summaryrefslogtreecommitdiffstats
path: root/cfg
diff options
context:
space:
mode:
Diffstat (limited to 'cfg')
-rw-r--r--cfg/cacert.cnf113
-rw-r--r--cfg/full_depl_values.yaml158
-rw-r--r--cfg/nexus_cert.cnf33
-rw-r--r--cfg/nginx.conf110
-rw-r--r--cfg/v3.ext24
5 files changed, 0 insertions, 438 deletions
diff --git a/cfg/cacert.cnf b/cfg/cacert.cnf
deleted file mode 100644
index a6917ca9..00000000
--- a/cfg/cacert.cnf
+++ /dev/null
@@ -1,113 +0,0 @@
-[ ca ]
-# `man ca`
-default_ca = CA_default
-
-[ CA_default ]
-# Directory and file locations.
-dir = ./
-certs = $dir/certs
-crl_dir = $dir/crl
-new_certs_dir = $dir/newcerts
-database = $dir/index.txt
-serial = $dir/serial
-RANDFILE = $dir/private/.rand
-
-# The root key and root certificate.
-private_key = $dir/private/ca.key.pem
-certificate = $dir/certs/ca.cert.pem
-
-# For certificate revocation lists.
-crlnumber = $dir/crlnumber
-crl = $dir/crl/ca.crl.pem
-crl_extensions = crl_ext
-default_crl_days = 30
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md = sha256
-
-name_opt = ca_default
-cert_opt = ca_default
-default_days = 3750
-preserve = no
-policy = policy_strict
-
-[ policy_strict ]
-# The root CA should only sign intermediate certificates that match.
-# See the POLICY FORMAT section of `man ca`.
-countryName = match
-organizationName = match
-commonName = supplied
-
-[ policy_loose ]
-# Allow the intermediate CA to sign a more diverse range of certificates.
-# See the POLICY FORMAT section of the `ca` man page.
-countryName = optional
-localityName = optional
-organizationName = optional
-commonName = supplied
-
-[ req ]
-# Options for the `req` tool (`man req`).
-default_bits = 4096
-distinguished_name = req_distinguished_name
-string_mask = utf8only
-prompt = no
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md = sha256
-
-# Extension to add when the -x509 option is used.
-x509_extensions = v3_ca
-
-[ req_distinguished_name ]
-# Optionally, specify some defaults.
-countryName = PL
-localityName = Krakow
-organizationName = Samsung
-commonName = onap
-
-[ v3_ca ]
-# Extensions for a typical CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-
-[ v3_intermediate_ca ]
-# Extensions for a typical intermediate CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-
-[ usr_cert ]
-# Extensions for client certificates (`man x509v3_config`).
-basicConstraints = CA:FALSE
-nsCertType = client, email
-nsComment = "OpenSSL Generated Client Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, emailProtection
-
-[ server_cert ]
-# Extensions for server certificates (`man x509v3_config`).
-basicConstraints = CA:FALSE
-nsCertType = server
-nsComment = "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-keyUsage = critical, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth
-
-[ crl_ext ]
-# Extension for CRLs (`man x509v3_config`).
-authorityKeyIdentifier=keyid:always
-
-[ ocsp ]
-# Extension for OCSP signing certificates (`man ocsp`).
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, digitalSignature
-extendedKeyUsage = critical, OCSPSigning
diff --git a/cfg/full_depl_values.yaml b/cfg/full_depl_values.yaml
deleted file mode 100644
index b16354e9..00000000
--- a/cfg/full_depl_values.yaml
+++ /dev/null
@@ -1,158 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # ONAP Repository
- # Uncomment the following to enable the use of a single docker
- # repository but ONLY if your repository mirrors all ONAP
- # docker images. This includes all images from dockerhub and
- # any other repository that hosts images for ONAP components.
- #repository: nexus3.onap.org:10001
- repositoryCred:
- user: docker
- password: docker
-
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
- # logging agent - temporary repo until images migrated to nexus3
- loggingRepository: docker.elastic.co
-
- # image pull policy
- #pullPolicy: Always
- pullPolicy: IfNotPresent
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: false
-
-# Repository for creation of nexus3.onap.org secret
-repository: nexus3.onap.org:10001
-
-
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the ONAP deployment.
-#################################################################
-aaf:
- enabled: true
-aai:
- enabled: true
-appc:
- enabled: true
- config:
- openStackType: OpenStackProvider
- openStackName: OpenStack
- openStackKeyStoneUrl: FILL-ME
- openStackServiceTenantName: FILL-ME
- openStackDomain: FILL-ME
- openStackUserName: FILL-ME
- openStackEncryptedPassword: FILL-ME
-clamp:
- enabled: true
-cli:
- enabled: true
-consul:
- enabled: true
-dcaegen2:
- enabled: true
-dmaap:
- enabled: true
-esr:
- enabled: true
-log:
- enabled: true
-sniro-emulator:
- enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
-multicloud:
- enabled: true
-nbi:
- enabled: true
- config:
- # openstack configuration
- openStackUserName: "FILL-ME"
- openStackRegion: "FILL-ME"
- openStackKeyStoneUrl: "FILL-ME"
- openStackServiceTenantName: "FILL-ME"
- openStackEncryptedPasswordHere: "FILL-ME"
-policy:
- enabled: true
-portal:
- enabled: true
-robot:
- enabled: true
-sdc:
- enabled: true
-sdnc:
- enabled: true
-
- replicaCount: 1
-
- config:
- enableClustering: false
-
- mysql:
- disableNfsProvisioner: true
- replicaCount: 1
-so:
- enabled: true
-
- replicaCount: 1
-
- liveness:
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
- # so server configuration
- config:
- # message router configuration
- dmaapTopic: "AUTO"
- # openstack configuration
- openStackUserName: "FILL-ME"
- openStackRegion: "FILL-ME"
- openStackKeyStoneUrl: "FILL-ME"
- openStackServiceTenantName: "FILL-ME"
- openStackEncryptedPasswordHere: "FILL-ME"
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
-uui:
- enabled: true
-vfc:
- enabled: true
-vid:
- enabled: true
-vnfsdk:
- enabled: true
-
diff --git a/cfg/nexus_cert.cnf b/cfg/nexus_cert.cnf
deleted file mode 100644
index ab8d5477..00000000
--- a/cfg/nexus_cert.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-[ req ]
-default_bits = 4096
-default_keyfile = server-key.pem
-distinguished_name = dn
-#req_extensions = v3_req
-x509_extensions = v3_req
-string_mask = utf8only
-prompt = no
-default_md = sha256
-
-[ dn ]
-
-countryName = PL
-localityName = Krakow
-organizationName = Samsung
-commonName = registry-1.docker.io
-#emailAddress
-
-[ v3_req ]
-
-#subjectKeyIdentifier = hash
-#authorityKeyIdentifier = keyid,issuer
-
-basicConstraints = CA:FALSE
-keyUsage = critical, keyAgreement, nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth
-# does not work here because of bug in openssl
-#subjectAltName = @alternate_names
-nsComment = "OpenSSL Generated Certificate"
-
-#[ alternate_names ]
-
-#DNS.4 = ftp.example.com
diff --git a/cfg/nginx.conf b/cfg/nginx.conf
deleted file mode 100644
index 7317d3f2..00000000
--- a/cfg/nginx.conf
+++ /dev/null
@@ -1,110 +0,0 @@
-worker_processes 2;
-
-events {
- worker_connections 1024;
-}
-
-http {
- error_log /var/log/nginx/error.log debug;
- access_log /var/log/nginx/access.log;
-
- proxy_intercept_errors on;
- proxy_send_timeout 120;
- proxy_read_timeout 300;
-
- upstream nexus {
- server nexus:8081;
- }
-
- upstream registry {
- server nexus:8082;
- }
-
-# http simulations
- server {
- listen 80;
- listen 443 ssl;
- server_name _;
- ssl_certificate /etc/nginx/certs/nexus_server.crt;
- ssl_certificate_key /etc/nginx/certs/nexus_server.key;
-
- keepalive_timeout 5 5;
-
- location / {
- root /srv/http/$host;
- index index.html;
- }
- }
-
-# nexus simulations
- server {
- listen 80;
- listen 443 ssl;
- server_name nexus.student12 gcr.io registry-1.docker.io docker.io registry.npmjs.org nexus3.onap.org docker.elastic.co registry.hub.docker.com;
- ssl_certificate /etc/nginx/certs/nexus_server.crt;
- ssl_certificate_key /etc/nginx/certs/nexus_server.key;
-
- keepalive_timeout 5 5;
- proxy_buffering off;
-
- # allow large uploads
- client_max_body_size 3G;
-
- location /maven2 {
- rewrite /maven2/(.*) /repository/maven2/$1 break;
- # redirect to docker registry
- proxy_pass http://nexus;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- location / {
- # redirect to docker registry
- if ($http_user_agent ~ docker ) {
- proxy_pass http://registry;
- }
- proxy_pass http://nexus;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- }
-
-# git simulations
- server {
- listen 80;
- listen 443 ssl;
- server_name gerrit.onap.org git.rancher.io github.com;
- ssl_certificate /etc/nginx/certs/nexus_server.crt;
- ssl_certificate_key /etc/nginx/certs/nexus_server.key;
-
- keepalive_timeout 5 5;
- proxy_buffering off;
-
- location / {
- try_files $uri $uri/ @git;
- }
-
- location @git {
-
- # Set chunks to unlimited, as the body's can be huge
- client_max_body_size 0;
-
- fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
- fastcgi_param QUERY_STRING $args;
- fastcgi_param HTTP_HOST $server_name;
- fastcgi_param PATH_INFO $uri;
-
- include fastcgi_params;
-
- fastcgi_param GIT_HTTP_EXPORT_ALL "";
- fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/;
-
- # Forward REMOTE_USER as we want to know when we are authenticated
- fastcgi_param REMOTE_USER $remote_user;
-
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
- }
-}
diff --git a/cfg/v3.ext b/cfg/v3.ext
deleted file mode 100644
index b4a6e433..00000000
--- a/cfg/v3.ext
+++ /dev/null
@@ -1,24 +0,0 @@
-authorityKeyIdentifier=keyid,issuer
-basicConstraints=CA:FALSE
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = nexus.student12
-DNS.2 = gcr.io
-DNS.3 = git.rancher.io
-DNS.4 = gerrit.onap.org
-DNS.5 = registry-1.docker.io
-DNS.6 = docker.io
-DNS.7 = registry.npmjs.org
-DNS.8 = nexus3.onap.org
-DNS.9 = nexus.onap.org
-DNS.10 = docker.elastic.co
-DNS.11 = www.getcloudify.org
-DNS.12 = registry.hub.docker.com
-DNS.13 = github.com
-DNS.14 = repo.maven.apache.org
-DNS.15 = www.springframework.org
-DNS.16 = repo1.maven.org
-DNS.17 = git.onap.org
-