From 591810df468a8e2c59569e701f514bff61203940 Mon Sep 17 00:00:00 2001 From: sebdet Date: Thu, 17 Sep 2020 15:07:23 +0200 Subject: Introduce a new docker for be plugins Introduce a new docker image containing the etsi plugin and potentially others + simplify the process to build backend image + cleaning of unused files Issue-ID: SDC-3289 Signed-off-by: sebdet Change-Id: I82c770b391d169bef3bcc5f5af66e2a24dffb1b4 Signed-off-by: sebdet --- .../templates/default/BE-configuration.yaml.erb | 1259 ++++++++++++++++++++ .../BE-distribution-engine-configuration.yaml.erb | 82 ++ .../templates/default/BE-janusgraph.properties.erb | 27 + .../templates/default/BE-key.properties.erb | 41 + .../default/BE-onboarding-configuration.yaml.erb | 5 + .../templates/default/BE-portal.properties.erb | 89 ++ .../templates/default/cadi.properties.erb | 54 + .../sdc-catalog-be/templates/default/http-ini.erb | 29 + .../sdc-catalog-be/templates/default/https-ini.erb | 29 + .../templates/default/ready-probe.sh.erb | 9 + .../sdc-catalog-be/templates/default/ssl-ini.erb | 90 ++ 11 files changed, 1714 insertions(+) create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-key.properties.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/http-ini.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/https-ini.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb create mode 100644 catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb (limited to 'catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates') diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb new file mode 100644 index 0000000000..20f00954e3 --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -0,0 +1,1259 @@ +identificationHeaderFields: + - HTTP_IV_USER + - HTTP_CSP_FIRSTNAME + - HTTP_CSP_LASTNAME + - HTTP_IV_REMOTE_ADDRESS + - HTTP_CSP_WSTYPE + +# catalog backend hostname +beFqdn: <%= @catalog_ip %> + +# catalog backend http port +beHttpPort: <%= @catalog_port %> + +# catalog backend http context +beContext: /sdc/rest/config/get + +# catalog backend protocol +<% if node[:disableHttp] -%> +beProtocol: https +<% else %> +beProtocol: http +<% end -%> + +# catalog backend ssl port +beSslPort: <%= @ssl_port %> +version: 1.1.0 +released: 2012-11-30 +toscaConformanceLevel: 11.0 +minToscaConformanceLevel: 3.0 + +janusGraphCfgFile: /var/lib/jetty/config/catalog-be/janusgraph.properties +janusGraphInMemoryGraph: false +janusGraphLockTimeout: 1800 +# The interval to try and reconnect to JanusGraph DB when it is down during ASDC startup: +janusGraphReconnectIntervalInSeconds: 3 + +# The read timeout towards JanusGraph DB when health check is invoked: +janusGraphHealthCheckReadTimeout: 1 + +# The interval to try and reconnect to Elasticsearch when it is down during ASDC startup: + +uebHealthCheckReconnectIntervalInSeconds: 15 +uebHealthCheckReadTimeout: 4 + +# Protocols +protocols: + - http + - https + +# Default imports +defaultImports: + - nodes: + file: nodes.yml + - datatypes: + file: data.yml + - capabilities: + file: capabilities.yml + - relationships: + file: relationships.yml + - groups: + file: groups.yml + - policies: + file: policies.yml + - annotations: + file: annotations.yml + +# Global CSAR Import Files +globalCsarImports: + - annotations.yml + - artifacts.yml + - capabilities.yml + - data.yml + - groups.yml + - interfaces.yml + - nodes.yml + - policies.yml + - relationships.yml + +# Users +users: + tom: passwd + bob: passwd + +# access restriction +authCookie: + securityKey: "sdcaccessrestrictionsecureykey" + maxSessionTimeOut: 86400000 + sessionIdleTimeOut: 3600000 + cookieName: "AuthenticationCookie" + path: / + domain: "" + isHttpOnly: true + # redirect variable name from portal.properties file + redirectURL: "" + excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>] + onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>] + + + +cassandraConfig: + cassandraHosts: [<%= @cassandra_ip %>] + cassandraPort: <%= @cassandra_port %> + localDataCenter: <%= @DC_NAME %> + reconnectTimeout : 30000 + socketReadTimeout: <%= @socket_read_timeout %> + socketConnectTimeout: <%= @socket_connect_timeout %> + authenticate: true + username: <%= @cassandra_usr %> + password: <%= @cassandra_pwd %> + ssl: <%= @cassandra_ssl_enabled %> + truststorePath : /var/lib/jetty/etc/truststore + truststorePassword : <%= @cassandra_truststore_password %> + keySpaces: + - { name: dox, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} + - { name: sdcaudit, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} + - { name: sdcartifact, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} + - { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} + - { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} + + +licenseTypes: + - User + - Installation + - CPU + +#Deployment artifacts placeHolder +resourceTypes: &allResourceTypes + - VFC + - CP + - VL + - VF + - CR + - VFCMT + - Abstract + - CVFC + - Configuration + - ServiceProxy + - PNF + +componentAllowedInstanceTypes: + Resource: + VF: + - VFC + - VF + - CR + - CP + - PNF + - CVFC + - VL + - Configuration + - ServiceProxy + - Abstract + CVFC: + - VFC + - VF + - CR + - CP + - PNF + - CVFC + - VL + - ServiceProxy + - Abstract + PNF: + - VF + - CR + - CP + - PNF + - CVFC + - VL + - Configuration + - ServiceProxy + - Abstract + CR: + - VF + - CR + - CP + - PNF + - CVFC + - VL + - Configuration + - ServiceProxy + - Abstract + VL: + - VL + Service: + "*": + - VF + - CR + - CP + - PNF + - CVFC + - VL + - Configuration + - ServiceProxy + - Abstract + +artifacts: + - type: CONTROLLER_BLUEPRINT_ARCHIVE + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + - RESOURCE + resourceTypes: + - VF + - PNF + acceptedTypes: + - zip + - type: HELM + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - tgz + - type: YANG_XML + categories: + - DEPLOYMENT + - INFORMATIONAL + componentTypes: + - SERVICE + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - xml + - type: VNF_CATALOG + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: + acceptedTypes: + - xml + - type: MODEL_INVENTORY_PROFILE + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: + acceptedTypes: + - xml + - type: MODEL_QUERY_SPEC + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: + acceptedTypes: + - xml + - type: UCPE_LAYER_2_CONFIGURATION + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: + acceptedTypes: + - xml + #AAI Artifacts + - type: AAI_SERVICE_MODEL + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: + acceptedTypes: + - xml + - type: AAI_VF_MODULE_MODEL + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: + acceptedTypes: + - xml + - type: AAI_VF_INSTANCE_MODEL + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: + acceptedTypes: + - xml + #Plan + - type: PLAN + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + - RESOURCE + - RESOURCE_INSTANCE + resourceTypes: + - VF + - VFC + acceptedTypes: + - xml + - type: WORKFLOW + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + - RESOURCE + resourceTypes: + - VFC + - CP + - VL + - VF + - CR + - VFCMT + - Abstract + - CVFC + - PNF + acceptedTypes: + - type: HEAT + categories: + - DEPLOYMENT + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - yaml + - yml + - type: HEAT_VOL + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - yaml + - yml + - type: HEAT_NET + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - yaml + - yml + - type: HEAT_NESTED + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - yaml + - yml + - type: HEAT_ARTIFACT + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - zip + - tgz + - csar + - type: VNF_CATALOG + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - xml + - type: VF_LICENSE + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - xml + - type: VENDOR_LICENSE + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - xml + - type: MODEL_INVENTORY_PROFILE + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - xml + - type: MODEL_QUERY_SPEC + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - xml + - type: LIFECYCLE_OPERATIONS + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - VFC + acceptedTypes: + - yaml + - yml + - type: VES_EVENTS + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + - RESOURCE_INSTANCE + resourceTypes: + - VFC + - CP + - VL + - VF + - CR + - VFCMT + - Abstract + - CVFC + - PNF + acceptedTypes: + - yaml + - yml + - type: PERFORMANCE_COUNTER + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + - RESOURCE_INSTANCE + resourceTypes: *allResourceTypes + acceptedTypes: + - csv + - type: APPC_CONFIG + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + acceptedTypes: + - type: DCAE_TOSCA + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - VFCMT + acceptedTypes: + - yml + - yaml + - type: DCAE_JSON + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - VFCMT + acceptedTypes: + - json + - type: DCAE_POLICY + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - VFCMT + acceptedTypes: + - emf + - type: DCAE_DOC + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - VFCMT + acceptedTypes: + - type: DCAE_EVENT + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - VFCMT + acceptedTypes: + - type: AAI_VF_MODEL + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + acceptedTypes: + - xml + - type: AAI_VF_MODULE_MODEL + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + acceptedTypes: + - xml + - type: OTHER + categories: + - DEPLOYMENT + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: + - VFC + - CVFC + - CP + - VL + - VF + - VFCMT + - Abstract + - PNF + acceptedTypes: + - type: SNMP_POLL + categories: + - DEPLOYMENT + - INFORMATIONAL + componentTypes: + - RESOURCE + - RESOURCE_INSTANCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: SNMP_TRAP + categories: + - DEPLOYMENT + - INFORMATIONAL + componentTypes: + - RESOURCE + - RESOURCE_INSTANCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: PM_DICTIONARY + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - PNF + acceptedTypes: + - yaml + - yml + - type: YANG_MODULE + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - PNF + acceptedTypes: + - yang + - type: ANSIBLE_PLAYBOOK + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - PNF + acceptedTypes: + - yaml + - yml + - type: ONBOARDED_PACKAGE + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - PNF + acceptedTypes: + - csar + - zip + - type: ETSI_PACKAGE + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE + resourceTypes: + - VF + - PNF + acceptedTypes: + - csar + - zip + - type: HEAT_ENV + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - env + - type: VF_MODULES_METADATA + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - json + - type: DCAE_INVENTORY_TOSCA + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - yml + - yaml + - type: DCAE_INVENTORY_JSON + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - json + - type: DCAE_INVENTORY_POLICY + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - emf + - type: DCAE_INVENTORY_DOC + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - type: DCAE_INVENTORY_BLUEPRINT + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - type: DCAE_INVENTORY_EVENT + categories: + - DEPLOYMENT + componentTypes: + - RESOURCE_INSTANCE + resourceTypes: + acceptedTypes: + - type: CHEF + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: PUPPET + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: SHELL + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: YANG + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: BPEL + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: DG_XML + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: MURANO_PKG + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: PNF_SW_INFORMATION + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: + - PNF + acceptedTypes: + - yaml + - yml + - type: GUIDE + categories: + - INFORMATIONAL + componentTypes: + - RESOURCE + resourceTypes: + - VF + - VFC + - CVFC + - PNF + acceptedTypes: + - yaml + - yml + - type: FLOW + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + resourceTypes: *allResourceTypes + acceptedTypes: + - type: SHELL_SCRIPT + categories: + - DEPLOYMENT + componentTypes: + - SERVICE + - SERVICE_INSTANCE + - RESOURCE + - RESOURCE_INSTANCE + resourceTypes: *allResourceTypes + acceptedTypes: + - sh + - type: TOSCA_CSAR + categories: + - TOSCA + componentTypes: + resourceTypes: + acceptedTypes: + - csar + - type: TOSCA_TEMPLATE + categories: + - TOSCA + componentTypes: + resourceTypes: + acceptedTypes: + - yml + - yaml + - type: NETWORK_CALL_FLOW + categories: + componentTypes: + resourceTypes: + acceptedTypes: + - type: ICON + categories: + componentTypes: + resourceTypes: + acceptedTypes: + +deploymentResourceArtifacts: + +deploymentResourceInstanceArtifacts: + heatEnv: + displayName: "HEAT ENV" + type: HEAT_ENV + description: "Auto-generated HEAT Environment deployment artifact" + fileExtension: "env" + VfHeatEnv: + displayName: "VF HEAT ENV" + type: HEAT_ENV + description: "VF Auto-generated HEAT Environment deployment artifact" + fileExtension: "env" + +#tosca artifacts placeholders +toscaArtifacts: + assetToscaTemplate: + artifactName: -template.yml + displayName: Tosca Template + type: TOSCA_TEMPLATE + description: TOSCA representation of the asset + assetToscaCsar: + artifactName: -csar.csar + displayName: Tosca Model + type: TOSCA_CSAR + description: TOSCA definition package of the asset + +#Informational artifacts placeHolder +excludeResourceCategory: + - Generic +excludeResourceType: + - PNF + - CR +informationalResourceArtifacts: + features: + displayName: Features + type: OTHER + capacity: + displayName: Capacity + type: OTHER + vendorTestResult: + displayName: Vendor Test Result + type: OTHER + testScripts: + displayName: Test Scripts + type: OTHER + CloudQuestionnaire: + displayName: Cloud Questionnaire (completed) + type: OTHER + HEATTemplateFromVendor: + displayName: HEAT Template from Vendor + type: HEAT + resourceSecurityTemplate: + displayName: Resource Security Template + type: OTHER + +excludeServiceCategory: + +informationalServiceArtifacts: + serviceArtifactPlan: + displayName: Service Artifact Plan + type: OTHER + summaryOfImpactsToECOMPElements: + displayName: Summary of impacts to ECOMP elements,OSSs, BSSs + type: OTHER + controlLoopFunctions: + displayName: Control Loop Functions + type: OTHER + dimensioningInfo: + displayName: Dimensioning Info + type: OTHER + affinityRules: + displayName: Affinity Rules + type: OTHER + operationalPolicies: + displayName: Operational Policies + type: OTHER + serviceSpecificPolicies: + displayName: Service-specific Policies + type: OTHER + engineeringRules: + displayName: Engineering Rules (ERD) + type: OTHER + distributionInstructions: + displayName: Distribution Instructions + type: OTHER + certificationTestResults: + displayName: TD Certification Test Results + type: OTHER + deploymentVotingRecord: + displayName: Deployment Voting Record + type: OTHER + serviceQuestionnaire: + displayName: Service Questionnaire + type: OTHER + serviceSecurityTemplate: + displayName: Service Security Template + type: OTHER + +serviceApiArtifacts: + configuration: + displayName: Configuration + type: OTHER + instantiation: + displayName: Instantiation + type: OTHER + monitoring: + displayName: Monitoring + type: OTHER + reporting: + displayName: Reporting + type: OTHER + logging: + displayName: Logging + type: OTHER + testing: + displayName: Testing + type: OTHER + + +additionalInformationMaxNumberOfKeys: 50 + +systemMonitoring: + enabled: false + isProxy: false + probeIntervalInSeconds: 15 +heatArtifactDeploymentTimeout: + defaultMinutes: 30 + minMinutes: 1 + maxMinutes: 120 + +unLoggedUrls: + - /sdc2/rest/monitoring + - /sdc2/rest/healthCheck + +cleanComponentsConfiguration: + cleanIntervalInMinutes: 1440 + componentsToClean: + - Resource + - Service + +artifactsIndex: resources + +heatEnvArtifactHeader: "" +heatEnvArtifactFooter: "" + +onboarding: + host: <%= node['ONBOARDING_BE_VIP'] %> + <% if node[:disableHttp] -%> + protocol: https + port: <%= node['ONBOARDING_BE'][:https_port] %> + <% else %> + protocol: http + port: <%= node['ONBOARDING_BE'][:http_port] %> + <% end -%> + downloadCsarUri: "/onboarding-api/v1.0/vendor-software-products/packages" + healthCheckUri: "/onboarding-api/v1.0/healthcheck" + +dcae: + host: <%= @dcae_be_vip %> + <% if node[:disableHttp] -%> + protocol: https + port: <%= node['DCAE']['BE'][:https_port] %> + <% else %> + protocol: http + port: <%= node['DCAE']['BE'][:http_port] %> + <% end -%> + healthCheckUri: "/dcae/healthCheck" + +# #GSS IDNS +switchoverDetector: + gBeFqdn: + gFeFqdn: + beVip: 1.2.3.4 + feVip: 1.2.3.4 + beResolveAttempts: 3 + feResolveAttempts: 3 + enabled: false + interval: 60 + changePriorityUser: ecompasdc + changePriorityPassword: ecompasdc123 + publishNetworkUrl: + publishNetworkBody: '{"note":"comment"}' + groups: + beSet: { changePriorityUrl: "", changePriorityBody: '{"name":"","uri":"","no_ad_redirection":false,"v4groups":{"failover_groups":["","","failover_policy":["FAILALL"]},"comment":"","intended_app_proto":"DNS"}'} + feSet: { changePriorityUrl: "", changePriorityBody: '{"name":"","uri":"","no_ad_redirection":false,"v4groups":{"failover_groups":["",""],"failover_policy":["FAILALL"]},"comment":"","intended_app_proto":"DNS"}'} + +applicationL1Cache: + datatypes: + enabled: true + firstRunDelay: 10 + pollIntervalInSec: 60 + +applicationL2Cache: + enabled: false + catalogL1Cache: + enabled: false + resourcesSizeInCache: 300 + servicesSizeInCache: 200 + productsSizeInCache: 100 + queue: + syncIntervalInSecondes: 43200 + waitOnShutDownInMinutes: 10 + numberOfCacheWorkers: 4 + +toscaValidators: + stringMaxLength: 2500 + +disableAudit: false + +consumerBusinessLogic: true + +vfModuleProperties: + min_vf_module_instances: + forBaseModule: 1 + forNonBaseModule: 0 + max_vf_module_instances: + forBaseModule: 1 + forNonBaseModule: + initial_count: + forBaseModule: 1 + forNonBaseModule: 0 + vf_module_type: + forBaseModule: Base + forNonBaseModule: Expansion + +genericAssetNodeTypes: + VFC: org.openecomp.resource.abstract.nodes.VFC + CVFC: org.openecomp.resource.abstract.nodes.VFC + VF : org.openecomp.resource.abstract.nodes.VF + CR : org.openecomp.resource.abstract.nodes.CR + PNF: org.openecomp.resource.abstract.nodes.PNF + Service: org.openecomp.resource.abstract.nodes.service + ETSI Network Service: tosca.nodes.nfv.NS + +serviceNodeTypes: + ETSI Network Service: tosca.nodes.nfv.NS + +workloadContext: Production + +environmentContext: + defaultValue: General_Revenue-Bearing + validValues: + - Critical_Revenue-Bearing + - Vital_Revenue-Bearing + - Essential_Revenue-Bearing + - Important_Revenue-Bearing + - Needed_Revenue-Bearing + - Useful_Revenue-Bearing + - General_Revenue-Bearing + - Critical_Non-Revenue + - Vital_Non-Revenue + - Essential_Non-Revenue + - Important_Non-Revenue + - Needed_Non-Revenue + - Useful_Non-Revenue + - General_Non-Revenue + +gabConfig: + - artifactType: 'VES_EVENTS' + pathsAndNamesDefinitions: + - + friendlyName: "Action" + path: "event.action[2]" + searchable: true + - + friendlyName: "Comment" + path: "event.comment" + searchable: true + - + friendlyName: "Alarm Additional Information" + path: "event.structure.faultFields.structure.alarmAdditionalInformation.comment" + searchable: true + - artifactType: 'PM_DICTIONARY' + pathsAndNamesDefinitions: + - + friendlyName: "measType" + path: "pmMetaData.pmFields.measType" + searchable: true + - + friendlyName: "measDescription" + path: "pmMetaData.pmFields.measDescription" + searchable: true + - + friendlyName: "measCondition" + path: "pmMetaData.pmFields.measCondition" + searchable: false + - + friendlyName: "measResultUnits" + path: "pmMetaData.pmFields.measResultUnits" + searchable: false + - + friendlyName: "measResultRange" + path: "pmMetaData.pmFields.measResultRange" + searchable: false + - + friendlyName: "measObjClass" + path: "pmMetaData.pmFields.measObjClass" + searchable: true + - + friendlyName: "measCollectionMethod" + path: "pmMetaData.pmFields.measCollectionMethod" + searchable: false + - + friendlyName: "measInfoId" + path: "pmMetaData.pmFields.measInfoId" + searchable: true + - + friendlyName: "iMeasInfoId" + path: "pmMetaData.pmFields.iMeasInfoId" + searchable: false + +dmaapConsumerConfiguration: + active: <%= @dmaap_active %> + hosts: localhost:3905 + consumerGroup: sdc + consumerId: mama + timeoutMs: 15000 + limit: 1 + pollingInterval: 2 + topic: topic + latitude: 32.109333 + longitude: 34.855499 + version: 1.0 + serviceName: localhost/events + environment: TEST + partner: BOT_R + routeOffer: MR1 + protocol: https + contenttype: application/json + dme2TraceOn: true + aftEnvironment: AFTUAT + aftDme2ConnectionTimeoutMs: 15000 + aftDme2RoundtripTimeoutMs: 240000 + aftDme2ReadTimeoutMs: 50000 + dme2preferredRouterFilePath: DME2preferredRouter.txt + timeLimitForNotificationHandleMs: 120000 + credential: + username: user + password: + aftDme2SslEnable: true + aftDme2ClientKeystore: /var/lib/jetty/etc/truststore + aftDme2ClientKeystorePassword: "" + aftDme2ClientSslCertAlias: certman + +dmaapProducerConfiguration: + active: true + hosts: <%= node['DMAAP']['producer']['host']%> + consumerGroup: sdc-<%= node.chef_environment %>-<%= node['DMAAP']['random_id'] %> + consumerId: sdc-<%= node.chef_environment %>1-<%= node['DMAAP']['random_id'] %> + timeoutMs: 15000 + limit: 1 + pollingInterval: 2 + topic: <%= node['DMAAP']['producer']['topic'] %> + latitude: 32.109333 + longitude: 34.855499 + version: 1.0 + serviceName: <%= node['DMAAP']['producer']['serviceName'] %> + environment: <%= node['DMAAP']['producer']['environment'] %> + partner: BOT_R + routeOffer: MR1 + protocol: <%= node['http_protocol'] %> + contenttype: application/json + dme2TraceOn: true + aftEnvironment: <%= node['DMAAP']['producer']['aftEnvironment']%> + aftDme2ConnectionTimeoutMs: 15000 + aftDme2RoundtripTimeoutMs: 240000 + aftDme2ReadTimeoutMs: 50000 + dme2preferredRouterFilePath: <%= node['DMAAP']['producer']['dme2preferredRouterFilePath'] %> + timeLimitForNotificationHandleMs: 120000 + credential: + username: <%= node['DMAAP']['producer']['username'] %> + password: <%= node['DMAAP']['producer']['password'] %> + aftDme2SslEnable: true + aftDme2ClientKeystore: /var/lib/jetty/etc/truststore + aftDme2ClientKeystorePassword: <%= node['jetty']['dmaap_truststore_pwd'] %> + aftDme2ClientSslCertAlias: certman + + +# ToDo: AF - had to remove due to configuration laod class failure +#dmeConfiguration: +# lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT" +# dme2Search: DME2SEARCH +# dme2Resolve: DME2RESOLVE + +excludedPolicyTypesMapping: + # VF: + # - a.b.c + # - c.d.e + #CR: + # - x.y.z + +excludedGroupTypesMapping: + CR: + - org.openecomp.groups.VfModule + - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group + - tosca.groups.Root + PNF: + - org.openecomp.groups.VfModule + - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group + - tosca.groups.Root + VF: + - org.openecomp.groups.VfModule + - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group + - tosca.groups.Root + Service: + - org.openecomp.groups.VfModule + - org.openecomp.groups.heat.HeatStack + - org.openecomp.groups.Group + - tosca.groups.Root + +healthStatusExclude: + - DE + - DMAAP + - DMAAP_PRODUCER + - ON_BOARDING + - DCAE + - PORTAL + - External API + +#Auto Healing +enableAutoHealing: false +appVersion: <%= @app_version %> + +artifactGeneratorConfig: Artifact-Generator.properties +resourcesForUpgrade: + 8.0: + - org.openecomp.resource.cp.extCP + - tosca.nodes.network.Network + - tosca.nodes.network.Port + - org.openecomp.resource.cp.nodes.network.SubInterface +skipUpgradeFailedVfs: true +skipUpgradeVSPs: true +autoHealingOwner: jh0003 +supportAllottedResourcesAndProxy: true +deleteLockTimeoutInSeconds: 60 +maxDeleteComponents: 10 + +# Cadi filter (access restriction) Parameters +aafNamespace: <%= node['aafNamespace'] %> +aafAuthNeeded: <%= node['access_restriction']['aafAuthNeeded'] %> + +cadiFilterParams: + AFT_LATITUDE: "32.780140" + AFT_LONGITUDE: "-96.800451" + hostname: <%= node['BE_VIP'] %> + aaf_id: <%= node['access_restriction']['aaf_id'] %> + aaf_env: <%= node['access_restriction']['aaf_env'] %> + aaf_url: <%= node['access_restriction']['aaf_url'] %> + csp_domain: <%= node['access_restriction']['csp_domain'] %> + cadi_keyfile: <%= node['access_restriction']['cadi_keyfile'] %> + aaf_password: <%= node['access_restriction']['aaf_password'] %> + cadi_loglevel: <%= node['access_restriction']['cadi_loglevel'] %> + AFT_ENVIRONMENT: <%= node['access_restriction']['AFT_ENVIRONMENT'] %> + cadiX509Issuers: <%= node['access_restriction']['cadiX509Issuers'] %> + cadi_truststore: <%= node['access_restriction']['cadi_truststore'] %> + cadi_truststore_password: <%= node['access_restriction']['cadi_truststore_password'] %> + +# This configuration entry lists all node type names prefix that shall be allowed on SDC. +definedResourceNamespace: + - org.openecomp.resource. + +# This configuration entry lists all Directives values that shall be allowed on SDC. +directives: + - select + - selectable + - substitute + - substitutable diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb new file mode 100644 index 0000000000..0fa6936f74 --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-distribution-engine-configuration.yaml.erb @@ -0,0 +1,82 @@ +uebServers: + <% node['UEB']['fqdn'].each do |conn| -%> + - <%= conn %> + <% end -%> + +uebPublicKey: <%= node['UEB']['PublicKey'] %> +uebSecretKey: <%= node['UEB']['SecretKey'] %> + +distributionNotifTopicName: SDC-DISTR-NOTIF-TOPIC +distributionStatusTopicName: SDC-DISTR-STATUS-TOPIC + +initRetryIntervalSec: 5 +initMaxIntervalSec: 60 + +distribNotifServiceArtifactTypes: + info: + - MURANO-PKG + +distribNotifResourceArtifactTypes: + lifecycle: + - HEAT + - DG-XML + +environments: + - <%= node.chef_environment %> + +distributionStatusTopic: + pollingIntervalSec: 60 + fetchTimeSec: 15 + consumerGroup: sdc-<%= node.chef_environment %> + consumerId: sdc-<%= node.chef_environment %>1 + + +distributionNotificationTopic: + minThreadPoolSize: 0 + maxThreadPoolSize: 10 + maxWaitingAfterSendingSeconds: 5 + +createTopic: + partitionCount: 1 + replicationCount: 1 + +startDistributionEngine: true + +#This is false by default, since ONAP Dmaap currently doesn't support https +useHttpsWithDmaap: false +opEnvRecoveryIntervalSec: 180 +allowedTimeBeforeStaleSec: 300 + +aaiConfig: + httpRequestConfig: + serverRootUrl: https://localhost:8443 + resourceNamespaces: + operationalEnvironments: /aai/v12/cloud-infrastructure/operational-environments + + httpClientConfig: + timeouts: + readTimeoutMs: 5000 + connectTimeoutMs: 1000 + clientCertificate: + keyStore: /var/lib/jetty/base/be/etc/non-prod.jks + keyStorePassword: hmXYcznAljMSisdy8zgcag== + headers: + X-FromAppId: asdc + numOfRetries: 3 + +msoConfig: + httpRequestConfig: + serverRootUrl: http://127.0.0.1:8080/onap/mso/infra/modelDistributions/v1 + resourceNamespaces: + distributions: /distributions + + httpClientConfig: + timeouts: + readTimeoutMs: 2000 + connectTimeoutMs: 500 + basicAuthorization: + userName: asdc + password: OTLEp5lfVhYdyw5EAtTUBQ== + numOfRetries: 3 + +currentArtifactInstallationTimeout: 120 diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb new file mode 100644 index 0000000000..0a9dd073c0 --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb @@ -0,0 +1,27 @@ +storage.backend=cql +storage.hostname=<%= @cassandra_ip %> +storage.port=<%= @cassandra_cql_port %> +storage.username=<%= @cassandra_usr %> +storage.password=<%= @cassandra_pwd %> +storage.connection-timeout=<%= @janus_connection_timeout %> +storage.cql.keyspace=sdctitan + +storage.cql.ssl.enabled=<%= @cassandra_ssl_enabled %> +storage.cql.ssl.truststore.location=<%= @cassandra_truststore_path %> +storage.cql.ssl.truststore.password=<%= @cassandra_truststore_password %> + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-strategy-class=NetworkTopologyStrategy +storage.cql.replication-strategy-options=<%= @DC_NAME_WITH_REP %> +storage.cql.local-datacenter=<%= @DC_NAME %> + + +cache.db-cache = false +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.5 + +cache.tx-cache-size = 1000000 + +storage.lock.retries=5 \ No newline at end of file diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-key.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-key.properties.erb new file mode 100644 index 0000000000..007a36e350 --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-key.properties.erb @@ -0,0 +1,41 @@ +### +# ============LICENSE_START========================================== +# ONAP Portal SDK +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# +### + +# Properties read by the ECOMP Framework library (epsdk-fw) + +cipher.enc.key = <%= @cipher_key %> \ No newline at end of file diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb new file mode 100644 index 0000000000..4646661dfb --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-onboarding-configuration.yaml.erb @@ -0,0 +1,5 @@ +notifications: + pollingIntervalMsec: 2000 + selectionSize: 100 + beHost: <%= @catalog_ip %> + beHttpPort: <%= @catalog_port %> \ No newline at end of file diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb new file mode 100644 index 0000000000..159a6cce15 --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-portal.properties.erb @@ -0,0 +1,89 @@ +### +# ============LICENSE_START========================================== +# ONAP Portal SDK +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# +### +# Properties read by ECOMP Framework library, ecompFW.jar + +########################################################################## +# The following properties should NOT be changed by partner applications. +########################################################################## + +portal.api.prefix = /api +max.idle.time = 5 +user.attribute.name = user_attribute + +#Use REST API instead of UEB to fetch the functional menu data +use_rest_for_functional_menu=true + + +########################################################################## +# The following properties MUST be changed by partner applications. +########################################################################## + +# Name of java class that implements the OnBoardingApiService interface. +portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestApiCentralServiceImpl +role_access_centralized = remote + +# Cookie set by CSP-SSO +#csp_cookie_name = onapCsp + +# CSP setting, most use PROD; DEV also recognized +csp_gate_keeper_prod_key = PROD + +# URL of the Portal where this app is onboarded +ecomp_redirect_url = <%= @ecomp_redirect_url %> + +# URL of the ECOMP Portal REST API +ecomp_rest_url = <%= @ecomp_rest_url %> + +# Connection and Read timeout values +ext_req_connection_timeout = 15000 +ext_req_read_timeout = 20000 + +# Name of java class that implements the OnBoardingApiService interface. +portal.api.impl.class = org.openecomp.sdc.be.ecomp.PortalRestApiCentralServiceImpl + +#Portal user & key +portal_app_name = <%= @portal_app_name %> +portal_pass = <%= @ecomp_portal_pass %> +portal_user = <%= @ecomp_portal_user %> + + +# UEB key generated while on-boarding +ueb_app_key = "" + +# Applications do not need to run a UEB listener after 1607. +ueb_listeners_enable = false diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb new file mode 100644 index 0000000000..66654310e0 --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb @@ -0,0 +1,54 @@ +# Configure AAF +aaf_locate_url=<%= node['access_restriction']['aaf_locate_url'] %> + +aaf_url=<%= node['access_restriction']['aaf_url'] %> + +#if you are running aaf service from a docker image you have to use aaf service IP and port number +aaf_id=<%= node['access_restriction']['aaf_id'] %> +#Encrypt the password using AAF Jar +aaf_password=<%= node['access_restriction']['aaf_password'] %> +# Sample CADI Properties, from CADI 1.4.2 +hostname=<%= node['BE_VIP'] %> +csp_domain=<%= node['access_restriction']['csp_domain'] %> + +# Add Absolute path to Keyfile +cadi_keyfile=<%= node['access_restriction']['cadi_keyfile'] %> + + +# This is required to accept Certificate Authentication from Certman certificates. +# can be TEST, IST or PROD +aaf_env=<%= node['access_restriction']['aaf_env'] %> + +# DEBUG prints off all the properties. Use to get started. +cadi_loglevel=<%= node['access_restriction']['cadi_loglevel'] %> + + +# Become CSO Poodle Compliant by only allowing sanctioned TLS versions +# The following is the default +# cadi_protocols=TLSv1.1,TLSv1.2 + +# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2 +# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore +# Add Absolute path to truststore2020.jks +cadi_truststore=<%= node['access_restriction']['cadi_truststore'] %> +# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs +cadi_truststore_password=<%= node['access_restriction']['cadi_truststore_password'] %> + +# how to turn on SSL Logging +#javax.net.debug=ssl + +## +# Hint +# Use "maps.bing.com" to get Lat and Long for an Address +AFT_LATITUDE=32.780140 +AFT_LONGITUDE=-96.800451 +AFT_ENVIRONMENT=<%= node['access_restriction']['AFT_ENVIRONMENT'] %> +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=<%= node['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] %> +DME2.DEBUG=true +AFT_DME2_HTTP_EXCHANGE_TRACE_ON=<%= node['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] %> + +cadi_latitude=32.780140 +cadi_longitude=-96.800451 + +aaf_root_ns=<%= node['aafNamespace'] %> +aaf_api_version=2.0 diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/http-ini.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/http-ini.erb new file mode 100644 index 0000000000..8f2669032b --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/http-ini.erb @@ -0,0 +1,29 @@ +# --------------------------------------- +# Module: http +<%= @http_option %> + +### HTTP Connector Configuration + +## Connector host/address to bind to +# jetty.http.host=0.0.0.0 + +## Connector port to listen on +jetty.http.port=<%= @http_port %> + +## Connector idle timeout in milliseconds +jetty.http.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.http.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.http.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.http.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.http.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.http.acceptorPriorityDelta=0 diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/https-ini.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/https-ini.erb new file mode 100644 index 0000000000..9999a4109b --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/https-ini.erb @@ -0,0 +1,29 @@ +# --------------------------------------- +# Module: https +--module=https + +### HTTPS Connector Configuration + +## Connector host/address to bind to +# jetty.https.host=0.0.0.0 + +## Connector port to listen on +jetty.https.port=<%= @https_port %> + +## Connector idle timeout in milliseconds +jetty.https.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.https.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.https.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.https.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.https.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.https.acceptorPriorityDelta=0 diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb new file mode 100644 index 0000000000..9f6646d63d --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ready-probe.sh.erb @@ -0,0 +1,9 @@ +#!/bin/bash +health_check_http_code=$(curl -k --max-time 5 -o /dev/null -w '%{http_code}' <%= @protocol %>://127.0.0.1:<%= @port %>/sdc2/rest/healthCheck) + +if [[ "$health_check_http_code" -eq 200 ]]; then + exit 0 +else + echo "Health check http status: $health_check_http_code" + exit 1 +fi diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb new file mode 100644 index 0000000000..278fdea2ae --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb @@ -0,0 +1,90 @@ +# --------------------------------------- +# Module: ssl +--module=ssl + +### TLS(SSL) Connector Configuration + +## Connector host/address to bind to +# jetty.ssl.host=0.0.0.0 + +## Connector port to listen on +jetty.ssl.port=<%= @https_port %> + +## Connector idle timeout in milliseconds +# jetty.ssl.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.ssl.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.ssl.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.ssl.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.ssl.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.ssl.acceptorPriorityDelta=0 + +## Whether request host names are checked to match any SNI names +# jetty.ssl.sniHostCheck=true + +## max age in seconds for a Strict-Transport-Security response header (default -1) +# jetty.ssl.stsMaxAgeSeconds=31536000 + +## include subdomain property in any Strict-Transport-Security header (default false) +# jetty.ssl.stsIncludeSubdomains=true + +### SslContextFactory Configuration +## Note that OBF passwords are not secure, just protected from casual observation +## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html + +## Keystore file path (relative to $jetty.base) +jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 + +## Truststore file path (relative to $jetty.base) +jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks + +## Keystore password +# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %> + +## Keystore type and provider +# jetty.sslContext.keyStoreType=JKS +# jetty.sslContext.keyStoreProvider= + +## KeyManager password +# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g +jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %> + +## Truststore password +# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %> + +## Truststore type and provider +# jetty.sslContext.trustStoreType=JKS +# jetty.sslContext.trustStoreProvider= + +## whether client certificate authentication is required +# jetty.sslContext.needClientAuth=false + +## Whether client certificate authentication is desired +# jetty.sslContext.wantClientAuth=false + +## Whether cipher order is significant (since java 8 only) +# jetty.sslContext.useCipherSuitesOrder=true + +## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at +## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites + +## Set the size of the SslSession cache +# jetty.sslContext.sslSessionCacheSize=-1 + +## Set the timeout (in seconds) of the SslSession cache timeout +# jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 -- cgit 1.2.3-korg