diff options
Diffstat (limited to 'catalog-be/sdc-backend')
12 files changed, 386 insertions, 66 deletions
diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb index 2640da14ee..106400c799 100644 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb @@ -4,7 +4,15 @@ default['BE'][:https_port] = 8443 default['FE'][:http_port] = 8181 default['FE'][:https_port] = 9443 default['disableHttp'] = true -default['cassandra'][:truststore_password] = "Aa123456" + + +#+----------------------------------+ +#| | +#| Jetty | +#| | +#+----------------------------------+ + +default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd" default['jetty'][:keystore_pwd] = "!ppJ.JvWn0hGh)oVF]([Kv)^" default['jetty'][:keymanager_pwd] = "!ppJ.JvWn0hGh)oVF]([Kv)^" # TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION @@ -23,9 +31,8 @@ default['cassandra']['cluster_name'] = "SDC-CS-" default['cassandra']['socket_read_timeout'] = 20000 default['cassandra']['socket_connect_timeout'] = 20000 default['cassandra']['janusgraph_connection_timeout'] = 10000 +default['cassandra'][:truststore_password] = "Aa123456" -#Elasticsearch -default['elasticsearch']['cluster_name'] = "SDC-ES-" #Onboard default['ONBOARDING_BE'][:http_port] = 8081 @@ -37,11 +44,68 @@ default['UEB']['SecretKey'] = "4ZRPzNJfEUK0sSNBvccd2m7X" default['Pair_EnvName'] = "" -#DmaapConsumer -default['DMAAP']['active'] = false +#+----------------------------------+ +#| | +#| Portal | +#| | +#+----------------------------------+ -#Portal default['ECompP']['cipher_key'] = "AGLDdG4D04BKm2IxIWEr8o==" default['ECompP']['portal_user'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA=" default['ECompP']['portal_pass'] = "j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=" default['ECompP']['portal_app_name'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA=" + + +#+----------------------------------+ +#| | +#| DMAAP Consumer | +#| | +#+----------------------------------+ + +default['DMAAP']['active'] = false +default['DMAAP']['consumer']['aftEnvironment'] = "AFTUAT" +default['DMAAP']['consumer']['consumerGroup'] = "ccd_onap" +default['DMAAP']['consumer']['consumerId'] = "ccd_onap" +default['DMAAP']['consumer']['dme2preferredRouterFilePath'] = "DME2preferredRouter.txt" +default['DMAAP']['consumer']['environment'] = "TEST" +default['DMAAP']['consumer']['host'] = "dmaap.onap.com" +default['DMAAP']['consumer']['password'] = "password" +default['DMAAP']['consumer']['port'] = 3905 +default['DMAAP']['consumer']['serviceName'] = "dmaap-v1.dev.dmaap.dt.saat.acsi.onap.com/events" +default['DMAAP']['consumer']['topic'] = "com.onap.ccd.CCD-CatalogManagement-v1" +default['DMAAP']['consumer']['username'] = "user" +default['DMAAP']['partitioncount'] = "3" +default['DMAAP']['replicationcount'] = "3" + + +#+----------------------------------+ +#| | +#| Access Restriction / CADI | +#| | +#+----------------------------------+ + +# Cadi +default['access_restriction']['cadi_root_dir'] = "/var/lib/jetty/etc" +default['access_restriction']['cadi_keyfile'] = "/var/lib/jetty/etc/org.onap.sdc.p12" +default['access_restriction']['cadi_loglevel'] = "DEBUG" +default['access_restriction']['cadi_truststore'] = "/var/lib/jetty/etc/org.onap.sdc.trust.jks" +default['access_restriction']['cadi_truststore_password'] = "changeit" +default['access_restriction']['cadiX509Issuers'] = "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US" +default['access_restriction']['encrypted_password'] = "enc:AccessRestrictionEncryptedPassword" +default['access_restriction_key'] = nil + +# Access Restriction Key +default['aafNamespace'] = "com.onap.sdc" +default['access_restriction']['aaf_env'] = "TEST" +default['access_restriction']['aaf_id'] = "user" +default['access_restriction']['aaf_locate_url'] = "" +default['access_restriction']['aaf_password'] = "enc:AafEncriptedPassword" +default['access_restriction']['aaf_url'] = "" +default['access_restriction']['aafAuthNeeded'] = false +default['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] = true +default['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] = true +default['access_restriction']['AFT_ENVIRONMENT'] = "AFTUAT" +default['access_restriction']['csp_domain'] = "PROD" +default['access_restriction']['excluded_urls'] = "'/.*'" +default['access_restriction']['excluded_urls_onboarding'] = "'/.*'" + diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties new file mode 100644 index 0000000000..2d234c367f --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties @@ -0,0 +1,4 @@ +############################################################# +# This file should be replaced with jetty cadi.properties: # +# /opt/app/jetty/base/be/etc/cadi.properties # +#############################################################
\ No newline at end of file diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks new file mode 100644 index 0000000000..6720910c1d --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks @@ -0,0 +1,4 @@ +################################################################## +## This file should be replaced with jetty cadi_truststore.jks: # +## /opt/app/jetty/base/be/etc/cadi_truststore.jks # +##################################################################
\ No newline at end of file diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile new file mode 100644 index 0000000000..41876b7c09 --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile @@ -0,0 +1,4 @@ +############################################################# +# This file should be replaced with jetty keyfile: # +# /opt/app/jetty/base/be/etc/keyfile # +#############################################################
\ No newline at end of file diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb new file mode 100644 index 0000000000..b06f8a5342 --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb @@ -0,0 +1,85 @@ +jetty_base = "#{ENV['JETTY_BASE']}" + + +directory "Jetty_etc_dir_creation" do + path "#{jetty_base}/etc" + owner 'jetty' + group 'jetty' + mode '0755' + action :create + not_if { ::File.directory?("#{jetty_base}/etc") } +end + + +cookbook_file "#{jetty_base}/etc/keyfile" do + source "keyfile" + owner "jetty" + group "jetty" + mode 0755 +end + + +cookbook_file "#{jetty_base}/etc/cadi_truststore.jks" do + source "cadi_truststore.jks" + owner "jetty" + group "jetty" + mode 0755 +end + + +template "#{jetty_base}/etc/cadi.properties" do + path "#{jetty_base}/etc/cadi.properties" + source "cadi.properties.erb" + owner "jetty" + group "jetty" + mode "0755" +end + + +#Workaround due to hardcode definition in cata,log-be web.xml file +directory "/opt/app/jetty" do + path "/opt/app/jetty" + owner 'jetty' + group 'jetty' + mode '0755' + recursive true + action :create +end + +directory "/opt/app/jetty/base/" do + path "/opt/app/jetty/base/" + owner 'jetty' + group 'jetty' + mode '0755' + recursive true + action :create +end + + +directory "/opt/app/jetty/base/be/" do + path "/opt/app/jetty/base/be/" + owner 'jetty' + group 'jetty' + mode '0755' + recursive true + action :create +end + +directory "/opt/app/jetty/base/be/etc" do + path "/opt/app/jetty/base/be/etc" + owner 'jetty' + group 'jetty' + mode '0755' + recursive true + action :create +end + +#Workaround due to hardcode definition in catalog-be web.xml file +template "/opt/app/jetty/base/be/etc/cadi.properties" do + path "/opt/app/jetty/base/be/etc/cadi.properties" + source "cadi.properties.erb" + owner "jetty" + group "jetty" + mode "0755" +end + diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb index 6f455fc6f3..a0a6bc06d4 100644 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb @@ -10,6 +10,11 @@ else end +#Set random ID for DMaap configuration +if node['DMAAP']['random_id'].nil? + node.default['DMAAP']['random_id'] = Time.now.getutc.to_i +end + template "janusgraph.properties" do path "#{ENV['JETTY_BASE']}/config/catalog-be/janusgraph.properties" @@ -54,7 +59,7 @@ template "catalog-be-config" do :cassandra_truststore_password => node['cassandra'][:truststore_password], :cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}", :dcae_be_vip => node['DCAE_BE_VIP'], - :dmaap_active => node['DMAAP']['active'] + :dmaap_active => node['DMAAP']['active'] }) end diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb index 605a831e0e..07f660b39e 100644 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -25,7 +25,7 @@ beProtocol: http beSslPort: <%= @ssl_port %> version: 1.1.0 released: 2012-11-30 -toscaConformanceLevel: 9.0 +toscaConformanceLevel: 11.0 minToscaConformanceLevel: 3.0 janusGraphCfgFile: /var/lib/jetty/config/catalog-be/janusgraph.properties @@ -39,7 +39,6 @@ janusGraphHealthCheckReadTimeout: 1 # The interval to try and reconnect to Elasticsearch when it is down during ASDC startup: -esReconnectIntervalInSeconds: 3 uebHealthCheckReconnectIntervalInSeconds: 15 uebHealthCheckReadTimeout: 4 @@ -70,6 +69,21 @@ users: tom: passwd bob: passwd +# access restriction +authCookie: + securityKey: "sdcaccessrestrictionsecureykey" + maxSessionTimeOut: 86400000 + sessionIdleTimeOut: 3600000 + cookieName: "AuthenticationCookie" + path: / + domain: "" + isHttpOnly: true + # redirect variable name from portal.properties file + redirectURL: "" + excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>] + onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>] + + cassandraConfig: cassandraHosts: [<%= @cassandra_ip %>] @@ -91,28 +105,7 @@ cassandraConfig: - { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} - { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} -#Application-specific settings of ES -elasticSearch: - # Mapping of index prefix to time-based frame. For example, if below is configured: - # - # - indexPrefix: auditingevents - # creationPeriod: minute - # - # then ES object of type which is mapped to "auditingevents-*" template, and created on 2015-12-23 13:24:54, will enter "auditingevents-2015-12-23-13-24" index. - # Another object created on 2015-12-23 13:25:54, will enter "auditingevents-2015-12-23-13-25" index. - # If creationPeriod: month, both of the above will enter "auditingevents-2015-12" index. - # - # PLEASE NOTE: the timestamps are created in UTC/GMT timezone! This is needed so that timestamps will be correctly presented in Kibana. - # - # Legal values for creationPeriod - year, month, day, hour, minute, none (meaning no time-based behaviour). - # - # If no creationPeriod is configured for indexPrefix, default behavour is creationPeriod: month. - - indicesTimeFrequency: - - indexPrefix: auditingevents - creationPeriod: month - - indexPrefix: monitoring_events - creationPeriod: month + artifactTypes: - CHEF - PUPPET @@ -287,7 +280,10 @@ systemMonitoring: enabled: false isProxy: false probeIntervalInSeconds: 15 -defaultHeatArtifactTimeoutMinutes: 60 +heatArtifactDeploymentTimeout: + defaultMinutes: 30 + minMinutes: 1 + maxMinutes: 120 serviceDeploymentArtifacts: CONTROLLER_BLUEPRINT_ARCHIVE: @@ -630,12 +626,8 @@ resourceInformationalArtifacts: resourceInformationalDeployedArtifacts: - -requirementsToFulfillBeforeCert: - -capabilitiesToConsumeBeforeCert: - unLoggedUrls: + - /sdc2/rest/monitoring - /sdc2/rest/healthCheck cleanComponentsConfiguration: @@ -653,10 +645,10 @@ onboarding: host: <%= node['ONBOARDING_BE_VIP'] %> <% if node[:disableHttp] -%> protocol: https - port: <%= node['ONBOARDING_BE'][:https_port] %> + port: <%= node['ONBOARDING_BE'][:https_port] %> <% else %> protocol: http - port: <%= node['ONBOARDING_BE'][:http_port] %> + port: <%= node['ONBOARDING_BE'][:http_port] %> <% end -%> downloadCsarUri: "/onboarding-api/v1.0/vendor-software-products/packages" healthCheckUri: "/onboarding-api/v1.0/healthcheck" @@ -713,6 +705,8 @@ toscaValidators: disableAudit: false +consumerBusinessLogic: true + vfModuleProperties: min_vf_module_instances: forBaseModule: 1 @@ -799,10 +793,50 @@ dmaapConsumerConfiguration: credential: username: user password: + aftDme2SslEnable: true + aftDme2ClientKeystore: /var/lib/jetty/etc/truststore + aftDme2ClientKeystorePassword: "" + aftDme2ClientSslCertAlias: certman + +dmaapProducerConfiguration: + active: true + hosts: <%= node['DMAAP']['producer']['host']%> + consumerGroup: sdc-<%= node.chef_environment %>-<%= node['DMAAP']['random_id'] %> + consumerId: sdc-<%= node.chef_environment %>1-<%= node['DMAAP']['random_id'] %> + timeoutMs: 15000 + limit: 1 + pollingInterval: 2 + topic: <%= node['DMAAP']['producer']['topic'] %> + latitude: 32.109333 + longitude: 34.855499 + version: 1.0 + serviceName: <%= node['DMAAP']['producer']['serviceName'] %> + environment: <%= node['DMAAP']['producer']['environment'] %> + partner: BOT_R + routeOffer: MR1 + protocol: <%= node['http_protocol'] %> + contenttype: application/json + dme2TraceOn: true + aftEnvironment: <%= node['DMAAP']['producer']['aftEnvironment']%> + aftDme2ConnectionTimeoutMs: 15000 + aftDme2RoundtripTimeoutMs: 240000 + aftDme2ReadTimeoutMs: 50000 + dme2preferredRouterFilePath: <%= node['DMAAP']['producer']['dme2preferredRouterFilePath'] %> + timeLimitForNotificationHandleMs: 120000 + credential: + username: <%= node['DMAAP']['producer']['username'] %> + password: <%= node['DMAAP']['producer']['password'] %> + aftDme2SslEnable: true + aftDme2ClientKeystore: /var/lib/jetty/etc/truststore + aftDme2ClientKeystorePassword: <%= node['jetty']['dmaap_truststore_pwd'] %> + aftDme2ClientSslCertAlias: certman + -dmeConfiguration: - dme2Search: DME2SEARCH - dme2Resolve: DME2RESOLVE +# ToDo: AF - had to remove due to configuration laod class failure +#dmeConfiguration: +# lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT" +# dme2Search: DME2SEARCH +# dme2Resolve: DME2RESOLVE excludedPolicyTypesMapping: # VF: @@ -815,21 +849,68 @@ excludedGroupTypesMapping: CR: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root PNF: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root VF: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root Service: - org.openecomp.groups.VfModule - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group - tosca.groups.Root healthStatusExclude: - DE - DMAAP + - DMAAP_PRODUCER + - ON_BOARDING - DCAE + - PORTAL + - External API + +#Auto Healing +enableAutoHealing: false +appVersion: <%= @app_version %> + +artifactGeneratorConfig: Artifact-Generator.properties +resourcesForUpgrade: + 8.0: + - org.openecomp.resource.cp.extCP + - tosca.nodes.network.Network + - tosca.nodes.network.Port + - org.openecomp.resource.cp.nodes.network.SubInterface +skipUpgradeFailedVfs: true +skipUpgradeVSPs: true +autoHealingOwner: jh0003 +supportAllottedResourcesAndProxy: true +deleteLockTimeoutInSeconds: 60 +maxDeleteComponents: 10 + +# Cadi filter (access restriction) Parameters +aafNamespace: <%= node['aafNamespace'] %> +aafAuthNeeded: <%= node['access_restriction']['aafAuthNeeded'] %> + +cadiFilterParams: + AFT_LATITUDE: "32.780140" + AFT_LONGITUDE: "-96.800451" + hostname: <%= node['BE_VIP'] %> + aaf_id: <%= node['access_restriction']['aaf_id'] %> + aaf_env: <%= node['access_restriction']['aaf_env'] %> + aaf_url: <%= node['access_restriction']['aaf_url'] %> + csp_domain: <%= node['access_restriction']['csp_domain'] %> + cadi_keyfile: <%= node['access_restriction']['cadi_keyfile'] %> + aaf_password: <%= node['access_restriction']['aaf_password'] %> + cadi_loglevel: <%= node['access_restriction']['cadi_loglevel'] %> + AFT_ENVIRONMENT: <%= node['access_restriction']['AFT_ENVIRONMENT'] %> + cadiX509Issuers: <%= node['access_restriction']['cadiX509Issuers'] %> + cadi_truststore: <%= node['access_restriction']['cadi_truststore'] %> + cadi_truststore_password: <%= node['access_restriction']['cadi_truststore_password'] %> + diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb deleted file mode 100644 index f107eb05ca..0000000000 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb +++ /dev/null @@ -1,12 +0,0 @@ -discovery.zen.ping.multicast.enabled: false -discovery.zen.ping.unicast.enabled: true -node.name: <%= node[:hostname] %> -cluster.name: <%= @cluster_name %> -node.master: false -node.data: false -http.cors.enabled: true -path.home: "/var/lib/jetty/config" -elasticSearch.transportclient: true -http.port: 9300 -transport.client.initial_nodes: -<%= @es_host_ip %> diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb index d43c2faa1a..7e7eea407e 100644 --- a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb @@ -57,14 +57,34 @@ use_rest_for_functional_menu=true portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestAPICentralServiceImpl role_access_centralized = remote +# Cookie set by CSP-SSO +csp_cookie_name = onapCsp + +# CSP setting, most use PROD; DEV also recognized +csp_gate_keeper_prod_key = PROD + # URL of the Portal where this app is onboarded ecomp_redirect_url = <%= @ecomp_redirect_url %> # URL of the ECOMP Portal REST API ecomp_rest_url = <%= @ecomp_rest_url %> +# Connection and Read timeout values +ext_req_connection_timeout = 15000 +ext_req_read_timeout = 20000 + +# Name of java class that implements the OnBoardingApiService interface. +portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestAPICentralServiceImpl + #Portal user & key -portal_user = <%= @ecomp_portal_user %> -portal_pass = <%= @ecomp_portal_pass %> portal_app_name = <%= @portal_app_name %> +portal_pass = <%= @ecomp_portal_pass %> +portal_user = <%= @ecomp_portal_user %> +# Use this tag if the app is centralized remote/local +role_access_centralized = remote + +# UEB key generated while on-boarding +ueb_app_key = "" +# Applications do not need to run a UEB listener after 1607. +ueb_listeners_enable = false diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb new file mode 100644 index 0000000000..66654310e0 --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb @@ -0,0 +1,54 @@ +# Configure AAF +aaf_locate_url=<%= node['access_restriction']['aaf_locate_url'] %> + +aaf_url=<%= node['access_restriction']['aaf_url'] %> + +#if you are running aaf service from a docker image you have to use aaf service IP and port number +aaf_id=<%= node['access_restriction']['aaf_id'] %> +#Encrypt the password using AAF Jar +aaf_password=<%= node['access_restriction']['aaf_password'] %> +# Sample CADI Properties, from CADI 1.4.2 +hostname=<%= node['BE_VIP'] %> +csp_domain=<%= node['access_restriction']['csp_domain'] %> + +# Add Absolute path to Keyfile +cadi_keyfile=<%= node['access_restriction']['cadi_keyfile'] %> + + +# This is required to accept Certificate Authentication from Certman certificates. +# can be TEST, IST or PROD +aaf_env=<%= node['access_restriction']['aaf_env'] %> + +# DEBUG prints off all the properties. Use to get started. +cadi_loglevel=<%= node['access_restriction']['cadi_loglevel'] %> + + +# Become CSO Poodle Compliant by only allowing sanctioned TLS versions +# The following is the default +# cadi_protocols=TLSv1.1,TLSv1.2 + +# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2 +# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore +# Add Absolute path to truststore2020.jks +cadi_truststore=<%= node['access_restriction']['cadi_truststore'] %> +# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs +cadi_truststore_password=<%= node['access_restriction']['cadi_truststore_password'] %> + +# how to turn on SSL Logging +#javax.net.debug=ssl + +## +# Hint +# Use "maps.bing.com" to get Lat and Long for an Address +AFT_LATITUDE=32.780140 +AFT_LONGITUDE=-96.800451 +AFT_ENVIRONMENT=<%= node['access_restriction']['AFT_ENVIRONMENT'] %> +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=<%= node['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] %> +DME2.DEBUG=true +AFT_DME2_HTTP_EXCHANGE_TRACE_ON=<%= node['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] %> + +cadi_latitude=32.780140 +cadi_longitude=-96.800451 + +aaf_root_ns=<%= node['aafNamespace'] %> +aaf_api_version=2.0 diff --git a/catalog-be/sdc-backend/chef-solo/roles/catalog-be.json b/catalog-be/sdc-backend/chef-solo/roles/catalog-be.json index b3171ad3f2..01ce87f239 100644 --- a/catalog-be/sdc-backend/chef-solo/roles/catalog-be.json +++ b/catalog-be/sdc-backend/chef-solo/roles/catalog-be.json @@ -14,11 +14,11 @@ "recipe[sdc-catalog-be::BE_2_setup_configuration]", "recipe[sdc-catalog-be::BE_3_locate_keystore]", "recipe[sdc-catalog-be::BE_4_jetty_Modules]", - "recipe[sdc-catalog-be::BE_5_setup_elasticsearch]", "recipe[sdc-catalog-be::BE_6_setup_portal_and_key_properties]", "recipe[sdc-catalog-be::BE_7_logback]", "recipe[sdc-catalog-be::BE_8_errors_config]", - "recipe[sdc-catalog-be::BE_9_prepareProbeFile]" + "recipe[sdc-catalog-be::BE_9_prepareProbeFile]", + "recipe[sdc-catalog-be::BE_10_setup_cadi]" ], "env_run_lists": { } diff --git a/catalog-be/sdc-backend/startup.sh b/catalog-be/sdc-backend/startup.sh index 77d4dd5e6a..e41aff40f0 100644 --- a/catalog-be/sdc-backend/startup.sh +++ b/catalog-be/sdc-backend/startup.sh @@ -1,20 +1,31 @@ #!/bin/sh -JAVA_OPTIONS=" ${JAVA_OPTIONS} \ - -Dconfig.home=${JETTY_BASE}/config -Dlog.home=${JETTY_BASE}/logs \ - -Dlogback.configurationFile=${JETTY_BASE}/config/catalog-be/logback.xml \ - -Dconfiguration.yaml=${JETTY_BASE}/config/catalog-be/configuration.yaml \ - -Donboarding_configuration.yaml=${JETTY_BASE}/config/onboarding-be/onboarding_configuration.yaml \ - -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \ - -Djavax.net.ssl.trustStorePassword=].][xgtze]hBhz*wy]}m#lf* \ - -Djetty.console-capture.dir=${JETTY_BASE}/logs" +export JAVA_OPTIONS=" -Dconfig.home=${JETTY_BASE}/config \ + -Dlog.home=${JETTY_BASE}/logs \ + -Dlogback.configurationFile=${JETTY_BASE}/config/catalog-be/logback.xml \ + -Dconfiguration.yaml=${JETTY_BASE}/config/catalog-be/configuration.yaml \ + -Dartifactgenerator.config=${JETTY_BASE}/config/catalog-be/Artifact-Generator.properties \ + -Donboarding_configuration.yaml=${JETTY_BASE}/config/onboarding-be/onboarding_configuration.yaml \ + -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \ + -Djavax.net.ssl.trustStorePassword=].][xgtze]hBhz*wy]}m#lf* \ + -Djetty.console-capture.dir=${JETTY_BASE}/logs \ + ${JAVA_OPTIONS} " cd /root/chef-solo chef-solo -c solo.rb -E ${ENVNAME} +status=$? +if [ $status != 0 ]; then + echo "[ERROR] Problem detected while running chef. Aborting !" + exit 1 +fi + +# Execute Jetty cd /var/lib/jetty /docker-entrypoint.sh & +exec "$@"; + while true; do sleep 2; done |