aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authork.kedron <k.kedron@partner.samsung.com>2019-08-21 13:31:02 +0200
committerPiotr Darosz <piotr.darosz@nokia.com>2019-08-23 10:25:22 +0000
commit7890e823b1ffc4e494fb581610aad9a82bac6b66 (patch)
tree7fde78caaa4b0f61476603de28875b59116eee59
parent8bcc864f7e79541faad5acc04d966e10fc10c398 (diff)
Fully HTTPS support in the webseal-simulator
Updated the HTTPS configuration: -Added truststore certificate. -Updated configuration to use JETTY_BASE env value instead hardcoded variable -Updated jvm configuration to support call to the SDC components using HTTPS. -Added support for the disableHttp flag. Issue-ID: SDC-2517 Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com> Change-Id: Ib7f4c7a6762c56c8031ba6734f02d388aaefd722
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jksbin0 -> 1413 bytes
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb8
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb4
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb4
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb13
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb58
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb29
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb6
-rw-r--r--utils/webseal-simulator/sdc-simulator/startup.sh2
9 files changed, 89 insertions, 35 deletions
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks
new file mode 100644
index 0000000000..342c4f2ad7
--- /dev/null
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks
Binary files differ
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
index bb67b8cdbc..c02aa7e58d 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
@@ -1,7 +1,5 @@
-jetty_base="/var/lib/jetty"
-
directory "SDC_Simulator_tempdir_creation" do
- path "#{jetty_base}/temp"
+ path "#{ENV['JETTY_BASE']}/temp"
owner 'jetty'
group 'jetty'
mode '0755'
@@ -10,7 +8,7 @@ end
directory "SDC_Simulator_create_config_dir" do
- path "#{jetty_base}/config"
+ path "#{ENV['JETTY_BASE']}/config"
owner 'jetty'
group 'jetty'
mode '0755'
@@ -19,7 +17,7 @@ end
directory "SDC_Simulator_create_sdc-simulator" do
- path "#{jetty_base}/config/sdc-simulator"
+ path "#{ENV['JETTY_BASE']}/config/sdc-simulator"
owner 'jetty'
group 'jetty'
mode '0755'
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
index 62f95a7e9e..bf859f13a3 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
@@ -1,5 +1,3 @@
-jetty_base="/var/lib/jetty"
-
if ENV['FE_URL'] && !ENV['FE_URL'].empty?
fe_url="#{ENV['FE_URL']}"
elsif node['disableHttp']
@@ -10,7 +8,7 @@ end
template "webseal.conf" do
- path "#{jetty_base}/config/sdc-simulator/webseal.conf"
+ path "#{ENV['JETTY_BASE']}/config/sdc-simulator/webseal.conf"
source "SDC-Simulator-webseal.conf.erb"
owner "jetty"
group "jetty"
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
index 7a2069ddfb..06151fe1fc 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
@@ -1,7 +1,5 @@
-jetty_base="/var/lib/jetty"
-
cookbook_file "log4j.properties" do
- path "#{jetty_base}/config/sdc-simulator/log4j.properties"
+ path "#{ENV['JETTY_BASE']}/config/sdc-simulator/log4j.properties"
source "log4j.properties"
owner "jetty"
group "jetty"
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
index 8358e28339..e0b106de72 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
@@ -1,16 +1,21 @@
-jetty_base="/var/lib/jetty"
-
directory "Jetty_etcdir_creation" do
- path "/#{jetty_base}/etc"
+ path "#{ENV['JETTY_BASE']}/etc"
owner 'jetty'
group 'jetty'
mode '0755'
action :create
end
-cookbook_file "/#{jetty_base}/etc/org.onap.sdc.trust.jks" do
+cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do
source "org.onap.sdc.trust.jks"
owner "jetty"
group "jetty"
mode 0755
end
+
+cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do
+ source "org.onap.sdc.p12"
+ owner "jetty"
+ group "jetty"
+ mode 0755
+end
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
index 4f7e710d63..71366a5148 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
@@ -1,39 +1,63 @@
-jetty_base="/var/lib/jetty"
-jetty_home="/usr/local/jetty"
+#
+# Set the http module option
+if node['disableHttp']
+ http_option = "#--module=http"
+else
+ http_option = "--module=http"
+end
+
bash "create-jetty-modules" do
-cwd "#{jetty_base}"
-code <<-EOH
- cd "#{jetty_base}"
- java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy
- java -jar "/#{jetty_home}"/start.jar --create-startd --add-to-start=http,https,console-capture,setuid
-EOH
+ cwd "#{ENV['JETTY_BASE']}"
+ code <<-EOH
+ cd "#{ENV['JETTY_BASE']}"
+ java -jar "#{ENV['JETTY_HOME']}"/start.jar --add-to-start=deploy
+ java -jar "#{ENV['JETTY_HOME']}"/start.jar --create-startd --add-to-start=http,https,console-capture,setuid
+ EOH
end
-template "ssl-ini" do
- path "/#{jetty_base}/start.d/ssl.ini"
- source "SDC-Simulator-ssl-ini.erb"
+
+template "http-ini" do
+ path "#{ENV['JETTY_BASE']}/start.d/http.ini"
+ source "SDC-Simulator-http-ini.erb"
owner "jetty"
group "jetty"
mode "0755"
variables({
- :https_port => "8443",
- :jetty_keystore_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng",
- :jetty_keymanager_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng"
+ :http_option => http_option,
+ :http_port => "8080"
})
end
+
template "https-ini" do
- path "/#{jetty_base}/start.d/https.ini"
+ path "#{ENV['JETTY_BASE']}/start.d/https.ini"
source "SDC-Simulator-https-ini.erb"
owner "jetty"
group "jetty"
mode "0755"
- variables ({
- :https_port => "8443"
+ variables({
+ :https_port => "8443"
})
end
+# TO CHANGE THE KEYSTORE/TRUSTSTORE CERT THE JVM CONFIGURATION
+# MUST BE ALSO CHANGE IN THE startup.sh FILE
+template "ssl-ini" do
+ path "#{ENV['JETTY_BASE']}/start.d/ssl.ini"
+ source "SDC-Simulator-ssl-ini.erb"
+ owner "jetty"
+ group "jetty"
+ mode "0755"
+ variables({
+ :https_port => "8443",
+ :jetty_truststore_pwd => "Y,f975ZNJfVZhV*{+Y[}pA?0",
+ :jetty_keystore_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng",
+ :jetty_keymanager_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng",
+ })
+end
+
+
bash "echo status" do
code <<-EOH
echo "DOCKER STARTED"
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb
new file mode 100644
index 0000000000..8f2669032b
--- /dev/null
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb
@@ -0,0 +1,29 @@
+# ---------------------------------------
+# Module: http
+<%= @http_option %>
+
+### HTTP Connector Configuration
+
+## Connector host/address to bind to
+# jetty.http.host=0.0.0.0
+
+## Connector port to listen on
+jetty.http.port=<%= @http_port %>
+
+## Connector idle timeout in milliseconds
+jetty.http.idleTimeout=30000
+
+## Connector socket linger time in seconds (-1 to disable)
+# jetty.http.soLingerTime=-1
+
+## Number of acceptors (-1 picks default based on number of cores)
+# jetty.http.acceptors=-1
+
+## Number of selectors (-1 picks default based on number of cores)
+# jetty.http.selectors=-1
+
+## ServerSocketChannel backlog (0 picks platform default)
+# jetty.http.acceptorQueueSize=0
+
+## Thread priority delta to give to acceptor threads
+# jetty.http.acceptorPriorityDelta=0
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
index 86848bf282..278fdea2ae 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
@@ -42,10 +42,10 @@ jetty.ssl.port=<%= @https_port %>
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## Keystore file path (relative to $jetty.base)
-# jetty.sslContext.keyStorePath=etc/keystore
+jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12
## Truststore file path (relative to $jetty.base)
-# jetty.sslContext.trustStorePath=etc/keystore
+jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks
## Keystore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
@@ -61,7 +61,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
## Truststore password
# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
-#jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
+jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
diff --git a/utils/webseal-simulator/sdc-simulator/startup.sh b/utils/webseal-simulator/sdc-simulator/startup.sh
index 075c2cefab..cc7d9f9e09 100644
--- a/utils/webseal-simulator/sdc-simulator/startup.sh
+++ b/utils/webseal-simulator/sdc-simulator/startup.sh
@@ -15,6 +15,8 @@ JAVA_OPTIONS=" ${JAVA_OPTIONS} \
-Dconfig.home=${JETTY_BASE}/config/sdc-simulator \
-Dlog.home=${JETTY_BASE}/logs \
-Dlogback.configurationFile=${JETTY_BASE}/config/sdc-simulator/logback.xml \
+ -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \
+ -Djavax.net.ssl.trustStorePassword=Y,f975ZNJfVZhV*{+Y[}pA?0 \
-Djetty.console-capture.dir=${JETTY_BASE}/logs"