From a1ceb60843508b0ef23f3f8ec29d8808722fada3 Mon Sep 17 00:00:00 2001 From: Michael Lando Date: Tue, 20 Feb 2018 16:14:11 +0200 Subject: add https support to simulato Change-Id: I16f68532a7e7a09fbf96c09dff19d857c03fedd8 Issue-ID: SDC-832 Signed-off-by: Michael Lando --- .../sdc-simulator/Dockerfile.template | 25 ------------------- .../recipes/SDC_Simulator_2_setup_configuration.rb | 11 ++++++-- .../SDC_Simulator_5_create_jetty_modules.rb | 26 +++++++++++++++++-- .../templates/default/SDC-Simulator-https-ini.erb | 29 ++++++++++++++++++++++ .../templates/default/SDC-Simulator-ssl-ini.erb | 9 ++++++- .../default/SDC-Simulator-webseal.conf.erb | 2 +- utils/webseal-simulator/sdc-simulator/startup.sh | 24 ++++++++++++++---- 7 files changed, 90 insertions(+), 36 deletions(-) delete mode 100644 utils/webseal-simulator/sdc-simulator/Dockerfile.template create mode 100644 utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb (limited to 'utils/webseal-simulator/sdc-simulator') diff --git a/utils/webseal-simulator/sdc-simulator/Dockerfile.template b/utils/webseal-simulator/sdc-simulator/Dockerfile.template deleted file mode 100644 index 673b56fd07..0000000000 --- a/utils/webseal-simulator/sdc-simulator/Dockerfile.template +++ /dev/null @@ -1,25 +0,0 @@ -FROM jetty - -RUN apt-get -y update -RUN apt-get -y install apt-utils -RUN apt-get -y install curl -RUN apt-get -y install vim - -COPY chef-solo /root/chef-solo/ -COPY chef-repo/cookbooks /root/chef-solo/cookbooks/ - -ENV BASE_NEXUS zl999y:ChangeMe@10.208.197.75:8443/repository/maven-public/org/openecomp/sdc - -# install chef-solo -RUN curl -L https://www.opscode.com/chef/install.sh | bash - -RUN cp /usr/local/jetty/resources/log4j.properties /var/lib/jetty/resources/log4j.properties - -ADD sdc-simulator-__SDC-RELEASE__.war /var/lib/jetty/webapps/ -RUN chown -R jetty:jetty /var/lib/jetty/webapps - -COPY startup.sh /root/ - -RUN chmod 770 /root/startup.sh - -ENTRYPOINT [ "/root/startup.sh" ] diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb index 85fedfd9e5..6c081d685d 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb @@ -1,5 +1,13 @@ jetty_base="/var/lib/jetty" +if !ENV['FE_URL'].nil? + fe_url="#{ENV['FE_URL']}" +elsif node['disableHttp'] + fe_url="https://#{node['Nodes']['FE']}:#{node['FE'][:https_port]}" +else + fe_url="http://#{node['Nodes']['FE']}:#{node['FE'][:http_port]}" +end + template "webseal.conf" do path "#{jetty_base}/config/sdc-simulator/webseal.conf" @@ -8,7 +16,6 @@ template "webseal.conf" do group "jetty" mode "0755" variables({ - :fe_host_ip => node['HOST_IP'], - :fe_http_port => "#{node['FE'][:http_port]}" + :fe_url =>"#{fe_url}" }) end diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb index 38b87fa65d..3dde6ee38f 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb @@ -1,7 +1,6 @@ jetty_base="/var/lib/jetty" jetty_home="/usr/local/jetty" -###### create Jetty modules bash "create-jetty-modules" do cwd "#{jetty_base}" code <<-EOH @@ -9,6 +8,29 @@ code <<-EOH java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy java -jar "/#{jetty_home}"/start.jar --add-to-startd=http,https,logging,setuid EOH -not_if "ls /#{jetty_base}/start.d/https.ini" +end + +template "ssl-ini" do + path "/#{jetty_base}/start.d/ssl.ini" + source "SDC-Simulator-ssl-ini.erb" + owner "jetty" + group "jetty" + mode "0755" + variables({ + :https_port => "8443", + :jetty_keystore_pwd => "OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4", + :jetty_keymanager_pwd => "OBF:1u2u1wml1z7s1z7a1wnl1u2g" + }) +end + +template "https-ini" do + path "/#{jetty_base}/start.d/https.ini" + source "SDC-Simulator-https-ini.erb" + owner "jetty" + group "jetty" + mode "0755" + variables ({ + :https_port => "8443" + }) end diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb new file mode 100644 index 0000000000..9999a4109b --- /dev/null +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb @@ -0,0 +1,29 @@ +# --------------------------------------- +# Module: https +--module=https + +### HTTPS Connector Configuration + +## Connector host/address to bind to +# jetty.https.host=0.0.0.0 + +## Connector port to listen on +jetty.https.port=<%= @https_port %> + +## Connector idle timeout in milliseconds +jetty.https.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.https.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.https.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.https.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.https.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.https.acceptorPriorityDelta=0 diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb index 426e0e44b5..86848bf282 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb @@ -8,7 +8,7 @@ # jetty.ssl.host=0.0.0.0 ## Connector port to listen on -jetty.ssl.port=<%= @FE_https_port %> +jetty.ssl.port=<%= @https_port %> ## Connector idle timeout in milliseconds # jetty.ssl.idleTimeout=30000 @@ -49,6 +49,7 @@ jetty.ssl.port=<%= @FE_https_port %> ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %> ## Keystore type and provider # jetty.sslContext.keyStoreType=JKS @@ -56,9 +57,11 @@ jetty.ssl.port=<%= @FE_https_port %> ## KeyManager password # jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g +jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %> ## Truststore password # jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +#jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %> ## Truststore type and provider # jetty.sslContext.trustStoreType=JKS @@ -81,3 +84,7 @@ jetty.ssl.port=<%= @FE_https_port %> ## Set the timeout (in seconds) of the SslSession cache timeout # jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb index d5e2cbeaac..e4c5d753fa 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb @@ -1,6 +1,6 @@ { webseal { - fe="http://<%= @fe_host_ip %>:<%= @fe_http_port %>" + fe="<%= @fe_url %>" users = [ { userId="cs0008" diff --git a/utils/webseal-simulator/sdc-simulator/startup.sh b/utils/webseal-simulator/sdc-simulator/startup.sh index aca8b5e984..48b6a0d505 100644 --- a/utils/webseal-simulator/sdc-simulator/startup.sh +++ b/utils/webseal-simulator/sdc-simulator/startup.sh @@ -1,12 +1,26 @@ #!/bin/sh -export CHEFNAME=${ENVNAME} + + cd /root/chef-solo -echo "normal['HOST_IP'] = \"${HOST_IP}\"" > /root/chef-solo/cookbooks/sdc-simulator/attributes/default.rb -chef-solo -c solo.rb -E ${CHEFNAME} +chef-solo -c solo.rb -E ${ENVNAME} +rc=$? +if [[ $rc != 0 ]]; then + echo "Chef exaction failed." + exit $rc; +fi + +JAVA_OPTIONS=" ${JAVA_OPTIONS} \ + -Dconfig.home=${JETTY_BASE}/config/sdc-simulator \ + -Dlog.home=${JETTY_BASE}/logs \ + -Dlogback.configurationFile=${JETTY_BASE}/config/sdc-simulator/logback.xml \ + -Djetty.logging.dir=${JETTY_BASE}/logs" -sed -i '/^set -e/aJAVA_OPTIONS=\"-Xdebug -Xmx128m -Xms128m -Xss1m -Dconfig.home=${JETTY_BASE}/config/sdc-simulator -Dlog.home=${JETTY_BASE}/logs -Dlogback.configurationFile=${JETTY_BASE}/config/sdc-simulator/logback.xml -Djetty.logging.dir=${JETTY_BASE}/logs -Djetty.base=${JETTY_BASE} \"' /docker-entrypoint.sh -sed -i '/^set -e/aTMPDIR=${JETTY_BASE}\/temp' /docker-entrypoint.sh +echo "---------------------------------------------" +echo $TMPDIR +echo $JAVA_OPTIONS +echo $JETTY_BASE +echo "---------------------------------------------" cd /var/lib/jetty /docker-entrypoint.sh -- cgit 1.2.3-korg