Updates to the AWS startup and build scripts

aws/create_aws_ami.sh

@@ -1,6 +1,10 @@
 #!/usr/bin/env bash
 set -ev
 
+echo "-----------------------------------------------"
+echo "Creating Athenz AWS AMI..."
+echo "-----------------------------------------------"
+
 CUR_DIR="$( pwd )"
 
 #setup provision directory
@@ -33,3 +37,7 @@ cd $CUR_DIR
 #run packer
 export BASE_AMI_ID=ami-a58d0dc5
 sudo ${PACKER_DIR}/packer build -machine-readable ./aws/athenz_ami.json && touch .ami
+
+echo "-----------------------------------------------"
+echo "Athenz AWS AMI Completed"
+echo "-----------------------------------------------"

aws/provision_athenz.sh

@@ -23,5 +23,3 @@ tar xfz athenz-ui*.tar.gz
 
 echo "provisioning zts"
 tar xfz athenz-zts*.tar.gz
-
-

aws/start.sh

@@ -7,21 +7,30 @@ echo "running start.sh as `whoami`"
 echo "---create athenz user---"
 echo athenz:athenz::::/home/athenz:/bin/bash | sudo newusers
 
-echo "---initializing zms---"
 cd /opt/athenz/athenz-zms*
-sed -ie 's/${USER}/athenz/g' /opt/athenz/athenz-zms*/conf/zms_server/zms.properties
 if [ ! -f "./var/zms_server/keys/zms_private.pem" ]; then
+    echo "---initializing zms---"
+    sed -ie 's/${USER}/athenz/g' /opt/athenz/athenz-zms*/conf/zms_server/zms.properties
     bin/setup_dev_zms.sh
 fi
 
-sudo -E bin/zms start
-sleep 10
-
 hostname=`hostname`
 
-echo "---initializing ui---"
+sudo -E bin/zms start
+set +e
+for i in {1..10};
+do
+    status=$(curl -k -s -w %{http_code} --output /dev/null https://$hostname:4443/zms/v1/schema)
+    if [ $status -eq "200" ]; then
+        break;
+    fi
+    sleep 3
+done
+set -e
+
 cd /opt/athenz/athenz-ui*/keys
 if [ ! -f "./athenz.ui.pem" ]; then
+    echo "---initializing ui---"
     echo "---creating private/public key for ui---"
     openssl genrsa -out athenz.ui.pem 2048
     openssl rsa -in athenz.ui.pem -pubout > athenz.ui_pub.pem
@@ -34,22 +43,19 @@ cd /opt/athenz/athenz-utils*/bin/linux
 
 echo "---creating ntoken---"
 ntoken=$(curl --silent -H "Authorization:Basic YXRoZW56OmF0aGVueg==" -k https://$hostname:4443/zms/v1/user/athenz/token | grep -o '\"token\":.*\"' | cut -d':' -f2 | sed 's/\"//'g )
-echo $ntoken
 printf "%s" "$ntoken" > ~/.ntoken
 if [ ! -f ~/.ntoken ]; then
     echo "error: failed to find ntoken file"
     exit 1
 fi
 
 tokenExists=$(cat ~/.ntoken | grep 'n=athenz' | wc -l)
-echo $tokenExists
 if [ ! $tokenExists -eq "1" ]; then
     echo "error: failed to create ntoken"
     exit 1
 fi
 
 domainNotExist=`sudo ./zms-cli -i user.athenz -c /opt/athenz/athenz-ui*/keys/zms_cert.pem -z https://$hostname:4443/zms/v1 show-domain athenz | grep '404' | wc -l`
-echo "athenz domain not found: $domainNotExist"
 if [ $domainNotExist -eq "1" ]; then
     echo "---adding athenz domain with zms---"
     sudo ./zms-cli -i user.athenz -c /opt/athenz/athenz-ui*/keys/zms_cert.pem -z https://$hostname:4443/zms/v1 add-domain athenz
@@ -63,16 +69,15 @@ cd /opt/athenz/athenz-ui*/
 export ZMS_SERVER=$hostname
 bin/athenz_ui start
 
-echo "---initializing zts---"
 cd /opt/athenz/athenz-zts*/var/zts_server/keys
 if [ ! -f "./zts_private.pem" ]; then
+    echo "---initializing zts---"
     echo "---creating private/public key for zts---"
     openssl genrsa -out zts_private.pem 2048
     openssl rsa -in zts_private.pem -pubout > zts_public.pem
 fi
 cd /opt/athenz/athenz-zts*/var/zts_server/certs
 if [ ! -f "./zts_key.pem" ]; then
-
     echo "---creating X509 Certificate for zts---"
     sed s/__athenz_hostname__/$hostname/g /opt/athenz/athenz-zts*/conf/zts_server/dev_x509_cert.cnf > ./dev_x509_cert.cnf
     openssl req -x509 -nodes -newkey rsa:2048 -keyout zts_key.pem -out zts_cert.pem -days 365 -config ./dev_x509_cert.cnf
@@ -89,18 +94,20 @@ if [ ! -f "./zts_truststore.jks" ]; then
     keytool -importcert -noprompt -alias zms -keystore zts_truststore.jks -file zms_cert.pem -storepass athenz
 fi
 
-echo "---generate Athenz Configuration File---"
 cd /opt/athenz/athenz-zts*
-sudo /opt/athenz/athenz-utils*/bin/linux/athenz-conf -o ./conf/zts_server/athenz.conf -c /opt/athenz/athenz-zts*/var/zts_server/certs/zms_cert.pem -z https://$hostname:4443/ -t https://$hostname:8443/
+if [ ! -f "./conf/zts_server/athenz.conf" ]; then
+    echo "---generate Athenz Configuration File---"
+    sudo /opt/athenz/athenz-utils*/bin/linux/athenz-conf -o ./conf/zts_server/athenz.conf -c /opt/athenz/athenz-zts*/var/zts_server/certs/zms_cert.pem -z https://$hostname:4443/ -t https://$hostname:8443/
+fi
 
 cd /opt/athenz/athenz-utils*/bin/linux
 serviceNotExist=$(sudo ./zms-cli -i user.athenz -c /opt/athenz/athenz-zts*/var/zts_server/certs/zms_cert.pem -z https://$hostname:4443/zms/v1 -d sys.auth show-service zts | grep '404' | wc -l)
-echo $serviceNotExist
 if [ $serviceNotExist -eq "1" ]; then
     echo "---registering zts service to zms---"
     sudo ./zms-cli -i user.athenz -c /opt/athenz/athenz-zts*/var/zts_server/certs/zms_cert.pem -z https://$hostname:4443/zms/v1 -d sys.auth add-service zts 0 /opt/athenz/athenz-zts*/var/zts_server/keys/zts_public.pem
 fi
 
 echo "---starting athenz zts---"
 cd /opt/athenz/athenz-zts*/
-sudo bin/zts start
+
+sudo bin/zts start

docker/publish_docker.sh

@@ -1,6 +1,14 @@
 #!/usr/bin/env bash
 set -ev
 
+echo "-----------------------------------------------"
+echo "Creating Athenz Docker image..."
+echo "-----------------------------------------------"
+
 docker build -t athenz/athenz .
 docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
 docker push athenz/athenz
+
+echo "-----------------------------------------------"
+echo "Athenz Docker Image Completed"
+echo "-----------------------------------------------"

docs/setup_aws.md

@@ -71,8 +71,10 @@ click on `Launch Instances` to launch your Athenz EC2 instance.
 --------------------
 
 After your EC2 instance is launched, you need to ssh to your
-instance and start Athenz services. After you have connected
-and logged into your instance, execute the following commands:
+instance and start Athenz services. During the first start-up,
+the Athenz services will be automatically configured with default
+settings and self-signed certificates. After you have connected
+and logged onto your instance, execute the following commands:
 
 ```shell
 $ cd /opt/athenz