From 59edc5d9b0f578e0b799c0350b39a08f9b040ab3 Mon Sep 17 00:00:00 2001 From: Haibin Huang Date: Mon, 1 Apr 2019 09:51:56 +0800 Subject: Add https support for multicloud ocata plugin The https endpoint can be enabled by setting env: SSL_ENABLED=true Change-Id: Ibc651851edb1dd2e143ba28c784f82562c0c9d30 Issue-ID: MULTICLOUD-535 Signed-off-by: Haibin Huang --- ocata/docker/Dockerfile | 6 ++++-- ocata/pub/ssl/cert/cert.crt | 21 +++++++++++++++++++++ ocata/pub/ssl/cert/cert.key | 27 +++++++++++++++++++++++++++ ocata/run.sh | 20 +++++++++++++++++++- 4 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 ocata/pub/ssl/cert/cert.crt create mode 100644 ocata/pub/ssl/cert/cert.key (limited to 'ocata') diff --git a/ocata/docker/Dockerfile b/ocata/docker/Dockerfile index 985b6442..5f9cd2b3 100644 --- a/ocata/docker/Dockerfile +++ b/ocata/docker/Dockerfile @@ -34,14 +34,16 @@ EXPOSE 9006 RUN groupadd -r onap && useradd -r -g onap onap RUN apt-get update && \ - apt-get install -y memcached wget unzip gcc && \ + apt-get install -y memcached wget unzip gcc libssl-dev && \ cd /opt/ && \ wget -O /opt/multicloud-openstack-ocata.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.openstack&a=multicloud-openstack-ocata&e=zip&v=1.3.0-SNAPSHOT" && \ unzip -q -o -B /opt/multicloud-openstack-ocata.zip -d /opt/ && \ rm -f /opt/multicloud-openstack-ocata.zip && \ pip install -r /opt/ocata/requirements.txt && \ - apt-get --purge remove -y wget unzip gcc && \ + apt-get --purge remove -y wget unzip gcc libssl-dev && \ apt-get -y autoremove && \ + mkdir -p /var/log/onap/multicloud/openstack/ocata && \ + chown onap:onap /var/log/onap -R && \ chown onap:onap /opt/ocata -R RUN mkdir -p /var/log/onap/multicloud/openstack/ocata/ diff --git a/ocata/pub/ssl/cert/cert.crt b/ocata/pub/ssl/cert/cert.crt new file mode 100644 index 00000000..e82e66bb --- /dev/null +++ b/ocata/pub/ssl/cert/cert.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgzCCAmsCCQD9YEV2Kl0P0zANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC +Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK +DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMjA4MTRa +Fw0yNzAzMTUwMjA4MTRaMHwxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhzaWNodWFu +ZzEQMA4GA1UEBwwHY2hlbmdkdTEMMAoGA1UECgwDenRlMQ4wDAYDVQQLDAV6ZW5h +cDEVMBMGA1UEAwwMKi56dGUuY29tLmNuMRMwEQYJKoZIhvcNAQkBFgRudWxsMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrViVMgvwA9yYBJvGsPtD0GF +Yv0fCL4Uo7gewitKImP8D8UtV7eRXZrEDtvnB2/jg/SpCeHelzR2OWdnjsWCWLeW +ERnff6Pm+tccKMQUqJllV477L+n45xlUw2Iv4w8k1M2AyQ+hqWOz9Tp+fp8XICAw +wiqqKDEclo2/Psgf5SmptZbNmjv4moKUGLy3lkgOTXz/dw9BZcid77cyhhQt0RrI +BLz/jBigkA0fWSeZIb4nTt/24JeeKLPjMUWeAwYebiS4pckICXkTpLl8/Owsqq3B +tuf2Qk3Jag0UO5zvNbl09+o9VyQcdDwPHSrbXXVSCvOsFkxbVEqZzAH7VheKnwID +AQABMA0GCSqGSIb3DQEBCwUAA4IBAQA7lw0gXfP+kfcU9cKkNmg5CtoKV2T7Xpnt +jw1Tn0YuzxR3xQmFsfcXGCD5S540uQiwINZgk+NE2qzTJylShPnjUW6DvHnzdayy +oKJmlKasZ8NCpv9lHAu+eggAMCbV1MH1mZVJqiED0gaenQAFGRAjyL7507CW9iCX +jBEEWOITpBQXQAC8TsOTQB1cHqIHFOi0rmSoDKlnGXjmofD1u3r5PChLaz4PkvGu +6CSYkOojbNYUcL4ghbFgY+dsDReN9v7nF8TQa2Vgx5cBYqqYHlBXfT1p9PP581Q8 +nWiSumRfQCwZzXdr7iUEKM3521GYKHLXfbs/aRtWAnd1ziHBpCuf +-----END CERTIFICATE----- diff --git a/ocata/pub/ssl/cert/cert.key b/ocata/pub/ssl/cert/cert.key new file mode 100644 index 00000000..5ad935fe --- /dev/null +++ b/ocata/pub/ssl/cert/cert.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxrViVMgvwA9yYBJvGsPtD0GFYv0fCL4Uo7gewitKImP8D8Ut +V7eRXZrEDtvnB2/jg/SpCeHelzR2OWdnjsWCWLeWERnff6Pm+tccKMQUqJllV477 +L+n45xlUw2Iv4w8k1M2AyQ+hqWOz9Tp+fp8XICAwwiqqKDEclo2/Psgf5SmptZbN +mjv4moKUGLy3lkgOTXz/dw9BZcid77cyhhQt0RrIBLz/jBigkA0fWSeZIb4nTt/2 +4JeeKLPjMUWeAwYebiS4pckICXkTpLl8/Owsqq3Btuf2Qk3Jag0UO5zvNbl09+o9 +VyQcdDwPHSrbXXVSCvOsFkxbVEqZzAH7VheKnwIDAQABAoIBAAFcgsTz7ifRs0Xn +Om2jg/9Dwqcv9sN3keqhO0y3QTXFG5f8ENh2AH/0rH0xkn6hjJx9056mtoCwslKo +W7RFtCPpdhS96aMVO2LikGXTGhUhn+keqKfmYXcr3EHObWeP1f/DPKuj+MaRUU1P +zkgNzPnCXrMl2a6Wz4xUgkfq1RUb1dv9C2cKGqHWYmUVx+mtATfTk4zXM/d47PRG +gpkJP40fwfUBo0dTuPdU4NxkG4LlcaJQv23bNAqyaz1Jo9E5yu4jKeTOns0bfJCd +Qvg9C91B3i3kcw1lBhk7qiS4vsdCLUrGRisIsveYC6rLgC3b+DNsRFZtxy0GetzN +1IYe8oECgYEA+FZyUqrdM8KwdQLiEoKsTSQMKt3gZh608cYKtvwkWSiWe9zoPx0H +KosyejrDd850XKqY3xOCf888H5benivrX9MmOtCxs5A/sVoooinJ7xTA7SaR3Qx6 +VpUZh6FewaG2QuWYSUmUEIbcSRhFX+qtWAtcG+HNzxU5x/cDjf/m3V8CgYEAzNbu +F64VZ/Dl8caAj7huM9wEST4ZTOx7xJCbcz7DmAJs3/XjacpK4S1sfsPBHwrnbCIQ +gO+AXbGUTuNze6QDR3uU/rRMk+qFZsuFHmNfwkJD0LWbsGP3FlHzVaW1oC1o8IgF +A9d5PV0eDoUV9dOfdhGR/48VS1xXA0YPWETRGsECgYAxzHQEa8sL1CC6dieLerS+ +i1n9Rpz3HXU/fm0roIhRcLgsgnH4JgQH3f3zUNFdtwLSiks5gJoMsyvlUcW2hiwe +/SKPbMYVsflzwRag3ixmSw0dAT0CzLvDnQaPkiaEQb9gztWo7J5KaiDGb52JzG+S +VkTUOoWg3yrFFJ2b3hMXlQKBgQCWVT9UPb0UFaaM9OQxlme6w8SZhGvJGt4S+xY7 +VFr0WwNQswN+BqtB67Zuqng3sib6I139YsjQ+p0f8Ko2mb6WXcqRy/1PqZTSRpei +H8iNp1hh+ocSw6r5xJdTylQsBGe57/nOQfuG36pJeb8ONYwYePivmHFGZ7SsgGSO +oaLdgQKBgQDerPjMGy0QxLXj/GncsfiK+ailuYsk9xAP6qIK780Nbl4m0UcjPVbf +vlgjL28HwtPYbWJCMp9rWKFfvavgxYALpgoEBC86UXfq7FHy8daBO69Juv/3smac +XtZPL1ejc2upq+XVwvOchfNSrxeyna3IhH+R6AugHWBu50ljImPJ7g== +-----END RSA PRIVATE KEY----- diff --git a/ocata/run.sh b/ocata/run.sh index 5cf7e748..027b98c8 100755 --- a/ocata/run.sh +++ b/ocata/run.sh @@ -16,4 +16,22 @@ memcached -d -m 2048 -u root -c 1024 -p 11211 -P /tmp/memcached1.pid export PYTHONPATH=lib/share -uwsgi --http :9006 --module ocata.wsgi --master --processes 4 + +#nohup python manage.py runserver 0.0.0.0:9006 2>&1 & + +if [ ${SSL_ENABLED} = "true" ]; then + nohup uwsgi --https :9006,ocata/pub/ssl/cert/cert.crt,ocata/pub/ssl/cert/cert.key --module ocata.wsgi --master --processes 4 & + +else + nohup uwsgi --http :9006 --module ocata.wsgi --master --processes 4 & +fi + +logDir="/var/log/onap/multicloud/openstack/ocata" +if [ ! -x $logDir ]; then + mkdir -p $logDir +fi +while [ ! -f $logDir/ocata.log ]; do + sleep 1 +done + +tail -F $logDir/ocata.log -- cgit 1.2.3-korg