diff options
Diffstat (limited to 'kubernetes/policy/charts')
7 files changed, 24 insertions, 16 deletions
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index e7c6298759..2f65c87bc2 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -18,8 +18,8 @@ BRMSGW_JMX_PORT=9989 COMPONENT_X_MX_MB=1024 COMPONENT_X_MS_MB=1024 -REST_PAP_URL=http://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=http://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ +REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ +REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ PDP_HTTP_USER_ID=testpdp PDP_HTTP_PASSWORD=alpha123 diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf index 1236176514..6962f9de31 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf @@ -18,6 +18,7 @@ POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap/policy/pdpd JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 KEYSTORE_PASSWD=Pol1cy_0nap +TRUSTSTORE_PASSWD=Pol1cy_0nap # Telemetry credentials diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh index a6c054dbc1..c44c8f0f52 100644 --- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh +++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh @@ -30,12 +30,12 @@ echo "Removing the vFW Policy from PDP.." echo echo -curl -v -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ +curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "pdpGroup": "default", "policyComponent" : "PDP", "policyName": "com.BRMSParamvFirewall", "policyType": "BRMS_Param" -}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy +}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy sleep 20 @@ -45,7 +45,7 @@ echo echo "Updating vFW Operational Policy .." echo -curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ +curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "policyConfigType": "BRMS_PARAM", "policyName": "com.BRMSParamvFirewall", "policyDescription": "BRMS Param vFirewall policy", @@ -60,7 +60,7 @@ curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/ "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" } } -}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy +}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy sleep 5 @@ -70,11 +70,11 @@ echo "Pushing the vFW Policy .." echo echo -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ +curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "pdpGroup": "default", "policyName": "com.BRMSParamvFirewall", "policyType": "BRMS_Param" -}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy +}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy sleep 20 @@ -95,7 +95,7 @@ echo "PDP-D amsterdam maven coordinates .." echo echo -curl -vvv --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool +curl -vvv -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool echo @@ -104,4 +104,4 @@ echo "PDP-D control loop updated .." echo echo -curl -v --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool +curl -v -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf index 8e0b88213d..52480e59ff 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf @@ -29,8 +29,8 @@ TOMCAT_X_MX_MB=1024 UEB_CLUSTER=message-router -REST_PAP_URL=http://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=http://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/ +REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ +REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/ REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps REST_PDP_REGISTER=true diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf index 7f894fd4a9..e7171c280e 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf @@ -17,7 +17,7 @@ LOGPARSER_JMX_PORT=9997 LOGPARSER_X_MS_MB=1024 LOGPARSER_X_MX_MB=1024 -SERVER=http://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/ +SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/ LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf index c5dd8ca2a7..be18e55746 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf @@ -16,6 +16,7 @@ JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap KEYSTORE_PASSWD=Pol1cy_0nap +TRUSTSTORE_PASSWD=Pol1cy_0nap JDBC_DRIVER=org.mariadb.jdbc.Driver JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.nameOverride }}:{{.Values.config.mariadbPort}}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh index defae52b4b..fc27782a2d 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh @@ -59,9 +59,15 @@ else . /opt/app/policy/etc/profile.d/env.sh # install keystore - #changed to use http instead of http, so keystore no longer needed - #cp config/policy-keystore.jks $POLICY_HOME/etc/ssl/policy-keystore - + # override the policy keystore and truststore if present + if [[ -f config/policy-keystore ]]; then + cp config/policy-keystore $POLICY_HOME/etc/ssl + fi + + if [[ -f config/policy-truststore ]]; then + cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl + fi + if [[ -f config/$container-tweaks.sh ]] ; then # file may not be executable; running it as an # argument to bash avoids needing execute perms. |