aboutsummaryrefslogtreecommitdiffstats
path: root/sdc-os-chef/sdc-frontend
diff options
context:
space:
mode:
Diffstat (limited to 'sdc-os-chef/sdc-frontend')
-rw-r--r--sdc-os-chef/sdc-frontend/Dockerfile.template26
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb2
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-ecomp-error-configuration.yaml48
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-logback.xml227
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-rest-configuration.yaml11
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_1_cleanup_jettydir.rb49
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_2_setup_configuration.rb13
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_3_errors_config.rb7
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb7
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_5_rest_configuration.rb7
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_create_jetty_modules.rb45
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-configuration.yaml.erb79
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-http-ini.erb32
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-https-ini.erb15
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb83
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/LICENSE201
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/README.md37
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/chefignore11
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/cookbooks/README.md54
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/data_bags/README.md63
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/environments/README.md5
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/roles/README.md16
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/roles/catalog-fe.json23
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/solo.json4
-rw-r--r--sdc-os-chef/sdc-frontend/chef-solo/solo.rb16
-rw-r--r--sdc-os-chef/sdc-frontend/startup.sh12
26 files changed, 1093 insertions, 0 deletions
diff --git a/sdc-os-chef/sdc-frontend/Dockerfile.template b/sdc-os-chef/sdc-frontend/Dockerfile.template
new file mode 100644
index 0000000000..66ce1467b0
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/Dockerfile.template
@@ -0,0 +1,26 @@
+FROM jetty
+
+RUN apt-get -y update
+RUN apt-get -y install apt-utils
+RUN apt-get -y install curl
+RUN apt-get -y install vim
+
+COPY chef-solo /root/chef-solo/
+COPY chef-repo/cookbooks /root/chef-solo/cookbooks/
+
+ENV BASE_NEXUS zl999y:ChangeMe@10.208.197.75:8443/repository/maven-public/org/openecomp/sdc
+
+# install chef-solo
+RUN curl -L https://www.opscode.com/chef/install.sh | bash
+
+RUN cp /usr/local/jetty/resources/log4j.properties /var/lib/jetty/resources/log4j.properties
+
+ADD onboarding-fe-__SDC-RELEASE__.war /var/lib/jetty/webapps/
+ADD catalog-fe-__SDC-RELEASE__.war /var/lib/jetty/webapps/
+RUN chown -R jetty:jetty /var/lib/jetty/webapps
+
+COPY startup.sh /root/
+
+RUN chmod 770 /root/startup.sh
+
+ENTRYPOINT [ "/root/startup.sh" ]
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
new file mode 100644
index 0000000000..6e9bbe36f5
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
@@ -0,0 +1,2 @@
+#
+#
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-ecomp-error-configuration.yaml b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-ecomp-error-configuration.yaml
new file mode 100644
index 0000000000..8982b2424f
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-ecomp-error-configuration.yaml
@@ -0,0 +1,48 @@
+###########################################
+# Note the conventions of the field values:
+# type can be one of: CONFIG_ERROR, SYSTEM_ERROR, DATA_ERROR, CONNECTION_PROBLEM
+# severity can be one of: WARN, ERROR, FATAL
+# alarmSeverity can be one of: CRITICAL,MAJOR,MINOR,INFORMATIONAL,NONE
+# code is a unique integer in range of 3003-9999 (3000-3002 are occupied for internal usage)
+# The above enumeration values are out-of-the-box and can be changed in code.
+# In case of config and code mismatch, the appropriate error will be printed to log
+#
+# Range of FE codes - 8000-9999
+
+
+errors:
+ FeHealthCheckConnectionError: {
+ type: CONNECTION_PROBLEM,
+ code: ASDC_8000,
+ severity: ERROR,
+ description: "Connection error during FE Health Check",
+ alarmSeverity: CRITICAL
+ }
+ FeHttpLoggingError: {
+ type: SYSTEM_ERROR,
+ code: ASDC_8001,
+ severity: ERROR,
+ description: "Error when logging FE HTTP request/response",
+ alarmSeverity: MINOR
+ }
+ FePortalServletError: {
+ type: SYSTEM_ERROR,
+ code: ASDC_8002,
+ severity: ERROR,
+ description: "Error when trying to access FE Portal page",
+ alarmSeverity: MAJOR
+ }
+ FeHealthCheckGeneralError: {
+ type: SYSTEM_ERROR,
+ code: ASDC_8004,
+ severity: ERROR,
+ description: "General error during FE Health Check",
+ alarmSeverity: CRITICAL
+ }
+ FeHealthCheckRecovery: {
+ type: RECOVERY,
+ code: ASDC_8005,
+ severity: INFO,
+ description: "BE Health Check Recovery",
+ alarmSeverity: INFORMATIONAL
+ } \ No newline at end of file
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-logback.xml b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-logback.xml
new file mode 100644
index 0000000000..2f793f386b
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-logback.xml
@@ -0,0 +1,227 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration scan="true" scanPeriod="5 seconds">
+
+ <property scope="system" name="ECOMP-component-name" value="ASDC" />
+ <property scope="system" name="ECOMP-subcomponent-name" value="ASDC-FE" />
+ <property file="${config.home}/catalog-fe/configuration.yaml" />
+ <property scope="context" name="enable-all-log" value="false" />
+
+ <!-- value used by pattern field list (| - is inter-field separator, || - unavailable or not applicable field value) (m - mandatory, o- optional)-->
+ <!--timestamp(m)| requestID(m)| serviceInstanceID(o)| threadID(m)| physicalServerName(o)| serviceName(m)| userID(m)| logLevel(m)| severity(o)| serverIpAddress(m)| serverName(m)| clientIpAddress(o)| className(m)| timer(o)| detailedMessage(o)-->
+ <property name="default-log-pattern"
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{uuid}|%X{serviceInstanceID}|%thread||${ECOMP-subcomponent-name}|%X{userId}|%level|%X{alarmSeverity}|%X{localAddr}|${feFqdn}|%X{remoteAddr}|%logger{35}|%X{timer}|ActivityType=&lt;%M&gt;, Desc=&lt;%msg&gt;%n" />
+
+ <!-- All log -->
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
+ <then>
+ <appender name="ALL_ROLLING"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/all.log
+ </file>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/all.log.%i
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>20MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${default-log-pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ASYNC_ALL" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ALL_ROLLING" />
+ </appender>
+ </then>
+ </if>
+
+ <!-- Error log -->
+ <appender name="ERROR_ROLLING"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/error.log
+ </file>
+
+ <!-- Audit messages filter - deny audit messages -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
+ <marker>AUDIT_MARKER</marker>
+ </evaluator>
+ <onMismatch>NEUTRAL</onMismatch>
+ <onMatch>DENY</onMatch>
+ </filter>
+
+ <!-- Transaction messages filter - deny Transaction messages -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
+ <marker>TRANSACTION_MARKER</marker>
+ </evaluator>
+ <onMismatch>NEUTRAL</onMismatch>
+ <onMatch>DENY</onMatch>
+ </filter>
+
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/error.log.%i
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>20MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${default-log-pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- Debug log -->
+ <appender name="DEBUG_ROLLING"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/debug.log
+ </file>
+
+ <!-- No need to deny audit messages - they are INFO only, will be denied
+ anyway -->
+ <!-- Transaction messages filter - deny Transaction messages, there are
+ some DEBUG level messages among them -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
+ <marker>TRANSACTION_MARKER</marker>
+ </evaluator>
+ <onMismatch>NEUTRAL</onMismatch>
+ <onMatch>DENY</onMatch>
+ </filter>
+
+ <!-- accept DEBUG and TRACE level -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
+ <expression>
+ e.level.toInt() &lt;= DEBUG.toInt()
+ </expression>
+ </evaluator>
+ <OnMismatch>DENY</OnMismatch>
+ <OnMatch>NEUTRAL</OnMatch>
+ </filter>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/debug.log.%i
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>20MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${default-log-pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- Audit log -->
+ <appender name="AUDIT_ROLLING"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+
+ <file>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/audit.log
+ </file>
+
+ <!-- Audit messages filter - accept audit messages -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
+ <marker>AUDIT_MARKER</marker>
+ </evaluator>
+ <onMismatch>DENY</onMismatch>
+ <onMatch>ACCEPT</onMatch>
+ </filter>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/audit.log.%i
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>20MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${default-log-pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- SdncTransaction log -->
+ <appender name="TRANSACTION_ROLLING"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+
+ <file>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/transaction.log
+ </file>
+
+ <!-- Transaction messages filter - accept audit messages -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
+ <marker>TRANSACTION_MARKER</marker>
+ </evaluator>
+ <onMismatch>DENY</onMismatch>
+ <onMatch>ACCEPT</onMatch>
+ </filter>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${log.home}/${ECOMP-component-name}/${ECOMP-subcomponent-name}/transaction.log.%i
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>20MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${default-log-pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- Asynchronicity Configurations -->
+ <appender name="ASYNC_DEBUG" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DEBUG_ROLLING" />
+ </appender>
+
+ <appender name="ASYNC_TRANSACTION" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TRANSACTION_ROLLING" />
+ </appender>
+
+ <appender name="ASYNC_ERROR" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ERROR_ROLLING" />
+ </appender>
+
+
+ <root level="INFO">
+ <appender-ref ref="ASYNC_ERROR" />
+ <appender-ref ref="ASYNC_DEBUG" />
+ <appender-ref ref="AUDIT_ROLLING" />
+ <appender-ref ref="ASYNC_TRANSACTION" />
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
+ <then>
+ <appender-ref ref="ALL_ROLLING" />
+ </then>
+ </if>
+ </root>
+
+ <logger name="org.openecomp.sdc" level="INFO" />
+</configuration>
+
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-rest-configuration.yaml b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-rest-configuration.yaml
new file mode 100644
index 0000000000..ecedafea56
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/FE-rest-configuration.yaml
@@ -0,0 +1,11 @@
+# rest read timeout - means no timeout
+readTimeoutInSec: 0
+
+# whether to ignore certificate
+ignoreCertificate: false
+
+# the connection pool size
+connectionPoolSize: 10
+
+# create connection timeout
+connectTimeoutInSec: 10
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_1_cleanup_jettydir.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_1_cleanup_jettydir.rb
new file mode 100644
index 0000000000..29301a9418
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_1_cleanup_jettydir.rb
@@ -0,0 +1,49 @@
+#directory "FE_tempdir_cleanup" do
+# path "/var/lib/jetty/tempdir"
+# recursive true
+# action :delete
+#end
+
+
+directory "FE_tempdir_creation" do
+ path "/var/lib/jetty/temp"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ action :create
+end
+
+
+#directory "FE_webapps_cleanup" do
+# path "/var/lib/jetty/webapps"
+# recursive true
+# action :delete
+#end
+
+
+#directory "FE_webapps_creation" do
+# path "/var/lib/jetty/webapps"
+# owner 'jetty'
+# group 'jetty'
+# mode '0755'
+# action :create
+#end
+
+
+directory "FE_create_config_dir" do
+ path "/var/lib/jetty/config"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ action :create
+end
+
+
+directory "FE_create_catalog-fe" do
+ path "/var/lib/jetty/config/catalog-fe"
+ owner 'jetty'
+ group 'jetty'
+ mode '0755'
+ action :create
+end
+
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_2_setup_configuration.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_2_setup_configuration.rb
new file mode 100644
index 0000000000..64d71768cd
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_2_setup_configuration.rb
@@ -0,0 +1,13 @@
+template "catalog-fe-config" do
+ path "/var/lib/jetty/config/catalog-fe/configuration.yaml"
+ source "FE-configuration.yaml.erb"
+ owner "jetty"
+ group "jetty"
+ mode "0755"
+ variables({
+ :fe_host_ip => node['HOST_IP'],
+ :be_host_ip => node['HOST_IP'],
+ :catalog_port => node['BE'][:http_port],
+ :ssl_port => node['BE'][:https_port]
+ })
+end
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_3_errors_config.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_3_errors_config.rb
new file mode 100644
index 0000000000..278c3bb35d
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_3_errors_config.rb
@@ -0,0 +1,7 @@
+cookbook_file "/var/lib/jetty/config/catalog-fe/ecomp-error-configuration.yaml" do
+ source "FE-ecomp-error-configuration.yaml"
+ mode 0755
+ owner "jetty"
+ group "jetty"
+end
+
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
new file mode 100644
index 0000000000..674febb47a
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
@@ -0,0 +1,7 @@
+cookbook_file "/var/lib/jetty/config/catalog-fe/logback.xml" do
+ source "FE-logback.xml"
+ mode 0755
+ owner "jetty"
+ group "jetty"
+end
+
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_5_rest_configuration.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_5_rest_configuration.rb
new file mode 100644
index 0000000000..710286a8dd
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_5_rest_configuration.rb
@@ -0,0 +1,7 @@
+cookbook_file "/var/lib/jetty/config/catalog-fe/rest-configuration-info.yaml" do
+ source "FE-rest-configuration.yaml"
+ mode 0755
+ owner "jetty"
+ group "jetty"
+end
+
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_create_jetty_modules.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_create_jetty_modules.rb
new file mode 100644
index 0000000000..2800fd1808
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_create_jetty_modules.rb
@@ -0,0 +1,45 @@
+jetty_base="/var/lib/jetty"
+jetty_home="/usr/local/jetty"
+
+###### create Jetty modules
+bash "create-jetty-modules" do
+cwd "#{jetty_base}"
+code <<-EOH
+ cd "#{jetty_base}"
+ java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy
+ java -jar "/#{jetty_home}"/start.jar --add-to-startd=http,https,logging,setuid
+EOH
+not_if "ls /#{jetty_base}/start.d/https.ini"
+end
+
+
+###### configure Jetty modules
+template "FE-http-ini" do
+ path "/#{jetty_base}/start.d/http.ini"
+ source "FE-http-ini.erb"
+ owner "jetty"
+ group "jetty"
+ mode "0755"
+ variables :FE_http_port => "#{node['FE'][:http_port]}"
+end
+
+
+template "FE-https-ini" do
+ path "/#{jetty_base}/start.d/https.ini"
+ source "FE-https-ini.erb"
+ owner "jetty"
+ group "jetty"
+ mode "0755"
+ variables :FE_https_port => "#{node['FE'][:https_port]}"
+end
+
+
+template "FE-ssl-ini" do
+ path "/#{jetty_base}/start.d/ssl.ini"
+ source "FE-ssl-ini.erb"
+ owner "jetty"
+ group "jetty"
+ mode "0755"
+ variables :FE_https_port => "#{node['FE'][:https_port]}"
+end
+
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-configuration.yaml.erb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-configuration.yaml.erb
new file mode 100644
index 0000000000..f864bb9dbb
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-configuration.yaml.erb
@@ -0,0 +1,79 @@
+# Needed for logging purposes. To be populated by DevOps - currently dummy
+feFqdn: <%= @fe_host_ip %>
+
+# catalog backend hostname
+beHost: <%= @be_host_ip %>
+
+# catalog backend http port
+beHttpPort: <%= @catalog_port %>
+
+# catalog backend http context
+beContext: /sdc2/rest/v1/catalog/upload/resources
+
+# catalog backend protocol
+beProtocol: http
+
+# catalog backend ssl port
+beSslPort: <%= @ssl_port %>
+
+# threadpool size for handling requests
+threadpoolSize: 50
+
+# request processing timeout (seconds)
+requestTimeout: 10
+
+healthCheckSocketTimeoutInMs: 5000
+
+healthCheckIntervalInSeconds: 5
+
+identificationHeaderFields:
+ -
+ - &HTTP_IV_USER HTTP_IV_USER
+ - &iv-user iv-user
+ -
+ - &USER_ID USER_ID
+ - &user-id user-id
+ -
+ - &HTTP_CSP_ATTUID HTTP_CSP_ATTUID
+ - &csp-attuid csp-attuid
+ -
+ - &HTTP_CSP_WSTYPE HTTP_CSP_WSTYPE
+ - &csp-wstype csp-wstype
+
+optionalHeaderFields:
+ -
+ - &HTTP_CSP_FIRSTNAME HTTP_CSP_FIRSTNAME
+ - &csp-firstname csp-firstname
+ -
+ - &HTTP_CSP_LASTNAME HTTP_CSP_LASTNAME
+ - &csp-lastname csp-lastname
+ -
+ - &HTTP_IV_REMOTE_ADDRESS HTTP_IV_REMOTE_ADDRESS
+ - &iv-remote-address iv-remote-address
+ -
+ - &HTTP_CSP_EMAIL HTTP_CSP_EMAIL
+ - &csp-email csp-email
+
+
+version: 1.0
+released: 2012-11-30
+
+# Connection parameters
+connection:
+ url: jdbc:mysql://localhost:3306/db
+ poolSize: 17
+
+# Protocols
+protocols:
+ - http
+ - https
+
+
+systemMonitoring:
+ enabled: true
+ isProxy: true
+ probeIntervalInSeconds: 15
+
+kibanaHost: localhost
+kibanaPort: 5601
+kibanaProtocol: http
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-http-ini.erb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-http-ini.erb
new file mode 100644
index 0000000000..34a73fdf55
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-http-ini.erb
@@ -0,0 +1,32 @@
+# ---------------------------------------
+# Module: http
+--module=http
+
+### HTTP Connector Configuration
+
+## Connector host/address to bind to
+# jetty.http.host=0.0.0.0
+
+## Connector port to listen on
+jetty.http.port=<%= @FE_http_port %>
+
+## Connector idle timeout in milliseconds
+jetty.http.idleTimeout=30000
+
+## Connector socket linger time in seconds (-1 to disable)
+# jetty.http.soLingerTime=-1
+
+## Number of acceptors (-1 picks default based on number of cores)
+# jetty.http.acceptors=-1
+
+## Number of selectors (-1 picks default based on number of cores)
+# jetty.http.selectors=-1
+
+## ServerSocketChannel backlog (0 picks platform default)
+# jetty.http.acceptorQueueSize=0
+
+## Thread priority delta to give to acceptor threads
+# jetty.http.acceptorPriorityDelta=0
+
+## HTTP Compliance: RFC7230, RFC2616, LEGACY
+# jetty.http.compliance=RFC7230
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-https-ini.erb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-https-ini.erb
new file mode 100644
index 0000000000..f8ca5252b0
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-https-ini.erb
@@ -0,0 +1,15 @@
+# ---------------------------------------
+# Module: https
+--module=https
+
+## HTTPS Configuration
+# HTTP port to listen on
+https.port=<%= @FE_https_port %>
+
+# HTTPS idle timeout in milliseconds
+jetty.https.idleTimeout=300000
+
+# HTTPS Socket.soLingerTime in seconds. (-1 to disable)
+# https.soLingerTime=-1
+
+
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb
new file mode 100644
index 0000000000..426e0e44b5
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb
@@ -0,0 +1,83 @@
+# ---------------------------------------
+# Module: ssl
+--module=ssl
+
+### TLS(SSL) Connector Configuration
+
+## Connector host/address to bind to
+# jetty.ssl.host=0.0.0.0
+
+## Connector port to listen on
+jetty.ssl.port=<%= @FE_https_port %>
+
+## Connector idle timeout in milliseconds
+# jetty.ssl.idleTimeout=30000
+
+## Connector socket linger time in seconds (-1 to disable)
+# jetty.ssl.soLingerTime=-1
+
+## Number of acceptors (-1 picks default based on number of cores)
+# jetty.ssl.acceptors=-1
+
+## Number of selectors (-1 picks default based on number of cores)
+# jetty.ssl.selectors=-1
+
+## ServerSocketChannel backlog (0 picks platform default)
+# jetty.ssl.acceptorQueueSize=0
+
+## Thread priority delta to give to acceptor threads
+# jetty.ssl.acceptorPriorityDelta=0
+
+## Whether request host names are checked to match any SNI names
+# jetty.ssl.sniHostCheck=true
+
+## max age in seconds for a Strict-Transport-Security response header (default -1)
+# jetty.ssl.stsMaxAgeSeconds=31536000
+
+## include subdomain property in any Strict-Transport-Security header (default false)
+# jetty.ssl.stsIncludeSubdomains=true
+
+### SslContextFactory Configuration
+## Note that OBF passwords are not secure, just protected from casual observation
+## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
+
+## Keystore file path (relative to $jetty.base)
+# jetty.sslContext.keyStorePath=etc/keystore
+
+## Truststore file path (relative to $jetty.base)
+# jetty.sslContext.trustStorePath=etc/keystore
+
+## Keystore password
+# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+
+## Keystore type and provider
+# jetty.sslContext.keyStoreType=JKS
+# jetty.sslContext.keyStoreProvider=
+
+## KeyManager password
+# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
+
+## Truststore password
+# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+
+## Truststore type and provider
+# jetty.sslContext.trustStoreType=JKS
+# jetty.sslContext.trustStoreProvider=
+
+## whether client certificate authentication is required
+# jetty.sslContext.needClientAuth=false
+
+## Whether client certificate authentication is desired
+# jetty.sslContext.wantClientAuth=false
+
+## Whether cipher order is significant (since java 8 only)
+# jetty.sslContext.useCipherSuitesOrder=true
+
+## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
+## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
+
+## Set the size of the SslSession cache
+# jetty.sslContext.sslSessionCacheSize=-1
+
+## Set the timeout (in seconds) of the SslSession cache timeout
+# jetty.sslContext.sslSessionTimeout=-1
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/LICENSE b/sdc-os-chef/sdc-frontend/chef-solo/LICENSE
new file mode 100644
index 0000000000..11069edd79
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/README.md b/sdc-os-chef/sdc-frontend/chef-solo/README.md
new file mode 100644
index 0000000000..ddb0fda830
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/README.md
@@ -0,0 +1,37 @@
+Deprecated
+==========
+
+Use of this repository is deprecated. We recommend using the `chef generate repo` command that comes with [ChefDK](http://downloads.chef.io/chef-dk/).
+
+Overview
+========
+
+Every Chef installation needs a Chef Repository. This is the place where cookbooks, roles, config files and other artifacts for managing systems with Chef will live. We strongly recommend storing this repository in a version control system such as Git and treat it like source code.
+
+While we prefer Git, and make this repository available via GitHub, you are welcome to download a tar or zip archive and use your favorite version control system to manage the code.
+
+Repository Directories
+======================
+
+This repository contains several directories, and each directory contains a README file that describes what it is for in greater detail, and how to use it for managing your systems with Chef.
+
+* `cookbooks/` - Cookbooks you download or create.
+* `data_bags/` - Store data bags and items in .json in the repository.
+* `roles/` - Store roles in .rb or .json in the repository.
+* `environments/` - Store environments in .rb or .json in the repository.
+
+Configuration
+=============
+
+The repository contains a knife configuration file.
+
+* .chef/knife.rb
+
+The knife configuration file `.chef/knife.rb` is a repository specific configuration file for knife. If you're using Hosted Chef, you can download one for your organization from the management console. If you're using the Open Source Chef Server, you can generate a new one with `knife configure`. For more information about configuring Knife, see the Knife documentation.
+
+https://docs.chef.io/knife.html
+
+Next Steps
+==========
+
+Read the README file in each of the subdirectories for more information about what goes in those directories.
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/chefignore b/sdc-os-chef/sdc-frontend/chef-solo/chefignore
new file mode 100644
index 0000000000..ba30af6cff
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/chefignore
@@ -0,0 +1,11 @@
+# Put files/directories that should be ignored in this file.
+# Lines that start with '# ' are comments.
+
+# emacs
+*~
+
+# vim
+*.sw[a-z]
+
+# subversion
+*/.svn/*
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/cookbooks/README.md b/sdc-os-chef/sdc-frontend/chef-solo/cookbooks/README.md
new file mode 100644
index 0000000000..86ea46bfbb
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/cookbooks/README.md
@@ -0,0 +1,54 @@
+This directory contains the cookbooks used to configure systems in your infrastructure with Chef.
+
+Knife needs to be configured to know where the cookbooks are located with the `cookbook_path` setting. If this is not set, then several cookbook operations will fail to work properly.
+
+ cookbook_path ["./cookbooks"]
+
+This setting tells knife to look for the cookbooks directory in the present working directory. This means the knife cookbook subcommands need to be run in the `chef-repo` directory itself. To make sure that the cookbooks can be found elsewhere inside the repository, use an absolute path. This is a Ruby file, so something like the following can be used:
+
+ current_dir = File.dirname(__FILE__)
+ cookbook_path ["#{current_dir}/../cookbooks"]
+
+Which will set `current_dir` to the location of the knife.rb file itself (e.g. `~/chef-repo/.chef/knife.rb`).
+
+Configure knife to use your preferred copyright holder, email contact and license. Add the following lines to `.chef/knife.rb`.
+
+ cookbook_copyright "Example, Com."
+ cookbook_email "cookbooks@example.com"
+ cookbook_license "apachev2"
+
+Supported values for `cookbook_license` are "apachev2", "mit","gplv2","gplv3", or "none". These settings are used to prefill comments in the default recipe, and the corresponding values in the metadata.rb. You are free to change the the comments in those files.
+
+Create new cookbooks in this directory with Knife.
+
+ knife cookbook create COOKBOOK
+
+This will create all the cookbook directory components. You don't need to use them all, and can delete the ones you don't need. It also creates a README file, metadata.rb and default recipe.
+
+You can also download cookbooks directly from the Opscode Cookbook Site. There are two subcommands to help with this depending on what your preference is.
+
+The first and recommended method is to use a vendor branch if you're using Git. This is automatically handled with Knife.
+
+ knife cookbook site install COOKBOOK
+
+This will:
+
+* Download the cookbook tarball from cookbooks.opscode.com.
+* Ensure its on the git master branch.
+* Checks for an existing vendor branch, and creates if it doesn't.
+* Checks out the vendor branch (chef-vendor-COOKBOOK).
+* Removes the existing (old) version.
+* Untars the cookbook tarball it downloaded in the first step.
+* Adds the cookbook files to the git index and commits.
+* Creates a tag for the version downloaded.
+* Checks out the master branch again.
+* Merges the cookbook into master.
+* Repeats the above for all the cookbooks dependencies, downloading them from the community site
+
+The last step will ensure that any local changes or modifications you have made to the cookbook are preserved, so you can keep your changes through upstream updates.
+
+If you're not using Git, use the site download subcommand to download the tarball.
+
+ knife cookbook site download COOKBOOK
+
+This creates the COOKBOOK.tar.gz from in the current directory (e.g., `~/chef-repo`). We recommend following a workflow similar to the above for your version control tool.
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/data_bags/README.md b/sdc-os-chef/sdc-frontend/chef-solo/data_bags/README.md
new file mode 100644
index 0000000000..0c15a391fa
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/data_bags/README.md
@@ -0,0 +1,63 @@
+Data Bags
+---------
+
+This directory contains directories of the various data bags you create for your infrastructure. Each subdirectory corresponds to a data bag on the Chef Server, and contains JSON files of the items that go in the bag.
+
+First, create a directory for the data bag.
+
+ mkdir data_bags/BAG
+
+Then create the JSON files for items that will go into that bag.
+
+ $EDITOR data_bags/BAG/ITEM.json
+
+The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM". For example,
+
+ {
+ "id": "foo"
+ }
+
+Next, create the data bag on the Chef Server.
+
+ knife data bag create BAG
+
+Then upload the items in the data bag's directory to the Chef Server.
+
+ knife data bag from file BAG ITEM.json
+
+
+Encrypted Data Bags
+-------------------
+
+Added in Chef 0.10, encrypted data bags allow you to encrypt the contents of your data bags. The content of attributes will no longer be searchable. To use encrypted data bags, first you must have or create a secret key.
+
+ openssl rand -base64 512 > secret_key
+
+You may use this secret_key to add items to a data bag during a create.
+
+ knife data bag create --secret-file secret_key passwords mysql
+
+You may also use it when adding ITEMs from files,
+
+ knife data bag create passwords
+ knife data bag from file passwords data_bags/passwords/mysql.json --secret-file secret_key
+
+The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM" and the contents will be encrypted when uploaded. For example,
+
+ {
+ "id": "mysql",
+ "password": "abc123"
+ }
+
+Without the secret_key, the contents are encrypted.
+
+ knife data bag show passwords mysql
+ id: mysql
+ password: 2I0XUUve1TXEojEyeGsjhw==
+
+Use the secret_key to view the contents.
+
+ knife data bag show passwords mysql --secret-file secret_key
+ id: mysql
+ password: abc123
+
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/environments/README.md b/sdc-os-chef/sdc-frontend/chef-solo/environments/README.md
new file mode 100644
index 0000000000..50ac48db2b
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/environments/README.md
@@ -0,0 +1,5 @@
+Requires Chef 0.10.0+.
+
+This directory is for Ruby DSL and JSON files for environments. For more information see the Chef wiki page:
+
+http://docs.chef.io/environments.html
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/roles/README.md b/sdc-os-chef/sdc-frontend/chef-solo/roles/README.md
new file mode 100644
index 0000000000..b0ee0b4d21
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/roles/README.md
@@ -0,0 +1,16 @@
+Create roles here, in either the Role Ruby DSL (.rb) or JSON (.json) files. To install roles on the server, use knife.
+
+For example, create `roles/base_example.rb`:
+
+ name "base_example"
+ description "Example base role applied to all nodes."
+ # List of recipes and roles to apply. Requires Chef 0.8, earlier versions use 'recipes()'.
+ #run_list()
+ # Attributes applied if the node doesn't have it set already.
+ #default_attributes()
+ # Attributes applied no matter what the node has set already.
+ #override_attributes()
+
+Then upload it to the Chef Server:
+
+ knife role from file roles/base_example.rb
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/roles/catalog-fe.json b/sdc-os-chef/sdc-frontend/chef-solo/roles/catalog-fe.json
new file mode 100644
index 0000000000..9e023762d1
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/roles/catalog-fe.json
@@ -0,0 +1,23 @@
+{
+ "name": "catalog-be",
+ "description": "Installation application - catalogFE",
+ "json_class": "Chef::Role",
+ "default_attributes": {
+
+ },
+ "override_attributes": {
+
+ },
+ "chef_type": "role",
+ "run_list": [
+ "recipe[sdc-catalog-fe::FE_1_cleanup_jettydir]",
+ "recipe[sdc-catalog-fe::FE_2_setup_configuration]",
+ "recipe[sdc-catalog-fe::FE_3_errors_config]",
+ "recipe[sdc-catalog-fe::FE_4_logback]",
+ "recipe[sdc-catalog-fe::FE_5_rest_configuration]",
+ "recipe[sdc-catalog-fe::FE_6_create_jetty_modules]"
+ ],
+ "env_run_lists": {
+ }
+}
+
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/solo.json b/sdc-os-chef/sdc-frontend/chef-solo/solo.json
new file mode 100644
index 0000000000..09dd642e6f
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/solo.json
@@ -0,0 +1,4 @@
+{
+ "run_list": [ "role[catalog-fe]" ]
+}
+
diff --git a/sdc-os-chef/sdc-frontend/chef-solo/solo.rb b/sdc-os-chef/sdc-frontend/chef-solo/solo.rb
new file mode 100644
index 0000000000..06c1af4592
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/chef-solo/solo.rb
@@ -0,0 +1,16 @@
+root = File.absolute_path(File.dirname(__FILE__))
+file_cache_path root
+cookbook_path root + '/cookbooks'
+json_attribs root + '/solo.json'
+checksum_path root + '/checksums'
+data_bag_path root + '/data_bags'
+environment_path root + '/environments'
+file_backup_path root + '/backup'
+file_cache_path root + '/cache'
+log_level :info
+log_location STDOUT
+rest_timeout 300
+role_path root + '/roles'
+syntax_check_cache_path
+umask 0022
+verbose_logging nil
diff --git a/sdc-os-chef/sdc-frontend/startup.sh b/sdc-os-chef/sdc-frontend/startup.sh
new file mode 100644
index 0000000000..2a3d4d47f5
--- /dev/null
+++ b/sdc-os-chef/sdc-frontend/startup.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+export CHEFNAME=${ENVNAME}
+cd /root/chef-solo
+echo "normal['HOST_IP'] = \"${HOST_IP}\"" > /root/chef-solo/cookbooks/sdc-catalog-fe/attributes/default.rb
+chef-solo -c solo.rb -E ${CHEFNAME}
+
+sed -i '/^set -e/aJAVA_OPTIONS=\"-XX:MaxPermSize=256m -Xmx1500m -Dconfig.home=${JETTY_BASE}\/config -Dlog.home=${JETTY_BASE}\/logs -Dlogback.configurationFile=${JETTY_BASE}\/config\/catalog-fe\/logback.xml -Dconfiguration.yaml=${JETTY_BASE}\/config\/catalog-fe\/configuration.yaml\"' /docker-entrypoint.sh
+sed -i '/^set -e/aTMPDIR=${JETTY_BASE}\/temp' /docker-entrypoint.sh
+
+cd /var/lib/jetty
+/docker-entrypoint.sh