Fix installation steps to handle new ui service name (#662)

* Fix installation steps to handle new ui service name

* additional fixes to correct use of cert names

* skip deploying jar twice

assembly/ui/pom.xml

@@ -65,6 +65,7 @@
               <goal>single</goal>
             </goals>
             <configuration>
+              <attach>false</attach>
               <tarLongFileMode>posix</tarLongFileMode>
               <outputDirectory>../../../athenz/aws-setup/ui-setup/tars/</outputDirectory>
               <finalName>athenz-ui</finalName>

assembly/zms/pom.xml

@@ -79,6 +79,7 @@
               <goal>single</goal>
             </goals>
             <configuration>
+              <attach>false</attach>
               <tarLongFileMode>posix</tarLongFileMode>
               <outputDirectory>../../../athenz/aws-setup/zms-setup/tars/</outputDirectory>
               <finalName>athenz-zms</finalName>

assembly/zts/pom.xml

@@ -79,6 +79,7 @@
               <goal>single</goal>
             </goals>
             <configuration>
+              <attach>false</attach>
               <tarLongFileMode>posix</tarLongFileMode>
               <outputDirectory>../../../athenz/aws-setup/zts-setup/tars/</outputDirectory>
               <finalName>athenz-zts</finalName>

docs/dev_environment.md

@@ -37,7 +37,8 @@ Download and install [Apache Maven](http://maven.apache.org/download.cgi).
 --------------
 
 If you don't have git client installed on your host, you can download
-one from [Git website](https://git-scm.com/downloads)
+one from [Git website](https://git-scm.com/downloads). 2.x version of
+the git client is required.
 
 ### Go
 ------

docs/setup_ui.md

@@ -80,20 +80,20 @@ Running this setup script completes the following tasks:
 Set the following environment variable before starting the UI Server:
 
 ```shell
-$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
 $ cd athenz-ui-X.Y
-$ bin/athenz_ui start
+$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
+$ sudo -E bin/athenz_ui start
 ```
 
 Based on the sample configuration file provided, Athenz UI Server will be listening
-on port 9443.
+on port 443.
 
 To stop the UI server, execute the following commands:
 
 ```shell
-$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
 $ cd athenz-ui-X.Y
-$ bin/athenz_ui stop
+$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
+$ sudo -E bin/athenz_ui stop
 ```
 
 ## UI Access
@@ -102,7 +102,7 @@ $ bin/athenz_ui stop
 To access Athenz UI in your browser, visit:
 
 ```
-https://<ui-server-host-name>:9443
+https://<ui-server-host-name>
 ```
 
 Since the development setup is using self-signed X509 certificates for

docs/setup_ui_prod.md

@@ -65,8 +65,8 @@ commands:
 
 ```shell
 $ cd keys
-$ openssl genrsa -out athenz.ui.pem 2048
-$ openssl rsa -in athenz.ui.pem -pubout > athenz.ui_pub.pem
+$ openssl genrsa -out athenz.ui-server.pem 2048
+$ openssl rsa -in athenz.ui-server.pem -pubout > athenz.ui-server_pub.pem
 ```
 
 ### X509 Certificate
@@ -92,7 +92,7 @@ register a new service in `athenz` domain:
 ```shell
 $ cd athenz-ui-X.Y
 $ bin/<platform>/zms-cli -z https://<zms-server>:4443/zms/v1 add-domain athenz
-$ bin/<platform>/zms-cli -z https://<zms-server>:4443/zms/v1 -d athenz add-service ui 0 keys/athenz.ui_pub.pem
+$ bin/<platform>/zms-cli -z https://<zms-server>:4443/zms/v1 -d athenz add-service ui-server 0 keys/athenz.ui-server_pub.pem
 ```
 
 ### Generate Athenz Configuration File
@@ -114,18 +114,18 @@ $ bin/<platform>/athenz-conf -o config/athenz.conf -z https://<zms-server>:4443/
 Set the following environment variable before starting the UI Server:
 
 ```shell
-$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
 $ cd athenz-ui-X.Y
-$ bin/athenz_ui start
+$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
+$ sudo -E bin/athenz_ui start
 ```
 
 Based on the sample configuration file provided, Athenz UI Server will be listening
-on port 9443.
+on port 443.
 
 To stop the UI server, execute the following commands:
 
 ```shell
-$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
 $ cd athenz-ui-X.Y
-$ bin/athenz_ui stop
+$ export UI_SERVER=<ui-server-host-name> ZMS_SERVER=<zms-server-host-name>
+$ sudo -E bin/athenz_ui stop
 ```

docs/setup_zms.md

@@ -94,7 +94,7 @@ $ cd athenz-zms-X.Y
 $ vi conf/zms_server/zms.properties
 ```
 
-Modify the `athenz.zms.domain_admin=user.${USER}` line and include comma
+Modify the `athenz.zms.domain_admin=user.admin` line and include comma
 separated list of unix user ids that should be set as Athenz system
 administrators. e.g. `athenz.zms.domain_admin=user.joe,user.john`
 
@@ -118,5 +118,5 @@ Stop the ZMS Server by executing:
 
 ```shell
 $ cd athenz-zms-X.Y
-$ sudo bin/zms stop
+$ sudo -E bin/zms stop
 ```

docs/setup_zms_prod.md

@@ -226,7 +226,7 @@ $ cd athenz-zms-X.Y
 $ vi conf/zms_server/zms.properties
 ```
 
-Modify the `athenz.zms.domain_admin=user.${USER}` line and include comma
+Modify the `athenz.zms.domain_admin=user.admin` line and include comma
 separated list of unix user ids that should be set as Athenz system
 administrators. e.g. `athenz.zms.domain_admin=user.joe,user.john`
 

servers/zms/conf/athenz.properties

@@ -20,13 +20,13 @@ athenz.port=0
 #athenz.access_slf4j_logger=
 
 # Directory to store access log files
-athenz.access_log_dir=/home/athenz/logs/zms_server
+#athenz.access_log_dir=/home/athenz/logs/zms_server
 
 # Key Manager password
 #athenz.ssl_key_manager_password=
 
 # The path to the keystore file that contains the server's certificate
-athenz.ssl_key_store=file:///home/athenz/var/zms_server/certs/zms_keystore.pkcs12
+#athenz.ssl_key_store=file:///home/athenz/var/zms_server/certs/zms_keystore.pkcs12
 
 # Specifies the type for the keystore specified in the
 # athenz.ssl_key_store property
@@ -101,7 +101,7 @@ athenz.ssl_key_store_password=athenz
 
 # Default home directory for embedded Jetty Deployer. The container will look
 # for any servlets in the webapps subdirectory of the configured directory
-athenz.jetty_home=/home/athenz
+#athenz.jetty_home=/home/athenz
 
 # Boolean flag to enable debug log entries when deploying webapps
 #athenz.debug=false

servers/zms/conf/authorized_services.json

@@ -1,6 +1,6 @@
 {
     "services" : {
-        "athenz.ci": {
+        "athenz.ci-test": {
             "allowedOperations": [
                 { "name": "putrole" },
                 { "name": "putmembership",
@@ -13,7 +13,7 @@
                 }
             ]
         },
-        "athenz.ui": {
+        "athenz.ui-server": {
             "allowedOperations": [
                 { "name":"putmembership" },
                 { "name":"deletemembership" },

servers/zms/conf/zms.properties

@@ -43,7 +43,7 @@ athenz.zms.domain_admin=user.admin
 # If File Private Key store implementation is used in the Server,
 # this setting specifies the path to the PEM encoded ZMS Server
 # private key file (both RSA and EC privates keys are supported)
-athenz.auth.private_key_store.private_key=/home/athenz/var/zms_server/keys/zms_private.pem
+#athenz.auth.private_key_store.private_key=/home/athenz/var/zms_server/keys/zms_private.pem
 
 # If File Private Key store implementation is used in the Server,
 # this setting specifies the key identifier for the private key
@@ -61,10 +61,10 @@ athenz.auth.private_key_store.private_key_id=0
 athenz.zms.read_only_mode=false
 
 # Specifies the authorized service json configuration file path.
-athenz.zms.authz_service_fname=/home/athenz/conf/zms_server/authorized_services.json
+#athenz.zms.authz_service_fname=/home/athenz/conf/zms_server/authorized_services.json
 
 # Specifies the path to the solution templates json document
-athenz.zms.solution_templates_fname=/home/athenz/conf/zms_server/solution_templates.json
+#athenz.zms.solution_templates_fname=/home/athenz/conf/zms_server/solution_templates.json
 
 # In case there is a concurrent update conflict, the server will retry
 # the operation multiple times until this timeout is reached before

servers/zms/scripts/setup_dev_zms.sh

@@ -24,4 +24,4 @@ openssl req -x509 -nodes -newkey rsa:2048 -keyout zms_key.pem -out zms_cert.pem
 echo "Generating PKCS12 keystore for ZMS Server..."
 openssl pkcs12 -export -out zms_keystore.pkcs12 -in zms_cert.pem -inkey zms_key.pem -noiter -password pass:athenz
 
-echo "ZMS Dev Enviornment setup complete"
+echo "ZMS Dev Environment setup complete"

servers/zms/scripts/zms

@@ -32,10 +32,16 @@ mkdir -p "${ZMS_LOG_DIR}"
 # setup our required java attributes for startup
 
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.root_dir=${ROOT}"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.jetty_home=${ROOT}"
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.zms.root_dir=${ROOT}"
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.prop_file=${ROOT}/conf/zms_server/athenz.properties"
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.zms.prop_file=${ROOT}/conf/zms_server/zms.properties"
 JAVA_OPTS="${JAVA_OPTS} -Dlogback.configurationFile=${ROOT}/conf/zms_server/logback.xml"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.ssl_key_store=${ROOT}/var/zms_server/certs/zms_keystore.pkcs12"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.access_log_dir=${ZMS_LOG_DIR}"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.auth.private_key_store.private_key=${ROOT}/var/zms_server/keys/zms_private.pem"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.zms.authz_service_fname=${ROOT}/conf/zms_server/authorized_services.json"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.zms.solution_templates_fname=${ROOT}/conf/zms_server/solution_templates.json"
 
 ZMS_CLASSPATH=${ROOT}/lib/jars/*
 ZMS_BOOTSTRAP_CLASS=com.yahoo.athenz.container.AthenzJettyContainer

servers/zts/conf/athenz.properties

@@ -20,13 +20,13 @@ athenz.port=0
 #athenz.access_slf4j_logger=
 
 # Directory to store access log files
-athenz.access_log_dir=/home/athenz/logs/zts_server
+#athenz.access_log_dir=/home/athenz/logs/zts_server
 
 # Key Manager password
 #athenz.ssl_key_manager_password=
 
 # The path to the keystore file that contains the server's certificate
-athenz.ssl_key_store=file:///home/athenz/var/zts_server/certs/zts_keystore.pkcs12
+#athenz.ssl_key_store=/home/athenz/var/zts_server/certs/zts_keystore.pkcs12
 
 # Specifies the type for the keystore specified in the
 # athenz.ssl_key_store property
@@ -37,7 +37,7 @@ athenz.ssl_key_store_password=athenz
 
 # The path to the trust store file that contains CA certificates
 # trusted by this Jetty instance
-athenz.ssl_trust_store=/home/athenz/var/zts_server/certs/zts_truststore.jks
+#athenz.ssl_trust_store=/home/athenz/var/zts_server/certs/zts_truststore.jks
 
 # Specifies the type for the truststore specified in the
 # athenz.ssl_trust_store property
@@ -102,7 +102,7 @@ athenz.ssl_trust_store_password=athenz
 
 # Default home directory for embedded Jetty Deployer. The container will look
 # for any webapps in the webapps subdirectory of the configured directory
-athenz.jetty_home=/home/athenz
+#athenz.jetty_home=/home/athenz
 
 # Boolean flag to enable debug log entries when deploying webapps
 #athenz.debug=false

servers/zts/conf/zts.properties

@@ -14,7 +14,7 @@ athenz.zts.authority_classes=com.yahoo.athenz.auth.impl.PrincipalAuthority,com.y
 # If File Private Key store implementation is used in the Server,
 # this setting specifies the path to the PEM encoded ZTS Server
 # private key file (both RSA and EC privates keys are supported)
-athenz.auth.private_key_store.private_key=/home/athenz/var/zts_server/keys/zts_private.pem
+#athenz.auth.private_key_store.private_key=/home/athenz/var/zts_server/keys/zts_private.pem
 
 # If File Private Key store implementation is used in the Server,
 # this setting specifies the key identifier for the private key
@@ -28,7 +28,7 @@ athenz.auth.private_key_store.private_key_id=0
 # The path to the keystore file that contains the client's private key
 # and certificate. Currently this is only used by the HttpCertSigner
 # class implementation.
-athenz.zts.ssl_key_store=file:///home/athenz/var/zts_server/certs/zts_keystore.pkcs12
+#athenz.zts.ssl_key_store=/home/athenz/var/zts_server/certs/zts_keystore.pkcs12
 
 # Specifies the type for the keystore specified in the
 # athenz.zts.ssl_key_store property
@@ -39,8 +39,8 @@ athenz.zts.ssl_key_store_password=athenz
 
 # The path to the trust store file that contains CA certificates
 # trusted by the http client running within this ZTS instance
-athenz.zts.ssl_trust_store=/home/athenz/var/zts_server/certs/zts_truststore.jks
-javax.net.ssl.trustStore=/home/athenz/var/zts_server/certs/zts_truststore.jks
+#athenz.zts.ssl_trust_store=/home/athenz/var/zts_server/certs/zts_truststore.jks
+#javax.net.ssl.trustStore=/home/athenz/var/zts_server/certs/zts_truststore.jks
 
 # Type for the truststore specified in the athenz.zts.ssl_trust_store property
 athenz.zts.ssl_trust_store_type=JKS
@@ -52,7 +52,7 @@ javax.net.ssl.trustStorePassword=athenz
 
 # Specifies the location for the athenz.conf file used by the ZMS Client
 # library to determine what ZMS server to contact to.
-athenz.athenz_conf=/home/athenz/conf/zts_server/athenz.conf
+#athenz.athenz_conf=/home/athenz/conf/zts_server/athenz.conf
 
 # If specified, this setting overrides the ZMS Server url value for the
 # ZMS Client as retrieved from the athenz.conf file
@@ -62,7 +62,7 @@ athenz.athenz_conf=/home/athenz/conf/zts_server/athenz.conf
 # is used for the CertSigner implementation (athenz.zts.cert_signer_factory_class
 # property), this setting specifies the private key filename that is used to sign
 # certificate requests.
-athenz.zts.self_signer_private_key_fname=/home/athenz/var/zts_server/keys/zts_private.pem
+#athenz.zts.self_signer_private_key_fname=/home/athenz/var/zts_server/keys/zts_private.pem
 
 # SelfCertSignerFactory implementation - if this factory class is used
 # is used for the CertSigner implementation (athenz.zts.cert_signer_factory_class

servers/zts/scripts/setup_dev_zts.sh

@@ -58,4 +58,4 @@ $ROOT/bin/$HOST_PLATFORM/zms-cli -c $ROOT/var/zts_server/certs/zms_cert.pem -z h
 echo "Generating Athenz configuration file..."
 $ROOT/bin/$HOST_PLATFORM/athenz-conf -o $ROOT/conf/zts_server/athenz.conf -c $ROOT/var/zts_server/certs/zms_cert.pem -z https://$ZMS_HOSTNAME:4443/ -t https://$ZTS_HOSTNAME:8443/
 
-echo "ZTS Dev Enviornment setup complete"
+echo "ZTS Dev Environment setup complete"

servers/zts/scripts/zts

@@ -32,10 +32,20 @@ mkdir -p "${ZTS_LOG_DIR}"
 # setup our required java attributes for startup
 
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.root_dir=${ROOT}"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.jetty_home=${ROOT}"
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.root_dir=${ROOT}"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.athenz_conf=${ROOT}/conf/zts_server/athenz.conf"
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.prop_file=${ROOT}/conf/zts_server/athenz.properties"
 JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.prop_file=${ROOT}/conf/zts_server/zts.properties"
 JAVA_OPTS="${JAVA_OPTS} -Dlogback.configurationFile=${ROOT}/conf/zts_server/logback.xml"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.ssl_key_store=${ROOT}/var/zts_server/certs/zts_keystore.pkcs12"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.ssl_trust_store=${ROOT}/var/zts_server/certs/zts_truststore.jks"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.ssl_key_store=${ROOT}/var/zts_server/certs/zts_keystore.pkcs12"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.ssl_trust_store=${ROOT}/var/zts_server/certs/zts_truststore.jks"
+JAVA_OPTS="${JAVA_OPTS} -Djavax.net.ssl.trustStore=${ROOT}/var/zts_server/certs/zts_truststore.jks"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.access_log_dir=${ZTS_LOG_DIR}"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.auth.private_key_store.private_key=${ROOT}/var/zts_server/keys/zts_private.pem"
+JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.self_signer_private_key_fname=${ROOT}/var/zts_server/keys/zts_private.pem"
 
 ZTS_CLASSPATH=${ROOT}/lib/jars/*
 ZTS_BOOTSTRAP_CLASS=com.yahoo.athenz.container.AthenzJettyContainer

ui/config/default-config.js

@@ -21,8 +21,8 @@ const config = {
     userDomain: 'user',
     authHeader: 'Athenz-Principal-Auth',
     strictSSL: false,
-    user: 'ui',
-    serviceFQN: 'athenz.ui',
+    user: 'ui-server',
+    serviceFQN: 'athenz.ui-server',
     authKeyVersion: '0',
     envLabel: '',
     userIcon: function(user) {
@@ -56,8 +56,8 @@ const config = {
     userDomain: 'user',
     authHeader: 'Athenz-Principal-Auth',
     strictSSL: true,
-    user: 'ui',
-    serviceFQN: 'athenz.ui',
+    user: 'ui-server',
+    serviceFQN: 'athenz.ui-server',
     authKeyVersion: '0',
     envLabel: '',
     userIcon: function(user) {
@@ -95,7 +95,7 @@ module.exports = function() {
   c.userDomain = c.userDomain || 'user';
   c.authHeader = c.authHeader || 'Athenz-Principal-Auth';
   c.strictSSL = c.strictSSL || false;
-  c.user = c.user || 'ui';
+  c.user = c.user || 'ui-server';
   c.serviceFQN = c.serviceFQN || process.env.DOMAIN_NAME + '.' + process.env.SERVICE_NAME;
   c.authKeyVersion = c.authKeyVersion || '0';
   c.envLabel = c.envLabel || 'development';

ui/scripts/setup_dev_ui.sh

@@ -22,8 +22,8 @@ fi
 
 echo "Generating private key for Athenz UI Server..."
 cd $ROOT/keys
-openssl genrsa -out athenz.ui.pem 2048
-openssl rsa -in athenz.ui.pem -pubout > athenz.ui_pub.pem
+openssl genrsa -out athenz.ui-server.pem 2048
+openssl rsa -in athenz.ui-server.pem -pubout > athenz.ui-server_pub.pem
 
 # Generate a self-signed x509 certificate
 
@@ -40,11 +40,11 @@ cd $ROOT
 HOST_PLATFORM=$(uname | tr '[:upper:]' '[:lower:]')
 cp $ZMS_CERT $ROOT/keys/zms_cert.pem
 $ROOT/bin/$HOST_PLATFORM/zms-cli -c $ROOT/keys/zms_cert.pem -z https://$ZMS_HOSTNAME:4443/zms/v1 add-domain athenz
-$ROOT/bin/$HOST_PLATFORM/zms-cli -c $ROOT/keys/zms_cert.pem -z https://$ZMS_HOSTNAME:4443/zms/v1 -d athenz add-service ui 0 $ROOT/keys/athenz.ui_pub.pem
+$ROOT/bin/$HOST_PLATFORM/zms-cli -c $ROOT/keys/zms_cert.pem -z https://$ZMS_HOSTNAME:4443/zms/v1 -d athenz add-service ui-server 0 $ROOT/keys/athenz.ui-server_pub.pem
 
 # Generate athenz configuration file
 
 echo "Generating Athenz configuration file..."
 $ROOT/bin/$HOST_PLATFORM/athenz-conf -o $ROOT/config/athenz.conf -c $ROOT/keys/zms_cert.pem -z https://$ZMS_HOSTNAME:4443/
 
-echo "Athenz UI Dev Enviornment setup complete"
+echo "Athenz UI Dev Environment setup complete"