summaryrefslogtreecommitdiffstats
path: root/heat
diff options
context:
space:
mode:
Diffstat (limited to 'heat')
-rw-r--r--heat/docker-compose-1.yaml10
-rw-r--r--heat/docker-compose-2.yaml9
-rw-r--r--heat/docker-compose-3.yaml8
-rw-r--r--heat/docker-compose-4.yaml14
-rwxr-xr-xheat/register.sh12
-rwxr-xr-xheat/setup.sh62
6 files changed, 111 insertions, 4 deletions
diff --git a/heat/docker-compose-1.yaml b/heat/docker-compose-1.yaml
index edc6bba..72c84df 100644
--- a/heat/docker-compose-1.yaml
+++ b/heat/docker-compose-1.yaml
@@ -61,9 +61,19 @@ services:
- "10000:10000"
depends_on:
- "consul"
+ - "tls-init"
labels:
- "SERVICE_10000_NAME=config_binding_service"
- "SERVICE_10000_CHECK_HTTP=/healthcheck"
- "SERVICE_10000_CHECK_INTERVAL=15s"
- "SERVICE_10000_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
+
+ tls-init:
+ image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.deployments.tls-init-container:{{ dcae_docker_tls }}"
+ container_name: "tls-init"
+ hostname: "tls-init"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
diff --git a/heat/docker-compose-2.yaml b/heat/docker-compose-2.yaml
index 317aec4..dca210e 100644
--- a/heat/docker-compose-2.yaml
+++ b/heat/docker-compose-2.yaml
@@ -20,6 +20,8 @@ services:
- "SERVICE_8080_CHECK_HTTP=/healthcheck"
- "SERVICE_8080_CHECK_INTERVAL=15s"
- "SERVICE_8080_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
mvp-dcaegen2-analytics-tca:
@@ -51,6 +53,8 @@ services:
- "SERVICE_11011_CHECK_HTTP=/cdap/ns/cdap_tca_hi_lo"
- "SERVICE_11011_CHECK_INTERVAL=15s"
- "SERVICE_11011_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
mvp-dcaegen2-analytics-holmes-engine-management:
image: "{{ nexus_docker_repo }}/onap/holmes/engine-management:{{ holmes_docker_em }}"
@@ -70,6 +74,8 @@ services:
- "9102:9102"
labels:
- "SERVICE_9102_IGNORE=true"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
mvp-dcaegen2-analytics-holmes-rule-management:
image: "{{ nexus_docker_repo }}/onap/holmes/rule-management:{{ holmes_docker_rm }}"
@@ -89,4 +95,5 @@ services:
- "9101:9101"
labels:
- "SERVICE_9101_IGNORE=true"
-
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
diff --git a/heat/docker-compose-3.yaml b/heat/docker-compose-3.yaml
index 3eef2bc..6ef467c 100644
--- a/heat/docker-compose-3.yaml
+++ b/heat/docker-compose-3.yaml
@@ -16,6 +16,8 @@ services:
- "SERVICE_8080_CHECK_HTTP=/dcae-service-types"
- "SERVICE_8080_CHECK_INTERVAL=15s"
- "SERVICE_8080_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
service-change-handler:
@@ -33,6 +35,8 @@ services:
- "SERVICE_CHECK_DOCKER_SCRIPT=/opt/health.sh"
- "SERVICE_CHECK_INTERVAL=15s"
- "SERVICE_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
deployment_handler:
@@ -50,6 +54,8 @@ services:
- "SERVICE_8443_CHECK_HTTP=/"
- "SERVICE_8443_CHECK_INTERVAL=15s"
- "SERVICE_8443_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/app/dh/etc/cert/"
policy_handler:
@@ -64,4 +70,6 @@ services:
- "SERVICE_25577_CHECK_HTTP=/healthcheck"
- "SERVICE_25577_CHECK_INTERVAL=15s"
- "SERVICE_25577_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/app/policy_handler/etc/tls/certs/"
diff --git a/heat/docker-compose-4.yaml b/heat/docker-compose-4.yaml
index f284f29..11272dd 100644
--- a/heat/docker-compose-4.yaml
+++ b/heat/docker-compose-4.yaml
@@ -20,6 +20,8 @@ services:
- "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/snmptrap/bin/snmptrapd.sh status"
- "SERVICE_CHECK_INTERVAL=300s"
- "SERVICE_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
prh:
@@ -42,6 +44,8 @@ services:
- "SERVICE_8082_CHECK_HTTP=/heartbeat"
- "SERVICE_8082_CHECK_INTERVAL=15s"
- "SERVICE_8082_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
hvves:
@@ -64,6 +68,8 @@ services:
- "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/hvves/bin/healthcheck.sh"
- "SERVICE_CHECK_INTERVAL=15s"
- "SERVICE_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
datafile:
@@ -84,6 +90,8 @@ services:
- "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
- "SERVICE_CHECK_INTERVAL=15s"
- "SERVICE_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
mapper-universalvesadaptor:
image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:{{ dcae_docker_mua }}"
@@ -103,6 +111,8 @@ services:
- "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
- "SERVICE_CHECK_INTERVAL=15s"
- "SERVICE_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
mapper-snmp:
image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.services.mapper.vesadapter.snmpmapper:{{ dcae_docker_msnmp }}"
@@ -122,6 +132,8 @@ services:
- "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
- "SERVICE_CHECK_INTERVAL=15s"
- "SERVICE_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
heartbeat:
@@ -142,4 +154,6 @@ services:
- "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
- "SERVICE_CHECK_INTERVAL=15s"
- "SERVICE_CHECK_INITIAL_STATUS=passing"
+ volumes:
+ - "./tls/shared:/opt/tls/shared"
diff --git a/heat/register.sh b/heat/register.sh
index 9b7f508..e1a74fd 100755
--- a/heat/register.sh
+++ b/heat/register.sh
@@ -197,7 +197,10 @@ REGKV='
"policy_handler": {
"deploy_handler": {
"target_entity": "deployment_handler",
+ "tls_ca_mode": "do_not_verify",
"max_msg_length_mb": 5,
+ "url" : "https://{{ dcae_ip_addr }}:8188",
+ "tls_ca_mode" : "cert_directory",
"query": {
"cfy_tenant_name": "default_tenant"
}
@@ -214,6 +217,9 @@ REGKV='
},
"policy_engine": {
"path_api": "/pdp/api/",
+ "path_notifications" : "/pdp/notifications",
+ "tls_ca_mode" : "cert_directory",
+ "tls_wss_ca_mode" : "cert_directory",
"headers": {
"Environment": "TEST",
"ClientAuth": "cHl0aG9uOnRlc3Q=",
@@ -222,8 +228,10 @@ REGKV='
"Authorization": "Basic dGVzdHBkcDphbHBoYTEyMw=="
},
"path_pdp": "/pdp/",
- "url": "http://{{ policy_ip_addr }}:8081",
- "target_entity": "policy_engine"
+ "url": "https://{{ policy_ip_addr }}:8081",
+ "target_entity": "policy_engine",
+ "tls_wss_ca_mode": "do_not_verify",
+ "tls_ca_mode": "do_not_verify"
}
}
}'
diff --git a/heat/setup.sh b/heat/setup.sh
index 0014644..289f6e0 100755
--- a/heat/setup.sh
+++ b/heat/setup.sh
@@ -49,7 +49,67 @@ for wagon in ./wagons/*.wgn; do cfy plugins upload \$wagon ; done
deactivate
EOL
-wget -O scripts-in-container/build-plugins.sh https://git.onap.org/dcaegen2/deployments/plain/k8s-bootstrap-container/build-plugins.sh
+#wget -O scripts-in-container/build-plugins.sh https://git.onap.org/dcaegen2/deployments/plain/k8s-bootstrap-container/build-plugins.sh
+cat > scripts-in-container/build-plugins.sh << EOL
+#!/bin/bash
+
+# Pull plugin archives from repos
+# Build wagons
+# $1 is the DCAE repo URL
+# $2 is the CCSDK repo URL
+# (This script runs at Docker image build time)
+#
+set -x
+DEST=wagons
+
+# For DCAE, we get zips of the archives and build wagons
+DCAEPLUGINFILES=\
+"\
+relationshipplugin/1.0.0/relationshipplugin-1.0.0.tgz
+dcaepolicyplugin/2.3.0/dcaepolicyplugin-2.3.0.tgz
+dockerplugin/3.2.0/dockerplugin-3.2.0.tgz \
+"
+
+# For CCSDK, we pull down the wagon files directly
+CCSDKPLUGINFILES=\
+"\
+plugins/pgaas-1.1.0-py27-none-any.wgn
+plugins/sshkeyshare-1.0.0-py27-none-any.wgn
+"
+
+# Build a set of wagon files from archives in a repo
+# $1 -- repo base URL
+# $2 -- list of paths to archive files in the repo
+function build {
+ for plugin in $2
+ do
+ # Could just do wagon create with the archive URL as source,
+ # but can't use a requirements file with that approach
+ mkdir work
+ target=$(basename ${plugin})
+ curl -Ss $1/${plugin} > ${target}
+ tar zxvf ${target} --strip-components=2 -C work
+ wagon create -t tar.gz -o ${DEST} -r work/requirements.txt --validate ./work
+ rm -rf work
+ done
+}
+
+# Copy a set of wagons from a repo
+# $1 -- repo baseURL
+# $2 -- list of paths to wagons in the repo
+function get_wagons {
+ for wagon in $2
+ do
+ target=$(basename ${wagon})
+ curl -Ss $1/${wagon} > ${DEST}/${target}
+ done
+}
+
+mkdir ${DEST}
+build $1 "${DCAEPLUGINFILES}"
+get_wagons $2 "${CCSDKPLUGINFILES}"
+EOL
+
chmod 777 scripts-in-container/*
echo "Launching Cloudify Manager container"