diff options
-rw-r--r-- | docker-compose/docker-compose.yml | 1 | ||||
-rw-r--r-- | installation/appc/pom.xml | 4 | ||||
-rw-r--r-- | installation/appc/src/main/resources/custom.properties | 88 | ||||
-rw-r--r-- | installation/appc/src/main/resources/jetty.xml | 131 | ||||
-rw-r--r-- | installation/appc/src/main/resources/keystore | bin | 0 -> 2219 bytes | |||
-rw-r--r-- | installation/appc/src/main/scripts/dockerInstall.sh | 5 |
6 files changed, 229 insertions, 0 deletions
diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml index 706465b..b5f0506 100644 --- a/docker-compose/docker-compose.yml +++ b/docker-compose/docker-compose.yml @@ -72,6 +72,7 @@ services: container_name: appc_controller_container entrypoint: ["/opt/onap/appc/bin/startODL.sh"] ports: + - "8443:8443" - "8282:8181" - "1830:1830" - "9090:9191" diff --git a/installation/appc/pom.xml b/installation/appc/pom.xml index 82c3d14..6c5378d 100644 --- a/installation/appc/pom.xml +++ b/installation/appc/pom.xml @@ -112,11 +112,13 @@ limitations under the License. <resource> <directory>src/main/resources</directory> <includes> + <include>keystore</include> <include>*.dump</include> <include>*.sh</include> <include>*.cfg</include> <include>*.xml</include> <include>*.json</include> + <include>*.properties</include> </includes> <filtering>false</filtering> </resource> @@ -359,11 +361,13 @@ limitations under the License. <resource> <directory>src/main/resources</directory> <includes> + <include>keystore</include> <include>*.dump</include> <include>*.sh</include> <include>*.cfg</include> <include>*.xml</include> <include>*.json</include> + <include>*.properties</include> </includes> <filtering>false</filtering> </resource> diff --git a/installation/appc/src/main/resources/custom.properties b/installation/appc/src/main/resources/custom.properties new file mode 100644 index 0000000..ebfaf8e --- /dev/null +++ b/installation/appc/src/main/resources/custom.properties @@ -0,0 +1,88 @@ +# Extra packages to import from the boot class loader +org.osgi.framework.system.packages.extra=org.apache.karaf.branding,sun.reflect,sun.reflect.misc,sun.misc,sun.nio.ch,com.sun.media.sound,sun.net,sun.security.x509,com.sun.management + +# https://bugs.eclipse.org/bugs/show_bug.cgi?id=325578 +# Extend the framework to avoid the resources to be presented with +# a URL of type bundleresource: but to be presented as file: +osgi.hook.configurators.include=org.eclipse.virgo.kernel.equinox.extensions.hooks.ExtensionsHookConfigurator + +# Embedded Tomcat configuration File +org.eclipse.gemini.web.tomcat.config.path=configuration/tomcat-server.xml +org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true + +# Use Equinox as default OSGi Framework Implementation +karaf.framework=equinox + +# Show a progress bar on startup and start the console when all bundles are up and running. +# (If you are in a hurry you can still type enter to start the shell faster.) +karaf.delay.console=true + +# Set security provider to BouncyCastle +org.apache.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider + +# We set this to false to disable the Aries BlueprintExtender from doing its orderly container +# shutdown so we can do it after the CSS has shut down all its modules. Otherwise Aries will +# shutdown blueprint containers when the karaf framework starts shutdown (ie when bundle 0 is +# stopped) which can cause failures on CSS module shutdown due to the core blueprint containers +# and services already being shut down. This setting can be removed when/if CSS is removed +# completely from ODL. +org.apache.aries.blueprint.preemptiveShutdown=false + +netconf.config.persister.active=1 + +netconf.config.persister.1.storageAdapterClass=org.opendaylight.controller.config.persist.storage.file.xml.XmlFileStorageAdapter +netconf.config.persister.1.properties.fileStorage=etc/opendaylight/current/controller.currentconfig.xml +netconf.config.persister.1.properties.numberOfBackups=1 + +# Container configuration +container.profile = Container + +# Connection manager configuration +connection.scheme = ANY_CONTROLLER_ONE_MASTER + +# TLS configuration +# To enable TLS, set secureChannelEnabled=true and specify the location of controller Java KeyStore and TrustStore files. +# The Java KeyStore contains controller's private key and certificate. The Java TrustStore contains the trusted certificate +# entries, including switches' Certification Authority (CA) certificates. For example, +# secureChannelEnabled=true +# controllerKeyStore=./configuration/ctlKeyStore +# controllerKeyStorePassword=xxxxxxxx (this password should match the password used for KeyStore generation and at least 6 characters) +# controllerTrustStore=./configuration/ctlTrustStore +# controllerTrustStorePassword=xxxxxxxx (this password should match the password used for TrustStore generation and at least 6 characters) + +secureChannelEnabled=false +controllerKeyStore= +controllerKeyStorePassword= +controllerTrustStore= +controllerTrustStorePassword= + +org.osgi.service.http.secure.enabled=true +org.osgi.service.http.port.secure=8443 +org.ops4j.pax.web.ssl.keystore=./etc/keystore +org.ops4j.pax.web.ssl.password=123456 +org.ops4j.pax.web.ssl.keypassword=123456 + +# User Manager configurations +enableStrongPasswordCheck = false + +#Jolokia configurations +#org.jolokia.listenForHttpService=false + +# Logging configuration for Tomcat-JUL logging +java.util.logging.config.file=configuration/tomcat-logging.properties + +#Hosttracker hostsdb key scheme setting +hosttracker.keyscheme=IP + +# LISP Flow Mapping configuration +# Enable merging RLOC sets received from different xTR-IDs for the same EID (default: false) +lisp.mappingMerge = false +# Enable the Solicit-Map-Request (SMR) mechanism (default: true) +lisp.smr = true +# Choose policy for Explicit Locator Path (ELP) handling +# There are three options: +# default: don't add or remove locator records, return mapping as-is +# both: keep the ELP, but add the next hop as a standalone non-LCAF locator with a lower priority +# replace: remove the ELP, add the next hop as a standalone non-LCAF locator +lisp.elpPolicy = default + diff --git a/installation/appc/src/main/resources/jetty.xml b/installation/appc/src/main/resources/jetty.xml new file mode 100644 index 0000000..cc80dff --- /dev/null +++ b/installation/appc/src/main/resources/jetty.xml @@ -0,0 +1,131 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting// +DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd"> + +<Configure id="Server" class="org.eclipse.jetty.server.Server"> + + <!-- =========================================================== --> + <!-- Set connectors --> + <!-- =========================================================== --> + <!-- One of each type! --> + <!-- =========================================================== --> + + <!-- Use this connector for many frequently idle connections and for + threadless continuations. --> + <New id="http-default" class="org.eclipse.jetty.server.HttpConfiguration"> + <Set name="secureScheme">https</Set> + <Set name="securePort"> + <Property name="jetty.secure.port" default="8443" /> + </Set> + <Set name="outputBufferSize">32768</Set> + <Set name="requestHeaderSize">8192</Set> + <Set name="responseHeaderSize">8192</Set> + + <!-- Default security setting: do not leak our version --> + <Set name="sendServerVersion">false</Set> + + <Set name="sendDateHeader">false</Set> + <Set name="headerCacheSize">512</Set> + </New> + + <New id="http-legacy" class="org.eclipse.jetty.server.HttpConfiguration"> + <Set name="secureScheme">https</Set> + <Set name="securePort"> + <Property name="jetty.secure.port" default="8443" /> + </Set> + <Set name="outputBufferSize">32768</Set> + <Set name="requestHeaderSize">8192</Set> + <Set name="responseHeaderSize">8192</Set> + + <!-- Default security setting: do not leak our version --> + <Set name="sendServerVersion">false</Set> + + <Set name="sendDateHeader">false</Set> + <Set name="headerCacheSize">512</Set> + </New> + + <Call name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.ServerConnector"> + <Arg name="server"> + <Ref refid="Server" /> + </Arg> + <Arg name="factories"> + <Array type="org.eclipse.jetty.server.ConnectionFactory"> + <Item> + <New class="org.eclipse.jetty.server.HttpConnectionFactory"> + <Arg name="config"> + <Ref refid="http-default"/> + </Arg> + </New> + </Item> + </Array> + </Arg> + <Set name="host"> + <Property name="jetty.host"/> + </Set> + <Set name="port"> + <Property name="jetty.port" default="8181"/> + </Set> + <Set name="idleTimeout"> + <Property name="http.timeout" default="300000"/> + </Set> + <Set name="name">jetty-default</Set> + </New> + </Arg> + </Call> + + <!-- =========================================================== --> + <!-- Configure Authentication Realms --> + <!-- Realms may be configured for the entire server here, or --> + <!-- they can be configured for a specific web app in a context --> + <!-- configuration (see $(jetty.home)/contexts/test.xml for an --> + <!-- example). --> + <!-- =========================================================== --> + <Call name="addBean"> + <Arg> + <New class="org.eclipse.jetty.jaas.JAASLoginService"> + <Set name="name">karaf</Set> + <Set name="loginModuleName">karaf</Set> + <Set name="roleClassNames"> + <Array type="java.lang.String"> + <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal + </Item> + </Array> + </Set> + </New> + </Arg> + </Call> + <Call name="addBean"> + <Arg> + <New class="org.eclipse.jetty.jaas.JAASLoginService"> + <Set name="name">default</Set> + <Set name="loginModuleName">karaf</Set> + <Set name="roleClassNames"> + <Array type="java.lang.String"> + <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal + </Item> + </Array> + </Set> + </New> + </Arg> + </Call> +</Configure> diff --git a/installation/appc/src/main/resources/keystore b/installation/appc/src/main/resources/keystore Binary files differnew file mode 100644 index 0000000..cd37a73 --- /dev/null +++ b/installation/appc/src/main/resources/keystore diff --git a/installation/appc/src/main/scripts/dockerInstall.sh b/installation/appc/src/main/scripts/dockerInstall.sh index 264e8d9..a35896d 100644 --- a/installation/appc/src/main/scripts/dockerInstall.sh +++ b/installation/appc/src/main/scripts/dockerInstall.sh @@ -70,6 +70,11 @@ echo "" >> $APPC_HOME/data/properties/appc.properties echo "Copying the aaa shiro configuration into opendaylight" cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml +echo "Copying jetty, keystore for https into opendalight" +cp ${APPC_HOME}/data/jetty.xml ${ODL_HOME}/etc/jetty.xml +cp ${APPC_HOME}/data/keystore ${ODL_HOME}/etc/keystore +cp ${APPC_HOME}/data/custom.properties ${ODL_HOME}/etc/custom.properties + echo "Stopping OpenDaylight and waiting for it to stop" ${ODL_HOME}/bin/stop #The karaf command will exit when odl shuts down. This is the most reliable way to wait for opendaylight to stop |