From 7ddcf0ffa5470a0a0c1e0221f81cb0a4acf142c7 Mon Sep 17 00:00:00 2001 From: "r.bogacki" Date: Mon, 19 Aug 2019 10:16:23 +0200 Subject: HTTPS calls for catalog-fe Implemented HTTPS calls into catalog-fe -Added p12 keystore certificate. -Updated application configuration. -Added trust-store. Issue-ID: SDC-2516 Signed-off-by: Robert Bogacki Change-Id: I6c36598dd7df8be85e99619ab7004ceed905f6e1 --- .../cookbooks/sdc-catalog-fe/attributes/default.rb | 8 ++++---- .../cookbooks/sdc-catalog-fe/files/default/keystore | Bin 3590 -> 0 bytes .../sdc-catalog-fe/files/default/org.onap.sdc.p12 | Bin 0 -> 4051 bytes .../sdc-catalog-fe/files/default/org.onap.sdc.trust.jks | Bin 0 -> 1413 bytes .../cookbooks/sdc-catalog-fe/files/default/truststore | Bin 4255 -> 0 bytes .../sdc-catalog-fe/recipes/FE_6_locate_keystore.rb | 8 ++++---- .../sdc-catalog-fe/templates/default/ready-probe.sh.erb | 7 +++++-- .../sdc-catalog-fe/templates/default/ssl-ini.erb | 4 ++-- 8 files changed, 15 insertions(+), 12 deletions(-) delete mode 100644 catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore create mode 100644 catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 create mode 100644 catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks delete mode 100644 catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/truststore (limited to 'catalog-fe') diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb index 108f38acbe..eb30eba01c 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb @@ -4,9 +4,9 @@ default['BE'][:https_port] = 8443 default['FE'][:http_port] = 8181 default['FE'][:https_port] = 9443 default['disableHttp'] = true -default['jetty'][:keystore_pwd] = "OBF:1cp61iuj194s194u194w194y1is31cok" -default['jetty'][:keymanager_pwd] = "OBF:1cp61iuj194s194u194w194y1is31cok" -default['jetty'][:truststore_pwd] = "OBF:1cp61iuj194s194u194w194y1is31cok" +default['jetty'][:keystore_pwd] = "rTIS;B4kM]2GHcNK2c3B4&Ng" +default['jetty'][:keymanager_pwd] = "rTIS;B4kM]2GHcNK2c3B4&Ng" +default['jetty'][:truststore_pwd] = "Y,f975ZNJfVZhV*{+Y[}pA?0" #Onboard default['ONBOARDING_BE'][:http_port] = 8081 @@ -15,4 +15,4 @@ default['ONBOARDING_BE'][:https_port] = 8445 #Reserved for DCAE backend default['DCAE']['FE'][:http_port] = 8183 default['DCAE']['FE'][:https_port] = 9444 -default['DCAE_FE_VIP'] = "dcaed-fe" \ No newline at end of file +default['DCAE_FE_VIP'] = "dcaed-fe" diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore deleted file mode 100644 index 6729f84c0b..0000000000 Binary files a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/keystore and /dev/null differ diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 new file mode 100644 index 0000000000..ee000dc749 Binary files /dev/null and b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 differ diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks new file mode 100644 index 0000000000..342c4f2ad7 Binary files /dev/null and b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks differ diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/truststore b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/truststore deleted file mode 100644 index c4083931dc..0000000000 Binary files a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/files/default/truststore and /dev/null differ diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb index b2a7edef0b..527713c768 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb @@ -6,15 +6,15 @@ directory "Jetty_etcdir_creation" do action :create end -cookbook_file "#{ENV['JETTY_BASE']}/etc/keystore" do - source "keystore" +cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do + source "org.onap.sdc.p12" owner "jetty" group "jetty" mode 0755 end -cookbook_file "#{ENV['JETTY_BASE']}/etc/truststore" do - source "truststore" +cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do + source "org.onap.sdc.trust.jks" owner "jetty" group "jetty" mode 0755 diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ready-probe.sh.erb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ready-probe.sh.erb index d09880d825..fed19d1aa2 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ready-probe.sh.erb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ready-probe.sh.erb @@ -1,8 +1,11 @@ #!/bin/bash - +<% if node[:disableHttp] -%> +health_Check_http_code=$(curl --max-time 5 -o /dev/null -w '%{http_code}' https://127.0.0.1:<%= @ssl_port %>/sdc1/rest/healthCheck) +<% else %> health_Check_http_code=$(curl --max-time 5 -o /dev/null -w '%{http_code}' http://127.0.0.1:8181/sdc1/rest/healthCheck) +<% end -%> if [[ "$health_Check_http_code" -eq 200 ]]; then exit 0 else exit $health_Check_http_code -fi \ No newline at end of file +fi diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb index 70bf6d6d27..278fdea2ae 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb @@ -42,10 +42,10 @@ jetty.ssl.port=<%= @https_port %> ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html ## Keystore file path (relative to $jetty.base) -# jetty.sslContext.keyStorePath=etc/keystore +jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 ## Truststore file path (relative to $jetty.base) -# jetty.sslContext.trustStorePath=etc/truststore +jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 -- cgit 1.2.3-korg