From de7a02b8315cd614e8fe277675423872d490fbb6 Mon Sep 17 00:00:00 2001 From: Dominic Lunanuova Date: Thu, 12 Mar 2020 16:36:09 +0000 Subject: Deploy dmaap-bc with downloaded certs This fixes the charts to properly install new SSL artifacts from AAF. And we use the newest container version that uses cadi library to read these artifacts. Issue-ID: DMAAP-1401 Signed-off-by: Dominic Lunanuova Change-Id: I4d70716220a7f3e629762d3bef2149e3b0147133 --- .../dmaap-bc/resources/config/dmaapbc.properties | 137 +++++++++++++++------ 1 file changed, 96 insertions(+), 41 deletions(-) (limited to 'kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties') diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index e43182daa3..59f64bd99c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -12,43 +12,47 @@ # See the License for the specific language governing permissions and # limitations under the License. -##################################################### -# -# ONAP Casablanca oom configurable deployment params: -# -##################################################### - ##################################################### # # Hooks for specific environment configurations # ##################################################### -# Indicator for whether to use AAF +# Indicator for whether to use AAF for authentication UseAAF: {{ .Values.global.aafEnabled }} -# csit: stubs out some southbound APIs for csit -csit: No +# Stub out southbound calls for Unit Test cases to run. e.g. not timeout +# Comment out in other environments to get default (No) +#UnitTest: Yes -# name of this DMaaP instance (deprecated) -#DmaapName: demo ##################################################### # # Settings for Southbound API: Datarouter # ##################################################### -# FQDN of DR Prov Server (deprecated) -#DR.provhost: dcae-drps.domain.not.set # URI to retrieve dynamic DR configuration ProvisioningURI: /internal/prov # indicator for handling feed delete: # DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) -# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments. +# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments. Feed.deleteHandling: SimulateDelete +########################################################### +# The following properties default to match ONAP DR instance. +# However, there are some non-ONAP DR instances that require other values. +# Sets the X-DR-ON-BEHALF-OF HTTP Header value +#DR.onBehalfHeader: +# Value for the Content-Type Header in DR Feed API +#DR.feedContentType: +# Value for the Content-Type Header in DR Subscription API +#DR.subContentType: +# +# END OF properties helpful for non-ONAP DR instance. +############################################################ + ##################################################### # # Settings for Soutbound API: Postgresql @@ -86,6 +90,9 @@ MR.multisite: false # In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR MR.CentralCname: {{ .Values.dmaapMessageRouterService }} +# Indicator for whether we want hostname verification on SSL connection to MR +MR.hostnameVerify: false + # MR Client Delete Level thoroughness: # 0 = don't delete # 1 = delete from persistent store @@ -104,6 +111,12 @@ MR.projectID: mr # Use Basic Authentication when provisioning topics MR.authentication: basicAuth +# MR topic name style (default is FQTN_LEGACY_FORMAT) +#MR.topicStyle: FQTN_LEGACY_FORMAT +# +# end of MR Related Properties +################################################################################ + ##################################################### # @@ -136,14 +149,20 @@ aaf.AdminPassword: {{ .Values.adminPwd }} # Identity that is owner of any created namespaces for topics aaf.NsOwnerIdentity: {{ .Values.adminUser }} -# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF -CredentialCodeKeyfile: etc/LocalKey # this overrides the Class used for Decryption. # This allows for a plugin encryption/decryption method if needed. # Call this Class for decryption at runtime. #AafDecryption.Class: com.company.proprietaryDecryptor +# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF +# Not used in ONAP, but possibly used with Decryption override class. +#CredentialCodeKeyfile: etc/LocalKey + +# +# endof AAF Properties +#################################################### + ##################################################### # @@ -172,9 +191,51 @@ MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org # pwd for Identity used to publish MM prov cmds MM.ProvUserPwd: demo123456! -# AAF Role of MirrorMaker agent subscribed to prov cmds +# AAF Role of MirrorMaker agent subscribed to prov cmds. MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent +##################################################### +# +# Certificate Management +# +##################################################### + +# Indicates how we are expecting certificates to be provided: +# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file +# legacy (default) - artifacts will be installed manually or some other way and details will be in this file +CertificateManagement: cadi + +# When CertificateManagement is cadi, then this is where all the cadi properties will be. +# Note that the cadi properties include where the cert is, and the encrypted passwords to read. +cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + +########################################################################################### +# When CertificateManagement is legacy, we need to provide more details about cert handling: +#CertificateManagement: legacy +# the type of keystore for https (for legacy CertificateManagment only) +#KeyStoreType: jks + +# path to the keystore file (for legacy CertificateManagment only) +#KeyStoreFile: etc/keystore + +# password for the https keystore (for legacy CertificateManagment only) +#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF +# password for the private key in the https keystore (for legacy CertificateManagment only) +#KeyPassword: changeit + +# type of truststore for https (for legacy CertificateManagment only) +#TrustStoreType: jks + +# path to the truststore for https (for legacy CertificateManagment only) +#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks + +# password for the https truststore (for legacy CertificateManagment only) +#TrustStorePassword: changeit +# +# END OF legacy CertificateManagement properties +########################################################################################### + + ##################################################### # # HTTP Server Configuration @@ -191,30 +252,24 @@ IntHttpPort: 8080 # set to 0 if no certificates are available. IntHttpsPort: 8443 -# external port number for https taking port mapping into account -ExtHttpsPort: 443 - -# the type of keystore for https -KeyStoreType: jks - -# path to the keystore file -KeyStoreFile: etc/keystore - -# password for the https keystore -KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# password for the private key in the https keystore -KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# type of truststore for https -TrustStoreType: jks - -# path to the truststore for https -TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks - -# password for the https truststore -TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY* - -# path to the file used to trigger an orderly shutdown -QuiesceFile: etc/SHUTDOWN inHttpsPort: 0 + +##################################################### +# +# Deprecated +# +##################################################### +# csit: stubs out some southbound APIs for csit (deprecated) +#csit: No +# name of this DMaaP instance (deprecated) +#DmaapName: demo +# external port number for https taking port mapping into account (deprecated) +#ExtHttpsPort: 443 +# path to the file used to trigger an orderly shutdown (deprecated) +#QuiesceFile: etc/SHUTDOWN +# FQDN of DR Prov Server (deprecated) +#DR.provhost: dcae-drps.domain.not.set +# root of topic namespace (decrecated) +#topicNsRoot: org.onap.dcae.dmaap -- cgit 1.2.3-korg