Deploy dmaap-bc with downloaded certs

This fixes the charts to properly install new SSL artifacts from AAF. And we use the newest container version that uses cadi library to read these artifacts. Issue-ID: DMAAP-1401 Signed-off-by: Dominic Lunanuova <dgl@research.att.com> Change-Id: I4d70716220a7f3e629762d3bef2149e3b0147133
author: Dominic Lunanuova <dgl@research.att.com> 2020-03-12 16:36:09 +0000
committer: Dominic Lunanuova <dgl@research.att.com> 2020-03-13 23:18:08 +0000
commit: de7a02b8315cd614e8fe277675423872d490fbb6 (patch)
tree: fd29f266479e6735752d9d616ddc94b79e42c14d /kubernetes/dmaap/components/dmaap-bc/resources
parent: 367b492a7fab6170e726b24e39fe82d0c19358ae (diff)
2 files changed, 97 insertions, 42 deletions
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
index cde43f95b7..84a42d6436 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
@@ -14,4 +14,4 @@
 
 # Environment settings for starting a container
 DMAAPBC_WAIT_TO_EXIT=Y
-
+DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
index e43182daa3..59f64bd99c 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
@@ -12,43 +12,47 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#####################################################
-#
-# ONAP Casablanca oom configurable deployment params:
-#
-#####################################################
-
 
 #####################################################
 #
 # Hooks for specific environment configurations
 #
 #####################################################
-# Indicator for whether to use AAF
+# Indicator for whether to use AAF for authentication
 UseAAF: {{ .Values.global.aafEnabled }}
 
-# csit: stubs out some southbound APIs for csit
-csit: No
+# Stub out southbound calls for Unit Test cases to run.  e.g. not timeout
+# Comment out in other environments to get default (No)
+#UnitTest: Yes
 
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
 
 #####################################################
 #
 # Settings for Southbound API: Datarouter
 #
 #####################################################
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
 
 # URI to retrieve dynamic DR configuration
 ProvisioningURI:  /internal/prov
 
 # indicator for handling feed delete:
 #  DeleteOnDR - means use the DR API to DELETE a feed.  (default for backwards compatibility)
-#  SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL.  Better for cfy environments.
+#  SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL.  Better for cloudify environments.
 Feed.deleteHandling: SimulateDelete
 
+###########################################################
+# The following properties default to match ONAP DR instance.
+# However, there are some non-ONAP DR instances that require other values.
+# Sets the X-DR-ON-BEHALF-OF HTTP Header value
+#DR.onBehalfHeader:
+# Value for the Content-Type Header in DR Feed API
+#DR.feedContentType:
+# Value for the Content-Type Header in DR Subscription API
+#DR.subContentType:
+#
+# END OF properties helpful for non-ONAP DR instance.
+############################################################
+
 #####################################################
 #
 # Settings for Soutbound API: Postgresql
@@ -86,6 +90,9 @@ MR.multisite: false
 # In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
 MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
 
+# Indicator for whether we want hostname verification on SSL connection to MR
+MR.hostnameVerify: false
+
 # MR Client Delete Level thoroughness:
 #  0 = don't delete
 #  1 = delete from persistent store
@@ -104,6 +111,12 @@ MR.projectID:  mr
 # Use Basic Authentication when provisioning topics
 MR.authentication: basicAuth
 
+# MR topic name style (default is FQTN_LEGACY_FORMAT)
+#MR.topicStyle: FQTN_LEGACY_FORMAT
+#
+# end of MR Related Properties
+################################################################################
+
 
 #####################################################
 #
@@ -136,14 +149,20 @@ aaf.AdminPassword: {{ .Values.adminPwd }}
 # Identity that is owner of any created namespaces for topics
 aaf.NsOwnerIdentity: {{ .Values.adminUser }}
 
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-CredentialCodeKeyfile: etc/LocalKey
 
 # this overrides the Class used for Decryption.
 # This allows for a plugin encryption/decryption method if needed.
 # Call this Class for decryption at runtime.
 #AafDecryption.Class: com.company.proprietaryDecryptor
 
+# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
+# Not used in ONAP, but possibly used with Decryption override class.
+#CredentialCodeKeyfile: etc/LocalKey
+
+#
+# endof AAF Properties
+####################################################
+
 
 #####################################################
 #
@@ -172,11 +191,53 @@ MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org
 # pwd for Identity used to publish MM prov cmds
 MM.ProvUserPwd: demo123456!
 
-# AAF Role of MirrorMaker agent subscribed to prov cmds
+# AAF Role of MirrorMaker agent subscribed to prov cmds.
 MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
 
 #####################################################
 #
+# Certificate Management
+#
+#####################################################
+
+# Indicates how we are expecting certificates to be provided:
+#  cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
+#  legacy (default) - artifacts will be installed manually or some other way and details will be in this file
+CertificateManagement: cadi
+
+# When CertificateManagement is cadi, then this is where all the cadi properties will be.
+# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
+cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
+
+###########################################################################################
+# When CertificateManagement is legacy, we need to provide more details about cert handling:
+#CertificateManagement: legacy
+# the type of keystore for https (for legacy CertificateManagment only)
+#KeyStoreType: jks
+
+# path to the keystore file (for legacy CertificateManagment only)
+#KeyStoreFile: etc/keystore
+
+# password for the https keystore (for legacy CertificateManagment only)
+#KeyStorePassword:  Y@Y5f&gm?PAz,CVQL,lk[VAF
+# password for the private key in the https keystore (for legacy CertificateManagment only)
+#KeyPassword: changeit
+
+# type of truststore for https (for legacy CertificateManagment only)
+#TrustStoreType: jks
+
+# path to the truststore for https (for legacy CertificateManagment only)
+#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
+
+# password for the https truststore (for legacy CertificateManagment only)
+#TrustStorePassword: changeit
+#
+# END OF legacy CertificateManagement properties
+###########################################################################################
+
+
+#####################################################
+#
 # HTTP Server Configuration
 #
 #####################################################
@@ -191,30 +252,24 @@ IntHttpPort: 8080
 # set to 0 if no certificates are available.
 IntHttpsPort: 8443
 
-# external port number for https taking port mapping into account
-ExtHttpsPort: 443
-
-# the type of keystore for https
-KeyStoreType: jks
-
-# path to the keystore file
-KeyStoreFile: etc/keystore
-
-# password for the https keystore
-KeyStorePassword:  Y@Y5f&gm?PAz,CVQL,lk[VAF
-# password for the private key in the https keystore
-KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
 
-# type of truststore for https
-TrustStoreType: jks
-
-# path to the truststore for https
-TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
-
-# password for the https truststore
-TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY*
-
-# path to the file used to trigger an orderly shutdown
-QuiesceFile: etc/SHUTDOWN
 
 inHttpsPort: 0
+
+#####################################################
+#
+# Deprecated
+#
+#####################################################
+# csit: stubs out some southbound APIs for csit  (deprecated)
+#csit: No
+# name of this DMaaP instance (deprecated)
+#DmaapName: demo
+# external port number for https taking port mapping into account  (deprecated)
+#ExtHttpsPort: 443
+# path to the file used to trigger an orderly shutdown (deprecated)
+#QuiesceFile: etc/SHUTDOWN
+# FQDN of DR Prov Server (deprecated)
+#DR.provhost: dcae-drps.domain.not.set
+# root of topic namespace (decrecated)
+#topicNsRoot: org.onap.dcae.dmaap
author	Dominic Lunanuova <dgl@research.att.com>	2020-03-12 16:36:09 +0000
committer	Dominic Lunanuova <dgl@research.att.com>	2020-03-13 23:18:08 +0000
commit	de7a02b8315cd614e8fe277675423872d490fbb6 (patch)
tree	fd29f266479e6735752d9d616ddc94b79e42c14d /kubernetes/dmaap/components/dmaap-bc/resources
parent	367b492a7fab6170e726b24e39fe82d0c19358ae (diff)