diff options
author | dglFromAtt <dgl@research.att.com> | 2018-04-24 08:46:34 -0400 |
---|---|---|
committer | dglFromAtt <dgl@research.att.com> | 2018-04-24 08:46:40 -0400 |
commit | 038b4a47c7194b51106cf2c325078924403defea (patch) | |
tree | 5e8107c36e1a9cc791d7dc297d5f56ce599caccb | |
parent | d416829dabd3ea20cb756a69b60f179636839f4f (diff) |
Integrate AAF certificate and CA truststore
This installs a server certificate with CN: dbc.api.simpledemo.onap.org
which is probably good for the heat integration environment.
Also, the container truststore is updated with the AAFRootCA
so that Bus Controller can be a client to other ONAP components with
AAF provided certificates.
Change-Id: I158929dd86fa550f964fab18eb8e975cde8062d8
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-435
-rw-r--r-- | Dockerfile | 1 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | misc/cert-client-init.sh | 60 | ||||
-rw-r--r-- | misc/dbc-api.jks | bin | 0 -> 3570 bytes | |||
-rw-r--r-- | misc/dmaapbc | 29 | ||||
-rw-r--r-- | misc/doaction | 1 | ||||
-rw-r--r-- | pom.xml | 2 | ||||
-rw-r--r-- | version.properties | 2 |
8 files changed, 57 insertions, 42 deletions
@@ -18,6 +18,7 @@ COPY target/buscontroller.jar ${insdir}/lib/ # COPY target/site/apidocs/ ${insdir}/www/doc/ COPY misc/LocalKey ${insdir}/etc/ COPY misc/logback.xml ${insdir}/etc/ +COPY misc/dbc-api.jks ${insdir}/etc/keystore COPY misc/opensource.env ${insdir}/misc/ COPY misc/*.tmpl ${insdir}/misc/ COPY misc/cert-client-init.sh ${insdir}/misc/ @@ -78,7 +78,7 @@ DMAAPBC_PE_AAF_ENV=TBD Then the following steps could be used to pull and run the Bus Controller. (onap-nexus is just an example) ``` $ -$ docker pull ecomp-nexus:51212/dcae_dmaapbc:1.0.0 -$ docker run -d -p 18080:8080 -v /tmp/docker-databus-controller.conf:/opt/app/config/conf onap-nexus:51212/dmaap/buscontroller:1.0.0 +$ docker pull nexus3.onap.org:10003/onap/dmaap/buscontroller:latest +$ docker run -d -p 18080:8080 -p 18443:8443 -v /tmp/docker-databus-controller.conf:/opt/app/config/conf nexus3.onap.org:10003/onap/dmaap/buscontroller:latest ``` diff --git a/misc/cert-client-init.sh b/misc/cert-client-init.sh index 53701f8..cba9354 100644 --- a/misc/cert-client-init.sh +++ b/misc/cert-client-init.sh @@ -8,35 +8,49 @@ # Works on both CentOS and Ubuntu. # set -x -cat >/tmp/aafcacert.crt <<'!EOF' + +# IMPORTANT: use a .crt suffix for update-ca-certificates to work +# +AAFCERT=AAF_RootCA.crt +cat >/tmp/$AAFCERT <<'!EOF' -----BEGIN CERTIFICATE----- -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -******* PUT REAL CERTIFICATE HERE **************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** -**************************************************************** +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= -----END CERTIFICATE----- !EOF -chmod 444 /tmp/aafcacert.crt +chmod 444 /tmp/$AAFCERT if [ -f /etc/redhat-release ] then - mv /tmp/aafcacert.crt /etc/pki/ca-trust/source/anchors/aafcacert.pem + mv /tmp/$AAFCERT /etc/pki/ca-trust/source/anchors/aafcacert.pem update-ca-trust else - mv /tmp/aafcacert.crt /usr/local/share/ca-certificates/aafcacert.crt + mv /tmp/$AAFCERT /usr/local/share/ca-certificates/$AAFCERT update-ca-certificates fi diff --git a/misc/dbc-api.jks b/misc/dbc-api.jks Binary files differnew file mode 100644 index 0000000..8c0f61a --- /dev/null +++ b/misc/dbc-api.jks diff --git a/misc/dmaapbc b/misc/dmaapbc index c63fcee..5254108 100644 --- a/misc/dmaapbc +++ b/misc/dmaapbc @@ -43,13 +43,15 @@ config() { else echo "Not creating $APP_ROOT/ok_to_exit" fi - # comment out till certs are available - #if [ ! -f $APP_ROOT/misc/cert-client-init.sh ] - #then - # echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore" - # exit 1 - #fi - #$APP_ROOT/misc/cert-client-init.sh + + if [ ! -f $APP_ROOT/misc/cert-client-init.sh ] + then + echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore" + exit 1 + fi + $APP_ROOT/misc/cert-client-init.sh + . misc/havecert.tmpl > etc/havecert + chmod +x etc/havecert . misc/dmaapbc.properties.tmpl > etc/dmaapbc.properties . misc/PolicyEngineApi.properties.tmpl > config/PolicyEngineApi.properties set +x @@ -71,14 +73,13 @@ start() { fi cd $APP_ROOT -# disable until we use certs -# if etc/havecert -# then + if etc/havecert + then echo >/dev/null -# else -# echo No certificate file available. Cannot start -# exit 0 -# fi + else + echo No certificate file available. Cannot start + exit 0 + fi PIDS=`pids` if [ "$PIDS" != "" ] then diff --git a/misc/doaction b/misc/doaction index d3dd9b8..18b0caa 100644 --- a/misc/doaction +++ b/misc/doaction @@ -20,7 +20,6 @@ case "$action" in /bin/bash dmaapbc.properties.tmpl >dmaapbc.properties /bin/bash havecert.tmpl >havecert /bin/bash PolicyEngineApi.properties.tmpl > ../config/PolicyEngineApi.properties - echo "$AFTSWM_ACTION_NEW_VERSION" >VERSION.dmaapbc chmod +x havecert rm -f /opt/app/platform/rc.d/K90dmaapbc /opt/app/platform/rc.d/S10dmaapbc ln -s ../init.d/dmaapbc /opt/app/platform/rc.d/K90dmaapbc @@ -302,7 +302,7 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <jettyVersion>9.3.7.v20160115</jettyVersion> <eelf.version>0.0.1</eelf.version> - <artifact.version>1.0.8</artifact.version> + <artifact.version>1.0.9</artifact.version> <!-- SONAR --> <jacoco.version>0.7.7.201606060606</jacoco.version> <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> diff --git a/version.properties b/version.properties index 9a4bc7e..8f72e5e 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=1 minor=0 -patch=8 +patch=9 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins |