1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
|
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
# Indicator for whether to use AAF for authentication
#UseAAF: false
# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
# Comment out in other environments to get default (No)
UnitTest: Yes
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
Feed.deleteHandling: DeleteOnDR
###########################################################
# The following properties default to match ONAP DR instance.
# However, there are some non-ONAP DR instances that require other values.
# Sets the X-DR-ON-BEHALF-OF HTTP Header value
#DR.onBehalfHeader:
# Value for the Content-Type Header in DR Feed API
#DR.feedContentType:
# Value for the Content-Type Header in DR Subscription API
#DR.subContentType:
#
# END OF properties helpful for non-ONAP DR instance.
############################################################
#####################################################
#
# Settings for Soutbound API: Postgresql
#
#####################################################
# flag indicates if we are using postgresql
UsePGSQL: false
# postgres host name
# Need to connect to PG primary service, designated by service.name2
DB.host: none
# postgres schema name
#DB.schema: {{ .Values.postgres.config.pgDatabase }}
# postgres user name
#DB.user: {{ .Values.postgres.config.pgUserName }}
# postgres user password
DB.cred: none
#####################################################
#
# Settings for Soutbound API: Message Router
#
#####################################################
# indicator for multi-site (locations) deployment. Give clue to buscontroller whether
# there is a need for message replication between edge and central.
# ONAP Casablanca is a single site deployment
MR.multisite: true
# FQDN of primary message router.
# In ONAP Casablanca, there is only 1 message router service, so use that.
# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
MR.CentralCname: notSet.onap.org
# Indicator for whether we want hostname verification on SSL connection to MR
MR.hostnameVerify: false
# MR Client Delete Level thoroughness:
# 0 = don't delete
# 1 = delete from persistent store
# 2 = delete from persistent store (DB) and authorization store (AAF)
MR.ClientDeleteLevel: 1
# namespace of MR Topic Factory
MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory
# AAF Role assigned to Topic Manager Identity
MR.TopicMgrRole: org.onap.dmaap-bc.TopicMgr
# MR topic ProjectID (used in certain topic name generation formats)
MR.projectID: 23456
# Use Basic Authentication when provisioning topics
#MR.authentication: basicAuth
# MR topic name style (default is FQTN_LEGACY_FORMAT)
MR.topicStyle: FQTN_LEGACY_FORMAT
#
# end of MR Related Properties
################################################################################
#####################################################
#
# Settings for Southbound API: CADI
#
#####################################################
# path to cadi.properties
#cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
#####################################################
#
# Settings for Southbound API: AAF proxy
#
#####################################################
# URL of the AAF server
aaf.URL: https://localhost:8100/proxy
# TopicMgr Identity
aaf.TopicMgrUser: idNotSet@namespaceNotSet
# Password for TopicMgr identity
aaf.TopicMgrPassword: pwdNotSet
# Buscontroller Admin Identity
aaf.AdminUser: idNotSet@namespaceNotSet
# Admin Password
aaf.AdminPassword: pwdNotSet
# Identity that is owner of any created namespaces for topics
#aaf.NsOwnerIdentity: ownerNotSet@namespaceNotSet.org
# this overrides the Class used for Decryption.
# This allows for a plugin encryption/decryption method if needed.
# Call this Class for decryption at runtime.
#AafDecryption.Class: com.company.proprietaryDecryptor
# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
# Not used in ONAP, but possibly used with Decryption override class.
CredentialCodecKeyfile: etc/LocalKey
#
# endof AAF Properties
####################################################
#####################################################
#
# Settings for authorization of DBCAPI
#
#####################################################
# Namespace for URI values for the API used to create AAF permissions
# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients
ApiNamespace: org.onap.dmaapBC.api
# If API authorization is required, then implement a class to enforce it.
# This overrides the Class used for API permission check.
ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
#####################################################
#
# Settings for Southbound API: MirrorMaker provisioning
#
#####################################################
# AAF Role of client publishing MM prov cmds
MM.ProvRole: org.onap.dmaapBC.MMprov.prov
# AAF identity when publishing MM prov cmds
MM.ProvUserMechId: idNotSet@namespaceNotSet
# pwd for Identity used to publish MM prov cmds
MM.ProvUserPwd: pwdNotSet
# AAF Role of MirrorMaker agent subscribed to prov cmds.
MM.AgentRole: org.onap.dmaapBC.MMagent.agent
#####################################################
#
# Certificate Management
#
#####################################################
# Indicates how we are expecting certificates to be provided:
# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
CertificateManagement: legacy
# When CertificateManagement is cadi, then this is where all the cadi properties will be.
# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
###########################################################################################
# When CertificateManagement is legacy, we need to provide more details about cert handling:
#CertificateManagement: legacy
# the type of keystore for https (for legacy CertificateManagment only)
KeyStoreType: jks
# path to the keystore file (for legacy CertificateManagment only)
KeyStoreFile: etc/keystore
# password for the https keystore (for legacy CertificateManagment only)
KeyStorePassword: changeit
# password for the private key in the https keystore (for legacy CertificateManagment only)
KeyPassword: changeit
# type of truststore for https (for legacy CertificateManagment only)
TrustStoreType: jks
# path to the truststore for https (for legacy CertificateManagment only)
TrustStoreFile: ${DMAAPBC_TSTOREFILE}
# password for the https truststore (for legacy CertificateManagment only)
TrustStorePassword: changeit
#
# END OF legacy CertificateManagement properties
###########################################################################################
#####################################################
#
# HTTP Server Configuration
#
#####################################################
# Allow http access to dbcapi
HttpAllowed: true
# listen to http port within this container (server)
IntHttpPort: 8080
# listen to https port within this container (server)
# set to 0 if no certificates are available.
IntHttpsPort: 0
inHttpsPort: 0
#####################################################
#
# Deprecated properties
#
#####################################################
# csit: stubs out some southbound APIs for csit (deprecated)
#csit: No
# name of this DMaaP instance (deprecated)
#DmaapName: onap-cit
# external port number for https taking port mapping into account (deprecated)
#ExtHttpsPort: 443
# path to the file used to trigger an orderly shutdown (deprecated)
#QuiesceFile: etc/SHUTDOWN
# FQDN of DR Prov Server (deprecated)
#DR.provhost: localhost
# root of topic namespace (decrecated)
#topicNsRoot: org.onap.dcae.dmaap
|