diff options
Diffstat (limited to 'config/pe')
-rw-r--r-- | config/pe/base.conf | 20 | ||||
-rwxr-xr-x | config/pe/brmsgw-tweaks.sh | 2 | ||||
-rw-r--r-- | config/pe/brmsgw.conf | 43 | ||||
-rw-r--r-- | config/pe/console.conf | 135 | ||||
-rw-r--r-- | config/pe/mysql.conf | 5 | ||||
-rwxr-xr-x | config/pe/pap-tweaks.sh | 15 | ||||
-rw-r--r-- | config/pe/pap.conf | 55 | ||||
-rw-r--r-- | config/pe/paplp.conf | 12 | ||||
-rwxr-xr-x | config/pe/pdp-tweaks.sh | 2 | ||||
-rw-r--r-- | config/pe/pdp.conf | 36 | ||||
-rw-r--r-- | config/pe/pdplp.conf | 12 | ||||
-rw-r--r-- | config/pe/push-policies.sh | 75 | ||||
-rwxr-xr-x | config/pe/pypdp-tweaks.sh | 3 | ||||
-rw-r--r-- | config/pe/pypdp.conf | 25 |
14 files changed, 440 insertions, 0 deletions
diff --git a/config/pe/base.conf b/config/pe/base.conf new file mode 100644 index 00000000..e798a40d --- /dev/null +++ b/config/pe/base.conf @@ -0,0 +1,20 @@ +JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 +POLICY_HOME=/opt/app/policy +KEYSTORE_PASSWD=PolicyR0ck$ + +JDBC_DRIVER=org.mariadb.jdbc.Driver +JDBC_URL=jdbc:mariadb://mariadb:3306/ecomp_sdk +JDBC_LOG_URL=jdbc:mariadb://mariadb:3306/log +JDBC_USER=policy_user +JDBC_PASSWORD=policy_user + +site_name=site_1 +fp_monitor_interval=30 +failed_counter_threshold=3 +test_trans_interval=20 +write_fpc_interval=5 +max_fpc_update_interval=60 +test_via_jmx=false +jmx_fqdn= + +ENVIRONMENT=TEST diff --git a/config/pe/brmsgw-tweaks.sh b/config/pe/brmsgw-tweaks.sh new file mode 100755 index 00000000..f6825363 --- /dev/null +++ b/config/pe/brmsgw-tweaks.sh @@ -0,0 +1,2 @@ +#! /bin/bash + diff --git a/config/pe/brmsgw.conf b/config/pe/brmsgw.conf new file mode 100644 index 00000000..da2cd0a4 --- /dev/null +++ b/config/pe/brmsgw.conf @@ -0,0 +1,43 @@ +# BRMSpep component installation configuration parameters +BRMSGW_JMX_PORT=9989 + +COMPONENT_X_MX_MB=1024 +COMPONENT_X_MS_MB=1024 + +REST_PAP_URL=http://pap:9091/pap/ +REST_PDP_ID=http://pdp:8081/pdp/ + +PDP_HTTP_USER_ID=testpdp +PDP_HTTP_PASSWORD=alpha123 +PDP_PAP_PDP_HTTP_USER_ID=testpap +PDP_PAP_PDP_HTTP_PASSWORD=alpha123 + +M2_HOME=/usr/share/maven +snapshotRepositoryID=policy-nexus-snapshots +snapshotRepositoryName=Snapshots +snapshotRepositoryURL=http://nexus:8081/nexus/content/repositories/snapshots +releaseRepositoryID=policy-nexus-releases +releaseRepositoryName=Releases +releaseRepositoryURL=http://nexus:8081/nexus/content/repositories/releases +repositoryUsername=admin +repositoryPassword=admin123 +UEB_URL=vm1.mr.simpledemo.openecomp.org +UEB_TOPIC=PDPD-CONFIGURATION +UEB_API_KEY= +UEB_API_SECRET= + +groupID=org.openecomp.policy-engine +artifactID=drlPDPGroup +VFW_GROUP_ID=org.openecomp.policy-engine.drools.vFW +VFW_ARTIFACT_ID=policy-vFW-rules +VDNS_GROUP_ID=org.openecomp.policy-engine.drools.vDNS +VDNS_ARTIFACT_ID=policy-vDNS-rules + + +# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase +resource_name=brmsgw_1 +node_type=brms_gateway + +CLIENT_ID=PyPDPServer +CLIENT_KEY=test +ENVIRONMENT=TEST diff --git a/config/pe/console.conf b/config/pe/console.conf new file mode 100644 index 00000000..6606addb --- /dev/null +++ b/config/pe/console.conf @@ -0,0 +1,135 @@ +# configs component installation configuration parameters + +# tomcat specific parameters + +TOMCAT_JMX_PORT=9993 +TOMCAT_SHUTDOWN_PORT=8090 +SSL_HTTP_CONNECTOR_PORT=8443 +SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443 +SSL_AJP_CONNECTOR_PORT=8383 +SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 + +TOMCAT_X_MS_MB=2048 +TOMCAT_X_MX_MB=2048 + +# ------------------ console properties --------------------------- + +# +# Authorization Policy + +ROOT_POLICIES=admin +ADMIN_FILE=Policy-Admin.xml + + +# Set your domain here: + +REST_ADMIN_DOMAIN=com + +# +# Location where the GIT repository is located +# +REST_ADMIN_REPOSITORY=repository + +# +# Location where all the user workspaces are located. +# +REST_ADMIN_WORKSPACE=${{POLICY_HOME}}/servers/console/bin/workspace + +# +# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE +# container and setup authentication as you please. Setting HttpSession attribute values will override these +# values set in the properties files. +# +# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); +# +# The default policy: Policy-Admin.xml is extremely simple. +# +# You can test authorization within the Admin Console by changing the user id. +# There are 3 supported user ids: +# guest - Read only access +# editor - Read/Write access +# admin - Read/Write/Admin access +# +# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all. +# +# This is for development/demonstration purposes only. A production environment should provide authentication which is +# outside the scope of this application. This application can be used to develop a XACML policy for user authorization +# within this application. +# + +REST_ADMIN_USER_NAME=Administrator +REST_ADMIN_USER_ID=super-admin + +# +# +# Property to declare the max time frame for logs. +# +LOG_TIMEFRAME=30 + +# Property to declare the number of visible rows for users in MicroService Policy +COLUMN_COUNT=3 + +# Dashboard refresh rate in miliseconds +REFRESH_RATE=40000 + +# +# URL location for the PAP servlet. +# + + +REST_PAP_URL=http://pap:9091/pap/ + +# +# Config/Action Properties location. +# + +REST_CONFIG_HOME=${{POLICY_HOME}}/servers/pap/webapps/Config/ +REST_ACTION_HOME=${{POLICY_HOME}}/servers/pap/webapps/Action/ +REST_CONFIG_URL=http://pap:9091/ +REST_CONFIG_WEBAPPS=${{POLICY_HOME}}/servers/pap/webapps/ + +# PAP account information +CONSOLE_PAP_HTTP_USER_ID=testpap +CONSOLE_PAP_HTTP_PASSWORD=alpha123 + + +node_type=pap_admin +resource_name=console_1 + +# The (optional) period of time in seconds between executions of the integrity audit. +# Value < 0 : Audit does not run (default value if property is not present = -1) +# Value = 0 : Audit runs continuously +# Value > 0 : The period of time in seconds between execution of the audit on a particular node +integrity_audit_period_seconds=-1 + +#Automatic Policy Distribution +automatic_push=false + +#Diff of policies for Firewall feature +FW_GETURL= +FW_AUTHOURL= +FW_PROXY= +FW_PORT= + +#SMTP Server Details for Java Mail +ecomp_smtp_host= +ecomp_smtp_port=25 +ecomp_smtp_userName= +ecomp_smtp_password= +ecomp_application_name= + +#-----------------------ECOMP-PORTAL-Properties---------------------- + +ECOMP_REDIRECT_URL=http://portal.api.simpledemo.openecomp.org:8989/ECOMPPORTAL/login.htm +ECOMP_REST_URL= +ECOMP_UEB_URL_LIST= +ECOMP_PORTAL_INBOX_NAME= +ECOMP_UEB_APP_KEY= +ECOMP_UEB_APP_SECRET= +ECOMP_UEB_APP_MAILBOX_NAME= +APP_DISPLAY_NAME=OpenECOMP Policy +ECOMP_SHARED_CONTEXT_REST_URL=http://portal.api.simpledemo.openecomp.org:8989/ECOMPPORTAL/context + +#Add the Rest PAP url and pap auth password on adding delimiter @Auth@ + +REST_PAPURL_WITH_AUTH_PASSWORD=http://policy.api.simpledemo.openecomp.org:9091/pap/@Auth@dGVzdHBhcDphbHBoYTEyMw== diff --git a/config/pe/mysql.conf b/config/pe/mysql.conf new file mode 100644 index 00000000..28b9e3ca --- /dev/null +++ b/config/pe/mysql.conf @@ -0,0 +1,5 @@ +# mysql scripts component installation configuration parameters + +# Path to mysql bin +MYSQL_BIN=/usr/local/mysql/bin + diff --git a/config/pe/pap-tweaks.sh b/config/pe/pap-tweaks.sh new file mode 100755 index 00000000..be8a905a --- /dev/null +++ b/config/pe/pap-tweaks.sh @@ -0,0 +1,15 @@ +#! /bin/bash + +# config directory may contain an ip_addr.txt file that specifies +# the VM IP address. Substitute this value in the URL in the +# config.json file, overriding the hostname that came from the +# REST_PAPURL_WITH_AUTH_PASSWORD property in console.conf. This is +# to avoid hardcoding an IP address in console.conf that can change +# from one VM instance to the next. + +if [[ -f config/ip_addr.txt ]]; then + vm_ip=$(<config/ip_addr.txt) + echo "Substituting VM IP address $vm_ip in console config.json file" + sed -i -e "s@http:.*:@http://$vm_ip:@" \ + $POLICY_HOME/servers/console/webapps/ecomp/app/policyApp/Properties/config.json +fi diff --git a/config/pe/pap.conf b/config/pe/pap.conf new file mode 100644 index 00000000..084f127f --- /dev/null +++ b/config/pe/pap.conf @@ -0,0 +1,55 @@ +# pap component installation configuration parameters + +# tomcat specific parameters + +TOMCAT_JMX_PORT=9990 +TOMCAT_SHUTDOWN_PORT=9405 +SSL_HTTP_CONNECTOR_PORT=9091 +SSL_AJP_CONNECTOR_PORT=8380 +SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 + +TOMCAT_X_MS_MB=1024 +TOMCAT_X_MX_MB=1024 + +# pap properties + +PAP_PDPS=${{POLICY_HOME}}/servers/pap/bin/pdps +PAP_URL=http://pap:9091/pap/ + +PAP_INITIATE_PDP=true +PAP_HEARTBEAT_INTERVAL=10000 +PAP_HEARTBEAT_TIMEOUT=10000 + +REST_ADMIN_DOMAIN=com +REST_ADMIN_REPOSITORY=repository +REST_ADMIN_WORKSPACE=workspace + +# PDP related properties + +PAP_PDP_URL=http://pdp:8081/pdp/ +PAP_PDP_HTTP_USER_ID=testpdp +PAP_PDP_HTTP_PASSWORD=alpha123 + +PAP_HTTP_USER_ID=testpap +PAP_HTTP_PASSWORD=alpha123 + +#new values added 10-21-2015 +PROP_PAP_TRANS_WAIT=500000 +PROP_PAP_TRANS_TIMEOUT=5000 +PROP_PAP_AUDIT_TIMEOUT=300000 +PROP_PAP_RUN_AUDIT_FLAG=true +PROP_PAP_AUDIT_FLAG=true + +PROP_PAP_INCOMINGNOTIFICATION_TRIES=4 + + +node_type=pap +resource_name=pap_1 +dependency_groups=paplp_1 +test_via_jmx=true + +# The (optional) period of time in seconds between executions of the integrity audit. +# Value < 0 : Audit does not run (default value if property is not present = -1) +# Value = 0 : Audit runs continuously +# Value > 0 : The period of time in seconds between execution of the audit on a particular node +integrity_audit_period_seconds=-1 diff --git a/config/pe/paplp.conf b/config/pe/paplp.conf new file mode 100644 index 00000000..9fdd643b --- /dev/null +++ b/config/pe/paplp.conf @@ -0,0 +1,12 @@ +# JVM specific parameters +LOGPARSER_JMX_PORT=9996 +LOGPARSER_X_MS_MB=1024 +LOGPARSER_X_MX_MB=1024 + +SERVER=http://pap:9091/pap/ +LOGPATH=${{POLICY_HOME}}/servers/pap/logs/pap-rest.log +PARSERLOGPATH=IntegrityMonitor.log + +node_type=logparser +# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase +resource_name=paplp_1 diff --git a/config/pe/pdp-tweaks.sh b/config/pe/pdp-tweaks.sh new file mode 100755 index 00000000..f6825363 --- /dev/null +++ b/config/pe/pdp-tweaks.sh @@ -0,0 +1,2 @@ +#! /bin/bash + diff --git a/config/pe/pdp.conf b/config/pe/pdp.conf new file mode 100644 index 00000000..363fdcb3 --- /dev/null +++ b/config/pe/pdp.conf @@ -0,0 +1,36 @@ +# pdp component installation configuration parameters + +# tomcat specific parameters + +TOMCAT_JMX_PORT=9991 +TOMCAT_SHUTDOWN_PORT=8087 +SSL_HTTP_CONNECTOR_PORT=8081 +SSL_AJP_CONNECTOR_PORT=8381 +SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 + +TOMCAT_X_MS_MB=1024 +TOMCAT_X_MX_MB=1024 + +# pdp properties + +UEB_CLUSTER=vm1.mr.simpledemo.openecomp.org + +REST_PAP_URL=http://pap:9091/pap/ +REST_PDP_ID=http://pdp:8081/pdp/ +REST_PDP_CONFIG=${{POLICY_HOME}}/servers/pdp/bin/config +REST_PDP_WEBAPPS=${{POLICY_HOME}}/servers/pdp/webapps +REST_PDP_REGISTER=true +REST_PDP_REGISTER_SLEEP=15 +REST_PDP_REGISTER_RETRIES=-1 +REST_PDP_MAXCONTENT=999999999 + +# PDP related properties +PDP_HTTP_USER_ID=testpdp +PDP_HTTP_PASSWORD=alpha123 +PDP_PAP_PDP_HTTP_USER_ID=testpap +PDP_PAP_PDP_HTTP_PASSWORD=alpha123 + +node_type=pdp_xacml +resource_name=pdp_1 +dependency_groups=pdplp_1;pypdp_1;brmsgw_1 +test_via_jmx=true diff --git a/config/pe/pdplp.conf b/config/pe/pdplp.conf new file mode 100644 index 00000000..789d2b01 --- /dev/null +++ b/config/pe/pdplp.conf @@ -0,0 +1,12 @@ +# JVM specific parameters +LOGPARSER_JMX_PORT=9997 +LOGPARSER_X_MS_MB=1024 +LOGPARSER_X_MX_MB=1024 + +SERVER=http://pdp:8081/pdp/ +LOGPATH=${{POLICY_HOME}}/servers/pdp/logs/pdp-rest.log +PARSERLOGPATH=IntegrityMonitor.log + +node_type=logparser +# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase +resource_name=pdplp_1 diff --git a/config/pe/push-policies.sh b/config/pe/push-policies.sh new file mode 100644 index 00000000..957156ed --- /dev/null +++ b/config/pe/push-policies.sh @@ -0,0 +1,75 @@ +#! /bin/bash + + +echo "Pushing default policies" + +# Sometimes brmsgw gets an error when trying to retrieve the policies on initial push, +# so for the BRMS policies we will do a push, then delete from the pdp group, then push again. +# Second push should be successful. + +curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "vFirewall", + "policyScope": "com", + "policyType": "MicroService" +}' 'http://pypdp:8480/PyPDPServer/pushPolicy' + +sleep 2 + +curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "vLoadBalancer", + "policyScope": "com", + "policyType": "MicroService" +}' 'http://pypdp:8480/PyPDPServer/pushPolicy' + +sleep 2 +curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "BRMSParamvLBDemoPolicy", + "policyScope": "com", + "policyType": "BRMS_Param" +}' 'http://pypdp:8480/PyPDPServer/pushPolicy' + +sleep 2 + +curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "BRMSParamvFWDemoPolicy", + "policyScope": "com", + "policyType": "BRMS_Param" +}' 'http://pypdp:8480/PyPDPServer/pushPolicy' + +sleep 2 + +curl -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ +"pdpGroup": "default", +"policyComponent": "PDP", +"policyName": "com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml" +}' 'http://pypdp:8480/PyPDPServer/deletePolicy' + + + +curl -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ +"pdpGroup": "default", +"policyComponent": "PDP", +"policyName": "com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml" +}' 'http://pypdp:8480/PyPDPServer/deletePolicy' + +sleep 2 +curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "BRMSParamvLBDemoPolicy", + "policyScope": "com", + "policyType": "BRMS_Param" +}' 'http://pypdp:8480/PyPDPServer/pushPolicy' + +sleep 2 + +curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "BRMSParamvFWDemoPolicy", + "policyScope": "com", + "policyType": "BRMS_Param" +}' 'http://pypdp:8480/PyPDPServer/pushPolicy' + diff --git a/config/pe/pypdp-tweaks.sh b/config/pe/pypdp-tweaks.sh new file mode 100755 index 00000000..5d899bd1 --- /dev/null +++ b/config/pe/pypdp-tweaks.sh @@ -0,0 +1,3 @@ +#! /bin/bash + + diff --git a/config/pe/pypdp.conf b/config/pe/pypdp.conf new file mode 100644 index 00000000..4a792b47 --- /dev/null +++ b/config/pe/pypdp.conf @@ -0,0 +1,25 @@ +# pypdp component installation configuration parameters + +# tomcat specific parameters + +TOMCAT_JMX_PORT=9994 +TOMCAT_SHUTDOWN_PORT=8405 +SSL_HTTP_CONNECTOR_PORT=8480 +SSL_AJP_CONNECTOR_PORT=8384 +SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 + +TOMCAT_X_MS_MB=1024 +TOMCAT_X_MX_MB=1024 + +# pypdp parameters + +PDP_URL=http://pdp:8081/pdp/,testpdp,alpha123 +PAP_URL=http://pap:9091/pap/,testpap,alpha123 +PYPDP_ID=testrest +PYPDP_PASSWORD=3c0mpU#h01@N1c3 + +node_type=pypdp +# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase +resource_name=pypdp_1 + +CLIENT_FILE=client.properties |