11 files changed, 116 insertions, 43 deletions

diff --git a/heat/ONAP/cloud-config/aaf_install.sh b/heat/ONAP/cloud-config/aaf_install.sh
index c2389d03..d358364e 100644
--- a/heat/ONAP/cloud-config/aaf_install.sh
+++ b/heat/ONAP/cloud-config/aaf_install.sh
@@ -6,6 +6,7 @@ export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort
 NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
 NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
 NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
+AAF_DOCKER_VERSION=$(cat /opt/config/docker_version.txt)
 HOSTNAME=`hostname -f`
 FQDN=aaf.api.simpledemo.onap.org
 HOST_IP=$(cat /opt/config/local_ip.txt)
@@ -31,15 +32,14 @@ fi
 CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
 CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
  
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_config:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_core:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_cm:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_fs:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_gui:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_hello:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_locate:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_oauth:latest
-docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_service:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_config:$AAF_DOCKER_VERSION
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_cm:$AAF_DOCKER_VERSION
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_fs:$AAF_DOCKER_VERSION
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_gui:$AAF_DOCKER_VERSION
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_hello:$AAF_DOCKER_VERSION
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_locate:$AAF_DOCKER_VERSION
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_oauth:$AAF_DOCKER_VERSION
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_service:$AAF_DOCKER_VERSION
  
 cd $CURRENT_DIR
 /bin/bash ./aaf_vm_init.sh 
diff --git a/heat/ONAP/cloud-config/aaf_vm_init.sh b/heat/ONAP/cloud-config/aaf_vm_init.sh
index 59486e94..f2dd8781 100644
--- a/heat/ONAP/cloud-config/aaf_vm_init.sh
+++ b/heat/ONAP/cloud-config/aaf_vm_init.sh
@@ -2,6 +2,12 @@
 
 CURRENT_DIR=$(pwd)
 
+if [ ! -e /opt/authz/auth/docker/d.props ]; then
+  cp /opt/authz/auth/docker/d.props.init /opt/authz/auth/docker/d.props
+fi
+. /opt/authz/auth/docker/d.props
+
+
 NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
 NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
 if [ -e /opt/authz/auth/docker/d.props ]; then
@@ -19,7 +25,7 @@ fi
 echo $NEXUS_DOCKER_REPO
 HOSTNAME=`hostname -f`
 FQDN=aaf.api.simpledemo.onap.org
-HOST_IP=$(cat /opt/config/local_ip.txt)
+HOST_IP=$(cat /opt/config/public_ip.txt)
 
 cd /opt/authz/auth/auth-cass/docker
 if [ "`docker container ls | grep aaf_cass`" = "" ]; then
@@ -28,12 +34,6 @@ if [ "`docker container ls | grep aaf_cass`" = "" ]; then
   bash ./dinstall.sh
 fi
 
-if [ ! -e /opt/authz/auth/docker/d.props ]; then
-  cp /opt/authz/auth/docker/d.props.init /opt/authz/auth/docker/d.props
-fi
-
-VERSION=$(grep VERSION /opt/authz/auth/docker/d.props)
-VERSION=${VERSION#VERSION=}
 CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
 CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
 if [ ! -e /opt/authz/auth/docker/cass.props ]; then
@@ -42,20 +42,28 @@ fi
 
 sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/cass.props
 # TODO Pull from Config Dir
-CADI_LATITUDE=37.781
-CADI_LONGITUDE=-122.261
+if [ "$LATITUDE" = "" ]; then
+  LATITUDE=37.781
+  LONGITUDE=-122.261
+  sed -i "s/LATITUDE=.*/LATITUDE=$LATITUDE/g" /opt/authz/auth/docker/d.props
+  sed -i "s/LONGITUDE=.*/LONGITUDE=$LONGITUDE/g" /opt/authz/auth/docker/d.props
+fi
 
 sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY=$NEXUS_DOCKER_REPO/g" /opt/authz/auth/docker/d.props
 sed -i "s/VERSION=.*/VERSION=$VERSION/g" /opt/authz/auth/docker/d.props
 sed -i "s/HOSTNAME=.*/HOSTNAME=$HOSTNAME/g" /opt/authz/auth/docker/d.props
 sed -i "s/HOST_IP=.*/HOST_IP=$HOST_IP/g" /opt/authz/auth/docker/d.props
-sed -i "s/LATITUDE=.*/LATITUDE=$CADI_LATITUDE/g" /opt/authz/auth/docker/d.props
-sed -i "s/LONGITUDE=.*/LONGITUDE=$CADI_LONGITUDE/g" /opt/authz/auth/docker/d.props
 
-SIGNER_P12="$CURRENT_DIR/sample_ca/aaf.signer.p12"
-AAF_P12="$CURRENT_DIR/sample_ca/aaf.bootstrap.p12"
+SIGNER_B64="$CURRENT_DIR/config/sample_ca/aaf.signer.b64"
+SIGNER_P12="$CURRENT_DIR/config/sample_ca/aaf.signer.p12"
+AAF_P12="$CURRENT_DIR/config/sample_ca/aaf.bootstrap.p12"
 P12_PASSWORD="something easy"
 
+if [ ! -e "$SIGNER_P12" ]; then
+  mkdir -p "$CURRENT_DIR/config/sample_ca"
+  base64 -d $SIGNER_B64 > $SIGNER_P12
+fi
+
 if [ ! -e "$AAF_P12" ]; then
   mkdir -p $CURRENT_DIR/sample_ca
   cd /opt/authz/conf/CA 
@@ -75,8 +83,8 @@ if [ -e "$AAF_P12" ]; then
 fi
 
 if [ -e "$SIGNER_P12" ]; then
-    if [ -e "/opt/config/cadi_x509_issuers.txt" ]; then
-	    ISSUERS=$(cat "/opt/config/cadi_x509_issuers.txt")":"
+    if [ "$CADI_X509_ISSUERS" != "" ]; then
+	    CADI_X509_ISSUERS="$CADI_X509_ISSUERS:"
     fi
     # Pick the REAL subject off the P12
     SUBJECT=$(echo "$P12_PASSWORD" | openssl pkcs12 -info -clcerts -in $SIGNER_P12 -nokeys -passin stdin | grep subject)
@@ -90,7 +98,7 @@ if [ -e "$SIGNER_P12" ]; then
 	   RSUBJECT="$S, $RSUBJECT"
         fi
     done
-    ISSUERS="$ISSUERS$RSUBJECT"
+    ISSUERS="$CADI_X509_ISSUERS$RSUBJECT"
     sed -i "s/CADI_X509_ISSUERS=.*/CADI_X509_ISSUERS=\"$ISSUERS\"/g" /opt/authz/auth/docker/d.props
     sed -i "s/AAF_SIGNER_P12=.*/AAF_SIGNER_P12=${SIGNER_P12//\//\\/}/g" /opt/authz/auth/docker/d.props
     sed -i "s/AAF_SIGNER_PASSWORD=.*/AAF_SIGNER_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props
diff --git a/heat/ONAP/cloud-config/sample_ca/.gitignore b/heat/ONAP/cloud-config/sample_ca/.gitignore
index 5f8bc015..cabb364e 100644
--- a/heat/ONAP/cloud-config/sample_ca/.gitignore
+++ b/heat/ONAP/cloud-config/sample_ca/.gitignore
@@ -1 +1,2 @@
+aaf.signer.p12
 aaf.bootstrap.p12
diff --git a/heat/ONAP/cloud-config/sample_ca/aaf.signer.b64 b/heat/ONAP/cloud-config/sample_ca/aaf.signer.b64
new file mode 100644
index 00000000..e561a79a
--- /dev/null
+++ b/heat/ONAP/cloud-config/sample_ca/aaf.signer.b64
@@ -0,0 +1,50 @@
+MIILHgIBAzCCCuQGCSqGSIb3DQEHAaCCCtUEggrRMIIKzTCCBU8GCSqGSIb3DQEHBqCCBUAwggU8
+AgEAMIIFNQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIFm99wNswitsCAggAgIIFCL9ry6qG
+pcnYFQfHR0RaQhZswgrJOslFbI69lZcb8kNpnpl+o8BMkB+WYPGd1I3Nvxg9bBcCstyHaGdKcT3H
+9VKukKq1lJ1cJdGyHgMFVAN/wDk63xOb6bLj0PdrMpwOnRGmZwVwzR2Kx+5qYolXTggdJ0vrsu2n
+O68w7jzAKswP2JnSqZzR4kjccRdoBRBzGHwdEo1KJPGWYMabk/Pu1utU3PmPaWYucIJxpPWG8/3S
+8smGPj8KxFLFs7UJZvVuIVFwTWpW1SMR2dfA5d6i/+M3UrskIeRFUHhTE+dEMduZQ7VsriHROsfc
+vmuks3LdhfQpOcF/ZMUqqiHsCuy42tCEYKbvWzayWrr2jsNXTGHgI64wd8RSEHQKJxAUpSORLwIA
+8lK0pwcHl5I4NChkdd4Pb3bpoDaKnlX3T6KoPy61Yu8VUtCtN8xaYA2LGrQJGVEO+3TKiYy27ISq
+cDwDZfqvZC34GUfp7n5eMny0TSIyCKm+jZCpKenvESWmQZiWjL8Psj3KEr9PlAQ+cEslJ3tC0oQ9
+jn7WCc8JR+n0c6EckyFYqMcHIhvbheEwLSF7aQ29I4SmQR6WQJgTRJOBGzEHejmXgUTYaBtjoicj
+4/BctsMrYoe/qgJwSK7kz+GFqxzzINgxYB/vXihHYvwx/PEzoIOH1ONH39d9OfH7TLyUKCB/SMlR
+2dPTwlOgEjunqsS4rhjF0s2Ru/r1WgpJLefIAtAwJqDJ7J0nZFoQyNamC7qIzYlAxcNoqXnysrhE
+PQrMvNa8PFhE1nq+fb06ZFzz/VDqvadYTPuI6CPeGtClZNbIFsgFfkFYUTVdxLns82Fe2lRprIr4
+FJfVGa6IkLxNEgb4TaZQSYyxx0Kb5IXfIzB9Z3h7cWBC529u5T2gs2wEU2HJVVueRiziXdPGc4Lm
+0A0ThDVHQ9NR0ukhjQUfAdxCtUCtODXNr0jNyHlvtCrgAI2xMsdTzfoTCXPAGc8xcm7f6Q81ijRA
+DDCRe3kp+PA2npg5Gaffp6IuMMQBCHPcoNrlWvBOtI4RomwEfcyJWGaSV6fezctzWBvYyMnS/QJo
+C0bPkCiS9awkdc2OBEtN5B7srkJk2p1WsjZGStNbcv/LPpCiko7oOyn3YgZXtTVsQVGypKQYnoTQ
+Lwd0+u5nvx38tfBL8Gd9psZbHz+2nBF3aZ7XDx/OGo45WHinb8t4DVoxBctMNRRbT7CfMVabAIm/
+Blw00NMSy3zzBNMXLJkWzJrbigLRiQUWEabDNxf60OhbTIuQ/4hUTnaYN8/vNaqbfqzN7bj6FEyO
+l8gurmHtHMFVLCl29tmLkKJa1se7m/Zt8fHmzHOla5OTsoZmte+p3NO7v+tTry75c4xobmEweKS0
+bwaMqi/NlZ5Sd64bveJQv67U4qc/b6mCEyhcFrqHfXpTga/3Hh/oScZw60Uf6O0MDVJhjkClVQMd
+8B1eyK8B1m0wNUtdtzGeFj02rIzfNQoZxo5iyMDuLy+d0JUEE0eDDEBYsDtE0t5oaDLe1IgVLYuo
++0r50bqK0NJ5QlNAygerEMuxisiYbRhVB/Fw4LgNNCO3E8YdNFOn09b5inafw0ISRkuqnn4jZC5Q
+E2CDHUOEkdGwSit5uumhqqmJRJjOazNWq0eG0I0soUNQ1GOkbo7H7mqRsHEJ73MGfd3PD09dXdsl
+HNTEZ9+UDa6BxbV4c1purAOpISMUi78tmaBXRdswggV2BgkqhkiG9w0BBwGgggVnBIIFYzCCBV8w
+ggVbBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIUzKuwMkahNMCAggABIIE
+yD3YEvqVSqXcIeZq/mv04CzaG922gC7uaS7DSWkVCqRHQlAXFD5T2FiAON205sPRaoX6/J0d6YQ7
+plrYQgf1uNy0aV+3fF0UNyBvceCWZI1wvDUliTmsWIIDFaKEXBtCyZZEWNldn++PXoeCN0ARFiGD
+TC8BukruKiFnGNWTbnVqnoRLTeuPd24OfhjaZUJJv0U8/4mGguZGLeUxQwzSH9u3kXrF5Dq5rT8d
+PTi4R+fkTlRnINn3p95zkkBvoNANO1v3P6XR4Lzmj6o7+nOMEjQtdAmspefQWirtjnMYQqjihgjY
+cVpY2UCFRO5NRs8ZGwqbWEskrkPqDS27HrIqlCp1Pm24YiH7jztXXm/9wEr7cbqHcGhMYFGUpnZD
+SulX+VXB3mKBqtCkgmXdCWbEy/iDHXdGCcQSZrp8gqSO/Zz4hNl4QB8hmOtF0kj3tAFQMVvqXpCf
+XZQ9F64/AxeMLDPZlTb4v4eWzllwb8lo1cxLT6dD94Galae4Tfx30OdT8n1nnw2el9eNNXTQq+i5
+Tlqu5idJ5+JB4Sk7iQ5B81cEqlOfInke3tkKVzUtH46+oPr6dplR8fqYnBBdttOG6/8fcOttzs54
+RUqny8WKcGwUK2f2T88HwzmsiaRJzkFmzeOXXUy/z4/y1V4qbXBiZ0ADcRCIVkmzLZYBRSK0rm+P
+Fqx3xlwkUBnsr1ebreNiz2UUbFKNsWLfDzsjb0zwenz73SpGcJzE7Rfdyizy7aibn5FAmlM7sgqy
+cwNJ5JaMk88qW+jMD86jZypMVrINNQerNP82+VZmKzaH/XuEslSn4Vpjwlh1vqfGxkXTG4QyN0Jr
+dCyDqOY+gfPr92AjMHgQ6cmSqXRWro6C3v0AGfiTHGxXWQ4w6hH1GtNj+t3yuIeiu4Woqn0IF5Fe
+cP/pgN27UMlrAoNU5racJgUWIENBBiPmQ7wwyEPVcG7quudkTXr52Ob8R153YmRn5OMrzomP4wnA
+BvVlbXn4hiea02tOCP66vZmb3L+S1ZNm/Hw+DBJA7PSDkv8gJTb1YB6EJHHT1ArlQ37KHRth9NA+
+kYz1X0nnSFKU0HeegXnwA6vGHRZTJC4/+VwsEa/Js0T7/Z0kAPifLse+bRH8MrKKJgzm+FwMvZvl
+TvbkYqG2/wsfRmA1Uzvsgfs6vgww5MZnH5875BS7HuHKeGhzkeh42D1vLmzw5Y/es8/3MysQoqc/
+za12D6J0fDT1gLnK2pe/+NgEihLE3YGd1cc4ZHp60++L1vcl34kX60D8xS52zlItIkGDk10H9Bn8
+KtH11EZ+5tcN9o20qDMrLGPGRpwrNK47EipEb7xWrm4j6sK+CT2THxam4mkoPWxQPykzC3Iu/6ma
+f37YGaX/rbDK4X7KPI3UhsciChIoCiQuAd5AT+0jON2c4zS796kZb/cxSSjx4o8DLHaw49TvqnGw
+XN9+5Xf2hZtn86x6kd2WJ+RhtoglPMfZxuzVY4OffwqNBqocahCdGNuOMbFA+s/GA5rOyhtwuT5T
+Gfo8W1hPMW1F18AA0ITRwVNLrrvophWnRMX8r2em0P9C8kWBxB9bu+r7LRxg6pm2dCkrUVq4VK+3
+1qFvB2GJ6rrk5Z4eiXrnuNNUN5cYKdw5A3xNKzFaMCMGCSqGSIb3DQEJFTEWBBQCiRlcVsnA4fcn
+3jYAcvafhe14+jAzBgkqhkiG9w0BCRQxJh4kAGEAYQBmAF8AaQBuAHQAZQByAG0AZQBkAGkAYQB0
+AGUAXwA5MDEwITAJBgUrDgMCGgUABBSfSZRY3B152JG+O3Z9fUP7J9d4JwQIvPsWr/bYXtoCAggA
diff --git a/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12
deleted file mode 100644
index 8de21238..00000000
--- a/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12
+++ /dev/null
diff --git a/heat/ONAP/cloud-config/so_install.sh b/heat/ONAP/cloud-config/so_install.sh
index 3a8f3fc2..36c7c8cb 100644
--- a/heat/ONAP/cloud-config/so_install.sh
+++ b/heat/ONAP/cloud-config/so_install.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Read configuration files
-OPENSTACK_API_KEY=$(cat /opt/config/openstack_api_key.txt)
+#OPENSTACK_API_KEY=$(cat /opt/config/openstack_api_key.txt)
 GERRIT_BRANCH=$(cat /opt/config/gerrit_branch.txt)
 CODE_REPO=$(cat /opt/config/remote_repo.txt)
 HTTP_PROXY=$(cat /opt/config/http_proxy.txt)
@@ -16,7 +16,7 @@ fi
 # Clone Gerrit repository and run docker containers.
 cd /opt
 git clone -b $GERRIT_BRANCH --single-branch $CODE_REPO test_lab
-SO_ENCRYPTION_KEY=$(cat /opt/test_lab/encryption.key)
-echo -n "$OPENSTACK_API_KEY" | openssl aes-128-ecb -e -K $SO_ENCRYPTION_KEY -nosalt | xxd -c 256 -p > /opt/config/api_key.txt
+#SO_ENCRYPTION_KEY=$(cat /opt/test_lab/encryption.key)
+#echo -n "$OPENSTACK_API_KEY" | openssl aes-128-ecb -e -K $SO_ENCRYPTION_KEY -nosalt | xxd -c 256 -p > /opt/config/api_key.txt
 
 ./so_vm_init.sh
diff --git a/heat/ONAP/cloud-config/so_vm_init.sh b/heat/ONAP/cloud-config/so_vm_init.sh
index fb19d1a3..1acf2eb0 100644
--- a/heat/ONAP/cloud-config/so_vm_init.sh
+++ b/heat/ONAP/cloud-config/so_vm_init.sh
@@ -5,7 +5,8 @@ NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
 NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
 DMAAP_TOPIC=$(cat /opt/config/dmaap_topic.txt)
 OPENSTACK_USERNAME=$(cat /opt/config/openstack_username.txt)
-OPENSTACK_APIKEY=$(cat /opt/config/api_key.txt)
+#OPENSTACK_APIKEY=$(cat /opt/config/api_key.txt)
+OPENSTACK_APIKEY=$(cat /opt/config/openstack_api_key.txt)
 export MSO_DOCKER_IMAGE_VERSION=$(cat /opt/config/docker_version.txt)
 export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
 
diff --git a/heat/ONAP/onap_openstack.env b/heat/ONAP/onap_openstack.env
index b9fc2e6c..41c5e2e6 100644
--- a/heat/ONAP/onap_openstack.env
+++ b/heat/ONAP/onap_openstack.env
@@ -44,9 +44,7 @@ parameters:
 
   openstack_username: PUT YOUR OPENSTACK USERNAME HERE
 
-  openstack_api_key: PUT YOUR OPENSTACK PASSWORD HERE
-
-  openstack_auth_method: password
+  openstack_api_key: PUT YOUR ENCRYPTED OPENSTACK PASSWORD HERE
 
   openstack_region: RegionOne
 
@@ -146,8 +144,8 @@ parameters:
   cli_docker: "2.0.2"
   music_docker: "2.5.3"
   cassandra_music_docker: "3.0.0"
-  optf_has_docker: "1.1.1"
-  optf_osdf_docker: "1.1.1"
+  optf_has_docker: "1.2.1"
+  optf_osdf_docker: "1.2.1"
   aaf_docker: "2.1.2-SNAPSHOT"
   sms_docker: "2.0.0"
   nbi_docker: "2.0.0"
diff --git a/heat/ONAP/onap_openstack.yaml b/heat/ONAP/onap_openstack.yaml
index d258d71d..fba9bfb4 100644
--- a/heat/ONAP/onap_openstack.yaml
+++ b/heat/ONAP/onap_openstack.yaml
@@ -3,7 +3,7 @@
 #==================LICENSE_START==========================================
 #
 #
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -121,13 +121,9 @@ parameters:
     type: string
     description: OpenStack username
 
-  openstack_auth_method:
-    type: string
-    description: OpenStack authentication method (password VS. api-key)
-
   openstack_api_key:
     type: string
-    description: OpenStack password or API Key
+    description: Encrypted OpenStack password
 
   keystone_url:
     type: string
@@ -2447,6 +2443,9 @@ resources:
         - path: /opt/aaf_vm_init.sh
           permissions: '0755'
           content: { get_file: cloud-config/aaf_vm_init.sh }
+        - path: /opt/config/sample_ca/aaf.signer.b64
+          permissions: '0600'
+          content: { get_file: cloud-config/sample_ca/aaf.signer.b64 }
         - path: /etc/init.d/serv.sh
           permissions: '0755'
           content:
@@ -2474,6 +2473,7 @@ resources:
               #!/bin/bash
 
               # Create configuration files
+              mkdir -p /opt/config/sample_ca
               echo "__docker_version__" > /opt/config/docker_version.txt
               echo "__aaf_repo__" > /opt/config/remote_repo.txt
               echo "__gerrit_branch__" > /opt/config/gerrit_branch.txt
diff --git a/heat/ONAP/onap_openstack_template.env b/heat/ONAP/onap_openstack_template.env
index af560124..13ed5071 100644
--- a/heat/ONAP/onap_openstack_template.env
+++ b/heat/ONAP/onap_openstack_template.env
@@ -44,9 +44,7 @@ parameters:
 
   openstack_username: PUT YOUR OPENSTACK USERNAME HERE
 
-  openstack_api_key: PUT YOUR OPENSTACK PASSWORD HERE
-
-  openstack_auth_method: password
+  openstack_api_key: PUT YOUR ENCRYPTED OPENSTACK PASSWORD HERE
 
   openstack_region: RegionOne
 
diff --git a/heat/ONAP/openstack_encrypted_key.sh b/heat/ONAP/openstack_encrypted_key.sh
new file mode 100755
index 00000000..20910fa3
--- /dev/null
+++ b/heat/ONAP/openstack_encrypted_key.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+usage () {
+  echo "Usage:"
+  echo "   ./$(basename $0) your_openstack_password"
+  exit 1
+}
+
+if [ "$#" -ne 1 ]; then
+  echo "Wrong number of input parameters"
+  usage
+fi
+
+SO_ENCRYPTION_KEY=aa3871669d893c7fb8abbcda31b88b4f
+OPENSTACK_API_KEY=$1
+
+echo -n "$OPENSTACK_API_KEY" | openssl aes-128-ecb -e -K $SO_ENCRYPTION_KEY -nosalt | xxd -c 256 -p