From 4b4373d6e961c3fe9aafa4ca072f7db69811ea93 Mon Sep 17 00:00:00 2001
From: Jerry Flood <jflood@att.com>
Date: Tue, 30 Apr 2019 15:30:04 -0400
Subject: Update CMSO OOM to use HTTPS and AAF

Fixes OPTFRA-484 and OPTFRA-390

Issue-ID: OPTFRA-391

Change-Id: I2b65743e38464aac8dbc8cf81419e9ce36769b7d
Signed-off-by: Jerry Flood <jflood@att.com>
---
 .../resources/certs/AAFUserRoles.properties        |   1 +
 .../resources/certs/org.onap.oof.cred.props        |  22 +++++++++
 .../oof-cmso/resources/certs/org.onap.oof.jks      | Bin 0 -> 3711 bytes
 .../oof-cmso/resources/certs/org.onap.oof.keyfile  |  27 ++++++++++
 .../resources/certs/org.onap.oof.location.props    |  20 ++++++++
 .../oof-cmso/resources/certs/org.onap.oof.props    |  26 ++++++++++
 .../oof-cmso/resources/certs/truststoreONAPall.jks | Bin 0 -> 117990 bytes
 .../oof-cmso/resources/log/filebeat/filebeat.yml   |  55 +++++++++++++++++++++
 8 files changed, 151 insertions(+)
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks
 create mode 100644 kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml

(limited to 'kubernetes/oof/charts/oof-cmso/resources')

diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties b/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties
new file mode 100644
index 0000000000..e7fc221a20
--- /dev/null
+++ b/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties
@@ -0,0 +1 @@
+/**=org.onap.oof.access|*|get  ALL
\ No newline at end of file
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props
new file mode 100644
index 0000000000..b56c500ffd
--- /dev/null
+++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props
@@ -0,0 +1,22 @@
+ # -------------------------------------------------------------------------
+ #   Copyright (c) 2019 AT&T Intellectual Property
+ #
+ #   Licensed under the Apache License, Version 2.0 (the "License");
+ #   you may not use this file except in compliance with the License.
+ #   You may obtain a copy of the License at
+ #
+ #       http://www.apache.org/licenses/LICENSE-2.0
+ #
+ #   Unless required by applicable law or agreed to in writing, software
+ #   distributed under the License is distributed on an "AS IS" BASIS,
+ #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ #   See the License for the specific language governing permissions and
+ #   limitations under the License.
+ #
+ # -------------------------------------------------------------------------
+ #
+
+aaf_id=oof@oof.onap.org
+aaf_password=demo123456!
+cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile
+cadi_truststore=/share/etc/certs//truststoreONAPall.jks
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks
new file mode 100644
index 0000000000..535abaa92b
Binary files /dev/null and b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks differ
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
new file mode 100644
index 0000000000..f85a567981
--- /dev/null
+++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
@@ -0,0 +1,27 @@
+liD-IR8Y1MHqPDTUqq3AaTtqnWn5jCpfIRBlyi6xY4A0fbQz8ZPlTZPHkshRt0dHdST3R7TIvTyQ
+JpTCeBNBu2df3vBbUzsN0rIpPG9TGjzmE7cRu4V4kfefSqsIj-S7OTAaWaWpwGWJYLLCB2sQALkS
+f68VWdupUEw3g9jqCU1QzjKOnLGvhlp6Qrc1xG4Z5Ar8WERw-C3DqTWUKANoEvjWkvH2rAywzj93
+pmspvd5fQfH1rp1ACNvnPrRb_oYNfwPrNpE7Sb4LvM1muoiKMDF64IDO0TkxhjHZ9wpJgVsnowby
+qmokqf39dMRRk3S1IEpOiBGyLS_885JDj_XJKYRQsjvkTzjpFJ7wE2-HDZEVWCITvtS9-Xorm5TI
+3iU4rjMDew5fkBnjoKuSOS7Lksva4ouZOCiUkDos1jAJ5XMDEQm4BcPHtcW6PpC602-qRcgnNjjP
+wOPdF7hCm27ZTai3lAtNGByR7oBr9r5Uma-soORFvg8drV8Rgh0lax-poFVhoEH7RhKPIzYpSco9
+jnpURzi_epTjAhjjup-erTv2GAIllKsSEHZLbfsFWlNUZTOx58PSB0jBN5m_8HxTyNm0zsm0Cb7U
+KsjPduQ5ZblsfRIJwqpOBXoof7WerKReMZSOdgjZUNueiuEImVH9_SYOdKZhkluSi4yfEtme7CCP
+kZ2JhdiT5km3SeonalhU2MUsx60krxyQ1mnjI4jS9QagUME4mujdvM_L7mtjcPZVSfXUn49whakE
+J-NQV6q2iZgN2IxsT_uCnlZYwnE5i-IbQkQAEu13m6ETsMmf0cwPnKaSwRhb8G48EkJhTL-GP9Z0
+-EsIKT7lQt7kfX-mmNoEirTg9gQAaN3uxLmdHvXpeJdlETnnaLYYJJ3h-SL0e_5Yz2SpdsEwZ3Bk
+PtR-QvlYKDhG1nhPOna65ctCzn81PZOUP3lsO6MSTOK6D6Taxfh1TYEBAvzCP0BfFBodw4lSglFP
+I5IfdiJmomTGARa36nC_O5YzH_jBWLQrgd2gxI5H5bB-5zqzu79SGX9o2_LRVY_LVV0BmI3xSYOI
+vziYYC1XyTY6blfdiOM5a5KjraErxSTEFZVFrsx4OQ_dLA0woVtixawrIy1rgfQr49U1oIRe8BgN
+j3eis_UQAbPbmdbEe1qtXnvi6T7trHskzt6K-vTgo5ITJkr-F2Sds_QgNdaFBGuES6X5RwRGlbHT
+Tl_M8Ja_1K-RMNKJRssoRTKstpwnrhk9IcoSwYcLykbDLgeC0mhSMHOOuWv1RGRaZdzObc5YA1eB
+idQmzy5xAHzNxPHHrB-fpjFJRYv_QZY9qZcGvP58d6bHO0upxbj-BBt9zfc7Qt0JLU6EAdYbW5TI
+2v4JImikrx6KvtoK8vcjJMTDAanTVB31J65tat0rq9wYKxUdjBJLzkT3psYs_DRtYQc0i02YTD7t
+dWya0-3p1Yrt0em3XGb8JAh2PA3BsQKmvKAOc054wf_B8n8saxSFw1WQL30vU5c4-Z_p53HfaUYd
+Qg7DZskzgwBRy48sLJNCrn81RtxXfQP1XtPEZs-AAlTUslHoUdoQ1cwrYEgkNT1cjk6sLI_oKSK-
+dDICBnlYLrZRBS3sH8K38WaIh1WRY6vbGVDs1tUectUpng_-Khavd0Crw7D_CE6T7Rnfcn0pnTV-
+HW1PIXejFsONQn-2c3a9HZ-v6Hg4JL6UWm-qgBPC5118ymO0LfmrviAFAC6Wt3WFiNzrvx9Jggus
+lE0qvLVfkQVZXAy-hSPHlYZmtxk5voVsf60qPoDN2-NdpWz62M9PrXd_A03YGxzt0G6J4VXExRES
+xqLeGNGB496AfX_vEub97sR8xcbbUXsyt12uVnygifGyND60coikaKrMktv2OLOLEl8AudLp0ZNA
+oOoYJZqfUnQqaLt0dNmNa5OtzYjf7f6bYX0V8XLTHlFqZ6QzqYGFMPNhDYjqtet6d--Q8t7_5S5C
+RfXP8Wh8CjbEh2_rsr9rvy1nhM_Cptxc0BFXcS5Dt_R4vjd2G4B_LEC4Hy1s_rZThzUVxRCl
\ No newline at end of file
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props
new file mode 100644
index 0000000000..7e154c4665
--- /dev/null
+++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props
@@ -0,0 +1,20 @@
+ # -------------------------------------------------------------------------
+ #   Copyright (c) 2019 AT&T Intellectual Property
+ #
+ #   Licensed under the Apache License, Version 2.0 (the "License");
+ #   you may not use this file except in compliance with the License.
+ #   You may obtain a copy of the License at
+ #
+ #       http://www.apache.org/licenses/LICENSE-2.0
+ #
+ #   Unless required by applicable law or agreed to in writing, software
+ #   distributed under the License is distributed on an "AS IS" BASIS,
+ #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ #   See the License for the specific language governing permissions and
+ #   limitations under the License.
+ #
+ # -------------------------------------------------------------------------
+ #
+
+cadi_latitude=0.00
+cadi_longitude=0.00
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props
new file mode 100644
index 0000000000..c96e7f7b04
--- /dev/null
+++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props
@@ -0,0 +1,26 @@
+ # -------------------------------------------------------------------------
+ #   Copyright (c) 2019 AT&T Intellectual Property
+ #
+ #   Licensed under the Apache License, Version 2.0 (the "License");
+ #   you may not use this file except in compliance with the License.
+ #   You may obtain a copy of the License at
+ #
+ #       http://www.apache.org/licenses/LICENSE-2.0
+ #
+ #   Unless required by applicable law or agreed to in writing, software
+ #   distributed under the License is distributed on an "AS IS" BASIS,
+ #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ #   See the License for the specific language governing permissions and
+ #   limitations under the License.
+ #
+ # -------------------------------------------------------------------------
+ #
+
+aaf_id=oof@oof.onap.org
+aaf_locate_url=https://aaf-locate:8095
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
+cadi_etc_dir=/share/etc/certs/
+cadi_latitude=0.00
+cadi_longitude=0.00
+cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props
+cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks
new file mode 100644
index 0000000000..ff844b109d
Binary files /dev/null and b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks differ
diff --git a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml b/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml
new file mode 100644
index 0000000000..50586783e9
--- /dev/null
+++ b/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml
@@ -0,0 +1,55 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+  paths:
+    - /var/log/onap/*/*/*/*.log
+    - /var/log/onap/*/*/*.log
+    - /var/log/onap/*/*.log
+  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+  ignore_older: 48h
+  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+  clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+  #List of logstash server ip addresses with port number.
+  #But, in our case, this will be the loadbalancer IP address.
+  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+  hosts: ["{{.Values.config.log.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.log.logstashPort}}"]
+  #If enable will do load balancing among availabe Logstash, automatically.
+  loadbalance: true
+
+  #The list of root certificates for server verifications.
+  #If certificate_authorities is empty or not set, the trusted
+  #certificate authorities of the host system are used.
+  #ssl.certificate_authorities: $ssl.certificate_authorities
+
+  #The path to the certificate for SSL client authentication. If the certificate is not specified,
+  #client authentication is not available.
+  #ssl.certificate: $ssl.certificate
+
+  #The client certificate key used for client authentication.
+  #ssl.key: $ssl.key
+
+  #The passphrase used to decrypt an encrypted key stored in the configured key file
+  #ssl.key_passphrase: $ssl.key_passphrase
-- 
cgit 1.2.3-korg