diff options
Diffstat (limited to 'catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates')
4 files changed, 192 insertions, 49 deletions
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb index 605a831e0e..07f660b39e 100644 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -25,7 +25,7 @@ beProtocol: http beSslPort: <%= @ssl_port %> version: 1.1.0 released: 2012-11-30 -toscaConformanceLevel: 9.0 +toscaConformanceLevel: 11.0 minToscaConformanceLevel: 3.0 janusGraphCfgFile: /var/lib/jetty/config/catalog-be/janusgraph.properties @@ -39,7 +39,6 @@ janusGraphHealthCheckReadTimeout: 1 # The interval to try and reconnect to Elasticsearch when it is down during ASDC startup: -esReconnectIntervalInSeconds: 3 uebHealthCheckReconnectIntervalInSeconds: 15 uebHealthCheckReadTimeout: 4 @@ -70,6 +69,21 @@ users: tom: passwd bob: passwd +# access restriction +authCookie: + securityKey: "sdcaccessrestrictionsecureykey" + maxSessionTimeOut: 86400000 + sessionIdleTimeOut: 3600000 + cookieName: "AuthenticationCookie" + path: / + domain: "" + isHttpOnly: true + # redirect variable name from portal.properties file + redirectURL: "" + excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>] + onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>] + + cassandraConfig: cassandraHosts: [<%= @cassandra_ip %>] @@ -91,28 +105,7 @@ cassandraConfig: - { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} - { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} -#Application-specific settings of ES -elasticSearch: - # Mapping of index prefix to time-based frame. For example, if below is configured: - # - # - indexPrefix: auditingevents - # creationPeriod: minute - # - # then ES object of type which is mapped to "auditingevents-*" template, and created on 2015-12-23 13:24:54, will enter "auditingevents-2015-12-23-13-24" index. - # Another object created on 2015-12-23 13:25:54, will enter "auditingevents-2015-12-23-13-25" index. - # If creationPeriod: month, both of the above will enter "auditingevents-2015-12" index. - # - # PLEASE NOTE: the timestamps are created in UTC/GMT timezone! This is needed so that timestamps will be correctly presented in Kibana. - # - # Legal values for creationPeriod - year, month, day, hour, minute, none (meaning no time-based behaviour). - # - # If no creationPeriod is configured for indexPrefix, default behavour is creationPeriod: month. - - indicesTimeFrequency: - - indexPrefix: auditingevents - creationPeriod: month - - indexPrefix: monitoring_events - creationPeriod: month + artifactTypes: - CHEF - PUPPET @@ -287,7 +280,10 @@ systemMonitoring: enabled: false isProxy: false probeIntervalInSeconds: 15 -defaultHeatArtifactTimeoutMinutes: 60 +heatArtifactDeploymentTimeout: + defaultMinutes: 30 + minMinutes: 1 + maxMinutes: 120 serviceDeploymentArtifacts: CONTROLLER_BLUEPRINT_ARCHIVE: @@ -630,12 +626,8 @@ resourceInformationalArtifacts: resourceInformationalDeployedArtifacts: - -requirementsToFulfillBeforeCert: - -capabilitiesToConsumeBeforeCert: - unLoggedUrls: + - /sdc2/rest/monitoring - /sdc2/rest/healthCheck cleanComponentsConfiguration: @@ -653,10 +645,10 @@ onboarding: host: <%= node['ONBOARDING_BE_VIP'] %> <% if node[:disableHttp] -%> protocol: https - port: <%= node['ONBOARDING_BE'][:https_port] %> + port: <%= node['ONBOARDING_BE'][:https_port] %> <% else %> protocol: http - port: <%= node['ONBOARDING_BE'][:http_port] %> + port: <%= node['ONBOARDING_BE'][:http_port] %> <% end -%> downloadCsarUri: "/onboarding-api/v1.0/vendor-software-products/packages" healthCheckUri: "/onboarding-api/v1.0/healthcheck" @@ -713,6 +705,8 @@ toscaValidators: disableAudit: false +consumerBusinessLogic: true + vfModuleProperties: min_vf_module_instances: forBaseModule: 1 @@ -799,10 +793,50 @@ dmaapConsumerConfiguration: credential: username: user password: + aftDme2SslEnable: true + aftDme2ClientKeystore: /var/lib/jetty/etc/truststore + aftDme2ClientKeystorePassword: "" + aftDme2ClientSslCertAlias: certman + +dmaapProducerConfiguration: + active: true + hosts: <%= node['DMAAP']['producer']['host']%> + consumerGroup: sdc-<%= node.chef_environment %>-<%= node['DMAAP']['random_id'] %> + consumerId: sdc-<%= node.chef_environment %>1-<%= node['DMAAP']['random_id'] %> + timeoutMs: 15000 + limit: 1 + pollingInterval: 2 + topic: <%= node['DMAAP']['producer']['topic'] %> + latitude: 32.109333 + longitude: 34.855499 + version: 1.0 + serviceName: <%= node['DMAAP']['producer']['serviceName'] %> + environment: <%= node['DMAAP']['producer']['environment'] %> + partner: BOT_R + routeOffer: MR1 + protocol: <%= node['http_protocol'] %> + contenttype: application/json + dme2TraceOn: true + aftEnvironment: <%= node['DMAAP']['producer']['aftEnvironment']%> + aftDme2ConnectionTimeoutMs: 15000 + aftDme2RoundtripTimeoutMs: 240000 + aftDme2ReadTimeoutMs: 50000 + dme2preferredRouterFilePath: <%= node['DMAAP']['producer']['dme2preferredRouterFilePath'] %> + timeLimitForNotificationHandleMs: 120000 + credential: + username: <%= node['DMAAP']['producer']['username'] %> + password: <%= node['DMAAP']['producer']['password'] %> + aftDme2SslEnable: true + aftDme2ClientKeystore: /var/lib/jetty/etc/truststore + aftDme2ClientKeystorePassword: <%= node['jetty']['dmaap_truststore_pwd'] %> + aftDme2ClientSslCertAlias: certman + -dmeConfiguration: - dme2Search: DME2SEARCH - dme2Resolve: DME2RESOLVE +# ToDo: AF - had to remove due to configuration laod class failure +#dmeConfiguration: +# lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT" +# dme2Search: DME2SEARCH +# dme2Resolve: DME2RESOLVE excludedPolicyTypesMapping: # VF: @@ -815,21 +849,68 @@ excludedGroupTypesMapping: CR: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root PNF: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root VF: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root Service: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root healthStatusExclude: - DE - DMAAP + - DMAAP_PRODUCER + - ON_BOARDING - DCAE + - PORTAL + - External API + +#Auto Healing +enableAutoHealing: false +appVersion: <%= @app_version %> + +artifactGeneratorConfig: Artifact-Generator.properties +resourcesForUpgrade: + 8.0: + - org.openecomp.resource.cp.extCP + - tosca.nodes.network.Network + - tosca.nodes.network.Port + - org.openecomp.resource.cp.nodes.network.SubInterface +skipUpgradeFailedVfs: true +skipUpgradeVSPs: true +autoHealingOwner: jh0003 +supportAllottedResourcesAndProxy: true +deleteLockTimeoutInSeconds: 60 +maxDeleteComponents: 10 + +# Cadi filter (access restriction) Parameters +aafNamespace: <%= node['aafNamespace'] %> +aafAuthNeeded: <%= node['access_restriction']['aafAuthNeeded'] %> + +cadiFilterParams: + AFT_LATITUDE: "32.780140" + AFT_LONGITUDE: "-96.800451" + hostname: <%= node['BE_VIP'] %> + aaf_id: <%= node['access_restriction']['aaf_id'] %> + aaf_env: <%= node['access_restriction']['aaf_env'] %> + aaf_url: <%= node['access_restriction']['aaf_url'] %> + csp_domain: <%= node['access_restriction']['csp_domain'] %> + cadi_keyfile: <%= node['access_restriction']['cadi_keyfile'] %> + aaf_password: <%= node['access_restriction']['aaf_password'] %> + cadi_loglevel: <%= node['access_restriction']['cadi_loglevel'] %> + AFT_ENVIRONMENT: <%= node['access_restriction']['AFT_ENVIRONMENT'] %> + cadiX509Issuers: <%= node['access_restriction']['cadiX509Issuers'] %> + cadi_truststore: <%= node['access_restriction']['cadi_truststore'] %> + cadi_truststore_password: <%= node['access_restriction']['cadi_truststore_password'] %> + diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb deleted file mode 100644 index f107eb05ca..0000000000 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb +++ /dev/null @@ -1,12 +0,0 @@ -discovery.zen.ping.multicast.enabled: false -discovery.zen.ping.unicast.enabled: true -node.name: <%= node[:hostname] %> -cluster.name: <%= @cluster_name %> -node.master: false -node.data: false -http.cors.enabled: true -path.home: "/var/lib/jetty/config" -elasticSearch.transportclient: true -http.port: 9300 -transport.client.initial_nodes: -<%= @es_host_ip %> diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb index d43c2faa1a..7e7eea407e 100644 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb @@ -57,14 +57,34 @@ use_rest_for_functional_menu=true portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestAPICentralServiceImpl role_access_centralized = remote +# Cookie set by CSP-SSO +csp_cookie_name = onapCsp + +# CSP setting, most use PROD; DEV also recognized +csp_gate_keeper_prod_key = PROD + # URL of the Portal where this app is onboarded ecomp_redirect_url = <%= @ecomp_redirect_url %> # URL of the ECOMP Portal REST API ecomp_rest_url = <%= @ecomp_rest_url %> +# Connection and Read timeout values +ext_req_connection_timeout = 15000 +ext_req_read_timeout = 20000 + +# Name of java class that implements the OnBoardingApiService interface. +portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestAPICentralServiceImpl + #Portal user & key -portal_user = <%= @ecomp_portal_user %> -portal_pass = <%= @ecomp_portal_pass %> portal_app_name = <%= @portal_app_name %> +portal_pass = <%= @ecomp_portal_pass %> +portal_user = <%= @ecomp_portal_user %> +# Use this tag if the app is centralized remote/local +role_access_centralized = remote + +# UEB key generated while on-boarding +ueb_app_key = "" +# Applications do not need to run a UEB listener after 1607. +ueb_listeners_enable = false diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb new file mode 100644 index 0000000000..66654310e0 --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb @@ -0,0 +1,54 @@ +# Configure AAF +aaf_locate_url=<%= node['access_restriction']['aaf_locate_url'] %> + +aaf_url=<%= node['access_restriction']['aaf_url'] %> + +#if you are running aaf service from a docker image you have to use aaf service IP and port number +aaf_id=<%= node['access_restriction']['aaf_id'] %> +#Encrypt the password using AAF Jar +aaf_password=<%= node['access_restriction']['aaf_password'] %> +# Sample CADI Properties, from CADI 1.4.2 +hostname=<%= node['BE_VIP'] %> +csp_domain=<%= node['access_restriction']['csp_domain'] %> + +# Add Absolute path to Keyfile +cadi_keyfile=<%= node['access_restriction']['cadi_keyfile'] %> + + +# This is required to accept Certificate Authentication from Certman certificates. +# can be TEST, IST or PROD +aaf_env=<%= node['access_restriction']['aaf_env'] %> + +# DEBUG prints off all the properties. Use to get started. +cadi_loglevel=<%= node['access_restriction']['cadi_loglevel'] %> + + +# Become CSO Poodle Compliant by only allowing sanctioned TLS versions +# The following is the default +# cadi_protocols=TLSv1.1,TLSv1.2 + +# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2 +# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore +# Add Absolute path to truststore2020.jks +cadi_truststore=<%= node['access_restriction']['cadi_truststore'] %> +# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs +cadi_truststore_password=<%= node['access_restriction']['cadi_truststore_password'] %> + +# how to turn on SSL Logging +#javax.net.debug=ssl + +## +# Hint +# Use "maps.bing.com" to get Lat and Long for an Address +AFT_LATITUDE=32.780140 +AFT_LONGITUDE=-96.800451 +AFT_ENVIRONMENT=<%= node['access_restriction']['AFT_ENVIRONMENT'] %> +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=<%= node['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] %> +DME2.DEBUG=true +AFT_DME2_HTTP_EXCHANGE_TRACE_ON=<%= node['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] %> + +cadi_latitude=32.780140 +cadi_longitude=-96.800451 + +aaf_root_ns=<%= node['aafNamespace'] %> +aaf_api_version=2.0 |