From 958c32d2d7a3e5cbd9bc672645cdeb95a49b719a Mon Sep 17 00:00:00 2001 From: Yuli Shlosberg Date: Thu, 15 Feb 2018 12:04:46 +0200 Subject: OOM Alignment BE,FE,KBN Change-Id: I8ff609a6be919d5709ce95af5a6a903aeb7afc43 Issue-ID: SDC-918 Signed-off-by: Yuli Shlosberg --- .../templates/default/BE-configuration.yaml.erb | 661 +++++++++++++++++++++ .../BE-distribution-engine-configuration.yaml.erb | 46 ++ .../templates/default/BE-elasticsearch.yml.erb | 11 + .../default/BE-onboarding-configuration.yaml.erb | 5 + .../templates/default/BE-portal.properties.erb | 32 + .../templates/default/BE-titan.properties.erb | 28 + .../templates/default/ready-probe.sh.erb | 11 + .../sdc-catalog-be/templates/default/ssl-ini.erb | 90 +++ 8 files changed, 884 insertions(+) create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-titan.properties.erb create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb create mode 100644 catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb (limited to 'catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates') diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb new file mode 100644 index 0000000000..825dd54061 --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -0,0 +1,661 @@ +identificationHeaderFields: + - HTTP_IV_USER + - HTTP_CSP_FIRSTNAME + - HTTP_CSP_LASTNAME + - HTTP_IV_REMOTE_ADDRESS + - HTTP_CSP_WSTYPE + +# catalog backend hostname +beFqdn: <%= @catalog_ip %> + +# catalog backend http port +beHttpPort: <%= @catalog_port %> + +# catalog backend http context +beContext: /sdc/rest/config/get + +# catalog backend protocol +<% if node[:disableHttp] -%> +beProtocol: https +<% else %> +beProtocol: http +<% end -%> + +# catalog backend ssl port +beSslPort: <%= @ssl_port %> +version: 1.1.0 +released: 2012-11-30 +toscaConformanceLevel: 5.0 +minToscaConformanceLevel: 3.0 + +titanCfgFile: /var/lib/jetty/config/catalog-be/titan.properties +titanInMemoryGraph: false +titanLockTimeout: 1800 +# The interval to try and reconnect to titan DB when it is down during ASDC startup: +titanReconnectIntervalInSeconds: 3 + +# The read timeout towards Titan DB when health check is invoked: +titanHealthCheckReadTimeout: 1 + +# The interval to try and reconnect to Elasticsearch when it is down during ASDC startup: + +esReconnectIntervalInSeconds: 3 +uebHealthCheckReconnectIntervalInSeconds: 15 +uebHealthCheckReadTimeout: 4 + +# Protocols +protocols: + - http + - https + +# Default imports +defaultImports: + - nodes: + file: nodes.yml + - datatypes: + file: data.yml + - capabilities: + file: capabilities.yml + - relationships: + file: relationships.yml + - groups: + file: groups.yml + - policies: + file: policies.yml +# Users +users: + tom: passwd + bob: passwd + + +cassandraConfig: + cassandraHosts: [<%= @cassandra_ip %>] + localDataCenter: <%= @DC_NAME %> + reconnectTimeout : 30000 + socketReadTimeout: <%= @socket_read_timeout %> + socketConnectTimeout: <%= @socket_connect_timeout %> + authenticate: true + username: <%= @cassandra_usr %> + password: <%= @cassandra_pwd %> + ssl: false + truststorePath : /config/.truststore + truststorePassword : Aa123456 + keySpaces: + - { name: dox, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @DC_NAME %>','<%= @rep_factor %>']} + - { name: sdcaudit, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @DC_NAME %>','<%= @rep_factor %>']} + - { name: sdcartifact, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @DC_NAME %>','<%= @rep_factor %>']} + - { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @DC_NAME %>','<%= @rep_factor %>']} + - { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @DC_NAME %>','<%= @rep_factor %>']} + +#Application-specific settings of ES +elasticSearch: + # Mapping of index prefix to time-based frame. For example, if below is configured: + # + # - indexPrefix: auditingevents + # creationPeriod: minute + # + # then ES object of type which is mapped to "auditingevents-*" template, and created on 2015-12-23 13:24:54, will enter "auditingevents-2015-12-23-13-24" index. + # Another object created on 2015-12-23 13:25:54, will enter "auditingevents-2015-12-23-13-25" index. + # If creationPeriod: month, both of the above will enter "auditingevents-2015-12" index. + # + # PLEASE NOTE: the timestamps are created in UTC/GMT timezone! This is needed so that timestamps will be correctly presented in Kibana. + # + # Legal values for creationPeriod - year, month, day, hour, minute, none (meaning no time-based behaviour). + # + # If no creationPeriod is configured for indexPrefix, default behavour is creationPeriod: month. + + indicesTimeFrequency: + - indexPrefix: auditingevents + creationPeriod: month + - indexPrefix: monitoring_events + creationPeriod: month +artifactTypes: + - CHEF + - PUPPET + - SHELL + - YANG + - YANG_XML + - HEAT + - BPEL + - DG_XML + - MURANO_PKG + - WORKFLOW + - NETWORK_CALL_FLOW + - TOSCA_TEMPLATE + - TOSCA_CSAR + - AAI_SERVICE_MODEL + - AAI_VF_MODEL + - AAI_VF_MODULE_MODEL + - AAI_VF_INSTANCE_MODEL + - OTHER + - SNMP_POLL + - SNMP_TRAP + - GUIDE + - PLAN + +licenseTypes: + - User + - Installation + - CPU + +#Deployment artifacts placeHolder +resourceTypes: &allResourceTypes + - VFC + - CP + - VL + - VF + - VFCMT + - Abstract + - CVFC + + +deploymentResourceArtifacts: + + +deploymentResourceInstanceArtifacts: + heatEnv: + displayName: "HEAT ENV" + type: HEAT_ENV + description: "Auto-generated HEAT Environment deployment artifact" + fileExtension: "env" + VfHeatEnv: + displayName: "VF HEAT ENV" + type: HEAT_ENV + description: "VF Auto-generated HEAT Environment deployment artifact" + fileExtension: "env" + +#tosca artifacts placeholders +toscaArtifacts: + assetToscaTemplate: + artifactName: -template.yml + displayName: Tosca Template + type: TOSCA_TEMPLATE + description: TOSCA representation of the asset + assetToscaCsar: + artifactName: -csar.csar + displayName: Tosca Model + type: TOSCA_CSAR + description: TOSCA definition package of the asset + +#Informational artifacts placeHolder +excludeResourceCategory: + - Generic +excludeResourceType: + - PNF +informationalResourceArtifacts: + features: + displayName: Features + type: OTHER + capacity: + displayName: Capacity + type: OTHER + vendorTestResult: + displayName: Vendor Test Result + type: OTHER + testScripts: + displayName: Test Scripts + type: OTHER + CloudQuestionnaire: + displayName: Cloud Questionnaire (completed) + type: OTHER + HEATTemplateFromVendor: + displayName: HEAT Template from Vendor + type: HEAT + resourceSecurityTemplate: + displayName: Resource Security Template + type: OTHER + +excludeServiceCategory: + +informationalServiceArtifacts: + serviceArtifactPlan: + displayName: Service Artifact Plan + type: OTHER + summaryOfImpactsToECOMPElements: + displayName: Summary of impacts to ECOMP elements,OSSs, BSSs + type: OTHER + controlLoopFunctions: + displayName: Control Loop Functions + type: OTHER + dimensioningInfo: + displayName: Dimensioning Info + type: OTHER + affinityRules: + displayName: Affinity Rules + type: OTHER + operationalPolicies: + displayName: Operational Policies + type: OTHER + serviceSpecificPolicies: + displayName: Service-specific Policies + type: OTHER + engineeringRules: + displayName: Engineering Rules (ERD) + type: OTHER + distributionInstructions: + displayName: Distribution Instructions + type: OTHER + certificationTestResults: + displayName: TD Certification Test Results + type: OTHER + deploymentVotingRecord: + displayName: Deployment Voting Record + type: OTHER + serviceQuestionnaire: + displayName: Service Questionnaire + type: OTHER + serviceSecurityTemplate: + displayName: Service Security Template + type: OTHER + +serviceApiArtifacts: + configuration: + displayName: Configuration + type: OTHER + instantiation: + displayName: Instantiation + type: OTHER + monitoring: + displayName: Monitoring + type: OTHER + reporting: + displayName: Reporting + type: OTHER + logging: + displayName: Logging + type: OTHER + testing: + displayName: Testing + type: OTHER + + +additionalInformationMaxNumberOfKeys: 50 + +systemMonitoring: + enabled: false + isProxy: false + probeIntervalInSeconds: 15 +defaultHeatArtifactTimeoutMinutes: 60 + +serviceDeploymentArtifacts: + YANG_XML: + acceptedTypes: + - xml + VNF_CATALOG: + acceptedTypes: + - xml + MODEL_INVENTORY_PROFILE: + acceptedTypes: + - xml + MODEL_QUERY_SPEC: + acceptedTypes: + - xml + +#AAI Artifacts + AAI_SERVICE_MODEL: + acceptedTypes: + - xml + AAI_VF_MODULE_MODEL: + acceptedTypes: + - xml + AAI_VF_INSTANCE_MODEL: + acceptedTypes: + - xml + UCPE_LAYER_2_CONFIGURATION: + acceptedTypes: + - xml + OTHER: + acceptedTypes: + +#PLAN + PLAN: + acceptedTypes: + - xml + +resourceDeploymentArtifacts: + HEAT: + acceptedTypes: + - yaml + - yml + validForResourceTypes: *allResourceTypes + HEAT_VOL: + acceptedTypes: + - yaml + - yml + validForResourceTypes: *allResourceTypes + HEAT_NET: + acceptedTypes: + - yaml + - yml + validForResourceTypes: *allResourceTypes + HEAT_NESTED: + acceptedTypes: + - yaml + - yml + validForResourceTypes: *allResourceTypes + HEAT_ARTIFACT: + acceptedTypes: + validForResourceTypes: *allResourceTypes + YANG_XML: + acceptedTypes: + - xml + validForResourceTypes: *allResourceTypes + VNF_CATALOG: + acceptedTypes: + - xml + validForResourceTypes: *allResourceTypes + VF_LICENSE: + acceptedTypes: + - xml + validForResourceTypes: *allResourceTypes + VENDOR_LICENSE: + acceptedTypes: + - xml + validForResourceTypes: *allResourceTypes + MODEL_INVENTORY_PROFILE: + acceptedTypes: + - xml + validForResourceTypes: *allResourceTypes + MODEL_QUERY_SPEC: + acceptedTypes: + - xml + validForResourceTypes: *allResourceTypes + LIFECYCLE_OPERATIONS: + acceptedTypes: + - yaml + - yml + validForResourceTypes: + - VF + - VFC + VES_EVENTS: + acceptedTypes: + - yaml + - yml + validForResourceTypes: *allResourceTypes + PERFORMANCE_COUNTER: + acceptedTypes: + - csv + validForResourceTypes: *allResourceTypes + APPC_CONFIG: + acceptedTypes: + validForResourceTypes: + - VF + DCAE_TOSCA: + acceptedTypes: + - yml + - yaml + validForResourceTypes: + - VF + - VFCMT + DCAE_JSON: + acceptedTypes: + - json + validForResourceTypes: + - VF + - VFCMT + DCAE_POLICY: + acceptedTypes: + - emf + validForResourceTypes: + - VF + - VFCMT + DCAE_DOC: + acceptedTypes: + validForResourceTypes: + - VF + - VFCMT + DCAE_EVENT: + acceptedTypes: + validForResourceTypes: + - VF + - VFCMT + AAI_VF_MODEL: + acceptedTypes: + - xml + validForResourceTypes: + - VF + AAI_VF_MODULE_MODEL: + acceptedTypes: + - xml + validForResourceTypes: + - VF + OTHER: + acceptedTypes: + validForResourceTypes: *allResourceTypes + SNMP_POLL: + acceptedTypes: + validForResourceTypes: *allResourceTypes + SNMP_TRAP: + acceptedTypes: + validForResourceTypes: *allResourceTypes + +#PLAN + PLAN: + acceptedTypes: + - xml + validForResourceTypes: + - VF + - VFC + +resourceInstanceDeploymentArtifacts: + HEAT_ENV: + acceptedTypes: + - env + VF_MODULES_METADATA: + acceptedTypes: + - json + VES_EVENTS: + acceptedTypes: + - yaml + - yml + PERFORMANCE_COUNTER: + acceptedTypes: + - csv + DCAE_INVENTORY_TOSCA: + acceptedTypes: + - yml + - yaml + DCAE_INVENTORY_JSON: + acceptedTypes: + - json + DCAE_INVENTORY_POLICY: + acceptedTypes: + - emf + DCAE_INVENTORY_DOC: + acceptedTypes: + DCAE_INVENTORY_BLUEPRINT: + acceptedTypes: + DCAE_INVENTORY_EVENT: + acceptedTypes: + SNMP_POLL: + acceptedTypes: + validForResourceTypes: *allResourceTypes + SNMP_TRAP: + acceptedTypes: + validForResourceTypes: *allResourceTypes + +#PLAN + PLAN: + acceptedTypes: + - xml + +resourceInformationalArtifacts: + CHEF: + acceptedTypes: + validForResourceTypes: *allResourceTypes + PUPPET: + acceptedTypes: + validForResourceTypes: *allResourceTypes + SHELL: + acceptedTypes: + validForResourceTypes: *allResourceTypes + YANG: + acceptedTypes: + validForResourceTypes: *allResourceTypes + YANG_XML: + acceptedTypes: + validForResourceTypes: *allResourceTypes + HEAT: + acceptedTypes: + validForResourceTypes: *allResourceTypes + BPEL: + acceptedTypes: + validForResourceTypes: *allResourceTypes + DG_XML: + acceptedTypes: + validForResourceTypes: *allResourceTypes + MURANO_PKG: + acceptedTypes: + validForResourceTypes: *allResourceTypes + OTHER: + acceptedTypes: + validForResourceTypes: + - VFC + - CVFC + - CP + - VL + - VF + - VFCMT + - Abstract + - PNF + SNMP_POLL: + acceptedTypes: + validForResourceTypes: *allResourceTypes + SNMP_TRAP: + acceptedTypes: + validForResourceTypes: *allResourceTypes + GUIDE: + acceptedTypes: + validForResourceTypes: + - VF + - VFC + - CVFC + +resourceInformationalDeployedArtifacts: + + +requirementsToFulfillBeforeCert: + +capabilitiesToConsumeBeforeCert: + +unLoggedUrls: + - /sdc2/rest/healthCheck + +cleanComponentsConfiguration: + cleanIntervalInMinutes: 1440 + componentsToClean: + - Resource + - Service + +artifactsIndex: resources + +heatEnvArtifactHeader: "" +heatEnvArtifactFooter: "" + +onboarding: + <% if node[:disableHttp] -%> + protocol: https + host: <%= @catalog_ip %> + port: <%= node['BE'][:https_port] %> + <% else %> + protocol: http + host: <%= @catalog_ip %> + port: <%= node['BE'][:http_port] %> + <% end -%> + downloadCsarUri: "/onboarding-api/v1.0/vendor-software-products/packages" + healthCheckUri: "/onboarding-api/v1.0/healthcheck" + +dcae: + <% if node[:disableHttp] -%> + protocol: https + host: <%= @catalog_ip %> + port: <%= node['BE'][:https_port] %> + <% else %> + protocol: http + host: <%= @catalog_ip %> + port: <%= node['BE'][:http_port] %> + <% end -%> + + healthCheckUri: "/dcae/healthCheck" + +# #GSS IDNS +switchoverDetector: + gBeFqdn: + gFeFqdn: + beVip: 1.2.3.4 + feVip: 1.2.3.4 + beResolveAttempts: 3 + feResolveAttempts: 3 + enabled: false + interval: 60 + changePriorityUser: ecompasdc + changePriorityPassword: ecompasdc123 + publishNetworkUrl: + publishNetworkBody: '{"note":"comment"}' + groups: + beSet: { changePriorityUrl: "", changePriorityBody: '{"name":"","uri":"","no_ad_redirection":false,"v4groups":{"failover_groups":["","","failover_policy":["FAILALL"]},"comment":"","intended_app_proto":"DNS"}'} + feSet: { changePriorityUrl: "", changePriorityBody: '{"name":"","uri":"","no_ad_redirection":false,"v4groups":{"failover_groups":["",""],"failover_policy":["FAILALL"]},"comment":"","intended_app_proto":"DNS"}'} + +applicationL1Cache: + datatypes: + enabled: true + firstRunDelay: 10 + pollIntervalInSec: 60 + +applicationL2Cache: + enabled: false + catalogL1Cache: + enabled: false + resourcesSizeInCache: 300 + servicesSizeInCache: 200 + productsSizeInCache: 100 + queue: + syncIntervalInSecondes: 43200 + waitOnShutDownInMinutes: 10 + numberOfCacheWorkers: 4 + +toscaValidators: + stringMaxLength: 2500 + +disableAudit: false + +vfModuleProperties: + min_vf_module_instances: + forBaseModule: 1 + forNonBaseModule: 0 + max_vf_module_instances: + forBaseModule: 1 + forNonBaseModule: + initial_count: + forBaseModule: 1 + forNonBaseModule: 0 + vf_module_type: + forBaseModule: Base + forNonBaseModule: Expansion + +genericAssetNodeTypes: + VFC: org.openecomp.resource.abstract.nodes.VFC + CVFC: org.openecomp.resource.abstract.nodes.VFC + VF : org.openecomp.resource.abstract.nodes.VF + PNF: org.openecomp.resource.abstract.nodes.PNF + Service: org.openecomp.resource.abstract.nodes.service + +workloadContext: Production + +environmentContext: + defaultValue: General_Revenue-Bearing + validValues: + - Critical_Revenue-Bearing + - Vital_Revenue-Bearing + - Essential_Revenue-Bearing + - Important_Revenue-Bearing + - Needed_Revenue-Bearing + - Useful_Revenue-Bearing + - General_Revenue-Bearing + - Critical_Non-Revenue + - Vital_Non-Revenue + - Essential_Non-Revenue + - Important_Non-Revenue + - Needed_Non-Revenue + - Useful_Non-Revenue + - General_Non-Revenue diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb new file mode 100644 index 0000000000..3491035fcf --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb @@ -0,0 +1,46 @@ +uebServers: + <% node['UEB']['fqdn'].each do |conn| -%> + - <%= conn %> + <% end -%> + +uebPublicKey: <%= node['UEB']['PublicKey'] %> +uebSecretKey: <%= node['UEB']['SecretKey'] %> + +distributionNotifTopicName: SDC-DISTR-NOTIF-TOPIC +distributionStatusTopicName: SDC-DISTR-STATUS-TOPIC + +initRetryIntervalSec: 5 +initMaxIntervalSec: 60 + +distribNotifServiceArtifactTypes: + info: + - MURANO-PKG + +distribNotifResourceArtifactTypes: + lifecycle: + - HEAT + - DG-XML + +environments: + - <%= node.chef_environment %> + +distributionStatusTopic: + pollingIntervalSec: 60 + fetchTimeSec: 15 + consumerGroup: sdc-<%= node.chef_environment %> + consumerId: sdc-<%= node.chef_environment %>1 + + +distributionNotificationTopic: + minThreadPoolSize: 0 + maxThreadPoolSize: 10 + maxWaitingAfterSendingSeconds: 5 + +createTopic: + partitionCount: 1 + replicationCount: 1 + +startDistributionEngine: true + +#This is false by default, since ONAP Dmaap currently doesn't support https +useHttpsWithDmaap: false \ No newline at end of file diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb new file mode 100644 index 0000000000..611285ea3f --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-elasticsearch.yml.erb @@ -0,0 +1,11 @@ +discovery.zen.ping.multicast.enabled: false +discovery.zen.ping.unicast.enabled: true +node.name: <%= node[:hostname] %> +cluster.name: <%= @cluster_name %> +node.master: false +node.data: false +http.cors.enabled: true +path.home: "/var/lib/jetty/config" +elasticSearch.transportclient: true +transport.client.initial_nodes: + - <%= @es_host_ip %>:9300 diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb new file mode 100644 index 0000000000..4646661dfb --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb @@ -0,0 +1,5 @@ +notifications: + pollingIntervalMsec: 2000 + selectionSize: 100 + beHost: <%= @catalog_ip %> + beHttpPort: <%= @catalog_port %> \ No newline at end of file diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb new file mode 100644 index 0000000000..4f23cb827f --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb @@ -0,0 +1,32 @@ +# Portal REST URL, ends "/auxapi" +ecomp_rest_url = <%= @ecomp_rest_url %> + +# Java implementation of interface +portal.api.impl.class = org.openecomp.sdc.be.ecomp.EcompIntImpl + +# CSP-SSO URL + +ecomp_redirect_url = <%= @ecomp_redirect_url %> + +# Comma-separated list of UEB server names + +ueb_url_list = <%= @ueb_url_list %> + +# UEB topic where Portal listens +ecomp_portal_inbox_name = <%= @inbox_name %> + +# UEB key generated while on-boarding +ueb_app_key = <%= @app_key %> + +# UEB secret generated while on-boarding +ueb_app_secret = <%= @app_secret %> + +# UEB topic where App listens +ueb_app_mailbox_name = <%= @app_topic_name %> + +# Consumer group name; most Apps should use {UUID} +ueb_app_consumer_group_name = {UUID} + +ueb_listeners_enable = true + +decryption_key = <%= @decrypt_key %> diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-titan.properties.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-titan.properties.erb new file mode 100644 index 0000000000..cf885e62bb --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-titan.properties.erb @@ -0,0 +1,28 @@ +storage.backend=cassandra +storage.hostname=<%= @CASSANDRA_IP %> +storage.port=9160 +storage.username=<%= @CASSANDRA_USR %> +storage.password=<%= @CASSANDRA_PWD %> +storage.connection-timeout=<%= @titan_connection_timeout %> +storage.cassandra.keyspace=sdctitan + +storage.cassandra.ssl.enabled=false +storage.cassandra.ssl.truststore.location=/var/lib/jetty/config/.truststore +storage.cassandra.ssl.truststore.password=Aa123456 + +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.NetworkTopologyStrategy +storage.cassandra.replication-strategy-options=<%= @DC_NAME %>,<%= @rep_factor %> +storage.cassandra.astyanax.local-datacenter=<%= @DC_NAME %> + + +cache.db-cache = false +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.5 + +cache.tx-cache-size = 1000000 + +storage.lock.retries=5 +storage.lock.wait-time=500 diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb new file mode 100644 index 0000000000..5239e9bdef --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb @@ -0,0 +1,11 @@ +#!/bin/bash + +health_Check_http_code=$(curl --max-time 5 -o /dev/null -w '%{http_code}' http://localhost:8080/sdc2/rest/healthCheck) +if [[ "$health_Check_http_code" -eq 500 ]]; then + exit 200 +else + exit $health_Check_http_code +fi + + + diff --git a/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb new file mode 100644 index 0000000000..adfc0d0ce2 --- /dev/null +++ b/catalog-be/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb @@ -0,0 +1,90 @@ +# --------------------------------------- +# Module: ssl +--module=ssl + +### TLS(SSL) Connector Configuration + +## Connector host/address to bind to +# jetty.ssl.host=0.0.0.0 + +## Connector port to listen on +jetty.ssl.port=<%= @BE_https_port %> + +## Connector idle timeout in milliseconds +# jetty.ssl.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.ssl.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.ssl.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.ssl.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.ssl.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.ssl.acceptorPriorityDelta=0 + +## Whether request host names are checked to match any SNI names +# jetty.ssl.sniHostCheck=true + +## max age in seconds for a Strict-Transport-Security response header (default -1) +# jetty.ssl.stsMaxAgeSeconds=31536000 + +## include subdomain property in any Strict-Transport-Security header (default false) +# jetty.ssl.stsIncludeSubdomains=true + +### SslContextFactory Configuration +## Note that OBF passwords are not secure, just protected from casual observation +## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html + +## Keystore file path (relative to $jetty.base) +# jetty.sslContext.keyStorePath=etc/keystore + +## Truststore file path (relative to $jetty.base) +# jetty.sslContext.trustStorePath=etc/keystore + +## Keystore password +# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Keystore type and provider +# jetty.sslContext.keyStoreType=JKS +# jetty.sslContext.keyStoreProvider= + +## KeyManager password +# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g +jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Truststore password +# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Truststore type and provider +# jetty.sslContext.trustStoreType=JKS +# jetty.sslContext.trustStoreProvider= + +## whether client certificate authentication is required +# jetty.sslContext.needClientAuth=false + +## Whether client certificate authentication is desired +# jetty.sslContext.wantClientAuth=false + +## Whether cipher order is significant (since java 8 only) +# jetty.sslContext.useCipherSuitesOrder=true + +## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at +## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites + +## Set the size of the SslSession cache +# jetty.sslContext.sslSessionCacheSize=-1 + +## Set the timeout (in seconds) of the SslSession cache timeout +# jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 -- cgit 1.2.3-korg