summaryrefslogtreecommitdiffstats
path: root/onap-offline/cfg
diff options
context:
space:
mode:
Diffstat (limited to 'onap-offline/cfg')
-rw-r--r--onap-offline/cfg/cacert.cnf113
-rw-r--r--onap-offline/cfg/full_depl_values.yaml160
-rw-r--r--onap-offline/cfg/nexus_cert.cnf33
-rw-r--r--onap-offline/cfg/nginx.conf110
-rw-r--r--onap-offline/cfg/reduced_depl_values.yaml159
-rw-r--r--onap-offline/cfg/v3.ext24
6 files changed, 599 insertions, 0 deletions
diff --git a/onap-offline/cfg/cacert.cnf b/onap-offline/cfg/cacert.cnf
new file mode 100644
index 0000000..a6917ca
--- /dev/null
+++ b/onap-offline/cfg/cacert.cnf
@@ -0,0 +1,113 @@
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = ./
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/ca.key.pem
+certificate = $dir/certs/ca.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/ca.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 3750
+preserve = no
+policy = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+organizationName = match
+commonName = supplied
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+localityName = optional
+organizationName = optional
+commonName = supplied
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 4096
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+prompt = no
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# Optionally, specify some defaults.
+countryName = PL
+localityName = Krakow
+organizationName = Samsung
+commonName = onap
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
diff --git a/onap-offline/cfg/full_depl_values.yaml b/onap-offline/cfg/full_depl_values.yaml
new file mode 100644
index 0000000..e50820a
--- /dev/null
+++ b/onap-offline/cfg/full_depl_values.yaml
@@ -0,0 +1,160 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ #pullPolicy: Always
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+# Repository for creation of nexus3.onap.org secret
+repository: nexus3.onap.org:10001
+
+
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: true
+aai:
+ enabled: true
+aaiadapter:
+ enabled: false
+appc:
+ enabled: true
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: FILL-ME
+ openStackServiceTenantName: FILL-ME
+ openStackDomain: FILL-ME
+ openStackUserName: FILL-ME
+ openStackEncryptedPassword: FILL-ME
+clamp:
+ enabled: true
+cli:
+ enabled: true
+consul:
+ enabled: true
+dcaegen2:
+ enabled: true
+dmaap:
+ enabled: true
+esr:
+ enabled: true
+log:
+ enabled: true
+sniro-emulator:
+ enabled: true
+oof:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: true
+nbi:
+ enabled: true
+ config:
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+policy:
+ enabled: true
+portal:
+ enabled: true
+robot:
+ enabled: true
+sdc:
+ enabled: true
+sdnc:
+ enabled: true
+
+ replicaCount: 1
+
+ config:
+ enableClustering: false
+
+ mysql:
+ disableNfsProvisioner: true
+ replicaCount: 1
+so:
+ enabled: true
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+
+ # configure embedded mariadb
+ mariadb:
+ config:
+ mariadbRootPassword: password
+uui:
+ enabled: true
+vfc:
+ enabled: true
+vid:
+ enabled: true
+vnfsdk:
+ enabled: true
+
diff --git a/onap-offline/cfg/nexus_cert.cnf b/onap-offline/cfg/nexus_cert.cnf
new file mode 100644
index 0000000..ab8d547
--- /dev/null
+++ b/onap-offline/cfg/nexus_cert.cnf
@@ -0,0 +1,33 @@
+[ req ]
+default_bits = 4096
+default_keyfile = server-key.pem
+distinguished_name = dn
+#req_extensions = v3_req
+x509_extensions = v3_req
+string_mask = utf8only
+prompt = no
+default_md = sha256
+
+[ dn ]
+
+countryName = PL
+localityName = Krakow
+organizationName = Samsung
+commonName = registry-1.docker.io
+#emailAddress
+
+[ v3_req ]
+
+#subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid,issuer
+
+basicConstraints = CA:FALSE
+keyUsage = critical, keyAgreement, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+# does not work here because of bug in openssl
+#subjectAltName = @alternate_names
+nsComment = "OpenSSL Generated Certificate"
+
+#[ alternate_names ]
+
+#DNS.4 = ftp.example.com
diff --git a/onap-offline/cfg/nginx.conf b/onap-offline/cfg/nginx.conf
new file mode 100644
index 0000000..6656855
--- /dev/null
+++ b/onap-offline/cfg/nginx.conf
@@ -0,0 +1,110 @@
+worker_processes 2;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ error_log /var/log/nginx/error.log debug;
+ access_log /var/log/nginx/access.log;
+
+ proxy_intercept_errors on;
+ proxy_send_timeout 120;
+ proxy_read_timeout 300;
+
+ upstream nexus {
+ server nexus:8081;
+ }
+
+ upstream registry {
+ server nexus:8082;
+ }
+
+# http simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name _;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+
+ location / {
+ root /srv/http/$host;
+ index index.html;
+ }
+ }
+
+# nexus simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name nexus.student12 gcr.io registry-1.docker.io docker.io registry.npmjs.org nexus3.onap.org docker.elastic.co registry.hub.docker.com repo.maven.apache.org repo1.maven.org;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ # allow large uploads
+ client_max_body_size 3G;
+
+ location /maven2 {
+ rewrite /maven2/(.*) /repository/maven2/$1 break;
+ # redirect to docker registry
+ proxy_pass http://nexus;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ # redirect to docker registry
+ if ($http_user_agent ~ docker ) {
+ proxy_pass http://registry;
+ }
+ proxy_pass http://nexus;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ }
+
+# git simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name gerrit.onap.org git.rancher.io github.com;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ location / {
+ try_files $uri $uri/ @git;
+ }
+
+ location @git {
+
+ # Set chunks to unlimited, as the body's can be huge
+ client_max_body_size 0;
+
+ fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param PATH_INFO $uri;
+
+ include fastcgi_params;
+
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/;
+
+ # Forward REMOTE_USER as we want to know when we are authenticated
+ fastcgi_param REMOTE_USER $remote_user;
+
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ }
+ }
+}
diff --git a/onap-offline/cfg/reduced_depl_values.yaml b/onap-offline/cfg/reduced_depl_values.yaml
new file mode 100644
index 0000000..bfa5fd6
--- /dev/null
+++ b/onap-offline/cfg/reduced_depl_values.yaml
@@ -0,0 +1,159 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ #pullPolicy: Always
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+# Repository for creation of nexus3.onap.org secret
+repository: nexus3.onap.org:10001
+
+
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: false
+aai:
+ enabled: false
+aaiadapter:
+ enabled: true
+appc:
+ enabled: true
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: FILL-ME
+ openStackServiceTenantName: FILL-ME
+ openStackDomain: FILL-ME
+ openStackUserName: FILL-ME
+ openStackEncryptedPassword: FILL-ME
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: true
+dcaegen2:
+ enabled: true
+dmaap:
+ enabled: true
+esr:
+ enabled: false
+log:
+ enabled: true
+sniro-emulator:
+ enabled: false
+oof:
+ enabled: false
+msb:
+ enabled: true
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+ config:
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+policy:
+ enabled: true
+portal:
+ enabled: false
+robot:
+ enabled: true
+sdc:
+ enabled: true
+sdnc:
+ enabled: false
+
+ replicaCount: 1
+
+ config:
+ enableClustering: false
+
+ mysql:
+ disableNfsProvisioner: true
+ replicaCount: 1
+so:
+ enabled: false
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+
+ # configure embedded mariadb
+ mariadb:
+ config:
+ mariadbRootPassword: password
+uui:
+ enabled: false
+vfc:
+ enabled: false
+vid:
+ enabled: false
+vnfsdk:
+ enabled: false
diff --git a/onap-offline/cfg/v3.ext b/onap-offline/cfg/v3.ext
new file mode 100644
index 0000000..b4a6e43
--- /dev/null
+++ b/onap-offline/cfg/v3.ext
@@ -0,0 +1,24 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = nexus.student12
+DNS.2 = gcr.io
+DNS.3 = git.rancher.io
+DNS.4 = gerrit.onap.org
+DNS.5 = registry-1.docker.io
+DNS.6 = docker.io
+DNS.7 = registry.npmjs.org
+DNS.8 = nexus3.onap.org
+DNS.9 = nexus.onap.org
+DNS.10 = docker.elastic.co
+DNS.11 = www.getcloudify.org
+DNS.12 = registry.hub.docker.com
+DNS.13 = github.com
+DNS.14 = repo.maven.apache.org
+DNS.15 = www.springframework.org
+DNS.16 = repo1.maven.org
+DNS.17 = git.onap.org
+