Eliminating use of Apache Karaf CLI client and of ONOS_USE_SSH env. variable.
All CLI access is now through the raw SSH client.
To enable passwordless access, the 'onos-user-key' tool should be used to add user keys.
Added 'onos-user-password' tool in the similar vein and usage as the 'onos-user-key' tool.
Change-Id: Ic5482fc8012369edc818691402ba45d13f130452
diff --git a/tools/package/bin/onos-ssh b/tools/package/bin/onos
similarity index 79%
rename from tools/package/bin/onos-ssh
rename to tools/package/bin/onos
index 7e082aa..8614256 100755
--- a/tools/package/bin/onos-ssh
+++ b/tools/package/bin/onos
@@ -3,4 +3,4 @@
# ONOS command-line client that uses raw ssh.
# -----------------------------------------------------------------------------
-ssh -p 8101 localhost "$@"
\ No newline at end of file
+ssh -p 8101 -o StrictHostKeyChecking=no localhost "$@"
\ No newline at end of file
diff --git a/tools/package/bin/onos-client b/tools/package/bin/onos-client
deleted file mode 100755
index 2a37087..0000000
--- a/tools/package/bin/onos-client
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-# -----------------------------------------------------------------------------
-# ONOS command-line client that uses the built-in Apache Karaf client.
-# -----------------------------------------------------------------------------
-
-if [ -z "${JAVA_HOME}" ]; then
- if [ -x /usr/libexec/java_home ]; then
- export JAVA_HOME=$(/usr/libexec/java_home -v 1.8)
- elif [ -d /usr/lib/jvm/java-8-oracle ]; then
- export JAVA_HOME="/usr/lib/jvm/java-8-oracle"
- elif [ -d /usr/lib/jvm/java-7-openjdk-amd64 ]; then
- export JAVA_HOME="/usr/lib/jvm/java-7-openjdk-amd64"
- fi
-fi
-
-cd $(dirname $0)/../apache-karaf-$KARAF_VERSION/bin
-./client -h localhost -u karaf "$@"
diff --git a/tools/package/bin/onos-config b/tools/package/bin/onos-config
deleted file mode 100755
index 2265d00..0000000
--- a/tools/package/bin/onos-config
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-echo "This command has been deprecated as this step is no longer required."
\ No newline at end of file
diff --git a/tools/package/bin/onos-secure-ssh b/tools/package/bin/onos-secure-ssh
index eab5d7a..fba3a03 100755
--- a/tools/package/bin/onos-secure-ssh
+++ b/tools/package/bin/onos-secure-ssh
@@ -1,40 +1,3 @@
#!/bin/bash
-# -----------------------------------------------------------------------------
-# Enables secure access to ONOS console by removing default users & keys.
-# -----------------------------------------------------------------------------
-
-# Remove the "unsecure" shell client which uses karaf "client" which is used
-# by default; we will install the "secure" client that just uses raw ssh later.
-rm -f $(dirname $0)/onos
-
-set -e
-
-# Scan arguments for user/password or other options...
-while getopts u:p: o; do
- case "$o" in
- u) user=$OPTARG;;
- p) password=$OPTARG;;
- esac
-done
-password=${password:-$user} # password defaults to the user if not specified
-let OPC=$OPTIND-1
-shift $OPC
-
-cd $(dirname $0)/../apache-karaf-*/etc
-USERS=users.properties
-KEYS=keys.properties
-
-# Remove the built-in users and keys to secure the access implicitly.
-egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
-egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
-
-# Remove any previous known keys for the local host.
-ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
-
-# Swap the onos client to use the SSH variant.
-ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos
-
-# If user and password options were given, setup the user/password.
-if [ -n "$user" -a -n "$password" ]; then
- echo "$user = $password,_g_:admingroup" >> $USERS
-fi
\ No newline at end of file
+echo "This command has been deprecated!"
+echo "Please use 'onos-user-key' and 'onos-user-password' commands instead."
\ No newline at end of file
diff --git a/tools/package/bin/onos-user-key b/tools/package/bin/onos-user-key
index db24da1..9a6aff3 100755
--- a/tools/package/bin/onos-user-key
+++ b/tools/package/bin/onos-user-key
@@ -1,20 +1,28 @@
#!/bin/bash
# -----------------------------------------------------------------------------
-# Adds or removes a user key for managing passwordless loging to ONOS console.
+# Adds or removes a user key for managing passwordless login to ONOS console.
# -----------------------------------------------------------------------------
-[ $# -lt 2 ] && echo "usage: $(basename $0) user {key|remove}" && exit 1
+usage="usage: $(basename $0) user {key|key-file|--remove}"
+
+[ $# -lt 2 ] && echo "$usage" >&2 && exit 1
set -e
user=$1
[ -f $2 ] && key=$(cut -d\ -f2 $2) || key=$2
+[ -z "$user" -o -z "$key" ] && echo "$usage" >&2 && exit 1
+
cd $(dirname $0)/../apache-karaf-*/etc
KEYS=keys.properties
# Remove the user key first, in case one was already present
-egrep -v "^$user[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
-if [ $key != "remove" ]; then
+egrep -v "^($user|karaf)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
+if [ $key != "--remove" ]; then
echo "$user=$key,_g_:admingroup" >> $KEYS
fi
+
+# Also, remove any previous known keys for the localhost.
+ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
+
diff --git a/tools/package/bin/onos-user-password b/tools/package/bin/onos-user-password
new file mode 100755
index 0000000..a7c638c
--- /dev/null
+++ b/tools/package/bin/onos-user-password
@@ -0,0 +1,24 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Adds or removes the specified user and password to secure ONOS GUI and
+# ONOS REST API; also removes the default user/password entry.
+# -----------------------------------------------------------------------------
+
+usage="usage: $(basename $0) user {password|--remove}"
+
+user=$1
+password=$2
+
+[ -z "$user" -o -z "$password" ] && echo "$usage" >&2 && exit 1
+
+cd $(dirname $0)/../apache-karaf-*/etc
+USERS=users.properties
+
+# Remove the user entry first, in case one was already present.
+# Also remove the built-in user to implicitly secure access.
+egrep -v "^($user|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
+
+# Add the user and the password to the user properties file.
+if [ $password != "--remove" ]; then
+ echo "$user = $password,_g_:admingroup" >> $USERS
+fi