summaryrefslogtreecommitdiffstats
path: root/installation
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2019-04-04 13:19:10 +0000
committerGerrit Code Review <gerrit@onap.org>2019-04-04 13:19:10 +0000
commitb50f3b91a0f24bc9468825c7ffbd0ea8c2630868 (patch)
tree80f7b948970ad7de54c0295474a67fd48261d22d /installation
parent75a5dadbe6b4eb6e6838341dffdd2c272b65b35c (diff)
parent52a9e3fd6c17ae3c0faa4d190894e148fcb61598 (diff)
Merge "add aafshiro feature config files"
Former-commit-id: 8495f9a3c6060699a915c9afc38f503620f911d9
Diffstat (limited to 'installation')
-rw-r--r--installation/sdnc/pom.xml134
-rwxr-xr-xinstallation/sdnc/src/main/docker/Dockerfile20
-rwxr-xr-xinstallation/sdnc/src/main/docker/standalone.Dockerfile42
-rwxr-xr-xinstallation/sdnc/src/main/resources/AAF_RootCA.cer31
-rw-r--r--installation/sdnc/src/main/resources/aaa-app-config.xml320
-rw-r--r--installation/src/main/properties/bath_config.csv1
-rw-r--r--installation/src/main/properties/org.onap.sdnc.cred.props16
-rw-r--r--installation/src/main/properties/org.onap.sdnc.props15
-rw-r--r--installation/src/main/stores/org.onap.sdnc.keyfile27
-rw-r--r--installation/src/main/stores/org.onap.sdnc.p12bin0 -> 4263 bytes
-rw-r--r--installation/src/main/stores/org.onap.sdnc.trust.jksbin0 -> 1413 bytes
-rw-r--r--installation/src/main/yaml/docker-compose.yml2
12 files changed, 533 insertions, 75 deletions
diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml
index 4f59aaa9..d187ddcf 100644
--- a/installation/sdnc/pom.xml
+++ b/installation/sdnc/pom.xml
@@ -17,7 +17,8 @@
<description>Creates SDN Controller Docker container</description>
<properties>
- <image.name>onap/sdnc-image</image.name>
+ <image.name>onap/sdnc-aaf-image</image.name>
+ <standalone.image.name>onap/sdnc-image</standalone.image.name>
<sdnc.project.version>${project.version}</sdnc.project.version>
<sdnc.build.timestamp>${maven.build.timestamp}</sdnc.build.timestamp>
<sdnc.northbound.version>1.5.1-SNAPSHOT</sdnc.northbound.version>
@@ -84,23 +85,6 @@
<artifactId>docker-maven-plugin</artifactId>
<version>0.28.0</version>
<inherited>false</inherited>
- <configuration>
- <images>
- <image>
- <name>${image.name}</name>
- <build>
- <cleanup>try</cleanup>
- <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
- <dockerFile>Dockerfile</dockerFile>
- <tags>
- <tag>${project.docker.latestminortag.version}</tag>
- <tag>${project.docker.latestfulltag.version}</tag>
- <tag>${project.docker.latesttagtimestamp.version}</tag>
- </tags>
- </build>
- </image>
- </images>
- </configuration>
<executions>
<execution>
<id>generate-images</id>
@@ -108,21 +92,100 @@
<goals>
<goal>build</goal>
</goals>
+ <configuration>
+ <images>
+ <image>
+ <name>${image.name}</name>
+ <build>
+ <cleanup>try</cleanup>
+ <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+ <dockerFile>Dockerfile</dockerFile>
+ <tags>
+ <tag>${project.docker.latestminortag.version}</tag>
+ <tag>${project.docker.latestfulltag.version}</tag>
+ <tag>${project.docker.latesttagtimestamp.version}</tag>
+ </tags>
+ </build>
+ </image>
+ </images>
+ </configuration>
</execution>
-
<execution>
- <id>push-images</id>
- <phase>${docker.push.phase}</phase>
- <goals>
- <goal>build</goal>
- <goal>push</goal>
- </goals>
- </execution>
+ <id>push-images</id>
+ <phase>${docker.push.phase}</phase>
+ <goals>
+ <goal>build</goal>
+ <goal>push</goal>
+ </goals>
+ <configuration>
+ <images>
+ <image>
+ <name>${image.name}</name>
+ <build>
+ <cleanup>try</cleanup>
+ <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+ <dockerFile>Dockerfile</dockerFile>
+ <tags>
+ <tag>${project.docker.latestminortag.version}</tag>
+ <tag>${project.docker.latestfulltag.version}</tag>
+ <tag>${project.docker.latesttagtimestamp.version}</tag>
+ </tags>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-standalone-images</id>
+ <phase>package</phase>
+ <goals>
+ <goal>build</goal>
+ </goals>
+ <configuration>
+ <images>
+ <image>
+ <name>${standalone.image.name}</name>
+ <build>
+ <cleanup>try</cleanup>
+ <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+ <dockerFile>standalone.Dockerfile</dockerFile>
+ <tags>
+ <tag>${project.docker.latestminortag.version}</tag>
+ <tag>${project.docker.latestfulltag.version}</tag>
+ <tag>${project.docker.latesttagtimestamp.version}</tag>
+ </tags>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ </execution>
+ <execution>
+ <id>push-standalone-images</id>
+ <phase>${docker.push.phase}</phase>
+ <goals>
+ <goal>build</goal>
+ <goal>push</goal>
+ </goals>
+ <configuration>
+ <images>
+ <image>
+ <name>${standalone.image.name}</name>
+ <build>
+ <cleanup>try</cleanup>
+ <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir>
+ <dockerFile>standalone.Dockerfile</dockerFile>
+ <tags>
+ <tag>${project.docker.latestminortag.version}</tag>
+ <tag>${project.docker.latestfulltag.version}</tag>
+ <tag>${project.docker.latesttagtimestamp.version}</tag>
+ </tags>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ </execution>
</executions>
</plugin>
-
-
-
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.6</version>
@@ -140,6 +203,7 @@
<directory>src/main/docker</directory>
<includes>
<include>Dockerfile</include>
+ <include>standalone.Dockerfile</include>
</includes>
<filtering>true</filtering>
</resource>
@@ -157,8 +221,8 @@
<resources>
<resource>
<directory>src/main/scripts</directory>
- <includes>
- <include>*.py</include>
+ <includes>
+ <include>*.py</include>
<include>*.sh</include>
</includes>
<filtering>false</filtering>
@@ -179,8 +243,8 @@
<directory>src/main/resources</directory>
<includes>
<include>idmlight.db.mv.db</include>
- <include>AAF_RootCA.cer</include>
<include>truststoreONAPall.jks</include>
+ <include>aaa-app-config.xml</include>
</includes>
<filtering>false</filtering>
</resource>
@@ -219,6 +283,8 @@
<directory>../src/main/properties</directory>
<includes>
<include>*.properties</include>
+ <include>*.props</include>
+ <include>*.csv</include>
</includes>
<filtering>false</filtering>
</resource>
@@ -238,6 +304,8 @@
<directory>../src/main/stores</directory>
<includes>
<include>*.jks</include>
+ <include>*.keyfile</include>
+ <include>*.p12</include>
</includes>
<filtering>false</filtering>
</resource>
@@ -305,7 +373,6 @@
<groupId>org.codehaus.mojo</groupId>
<version>1.5.0</version>
<executions>
-
<execution>
<id>change shell permissions</id>
<phase>process-sources</phase>
@@ -329,7 +396,6 @@
</executions>
</plugin>
</plugins>
-
</build>
<organization>
<name>ONAP</name>
diff --git a/installation/sdnc/src/main/docker/Dockerfile b/installation/sdnc/src/main/docker/Dockerfile
index d8ab5c39..315d023a 100755
--- a/installation/sdnc/src/main/docker/Dockerfile
+++ b/installation/sdnc/src/main/docker/Dockerfile
@@ -12,18 +12,8 @@ ENV SSL_CERTS_DIR /etc/ssl/certs
ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features
-
USER root
-
-# imstall ssl and java certificates
-COPY AAF_RootCA.cer $SSL_CERTS_DIR
-COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
-COPY AAF_RootCA.cer $SDNC_STORE_DIR
-COPY truststoreONAPall.jks $SDNC_STORE_DIR
-
-RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit
-
# copy onap
COPY opt /opt
RUN test -L /opt/sdnc || ln -s /opt/onap/sdnc /opt/sdnc
@@ -39,6 +29,16 @@ RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|" $ODL_HOME/
RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-northbound-all|" $ODL_HOME/etc/org.apache.karaf.features.cfg
RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-topology/g" $ODL_HOME/etc/org.apache.karaf.features.cfg
+# install AAF configs
+COPY aaa-app-config.xml $ODL_HOME/etc/opendaylight/datastore/initial/config/
+RUN echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+
+# install ssl and java certificates
+COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
+COPY truststoreONAPall.jks $SDNC_STORE_DIR
+
+RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit
+
RUN chown -R odl /opt
USER odl
diff --git a/installation/sdnc/src/main/docker/standalone.Dockerfile b/installation/sdnc/src/main/docker/standalone.Dockerfile
new file mode 100755
index 00000000..f271ca01
--- /dev/null
+++ b/installation/sdnc/src/main/docker/standalone.Dockerfile
@@ -0,0 +1,42 @@
+# Base ubuntu with added packages needed for open ecomp
+FROM onap/ccsdk-odlsli-alpine-image:${ccsdk.docker.version}
+
+MAINTAINER SDN-C Team (sdnc@lists.onap.org)
+
+#ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
+ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
+ENV ODL_HOME /opt/opendaylight
+ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
+ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores
+ENV SSL_CERTS_DIR /etc/ssl/certs
+ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
+ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features
+
+USER root
+
+# copy onap
+COPY opt /opt
+RUN test -L /opt/sdnc || ln -s /opt/onap/sdnc /opt/sdnc
+RUN mkdir /opt/opendaylight/current/certs
+
+# copy SDNC mvn artifacts to ODL repository
+COPY system /tmp/system
+RUN rsync -a /tmp/system $ODL_HOME && rm -rf /tmp/system
+
+# Add SDNC repositories to boot repositories
+RUN cp $ODL_HOME/etc/org.apache.karaf.features.cfg $ODL_HOME/etc/org.apache.karaf.features.cfg.orig
+RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|" $ODL_HOME/etc/org.apache.karaf.features.cfg
+RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-northbound-all|" $ODL_HOME/etc/org.apache.karaf.features.cfg
+RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-connector-all,odl-netconf-clustered-topology/g" $ODL_HOME/etc/org.apache.karaf.features.cfg
+
+# install ssl and java certificates
+COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
+COPY truststoreONAPall.jks $SDNC_STORE_DIR
+
+RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit
+
+RUN chown -R odl /opt
+USER odl
+
+ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh
+EXPOSE 8181
diff --git a/installation/sdnc/src/main/resources/AAF_RootCA.cer b/installation/sdnc/src/main/resources/AAF_RootCA.cer
deleted file mode 100755
index e9a50d7e..00000000
--- a/installation/sdnc/src/main/resources/AAF_RootCA.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/installation/sdnc/src/main/resources/aaa-app-config.xml b/installation/sdnc/src/main/resources/aaa-app-config.xml
new file mode 100644
index 00000000..86e66674
--- /dev/null
+++ b/installation/sdnc/src/main/resources/aaa-app-config.xml
@@ -0,0 +1,320 @@
+<?xml version="1.0" ?>
+<!--
+ Copyright (c) 2017 Inocybe Technologies and others. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+
+<!--
+ ///////////////////////////////////////////////////////////////////////////////////////
+ // clustered-app-config instance responsible for AAA configuration. In the future, //
+ // this will contain all AAA related configuration. //
+ ///////////////////////////////////////////////////////////////////////////////////////
+-->
+
+<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+
+ <!--
+ ///////////////////////////////////////////////////////////////////////////////////
+ // shiro-configuration is the model based container that contains all shiro //
+ // related information used in ODL AAA configuration. It is the sole pain of //
+ // glass for shiro related configuration, and is how to configure shiro concepts //
+ // such as: //
+ // * realms //
+ // * urls //
+ // * security manager settings //
+ // //
+ // In general, you really shouldn't muck with the settings in this file. The //
+ // way an operator should configure AAA shiro settings is through one of ODL's //
+ // northbound interfaces (i.e., RESTCONF or NETCONF). These are just the //
+ // defaults if no values are specified in MD-SAL. The reason this file is so //
+ // verbose is for two reasons: //
+ // 1) to demonstrate payload examples for plausible configuration scenarios //
+ // 2) to allow bootstrap of the controller (first time start) since otherwise //
+ // configuration becomes a chicken and the egg problem. //
+ // //
+ ///////////////////////////////////////////////////////////////////////////////////
+ -->
+
+ <!--
+ ===================================================================================
+ = =
+ = =
+ = MAIN =
+ = =
+ = =
+ ===================================================================================
+ -->
+
+ <!--
+ ===================================================================================
+ ============================ ODLJndiLdapRealmAuthNOnly ============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external LDAP =
+ = server for authentication only. For authorization support, refer =
+ = to ODLJndiLdapRealm. =
+ ===================================================================================
+ -->
+ <!-- Start ldapRealm commented out
+ <main>
+ <pair-key>ldapRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.userDnTemplate</pair-key>
+ <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.contextFactory.url</pair-key>
+ <pair-value>ldap://&lt;URL&gt;:389</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.searchBase</pair-key>
+ <pair-value>dc=DOMAIN,dc=TLD</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.groupRolesMap</pair-key>
+ <pair-value>&quot;person&quot;:&quot;admin&quot;, &quot;organizationalPerson&quot;:&quot;user&quot;</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.ldapAttributeForComparison</pair-key>
+ <pair-value>objectClass</pair-value>
+ </main>
+ End ldapRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ============================= ODLActiveDirectoryRealm =============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external AD =
+ = IDP server. =
+ ===================================================================================
+ -->
+ <!-- Start adRealm commented out
+ <main>
+ <pair-key>adRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.searchBase</pair-key>
+ <pair-value>&quot;CN=Users,DC=example,DC=com&quot;</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.systemUsername</pair-key>
+ <pair-value>aduser@example.com</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.systemPassword</pair-key>
+ <pair-value>adpassword</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.url</pair-key>
+ <pair-value>ldaps://adserver:636</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.groupRolesMap</pair-key>
+ <pair-value>&quot;CN=sysadmin,CN=Users,DC=example,DC=com&quot;:&quot;admin&quot;, &quot;CN=unprivileged,CN=Users,DC=example,DC=com&quot;:&quot;user&quot;</pair-value>
+ </main>
+ End adRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================== ODLJdbcRealm ===================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external JDBC =
+ = DBMS. =
+ ===================================================================================
+ -->
+ <!-- Start jdbcRealm commented out
+ <main>
+ <pair-key>ds</pair-key>
+ <pair-value>com.mysql.jdbc.Driver</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.serverName</pair-key>
+ <pair-value>localhost</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.user</pair-key>
+ <pair-value>user</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.password</pair-key>
+ <pair-value>password</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.databaseName</pair-key>
+ <pair-value>db_name</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm</pair-key>
+ <pair-value>ODLJdbcRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.dataSource</pair-key>
+ <pair-value>$ds</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.authenticationQuery</pair-key>
+ <pair-value>&quot;SELECT password FROM users WHERE user_name = ?&quot;</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.userRolesQuery</pair-key>
+ <pair-value>&quot;SELECT role_name FROM user_rolesWHERE user_name = ?&quot;</pair-value>
+ </main>
+ End jdbcRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================= TokenAuthRealm ==================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation utilizing a per node H2 database store. =
+ ===================================================================================
+ -->
+ <main>
+ <pair-key>tokenAuthRealm</pair-key>
+ <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value>
+ <!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
+ </main>
+
+ <!--
+ ===================================================================================
+ =================================== MdsalRealm ====================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation utilizing the aaa.yang model. =
+ ===================================================================================
+ -->
+ <!-- Start mdsalRealm commented out
+ <main>
+ <pair-key>mdsalRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value>
+ </main>
+ End mdsalRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================= MoonAuthRealm ===================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with OPNFV Moon. =
+ ===================================================================================
+ -->
+ <!-- Start moonAuthRealm commented out
+ <main>
+ <pair-key>moonAuthRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>moonAuthRealm.moonServerURL</pair-key>
+ <pair-value>http://&lt;host&gt;:&lt;port&gt;</pair-value>
+ </main>
+ End moonAuthRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================= KeystoneAuthRealm == ============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an OpenStack =
+ = Keystone. =
+ ===================================================================================
+ -->
+ <!-- Start keystoneAuthRealm commented out
+ <main>
+ <pair-key>keystoneAuthRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.url</pair-key>
+ <pair-value>https://&lt;host&gt;:&lt;port&gt;</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.sslVerification</pair-key>
+ <pair-value>true</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.defaultDomain</pair-key>
+ <pair-value>Default</pair-value>
+ </main>
+ -->
+
+ <!--
+ Add tokenAuthRealm as the only realm. To enable mdsalRealm, add it to the list to he right of tokenAuthRealm.
+ -->
+ <main>
+ <pair-key>securityManager.realms</pair-key>
+ <pair-value>$tokenAuthRealm</pair-value>
+ </main>
+ <!-- Used to support OAuth2 use case. -->
+ <main>
+ <pair-key>authcBasic</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
+ </main>
+
+ <!-- Start moonAuthRealm commented out
+ <main>
+ <pair-key>rest</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value>
+ </main>
+ End moonAuthRealm commented out-->
+
+ <!-- in order to track AAA challenge attempts -->
+ <main>
+ <pair-key>accountingListener</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
+ </main>
+ <main>
+ <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
+ <pair-value>$accountingListener</pair-value>
+ </main>
+
+ <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
+ <main>
+ <pair-key>dynamicAuthorization</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+ </main>
+
+
+ <!--
+ ===================================================================================
+ = =
+ = =
+ = URLS =
+ = =
+ = =
+ ===================================================================================
+ -->
+ <!-- Start moonAuthRealm commented out
+ <urls>
+ <pair-key>/token</pair-key>
+ <pair-value>rest</pair-value>
+ </urls>
+ End moonAuthRealm commented out-->
+ <!-- URLS comment out
+ <urls>
+ <pair-key>/operations/cluster-admin**</pair-key>
+ <pair-value>authcBasic, roles[admin]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/v1/**</pair-key>
+ <pair-value>authcBasic, roles[admin]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/config/aaa*/**</pair-key>
+ <pair-value>authcBasic, roles[admin]</pair-value>
+ </urls>
+ End URLS commented out -->
+ <urls>
+ <pair-key>/**</pair-key>
+ <!-- <pair-value>authcBasic</pair-value> -->
+ <pair-value>authcBasic, rest[org.onap.sdnc.odl:odl-api]</pair-value>
+ </urls>
+</shiro-configuration>
+
diff --git a/installation/src/main/properties/bath_config.csv b/installation/src/main/properties/bath_config.csv
new file mode 100644
index 00000000..b6db7784
--- /dev/null
+++ b/installation/src/main/properties/bath_config.csv
@@ -0,0 +1 @@
+Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
diff --git a/installation/src/main/properties/org.onap.sdnc.cred.props b/installation/src/main/properties/org.onap.sdnc.cred.props
new file mode 100644
index 00000000..bf17c8fa
--- /dev/null
+++ b/installation/src/main/properties/org.onap.sdnc.cred.props
@@ -0,0 +1,16 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# by root
+# on 2019-02-15T20:08:10.860+0000
+# @copyright 2016, AT&T
+############################################################
+Challenge=enc:oGjvjifDJqw2I9ipISWLXcNZSimLv-lxGBbQV0MXl8yTlDok71cU9bZZPSXhY6Uo
+cadi_alias=sdnc@sdnc.onap.org
+cadi_key_password=enc:tz_2Pq5zN4PnVC0pUsWUBnzDtqBaZXkdgZB-DlU3gS4PFSjKifMnJxGg5rFZzZNe
+cadi_keyfile=/opt/sdnc/data/stores/org.onap.sdnc.keyfile
+cadi_keystore=/opt/sdnc/data/stores/org.onap.sdnc.p12
+cadi_keystore_password=enc:JetlhxTZNNDxsOvg-ZpBuRBJBFP8LN1UkFkkjT4aiEZExnglL717p-YVl2Lf3wMq
+cadi_keystore_password_p12=enc:JetlhxTZNNDxsOvg-ZpBuRBJBFP8LN1UkFkkjT4aiEZExnglL717p-YVl2Lf3wMq
+cadi_truststore=/opt/sdnc/data/stores/org.onap.sdnc.trust.jks
+cadi_truststore_password=enc:QrEzLSaLryxoB2Z2UXJEbRWxZRAhs2i4BAvKIcNYgbDPZY4gnpJWUhEbIwqnbGEn
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=ATT AAF CADI Issuing CA 01, OU=CSO, O=ATT, C=US:CN=ATT AAF CADI Issuing CA 02, OU=CSO, O=ATT, C=US
diff --git a/installation/src/main/properties/org.onap.sdnc.props b/installation/src/main/properties/org.onap.sdnc.props
new file mode 100644
index 00000000..5b96b907
--- /dev/null
+++ b/installation/src/main/properties/org.onap.sdnc.props
@@ -0,0 +1,15 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# by root
+# on 2019-02-15T20:08:07.125+0000
+# @copyright 2016, AT&T
+############################################################
+aaf_id=sdnc@sdnc.onap.org
+aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
+cadi_etc_dir=/opt/sdnc/data/stores
+cadi_latitude=38.432899
+cadi_longitude=-90.43248
+cadi_prop_files=/opt/sdnc/data/properties/org.onap.sdnc.cred.props
+cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+cadi_bath_convert=/opt/sdnc/data/properties/bath_config.csv
diff --git a/installation/src/main/stores/org.onap.sdnc.keyfile b/installation/src/main/stores/org.onap.sdnc.keyfile
new file mode 100644
index 00000000..2aa22f05
--- /dev/null
+++ b/installation/src/main/stores/org.onap.sdnc.keyfile
@@ -0,0 +1,27 @@
+__xWcKUL9kIQ-CVozfIv2AEmpntzCP8U9jWKxgnMJFHHlp2yPPpyPxYzigQX54HU9rtM4mfB5nob
+TzJw7zNzgmOlBbysPQNNoZwekF2vCR3YAtU_9cAzd9_rp8AS_XhaILCxCk3btgVWp-deoAMdvkdS
+3VYd7DQvSqZbuKOdTsQDJo1xrCEs3nblVoeBPglYrsBcgqEA-m7caibASeDmm8S2AXpelZXCRSQU
+u4xNFGp02GFiezSQTDoH7LWjbwI3j3nuJbSjjtQbNGPZKii6CrYDwrA9MSXXiR4XBWJR4aNj52KH
+QlYZdezYZTjsGuReqnov3SqjPmPhzyYqxmmRGQFrOO_U1ITqeVgnrZdL6mSSljqoqw5GzSrHRk8A
+EL26hEM9pExJdGvJOj9q9z7wjpfz4bJ4xddEnwccbK0mHDv2aW1oTCRZXe7tlhFujstFY5ONaZIi
+IINmYSW8-yy_pq62rndmG-wv4HsiuBocxUZhJPOlPewCar3Jm4Nr4RTyEBXPWIm3bgbzPnOYQuKw
+22K_XkTdbEHWK4_jVV8k_kvxb1Gnf9eelcZOVE5sc7Qm1ulW5E5x21AeM277QtYHubyCQpaLZ-dS
+2ZJHHdS6m11rc-kI_rAs6lq-ZgzR_AfbqTdgTRbt5ydjCPSR5Z7akIYjiNLXhH2rqPAczsPZ19D7
+obI6gd67db0S1GJuCni7AAFWaEmyhwjjqF-UoUGXaBMJG5DDlq14-fkCGvSPI_A8Bs9IrRaIF7Un
+6WDQklz0keTp3g9FL8DWT2YMus35Gy2-5xckotOOSuANT0rLrtH4VDDufB-5IukTbe3g3KALNl96
+DLIthbH_5wsje0LHi5a4DBfYZCJuqL5-dtpcjaozywNbDUPkoGGA3gHsj5ymB0uP1xWGg2HL5L8B
+XIVS1JziY9wJH2eOdTAemoh2QAiJ07HksKIrI0BshmFi3yqMG3WNDaLPT9lqdGIeu4cSGjG9gFk1
+1IdfP0lhIVuNDqXkDdyQ1isw_pDJPTWAh86kS6e5iWu2Nz12vv1Yz0r0D8KAtMFiqtQOWCyDIT9l
+n64p_-1swaeOASoK3xXf4s53EOOOD91iwUf3t2PkAQwPGHrEYcc1pCT6xy0mSOx3pSN10ez0_-Y8
+ANYRCarVOp0IWdIf4ZmIMK76ITbu4iRMKVtYNJH1J8IPsYI75cULyzL1G9q1DFWGWpB25KCPAird
+kJmUoT_pI82tFJt7tCTACsdQ5_5uEoACF9crth2MBE0D_fRb6PhEZrZqW4JpRRSDpZHOEredQY5k
+QV119KaN5GtuKwb45wzxyGR6c6MvIGYQ3-0ni1xGde84lUI8gEtIOhzLE8W54m52BE27UC78G3oq
+WUwIaHxxMDfGKxxRJNgovIyXuyLXPOZaU_hivgNxniLy_PrSihUZ6vM7Mku18_p8pAQtjKryWbpg
+39SY2GeTodUNYznRB94n2ob4yDt85H_zDvyDpcLj91W5vMMaQb8skoA-x_pTxJvrcx-Iq9U-XaNl
+nf4BonnggI9E0YL3GH_-pg-bVlO7rzZ9EGQI1omhRBrinawMKdoVIXD9L4y8pULgZZNSQuI6AAKu
+jwwT3ALe_PUJaPNZNR4ldiAfURAqQtVLUrHMX1O3cptkju3lMiURJO7-Xrr6jwR078IiS5RNKACB
+EAvX8zVON3Ggt101NgFKgdYEy5JaoUvazndLGnoqos3LEMVNm6Ukx1U56AP27Yq-xaqdpnICupiz
+M6LCCAgdksyn84IFexB2y_oxsBppvTNwqGsMQvVTiVkKXGWHcunzVr8eQdwrGWFoU_Qi6XG9V2mO
+i5kIulkzEgjaBsG2VErF8DfTWXUcv2HYk9kRAQQ8ABRbiRwHdVjwPvXIlTLgrKxF_LhmFIBhrI1W
+5BHEKF9FQb6DGI-vNrqFSaVjDSGAT-r5SBZFPkkiO7yg5E4L9LnB4zGc4IbwDAjYuzXooo73FuHs
+EdLz0GTc_4DUDXe0T-OnUzq4mZevZ9KxvgvVSRcPIwvYh26p3IPyeurK_OwDI6KevAo2Lady \ No newline at end of file
diff --git a/installation/src/main/stores/org.onap.sdnc.p12 b/installation/src/main/stores/org.onap.sdnc.p12
new file mode 100644
index 00000000..d3e4d9d2
--- /dev/null
+++ b/installation/src/main/stores/org.onap.sdnc.p12
Binary files differ
diff --git a/installation/src/main/stores/org.onap.sdnc.trust.jks b/installation/src/main/stores/org.onap.sdnc.trust.jks
new file mode 100644
index 00000000..fdb8cdf7
--- /dev/null
+++ b/installation/src/main/stores/org.onap.sdnc.trust.jks
Binary files differ
diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml
index 38522518..12ca37bb 100644
--- a/installation/src/main/yaml/docker-compose.yml
+++ b/installation/src/main/yaml/docker-compose.yml
@@ -66,6 +66,8 @@ services:
options:
max-size: "30m"
max-file: "5"
+ extra_hosts:
+ aaf.osaaf.org: 10.12.6.214
web: