aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be/sdc-backend/chef-repo/cookbooks
diff options
context:
space:
mode:
Diffstat (limited to 'catalog-be/sdc-backend/chef-repo/cookbooks')
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb76
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties4
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks4
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile4
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb85
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb7
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb151
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb12
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb24
-rw-r--r--catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb54
10 files changed, 365 insertions, 56 deletions
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index 2640da14ee..106400c799 100644
--- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -4,7 +4,15 @@ default['BE'][:https_port] = 8443
default['FE'][:http_port] = 8181
default['FE'][:https_port] = 9443
default['disableHttp'] = true
-default['cassandra'][:truststore_password] = "Aa123456"
+
+
+#+----------------------------------+
+#| |
+#| Jetty |
+#| |
+#+----------------------------------+
+
+default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd"
default['jetty'][:keystore_pwd] = "!ppJ.JvWn0hGh)oVF]([Kv)^"
default['jetty'][:keymanager_pwd] = "!ppJ.JvWn0hGh)oVF]([Kv)^"
# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
@@ -23,9 +31,8 @@ default['cassandra']['cluster_name'] = "SDC-CS-"
default['cassandra']['socket_read_timeout'] = 20000
default['cassandra']['socket_connect_timeout'] = 20000
default['cassandra']['janusgraph_connection_timeout'] = 10000
+default['cassandra'][:truststore_password] = "Aa123456"
-#Elasticsearch
-default['elasticsearch']['cluster_name'] = "SDC-ES-"
#Onboard
default['ONBOARDING_BE'][:http_port] = 8081
@@ -37,11 +44,68 @@ default['UEB']['SecretKey'] = "4ZRPzNJfEUK0sSNBvccd2m7X"
default['Pair_EnvName'] = ""
-#DmaapConsumer
-default['DMAAP']['active'] = false
+#+----------------------------------+
+#| |
+#| Portal |
+#| |
+#+----------------------------------+
-#Portal
default['ECompP']['cipher_key'] = "AGLDdG4D04BKm2IxIWEr8o=="
default['ECompP']['portal_user'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA="
default['ECompP']['portal_pass'] = "j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI="
default['ECompP']['portal_app_name'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA="
+
+
+#+----------------------------------+
+#| |
+#| DMAAP Consumer |
+#| |
+#+----------------------------------+
+
+default['DMAAP']['active'] = false
+default['DMAAP']['consumer']['aftEnvironment'] = "AFTUAT"
+default['DMAAP']['consumer']['consumerGroup'] = "ccd_onap"
+default['DMAAP']['consumer']['consumerId'] = "ccd_onap"
+default['DMAAP']['consumer']['dme2preferredRouterFilePath'] = "DME2preferredRouter.txt"
+default['DMAAP']['consumer']['environment'] = "TEST"
+default['DMAAP']['consumer']['host'] = "dmaap.onap.com"
+default['DMAAP']['consumer']['password'] = "password"
+default['DMAAP']['consumer']['port'] = 3905
+default['DMAAP']['consumer']['serviceName'] = "dmaap-v1.dev.dmaap.dt.saat.acsi.onap.com/events"
+default['DMAAP']['consumer']['topic'] = "com.onap.ccd.CCD-CatalogManagement-v1"
+default['DMAAP']['consumer']['username'] = "user"
+default['DMAAP']['partitioncount'] = "3"
+default['DMAAP']['replicationcount'] = "3"
+
+
+#+----------------------------------+
+#| |
+#| Access Restriction / CADI |
+#| |
+#+----------------------------------+
+
+# Cadi
+default['access_restriction']['cadi_root_dir'] = "/var/lib/jetty/etc"
+default['access_restriction']['cadi_keyfile'] = "/var/lib/jetty/etc/org.onap.sdc.p12"
+default['access_restriction']['cadi_loglevel'] = "DEBUG"
+default['access_restriction']['cadi_truststore'] = "/var/lib/jetty/etc/org.onap.sdc.trust.jks"
+default['access_restriction']['cadi_truststore_password'] = "changeit"
+default['access_restriction']['cadiX509Issuers'] = "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US"
+default['access_restriction']['encrypted_password'] = "enc:AccessRestrictionEncryptedPassword"
+default['access_restriction_key'] = nil
+
+# Access Restriction Key
+default['aafNamespace'] = "com.onap.sdc"
+default['access_restriction']['aaf_env'] = "TEST"
+default['access_restriction']['aaf_id'] = "user"
+default['access_restriction']['aaf_locate_url'] = ""
+default['access_restriction']['aaf_password'] = "enc:AafEncriptedPassword"
+default['access_restriction']['aaf_url'] = ""
+default['access_restriction']['aafAuthNeeded'] = false
+default['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] = true
+default['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] = true
+default['access_restriction']['AFT_ENVIRONMENT'] = "AFTUAT"
+default['access_restriction']['csp_domain'] = "PROD"
+default['access_restriction']['excluded_urls'] = "'/.*'"
+default['access_restriction']['excluded_urls_onboarding'] = "'/.*'"
+
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties
new file mode 100644
index 0000000000..2d234c367f
--- /dev/null
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties
@@ -0,0 +1,4 @@
+#############################################################
+# This file should be replaced with jetty cadi.properties: #
+# /opt/app/jetty/base/be/etc/cadi.properties #
+############################################################# \ No newline at end of file
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks
new file mode 100644
index 0000000000..6720910c1d
--- /dev/null
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks
@@ -0,0 +1,4 @@
+##################################################################
+## This file should be replaced with jetty cadi_truststore.jks: #
+## /opt/app/jetty/base/be/etc/cadi_truststore.jks #
+################################################################## \ No newline at end of file
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile
new file mode 100644
index 0000000000..41876b7c09
--- /dev/null
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile
@@ -0,0 +1,4 @@
+#############################################################
+# This file should be replaced with jetty keyfile: #
+# /opt/app/jetty/base/be/etc/keyfile #
+############################################################# \ No newline at end of file
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb
new file mode 100644
index 0000000000..b06f8a5342
--- /dev/null
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb
@@ -0,0 +1,85 @@
+jetty_base = "#{ENV['JETTY_BASE']}"
+
+
+directory "Jetty_etc_dir_creation" do
+ path "#{jetty_base}/etc"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ action :create
+ not_if { ::File.directory?("#{jetty_base}/etc") }
+end
+
+
+cookbook_file "#{jetty_base}/etc/keyfile" do
+ source "keyfile"
+ owner "jetty"
+ group "jetty"
+ mode 0755
+end
+
+
+cookbook_file "#{jetty_base}/etc/cadi_truststore.jks" do
+ source "cadi_truststore.jks"
+ owner "jetty"
+ group "jetty"
+ mode 0755
+end
+
+
+template "#{jetty_base}/etc/cadi.properties" do
+ path "#{jetty_base}/etc/cadi.properties"
+ source "cadi.properties.erb"
+ owner "jetty"
+ group "jetty"
+ mode "0755"
+end
+
+
+#Workaround due to hardcode definition in cata,log-be web.xml file
+directory "/opt/app/jetty" do
+ path "/opt/app/jetty"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ recursive true
+ action :create
+end
+
+directory "/opt/app/jetty/base/" do
+ path "/opt/app/jetty/base/"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ recursive true
+ action :create
+end
+
+
+directory "/opt/app/jetty/base/be/" do
+ path "/opt/app/jetty/base/be/"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ recursive true
+ action :create
+end
+
+directory "/opt/app/jetty/base/be/etc" do
+ path "/opt/app/jetty/base/be/etc"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ recursive true
+ action :create
+end
+
+#Workaround due to hardcode definition in catalog-be web.xml file
+template "/opt/app/jetty/base/be/etc/cadi.properties" do
+ path "/opt/app/jetty/base/be/etc/cadi.properties"
+ source "cadi.properties.erb"
+ owner "jetty"
+ group "jetty"
+ mode "0755"
+end
+
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
index 6f455fc6f3..a0a6bc06d4 100644
--- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
@@ -10,6 +10,11 @@ else
end
+#Set random ID for DMaap configuration
+if node['DMAAP']['random_id'].nil?
+ node.default['DMAAP']['random_id'] = Time.now.getutc.to_i
+end
+
template "janusgraph.properties" do
path "#{ENV['JETTY_BASE']}/config/catalog-be/janusgraph.properties"
@@ -54,7 +59,7 @@ template "catalog-be-config" do
:cassandra_truststore_password => node['cassandra'][:truststore_password],
:cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}",
:dcae_be_vip => node['DCAE_BE_VIP'],
- :dmaap_active => node['DMAAP']['active']
+ :dmaap_active => node['DMAAP']['active']
})
end
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index 605a831e0e..07f660b39e 100644
--- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -25,7 +25,7 @@ beProtocol: http
beSslPort: <%= @ssl_port %>
version: 1.1.0
released: 2012-11-30
-toscaConformanceLevel: 9.0
+toscaConformanceLevel: 11.0
minToscaConformanceLevel: 3.0
janusGraphCfgFile: /var/lib/jetty/config/catalog-be/janusgraph.properties
@@ -39,7 +39,6 @@ janusGraphHealthCheckReadTimeout: 1
# The interval to try and reconnect to Elasticsearch when it is down during ASDC startup:
-esReconnectIntervalInSeconds: 3
uebHealthCheckReconnectIntervalInSeconds: 15
uebHealthCheckReadTimeout: 4
@@ -70,6 +69,21 @@ users:
tom: passwd
bob: passwd
+# access restriction
+authCookie:
+ securityKey: "sdcaccessrestrictionsecureykey"
+ maxSessionTimeOut: 86400000
+ sessionIdleTimeOut: 3600000
+ cookieName: "AuthenticationCookie"
+ path: /
+ domain: ""
+ isHttpOnly: true
+ # redirect variable name from portal.properties file
+ redirectURL: ""
+ excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>]
+ onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>]
+
+
cassandraConfig:
cassandraHosts: [<%= @cassandra_ip %>]
@@ -91,28 +105,7 @@ cassandraConfig:
- { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
- { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
-#Application-specific settings of ES
-elasticSearch:
- # Mapping of index prefix to time-based frame. For example, if below is configured:
- #
- # - indexPrefix: auditingevents
- # creationPeriod: minute
- #
- # then ES object of type which is mapped to "auditingevents-*" template, and created on 2015-12-23 13:24:54, will enter "auditingevents-2015-12-23-13-24" index.
- # Another object created on 2015-12-23 13:25:54, will enter "auditingevents-2015-12-23-13-25" index.
- # If creationPeriod: month, both of the above will enter "auditingevents-2015-12" index.
- #
- # PLEASE NOTE: the timestamps are created in UTC/GMT timezone! This is needed so that timestamps will be correctly presented in Kibana.
- #
- # Legal values for creationPeriod - year, month, day, hour, minute, none (meaning no time-based behaviour).
- #
- # If no creationPeriod is configured for indexPrefix, default behavour is creationPeriod: month.
-
- indicesTimeFrequency:
- - indexPrefix: auditingevents
- creationPeriod: month
- - indexPrefix: monitoring_events
- creationPeriod: month
+
artifactTypes:
- CHEF
- PUPPET
@@ -287,7 +280,10 @@ systemMonitoring:
enabled: false
isProxy: false
probeIntervalInSeconds: 15
-defaultHeatArtifactTimeoutMinutes: 60
+heatArtifactDeploymentTimeout:
+ defaultMinutes: 30
+ minMinutes: 1
+ maxMinutes: 120
serviceDeploymentArtifacts:
CONTROLLER_BLUEPRINT_ARCHIVE:
@@ -630,12 +626,8 @@ resourceInformationalArtifacts:
resourceInformationalDeployedArtifacts:
-
-requirementsToFulfillBeforeCert:
-
-capabilitiesToConsumeBeforeCert:
-
unLoggedUrls:
+ - /sdc2/rest/monitoring
- /sdc2/rest/healthCheck
cleanComponentsConfiguration:
@@ -653,10 +645,10 @@ onboarding:
host: <%= node['ONBOARDING_BE_VIP'] %>
<% if node[:disableHttp] -%>
protocol: https
- port: <%= node['ONBOARDING_BE'][:https_port] %>
+ port: <%= node['ONBOARDING_BE'][:https_port] %>
<% else %>
protocol: http
- port: <%= node['ONBOARDING_BE'][:http_port] %>
+ port: <%= node['ONBOARDING_BE'][:http_port] %>
<% end -%>
downloadCsarUri: "/onboarding-api/v1.0/vendor-software-products/packages"
healthCheckUri: "/onboarding-api/v1.0/healthcheck"
@@ -713,6 +705,8 @@ toscaValidators:
disableAudit: false
+consumerBusinessLogic: true
+
vfModuleProperties:
min_vf_module_instances:
forBaseModule: 1
@@ -799,10 +793,50 @@ dmaapConsumerConfiguration:
credential:
username: user
password:
+ aftDme2SslEnable: true
+ aftDme2ClientKeystore: /var/lib/jetty/etc/truststore
+ aftDme2ClientKeystorePassword: ""
+ aftDme2ClientSslCertAlias: certman
+
+dmaapProducerConfiguration:
+ active: true
+ hosts: <%= node['DMAAP']['producer']['host']%>
+ consumerGroup: sdc-<%= node.chef_environment %>-<%= node['DMAAP']['random_id'] %>
+ consumerId: sdc-<%= node.chef_environment %>1-<%= node['DMAAP']['random_id'] %>
+ timeoutMs: 15000
+ limit: 1
+ pollingInterval: 2
+ topic: <%= node['DMAAP']['producer']['topic'] %>
+ latitude: 32.109333
+ longitude: 34.855499
+ version: 1.0
+ serviceName: <%= node['DMAAP']['producer']['serviceName'] %>
+ environment: <%= node['DMAAP']['producer']['environment'] %>
+ partner: BOT_R
+ routeOffer: MR1
+ protocol: <%= node['http_protocol'] %>
+ contenttype: application/json
+ dme2TraceOn: true
+ aftEnvironment: <%= node['DMAAP']['producer']['aftEnvironment']%>
+ aftDme2ConnectionTimeoutMs: 15000
+ aftDme2RoundtripTimeoutMs: 240000
+ aftDme2ReadTimeoutMs: 50000
+ dme2preferredRouterFilePath: <%= node['DMAAP']['producer']['dme2preferredRouterFilePath'] %>
+ timeLimitForNotificationHandleMs: 120000
+ credential:
+ username: <%= node['DMAAP']['producer']['username'] %>
+ password: <%= node['DMAAP']['producer']['password'] %>
+ aftDme2SslEnable: true
+ aftDme2ClientKeystore: /var/lib/jetty/etc/truststore
+ aftDme2ClientKeystorePassword: <%= node['jetty']['dmaap_truststore_pwd'] %>
+ aftDme2ClientSslCertAlias: certman
+
-dmeConfiguration:
- dme2Search: DME2SEARCH
- dme2Resolve: DME2RESOLVE
+# ToDo: AF - had to remove due to configuration laod class failure
+#dmeConfiguration:
+# lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT"
+# dme2Search: DME2SEARCH
+# dme2Resolve: DME2RESOLVE
excludedPolicyTypesMapping:
# VF:
@@ -815,21 +849,68 @@ excludedGroupTypesMapping:
CR:
- org.openecomp.groups.VfModule
- org.openecomp.groups.heat.HeatStack
+ - org.openecomp.groups.Group
- tosca.groups.Root
PNF:
- org.openecomp.groups.VfModule
- org.openecomp.groups.heat.HeatStack
+ - org.openecomp.groups.Group
- tosca.groups.Root
VF:
- org.openecomp.groups.VfModule
- org.openecomp.groups.heat.HeatStack
+ - org.openecomp.groups.Group
- tosca.groups.Root
Service:
- org.openecomp.groups.VfModule
- org.openecomp.groups.heat.HeatStack
+ - org.openecomp.groups.Group
- tosca.groups.Root
healthStatusExclude:
- DE
- DMAAP
+ - DMAAP_PRODUCER
+ - ON_BOARDING
- DCAE
+ - PORTAL
+ - External API
+
+#Auto Healing
+enableAutoHealing: false
+appVersion: <%= @app_version %>
+
+artifactGeneratorConfig: Artifact-Generator.properties
+resourcesForUpgrade:
+ 8.0:
+ - org.openecomp.resource.cp.extCP
+ - tosca.nodes.network.Network
+ - tosca.nodes.network.Port
+ - org.openecomp.resource.cp.nodes.network.SubInterface
+skipUpgradeFailedVfs: true
+skipUpgradeVSPs: true
+autoHealingOwner: jh0003
+supportAllottedResourcesAndProxy: true
+deleteLockTimeoutInSeconds: 60
+maxDeleteComponents: 10
+
+# Cadi filter (access restriction) Parameters
+aafNamespace: <%= node['aafNamespace'] %>
+aafAuthNeeded: <%= node['access_restriction']['aafAuthNeeded'] %>
+
+cadiFilterParams:
+ AFT_LATITUDE: "32.780140"
+ AFT_LONGITUDE: "-96.800451"
+ hostname: <%= node['BE_VIP'] %>
+ aaf_id: <%= node['access_restriction']['aaf_id'] %>
+ aaf_env: <%= node['access_restriction']['aaf_env'] %>
+ aaf_url: <%= node['access_restriction']['aaf_url'] %>
+ csp_domain: <%= node['access_restriction']['csp_domain'] %>
+ cadi_keyfile: <%= node['access_restriction']['cadi_keyfile'] %>
+ aaf_password: <%= node['access_restriction']['aaf_password'] %>
+ cadi_loglevel: <%= node['access_restriction']['cadi_loglevel'] %>
+ AFT_ENVIRONMENT: <%= node['access_restriction']['AFT_ENVIRONMENT'] %>
+ cadiX509Issuers: <%= node['access_restriction']['cadiX509Issuers'] %>
+ cadi_truststore: <%= node['access_restriction']['cadi_truststore'] %>
+ cadi_truststore_password: <%= node['access_restriction']['cadi_truststore_password'] %>
+
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb
deleted file mode 100644
index f107eb05ca..0000000000
--- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb
+++ /dev/null
@@ -1,12 +0,0 @@
-discovery.zen.ping.multicast.enabled: false
-discovery.zen.ping.unicast.enabled: true
-node.name: <%= node[:hostname] %>
-cluster.name: <%= @cluster_name %>
-node.master: false
-node.data: false
-http.cors.enabled: true
-path.home: "/var/lib/jetty/config"
-elasticSearch.transportclient: true
-http.port: 9300
-transport.client.initial_nodes:
-<%= @es_host_ip %>
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb
index d43c2faa1a..7e7eea407e 100644
--- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb
@@ -57,14 +57,34 @@ use_rest_for_functional_menu=true
portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestAPICentralServiceImpl
role_access_centralized = remote
+# Cookie set by CSP-SSO
+csp_cookie_name = onapCsp
+
+# CSP setting, most use PROD; DEV also recognized
+csp_gate_keeper_prod_key = PROD
+
# URL of the Portal where this app is onboarded
ecomp_redirect_url = <%= @ecomp_redirect_url %>
# URL of the ECOMP Portal REST API
ecomp_rest_url = <%= @ecomp_rest_url %>
+# Connection and Read timeout values
+ext_req_connection_timeout = 15000
+ext_req_read_timeout = 20000
+
+# Name of java class that implements the OnBoardingApiService interface.
+portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestAPICentralServiceImpl
+
#Portal user & key
-portal_user = <%= @ecomp_portal_user %>
-portal_pass = <%= @ecomp_portal_pass %>
portal_app_name = <%= @portal_app_name %>
+portal_pass = <%= @ecomp_portal_pass %>
+portal_user = <%= @ecomp_portal_user %>
+# Use this tag if the app is centralized remote/local
+role_access_centralized = remote
+
+# UEB key generated while on-boarding
+ueb_app_key = ""
+# Applications do not need to run a UEB listener after 1607.
+ueb_listeners_enable = false
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb
new file mode 100644
index 0000000000..66654310e0
--- /dev/null
+++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb
@@ -0,0 +1,54 @@
+# Configure AAF
+aaf_locate_url=<%= node['access_restriction']['aaf_locate_url'] %>
+
+aaf_url=<%= node['access_restriction']['aaf_url'] %>
+
+#if you are running aaf service from a docker image you have to use aaf service IP and port number
+aaf_id=<%= node['access_restriction']['aaf_id'] %>
+#Encrypt the password using AAF Jar
+aaf_password=<%= node['access_restriction']['aaf_password'] %>
+# Sample CADI Properties, from CADI 1.4.2
+hostname=<%= node['BE_VIP'] %>
+csp_domain=<%= node['access_restriction']['csp_domain'] %>
+
+# Add Absolute path to Keyfile
+cadi_keyfile=<%= node['access_restriction']['cadi_keyfile'] %>
+
+
+# This is required to accept Certificate Authentication from Certman certificates.
+# can be TEST, IST or PROD
+aaf_env=<%= node['access_restriction']['aaf_env'] %>
+
+# DEBUG prints off all the properties. Use to get started.
+cadi_loglevel=<%= node['access_restriction']['cadi_loglevel'] %>
+
+
+# Become CSO Poodle Compliant by only allowing sanctioned TLS versions
+# The following is the default
+# cadi_protocols=TLSv1.1,TLSv1.2
+
+# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2
+# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore
+# Add Absolute path to truststore2020.jks
+cadi_truststore=<%= node['access_restriction']['cadi_truststore'] %>
+# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
+cadi_truststore_password=<%= node['access_restriction']['cadi_truststore_password'] %>
+
+# how to turn on SSL Logging
+#javax.net.debug=ssl
+
+##
+# Hint
+# Use "maps.bing.com" to get Lat and Long for an Address
+AFT_LATITUDE=32.780140
+AFT_LONGITUDE=-96.800451
+AFT_ENVIRONMENT=<%= node['access_restriction']['AFT_ENVIRONMENT'] %>
+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=<%= node['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] %>
+DME2.DEBUG=true
+AFT_DME2_HTTP_EXCHANGE_TRACE_ON=<%= node['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] %>
+
+cadi_latitude=32.780140
+cadi_longitude=-96.800451
+
+aaf_root_ns=<%= node['aafNamespace'] %>
+aaf_api_version=2.0