From 68830a739232e31feadc5b10c1e537197d86269f Mon Sep 17 00:00:00 2001
From: "k.kedron" <k.kedron@partner.samsung.com>
Date: Tue, 27 Aug 2019 18:10:09 +0200
Subject: Fully HTTPS support in the catalog-be

Fully HTTPS support:
-Updated jvm configuration to support call to
the SDC components using HTTPS.
-Checkstyle in the recipes
-Add support for disableHttp flag in the chef script
-Add support for change the http to https in the python script
-Fixed the --schema param in the importONAPNormativeALL and
upgradeONAPNormative python scripts
-Checkstyle in the importX python script
-Disabled pycurl.SSL_VERIFYHOST to fix communication with the be component

Issue-ID: SDC-2501
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: I588ba21638083694932a1af272f3bcbaa98268a7
---
 .../recipes/1_create_consumer_and_user.rb          | 27 ++++++++++++------
 .../recipes/2_check_Backend.rb                     | 17 ++++++++---
 .../recipes/3_import_Normatives.rb                 | 33 ++++++++++++++--------
 3 files changed, 53 insertions(+), 24 deletions(-)

(limited to 'catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes')

diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb
index 14085bd0cb..97d140ab1f 100644
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb
@@ -1,34 +1,45 @@
-template "/tmp/user.py" do
+if node['disableHttp']
+  protocol = "https"
+  be_port = node['BE']['https_port']
+else
+  protocol = "http"
+  be_port = node['BE']['http_port']
+end
+
+
+template "/var/tmp/user.py" do
     source "user.py.erb"
     sensitive true
     mode 0755
     variables({
+      :protocol => protocol,
       :be_ip => node['Nodes']['BE'],
-      :be_port => node['BE']['http_port']
+      :be_port => be_port
     })
 end
 
-bash "excuting-create_user" do
+bash "executing-create_user" do
    code <<-EOH
-     python /tmp/user.py
+     python /var/tmp/user.py
      rc=$?
      if [[ $rc != 0 ]]; then exit $rc; fi
    EOH
 end
 
-template "/tmp/consumers.py" do
+template "/var/tmp/consumers.py" do
     source "consumers.py.erb"
     sensitive true
     mode 0755
     variables({
+      :protocol => protocol,
       :be_ip => node['Nodes']['BE'],
-      :be_port => node['BE']['http_port']
+      :be_port => be_port
     })
 end
 
-bash "excuting-consumers" do
+bash "executing-consumers" do
    code <<-EOH
-     python /tmp/consumers.py
+     python /var/tmp/consumers.py
      rc=$?
      if [[ $rc != 0 ]]; then exit $rc; fi
    EOH
diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb
index b929637b1a..0a551f2a52 100644
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb
@@ -1,16 +1,25 @@
-template "/tmp/check_Backend_Health.py" do
+if node['disableHttp']
+  protocol = "https"
+  be_port = node['BE']['https_port']
+else
+  protocol = "http"
+  be_port = node['BE']['http_port']
+end
+
+template "/var/tmp/check_Backend_Health.py" do
     source "check_Backend_Health.py.erb"
     sensitive true
     mode 0755
     variables({
+      :protocol => protocol,
       :be_ip => node['Nodes']['BE'],
-      :be_port => node['BE']['http_port']
+      :be_port => be_port
     })
 end
 
-bash "excuting-check_Backend_Health" do
+bash "executing-check_Backend_Health" do
    code <<-EOH
-     python /tmp/check_Backend_Health.py
+     python /var/tmp/check_Backend_Health.py
      rc=$?
      if [[ $rc != 0 ]]; then exit $rc; fi
    EOH
diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
index e8dc9675d1..b640b3afe9 100644
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
@@ -1,37 +1,46 @@
-cookbook_file "/tmp/normatives.tar.gz" do
+be_ip=node['Nodes'][:BE]
+
+if node['disableHttp']
+  protocol = "https"
+  be_port = node['BE']['https_port']
+  param="-i #{be_ip} -p #{be_port} --scheme #{protocol}"
+else
+  protocol = "http"
+  be_port = node['BE']['http_port']
+  param="-i #{be_ip} -p #{be_port}"
+end
+
+cookbook_file "/var/tmp/normatives.tar.gz" do
       source "normatives.tar.gz"
    end
 
-be_ip=node['Nodes'][:BE]
-be_port=node['BE']['http_port']
-
-bash "excuting-import_Normatives" do
+bash "executing-import_Normatives" do
    code <<-EOH
      set -x
-     cd /tmp
-     tar xvfz /tmp/normatives.tar.gz
-     cd /tmp/normatives/scripts/import/tosca/
+     cd /var/tmp
+     tar xvfz /var/tmp/normatives.tar.gz
+     cd /var/tmp/normatives/scripts/import/tosca/
      /bin/chmod +x *.py
 
      # executing the normatives
      # add --debug=true to the importNormativeAll.py arguments to enable debug
 
      check_normative="/tmp/check_normative.out"
-     status_code=$(curl -s -o ${check_normative} -w "%{http_code}\\n" -X GET -H 'Content-Type: application/json;charset=UTF-8' -H 'USER_ID: jh0003' -H 'X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090' "http://#{be_ip}:#{be_port}/sdc2/rest/v1/screen")
+     status_code=$(curl -k -s -o ${check_normative} -w "%{http_code}\\n" -X GET -H 'Content-Type: application/json;charset=UTF-8' -H 'USER_ID: jh0003' -H 'X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090' "#{protocol}://#{be_ip}:#{be_port}/sdc2/rest/v1/screen")
      if [ "$status_code" != 200 ] ; then
         exit "$status_code"
      fi
 
-     #curl -s -X GET -H "Content-Type: application/json;charset=UTF-8" -H "USER_ID: jh0003" -H "X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090" "http://#{be_ip}:#{be_port}/sdc2/rest/v1/screen" > ${check_normative}
+     #curl -s -X GET -H "Content-Type: application/json;charset=UTF-8" -H "USER_ID: jh0003" -H "X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090" "#{protocol}://#{be_ip}:#{be_port}/sdc2/rest/v1/screen" > ${check_normative}
 
      resources_len=`cat ${check_normative}| jq '.["resources"]|length'`
      mkdir -p /var/lib/jetty/logs
      if [ $resources_len -eq 0 ] ; then
-        python importONAPNormativeAll.py -i #{be_ip} -p #{be_port} > /var/lib/jetty/logs/importNormativeAll.log
+        python importONAPNormativeAll.py #{param} > /var/lib/jetty/logs/importNormativeAll.log
             rc=$?
             if [[ $rc != 0 ]]; then exit $rc; fi
      else
-        python upgradeONAPNormative.py -i #{be_ip}  -p #{be_port} > /var/lib/jetty/logs/upgradeNormative.log
+        python upgradeONAPNormative.py #{param} > /var/lib/jetty/logs/upgradeNormative.log
             rc=$?
             if [[ $rc != 0 ]]; then exit $rc; fi
      fi
-- 
cgit 1.2.3-korg