diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2021-11-08 21:44:45 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-11-08 21:44:45 +0000 |
commit | 1ea7de0d28ec4c589c1bef04192f10d403188640 (patch) | |
tree | 84e16d81575dca6166359cd13cc940d04f3d4126 /kubernetes/uui/components/uui-server | |
parent | d5ae6db805736529090f08955e5a9730e0cdadb3 (diff) | |
parent | e6a1a372edd6ecb6bd480e72558cbb33d0665541 (diff) |
Merge "[UUI] Automatically retrieve certificates"
Diffstat (limited to 'kubernetes/uui/components/uui-server')
6 files changed, 232 insertions, 2 deletions
diff --git a/kubernetes/uui/components/uui-server/requirements.yaml b/kubernetes/uui/components/uui-server/requirements.yaml new file mode 100644 index 0000000000..34cedc84cb --- /dev/null +++ b/kubernetes/uui/components/uui-server/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~9.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties new file mode 100644 index 0000000000..37f8467df1 --- /dev/null +++ b/kubernetes/uui/components/uui-server/resources/config/application.properties @@ -0,0 +1,53 @@ +## +## Copyright (C) 2017 CMCC, Inc. and others. All rights reserved. +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +## General App Properties +server.servlet.contextPath=/api/usecaseui-server/v1 +server.port=8082 +spring.http.multipart.max-file-size=128MB +spring.http.multipart.max-request-size=128MB + +## App DB Properties +spring.datasource.url=jdbc:postgresql://localhost:5432/uui +spring.datasource.username=uui +spring.datasource.password=uui +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL9Dialect +spring.database.driver.classname=org.postgresql.Driver +spring.jpa.show-sql=false +spring.jpa.properties.hibernate.format_sql=false +spring.jpa.properties.hibernate.show-sql=false +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults = false +spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext +spring.jpa.properties.hibernate.cache.use_second_level_cache=false +spring.jpa.properties.hibernate.cache.use_query_cache=false +#spring.jpa.properties.hibernate.allow_update_outside_transaction=true + +## Basic Authentication Properties +# security.user.name=usecase +# security.user.password=usecase + +## Logback Properties +logging.file.name=logs/usecaseui_server.log +logging.level.*=INFO + +#enable shutdown +endpoints.shutdown.enabled=true +endpoints.shutdown.sensitive=false + +server.ssl.protocol=TLS +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.key-store-type=PKCS12
\ No newline at end of file diff --git a/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh new file mode 100644 index 0000000000..f96dd74bd3 --- /dev/null +++ b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh @@ -0,0 +1,43 @@ +#!/bin/bash +{{/* +# +# Copyright 2016-2017 ZTE Corporation. +# Copyright 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} + +main_path="/home/uui" +echo @main_path@ $main_path + +echo "Starting postgreSQL..." +#service postgresql start +postmaster -D /usr/share/postgresql/data & +sleep 10 + +echo "usecase-ui database init script start..." +dbScript="$main_path/resources/bin/initDB.sh" +source $dbScript 127.0.0.1 5432 postgres uui +echo "usecase-ui database init script finished normally..." + +JAVA_PATH="$JAVA_HOME/bin/java" +JAVA_OPTS="-Xms50m -Xmx128m" +echo @JAVA_PATH@ $JAVA_PATH +echo @JAVA_OPTS@ $JAVA_OPTS + +jar_path="$main_path/usecase-ui-server.jar" +echo @jar_path@ $jar_path + +echo "Starting usecase-ui-server..." +$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS
\ No newline at end of file diff --git a/kubernetes/uui/components/uui-server/templates/configmap.yaml b/kubernetes/uui/components/uui-server/templates/configmap.yaml new file mode 100644 index 0000000000..0f0bd37c26 --- /dev/null +++ b/kubernetes/uui/components/uui-server/templates/configmap.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }} diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml index ea6f7b7a23..b7a385d30e 100644 --- a/kubernetes/uui/components/uui-server/templates/deployment.yaml +++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml @@ -35,10 +35,20 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + bash /uui/run.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -50,8 +60,7 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -62,5 +71,24 @@ spec: value: {{tpl .Values.msbaddr .}} - name: MR_ADDR value: {{tpl .Values.mraddr .}} + {{- if .Values.global.aafEnabled }} + - name: SPRING_OPTS + value: --spring.config.location=file:/config/application.properties + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /uui/run.sh + name: entrypoint + subPath: run.sh + - mountPath: /config/application.properties + name: config + subPath: application.properties + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 6017f2640e..1b652d553b 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -18,6 +18,44 @@ global: uuiPortPrefix: 303 +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: uui-server-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: uui + fqi: uui@uui.onap.org + fqi_namespace: org.onap.uui + public_fqdn: uui.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + subChartsOnly: enabled: true |