summaryrefslogtreecommitdiffstats
path: root/kubernetes/clamp/components/clamp-backend/resources
diff options
context:
space:
mode:
authorChrisC <christophe.closset@intl.att.com>2020-09-11 18:39:23 +0200
committerChrisC <christophe.closset@intl.att.com>2020-09-17 15:15:13 +0200
commit2325efd0b6f8b094f6a801bf55d6ff6f53e9cbfa (patch)
treeca6323d4e590c648b333cfc87122018d3e273323 /kubernetes/clamp/components/clamp-backend/resources
parent98efeea41f5617760fcc5fdb6718409b69684db9 (diff)
[CLAMP] AAF certificate using certinializer
use of auto-generated certificates via AAF side-car at OOM deployment time for CLAMP. Issue-ID: CLAMP-884 Change-Id: I24f5a119714a5e46c4d0c152c03b6bc545135b8e Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com> Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Diffstat (limited to 'kubernetes/clamp/components/clamp-backend/resources')
-rw-r--r--kubernetes/clamp/components/clamp-backend/resources/config/application.properties69
-rw-r--r--kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml53
-rw-r--r--kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json18
3 files changed, 140 insertions, 0 deletions
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
new file mode 100644
index 0000000000..b2cee395b9
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
@@ -0,0 +1,69 @@
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
+# reserved.
+# ================================================================================
+# Modifications copyright (c) 2019 Nokia
+# ================================================================================\
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+{{- if .Values.global.aafEnabled }}
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+server.ssl.key-store-password=${cadi_keystore_password_p12}
+server.ssl.key-password=${cadi_key_password}
+server.ssl.key-store-type=PKCS12
+server.ssl.key-alias={{ .Values.certInitializer.fqi }}
+
+# The key file used to decode the key store and trust store password
+# If not defined, the key store and trust store password will not be decrypted
+clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
+
+## Config part for Client certificates
+server.ssl.client-auth=want
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+server.ssl.trust-store-password=${cadi_truststore_password}
+{{- end }}
+
+#clds datasource connection details
+spring.datasource.username=${MYSQL_USER}
+spring.datasource.password=${MYSQL_PASSWORD}
+spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements
+
+#The log folder that will be used in logback.xml file
+clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
+
+#
+# Configuration Settings for Policy Engine Components
+clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969
+clamp.config.policy.api.userName=healthcheck
+clamp.config.policy.api.password=zb!XztG34
+clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969
+clamp.config.policy.pap.userName=healthcheck
+clamp.config.policy.pap.password=zb!XztG34
+
+#DCAE Inventory Url Properties
+clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080
+clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+#DCAE Deployment Url Properties
+clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.deployment.userName=none
+clamp.config.dcae.deployment.password=none
+
+#AAF related parameters
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 \ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
new file mode 100644
index 0000000000..dab2e44f5e
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,53 @@
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json
new file mode 100644
index 0000000000..3adda95c11
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json
@@ -0,0 +1,18 @@
+{
+ "sdc-connections":{
+ "sdc-controller":{
+ "user": "clamp",
+ "consumerGroup": "clamp",
+ "consumerId": "clamp",
+ "environmentName": "AUTO",
+ "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "pollingInterval":30,
+ "pollingTimeout":30,
+ "activateServerTLSAuth":"false",
+ "keyStorePassword":"",
+ "keyStorePath":"",
+ "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"]
+ }
+ }
+}