summaryrefslogtreecommitdiffstats
path: root/openecomp-be/dist
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2023-05-05 11:57:56 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2023-05-08 13:11:02 +0000
commita2feaf9b65cbba66181fb560b5815a62427d65cc (patch)
treebe49cc57d447f7bb94e717e1ee970d4b095e1473 /openecomp-be/dist
parentaf3fdfce91aeea1804c76a8571c102b78dde3794 (diff)
Support SIP TLS
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3 Issue-ID: SDC-4483
Diffstat (limited to 'openecomp-be/dist')
-rw-r--r--openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile2
-rw-r--r--openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb12
-rw-r--r--openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb16
-rw-r--r--openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb8
-rw-r--r--openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh4
5 files changed, 24 insertions, 18 deletions
diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile
index f0f9d5fa42..cc34c81f09 100644
--- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile
+++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile
@@ -1,4 +1,4 @@
-FROM onap/integration-java11:9.0.0
+FROM onap/integration-java11:10.0.0
USER root
ARG JETTY_FOLDER=/app/jetty
diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb
index 074584a6e8..d2a40942e8 100644
--- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb
+++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb
@@ -5,15 +5,19 @@ default['FE'][:http_port] = 8181
default['FE'][:https_port] = 9443
default['disableHttp'] = true
default['cassandra'][:truststore_password] = "Aa123456"
+
+default['jetty']['keystore_path'] = "etc/org.onap.sdc.p12"
default['jetty'][:keystore_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31"
default['jetty'][:keymanager_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31"
+default['jetty']['truststore_path'] = "etc/org.onap.sdc.trust.jks"
+# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
+# MUST BE ALSO CHANGE IN THE startup.sh FILE
default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0"
-default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore"
default['VnfRepo']['vnfRepoPort'] = 8702
default['VnfRepo']['vnfRepoHost'] = "refrepo"
-#Cassandra
+# Cassandra
default['cassandra']['cassandra_port'] = 9042
default['cassandra']['datacenter_name'] = "DC-"
default['cassandra']['cluster_name'] = "SDC-CS-"
@@ -21,12 +25,12 @@ default['cassandra']['socket_read_timeout'] = 20000
default['cassandra']['socket_connect_timeout'] = 20000
default['cassandra']['janusgraph_connection_timeout'] = 10000
-#Basicauth
+# Basicauth
default['basic_auth']['enabled'] = true
default['basic_auth'][:user_name] = "testName"
default['basic_auth'][:user_pass] = "testPass"
default['basic_auth']['excludedUrls'] = "/v1.0/healthcheck"
-#ExternalTesting
+# ExternalTesting
default['EXTTEST']['ep1_config'] = "vtp,VTP,true,http://refrepo:8702/onapapi/vnfsdk-marketplace,onap.*"
default['EXTTEST']['ep2_config'] = "repository,Repository,false,,.*"
diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb
index 6b2b79b49c..2e51402016 100644
--- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb
+++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb
@@ -1,4 +1,4 @@
-#Set the http module option
+# Set the http module option
if node['disableHttp']
http_option = "#--module=http"
else
@@ -18,12 +18,11 @@ template "http-ini" do
group "#{ENV['JETTY_GROUP']}"
mode "0755"
variables ({
- :http_option => http_option ,
+ :http_option => http_option,
:http_port => "#{node['ONBOARDING_BE'][:http_port]}"
})
-
-end
+end
template "https-ini" do
path "#{ENV['JETTY_BASE']}/start.d/https.ini"
@@ -34,7 +33,6 @@ template "https-ini" do
variables :https_port => "#{node['ONBOARDING_BE'][:https_port]}"
end
-
template "ssl-ini" do
path "#{ENV['JETTY_BASE']}/start.d/ssl.ini"
source "ssl-ini.erb"
@@ -42,9 +40,11 @@ template "ssl-ini" do
group "#{ENV['JETTY_GROUP']}"
mode "0755"
variables ({
- :https_port => "#{node['ONBOARDING_BE'][:https_port]}" ,
- :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" ,
- :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" ,
+ :https_port => "#{node['ONBOARDING_BE'][:https_port]}",
+ :jetty_keystore_path => "#{node['jetty'][:keystore_path]}",
+ :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}",
+ :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}",
+ :jetty_truststore_path => "#{node['jetty'][:truststore_path]}",
:jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}"
})
end
diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb
index 278fdea2ae..c489825c7b 100644
--- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb
+++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb
@@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %>
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## Keystore file path (relative to $jetty.base)
-jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12
+jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %>
## Truststore file path (relative to $jetty.base)
-jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks
+jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %>
## Keystore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %>
## Keystore type and provider
-# jetty.sslContext.keyStoreType=JKS
+jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
@@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
## Truststore type and provider
-# jetty.sslContext.trustStoreType=JKS
+jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=
## whether client certificate authentication is required
diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh
index 43aad8726a..6ee1b7b344 100644
--- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh
+++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh
@@ -8,6 +8,8 @@ JAVA_OPTIONS="$JAVA_OPTIONS \
-Dconfiguration.yaml=$JETTY_BASE/config/onboarding-be/onboarding_configuration.yaml \
-Dfeatures.properties=$JETTY_BASE/config/onboarding-be/features.properties \
-XX:+HeapDumpOnOutOfMemoryError \
+ -Djavax.net.ssl.trustStore=$JETTY_BASE/etc/org.onap.sdc.trust.jks \
+ -Djavax.net.ssl.trustStorePassword=z+KEj;t+,KN^iimSiS89e#p0 \
-Dconfig.location=$JETTY_BASE/config/onboarding-be/."
cd $JETTY_BASE
@@ -16,6 +18,6 @@ cd $JETTY_BASE/chef-solo
chef-solo -c solo.rb -E ${ENVNAME}
cd $JETTY_HOME
-echo "jetty.httpConfig.sendServerVersion=false" >> $JETTY_HOME/start.d/start.ini
+echo "jetty.httpConfig.sendServerVersion=false" >>$JETTY_HOME/start.d/start.ini
java $JAVA_OPTIONS -jar "${JETTY_HOME}/start.jar"