From 5cedc0df9a0558fd9d4772480717510b7d11a69f Mon Sep 17 00:00:00 2001 From: su622b Date: Tue, 31 Mar 2020 15:08:14 -0400 Subject: update docker-compose with frankfurt changes Issue-ID: DMAAP-1417 Change-Id: I07dea7ac630cb72f7a561fe20e8ec9fd28bdfccd Signed-off-by: su622b --- .../docker-compose/docker-compose-old.yml | 56 ++++++ .../resources/docker-compose/docker-compose.yml | 58 ++++-- .../docker-compose/kafka/zk_client_jaas.conf | 5 + .../docker-compose/mr/MsgRtrApi.properties | 172 +++++++++++++++++ .../resources/docker-compose/mr/cadi.properties | 19 ++ src/main/resources/docker-compose/mr/logback.xml | 208 +++++++++++++++++++++ .../docker-compose/zk/zk_server_jaas.conf | 4 + 7 files changed, 504 insertions(+), 18 deletions(-) create mode 100644 src/main/resources/docker-compose/docker-compose-old.yml create mode 100644 src/main/resources/docker-compose/kafka/zk_client_jaas.conf create mode 100644 src/main/resources/docker-compose/mr/MsgRtrApi.properties create mode 100644 src/main/resources/docker-compose/mr/cadi.properties create mode 100644 src/main/resources/docker-compose/mr/logback.xml create mode 100644 src/main/resources/docker-compose/zk/zk_server_jaas.conf diff --git a/src/main/resources/docker-compose/docker-compose-old.yml b/src/main/resources/docker-compose/docker-compose-old.yml new file mode 100644 index 0000000..835437a --- /dev/null +++ b/src/main/resources/docker-compose/docker-compose-old.yml @@ -0,0 +1,56 @@ +version: '2' +services: + zookeeper: + image: nexus3.onap.org:10001/onap/dmaap/zookeeper:6.0.3 + ports: + - "2181:2181" + environment: + ZOOKEEPER_REPLICAS: 1 + ZOOKEEPER_TICK_TIME: 2000 + ZOOKEEPER_SYNC_LIMIT: 5 + ZOOKEEPER_INIT_LIMIT: 10 + ZOOKEEPER_MAX_CLIENT_CNXNS: 200 + ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3 + ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24 + ZOOKEEPER_CLIENT_PORT: 2181 + KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl + ZOOKEEPER_SERVER_ID: 1 + volumes: + - ./zk/zk_server_jaas.conf:/opt/app/subscriber/etc/subscriber.properties + + kafka: + image: nexus3.onap.org:10001/onap/dmaap/kafka111:1.0.4 + ports: + - "9092:9092" + environment: + enableCadi: 'false' + KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 + KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000 + KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000 + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT + KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092 + KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092 + KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT + KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false' + KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf + KAFKA_ZOOKEEPER_SET_ACL: 'true' + volumes: + - /var/run/docker.sock:/var/run/docker.sock + depends_on: + - zookeeper + + dmaap: + image: nexus3.onap.org:10001/onap/dmaap/dmaap-mr:1.1.18 + ports: + - "3904:3904" + - "3905:3905" + environment: + enableCadi: 'false' + volumes: + - /var/tmp/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties + depends_on: + - zookeeper + - kafka +networks: + net: + driver: bridge diff --git a/src/main/resources/docker-compose/docker-compose.yml b/src/main/resources/docker-compose/docker-compose.yml index 71a1384..3a0a94e 100644 --- a/src/main/resources/docker-compose/docker-compose.yml +++ b/src/main/resources/docker-compose/docker-compose.yml @@ -1,48 +1,70 @@ version: '2' services: zookeeper: - image: nexus3.onap.org:10001/onap/dmaap/zookeeper:6.0.0 + image: nexus3.onap.org:10001/onap/dmaap/zookeeper:6.0.3 ports: - "2181:2181" + environment: + ZOOKEEPER_REPLICAS: 1 + ZOOKEEPER_TICK_TIME: 2000 + ZOOKEEPER_SYNC_LIMIT: 5 + ZOOKEEPER_INIT_LIMIT: 10 + ZOOKEEPER_MAX_CLIENT_CNXNS: 200 + ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3 + ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24 + ZOOKEEPER_CLIENT_PORT: 2181 + KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl + ZOOKEEPER_SERVER_ID: 1 + volumes: + - ./zk/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + networks: + net: + aliases: + - zookeeper kafka: - image: nexus3.onap.org:10001/onap/dmaap/kafka111:1.0.1 + image: nexus3.onap.org:10001/onap/dmaap/kafka111:1.0.4 ports: - "9092:9092" environment: - # For creating authenticated topics add AAF locate aplication ip address to host alias aaf-onap-test.osaaf.org - # For creating the authenticated topics enable the following property enableCadi: 'false' KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 - KAFKA_LOG_DIRS: /opt/kafka/data KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000 KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000 - # Uncomment the following lines to create authenticated topics - #KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT - #KAFKA_ADVERTISED_LISTENERS: INTERNAL_SASL_PLAINTEXT://kafka:9092 - #KAFKA_LISTENERS: INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092 - #KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_SASL_PLAINTEXT - #KAFKA_SASL_ENABLED_MECHANISMS: PLAIN - #KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN - #KAFKA_AUTHORIZER_CLASS_NAME: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer - #aaf_locate_url: https://aaf-onap-test.osaaf.org:8095 - # Remove the following 4 lines to create authenticated topics KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092 KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092 KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT + KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false' + KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf + KAFKA_ZOOKEEPER_SET_ACL: 'true' volumes: - - /var/run/docker.sock:/var/run/docker.sock + - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf + networks: + net: + aliases: + - kafka depends_on: - zookeeper dmaap: - image: nexus3.onap.org:10001/onap/dmaap/dmaap-mr:1.1.16 + image: nexus3.onap.org:10001/onap/dmaap/dmaap-mr:1.1.18 ports: - "3904:3904" - "3905:3905" + environment: + enableCadi: 'false' volumes: - - /var/tmp/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties + - ./mr/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties + - ./mr/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml + - ./mr/cadi.properties:/appl/dmaapMR1/etc/cadi.properties + networks: + net: + aliases: + - dmaap depends_on: - zookeeper - kafka +networks: + net: + driver: bridge diff --git a/src/main/resources/docker-compose/kafka/zk_client_jaas.conf b/src/main/resources/docker-compose/kafka/zk_client_jaas.conf new file mode 100644 index 0000000..d4ef1eb --- /dev/null +++ b/src/main/resources/docker-compose/kafka/zk_client_jaas.conf @@ -0,0 +1,5 @@ +Client { + org.apache.zookeeper.server.auth.DigestLoginModule required + username="kafka" + password="kafka_secret"; + }; \ No newline at end of file diff --git a/src/main/resources/docker-compose/mr/MsgRtrApi.properties b/src/main/resources/docker-compose/mr/MsgRtrApi.properties new file mode 100644 index 0000000..8f8260e --- /dev/null +++ b/src/main/resources/docker-compose/mr/MsgRtrApi.properties @@ -0,0 +1,172 @@ +# LICENSE_START======================================================= +# org.onap.dmaap +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +############################################################################### +############################################################################### +## +## Cambria API Server config +## +## Default values are shown as commented settings. +## +############################################################################### +## +## HTTP service +## +## 3904 is standard as of 7/29/14. +# +## Zookeeper Connection +## +## Both Cambria and Kafka make use of Zookeeper. +## +#config.zk.servers=172.18.1.1 +#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} +config.zk.servers=zookeeper:2181 + +#config.zk.root=/fe3c/cambria/config + + +############################################################################### +## +## Kafka Connection +## +## Items below are passed through to Kafka's producer and consumer +## configurations (after removing "kafka.") +## if you want to change request.required.acks it can take this one value +#kafka.metadata.broker.list=localhost:9092,localhost:9093 +#kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}} +kafka.metadata.broker.list=kafka:9092 +##kafka.request.required.acks=-1 +#kafka.client.zookeeper=${config.zk.servers} +consumer.timeout.ms=100 +zookeeper.connection.timeout.ms=6000 +zookeeper.session.timeout.ms=20000 +zookeeper.sync.time.ms=2000 +auto.commit.interval.ms=1000 +fetch.message.max.bytes =1000000 +auto.commit.enable=false + +#(backoff*retries > zksessiontimeout) +kafka.rebalance.backoff.ms=10000 +kafka.rebalance.max.retries=6 + + +############################################################################### +## +## Secured Config +## +## Some data stored in the config system is sensitive -- API keys and secrets, +## for example. to protect it, we use an encryption layer for this section +## of the config. +## +## The key is a base64 encode AES key. This must be created/configured for +## each installation. +#cambria.secureConfig.key= +## +## The initialization vector is a 16 byte value specific to the secured store. +## This must be created/configured for each installation. +#cambria.secureConfig.iv= + +## Southfield Sandbox +cambria.secureConfig.key=b/7ouTn9FfEw2PQwL0ov/Q== +cambria.secureConfig.iv=wR9xP5k5vbz/xD0LmtqQLw== +authentication.adminSecret=fe3cCompound +#cambria.secureConfig.key[pc569h]=YT3XPyxEmKCTLI2NK+Sjbw== +#cambria.secureConfig.iv[pc569h]=rMm2jhR3yVnU+u2V9Ugu3Q== + + +############################################################################### +## +## Consumer Caching +## +## Kafka expects live connections from the consumer to the broker, which +## obviously doesn't work over connectionless HTTP requests. The Cambria +## server proxies HTTP requests into Kafka consumer sessions that are kept +## around for later re-use. Not doing so is costly for setup per request, +## which would substantially impact a high volume consumer's performance. +## +## This complicates Cambria server failover, because we often need server +## A to close its connection before server B brings up the replacement. +## + +## The consumer cache is normally enabled. +#cambria.consumer.cache.enabled=true + +## Cached consumers are cleaned up after a period of disuse. The server inspects +## consumers every sweepFreqSeconds and will clean up any connections that are +## dormant for touchFreqMs. +#cambria.consumer.cache.sweepFreqSeconds=15 +cambria.consumer.cache.touchFreqMs=120000 +##stickforallconsumerrequests=false +## The cache is managed through ZK. The default value for the ZK connection +## string is the same as config.zk.servers. +#cambria.consumer.cache.zkConnect=${config.zk.servers} + +## +## Shared cache information is associated with this node's name. The default +## name is the hostname plus the HTTP service port this host runs on. (The +## hostname is determined via InetAddress.getLocalHost ().getCanonicalHostName(), +## which is not always adequate.) You can set this value explicitly here. +## +#cambria.api.node.identifier= + +#cambria.rateLimit.maxEmptyPollsPerMinute=30 +#cambria.rateLimitActual.delay.ms=10 + +############################################################################### +## +## Metrics Reporting +## +## This server can report its metrics periodically on a topic. +## +#metrics.send.cambria.enabled=true +#metrics.send.cambria.topic=cambria.apinode.metrics #msgrtr.apinode.metrics.dmaap +#metrics.send.cambria.sendEverySeconds=60 + +cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache +consumer.timeout=17 +default.partitions=3 +default.replicas=3 +############################################################################## +#100mb +maxcontentlength=10000 + + +############################################################################## +#AAF Properties +msgRtr.namespace.aaf=org.onap.dmaap.mr.topic +msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic: +enforced.topic.name.AAF=org.onap.dmaap.mr +forceAAF=false +transidUEBtopicreqd=false +defaultNSforUEB=org.onap.dmaap.mr +############################################################################## +#Mirror Maker Agent + +msgRtr.mirrormakeradmin.aaf=org.onap.dmaap.mr.mirrormaker|*|admin +msgRtr.mirrormakeruser.aaf=org.onap.dmaap.mr.mirrormaker|*|user +msgRtr.mirrormakeruser.aaf.create=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic: +msgRtr.mirrormaker.timeout=15000 +msgRtr.mirrormaker.topic=org.onap.dmaap.mr.mirrormakeragent +msgRtr.mirrormaker.consumergroup=mmagentserver +msgRtr.mirrormaker.consumerid=1 + +kafka.max.poll.interval.ms=300000 +kafka.heartbeat.interval.ms=60000 +kafka.session.timeout.ms=240000 +kafka.max.poll.records=1000 \ No newline at end of file diff --git a/src/main/resources/docker-compose/mr/cadi.properties b/src/main/resources/docker-compose/mr/cadi.properties new file mode 100644 index 0000000..dca56c8 --- /dev/null +++ b/src/main/resources/docker-compose/mr/cadi.properties @@ -0,0 +1,19 @@ +aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095 +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 +aaf_env=DEV +aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm + +cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ + +cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile + +cadi_alias=dmaapmr@mr.dmaap.onap.org +cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US + +cadi_loglevel=INFO +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_latitude=37.78187 +cadi_longitude=-122.26147 \ No newline at end of file diff --git a/src/main/resources/docker-compose/mr/logback.xml b/src/main/resources/docker-compose/mr/logback.xml new file mode 100644 index 0000000..f02a2db --- /dev/null +++ b/src/main/resources/docker-compose/mr/logback.xml @@ -0,0 +1,208 @@ + + + + ${module.ajsc.namespace.name} + + + + + ERROR + ACCEPT + DENY + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + + + INFO + ACCEPT + DENY + + + + + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + class="ch.qos.logback.core.ConsoleAppender"> + + ERROR + ACCEPT + DENY + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + 1000 + 0 + + + + + + + + + + + 1000 + 0 + + + + + + + + + + + + + + + + diff --git a/src/main/resources/docker-compose/zk/zk_server_jaas.conf b/src/main/resources/docker-compose/zk/zk_server_jaas.conf new file mode 100644 index 0000000..26bf460 --- /dev/null +++ b/src/main/resources/docker-compose/zk/zk_server_jaas.conf @@ -0,0 +1,4 @@ +Server { + org.apache.zookeeper.server.auth.DigestLoginModule required + user_kafka=kafka_secret; +}; \ No newline at end of file -- cgit 1.2.3-korg