Note, this Documentation is for El Alto, on a temporary basis, until it can be entered into "readthedocs" format
| Table of Contents |
|---|
PTL Presentation 2019.07.29
...
If you are testing locally (i.e. DEV Box), remember that TLS (Certs) out-of-the-box requires DNS Entries. If the DNS (name) of, for instance, aaf.osaaf.org, doesn't exist, put it in your /etc/hosts, and TLS will use those instead of DNS
Working on Container Info
To use Container Info, you need to gain access to the volume with the "agent" container. A script is available for you to. Example. See Helm "aaa-hello"
- bash agent.sh
- This will read the "values.yaml" to get the parameters
- Once in the Command prompt, an "Alias" is provided for you (to see how defined, cat ~/.bashrc)
- You can run important tools, example
- agent read
- Will read the FQI/FQDN Certificate Artifact (authorization record)
2019-08-06T14:24:06.032+0000 INFO [cadi] AAFLocator enabled using https://aaf-locate.onap:8095
AppID: aaf@aaf.osaaf.org
Sponsor: aaf_admin@osaaf.org
Machine: aaf-hello
CA: local
Types: pkcs12,script
Namespace: org.osaaf.aaf
Directory: /opt/app/osaaf/local
O/S User: root
Renew Days: 30
Notification mailto:
2019-08-06T14:24:07.124+0000: Trans Info
Read Artifact 1080.7137ms
- Will read the FQI/FQDN Certificate Artifact (authorization record)
- agent showpass
- Will decrypt the passcodes etc. Note: You must have logged in as the "Deployer" to do this (with perm to "showpass" (TODO more info on PERM)
$ agent showpass
cadi_truststore_password=Tx}WUvfbN#N,lL7h,fW&bU%a
cadi_key_password=8LZ4aSEP^Qouq[J5m{{(h5+c
cadi_keystore_password=8LZ4aSEP^Qouq[J5m{{(h5+c
cadi_keystore_password_p12=8LZ4aSEP^Qouq[J5m{{(h5+c
Challenge=*z(#X2[kTp3&Y)3HUzKKAw$s
2019-08-06T14:26:27.500+0000: Trans Info
- Will decrypt the passcodes etc. Note: You must have logged in as the "Deployer" to do this (with perm to "showpass" (TODO more info on PERM)
- agent validate
- Will check the configuration, and use to contact AAF for Permissions
$ agent validate
...Success connecting to https://aaf-service.onap:8100
Permissions for aaf@aaf.osaaf.org
org.access|*|*
org.osaaf.aaf.access|*|*
org.osaaf.aaf.cache|*|clear
org.osaaf.aaf.cache|all|clear
org.osaaf.aaf.cache|role|clear
org.osaaf.aaf.password|*|create,reset
org.osaaf.people.access|*|*
- Will check the configuration, and use to contact AAF for Permissions
- Direct access to the "CADI Tool", use agent again. It is also available, if you have locally, "aaf-cadi-core-<VERSION>.jar" in your maven libs, etc.
$ agent cadi################################################################
Note: Cadi CmdLine is a separate component. When running with
Agent, always preface with "cadi",
ex: cadi keygen [<keyfile>]
################################################################
Usage: java -jar <this jar> ...
keygen [<keyfile>] (Generates Key on file, or Std Out)
digest [<passwd>|-i|] <keyfile> (Encrypts Password with "keyfile"
if passwd = -i, will read StdIn
if passwd is blank, will ask securely)
undigest <enc:...> <keyfile> (Decrypts Encoded with "keyfile")
passgen <digits> (Generate Password of given size)
urlgen <digits> (Generate URL field of given size)
encode64 <your text> (Encodes to Base64)
decode64 <base64 encoded text> (Decodes from Base64)
encode64url <your text> (Encodes to Base64 URL charset)
decode64url <base64url encoded text> (Decodes from Base64 URL charset)
sha256 <text> <salts(s)> (Digest String into SHA256 Hash)
md5 <text> (Digest String into MD5 Hash)
$ agent cadi passgen 12
79r[WR1{G0E}
- agent read