From 0f2c2039cd9d9b26482fc7488ae1bdf99f2544f5 Mon Sep 17 00:00:00 2001 From: Zlatko Murgoski Date: Tue, 5 Mar 2019 11:31:48 +0100 Subject: Collector authentication enhancement Collector authentication enhancement Change-Id: I03a05cb83dd8c498fb218e82e9b3958348fbb4ac Issue-ID: DCAEGEN2-1101 Signed-off-by: Zlatko Murgoski --- etc/collector.properties | 39 ++++++++++++++++----------------------- 1 file changed, 16 insertions(+), 23 deletions(-) (limited to 'etc/collector.properties') diff --git a/etc/collector.properties b/etc/collector.properties index f0aac3b5..36c79b51 100755 --- a/etc/collector.properties +++ b/etc/collector.properties @@ -11,19 +11,30 @@ ## Normally: ## ## - 8080 is http service -## - https is disabled by default (-1) +## - https is disabled by default ## ## - At this time, the server always binds to 0.0.0.0 ## -## The default port when header.authflag is disabled (0) +## collector.service.port=8080 -## The secure port is required if header.authflag is set to 1 (true) ## Authentication is only supported via secure port ## When enabled - require valid keystore defined collector.service.secure.port=8443 -collector.service.secure.clientauth=0 +# auth.method flags: +# +# noAuth - default option - no security (http) +# certOnly - auth by certificate (https) +# basicAuth - auth by basic auth username and password (https) +# certBasicAuth - auth by certificate and basic auth username / password (https) +auth.method=noAuth + +## Combination of userid,hashPassword encoded pwd list to be supported +## userid and pwd comma separated; pipe delimitation between each pair +## Password is generated by crypt-password library using BCrypt algorithm stored in dcaegen2/sdk package +## or https://nexus.onap.org/#nexus-search;quick~crypt-password +header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6 ## The keystore must be setup per installation when secure port is configured collector.keystore.file.location=etc/keystore @@ -33,7 +44,6 @@ collector.keystore.passwordfile=etc/passwordfile collector.truststore.file.location=etc/truststore collector.truststore.passwordfile=etc/trustpasswordfile -############################################################################### ## Processing ## ## If there's a problem that prevents the collector from processing alarms, @@ -53,27 +63,10 @@ collector.schema.file={\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./e collector.dmaap.streamid=fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration collector.dmaapfile=./etc/DmaapConfig.json -## authflag control authentication by the collector -## If enabled (1) - then authlist has to be defined -## When authflag is enabled, only secure port will be supported -## To disable enter 0 -header.authflag=0 - -## Combination of userid,hashPassword encoded pwd list to be supported -## userid and pwd comma separated; pipe delimitation between each pair -header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6 - ## Event transformation Flag - when set expects configurable transformation ## defined under ./etc/eventTransform.json ## Enabled by default; to disable set to 0 event.transform.flag=1 # Describes at what frequency (measured in minutes) should application try to fetch config from CBS -collector.dynamic.config.update.frequency=5 - -############################################################################### -## -## Tomcat control -## -#tomcat.maxthreads=(tomcat default, which is usually 200) - +collector.dynamic.config.update.frequency=5 \ No newline at end of file -- cgit 1.2.3-korg