parent,type)
+  VALUES('org.openecomp',2,'Open EComp NS','org',2);
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');
+
+// Create org.openecomp.dmaapBC
+
+INSERT INTO ns (name,scope,description,parent,type)
+  VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3);
+
+//INSERT INTO role(ns, name, perms, description)
+//  VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description) 
+VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description) 
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description) 
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
diff --git a/docker_files/data/identities.dat b/docker_files/data/identities.dat
new file mode 100755
index 0000000..98bf99a
--- /dev/null
+++ b/docker_files/data/identities.dat
@@ -0,0 +1,7 @@
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
diff --git a/docker_files/data/identities.idx b/docker_files/data/identities.idx
new file mode 100755
index 0000000..78fc0a5
--- /dev/null
+++ b/docker_files/data/identities.idx
diff --git a/docker_files/data/init.cql b/docker_files/data/init.cql
new file mode 100755
index 0000000..15392be
--- /dev/null
+++ b/docker_files/data/init.cql
@@ -0,0 +1,242 @@
+// For Developer Machine single instance
+//
+CREATE KEYSPACE authz
+WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+// 
+// From Ravi, 6-17-2014.  User for DEVL->TEST
+//
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' };
+// 
+// PROD
+// 
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' };
+//
+//  create user authz with password '<AUTHZ PASSWORD>' superuser;
+//  grant all on keyspace authz to authz;
+//
+// For TEST (aaf_test)
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' };
+//
+// DEVL
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' };
+//
+// TEST / PERF
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' };
+//
+// IST
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3',
+// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' };
+//
+// with 6 localized with ccm
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+// 
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy.  Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+  name			varchar,
+  scope			int,  // deprecated 2.0.11
+  description   	varchar,
+  parent 		varchar,
+  type			int,
+  PRIMARY KEY (name)  
+);
+CREATE INDEX ns_parent on ns(parent);
+  
+
+// Oct 2015, not performant.  Made Owner and Attrib first class Roles, jg1555
+// April, 2015.  Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels.
+// Therefore, we are taking the separate table approach.  (coder Jeremiah Rohwedder)
+// We had dropped this by making first class objects of Responsible (Owner) and Admin.  We need this again to mark namespaces
+// as having certain tools, like SWM, etc.
+CREATE TABLE ns_attrib (
+  ns            varchar,
+  key           varchar,
+  value         varchar,
+  PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+  ns	    varchar,
+  name		varchar,
+  perms		set<varchar>, // Use "Key" of "name|type|action"
+  description varchar,
+  PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name  ON role(name);
+ 
+// Will be cached
+CREATE TABLE perm (
+  ns	    varchar,
+  type 		varchar,
+  instance	varchar,
+  action	varchar,
+  roles		set<varchar>, // Need to find Roles given Permissions
+  description varchar,
+  PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+    user		varchar,
+    role		varchar, // deprecated: change to ns/rname after 2.0.11
+    ns			varchar,
+    rname		varchar,
+    expires		timestamp,
+    PRIMARY KEY(user,role)
+  );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+    id    varchar,
+    type  int,
+    expires timestamp,  
+    ns    varchar,
+    other int,
+    notes varchar,
+    cred  blob,
+    prev  blob,
+    PRIMARY KEY (id,type,expires)
+  );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+//   coordinated with CRED type 2
+CREATE TABLE cert (
+    fingerprint blob,
+    id    	varchar,
+    x500	varchar,
+    expires 	timestamp,  
+    PRIMARY KEY (fingerprint)
+  );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+  user text,
+  type int,
+  last timestamp,
+  checksum int,
+  PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+  ca     text,
+  serial blob,
+  id     text,
+  x500   text,
+  x509   text,
+  PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id   ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+// 
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+  mechid        text,
+  machine       text,
+  type          Set<text>,
+  sponsor       text,
+  ca            text,
+  dir           text,
+  appName       text,
+  os_user       text,
+  notify        text,
+  expires	timestamp,
+  renewDays   int,
+  PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine); 
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+   name		varchar,
+   seg		int, 		// cache Segment
+   touched	timestamp,
+   PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+  id			timeuuid,
+  yr_mon		int,
+  user			varchar,
+  action 		varchar,
+  target		varchar,   // user, user_role, 
+  subject		varchar,   // field for searching main portion of target key
+  memo			varchar,   //description of the action
+  reconstruct 	blob,      //serialized form of the target
+  // detail 	Map<varchar, varchar>,  // additional information
+  PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user); 
+CREATE INDEX history_subject ON history(subject); 
+
+// 
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+  id        uuid,  		// uniquify
+  target    varchar,   		// Target Table
+  memo	    varchar,    	// Description
+  start     timestamp, 		// When it should take effect
+  expires   timestamp, 		// When not longer valid
+  construct blob, 		// How to construct this object (like History)
+  PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+  id	    timeuuid,	      // unique Key
+  ticket    uuid,	      // Link to Future Record
+  user 	    varchar,          // the user who needs to be approved
+  approver  varchar, 	      // user approving
+  type      varchar,          // approver types i.e. Supervisor, Owner
+  status    varchar,          // approval status. pending, approved, denied
+  memo      varchar,          // Text for Approval to know what's going on
+  operation varchar,	      // List operation to perform
+  PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE delegate (
+  user      varchar,
+  delegate  varchar,
+  expires   timestamp,
+  PRIMARY KEY (user)  
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+  class text,
+  host text,
+  start timestamp,
+  PRIMARY KEY ((class))
+);
diff --git a/docker_files/data2/identities.dat b/docker_files/data2/identities.dat
new file mode 100755
index 0000000..95eb51d
--- /dev/null
+++ b/docker_files/data2/identities.dat
@@ -0,0 +1,9 @@
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
+m99751|ID of AAF|||||a|bdevl
+m99501|ID of AAF|||||a|bdevl
diff --git a/docker_files/docker-compose.yml b/docker_files/docker-compose.yml
new file mode 100755
index 0000000..e261ada
--- /dev/null
+++ b/docker_files/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '2'
+services:
+  aaf_container:
+    image: attos/aaf
+    ports:
+      - "8101:8101"
+    links:
+      - cassandra_container
+    volumes:
+      - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
+      - ./data2:/data
+      - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh
+    entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"]
+    environment:
+      - CASSANDRA_CLUSTER=cassandra_container
+    
+  cassandra_container:
+    image: cassandra:2.1.16
+    ports:
+      - "7000:7000"
+      - "7001:7001"
+      - "9042:9042"
+      - "9160:9160"
+    volumes:
+      - ./data:/data
+      - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
+    entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"]
diff --git a/docker_files/runaafcli.sh b/docker_files/runaafcli.sh
new file mode 100755
index 0000000..cdc0f8c
--- /dev/null
+++ b/docker_files/runaafcli.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+DIR=`pwd` 
+#DME2REG=$DIR/../dme2reg 
+DME2REG=/opt/dme2reg 
+#CLASSPATH=etc:target/authz-cmd-2.0.15-jar-with-dependencies.jar  
+CLASSPATH=/opt/app/aaf/authz-service/2.0.15/etc:/opt/app/aaf/authz-service/2.0.15/lib/authz-cmd-2.0.15-jar-with-dependencies.jar  
+java -cp $CLASSPATH -Dcadi_prop_files=/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.cmd.AAFcli $*
diff --git a/docker_files/startupaaf.sh b/docker_files/startupaaf.sh
new file mode 100755
index 0000000..bc1f0b2
--- /dev/null
+++ b/docker_files/startupaaf.sh
@@ -0,0 +1,32 @@
+# lji: this startup file shadows the existing extry point startup.sh file of the container
+# because we need to pass in the cassandra cluster location 
+
+LIB=/opt/app/aaf/authz-service/2.0.15/lib
+
+ETC=/opt/app/aaf/authz-service/2.0.15/etc
+DME2REG=/opt/dme2reg
+
+echo "this is LIB" $LIB
+echo "this is ETC" $ETC
+echo "this is DME2REG" $DME2REG
+
+CLASSPATH=$ETC
+for FILE in `find $LIB -name *.jar`; do
+  CLASSPATH=$CLASSPATH:$FILE
+done
+
+FILEPATHS="/opt/app/aaf/common/com.osaaf.common.props /opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props"
+for FILEPATH in $FILEPATHS: 
+do 
+  if [ -e ${FILEPATH} ]; then
+    if [ -z `grep "cassandra.clusters=$CASSANDRA_CLUSTER" $FILEPATH` ]; then 
+      echo "cassandra.clusters=$CASSANDRA_CLUSTER" >> $FILEPATH; 
+    fi
+  fi
+done
+
+
+java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.authz.service.AuthAPI
+
+# keet it running so we can check fs
+while sleep 2; do echo thinking; done
diff --git a/docker_files/wait_for_host_port.sh b/docker_files/wait_for_host_port.sh
new file mode 100755
index 0000000..e4e4bf9
--- /dev/null
+++ b/docker_files/wait_for_host_port.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+host="$1"
+port="$2"
+shift
+shift
+cmd="$@"
+
+until echo > /dev/tcp/${host}/${port} ; do
+  >&2 echo "${host}:${port} is unavailable - sleeping"
+  sleep 1
+done
+
+>&2 echo "${host}:${port} is up - executing command"
+exec $cmd
diff --git a/prep-vm1-aaf.sh b/prep-vm1-aaf.sh
new file mode 100755
index 0000000..09ae53a
--- /dev/null
+++ b/prep-vm1-aaf.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e
+
+# Assuming running this script from a VM that is spun up by Open eCOMP HEAT template.  
+# Hence it has the git and docker registry configurations provided as files under /opt/config 
+
+if [ -e /opt/config/gitlab_repo.txt ]; then
+  export GIT_PATH=`cat cat /opt/config/gitlab_repo.txt`
+fi
+if [ -e /opt/config/gitlab_username.txt ]; then
+  export GIT_USERNAME=`cat /opt/config/gitlab_username.txt`
+fi
+if [ -e /opt/config/gitlab_password.txt ]; then
+  export GIT_PASSWORD=`cat /opt/config/gitlab_password.txt`
+fi
+if [ -e /opt/config/gitlab_branch.txt ]; then
+  export GIT_BRANCH=`cat /opt/config/gitlab_branch.txt`
+else
+  export GIT_BRANCH="master"
+fi
+
+
+
+#https://23.253.149.175/lj1412/dcae-startup-vm-message-router
+
+
+git -c http.sslVerify=false clone -b ${GIT_BRANCH} https://${GIT_USERNAME}:${GIT_PASSWORD}@${GIT_PATH}/dcae-startup-vm-aaf.git
+cd dcae-startup-vm-aaf && ./deploy.sh
+