diff options
Diffstat (limited to 'heat')
-rw-r--r-- | heat/docker-compose-1.yaml | 10 | ||||
-rw-r--r-- | heat/docker-compose-2.yaml | 9 | ||||
-rw-r--r-- | heat/docker-compose-3.yaml | 8 | ||||
-rw-r--r-- | heat/docker-compose-4.yaml | 14 | ||||
-rwxr-xr-x | heat/register.sh | 12 | ||||
-rwxr-xr-x | heat/setup.sh | 62 |
6 files changed, 111 insertions, 4 deletions
diff --git a/heat/docker-compose-1.yaml b/heat/docker-compose-1.yaml index edc6bba..72c84df 100644 --- a/heat/docker-compose-1.yaml +++ b/heat/docker-compose-1.yaml @@ -61,9 +61,19 @@ services: - "10000:10000" depends_on: - "consul" + - "tls-init" labels: - "SERVICE_10000_NAME=config_binding_service" - "SERVICE_10000_CHECK_HTTP=/healthcheck" - "SERVICE_10000_CHECK_INTERVAL=15s" - "SERVICE_10000_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" + + tls-init: + image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.deployments.tls-init-container:{{ dcae_docker_tls }}" + container_name: "tls-init" + hostname: "tls-init" + volumes: + - "./tls/shared:/opt/tls/shared" diff --git a/heat/docker-compose-2.yaml b/heat/docker-compose-2.yaml index 317aec4..dca210e 100644 --- a/heat/docker-compose-2.yaml +++ b/heat/docker-compose-2.yaml @@ -20,6 +20,8 @@ services: - "SERVICE_8080_CHECK_HTTP=/healthcheck" - "SERVICE_8080_CHECK_INTERVAL=15s" - "SERVICE_8080_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" mvp-dcaegen2-analytics-tca: @@ -51,6 +53,8 @@ services: - "SERVICE_11011_CHECK_HTTP=/cdap/ns/cdap_tca_hi_lo" - "SERVICE_11011_CHECK_INTERVAL=15s" - "SERVICE_11011_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" mvp-dcaegen2-analytics-holmes-engine-management: image: "{{ nexus_docker_repo }}/onap/holmes/engine-management:{{ holmes_docker_em }}" @@ -70,6 +74,8 @@ services: - "9102:9102" labels: - "SERVICE_9102_IGNORE=true" + volumes: + - "./tls/shared:/opt/tls/shared" mvp-dcaegen2-analytics-holmes-rule-management: image: "{{ nexus_docker_repo }}/onap/holmes/rule-management:{{ holmes_docker_rm }}" @@ -89,4 +95,5 @@ services: - "9101:9101" labels: - "SERVICE_9101_IGNORE=true" - + volumes: + - "./tls/shared:/opt/tls/shared" diff --git a/heat/docker-compose-3.yaml b/heat/docker-compose-3.yaml index 3eef2bc..6ef467c 100644 --- a/heat/docker-compose-3.yaml +++ b/heat/docker-compose-3.yaml @@ -16,6 +16,8 @@ services: - "SERVICE_8080_CHECK_HTTP=/dcae-service-types" - "SERVICE_8080_CHECK_INTERVAL=15s" - "SERVICE_8080_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" service-change-handler: @@ -33,6 +35,8 @@ services: - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/health.sh" - "SERVICE_CHECK_INTERVAL=15s" - "SERVICE_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" deployment_handler: @@ -50,6 +54,8 @@ services: - "SERVICE_8443_CHECK_HTTP=/" - "SERVICE_8443_CHECK_INTERVAL=15s" - "SERVICE_8443_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/app/dh/etc/cert/" policy_handler: @@ -64,4 +70,6 @@ services: - "SERVICE_25577_CHECK_HTTP=/healthcheck" - "SERVICE_25577_CHECK_INTERVAL=15s" - "SERVICE_25577_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/app/policy_handler/etc/tls/certs/" diff --git a/heat/docker-compose-4.yaml b/heat/docker-compose-4.yaml index f284f29..11272dd 100644 --- a/heat/docker-compose-4.yaml +++ b/heat/docker-compose-4.yaml @@ -20,6 +20,8 @@ services: - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/snmptrap/bin/snmptrapd.sh status" - "SERVICE_CHECK_INTERVAL=300s" - "SERVICE_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" prh: @@ -42,6 +44,8 @@ services: - "SERVICE_8082_CHECK_HTTP=/heartbeat" - "SERVICE_8082_CHECK_INTERVAL=15s" - "SERVICE_8082_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" hvves: @@ -64,6 +68,8 @@ services: - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/hvves/bin/healthcheck.sh" - "SERVICE_CHECK_INTERVAL=15s" - "SERVICE_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" datafile: @@ -84,6 +90,8 @@ services: - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh" - "SERVICE_CHECK_INTERVAL=15s" - "SERVICE_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" mapper-universalvesadaptor: image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:{{ dcae_docker_mua }}" @@ -103,6 +111,8 @@ services: - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh" - "SERVICE_CHECK_INTERVAL=15s" - "SERVICE_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" mapper-snmp: image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.services.mapper.vesadapter.snmpmapper:{{ dcae_docker_msnmp }}" @@ -122,6 +132,8 @@ services: - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh" - "SERVICE_CHECK_INTERVAL=15s" - "SERVICE_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" heartbeat: @@ -142,4 +154,6 @@ services: - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh" - "SERVICE_CHECK_INTERVAL=15s" - "SERVICE_CHECK_INITIAL_STATUS=passing" + volumes: + - "./tls/shared:/opt/tls/shared" diff --git a/heat/register.sh b/heat/register.sh index 9b7f508..e1a74fd 100755 --- a/heat/register.sh +++ b/heat/register.sh @@ -197,7 +197,10 @@ REGKV=' "policy_handler": { "deploy_handler": { "target_entity": "deployment_handler", + "tls_ca_mode": "do_not_verify", "max_msg_length_mb": 5, + "url" : "https://{{ dcae_ip_addr }}:8188", + "tls_ca_mode" : "cert_directory", "query": { "cfy_tenant_name": "default_tenant" } @@ -214,6 +217,9 @@ REGKV=' }, "policy_engine": { "path_api": "/pdp/api/", + "path_notifications" : "/pdp/notifications", + "tls_ca_mode" : "cert_directory", + "tls_wss_ca_mode" : "cert_directory", "headers": { "Environment": "TEST", "ClientAuth": "cHl0aG9uOnRlc3Q=", @@ -222,8 +228,10 @@ REGKV=' "Authorization": "Basic dGVzdHBkcDphbHBoYTEyMw==" }, "path_pdp": "/pdp/", - "url": "http://{{ policy_ip_addr }}:8081", - "target_entity": "policy_engine" + "url": "https://{{ policy_ip_addr }}:8081", + "target_entity": "policy_engine", + "tls_wss_ca_mode": "do_not_verify", + "tls_ca_mode": "do_not_verify" } } }' diff --git a/heat/setup.sh b/heat/setup.sh index 0014644..289f6e0 100755 --- a/heat/setup.sh +++ b/heat/setup.sh @@ -49,7 +49,67 @@ for wagon in ./wagons/*.wgn; do cfy plugins upload \$wagon ; done deactivate EOL -wget -O scripts-in-container/build-plugins.sh https://git.onap.org/dcaegen2/deployments/plain/k8s-bootstrap-container/build-plugins.sh +#wget -O scripts-in-container/build-plugins.sh https://git.onap.org/dcaegen2/deployments/plain/k8s-bootstrap-container/build-plugins.sh +cat > scripts-in-container/build-plugins.sh << EOL +#!/bin/bash + +# Pull plugin archives from repos +# Build wagons +# $1 is the DCAE repo URL +# $2 is the CCSDK repo URL +# (This script runs at Docker image build time) +# +set -x +DEST=wagons + +# For DCAE, we get zips of the archives and build wagons +DCAEPLUGINFILES=\ +"\ +relationshipplugin/1.0.0/relationshipplugin-1.0.0.tgz +dcaepolicyplugin/2.3.0/dcaepolicyplugin-2.3.0.tgz +dockerplugin/3.2.0/dockerplugin-3.2.0.tgz \ +" + +# For CCSDK, we pull down the wagon files directly +CCSDKPLUGINFILES=\ +"\ +plugins/pgaas-1.1.0-py27-none-any.wgn +plugins/sshkeyshare-1.0.0-py27-none-any.wgn +" + +# Build a set of wagon files from archives in a repo +# $1 -- repo base URL +# $2 -- list of paths to archive files in the repo +function build { + for plugin in $2 + do + # Could just do wagon create with the archive URL as source, + # but can't use a requirements file with that approach + mkdir work + target=$(basename ${plugin}) + curl -Ss $1/${plugin} > ${target} + tar zxvf ${target} --strip-components=2 -C work + wagon create -t tar.gz -o ${DEST} -r work/requirements.txt --validate ./work + rm -rf work + done +} + +# Copy a set of wagons from a repo +# $1 -- repo baseURL +# $2 -- list of paths to wagons in the repo +function get_wagons { + for wagon in $2 + do + target=$(basename ${wagon}) + curl -Ss $1/${wagon} > ${DEST}/${target} + done +} + +mkdir ${DEST} +build $1 "${DCAEPLUGINFILES}" +get_wagons $2 "${CCSDKPLUGINFILES}" +EOL + chmod 777 scripts-in-container/* echo "Launching Cloudify Manager container" |