aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTommy Carpenter <tommy@research.att.com>2018-07-25 08:49:20 -0400
committerTommy Carpenter <tommy@research.att.com>2018-07-27 15:23:12 -0400
commit9ab2e0ba160020d68d31dce54eb0857e1ea2a2d0 (patch)
tree17bb5b9b5e6da14cc987d3bfd7175b10c24493ca
parentea057dc673d2a6b88fb759831cce0bec5bd572f3 (diff)
Add self signed cert in Dockerfile
Change-Id: Ie013fe125e5b76cf7243a51f25d2d933283a0f86 Issue-ID: DCAEGEN2-562 Signed-off-by: Tommy Carpenter <tommy@research.att.com>
-rw-r--r--Changelog.md3
-rw-r--r--Dockerfile7
-rw-r--r--README.md40
-rw-r--r--app/app/pom.xml4
-rw-r--r--app/app/setup.py2
-rw-r--r--app/app/tox.ini1
-rw-r--r--app/pom.xml4
-rw-r--r--pom.xml2
-rw-r--r--tox-local.ini2
9 files changed, 42 insertions, 23 deletions
diff --git a/Changelog.md b/Changelog.md
index 9a83c20..d1c2fac 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
+## [2.2.3] - 7/25/2018
+* By request, include a self signed cert so the image always comes up.
+
## [2.2.2] - 7/9/2018
* Add EELF metrics log and logging statements
* Fixed a redundant Consul call where client.resolve_all did not need to call the transaction API twice
diff --git a/Dockerfile b/Dockerfile
index ae2f079..6c783f0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,9 +15,16 @@ RUN mkdir -p /etc/nginx/ssl
COPY nginxhttps.conf /etc/nginx/conf.d/nginxhttps.conf
+#443 is https, 10000 is http
+# in the future, hopefully http can go away completely
ENV LISTEN_PORT 10000
EXPOSE 443
EXPOSE 10000
+# Mount a self signed certificate that should be overwritten upon Run
+RUN apt-get update && \
+ apt-get install -y openssl && \
+ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=US/ST=NJ/L=foo/O=ONAP/OU=ONAP/CN=configbinding"
+
#this is a registrator flag that tells it to ignore 80 from service discovery. Nothing is listening on 80, but the parent Dockerfile here exposes it. This container is internally listening on 10000 and 443.
ENV SERVICE_80_IGNORE true
diff --git a/README.md b/README.md
index cffbe73..6cc17c4 100644
--- a/README.md
+++ b/README.md
@@ -15,13 +15,7 @@ There is also a "dmaap key", which is the same concept, except what gets injecte
In addition, this service provides the capability to retrieve either the DTI events (not history) or the policies for a given service_component.
# Usage
-hit `url_of_this/service_component/service_component_name` and you are returned your bound config.
-
-hit `url_of_this/dtievents/service_component_name` and you are returned the dti events for your service_component.
-
-hit `url_of_this/policies/service_component_name` and you are returned the policies for your service_component.
-
-(Note: there is also a backdoor in the `client` module that allows you to pass in a direct JSON and a direct rels, but this isn't exposed via the HTTP API as of now)
+See the Swagger spec.
# Assumptions
1. `CONSUL_HOST` is set as an environmental variable where this binding service is run. If it is not, it defaults to the Rework Consul which is probably not what you want.
@@ -47,24 +41,40 @@ X's configuration:
This project uses https://hub.docker.com/r/tiangolo/uwsgi-nginx-flask/
This is a solution that runs a productionalized setup using NGINX+uwsgi+Flask (Flask is not meant to be run as a real webserver per their docs). This project requires the app/app structure. Tox still works from the root due to tox magic.
-# Testing
-You need tox:
+This structure, combined with Sonar limitations, leads to an unfortunate need of having three nested poms. There is a top level pom, a tiny pom in /app, and the "main" pom in /app/app.
+
+# Development
+## Version changes
+An unforunate consequence of the nested poms is that development changes require a version bump in several places. They are:
+1. top level pom
+2. pom in /app
+3. pom in /app/app
+4. setup.py in /app/app
+5. Changelod.md
+
+Additionally, if the development leads to an API change,
+6. swagger.yaml in /app/app
+
+## Testing
+You need `tox`.
+
+To recreate the tox that the ONAP build process calls, from /app/app, *not in a virtual env*, just run:
```
-pip install tox
+tox
```
-Then from the root dir, *not in a virtual env*, just run:
+
+For local development, there is a tox that outputs to an html website that is easier to read and navigate then xml. From the *root*, run
```
-tox
+tox -c tox-local.ini
```
-You may have to alter the tox.ini for the python envs you wish to test with.
-# Deployment information
+# Deployment
## Ports, HTTPS key/cert location
The CBS frontend (NGINX) exposes 10000 and 443. It runs HTTP on 10000 and HTTPS on 443. 80 is also exposed by the parent Dockerfile but nothing is listening there so it can be ignored.
-If you wish to use HTTPS, it expects a key to be mounted at `/etc/nginx/ssl/nginx.key` and a cert to be mounted at `/etc/nginx/ssl/nginx.crt`. For example, a snippet from a `docker run` command:
+The dockerimage mounts it's own self signed certificate. If deploying into a production level scenario, *you should overwrite this cert!*! It expects a key to be mounted at `/etc/nginx/ssl/nginx.key` and a cert to be mounted at `/etc/nginx/ssl/nginx.crt`. For example, a snippet from a `docker run` command:
```
... -v /host/path/to/nginx.key:/etc/nginx/ssl/nginx.key -v /host/path/to/nginx.crt:/etc/nginx/ssl/nginx.crt ...
diff --git a/app/app/pom.xml b/app/app/pom.xml
index 133c9b5..806098d 100644
--- a/app/app/pom.xml
+++ b/app/app/pom.xml
@@ -24,13 +24,13 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
<parent>
<groupId>org.onap.dcaegen2.platform.configbinding</groupId>
<artifactId>app</artifactId>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
</parent>
<!--- CHANGE THE FOLLOWING 3 OBJECTS for your own repo -->
<groupId>org.onap.dcaegen2.platform.configbinding</groupId>
<artifactId>app-app</artifactId>
<name>dcaegen2-platform-configbinding-app-app</name>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/app/app/setup.py b/app/app/setup.py
index afca622..237f7c4 100644
--- a/app/app/setup.py
+++ b/app/app/setup.py
@@ -20,7 +20,7 @@ from setuptools import setup, find_packages
setup(
name='config_binding_service',
- version='2.2.2',
+ version='2.2.3',
packages=find_packages(exclude=["tests.*", "tests"]),
author="Tommy Carpenter",
author_email="tommy@research.att.com",
diff --git a/app/app/tox.ini b/app/app/tox.ini
index 7b42d9b..c58161e 100644
--- a/app/app/tox.ini
+++ b/app/app/tox.ini
@@ -1,7 +1,6 @@
# content of: tox.ini , put in same dir as setup.py
[tox]
envlist = py36,flake8
-#setupdir=app/app
[testenv]
deps=
diff --git a/app/pom.xml b/app/pom.xml
index 4f5506b..52387e6 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -23,14 +23,14 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
<parent>
<groupId>org.onap.dcaegen2.platform</groupId>
<artifactId>configbinding</artifactId>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
</parent>
<!--- CHANGE THE FOLLOWING 3 OBJECTS for your own repo -->
<groupId>org.onap.dcaegen2.platform.configbinding</groupId>
<artifactId>app</artifactId>
<name>dcaegen2-platform-configbinding-app</name>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<packaging>pom</packaging>
diff --git a/pom.xml b/pom.xml
index a4df1f9..2eef1f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
<groupId>org.onap.dcaegen2.platform</groupId>
<artifactId>configbinding</artifactId>
<name>dcaegen2-platform-configbinding</name>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<packaging>pom</packaging>
diff --git a/tox-local.ini b/tox-local.ini
index f4a3f65..be6fb90 100644
--- a/tox-local.ini
+++ b/tox-local.ini
@@ -1,6 +1,6 @@
# content of: tox.ini , put in same dir as setup.py
[tox]
-envlist = py37,flake8
+envlist = py36,flake8
setupdir=app/app
[testenv]