From 452cf07374e1eba2220ca516e6ad690f7715b248 Mon Sep 17 00:00:00 2001 From: efiacor Date: Thu, 18 Mar 2021 12:37:58 +0000 Subject: [DMAAP-DR] Refactoring ssl csit suite Signed-off-by: efiacor Change-Id: I6eafd28c5a61fda42ddc61b2d40c4c8208f62670 Issue-ID: DMAAP-1571 --- .../docker-compose/docker-compose.yml | 118 +++++++++++++++++++++ .../docker-compose/node.properties | 82 ++++++++++++++ .../docker-compose/provserver.properties | 55 ++++++++++ .../docker-compose/subscriber.properties | 35 ++++++ 4 files changed, 290 insertions(+) create mode 100644 scripts/dmaap-datarouter/docker-compose/docker-compose.yml create mode 100644 scripts/dmaap-datarouter/docker-compose/node.properties create mode 100755 scripts/dmaap-datarouter/docker-compose/provserver.properties create mode 100644 scripts/dmaap-datarouter/docker-compose/subscriber.properties (limited to 'scripts/dmaap-datarouter/docker-compose') diff --git a/scripts/dmaap-datarouter/docker-compose/docker-compose.yml b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml new file mode 100644 index 00000000..377e5514 --- /dev/null +++ b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml @@ -0,0 +1,118 @@ +# +# ============LICENSE_START======================================================= +# Copyright (C) 2019-21 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# +# +version: '2.1' +services: + datarouter-prov: + image: nexus3.onap.org:10001/onap/dmaap/datarouter-prov + container_name: datarouter-prov + hostname: dmaap-dr-prov + ports: + - "443:8443" + - "8443:8443" + - "8080:8080" + volumes: + - ./provserver.properties:/opt/app/datartr/etc/provserver.properties + - ../dr_certs/dr_prov/truststore.jks:/opt/app/osaaf/local/truststore.jks + - ../dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12 + - ../dr_certs/dr_prov/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props + depends_on: + mariadb: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://dmaap-dr-prov:8080/internal/prov"] + interval: 10s + timeout: 30s + retries: 5 + networks: + testing_net: + aliases: + - dmaap-dr-prov + + datarouter-node: + image: nexus3.onap.org:10001/onap/dmaap/datarouter-node + container_name: datarouter-node + hostname: dmaap-dr-node + ports: + - "9443:8443" + - "9090:8080" + volumes: + - ./node.properties:/opt/app/datartr/etc/node.properties + - ../dr_certs/dr_node/truststore.jks:/opt/app/osaaf/local/truststore.jks + - ../dr_certs/dr_node/org.onap.dmaap-dr-node.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12 + - ../dr_certs/dr_node/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props + depends_on: + datarouter-prov: + condition: service_healthy + networks: + testing_net: + aliases: + - dmaap-dr-node + + datarouter-subscriber: + image: nexus3.onap.org:10001/onap/dmaap/datarouter-subscriber + container_name: subscriber-node + hostname: subscriber.com + ports: + - "7070:7070" + volumes: + - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties + networks: + testing_net: + aliases: + - subscriber.com + + datarouter-subscriber2: + image: nexus3.onap.org:10001/onap/dmaap/datarouter-subscriber + container_name: subscriber-node2 + hostname: subscriber2.com + ports: + - "7071:7070" + volumes: + - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties + networks: + testing_net: + aliases: + - subscriber2.com + + mariadb: + image: mariadb:10.2.14 + container_name: mariadb + hostname: datarouter-mariadb + ports: + - "3306:3306" + environment: + MYSQL_ROOT_PASSWORD: datarouter + MYSQL_DATABASE: datarouter + MYSQL_USER: datarouter + MYSQL_PASSWORD: datarouter + healthcheck: + test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost", "-u", "datarouter", "-pdatarouter", "--silent"] + interval: 10s + timeout: 30s + retries: 5 + networks: + testing_net: + aliases: + - datarouter-mariadb + +networks: + testing_net: + driver: bridge diff --git a/scripts/dmaap-datarouter/docker-compose/node.properties b/scripts/dmaap-datarouter/docker-compose/node.properties new file mode 100644 index 00000000..58639cfd --- /dev/null +++ b/scripts/dmaap-datarouter/docker-compose/node.properties @@ -0,0 +1,82 @@ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== +# +# Configuration parameters set at startup for the DataRouter node +# +# URL to retrieve dynamic configuration +ProvisioningURL = https://dmaap-dr-prov:8443/internal/prov +# +# URL to upload PUB/DEL/EXP logs +LogUploadURL = https://dmaap-dr-prov:8443/internal/logs +# +# The port number for http as seen within the server +IntHttpPort = 8080 +# +# The port number for https as seen within the server +IntHttpsPort = 8443 +# +# The external port number for https taking port mapping into account +ExtHttpsPort = 443 +# +# The minimum interval between fetches of the dynamic configuration from the provisioning server +MinProvFetchInterval = 10000 +# +# The minimum interval between saves of the redirection data file +MinRedirSaveInterval = 10000 +# +# The path to the directory where log files are stored +LogDir = /opt/app/datartr/logs +# +# The retention interval (in days) for log files +LogRetention = 30 +# +# The path to the directories where data and meta data files are stored +SpoolDir = /opt/app/datartr/spool +# +# The path to the redirection data file +RedirectionFile = etc/redirections.dat +# +# The type of keystore for https +KeyStoreType = PKCS12 +# +# The type of truststore for https +TrustStoreType = jks +# +# The path to the file used to trigger an orderly shutdown +QuiesceFile = etc/SHUTDOWN +# +# The key used to generate passwords for node to node transfers +NodeAuthKey = Node123! +# +# DR_NODE DEFAULT ENABLED TLS PROTOCOLS +NodeHttpsProtocols = TLSv1.1|TLSv1.2 +# +# AAF type to generate permission string +AAFType = org.onap.dmaap-dr.feed +# +# AAF default instance to generate permission string - default should be legacy +AAFInstance = legacy +# +# AAF action to generate permission string - default should be publish +AAFAction = publish +# +# AAF CADI enabled flag +CadiEnabled = false +# +# AAF Props file path +AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props diff --git a/scripts/dmaap-datarouter/docker-compose/provserver.properties b/scripts/dmaap-datarouter/docker-compose/provserver.properties new file mode 100755 index 00000000..b54868e2 --- /dev/null +++ b/scripts/dmaap-datarouter/docker-compose/provserver.properties @@ -0,0 +1,55 @@ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== + +#Jetty Server properties +org.onap.dmaap.datarouter.provserver.http.port = 8080 +org.onap.dmaap.datarouter.provserver.https.port = 8443 +org.onap.dmaap.datarouter.provserver.https.relaxation = true + +org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props + +org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs +org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool +org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc +org.onap.dmaap.datarouter.provserver.logretention = 30 + +#DMAAP-597 (Tech Dept) REST request source IP auth +# relaxation to accommodate OOM kubernetes deploy +org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false + +#Localhost address config +org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1 + +# Database access +org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver +org.onap.dmaap.datarouter.db.url = jdbc:mariadb://datarouter-mariadb:3306/datarouter +org.onap.dmaap.datarouter.db.login = datarouter +org.onap.dmaap.datarouter.db.password = datarouter + +# PROV - DEFAULT ENABLED TLS PROTOCOLS +org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2 + +# AAF config +org.onap.dmaap.datarouter.provserver.cadi.enabled = false + +org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234# +org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed +org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub +org.onap.dmaap.datarouter.provserver.aaf.instance = legacy +org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish +org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe \ No newline at end of file diff --git a/scripts/dmaap-datarouter/docker-compose/subscriber.properties b/scripts/dmaap-datarouter/docker-compose/subscriber.properties new file mode 100644 index 00000000..311bbe56 --- /dev/null +++ b/scripts/dmaap-datarouter/docker-compose/subscriber.properties @@ -0,0 +1,35 @@ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== + +#Subscriber properties +org.onap.dmaap.datarouter.subscriber.http.port = 7070 +org.onap.dmaap.datarouter.subscriber.https.port = 7443 +org.onap.dmaap.datarouter.subscriber.auth.user = LOGIN +org.onap.dmaap.datarouter.subscriber.auth.password = PASSWORD +org.onap.dmaap.datarouter.subscriber.delivery.dir = /opt/app/subscriber/delivery + +org.onap.dmaap.datarouter.subscriber.https.relaxation = true +org.onap.dmaap.datarouter.subscriber.keystore.type = jks +org.onap.dmaap.datarouter.subscriber.keymanager.password = changeit +org.onap.dmaap.datarouter.subscriber.keystore.path = /opt/app/datartr/self_signed/keystore.jks +org.onap.dmaap.datarouter.subscriber.keystore.password = changeit +org.onap.dmaap.datarouter.subscriber.truststore.path = /opt/app/datartr/self_signed/cacerts.jks +org.onap.dmaap.datarouter.subscriber.truststore.password = changeit + + + -- cgit 1.2.3-korg