From 425ba9232b52ee2d40999526ae792bbf2bf76f55 Mon Sep 17 00:00:00 2001 From: Dileep Ranganathan Date: Thu, 4 Oct 2018 15:34:34 -0700 Subject: OOF SMS CSIT Added CSIT support for HAS and OSDF with SMS Bring up dependencies like sms service and related containers Preload secrets Removed clear text secrets from config files Deleted unused osdf folders inside has folders. osdf uses separate folders now. Change-Id: Ie534e13b87a98de9f3ab1ed0be66f5f699353d93 Issue-ID: OPTFRA-343 Signed-off-by: Dileep Ranganathan --- .../has/has-properties/conductor.conf.onap | 47 ++--------- scripts/optf-has/has/has-properties/has.json | 36 ++++++++ scripts/optf-has/has/has_script.sh | 20 ++++- scripts/optf-has/osdf/testsample.txt | 1 - .../optf-osdf/osdf/osdf-properties/aaf_root_ca.cer | 31 +++++++ scripts/optf-osdf/osdf/osdf-properties/osdf.json | 98 ++++++++++++++++++++++ .../osdf/osdf-properties/osdf_config.yaml | 65 ++++++-------- scripts/optf-osdf/osdf/osdf_script.sh | 11 +++ 8 files changed, 223 insertions(+), 86 deletions(-) create mode 100644 scripts/optf-has/has/has-properties/has.json delete mode 100644 scripts/optf-has/osdf/testsample.txt create mode 100644 scripts/optf-osdf/osdf/osdf-properties/aaf_root_ca.cer create mode 100644 scripts/optf-osdf/osdf/osdf-properties/osdf.json (limited to 'scripts') diff --git a/scripts/optf-has/has/has-properties/conductor.conf.onap b/scripts/optf-has/has/has-properties/conductor.conf.onap index c000248c..768e81b3 100644 --- a/scripts/optf-has/has/has-properties/conductor.conf.onap +++ b/scripts/optf-has/has/has-properties/conductor.conf.onap @@ -162,9 +162,12 @@ aaf_url = http://localhost:8100/authz/perms/user/ # From conductor # +# Is Secret Management service enabled (boolean value) +#is_enabled = true + # Base URL for SMS, up to and not including the version, and without a trailing # slash. (string value) -#aaf_sms_url = https://aaf-sms.onap:10443 +aaf_sms_url = http://aaf-sms.onap:10443 # Timeout for SMS API Call (integer value) #aaf_sms_timeout = 30 @@ -172,9 +175,9 @@ aaf_url = http://localhost:8100/authz/perms/user/ # Path to the cacert that will be used to verify If this is None, verify will # be False and the server certis not verified by the client. (string value) #aaf_ca_certs = AAF_RootCA.cer +aaf_ca_certs = /usr/local/bin/AAF_RootCA.cer -# Domain UUID - A unique UUID generated when the domainfor HAS is created by -# administrator during deployment (string value) +# Domain Name for HAS (string value) #secret_domain = has @@ -224,13 +227,6 @@ certificate_key_file = #certificate_authority_bundle_file = certificate_authority_bundle.pem certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer -# Username for AAI. (string value) -username = OOF - -# Password for AAI. (string value) -password = OOF - - [api] # @@ -254,14 +250,6 @@ password = OOF # Base URL for plans. (string value) #server_url = -# username for plans. (string value) -#username = -username = admin1 - -# password for plans. (string value) -#password = -password = plan.15 - # auth toggling. (boolean value) basic_auth_secure = false @@ -463,21 +451,6 @@ music_new_version = True #music_version = music_version = "3.0.21" -# username value that used for creating basic authorization header (string -# value) -#aafuser = -aafuser = conductor - -# password value that used for creating basic authorization header (string -# value) -#aafpass = -aafpass = c0nduct0r - -# AAF namespace field used in MUSIC request header (string value) -#aafns = -aafns = conductor - - [prometheus] # @@ -534,14 +507,6 @@ concurrent = true #server_url = https://controller:8443/restconf/ server_url = http://localhost:8083/restconf/ -# Basic Authentication Username (string value) -#username = -username = admin - -# Basic Authentication Password (string value) -#password = -password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - # Timeout for SDNC Rest Call (string value) #sdnc_rest_timeout = 30 diff --git a/scripts/optf-has/has/has-properties/has.json b/scripts/optf-has/has/has-properties/has.json new file mode 100644 index 00000000..ae990a9e --- /dev/null +++ b/scripts/optf-has/has/has-properties/has.json @@ -0,0 +1,36 @@ +{ + "domain": { + "name": "has", + "secrets": [ + { + "name": "aai", + "values": { + "username": "oof@oof.onap.org", + "password": "demo123456!" + } + }, + { + "name": "conductor_api", + "values": { + "username": "admin1", + "password": "plan.15" + } + }, + { + "name": "sdnc", + "values": { + "username": "admin", + "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" + } + }, + { + "name": "music_api", + "values": { + "aafuser": "conductor", + "aafpass": "c0nduct0r", + "aafns": "conductor" + } + } + ] + } +} diff --git a/scripts/optf-has/has/has_script.sh b/scripts/optf-has/has/has_script.sh index 1364c87b..08663f4e 100755 --- a/scripts/optf-has/has/has_script.sh +++ b/scripts/optf-has/has/has_script.sh @@ -35,14 +35,18 @@ IMAGE_VER=1.2.2-SNAPSHOT-latest BUNDLE=/tmp/conductor/properties/AAF_RootCA.cer mkdir -p /tmp/conductor/properties +mkdir -p /tmp/sms/properties mkdir -p /tmp/conductor/logs cp ${WORKSPACE}/scripts/optf-has/has/has-properties/conductor.conf.onap /tmp/conductor/properties/conductor.conf cp ${WORKSPACE}/scripts/optf-has/has/has-properties/log.conf.onap /tmp/conductor/properties/log.conf cp ${WORKSPACE}/scripts/optf-has/has/has-properties/AAF_RootCA.cer /tmp/conductor/properties/AAF_RootCA.cer +cp ${WORKSPACE}/scripts/optf-has/has/has-properties/has.json /tmp/sms/properties/has.json #chmod -R 777 /tmp/conductor/properties MUSIC_IP=`docker inspect --format '{{ .NetworkSettings.Networks.bridge.IPAddress}}' music-tomcat` echo "MUSIC_IP=${MUSIC_IP}" +SMS_IP=`get-instance-ip.sh sms` +echo "SMS_IP=${SMS_IP}" # change MUSIC reference to the local instance sed -i -e "s%localhost:8080/MUSIC%${MUSIC_IP}:8080/MUSIC%g" /tmp/conductor/properties/conductor.conf @@ -65,6 +69,14 @@ echo "AAFSIM_IP=${AAFSIM_IP}" # change AAF reference to the local instance sed -i -e "s%localhost:8100/%${AAFSIM_IP}:8100/%g" /tmp/conductor/properties/conductor.conf +#SMS +sed -i -e "s%aaf-sms.onap:10443%${SMS_IP}:10443%g" /tmp/conductor/properties/conductor.conf +#Preload secrets +docker exec -i sms /bin/sh -c "mkdir -p /preload/config" +docker cp /tmp/sms/properties/has.json sms:/preload/config/has.json +docker exec -i sms /bin/sh -c "/sms/bin/preload -cacert /sms/certs/aaf_root_ca.cer -jsondir /preload/config -serviceport 10443 -serviceurl http://localhost" +docker logs vault + #onboard conductor into music echo "Query MUSIC to check for reachability. Query Version" curl -vvvvv --noproxy "*" --request GET http://${MUSIC_IP}:8080/MUSIC/rest/v2/version -H "Content-Type: application/json" @@ -72,13 +84,13 @@ curl -vvvvv --noproxy "*" --request GET http://${MUSIC_IP}:8080/MUSIC/rest/v2/ve echo "Onboard conductor into music" curl -vvvvv --noproxy "*" --request POST http://${MUSIC_IP}:8080/MUSIC/rest/v2/admin/onboardAppWithMusic -H "Content-Type: application/json" -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" --data @${WORKSPACE}/tests/optf-has/has/data/onboard.json -docker run -d --name cond-cont -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-controller --config-file=/usr/local/bin/conductor.conf +docker run -d --name cond-cont -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf -v ${BUNDLE}:/usr/local/bin/AAF_RootCA.cer ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-controller --config-file=/usr/local/bin/conductor.conf sleep 15 -docker run -d --name cond-api -p "8091:8091" -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-api --port=8091 -- --config-file=/usr/local/bin/conductor.conf +docker run -d --name cond-api -p "8091:8091" -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf -v ${BUNDLE}:/usr/local/bin/AAF_RootCA.cer ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-api --port=8091 -- --config-file=/usr/local/bin/conductor.conf sleep 15 -docker run -d --name cond-solv -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-solver --config-file=/usr/local/bin/conductor.conf +docker run -d --name cond-solv -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf -v ${BUNDLE}:/usr/local/bin/AAF_RootCA.cer ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-solver --config-file=/usr/local/bin/conductor.conf sleep 15 -docker run -d --name cond-resv -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-reservation --config-file=/usr/local/bin/conductor.conf +docker run -d --name cond-resv -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf -v ${BUNDLE}:/usr/local/bin/AAF_RootCA.cer ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-reservation --config-file=/usr/local/bin/conductor.conf sleep 5 docker run -d --name cond-data -v ${COND_CONF}:/usr/local/bin/conductor.conf -v ${LOG_CONF}:/usr/local/bin/log.conf -v ${BUNDLE}:/usr/local/bin/AAF_RootCA.cer ${IMAGE_NAME}:${IMAGE_VER} python /usr/local/bin/conductor-data --config-file=/usr/local/bin/conductor.conf sleep 15 diff --git a/scripts/optf-has/osdf/testsample.txt b/scripts/optf-has/osdf/testsample.txt deleted file mode 100644 index 9f4e8d7d..00000000 --- a/scripts/optf-has/osdf/testsample.txt +++ /dev/null @@ -1 +0,0 @@ -#test diff --git a/scripts/optf-osdf/osdf/osdf-properties/aaf_root_ca.cer b/scripts/optf-osdf/osdf/osdf-properties/aaf_root_ca.cer new file mode 100644 index 00000000..e9a50d7e --- /dev/null +++ b/scripts/optf-osdf/osdf/osdf-properties/aaf_root_ca.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/scripts/optf-osdf/osdf/osdf-properties/osdf.json b/scripts/optf-osdf/osdf/osdf-properties/osdf.json new file mode 100644 index 00000000..0950957b --- /dev/null +++ b/scripts/optf-osdf/osdf/osdf-properties/osdf.json @@ -0,0 +1,98 @@ +{ + "domain": { + "name": "osdf", + "secrets": [ + { + "name": "so", + "values": { + "UserName": "", + "Password": "" + } + }, + { + "name": "conductor", + "values": { + "UserName": "admin1", + "Password": "plan.15" + } + }, + { + "name": "policyPlatform", + "values": { + "UserName": "testpdp", + "Password": "alpha123" + } + }, + { + "name": "policyClient", + "values": { + "UserName": "python", + "Password": "test" + } + }, + { + "name": "dmaap", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "sdc", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "osdfPlacement", + "values": { + "UserName": "test", + "Password": "testpwd" + } + }, + { + "name": "osdfPlacementSO", + "values": { + "UserName": "so_test", + "Password": "so_testpwd" + } + }, + { + "name": "osdfPlacementVFC", + "values": { + "UserName": "vfc_test", + "Password": "vfc_testpwd" + } + }, + { + "name": "osdfCMScheduler", + "values": { + "UserName": "test1", + "Password": "testpwd1" + } + }, + { + "name": "configDb", + "values": { + "UserName": "osdf", + "Password": "passwd" + } + }, + { + "name": "pciHMS", + "values": { + "UserName": "", + "Password": "" + } + }, + { + "name": "osdfPCIOpt", + "values": { + "UserName": "pci_test", + "Password": "pci_testpwd" + } + } + ] + } +} \ No newline at end of file diff --git a/scripts/optf-osdf/osdf/osdf-properties/osdf_config.yaml b/scripts/optf-osdf/osdf/osdf-properties/osdf_config.yaml index 78399660..f8f75005 100755 --- a/scripts/optf-osdf/osdf/osdf-properties/osdf_config.yaml +++ b/scripts/optf-osdf/osdf/osdf-properties/osdf_config.yaml @@ -1,64 +1,49 @@ -osdfUserNameForSO: "" # The OSDF Manager username for MSO. -odfPasswordForSO: "" # The OSDF Manager password for MSO. +placementVersioningEnabled: False -# msoUrl: "" # The SO url for call back. This will be part of the request, so no need -soUsername: "" # SO username for call back. -soPassword: "" # SO password for call back. +# Placement API latest version numbers to be set in HTTP header +placementMajorVersion: "1" +placementMinorVersion: "0" +placementPatchVersion: "0" +# Placement API default version numbers to be set in HTTP header +placementDefaultMajorVersion: "1" +placementDefaultMinorVersion: "0" +placementDefaultPatchVersion: "0" + +# Config for Conductor conductorUrl: "http://127.0.0.1:5000/simulated/oof/has-api/flow1-success-simple/main.json" -conductorUsername: "CONDUCTOR-USER" -conductorPassword: "CONDUCTOR-PASSWD" conductorPingWaitTime: 2 # seconds to wait before calling the conductor retry URL conductorMaxRetries: 5 # if we don't get something in 30 minutes, give up +# versions to be set in HTTP header +conductorMinorVersion: 0 # Policy Platform -- requires ClientAuth, Authorization, and Environment policyPlatformUrl: http://127.0.0.1:5000/simulated/policy/pdp-has-vcpe-good/getConfig # Policy Dev platform URL policyPlatformEnv: TEST # Environment for policy platform -policyPlatformUsername: POLICY-USER # Policy platform username. -policyPlatformPassword: POLICY-PASSWD # Policy platform password. -policyClientUsername: POLICY-CLIENT-USER # For use with ClientAuth -policyClientPassword: POLICY-CLIENT-PASSWD # For use with ClientAuth +# Config for DMaaP messageReaderHosts: https://DMAAP-HOST1:3905,https://DMAAP-HOST2:3905,https://DMAAP-HOST3:3905 messageReaderTopic: org.onap.oof.osdf.multicloud -messageReaderAafUserId: DMAAP-OSDF-MC-USER -messageReaderAafPassword: DMAAP-OSDF-MC-PASSWD +# Config for SDC sdcUrl: https://SDC-HOST:8443/sdc/v1/catalog -sdcUsername: SDC-OSDF-USER -sdcPassword: SDC-OSDF-PASSWD sdcONAPInstanceID: ONAP-OSDF osdfPlacementUrl: "http://127.0.0.1:24699/osdf/api/v2/placement" -# Credentials for the OOF placement service - Generic -osdfPlacementUsername: test -osdfPlacementPassword: testpwd - -# Credentials for the OOF placement service - SO -osdfPlacementSOUsername: so_test -osdfPlacementSOPassword: so_testpwd - -# Credentials for the OOF placement service - VFC -osdfPlacementVFCUsername: vfc_test -osdfPlacementVFCPassword: vfc_testpwd +is_aaf_enabled: False +aaf_cache_expiry_hrs: 3 +aaf_url: https://aaftest.simpledemo.onap.org:8095 +aaf_user_roles: + - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL -# Credentials for the OOF CM scheduling service - Generic -osdfCMSchedulerUsername: test1 -osdfCMSchedulerPassword: testpwd1 +# Secret Management Service from AAF +aaf_sms_url: http://aaf-sms.onap:10443 +aaf_sms_timeout: 30 +secret_domain: osdf +aaf_ca_certs: ssl_certs/aaf_root_ca.cer # config db api configDbUrl: http://127.0.0.1:5000/simulated/configdb -configDbUserName: osdf -configDbPassword: passwd configDbGetCellListUrl: 'getCellList' configDbGetNbrListUrl: 'getNbrList' - -# Credentials for PCIHandler -pciHMSUsername: "" # pcihandler username for call back. -pciHMSPassword: "" # pcihandler password for call back. - -#Credentials for the OOF PCI Opt Service -osdfPCIOptUsername: pci_test -osdfPCIOptPassword: pci_testpwd - diff --git a/scripts/optf-osdf/osdf/osdf_script.sh b/scripts/optf-osdf/osdf/osdf_script.sh index 435e44f5..77359696 100755 --- a/scripts/optf-osdf/osdf/osdf_script.sh +++ b/scripts/optf-osdf/osdf/osdf_script.sh @@ -37,15 +37,26 @@ IMAGE_NAME=nexus3.onap.org:10001/onap/optf-osdf IMAGE_VER=1.2.2-SNAPSHOT-latest mkdir -p /tmp/osdf/properties +mkdir -p /tmp/sms/properties cp ${WORKSPACE}/scripts/optf-osdf/osdf/osdf-properties/*.yaml /tmp/osdf/properties/. +cp ${WORKSPACE}/scripts/optf-osdf/osdf/osdf-properties/osdf.json /tmp/sms/properties/. #change conductor/configdb simulator urls OSDF_SIM_IP=`get-instance-ip.sh osdf_sim` echo "OSDF_SIM_IP=${OSDF_SIM_IP}" +SMS_IP=`get-instance-ip.sh sms` +echo "SMS_IP=${SMS_IP}" sed -i -e "s%127.0.0.1:5000%${OSDF_SIM_IP}:5000%g" $OSDF_CONF +sed -i -e "s%aaf-sms.onap:10443%${SMS_IP}:10443%g" $OSDF_CONF +#Preload secrets +docker exec -i sms /bin/sh -c "mkdir -p /preload/config" +docker cp /tmp/sms/properties/osdf.json sms:/preload/config/osdf.json +docker exec -i sms /bin/sh -c "/sms/bin/preload -cacert /sms/certs/aaf_root_ca.cer -jsondir /preload/config -serviceport 10443 -serviceurl http://localhost" + +docker logs vault docker run -d --name optf-osdf -v ${OSDF_CONF}:/opt/osdf/config/osdf_config.yaml -p "8698:8699" ${IMAGE_NAME}:${IMAGE_VER} sleep 20 -- cgit 1.2.3-korg