diff options
21 files changed, 325 insertions, 39 deletions
diff --git a/build-tools/pom.xml b/build-tools/pom.xml new file mode 100644 index 0000000000..952ebef380 --- /dev/null +++ b/build-tools/pom.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + + <!-- This dependency must be referenced from a plugin configuration only --> + + <modelVersion>4.0.0</modelVersion> + + <artifactId>build-tools</artifactId> + + <parent> + <groupId>org.openecomp.sdc</groupId> + <artifactId>sdc-main</artifactId> + <version>1.1.0-SNAPSHOT</version> + </parent> + + <properties> + <pmd.version>5.8.1</pmd.version> + </properties> + + <dependencies> + <dependency> + <groupId>net.sourceforge.pmd</groupId> + <artifactId>pmd-core</artifactId> + <version>${pmd.version}</version> + </dependency> + <dependency> + <groupId>net.sourceforge.pmd</groupId> + <artifactId>pmd-java</artifactId> + <version>${pmd.version}</version> + </dependency> + </dependencies> + +</project>
\ No newline at end of file diff --git a/build-tools/src/main/resources/build-pmd-ruleset.xml b/build-tools/src/main/resources/build-pmd-ruleset.xml new file mode 100644 index 0000000000..dd8984a970 --- /dev/null +++ b/build-tools/src/main/resources/build-pmd-ruleset.xml @@ -0,0 +1,42 @@ +<?xml version="1.0"?> +<ruleset name="SDC Essential Rule-set" + xmlns="http://pmd.sourceforge.net/ruleset/2.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd http://pmd.sourceforge.net/ruleset/2.0.0 "> + + <description> + Essential rules according to SonarQube. Note that it is impossible to make PMD rules exactly match the + SonarQube ones, but they will probably catch about 90% of violations before they get into the source control. + The advantage is that PMD can be ran locally on any development setup and does not require a license. + </description> + + <!-- + All available Java rule-sets: https://pmd.github.io/pmd-5.6.1/pmd-java/rules/index.html + --> + + <!-- Blocker severity in SonarQube --> + <rule ref="rulesets/java/strictexception.xml/AvoidCatchingThrowable"/> + <rule ref="rulesets/java/empty.xml/EmptyCatchBlock"> + <properties> + <property name="allowCommentedBlocks" value="true"/> + </properties> + </rule> + + <!-- THERE IS NO GOOD RULE TO CATCH NULL DEREFERENCING IN PMD --> + <rule ref="rulesets/java/basic.xml/MisplacedNullCheck"/> + <rule ref="rulesets/java/basic.xml/BrokenNullCheck"/> + + + <rule ref="rulesets/java/design.xml/CloseResource"> + <properties> + <property name="types" + value="java.sql.Connection,java.sql.Statement,java.sql.ResultSet,java.io.OutputStream,java.net.URLConnection,java.io.InputStream,java.io.FileInputStream,java.io.FileOutputStream,java.util.zip.ZipOutputStream,java.util.zip.ZipInputStream,java.util.jar.JarInputStream,java.util.jar.JarOutputStream,java.io.BufferedReader,java.io.BufferedWriter"/> + </properties> + </rule> + <rule ref="rulesets/java/basic.xml/OverrideBothEqualsAndHashcode"/> + + <!-- + Critical severity in SonarQube. Should be empty until all Critical have been fixed. + --> + +</ruleset>
\ No newline at end of file diff --git a/onboarding/pom.xml b/onboarding/pom.xml index 0e600287bf..36a36ee325 100644 --- a/onboarding/pom.xml +++ b/onboarding/pom.xml @@ -93,5 +93,61 @@ <ws.rs.version>2.0.1</ws.rs.version> <!-- New version 2.0.1 to fix blackduck violation Failing with comiplation issues--> <zusammen.version>0.2.0</zusammen.version> <zusammen-state-store.version>0.2.1</zusammen-state-store.version> + <skipSA>true</skipSA> + <build.tools.version>1.1.0-SNAPSHOT</build.tools.version> </properties> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-jxr-plugin</artifactId> + <version>2.5</version> + <configuration> + <skip>${skipSA}</skip> + </configuration> + <executions> + <execution> + <id>jxr-generation</id> + <phase>validate</phase> + <goals> + <goal>jxr</goal> + <goal>test-jxr</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-pmd-plugin</artifactId> + <version>3.8</version> + <configuration> + <skip>${skipSA}</skip> + <aggregate>false</aggregate> + <targetJdk>${maven.compiler.target}</targetJdk> + <rulesets> + <ruleset>build-pmd-ruleset.xml</ruleset> + </rulesets> + </configuration> + <executions> + <execution> + <id>pmd-check</id> + <phase>validate</phase> + <goals> + <!-- violations fail build --> + <goal>check</goal> + </goals> + </execution> + </executions> + <dependencies> + <dependency> + <groupId>org.openecomp.sdc</groupId> + <artifactId>build-tools</artifactId> + <version>${build.tools.version}</version> + </dependency> + </dependencies> + </plugin> + </plugins> + </build> + </project> @@ -340,6 +340,7 @@ <activeByDefault>true</activeByDefault> </activation> <modules> + <module>build-tools</module> <module>onboarding</module> <module>security-utils</module> <module>common-app-api</module> diff --git a/sdc-os-chef/scripts/docker_run.sh b/sdc-os-chef/scripts/docker_run.sh index 23c443e22d..c4afd0c79c 100755 --- a/sdc-os-chef/scripts/docker_run.sh +++ b/sdc-os-chef/scripts/docker_run.sh @@ -2,13 +2,13 @@ function usage { - echo "usage: docker_run.sh [ -r|--release <RELEASE-NAME> ] [ -e|--environment <ENV-NAME> ] [ -p|--port <Docker-hub-port>] [ -h|--help ]" + echo "usage: docker_run.sh [ -r|--release <RELEASE-NAME> ] [ -e|--environment <ENV-NAME> ] [ -p|--port <Docker-hub-port>] [ -l|--local <Run-without-pull>] [ -h|--help ]" } function cleanup { echo "performing old dockers cleanup" - docker_ids=`docker ps -a | egrep "ecomp-nexus:${PORT}/sdc|sdc|Exit" | awk '{print $1}'` + docker_ids=`docker ps -a | egrep -v "openecomp/sdc-simulator" | egrep "ecomp-nexus:${PORT}/sdc|sdc|Exit" | awk '{print $1}'` for X in ${docker_ids} do docker rm -f ${X} @@ -24,6 +24,7 @@ function dir_perms { RELEASE=latest +LOCAL=false [ -f /opt/config/env_name.txt ] && DEP_ENV=$(cat /opt/config/env_name.txt) || DEP_ENV=__ENV-NAME__ [ -f /opt/config/nexus_username.txt ] && NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt) || NEXUS_USERNAME=release [ -f /opt/config/nexus_password.txt ] && NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt) || NEXUS_PASSWD=sfWU3DFVdBr7GVxB85mTYgAW @@ -43,6 +44,10 @@ while [ "$1" != "" ]; do shift PORT=${1} ;; + -l | --local ) + shift + LOCAL=true + ;; -h | --help ) usage exit @@ -61,19 +66,29 @@ cleanup export IP=`ifconfig eth0 | awk -F: '/inet addr/ {gsub(/ .*/,"",$2); print $2}'` +export PREFIX=${NEXUS_DOCKER_REPO}'/openecomp' + +if [ ${LOCAL} = true ]; then + PREFIX='openecomp' +fi echo "" # Elastic-Search echo "docker run sdc-elasticsearch..." -docker pull ${NEXUS_DOCKER_REPO}/openecomp/sdc-elasticsearch:${RELEASE} -docker run --detach --name sdc-es --env ENVNAME="${DEP_ENV}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --memory 1g --memory-swap=1g --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro -e ES_HEAP_SIZE=1024M --volume /data/ES:/usr/share/elasticsearch/data --volume /data/environments:/root/chef-solo/environments --publish 9200:9200 --publish 9300:9300 ${NEXUS_DOCKER_REPO}/openecomp/sdc-elasticsearch:${RELEASE} +if [ ${LOCAL} = false ]; then + echo "pulling code" + docker pull ${PREFIX}/sdc-elasticsearch:${RELEASE} +fi +docker run --detach --name sdc-es --env ENVNAME="${DEP_ENV}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --memory 1g --memory-swap=1g --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro -e ES_HEAP_SIZE=1024M --volume /data/ES:/usr/share/elasticsearch/data --volume /data/environments:/root/chef-solo/environments --publish 9200:9200 --publish 9300:9300 ${PREFIX}/sdc-elasticsearch:${RELEASE} # cassandra echo "docker run sdc-cassandra..." -docker pull ${NEXUS_DOCKER_REPO}/openecomp/sdc-cassandra:${RELEASE} -docker run --detach --name sdc-cs --env RELEASE="${RELEASE}" --env ENVNAME="${DEP_ENV}" --env HOST_IP=${IP} --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/CS:/var/lib/cassandra --volume /data/environments:/root/chef-solo/environments --publish 9042:9042 --publish 9160:9160 ${NEXUS_DOCKER_REPO}/openecomp/sdc-cassandra:${RELEASE} +if [ ${LOCAL} = false ]; then + docker pull ${PREFIX}/sdc-cassandra:${RELEASE} +fi +docker run --detach --name sdc-cs --env RELEASE="${RELEASE}" --env ENVNAME="${DEP_ENV}" --env HOST_IP=${IP} --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/CS:/var/lib/cassandra --volume /data/environments:/root/chef-solo/environments --publish 9042:9042 --publish 9160:9160 openecomp/sdc-cassandra:${RELEASE} echo "please wait while CS is starting..." @@ -87,18 +102,21 @@ while [ $c -gt 0 ]; do done echo -e "" - # kibana echo "docker run sdc-kibana..." -docker pull ${NEXUS_DOCKER_REPO}/openecomp/sdc-kibana:${RELEASE} -docker run --detach --name sdc-kbn --env ENVNAME="${DEP_ENV}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --memory 2g --memory-swap=2g --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/environments:/root/chef-solo/environments --publish 5601:5601 ${NEXUS_DOCKER_REPO}/openecomp/sdc-kibana:${RELEASE} +if [ ${LOCAL} = false ]; then + docker pull ${PREFIX}/sdc-kibana:${RELEASE} +fi +docker run --detach --name sdc-kbn --env ENVNAME="${DEP_ENV}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --memory 2g --memory-swap=2g --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/environments:/root/chef-solo/environments --publish 5601:5601 ${PREFIX}/sdc-kibana:${RELEASE} dir_perms # Back-End echo "docker run sdc-backend..." -docker pull ${NEXUS_DOCKER_REPO}/openecomp/sdc-backend:${RELEASE} -docker run --detach --name sdc-BE --env HOST_IP=${IP} --env ENVNAME="${DEP_ENV}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --memory 4g --memory-swap=4g --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/logs/BE/:/var/lib/jetty/logs --volume /data/environments:/root/chef-solo/environments --publish 8443:8443 --publish 8080:8080 ${NEXUS_DOCKER_REPO}/openecomp/sdc-backend:${RELEASE} +if [ ${LOCAL} = false ]; then + docker pull ${PREFIX}/sdc-backend:${RELEASE} +fi +docker run --detach --name sdc-BE --env HOST_IP=${IP} --env ENVNAME="${DEP_ENV}" --env http_proxy=${http_proxy} --env https_proxy=${https_proxy} --env no_proxy=${no_proxy} --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --memory 4g --memory-swap=4g --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/logs/BE/:/var/lib/jetty/logs --volume /data/environments:/root/chef-solo/environments --publish 8443:8443 --publish 8080:8080 ${PREFIX}/sdc-backend:${RELEASE} echo "please wait while BE is starting..." echo "" @@ -114,8 +132,10 @@ echo -e "" # Front-End echo "docker run sdc-frontend..." -docker pull ${NEXUS_DOCKER_REPO}/openecomp/sdc-frontend:${RELEASE} -docker run --detach --name sdc-FE --env HOST_IP=${IP} --env ENVNAME="${DEP_ENV}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --memory 2g --memory-swap=2g --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/logs/FE/:/var/lib/jetty/logs --volume /data/environments:/root/chef-solo/environments --publish 9443:9443 --publish 8181:8181 ${NEXUS_DOCKER_REPO}/openecomp/sdc-frontend:${RELEASE} +if [ ${LOCAL} = false ]; then + docker pull ${PREFIX}/sdc-frontend:${RELEASE} +fi +docker run --detach --name sdc-FE --env HOST_IP=${IP} --env ENVNAME="${DEP_ENV}" --env http_proxy=${http_proxy} --env https_proxy=${https_proxy} --env no_proxy=${no_proxy} --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --memory 2g --memory-swap=2g --ulimit nofile=4096:100000 --volume /etc/localtime:/etc/localtime:ro --volume /data/logs/FE/:/var/lib/jetty/logs --volume /data/environments:/root/chef-solo/environments --publish 9443:9443 --publish 8181:8181 ${PREFIX}/sdc-frontend:${RELEASE} diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keystore b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keystore Binary files differindex 08f6cda8a7..c4083931dc 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keystore +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keystore diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_import_Normatives.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_import_Normatives.rb index 6e9b24133d..6e9b24133d 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_import_Normatives.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_import_Normatives.rb diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb index ac1614a253..067642fed9 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb @@ -51,18 +51,3 @@ cookbook_file "ArtifactGenerator" do group "jetty" mode "0755" end - -directory "Jetty_etcdir_creation" do - path "/#{jetty_base}/etc" - owner 'jetty' - group 'jetty' - mode '0755' - action :create -end - -cookbook_file "/#{jetty_base}/etc/keystore" do - source "keystore" - owner "jetty" - group "jetty" - mode 0755 -end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb new file mode 100644 index 0000000000..148eaaf4d3 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb @@ -0,0 +1,16 @@ +jetty_base="/var/lib/jetty" + +directory "Jetty_etcdir_creation" do + path "/#{jetty_base}/etc" + owner 'jetty' + group 'jetty' + mode '0755' + action :create +end + +cookbook_file "/#{jetty_base}/etc/keystore" do + source "keystore" + owner "jetty" + group "jetty" + mode 0755 +end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_create_DMaaP_keys.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_create_DMaaP_keys.rb index 583dfff7b2..583dfff7b2 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_create_DMaaP_keys.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_create_DMaaP_keys.rb diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_jetty_Modules.rb index 3ec16e8924..046e3c6919 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_jetty_Modules.rb @@ -12,4 +12,11 @@ EOH not_if "ls /#{jetty_base}/start.d/https.ini" end - +template "ssl-ini" do + path "/#{jetty_base}/start.d/ssl.ini" + source "ssl-ini.erb" + owner "jetty" + group "jetty" + mode "0755" + variables :https_port => "#{node['BE'][:https_port]}" +end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_setup_elasticsearch.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_elasticsearch.rb index 39fc5af883..39fc5af883 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_setup_elasticsearch.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_elasticsearch.rb diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_portal_properties.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_setup_portal_properties.rb index 8c57de6caf..8c57de6caf 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_portal_properties.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_setup_portal_properties.rb diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_logback.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_logback.rb index 2dfc4f1089..2dfc4f1089 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_logback.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_logback.rb diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_errors_config.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_errors_config.rb index 684d730709..684d730709 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_errors_config.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_errors_config.rb diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb index 426e0e44b5..effbfa7918 100644 --- a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb @@ -8,7 +8,7 @@ # jetty.ssl.host=0.0.0.0 ## Connector port to listen on -jetty.ssl.port=<%= @FE_https_port %> +jetty.ssl.port=<%= @https_port %> ## Connector idle timeout in milliseconds # jetty.ssl.idleTimeout=30000 @@ -49,6 +49,7 @@ jetty.ssl.port=<%= @FE_https_port %> ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok ## Keystore type and provider # jetty.sslContext.keyStoreType=JKS @@ -56,9 +57,11 @@ jetty.ssl.port=<%= @FE_https_port %> ## KeyManager password # jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g +jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok ## Truststore password # jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok ## Truststore type and provider # jetty.sslContext.trustStoreType=JKS @@ -81,3 +84,7 @@ jetty.ssl.port=<%= @FE_https_port %> ## Set the timeout (in seconds) of the SslSession cache timeout # jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 diff --git a/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json b/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json index 9fc7b8d1dc..a05a2830eb 100644 --- a/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json +++ b/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json @@ -12,11 +12,12 @@ "run_list": [ "recipe[sdc-catalog-be::BE_1_cleanup_jettydir]", "recipe[sdc-catalog-be::BE_2_setup_configuration]", - "recipe[sdc-catalog-be::BE_4_jetty_Modules]", - "recipe[sdc-catalog-be::BE_5_setup_elasticsearch]", - "recipe[sdc-catalog-be::BE_6_setup_portal_properties]", - "recipe[sdc-catalog-be::BE_7_logback]", - "recipe[sdc-catalog-be::BE_8_errors_config]" + "recipe[sdc-catalog-be::BE_3_locate_keystore]", + "recipe[sdc-catalog-be::BE_5_jetty_Modules]", + "recipe[sdc-catalog-be::BE_6_setup_elasticsearch]", + "recipe[sdc-catalog-be::BE_7_setup_portal_properties]", + "recipe[sdc-catalog-be::BE_8_logback]", + "recipe[sdc-catalog-be::BE_9_errors_config]" ], "env_run_lists": { } diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore Binary files differindex 08f6cda8a7..c4083931dc 100644 --- a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore +++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb index 2800fd1808..fc9dd86f40 100644 --- a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb +++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb @@ -34,12 +34,12 @@ template "FE-https-ini" do end -template "FE-ssl-ini" do +template "ssl-ini" do path "/#{jetty_base}/start.d/ssl.ini" - source "FE-ssl-ini.erb" + source "ssl-ini.erb" owner "jetty" group "jetty" mode "0755" - variables :FE_https_port => "#{node['FE'][:https_port]}" + variables :https_port => "#{node['FE'][:https_port]}" end diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb new file mode 100644 index 0000000000..effbfa7918 --- /dev/null +++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb @@ -0,0 +1,90 @@ +# --------------------------------------- +# Module: ssl +--module=ssl + +### TLS(SSL) Connector Configuration + +## Connector host/address to bind to +# jetty.ssl.host=0.0.0.0 + +## Connector port to listen on +jetty.ssl.port=<%= @https_port %> + +## Connector idle timeout in milliseconds +# jetty.ssl.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.ssl.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.ssl.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.ssl.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.ssl.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.ssl.acceptorPriorityDelta=0 + +## Whether request host names are checked to match any SNI names +# jetty.ssl.sniHostCheck=true + +## max age in seconds for a Strict-Transport-Security response header (default -1) +# jetty.ssl.stsMaxAgeSeconds=31536000 + +## include subdomain property in any Strict-Transport-Security header (default false) +# jetty.ssl.stsIncludeSubdomains=true + +### SslContextFactory Configuration +## Note that OBF passwords are not secure, just protected from casual observation +## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html + +## Keystore file path (relative to $jetty.base) +# jetty.sslContext.keyStorePath=etc/keystore + +## Truststore file path (relative to $jetty.base) +# jetty.sslContext.trustStorePath=etc/keystore + +## Keystore password +# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Keystore type and provider +# jetty.sslContext.keyStoreType=JKS +# jetty.sslContext.keyStoreProvider= + +## KeyManager password +# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g +jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Truststore password +# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Truststore type and provider +# jetty.sslContext.trustStoreType=JKS +# jetty.sslContext.trustStoreProvider= + +## whether client certificate authentication is required +# jetty.sslContext.needClientAuth=false + +## Whether client certificate authentication is desired +# jetty.sslContext.wantClientAuth=false + +## Whether cipher order is significant (since java 8 only) +# jetty.sslContext.useCipherSuitesOrder=true + +## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at +## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites + +## Set the size of the SslSession cache +# jetty.sslContext.sslSessionCacheSize=-1 + +## Set the timeout (in seconds) of the SslSession cache timeout +# jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml index 7bee699dab..ea620f6844 100644 --- a/utils/webseal-simulator/pom.xml +++ b/utils/webseal-simulator/pom.xml @@ -13,6 +13,7 @@ <docker.latest.tag>${project.version}-latest</docker.latest.tag> <!--maven--> <maven.build.timestamp.format>yyyyMMdd'T'HHmm</maven.build.timestamp.format> + <nexus.proxy>https://nexus.onap.org</nexus.proxy> </properties> <dependencies> @@ -51,7 +52,7 @@ <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> - <version>2.0-SNAPSHOT</version> + <version>1.9</version> <scope>compile</scope> </dependency> @@ -112,6 +113,31 @@ </plugins> </build> + <repositories> + <!-- LF repositories --> + <repository> + <id>ecomp-releases</id> + <name>Release Repository</name> + <url>${nexus.proxy}/content/repositories/releases/</url> + </repository> + <repository> + <id>ecomp-staging</id> + <name>Staging Repository</name> + <url>${nexus.proxy}/content/repositories/staging/</url> + </repository> + <repository> + <id>ecomp-snapshots</id> + <name>Snapshots Repository</name> + <url>${nexus.proxy}/content/repositories/snapshots/</url> + </repository> + <repository> + <id>ecomp-public</id> + <name>Public Repository</name> + <url>${nexus.proxy}/content/repositories/public/</url> + </repository> + <!-- LF repositories END--> + </repositories> + <profiles> <profile> <id>docker-staging</id> |