From 68830a739232e31feadc5b10c1e537197d86269f Mon Sep 17 00:00:00 2001 From: "k.kedron" Date: Tue, 27 Aug 2019 18:10:09 +0200 Subject: Fully HTTPS support in the catalog-be Fully HTTPS support: -Updated jvm configuration to support call to the SDC components using HTTPS. -Checkstyle in the recipes -Add support for disableHttp flag in the chef script -Add support for change the http to https in the python script -Fixed the --schema param in the importONAPNormativeALL and upgradeONAPNormative python scripts -Checkstyle in the importX python script -Disabled pycurl.SSL_VERIFYHOST to fix communication with the be component Issue-ID: SDC-2501 Signed-off-by: Krystian Kedron Change-Id: I588ba21638083694932a1af272f3bcbaa98268a7 --- .../recipes/1_create_consumer_and_user.rb | 27 ++++++++++++------ .../recipes/2_check_Backend.rb | 17 ++++++++--- .../recipes/3_import_Normatives.rb | 33 ++++++++++++++-------- .../templates/default/check_Backend_Health.py.erb | 3 +- .../templates/default/consumers.py.erb | 7 +++-- .../templates/default/user.py.erb | 7 +++-- 6 files changed, 63 insertions(+), 31 deletions(-) (limited to 'catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup') diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb index 14085bd0cb..97d140ab1f 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb @@ -1,34 +1,45 @@ -template "/tmp/user.py" do +if node['disableHttp'] + protocol = "https" + be_port = node['BE']['https_port'] +else + protocol = "http" + be_port = node['BE']['http_port'] +end + + +template "/var/tmp/user.py" do source "user.py.erb" sensitive true mode 0755 variables({ + :protocol => protocol, :be_ip => node['Nodes']['BE'], - :be_port => node['BE']['http_port'] + :be_port => be_port }) end -bash "excuting-create_user" do +bash "executing-create_user" do code <<-EOH - python /tmp/user.py + python /var/tmp/user.py rc=$? if [[ $rc != 0 ]]; then exit $rc; fi EOH end -template "/tmp/consumers.py" do +template "/var/tmp/consumers.py" do source "consumers.py.erb" sensitive true mode 0755 variables({ + :protocol => protocol, :be_ip => node['Nodes']['BE'], - :be_port => node['BE']['http_port'] + :be_port => be_port }) end -bash "excuting-consumers" do +bash "executing-consumers" do code <<-EOH - python /tmp/consumers.py + python /var/tmp/consumers.py rc=$? if [[ $rc != 0 ]]; then exit $rc; fi EOH diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb index b929637b1a..0a551f2a52 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb @@ -1,16 +1,25 @@ -template "/tmp/check_Backend_Health.py" do +if node['disableHttp'] + protocol = "https" + be_port = node['BE']['https_port'] +else + protocol = "http" + be_port = node['BE']['http_port'] +end + +template "/var/tmp/check_Backend_Health.py" do source "check_Backend_Health.py.erb" sensitive true mode 0755 variables({ + :protocol => protocol, :be_ip => node['Nodes']['BE'], - :be_port => node['BE']['http_port'] + :be_port => be_port }) end -bash "excuting-check_Backend_Health" do +bash "executing-check_Backend_Health" do code <<-EOH - python /tmp/check_Backend_Health.py + python /var/tmp/check_Backend_Health.py rc=$? if [[ $rc != 0 ]]; then exit $rc; fi EOH diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb index e8dc9675d1..b640b3afe9 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb @@ -1,37 +1,46 @@ -cookbook_file "/tmp/normatives.tar.gz" do +be_ip=node['Nodes'][:BE] + +if node['disableHttp'] + protocol = "https" + be_port = node['BE']['https_port'] + param="-i #{be_ip} -p #{be_port} --scheme #{protocol}" +else + protocol = "http" + be_port = node['BE']['http_port'] + param="-i #{be_ip} -p #{be_port}" +end + +cookbook_file "/var/tmp/normatives.tar.gz" do source "normatives.tar.gz" end -be_ip=node['Nodes'][:BE] -be_port=node['BE']['http_port'] - -bash "excuting-import_Normatives" do +bash "executing-import_Normatives" do code <<-EOH set -x - cd /tmp - tar xvfz /tmp/normatives.tar.gz - cd /tmp/normatives/scripts/import/tosca/ + cd /var/tmp + tar xvfz /var/tmp/normatives.tar.gz + cd /var/tmp/normatives/scripts/import/tosca/ /bin/chmod +x *.py # executing the normatives # add --debug=true to the importNormativeAll.py arguments to enable debug check_normative="/tmp/check_normative.out" - status_code=$(curl -s -o ${check_normative} -w "%{http_code}\\n" -X GET -H 'Content-Type: application/json;charset=UTF-8' -H 'USER_ID: jh0003' -H 'X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090' "http://#{be_ip}:#{be_port}/sdc2/rest/v1/screen") + status_code=$(curl -k -s -o ${check_normative} -w "%{http_code}\\n" -X GET -H 'Content-Type: application/json;charset=UTF-8' -H 'USER_ID: jh0003' -H 'X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090' "#{protocol}://#{be_ip}:#{be_port}/sdc2/rest/v1/screen") if [ "$status_code" != 200 ] ; then exit "$status_code" fi - #curl -s -X GET -H "Content-Type: application/json;charset=UTF-8" -H "USER_ID: jh0003" -H "X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090" "http://#{be_ip}:#{be_port}/sdc2/rest/v1/screen" > ${check_normative} + #curl -s -X GET -H "Content-Type: application/json;charset=UTF-8" -H "USER_ID: jh0003" -H "X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090" "#{protocol}://#{be_ip}:#{be_port}/sdc2/rest/v1/screen" > ${check_normative} resources_len=`cat ${check_normative}| jq '.["resources"]|length'` mkdir -p /var/lib/jetty/logs if [ $resources_len -eq 0 ] ; then - python importONAPNormativeAll.py -i #{be_ip} -p #{be_port} > /var/lib/jetty/logs/importNormativeAll.log + python importONAPNormativeAll.py #{param} > /var/lib/jetty/logs/importNormativeAll.log rc=$? if [[ $rc != 0 ]]; then exit $rc; fi else - python upgradeONAPNormative.py -i #{be_ip} -p #{be_port} > /var/lib/jetty/logs/upgradeNormative.log + python upgradeONAPNormative.py #{param} > /var/lib/jetty/logs/upgradeNormative.log rc=$? if [[ $rc != 0 ]]; then exit $rc; fi fi diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/check_Backend_Health.py.erb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/check_Backend_Health.py.erb index 60e2da16e7..eb77f93c33 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/check_Backend_Health.py.erb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/check_Backend_Health.py.erb @@ -7,6 +7,7 @@ from datetime import datetime beStat=0 BE_IP="<%= @be_ip %>" BE_PORT="<%= @be_port %>" +PROTOCOL="<%= @protocol %>" class bcolors: HEADER = '\033[95m' @@ -23,7 +24,7 @@ class bcolors: # Functions ############################## def checkBackend(): - command="curl -s -o /dev/null -I -w \"%{http_code}\" -i http://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/jh0003" + command="curl -k -s -o /dev/null -I -w \"%{http_code}\" -i "+PROTOCOL+"://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/jh0003" proc = subprocess.Popen( command , shell=True , stdout=subprocess.PIPE ) (out, err) = proc.communicate() diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/consumers.py.erb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/consumers.py.erb index c5933201c1..798d79337c 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/consumers.py.erb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/consumers.py.erb @@ -6,6 +6,7 @@ from datetime import datetime BE_IP="<%= @be_ip %>" BE_PORT="<%= @be_port %>" +PROTOCOL="<%= @protocol %>" class bcolors: HEADER = '\033[95m' @@ -22,7 +23,7 @@ class bcolors: # Functions ############################## def checkBackend(): - command="curl -s -o /dev/null -I -w \"%{http_code}\" -i http://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/jh0003" + command="curl -k -s -o /dev/null -I -w \"%{http_code}\" -i "+PROTOCOL+"://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/jh0003" proc = subprocess.Popen( command , shell=True , stdout=subprocess.PIPE ) (out, err) = proc.communicate() @@ -31,7 +32,7 @@ def checkBackend(): def checkConsumer(consumerName): - command="curl -s -o /dev/null -I -w \"%{http_code}\" -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" http://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/consumers/" + consumerName + command="curl -k -s -o /dev/null -I -w \"%{http_code}\" -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" "+PROTOCOL+"://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/consumers/" + consumerName proc = subprocess.Popen( command , shell=True , stdout=subprocess.PIPE ) (out, err) = proc.communicate() @@ -41,7 +42,7 @@ def checkConsumer(consumerName): def createConsumer( consumerName, consumerSalt, consumerPass ): print '[INFO] ' + consumerName - command="curl -s -o /dev/null -w \"%{http_code}\" -X POST -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" http://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/consumers/ -d '{\"consumerName\": '" + consumerName + "', \"consumerSalt\": '" + consumerSalt + "',\"consumerPassword\": '" + consumerPass + "'}'" + command="curl -k -s -o /dev/null -w \"%{http_code}\" -X POST -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" "+PROTOCOL+"://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/consumers/ -d '{\"consumerName\": '" + consumerName + "', \"consumerSalt\": '" + consumerSalt + "',\"consumerPassword\": '" + consumerPass + "'}'" proc = subprocess.Popen( command , shell=True , stdout=subprocess.PIPE) diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/user.py.erb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/user.py.erb index a97e451a84..f17ac8a22e 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/user.py.erb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/templates/default/user.py.erb @@ -6,6 +6,7 @@ from datetime import datetime BE_IP="<%= @be_ip %>" BE_PORT="<%= @be_port %>" +PROTOCOL="<%= @protocol %>" class bcolors: HEADER = '\033[95m' @@ -22,7 +23,7 @@ class bcolors: # Functions ############################## def checkBackend(): - command="curl -s -o /dev/null -I -w \"%{http_code}\" -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" http://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/jh0003" + command="curl -k -s -o /dev/null -I -w \"%{http_code}\" -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" "+PROTOCOL+"://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/jh0003" proc = subprocess.Popen( command , shell=True , stdout=subprocess.PIPE ) (out, err) = proc.communicate() @@ -31,7 +32,7 @@ def checkBackend(): def checkUser(userName): - command="curl -s -o /dev/null -I -w \"%{http_code}\" -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" http://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/" + userName + command="curl -k -s -o /dev/null -I -w \"%{http_code}\" -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" "+PROTOCOL+"://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/" + userName proc = subprocess.Popen( command , shell=True , stdout=subprocess.PIPE ) (out, err) = proc.communicate() @@ -43,7 +44,7 @@ def checkUser(userName): def createUser( firstName, lastName, userId , email_dom , role ): print '[INFO] create first:[' + firstName + '], last:[' + lastName + '], Id:[' + userId + '], email:[' + userId + '@' + email_dom + '], role:[' + role +']' - command="curl -s -o /dev/null -w \"%{http_code}\" -X POST -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" http://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/ -d '{\"firstName\": '" + firstName + "', \"lastName\": '" + lastName + "',\"userId\": '" + userId + "',\"email\": '" + userId + "@" + email_dom + "',\"role\": '" + role + "'}'" + command="curl -k -s -o /dev/null -w \"%{http_code}\" -X POST -i -H \"Accept: application/json; charset=UTF-8\" -H \"Content-Type: application/json\" -H \"USER_ID: jh0003\" "+PROTOCOL+"://" + BE_IP + ":" + BE_PORT + "/sdc2/rest/v1/user/ -d '{\"firstName\": '" + firstName + "', \"lastName\": '" + lastName + "',\"userId\": '" + userId + "',\"email\": '" + userId + "@" + email_dom + "',\"role\": '" + role + "'}'" proc = subprocess.Popen( command , shell=True , stdout=subprocess.PIPE) (out, err) = proc.communicate() -- cgit 1.2.3-korg