aboutsummaryrefslogtreecommitdiffstats
path: root/bootstrap/vagrant-onap/lib/files
diff options
context:
space:
mode:
Diffstat (limited to 'bootstrap/vagrant-onap/lib/files')
-rw-r--r--bootstrap/vagrant-onap/lib/files/aai.pem102
-rw-r--r--bootstrap/vagrant-onap/lib/files/haproxy.cfg120
-rw-r--r--bootstrap/vagrant-onap/lib/files/settings.template27
3 files changed, 232 insertions, 17 deletions
diff --git a/bootstrap/vagrant-onap/lib/files/aai.pem b/bootstrap/vagrant-onap/lib/files/aai.pem
new file mode 100644
index 000000000..d446705c7
--- /dev/null
+++ b/bootstrap/vagrant-onap/lib/files/aai.pem
@@ -0,0 +1,102 @@
+Bag Attributes
+ friendlyName: aaiopenecomp
+ localKeyID: 54 69 6D 65 20 31 34 39 35 35 31 32 38 30 33 36 34 39
+subject=/C=US/ST=NJ/L=Bedminster/O=OpenECOMP/OU=SimpleDemo/CN=aai.api.simpledemo.openecomp.org/emailAddress=aai-host@api.simpledemo.openecomp.org
+issuer=/C=US/ST=NJ/L=Bedminster/O=OpenECOMP/OU=simpledemo/CN=OpenECOMP simpledemo Server CA X1/emailAddress=simpledemo@openecomp.org
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA3GgAwIBAgIJAIPKfDLcn3MpMA0GCSqGSIb3DQEBCwUAMIGtMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
+BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzEqMCgGA1UEAwwhT3Bl
+bkVDT01QIHNpbXBsZWRlbW8gU2VydmVyIENBIFgxMScwJQYJKoZIhvcNAQkBFhhz
+aW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwHhcNMTYxMTMwMTUzODM5WhcNMTcxMTMw
+MTUzODM5WjCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMRMwEQYDVQQHDApC
+ZWRtaW5zdGVyMRIwEAYDVQQKDAlPcGVuRUNPTVAxEzARBgNVBAsMClNpbXBsZURl
+bW8xKTAnBgNVBAMMIGFhaS5hcGkuc2ltcGxlZGVtby5vcGVuZWNvbXAub3JnMTQw
+MgYJKoZIhvcNAQkBFiVhYWktaG9zdEBhcGkuc2ltcGxlZGVtby5vcGVuZWNvbXAu
+b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQrQl8A0rT0Jjlos
+Mr/7LEhT5UOif4GGPOk+3NCIxT3lOqAbUf+d9ZXyT2jWFRiKWua03vQ+Dxc8c2h2
+RRuH8LwEiOiWqPjWRxNqsARzZMI3ryHFCFBZh0FcpjH9kEeKVlLDYuV68k+ZucKd
+NiqUNn61lD7kbmEGwvzKwf91FrJ09+CBMx1OnWKm3gCNKDqAEFMZCOdn2MgesJYB
+/03lzPBS1jDfBXImXRcTBzpgA+wdCLn0cIQ1eLWUwS5tUqUJNh36nHdVyJ0P2Yjd
+JLuxhFcmBKOz1ShyyO+BBtKBO8EGbU6qKflOiwOw0Fsn8LjKcrHQ58NPui5y04BU
+Rypf3QIDAQABo4GdMIGaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgO4MB0G
+A1UdDgQWBBQyMUOsE2J+CKzK0qd8KFBD2gaWyjBbBgNVHSAEVDBSMFAGBFUdIAAw
+SDBGBggrBgEFBQcCAjA6GjhLZWVwIGF3YXkgZnJvbSBjaGlsZHJlbi4gIFRoaXMg
+Y2VydGlmaWNhdGUgaXMgbm90IGEgdG95LjANBgkqhkiG9w0BAQsFAAOCAQEAnkoy
+2tWJOyyyIQwtVojUxv1GWQPnw3WCUcKpuX4CJhHXLxNErW1fBg7bmo08BNmBPPpq
+WrJsy5lbBgUo9kgpViux5Stfy1rRIRsRLfl/icgCvJmUAxkmRCZL7yUvwG4K7s+8
+DwT+nW/XuWNP6Hd/qHccexB6COJ8KwvTdVoxAkCdX8qw4MCb/f7Kb1yle/vwBM5Q
+UUONCJ4bEns1vnb9DGlNDUJNwCfwORAaVJpVS38Mv4UnSTmb2KMePtCWcx/dNsYR
+2XrSGqLDnTvHwOpyhbfFTmackysGoSuDytORXy8YbwEiF13BwEK8i3rgNN0Z2ojf
+cpmE2xxmaa+A2uuN6g==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: root
+ 2.16.840.1.113894.746875.1.1: <Unsupported tag 6>
+subject=/C=US/ST=NJ/L=Bedminster/O=OpenECOMP/OU=simpledemo/CN=OpenECOMP simpledemo Server CA X1/emailAddress=simpledemo@openecomp.org
+issuer=/C=US/ST=NJ/L=Bedminster/O=OpenECOMP/OU=simpledemo/CN=OpenECOMP simpledemo Root Certification Authority/emailAddress=simpledemo@openecomp.org
+-----BEGIN CERTIFICATE-----
+MIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
+BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
+bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
+MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
+ODIxMTQyNloXDTIxMTEyNzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
+DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
+EQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQDDCFPcGVuRUNPTVAgc2ltcGxlZGVt
+byBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNpbXBsZWRlbW9Ab3BlbmVj
+b21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr4rivKQuRk
+YNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz6Ej7
+PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv
+5kQ9uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmV
+otXM4tT1dxyJxFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoI
+voKvoh3uZ5gEhGV8yfJxk1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQ
+SWimWtOi4e8CAwEAAaOBtTCBsjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9tsaJhM9HE5wwcAYDVR0gBGkwZzBl
+BgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRydXN0IHRoaXMgY2VydCB0
+aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUgaW50ZXJlc3Rl
+ZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4aZP/7
+IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNX
+n4OpNkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8
+XUTuzEQQ3gUSyVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs
+2KMQzorJ1ZNQf523yUTghbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwa
+SxGSiAgeLbwAUCvPNl27zr6k6+7TcNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwE
+zGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5UrclU1vK+dnuiKE2X4rKuBTRYRFR/
+km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BASKqgNdoT/SKBXqxgYlCb
+o+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQUwwnSrSfihh2T
+j0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO0k1t
+qbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLo
+z/Rd+SKtlrfb
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: aaiopenecomp
+ localKeyID: 54 69 6D 65 20 31 34 39 35 35 31 32 38 30 33 36 34 39
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBCtCXwDStPQmO
+Wiwyv/ssSFPlQ6J/gYY86T7c0IjFPeU6oBtR/531lfJPaNYVGIpa5rTe9D4PFzxz
+aHZFG4fwvASI6Jao+NZHE2qwBHNkwjevIcUIUFmHQVymMf2QR4pWUsNi5XryT5m5
+wp02KpQ2frWUPuRuYQbC/MrB/3UWsnT34IEzHU6dYqbeAI0oOoAQUxkI52fYyB6w
+lgH/TeXM8FLWMN8FciZdFxMHOmAD7B0IufRwhDV4tZTBLm1SpQk2Hfqcd1XInQ/Z
+iN0ku7GEVyYEo7PVKHLI74EG0oE7wQZtTqop+U6LA7DQWyfwuMpysdDnw0+6LnLT
+gFRHKl/dAgMBAAECggEBAJko2HkeIW01mUhdWOXnFgR7WjzzXZEmlffr41lVBr7f
+rejGsQZs9cms73R7rCdOsi8PDoA6bqaQfADg571K659fvYVWbHqh+3im+iWvUlKm
+GYIVG/vNrEq43CZsUU7Qw/xba/QiOFraNxCATTV1sORPwgddouXEi5XW9ZPX9/FJ
+wORx4L/K0DfHX1rr+rtOoHCJdZYhn3Ij87kmR8Mwg0fNeWhHqtxUEyM/itRjCvOe
+mgt2V8DORhmq12L4+5QJctBrkBVRp9Rh6YSZZBGnKbTSgf4q648BdkJDLSK4cguT
+D6BAw3gxj5V4wt5W0wn2JpjadFwnixrTzvMP/yAqfK0CgYEA93nBAoUPw8nzQkwk
+8iWBjfJ999Rw92hnnvk3xbcQcGfgUYuB4dxwe6FQTmFIVylt81er1YUvMb3ao7fo
+5ZcGnI5p1idjsd27kbZJLxb5Oh919hKu5IfkfYsVgnC0UdKCTgH5CaH0U4ATuXwt
+RL6qm0XcLALs5y2OO6z3s+mYhisCgYEAx7EQ8MA45bkXnRQiHBhGcIIcr2sRDfVJ
+OhHmGxx3EcYgtsIYKTqtQOyIt/nQxo6iyNL9bzfzBTybFJLuj63ZG1Ef4LosJedl
+eAU2NsKv5MlKYDSdNbLAJ0Op9I2Xu/pXQecPwY/3MkIQArdQCLevMLEGywCsuJTn
+BjkJNDkb9hcCgYAhoFiaiAwJVYKJSqFmibQd3opBR4uGApi54DE021gPff3b9rHS
+R8q88cFgtRVISqfW/d2qaKtt/dcckdvCfo/2a99zqux/+ZoIBZXSITQCMs4rfoRn
+JxPj/ycQD1JhH9J22QvGxEvXoLqNZJMeGS5DZO2yyT75dpYyA6Gwv5fq+wKBgQC5
+AhV917lfLELyZurLOLpaFlHZO8rLMcusH1UfHRo7v2IjsGOOHyzRD9QDD1IcA55R
+jRj8Z8uhuGq9fvvC5gBVTK3KGPI6E85wifOWfH1V7CAaTeSxEXDxb8EQL/a6U89v
+4VE5tdYCHC6VNZzS1staw0hV38QmJt57Z3Bdj+OV9QKBgE/b9fxpo+SVQ37BzNNY
+SEKTTijaddz8fdomApg6a2eFJL93Ej/op7N7gnHtPWMivPnRRza9ZjfnG+aZ7n2J
+sWyBiZK9xliS2TsF3l3q9Z0Vaq3i1nOlV7Bd20ZS8KjQjDtKnIRfLkQDkvmXbU5L
+emwkdsQZbpPFJch3mCGtI7JW
+-----END PRIVATE KEY-----
diff --git a/bootstrap/vagrant-onap/lib/files/haproxy.cfg b/bootstrap/vagrant-onap/lib/files/haproxy.cfg
new file mode 100644
index 000000000..9ee24e629
--- /dev/null
+++ b/bootstrap/vagrant-onap/lib/files/haproxy.cfg
@@ -0,0 +1,120 @@
+global
+ log /dev/log local0
+ stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+ stats timeout 30s
+ user root
+ group root
+ daemon
+ #################################
+ # Default SSL material locations#
+ #################################
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ # Default ciphers to use on SSL-enabled listening sockets.
+ # For more information, see ciphers(1SSL). This list is from:
+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ # An alternative list with additional directives can be obtained from
+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+ tune.ssl.default-dh-param 2048
+
+defaults
+ log global
+ mode http
+ option httplog
+# option dontlognull
+# errorfile 400 /etc/haproxy/errors/400.http
+# errorfile 403 /etc/haproxy/errors/403.http
+# errorfile 408 /etc/haproxy/errors/408.http
+# errorfile 500 /etc/haproxy/errors/500.http
+# errorfile 502 /etc/haproxy/errors/502.http
+# errorfile 503 /etc/haproxy/errors/503.http
+# errorfile 504 /etc/haproxy/errors/504.http
+
+ option http-server-close
+ option forwardfor except 127.0.0.1
+ retries 6
+ option redispatch
+ maxconn 50000
+ timeout connect 50000
+ timeout client 480000
+ timeout server 480000
+ timeout http-keep-alive 30000
+
+
+frontend IST_8443
+ mode http
+ bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto https if { ssl_fc }
+ http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+ http-request set-header X-AAI-SSL %[ssl_fc]
+ http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify]
+ http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn]
+ http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
+ http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn]
+ http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
+ http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]
+ http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64]
+ http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)]
+ http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)]
+ http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
+ http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
+ http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+ reqadd X-Forwarded-Proto:\ https
+ reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+
+ default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-resources.api.simpledemo.openecomp.org aai-resources.api.simpledemo.openecomp.org:8447 port 8447 ssl verify none
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-traversal.api.simpledemo.openecomp.org aai-traversal.api.simpledemo.openecomp.org:8446 port 8446 ssl verify none
+
+listen IST_AAI_STATS
+ mode http
+ bind *:8080
+ stats uri /stats
+ stats enable
+ stats refresh 30s
+ stats hide-version
+ stats auth admin:admin
+ stats show-legends
+ stats show-desc IST AAI APPLICATION NODES
+ stats admin if TRUE
diff --git a/bootstrap/vagrant-onap/lib/files/settings.template b/bootstrap/vagrant-onap/lib/files/settings.template
index 3b974c949..f441f950c 100644
--- a/bootstrap/vagrant-onap/lib/files/settings.template
+++ b/bootstrap/vagrant-onap/lib/files/settings.template
@@ -1,7 +1,6 @@
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
-
<!-- offline
| Determines whether maven should attempt to connect to the network when executing a build.
| This will have an effect on artifact downloads, artifact deployment, and others.
@@ -29,7 +28,6 @@
| repository, to be used as an alternate download site. The mirror site will be the preferred
| server for that repository.
|-->
-
<!-- profiles
| This is a list of profiles which can be activated in a variety of ways, and which can modify
| the build process. Profiles provided in the settings.xml are intended to provide local machine-
@@ -51,17 +49,18 @@
| variables for plugins in the POM.
|
|-->
-
-
-
-
-
<profiles>
<profile>
-
+ <id>00_maven</id>
+ <repositories>
+ <repository>
+ <id>00_maven</id>
+ <url>https://maven.restlet.com</url>
+ </repository>
+ </repositories>
+ </profile>
+ <profile>
<id>10_nexus</id>
- <!--Enable snapshots for the built in central repo to direct -->
- <!--all requests to nexus via the mirror -->
<repositories>
<repository>
<id>10_nexus</id>
@@ -70,7 +69,6 @@
<snapshots><enabled>true</enabled></snapshots>
</repository>
</repositories>
-
<pluginRepositories>
<pluginRepository>
<id>10_nexus</id>
@@ -79,7 +77,6 @@
<snapshots><enabled>true</enabled></snapshots>
</pluginRepository>
</pluginRepositories>
-
</profile>
<profile>
<id>20_openecomp-public</id>
@@ -174,7 +171,6 @@
</pluginRepository>
</pluginRepositories>
</profile>
-
<profile>
<id>50_openecomp-snapshots</id>
<repositories>
@@ -235,7 +231,6 @@
</pluginRepository>
</pluginRepositories>
</profile>
-
<profile>
<id>70_opendaylight-snapshots</id>
<repositories>
@@ -266,8 +261,8 @@
</pluginRepositories>
</profile>
</profiles>
-
<activeProfiles>
+ <activeProfile>00_maven</activeProfile>
<activeProfile>10_nexus</activeProfile>
<activeProfile>20_openecomp-public</activeProfile>
<activeProfile>30_openecomp-staging</activeProfile>
@@ -275,7 +270,5 @@
<activeProfile>50_openecomp-snapshots</activeProfile>
<activeProfile>60_opendaylight-release</activeProfile>
<activeProfile>70_opendaylight-snapshots</activeProfile>
-
</activeProfiles>
-
</settings>