summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--heat/ONAP/cloud-config/aaf_install.sh489
-rw-r--r--heat/ONAP/cloud-config/aaf_vm_init.sh117
-rw-r--r--heat/ONAP/cloud-config/sample_ca/.gitignore1
-rw-r--r--heat/ONAP/cloud-config/sample_ca/aaf.signer.p12bin0 -> 2850 bytes
4 files changed, 125 insertions, 482 deletions
diff --git a/heat/ONAP/cloud-config/aaf_install.sh b/heat/ONAP/cloud-config/aaf_install.sh
index 61f23daa..c2389d03 100644
--- a/heat/ONAP/cloud-config/aaf_install.sh
+++ b/heat/ONAP/cloud-config/aaf_install.sh
@@ -1,453 +1,46 @@
#!/bin/bash
-
-# Read configuration files
-GERRIT_BRANCH=$(cat /opt/config/gerrit_branch.txt)
-CODE_REPO=$(cat /opt/config/remote_repo.txt)
-HTTP_PROXY=$(cat /opt/config/http_proxy.txt)
-HTTPS_PROXY=$(cat /opt/config/https_proxy.txt)
-
-if [ $HTTP_PROXY != "no_proxy" ]
-then
- export http_proxy=$HTTP_PROXY
- export https_proxy=$HTTPS_PROXY
+
+CURRENT_DIR=$(pwd)
+export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
+
+NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
+NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
+NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
+HOSTNAME=`hostname -f`
+FQDN=aaf.api.simpledemo.onap.org
+HOST_IP=$(cat /opt/config/local_ip.txt)
+
+echo "$NEXUS_PASSWD" | docker login -u $NEXUS_USERNAME --password-stdin $NEXUS_DOCKER_REPO
+
+if [ -e "/opt/authz" ]; then
+ cd /opt/authz
+ git pull
+else
+ cd /opt
+ git clone https://gerrit.onap.org/r/aaf/authz
+ cd authz
fi
-
-# Download dependencies
-echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
-echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
-apt-get update
-apt-get install --allow-unauthenticated -y openjdk-8-jdk maven
-
-# Clone Gerrit repository and run docker containers
-cd /opt
-git clone -b $GERRIT_BRANCH --single-branch $CODE_REPO
-chmod +x /opt/authz/auth/auth-cass/docker/dinstall.sh
-chmod +x /opt/authz/auth/auth-cass/docker/backup/backup.sh
-chmod +x /opt/authz/auth/docker/dbuild.sh
-chmod +x /opt/authz/auth/docker/drun.sh
-chmod +x /opt/authz/auth/docker/dstart.sh
-chmod +x /opt/authz/auth/docker/dstop.sh
-
-#Update maven settings
-cat > /usr/share/maven/conf/settings.xml << EOF
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<!--
- | This is the configuration file for Maven. It can be specified at two levels:
- |
- | 1. User Level. This settings.xml file provides configuration for a single user,
-| and is normally provided in \${user.home}/.m2/settings.xml.
- |
- | NOTE: This location can be overridden with the CLI option:
- |
- | -s /path/to/user/settings.xml
- |
- | 2. Global Level. This settings.xml file provides configuration for all Maven
- | users on a machine (assuming they're all using the same Maven
- | installation). It's normally provided in
-| \${maven.home}/conf/settings.xml.
- |
- | NOTE: This location can be overridden with the CLI option:
- |
- | -gs /path/to/global/settings.xml
- |
- | The sections in this sample file are intended to give you a running start at
- | getting the most out of your Maven installation. Where appropriate, the default
- | values (values used when the setting is not specified) are provided.
- |
- |-->
-<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
- <!-- localRepository
- | The path to the local repository maven will use to store artifacts.
- |
-| Default: \${user.home}/.m2/repository
- <localRepository>/path/to/local/repo</localRepository>
- -->
-
- <!-- interactiveMode
- | This will determine whether maven prompts you when it needs input. If set to false,
- | maven will use a sensible default value, perhaps based on some other setting, for
- | the parameter in question.
- |
- | Default: true
- <interactiveMode>true</interactiveMode>
- -->
-
- <!-- offline
- | Determines whether maven should attempt to connect to the network when executing a build.
- | This will have an effect on artifact downloads, artifact deployment, and others.
- |
- | Default: false
- <offline>false</offline>
- -->
-
- <!-- pluginGroups
- | This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
- | when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
- | "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
- |-->
- <pluginGroups>
- <!-- pluginGroup
- | Specifies a further group identifier to use for plugin lookup.
- <pluginGroup>com.your.plugins</pluginGroup>
- -->
- </pluginGroups>
-
-EOF
-
-if [[ $(cat /opt/config/https_proxy.txt) != "no_proxy" ]]; then
- HTTPS_PROXY_HOST=$(cat /opt/config/https_proxy.txt | cut -d ':' -f1)
- HTTPS_PROXY_PORT=$(cat /opt/config/https_proxy.txt | cut -d ':' -f2)
-
- cat >> settings.xml << EOF
- <!-- proxies
- | This is a list of proxies which can be used on this machine to connect to the network.
- | Unless otherwise specified (by system property or command-line switch), the first proxy
- | specification in this list marked as active will be used.
- |-->
- <proxies>
- <proxy>
- <id>optional</id>
- <active>true</active>
- <protocol>http</protocol>
- <username>proxyuser</username>
- <password>proxypass</password>
- <host>$HTTPS_PROXY_HOST</host>
- <port>$HTTPS_PROXY_PORT</port>
- <nonProxyHosts>local.net|some.host.com</nonProxyHosts>
- </proxy>
- <proxy>
- <id>optional</id>
- <active>true</active>
- <protocol>https</protocol>
- <username>proxyuser</username>
- <password>proxypass</password>
- <host>$HTTPS_PROXY_HOST</host>
- <port>$HTTPS_PROXY_PORT</port>
- <nonProxyHosts>local.net|some.host.com</nonProxyHosts>
- </proxy>
- </proxies>
-
-EOF
+cd /opt/authz/auth/auth-cass/docker
+if [ "`docker container ls | grep aaf_cass`" = "" ]; then
+ # Cassandra Install
+ echo Phase 1 Cassandra Install
+ /bin/bash ./dinstall.sh
fi
+
+CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
+CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
+
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_config:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_core:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_cm:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_fs:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_gui:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_hello:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_locate:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_oauth:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_service:latest
+
+cd $CURRENT_DIR
+/bin/bash ./aaf_vm_init.sh
-cat >> settings.xml << EOF
-
- <!-- servers
- | This is a list of authentication profiles, keyed by the server-id used within the system.
- | Authentication profiles can be used whenever maven must make a connection to a remote server.
- |-->
- <servers>
- <!-- server
- | Specifies the authentication information to use when connecting to a particular server, identified by
- | a unique name within the system (referred to by the 'id' attribute below).
- |
- | NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
- | used together.
- |
- <server>
- <id>deploymentRepo</id>
- <username>repouser</username>
- <password>repopwd</password>
- </server>
- -->
-
- <!-- Another sample, using keys to authenticate.
- <server>
- <id>siteServer</id>
- <privateKey>/path/to/private/key</privateKey>
- <passphrase>optional; leave empty if not used.</passphrase>
- </server>
- -->
- </servers>
-
- <!-- mirrors
- | This is a list of mirrors to be used in downloading artifacts from remote repositories.
- |
- | It works like this: a POM may declare a repository to use in resolving certain artifacts.
- | However, this repository may have problems with heavy traffic at times, so people have mirrored
- | it to several places.
- |
- | That repository definition will have a unique id, so we can create a mirror reference for that
- | repository, to be used as an alternate download site. The mirror site will be the preferred
- | server for that repository.
- |-->
-
- <!-- profiles
- | This is a list of profiles which can be activated in a variety of ways, and which can modify
- | the build process. Profiles provided in the settings.xml are intended to provide local machine-
- | specific paths and repository locations which allow the build to work in the local environment.
- |
- | For example, if you have an integration testing plugin - like cactus - that needs to know where
- | your Tomcat instance is installed, you can provide a variable here such that the variable is
- | dereferenced during the build process to configure the cactus plugin.
- |
- | As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
- | section of this document (settings.xml) - will be discussed later. Another way essentially
- | relies on the detection of a system property, either matching a particular value for the property,
- | or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
- | value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
- | Finally, the list of active profiles can be specified directly from the command line.
- |
- | NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
- | repositories, plugin repositories, and free-form properties to be used as configuration
- | variables for plugins in the POM.
- |
- |-->
-
-
-
-
-
- <profiles>
- <profile>
-
- <id>10_nexus</id>
- <!--Enable snapshots for the built in central repo to direct -->
- <!--all requests to nexus via the mirror -->
- <repositories>
- <repository>
- <id>10_nexus</id>
- <url>http://repo.maven.apache.org/maven2/</url>
- <releases><enabled>true</enabled></releases>
- <snapshots><enabled>true</enabled></snapshots>
- </repository>
- </repositories>
-
- <pluginRepositories>
- <pluginRepository>
- <id>10_nexus</id>
- <url>http://repo.maven.apache.org/maven2/</url>
- <releases><enabled>true</enabled></releases>
- <snapshots><enabled>true</enabled></snapshots>
- </pluginRepository>
- </pluginRepositories>
-
- </profile>
- <profile>
- <id>20_openecomp-public</id>
- <repositories>
- <repository>
- <id>20_openecomp-public</id>
- <name>20_openecomp-public</name>
- <url>https://nexus.onap.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>20_openecomp-public</id>
- <name>20_openecomp-public</name>
- <url>https://nexus.onap.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- <profile>
- <id>30_openecomp-staging</id>
- <repositories>
- <repository>
- <id>30_openecomp-staging</id>
- <name>30_openecomp-staging</name>
- <url>https://nexus.onap.org/content/repositories/staging/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>30_openecomp-staging</id>
- <name>30_openecomp-staging</name>
- <url>https://nexus.onap.org/content/repositories/staging/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- <profile>
- <id>40_openecomp-release</id>
- <repositories>
- <repository>
- <id>40_openecomp-release</id>
- <name>40_openecomp-release</name>
- <url>https://nexus.onap.org/content/repositories/releases/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>40_openecomp-release</id>
- <name>40_openecomp-release</name>
- <url>https://nexus.onap.org/content/repositories/releases/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
-
- <profile>
- <id>50_openecomp-snapshots</id>
- <repositories>
- <repository>
- <id>50_openecomp-snapshot</id>
- <name>50_openecomp-snapshot</name>
- <url>https://nexus.onap.org/content/repositories/snapshots/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>50_openecomp-snapshot</id>
- <name>50_openecomp-snapshot</name>
- <url>https://nexus.onap.org/content/repositories/snapshots/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- <profile>
- <id>60_opendaylight-release</id>
- <repositories>
- <repository>
- <id>60_opendaylight-mirror</id>
- <name>60_opendaylight-mirror</name>
- <url>https://nexus.opendaylight.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>60_opendaylight-mirror</id>
- <name>60_opendaylight-mirror</name>
- <url>https://nexus.opendaylight.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
-
- <profile>
- <id>70_opendaylight-snapshots</id>
- <repositories>
- <repository>
- <id>70_opendaylight-snapshot</id>
- <name>70_opendaylight-snapshot</name>
- <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>70_opendaylight-snapshot</id>
- <name>70_opendaylight-snapshot</name>
- <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- </profiles>
-
- <activeProfiles>
- <activeProfile>10_nexus</activeProfile>
- <activeProfile>20_openecomp-public</activeProfile>
- <activeProfile>30_openecomp-staging</activeProfile>
- <activeProfile>40_openecomp-release</activeProfile>
- <activeProfile>50_openecomp-snapshots</activeProfile>
- <activeProfile>60_opendaylight-release</activeProfile>
- <activeProfile>70_opendaylight-snapshots</activeProfile>
-
- </activeProfiles>
-
-</settings>
-EOF
-
-cd /opt/authz
-mvn install -Dmaven.test.skip=true
-
-cd /opt
-./aaf_vm_init.sh
diff --git a/heat/ONAP/cloud-config/aaf_vm_init.sh b/heat/ONAP/cloud-config/aaf_vm_init.sh
index a388bf2f..59486e94 100644
--- a/heat/ONAP/cloud-config/aaf_vm_init.sh
+++ b/heat/ONAP/cloud-config/aaf_vm_init.sh
@@ -1,55 +1,104 @@
#!/bin/bash
+CURRENT_DIR=$(pwd)
+
NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
-NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
-DOCKER_IMAGE_VERSION=$(cat /opt/config/docker_version.txt)
-HOSTNAME=`hostname`
-FQDN=aaf.api.simpledemo.onap.org
-HOST_IP=$(cat /opt/config/local_ip.txt)
-
-docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWD $NEXUS_DOCKER_REPO
+if [ -e /opt/authz/auth/docker/d.props ]; then
+ NEXUS_DOCKER_REPO=`grep "DOCKER_REPOSITORY=" /opt/authz/auth/docker/d.props`
+else
+ NEXUS_DOCKER_REPO="DOCKER_REPOSITORY="
+fi
-cd /opt/authz
-git pull
+if [ "$NEXUS_DOCKER_REPO" = "DOCKER_REPOSITORY=" ]; then
+ NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
+else
+ NEXUS_DOCKER_REPO=${NEXUS_DOCKER_REPO#DOCKER_REPOSITORY=}
+fi
+echo $NEXUS_DOCKER_REPO
+HOSTNAME=`hostname -f`
+FQDN=aaf.api.simpledemo.onap.org
+HOST_IP=$(cat /opt/config/local_ip.txt)
cd /opt/authz/auth/auth-cass/docker
if [ "`docker container ls | grep aaf_cass`" = "" ]; then
# Cassandra Install
echo Phase 1 Cassandra Install
- ./dinstall.sh
+ bash ./dinstall.sh
fi
+if [ ! -e /opt/authz/auth/docker/d.props ]; then
+ cp /opt/authz/auth/docker/d.props.init /opt/authz/auth/docker/d.props
+fi
+
+VERSION=$(grep VERSION /opt/authz/auth/docker/d.props)
+VERSION=${VERSION#VERSION=}
CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
-
-sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY="$NEXUS_DOCKER_REPO"/g" /opt/authz/auth/docker/d.props
-#sed -i "s/VERSION=.*/VERSION="$DOCKER_IMAGE_VERSION"/g" /opt/authz/auth/docker/d.props
-sed -i "s/HOSTNAME=.*/HOSTNAME="$HOSTNAME"/g" /opt/authz/auth/docker/d.props
-sed -i "s/HOST_IP=.*/HOST_IP="$HOST_IP"/g" /opt/authz/auth/docker/d.props
-sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/d.props
-
-if [ ! -e "/opt/app/osaaf/etc" ]; then
- # Nothing installed, install sample
- mkdir -p /opt/app/osaaf/logs
- cd /opt/app/osaaf/logs
- mkdir fs cm gui hello locate oauth service
- cd /opt
- cp -Rf /opt/authz/auth/sample/* /opt/app/osaaf
+if [ ! -e /opt/authz/auth/docker/cass.props ]; then
+ cp /opt/authz/auth/docker/cass.props.init /opt/authz/auth/docker/cass.props
fi
-# Set Location information
-# Need new Deployment system properties
+
+sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/cass.props
+# TODO Pull from Config Dir
CADI_LATITUDE=37.781
CADI_LONGITUDE=-122.261
-CADI_TRUST_MASKS="${HOST_IP%\.[0-9]*}\\/24,${CASS_IP%\.[0-9]*}\\/24"
-sed -i "s/cadi_latitude=.*/cadi_latitude="$CADI_LATITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_longitude=.*/cadi_longitude="$CADI_LONGITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_registration_hostname=.*/cadi_registration_hostname="$FQDN"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_trust_masks=.*/cadi_trust_masks="$CADI_TRUST_MASKS"/g" /opt/app/osaaf/local/org.osaaf.location.props
+sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY=$NEXUS_DOCKER_REPO/g" /opt/authz/auth/docker/d.props
+sed -i "s/VERSION=.*/VERSION=$VERSION/g" /opt/authz/auth/docker/d.props
+sed -i "s/HOSTNAME=.*/HOSTNAME=$HOSTNAME/g" /opt/authz/auth/docker/d.props
+sed -i "s/HOST_IP=.*/HOST_IP=$HOST_IP/g" /opt/authz/auth/docker/d.props
+sed -i "s/LATITUDE=.*/LATITUDE=$CADI_LATITUDE/g" /opt/authz/auth/docker/d.props
+sed -i "s/LONGITUDE=.*/LONGITUDE=$CADI_LONGITUDE/g" /opt/authz/auth/docker/d.props
+
+SIGNER_P12="$CURRENT_DIR/sample_ca/aaf.signer.p12"
+AAF_P12="$CURRENT_DIR/sample_ca/aaf.bootstrap.p12"
+P12_PASSWORD="something easy"
+
+if [ ! -e "$AAF_P12" ]; then
+ mkdir -p $CURRENT_DIR/sample_ca
+ cd /opt/authz/conf/CA
+ /bin/bash bootstrap.sh $SIGNER_P12 "$P12_PASSWORD"
+ if [ ! -e "aaf.bootstrap.p12" ]; then
+ echo "Certificates NOT created. Stopping installation"
+ exit
+ else
+ mv aaf.bootstrap.p12 $AAF_P12
+ fi
+ cd -
+fi
+
+if [ -e "$AAF_P12" ]; then
+ sed -i "s/AAF_INITIAL_X509_P12=.*/AAF_INITIAL_X509_P12=${AAF_P12//\//\\/}/g" /opt/authz/auth/docker/d.props
+ sed -i "s/AAF_INITIAL_X509_PASSWORD=.*/AAF_INITIAL_X509_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props
+fi
+
+if [ -e "$SIGNER_P12" ]; then
+ if [ -e "/opt/config/cadi_x509_issuers.txt" ]; then
+ ISSUERS=$(cat "/opt/config/cadi_x509_issuers.txt")":"
+ fi
+ # Pick the REAL subject off the P12
+ SUBJECT=$(echo "$P12_PASSWORD" | openssl pkcs12 -info -clcerts -in $SIGNER_P12 -nokeys -passin stdin | grep subject)
+ SUBJECT=${SUBJECT//\// }
+ SUBJECT=${SUBJECT/subject= /}
+ # Needs to be reversed, separated by ", "
+ for S in $SUBJECT ; do
+ if [ "$RSUBJECT" = "" ]; then
+ RSUBJECT=$S
+ else
+ RSUBJECT="$S, $RSUBJECT"
+ fi
+ done
+ ISSUERS="$ISSUERS$RSUBJECT"
+ sed -i "s/CADI_X509_ISSUERS=.*/CADI_X509_ISSUERS=\"$ISSUERS\"/g" /opt/authz/auth/docker/d.props
+ sed -i "s/AAF_SIGNER_P12=.*/AAF_SIGNER_P12=${SIGNER_P12//\//\\/}/g" /opt/authz/auth/docker/d.props
+ sed -i "s/AAF_SIGNER_PASSWORD=.*/AAF_SIGNER_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props
+fi
cd /opt/authz/auth/docker
-./dbuild.sh
-sleep 5
-./drun.sh
+# Need new Deployment system properties
+bash ./aaf.sh
+
+# run it
+bash ./drun.sh
diff --git a/heat/ONAP/cloud-config/sample_ca/.gitignore b/heat/ONAP/cloud-config/sample_ca/.gitignore
new file mode 100644
index 00000000..5f8bc015
--- /dev/null
+++ b/heat/ONAP/cloud-config/sample_ca/.gitignore
@@ -0,0 +1 @@
+aaf.bootstrap.p12
diff --git a/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12
new file mode 100644
index 00000000..8de21238
--- /dev/null
+++ b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12
Binary files differ