summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/charts
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy/charts')
-rw-r--r--kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf4
-rw-r--r--kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf1
-rw-r--r--kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh16
-rw-r--r--kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf4
-rw-r--r--kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf2
-rw-r--r--kubernetes/policy/charts/policy-common/resources/config/pe/base.conf1
-rw-r--r--kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh12
7 files changed, 24 insertions, 16 deletions
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
index e7c6298759..2f65c87bc2 100644
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
+++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
@@ -18,8 +18,8 @@ BRMSGW_JMX_PORT=9989
COMPONENT_X_MX_MB=1024
COMPONENT_X_MS_MB=1024
-REST_PAP_URL=http://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=http://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
+REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
+REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
PDP_HTTP_USER_ID=testpdp
PDP_HTTP_PASSWORD=alpha123
diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
index 1236176514..6962f9de31 100644
--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
@@ -18,6 +18,7 @@ POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap/policy/pdpd
JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
KEYSTORE_PASSWD=Pol1cy_0nap
+TRUSTSTORE_PASSWD=Pol1cy_0nap
# Telemetry credentials
diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
index a6c054dbc1..c44c8f0f52 100644
--- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
+++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
@@ -30,12 +30,12 @@ echo "Removing the vFW Policy from PDP.."
echo
echo
-curl -v -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
"pdpGroup": "default",
"policyComponent" : "PDP",
"policyName": "com.BRMSParamvFirewall",
"policyType": "BRMS_Param"
-}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy
+}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy
sleep 20
@@ -45,7 +45,7 @@ echo
echo "Updating vFW Operational Policy .."
echo
-curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
"policyConfigType": "BRMS_PARAM",
"policyName": "com.BRMSParamvFirewall",
"policyDescription": "BRMS Param vFirewall policy",
@@ -60,7 +60,7 @@ curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/
"controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
}
}
-}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy
+}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy
sleep 5
@@ -70,11 +70,11 @@ echo "Pushing the vFW Policy .."
echo
echo
-curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
"pdpGroup": "default",
"policyName": "com.BRMSParamvFirewall",
"policyType": "BRMS_Param"
-}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy
+}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy
sleep 20
@@ -95,7 +95,7 @@ echo "PDP-D amsterdam maven coordinates .."
echo
echo
-curl -vvv --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool
+curl -vvv -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool
echo
@@ -104,4 +104,4 @@ echo "PDP-D control loop updated .."
echo
echo
-curl -v --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool
+curl -v -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
index 8e0b88213d..52480e59ff 100644
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
+++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
@@ -29,8 +29,8 @@ TOMCAT_X_MX_MB=1024
UEB_CLUSTER=message-router
-REST_PAP_URL=http://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=http://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
+REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
+REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config
REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps
REST_PDP_REGISTER=true
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf
index 7f894fd4a9..e7171c280e 100644
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf
+++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf
@@ -17,7 +17,7 @@ LOGPARSER_JMX_PORT=9997
LOGPARSER_X_MS_MB=1024
LOGPARSER_X_MX_MB=1024
-SERVER=http://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
+SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log
PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log
diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
index c5dd8ca2a7..be18e55746 100644
--- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
+++ b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
@@ -16,6 +16,7 @@ JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap
KEYSTORE_PASSWD=Pol1cy_0nap
+TRUSTSTORE_PASSWD=Pol1cy_0nap
JDBC_DRIVER=org.mariadb.jdbc.Driver
JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.nameOverride }}:{{.Values.config.mariadbPort}}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
index defae52b4b..fc27782a2d 100644
--- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
+++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
@@ -59,9 +59,15 @@ else
. /opt/app/policy/etc/profile.d/env.sh
# install keystore
- #changed to use http instead of http, so keystore no longer needed
- #cp config/policy-keystore.jks $POLICY_HOME/etc/ssl/policy-keystore
-
+ # override the policy keystore and truststore if present
+ if [[ -f config/policy-keystore ]]; then
+ cp config/policy-keystore $POLICY_HOME/etc/ssl
+ fi
+
+ if [[ -f config/policy-truststore ]]; then
+ cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl
+ fi
+
if [[ -f config/$container-tweaks.sh ]] ; then
# file may not be executable; running it as an
# argument to bash avoids needing execute perms.