summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2023-09-26 14:22:31 +0100
committerMichael Morris <michael.morris@est.tech>2023-10-26 21:20:29 +0000
commitc6d49ae4af0b13bd0f75a878ffa88487ef38afc2 (patch)
tree0a8d7f09cc61cd8cc60b7b01e7d6de1aa0d85722
parent233b5829eb139648bd8c8dee64f0815f28c1501f (diff)
Implement truststore & keystore handling for cassandra
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Ib8f21142f7f760f5a8787971dbd0bb7e023e22d1 Issue-ID: SDC-4637
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb2
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb6
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb7
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb2
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java4
-rw-r--r--sdc-os-chef/environments/Template.json6
6 files changed, 18 insertions, 9 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index 3f7a041a4c..787a764262 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -46,7 +46,6 @@ default['Pair_EnvName'] = ""
#| Portal |
#| |
#+----------------------------------+
-
default['ECompP']['cipher_key'] = "AGLDdG4D04BKm2IxIWEr8o=="
default['ECompP']['portal_user'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA="
default['ECompP']['portal_pass'] = "j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI="
@@ -58,7 +57,6 @@ default['ECompP']['portal_app_name'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3e
#| DMAAP Consumer |
#| |
#+----------------------------------+
-
default['DMAAP']['active'] = false
default['DMAAP']['consumer']['aftEnvironment'] = "AFTUAT"
default['DMAAP']['consumer']['consumerGroup'] = "ccd_onap"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
index a1d0df5037..d2ec242f05 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
@@ -30,7 +30,10 @@ template "janusgraph.properties" do
:DC_NAME => node['cassandra']['datacenter_name'],
:DC_NAME_WITH_REP => janusgraph_dcname_with_rep,
:janus_connection_timeout => node['cassandra']['janusgraph_connection_timeout'],
- :cassandra_truststore_password => node['cassandra'][:truststore_password],
+ :cassandra_keystore_path => node['cassandra'][:cassandra_keystore_path],
+ :cassandra_keystore_password => node['cassandra'][:cassandra_keystore_password],
+ :cassandra_truststore_path => node['cassandra'][:cassandra_truststore_path],
+ :cassandra_truststore_password => node['cassandra'][:cassandra_truststore_password],
:cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}",
:cassandra_read_consistency_level => node['cassandra'][:read_consistency_level],
:cassandra_write_consistency_level => node['cassandra'][:write_consistency_level],
@@ -62,7 +65,6 @@ template "catalog-be-config" do
:socket_read_timeout => node['cassandra']['socket_read_timeout'],
:cassandra_pwd => node['cassandra'][:cassandra_password],
:cassandra_usr => node['cassandra'][:cassandra_user],
- :cassandra_truststore_password => node['cassandra'][:truststore_password],
:cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}",
:permittedAncestors => "#{ENV['permittedAncestors']}",
:dmaap_active => node['DMAAP']['active']
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index ada01a96e5..3f5ec422ad 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -102,6 +102,10 @@ cassandraConfig:
username: <%= @cassandra_usr %>
password: <%= @cassandra_pwd %>
ssl: <%= @cassandra_ssl_enabled %>
+ keystorePath: <%= @cassandra_keystore_password %>
+ keystorePassword: <%= @cassandra_ssl_enabled %>
+ truststorePath: <%= @cassandra_truststore_path %>
+ truststorePassword: <%= @cassandra_truststore_password %>
keySpaces:
- { name: dox, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
- { name: sdcaudit, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
@@ -109,7 +113,6 @@ cassandraConfig:
- { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
- { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
-
licenseTypes:
- User
- Installation
@@ -909,7 +912,6 @@ serviceApiArtifacts:
displayName: Testing
type: OTHER
-
additionalInformationMaxNumberOfKeys: 50
systemMonitoring:
@@ -1164,7 +1166,6 @@ dmaapProducerConfiguration:
aftDme2SslEnable: true
aftDme2ClientSslCertAlias: certman
-
# ToDo: AF - had to remove due to configuration laod class failure
#dmeConfiguration:
# lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
index c8130ddd4a..4c894b4106 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
@@ -7,6 +7,8 @@ storage.connection-timeout=<%= @janus_connection_timeout %>
storage.cql.keyspace=sdctitan
storage.cql.ssl.enabled=<%= @cassandra_ssl_enabled %>
+storage.cql.ssl.keystore.location=<%= @cassandra_keystore_path %>
+storage.cql.ssl.keystore.password=<%= @cassandra_keystore_password %>
storage.cql.ssl.truststore.location=<%= @cassandra_truststore_path %>
storage.cql.ssl.truststore.password=<%= @cassandra_truststore_password %>
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
index 3222c267df..d33a80d8f7 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
@@ -221,12 +221,14 @@ public class Configuration extends BasicConfiguration {
private String username;
private String password;
private boolean ssl;
+ private String keystorePath;
+ private String keystorePassword;
private String truststorePath;
private String truststorePassword;
private int maxWaitSeconds = 120;
public Integer getCassandraPort() {
- return cassandraPort != null ? cassandraPort : Configuration.CassandrConfig.CASSANDRA_DEFAULT_PORT;
+ return cassandraPort != null ? cassandraPort : CASSANDRA_DEFAULT_PORT;
}
@Getter
diff --git a/sdc-os-chef/environments/Template.json b/sdc-os-chef/environments/Template.json
index 7cd95cc3f9..369d22489d 100644
--- a/sdc-os-chef/environments/Template.json
+++ b/sdc-os-chef/environments/Template.json
@@ -91,7 +91,11 @@
"socket_read_timeout": "40000",
"socket_connect_timeout": "40000",
"janusgraph_connection_timeout": "20000",
- "replication_factor": "1"
+ "replication_factor": "1",
+ "cassandra_keystore_path": "cassandra_keystore_path",
+ "cassandra_keystore_password": "cassandra_keystore_password",
+ "cassandra_truststore_path": "cassandra_truststore_path",
+ "cassandra_truststore_password": "cassandra_truststore_password"
},
"DMAAP": {
"consumer": {