diff options
author | k.kedron <k.kedron@partner.samsung.com> | 2019-08-23 17:11:51 +0200 |
---|---|---|
committer | k.kedron <k.kedron@partner.samsung.com> | 2019-08-27 17:57:22 +0200 |
commit | 6fd60f573407abcd258ca4463836328ba039f50e (patch) | |
tree | 871d5531c0a137d24d28af643edb65ed4ca47625 /docker | |
parent | c69e72cb78fb8e6d7a4f3698f6598f418fdcb727 (diff) |
Implement HTTPS calls into DCAE-DS FE
Implemented HTTPS calls into dcae-ds fe:
-Added p12 keystore certificate.
-Updated application configuration.
-Added trust-store.
-Updated the onap/base_sdc-jetty docker image version
-Updated the chef script to properly used of the new docker image
Issue-ID: SDC-2533
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: I1bac50ff08aa4f703de458661c9d52f985c4a75d
Diffstat (limited to 'docker')
-rw-r--r-- | docker/Dockerfile | 25 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/README.md (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/README.md) | 1 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/attributes/default.rb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/attributes/default.rb) | 6 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/files/default/logback-spring.xml (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/files/default/logback-spring.xml) | 0 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 | bin | 0 -> 4051 bytes | |||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks | bin | 0 -> 1413 bytes | |||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/recipes/dcae_setup.rb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/recipes/dcae_setup.rb) | 36 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/recipes/jetty_setup.rb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/recipes/jetty_setup.rb) | 33 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/dcae-application.properties.erb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/dcae-application.properties.erb) | 0 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/dcae-logback-spring.erb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/dcae-logback-spring.erb) | 0 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/http-ini.erb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/http-ini.erb) | 0 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/https-ini.erb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/https-ini.erb) | 0 | ||||
-rw-r--r-- | docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/ssl-ini.erb (renamed from docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/ssl-ini.erb) | 4 | ||||
-rw-r--r-- | docker/chef-solo/cookbooks/Deploy-DCAE/.gitignore | 20 | ||||
-rw-r--r-- | docker/chef-solo/cookbooks/Deploy-DCAE/.kitchen.yml | 16 | ||||
-rw-r--r-- | docker/chef-solo/cookbooks/Deploy-DCAE/files/default/keystore | bin | 4255 -> 0 bytes | |||
-rw-r--r-- | docker/chef-solo/cookbooks/Deploy-DCAE/files/default/truststore | bin | 4255 -> 0 bytes | |||
-rw-r--r-- | docker/chef-solo/cookbooks/Deploy-DCAE/metadata.rb | 7 | ||||
-rwxr-xr-x | docker/set_user.sh | 20 | ||||
-rw-r--r-- | docker/startup.sh | 13 |
20 files changed, 52 insertions, 129 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index e6b9a36..ed54b2b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,26 +1,15 @@ -FROM onap/base_sdc-jetty:1.2.0-SNAPSHOT-latest +FROM onap/base_sdc-jetty:1.4.1 -COPY chef-solo /var/opt/dcae-fe/chef-solo/ +COPY chef-solo /root/chef-solo/ -COPY startup.sh /var/opt/dcae-fe/ +COPY chef-repo/cookbooks /root/chef-solo/cookbooks/ -ADD target/dcae_*.war ${JETTY_BASE}/webapps/ +ADD --chown=jetty:jetty target/dcae_*.war ${JETTY_BASE}/webapps/ USER root -RUN mkdir -p /opt/logs/fe +COPY startup.sh /root/ -COPY set_user.sh /tmp/set_user.sh - -RUN sh -x /tmp/set_user.sh && rm -f /tmp/set_user.sh - -RUN chown -R jetty:jetty ${JETTY_BASE}/webapps /var/opt/dcae-fe /opt/logs /var/lib/jetty - -RUN chmod 770 /var/opt/dcae-fe/startup.sh - -EXPOSE 8082 8444 - -USER jetty - -ENTRYPOINT [ "/var/opt/dcae-fe/startup.sh" ] +RUN chmod 770 /root/startup.sh +ENTRYPOINT [ "/root/startup.sh" ] diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/README.md b/docker/chef-repo/cookbooks/Deploy-DCAE/README.md index 27aba53..ba9ee43 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/README.md +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/README.md @@ -1,4 +1,3 @@ # Deploy-DCAE TODO: Enter the cookbook description here. - diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/attributes/default.rb b/docker/chef-repo/cookbooks/Deploy-DCAE/attributes/default.rb index 0ea50da..f566bdc 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/attributes/default.rb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/attributes/default.rb @@ -8,9 +8,9 @@ default['DCAE']['BE'][:https_port] = 8444 default['DCAE']['FE'][:http_port] = 8183 default['DCAE']['FE'][:https_port] = 9444 -default['jetty'][:keystore_pwd] = "OBF:1cp61iuj194s194u194w194y1is31cok" -default['jetty'][:keymanager_pwd] = "OBF:1cp61iuj194s194u194w194y1is31cok" -default['jetty'][:truststore_pwd] = "OBF:1cp61iuj194s194u194w194y1is31cok" +default['jetty']['keystore_pwd'] = "rTIS;B4kM]2GHcNK2c3B4&Ng" +default['jetty']['keymanager_pwd'] = "rTIS;B4kM]2GHcNK2c3B4&Ng" +default['jetty']['truststore_pwd'] = "Y,f975ZNJfVZhV*{+Y[}pA?0" default['disableHttp'] = true diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/logback-spring.xml b/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/logback-spring.xml index 7c0bfb6..7c0bfb6 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/logback-spring.xml +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/logback-spring.xml diff --git a/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 b/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 Binary files differnew file mode 100644 index 0000000..ee000dc --- /dev/null +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 diff --git a/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks b/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks Binary files differnew file mode 100644 index 0000000..342c4f2 --- /dev/null +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/recipes/dcae_setup.rb b/docker/chef-repo/cookbooks/Deploy-DCAE/recipes/dcae_setup.rb index 068e7c1..0f8ca09 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/recipes/dcae_setup.rb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/recipes/dcae_setup.rb @@ -1,8 +1,6 @@ -jetty_base = "#{node['JETTY_BASE']}" -dcae_logs = "#{node['APP_LOG_DIR']}" - dcae_be_vip = node['DCAE_BE_VIP'] + if node['disableHttp'] protocol = "https" dcae_be_port = node['DCAE']['BE'][:https_port] @@ -13,11 +11,20 @@ else dcae_fe_port = node['DCAE']['FE'][:http_port] end -printf("DEBUG: [%s]:[%s] disableHttp=[%s], protocol=[%s], dcae_be_vip=[%s], dcae_be_port=[%s] !!! \n", cookbook_name, recipe_name, node['disableHttp'], protocol, dcae_be_vip ,dcae_be_port ) +printf("DEBUG: [%s]:[%s] disableHttp=[%s], protocol=[%s], dcae_be_vip=[%s], dcae_be_port=[%s] !!! \n", cookbook_name, recipe_name, node['disableHttp'], protocol, dcae_be_vip ,dcae_be_port ) raise "[ERROR] 'DCAE_BE_FQDN' is not defined" if dcae_be_vip.nil? || dcae_be_vip == "" -directory "#{jetty_base}/config" do +directory "DCAE FE_tempdir_creation" do + path "#{ENV['JETTY_BASE']}/temp" + owner 'jetty' + group 'jetty' + mode '0755' + action :create +end + + +directory "#{ENV['JETTY_BASE']}/config" do owner "jetty" group "jetty" mode '0755' @@ -25,7 +32,8 @@ directory "#{jetty_base}/config" do action :create end -directory "#{jetty_base}/config/dcae-fe" do + +directory "#{ENV['JETTY_BASE']}/config/dcae-fe" do owner "jetty" group "jetty" mode '0755' @@ -33,14 +41,15 @@ directory "#{jetty_base}/config/dcae-fe" do action :create end + template "dcae-fe-config" do sensitive true - path "#{jetty_base}/config/dcae-fe/application.properties" + path "#{ENV['JETTY_BASE']}/config/dcae-fe/application.properties" source "dcae-application.properties.erb" owner "jetty" group "jetty" mode "0755" - variables ({ + variables({ :dcae_be_vip => dcae_be_vip, :dcae_be_port => dcae_be_port, :protocol => protocol, @@ -51,18 +60,9 @@ end template "dcae-logback-spring-config" do sensitive true - path "#{jetty_base}/config/dcae-fe/logback-spring.xml" + path "#{ENV['JETTY_BASE']}/config/dcae-fe/logback-spring.xml" source "dcae-logback-spring.erb" owner "jetty" group "jetty" mode "0755" end - - -directory "#{dcae_logs}" do - owner "jetty" - group "jetty" - mode '0755' - recursive true - action :create -end
\ No newline at end of file diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/recipes/jetty_setup.rb b/docker/chef-repo/cookbooks/Deploy-DCAE/recipes/jetty_setup.rb index 74c384e..64eb214 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/recipes/jetty_setup.rb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/recipes/jetty_setup.rb @@ -1,6 +1,3 @@ -jetty_base = "#{node['JETTY_BASE']}" -jetty_home = "#{node['JETTY_HOME']}" - #Set the http module option if node['disableHttp'] http_option = "#--module=http" @@ -13,7 +10,7 @@ printf("DEBUG: [%s]:[%s] disableHttp=[%s], http_option=[%s] !!! \n", cookbook_na directory "Jetty_etcdir_creation" do - path "/#{jetty_base}/etc" + path "/#{ENV['JETTY_BASE']}/etc" owner 'jetty' group 'jetty' mode '0755' @@ -22,61 +19,61 @@ end # Create Keystore -cookbook_file "#{jetty_base}/etc/keystore" do - source "keystore" +cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do + source "org.onap.sdc.p12" owner "jetty" group "jetty" mode 0755 end # Create Trustore -cookbook_file "#{jetty_base}/etc/truststore" do - source "truststore" +cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do + source "org.onap.sdc.trust.jks" owner "jetty" group "jetty" mode 0755 end bash "create-jetty-modules" do - cwd "#{jetty_base}" + cwd "#{ENV['JETTY_BASE']}" code <<-EOH - cd "#{jetty_base}" - java -jar "#{jetty_home}"/start.jar --add-to-start=deploy - java -jar "#{jetty_home}"/start.jar --add-to-startd=http,https,logging,setuid + cd "#{ENV['JETTY_BASE']}" + java -jar "#{ENV['JETTY_HOME']}"/start.jar --add-to-start=deploy + java -jar "#{ENV['JETTY_HOME']}"/start.jar --add-to-startd=http,https,console-capture,setuid EOH end # configure Jetty modules template "http-ini" do - path "#{jetty_base}/start.d/http.ini" + path "#{ENV['JETTY_BASE']}/start.d/http.ini" source "http-ini.erb" owner "jetty" group "jetty" mode "0755" - variables ({ + variables({ :http_option => http_option , :http_port => "#{node['DCAE']['FE'][:http_port]}" }) end template "https-ini" do - path "#{jetty_base}/start.d/https.ini" + path "#{ENV['JETTY_BASE']}/start.d/https.ini" source "https-ini.erb" owner "jetty" group "jetty" mode "0755" - variables ({ + variables({ :https_port => "#{node['DCAE']['FE'][:https_port]}" }) end template "ssl-ini" do - path "#{jetty_base}/start.d/ssl.ini" + path "#{ENV['JETTY_BASE']}/start.d/ssl.ini" source "ssl-ini.erb" owner "jetty" group "jetty" mode "0755" - variables ({ + variables({ :https_port => "#{node['DCAE']['FE'][:https_port]}" , :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" , :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" , diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/dcae-application.properties.erb b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/dcae-application.properties.erb index c8b6747..c8b6747 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/dcae-application.properties.erb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/dcae-application.properties.erb diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/dcae-logback-spring.erb b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/dcae-logback-spring.erb index 7c0bfb6..7c0bfb6 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/dcae-logback-spring.erb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/dcae-logback-spring.erb diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/http-ini.erb b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/http-ini.erb index 8f26690..8f26690 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/http-ini.erb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/http-ini.erb diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/https-ini.erb b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/https-ini.erb index 9999a41..9999a41 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/https-ini.erb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/https-ini.erb diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/ssl-ini.erb b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/ssl-ini.erb index 9abac51..278fdea 100644 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/templates/default/ssl-ini.erb +++ b/docker/chef-repo/cookbooks/Deploy-DCAE/templates/default/ssl-ini.erb @@ -42,10 +42,10 @@ jetty.ssl.port=<%= @https_port %> ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html ## Keystore file path (relative to $jetty.base) -#jetty.sslContext.keyStorePath=etc/keystore +jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 ## Truststore file path (relative to $jetty.base) -#jetty.sslContext.trustStorePath=etc/truststore +jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/.gitignore b/docker/chef-solo/cookbooks/Deploy-DCAE/.gitignore deleted file mode 100644 index b31c0d3..0000000 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/.gitignore +++ /dev/null @@ -1,20 +0,0 @@ -.vagrant -Berksfile.lock -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ - -# Bundler -Gemfile.lock -bin/* -.bundle/* - -.kitchen/ -.kitchen.local.yml - -######### Private -run.me -DCAE-CI01.json diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/.kitchen.yml b/docker/chef-solo/cookbooks/Deploy-DCAE/.kitchen.yml deleted file mode 100644 index 37d2844..0000000 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/.kitchen.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -driver: - name: vagrant - -provisioner: - name: chef_zero - -platforms: - - name: ubuntu-16.04 - - name: centos-7.1 - -suites: - - name: default - run_list: - - recipe[Deploy-DCAE::default] - attributes: diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/keystore b/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/keystore Binary files differdeleted file mode 100644 index c408393..0000000 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/keystore +++ /dev/null diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/truststore b/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/truststore Binary files differdeleted file mode 100644 index c408393..0000000 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/files/default/truststore +++ /dev/null diff --git a/docker/chef-solo/cookbooks/Deploy-DCAE/metadata.rb b/docker/chef-solo/cookbooks/Deploy-DCAE/metadata.rb deleted file mode 100644 index 7935c22..0000000 --- a/docker/chef-solo/cookbooks/Deploy-DCAE/metadata.rb +++ /dev/null @@ -1,7 +0,0 @@ -name 'Deploy-DCAE' -maintainer 'The Authors' -maintainer_email 'you@example.com' -license 'all_rights' -description 'Installs/Configures Deploy-DCAE' -long_description 'Installs/Configures Deploy-DCAE' -version '1.0.0' diff --git a/docker/set_user.sh b/docker/set_user.sh deleted file mode 100755 index 539a200..0000000 --- a/docker/set_user.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Create user - -USER="jetty" -GROUP="jetty" -UID="352070" -GID="35953" - -# Remove user: -deluser ${USER} - -##delgroup ${GROUP} - -echo "${USER}:x:${UID}:${GID}::/home/${USER}:Linux User,,,:/home/jetty:/bin/false" >> /etc/passwd - -echo "${GROUP}:x:${GID}:${USER}" >> /etc/group - -echo "${USER}:!:17501:0:99999:7:::" >> /etc/shadow - -mkdir /home/${USER} && chown ${USER}:${GROUP} /home/${USER} diff --git a/docker/startup.sh b/docker/startup.sh index 46925ae..8b7d914 100644 --- a/docker/startup.sh +++ b/docker/startup.sh @@ -1,17 +1,18 @@ #!/bin/sh -#set -x -# Run chef-solo for configuration -cd /var/opt/dcae-fe/chef-solo -chef-solo -c solo.rb -E ${ENVNAME} --log_level "debug" --logfile "/tmp/Chef-Solo.log" +JAVA_OPTIONS=" ${JAVA_OPTIONS} -Dconfig.home=${JETTY_BASE}/config + -Dlog.home=${JETTY_BASE}/logs + -Dlogback.configurationFile=${JETTY_BASE}/dcae-fe/logback-spring.xml" + +cd /root/chef-solo +chef-solo -c solo.rb -E ${ENVNAME} status=$? -if [ $status != 0 ]; then +if [[ ${status} != 0 ]]; then echo "[ERROR] Problem detected while running chef. Aborting !" exit 1 fi -# Execute Jetty cd /var/lib/jetty /docker-entrypoint.sh & |