diff options
author | Dan Timoney <dtimoney@att.com> | 2019-04-04 13:19:10 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-04-04 13:19:10 +0000 |
commit | b50f3b91a0f24bc9468825c7ffbd0ea8c2630868 (patch) | |
tree | 80f7b948970ad7de54c0295474a67fd48261d22d /installation | |
parent | 75a5dadbe6b4eb6e6838341dffdd2c272b65b35c (diff) | |
parent | 52a9e3fd6c17ae3c0faa4d190894e148fcb61598 (diff) |
Merge "add aafshiro feature config files"
Former-commit-id: 8495f9a3c6060699a915c9afc38f503620f911d9
Diffstat (limited to 'installation')
-rw-r--r-- | installation/sdnc/pom.xml | 134 | ||||
-rwxr-xr-x | installation/sdnc/src/main/docker/Dockerfile | 20 | ||||
-rwxr-xr-x | installation/sdnc/src/main/docker/standalone.Dockerfile | 42 | ||||
-rwxr-xr-x | installation/sdnc/src/main/resources/AAF_RootCA.cer | 31 | ||||
-rw-r--r-- | installation/sdnc/src/main/resources/aaa-app-config.xml | 320 | ||||
-rw-r--r-- | installation/src/main/properties/bath_config.csv | 1 | ||||
-rw-r--r-- | installation/src/main/properties/org.onap.sdnc.cred.props | 16 | ||||
-rw-r--r-- | installation/src/main/properties/org.onap.sdnc.props | 15 | ||||
-rw-r--r-- | installation/src/main/stores/org.onap.sdnc.keyfile | 27 | ||||
-rw-r--r-- | installation/src/main/stores/org.onap.sdnc.p12 | bin | 0 -> 4263 bytes | |||
-rw-r--r-- | installation/src/main/stores/org.onap.sdnc.trust.jks | bin | 0 -> 1413 bytes | |||
-rw-r--r-- | installation/src/main/yaml/docker-compose.yml | 2 |
12 files changed, 533 insertions, 75 deletions
diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml index 4f59aaa9..d187ddcf 100644 --- a/installation/sdnc/pom.xml +++ b/installation/sdnc/pom.xml @@ -17,7 +17,8 @@ <description>Creates SDN Controller Docker container</description> <properties> - <image.name>onap/sdnc-image</image.name> + <image.name>onap/sdnc-aaf-image</image.name> + <standalone.image.name>onap/sdnc-image</standalone.image.name> <sdnc.project.version>${project.version}</sdnc.project.version> <sdnc.build.timestamp>${maven.build.timestamp}</sdnc.build.timestamp> <sdnc.northbound.version>1.5.1-SNAPSHOT</sdnc.northbound.version> @@ -84,23 +85,6 @@ <artifactId>docker-maven-plugin</artifactId> <version>0.28.0</version> <inherited>false</inherited> - <configuration> - <images> - <image> - <name>${image.name}</name> - <build> - <cleanup>try</cleanup> - <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir> - <dockerFile>Dockerfile</dockerFile> - <tags> - <tag>${project.docker.latestminortag.version}</tag> - <tag>${project.docker.latestfulltag.version}</tag> - <tag>${project.docker.latesttagtimestamp.version}</tag> - </tags> - </build> - </image> - </images> - </configuration> <executions> <execution> <id>generate-images</id> @@ -108,21 +92,100 @@ <goals> <goal>build</goal> </goals> + <configuration> + <images> + <image> + <name>${image.name}</name> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir> + <dockerFile>Dockerfile</dockerFile> + <tags> + <tag>${project.docker.latestminortag.version}</tag> + <tag>${project.docker.latestfulltag.version}</tag> + <tag>${project.docker.latesttagtimestamp.version}</tag> + </tags> + </build> + </image> + </images> + </configuration> </execution> - <execution> - <id>push-images</id> - <phase>${docker.push.phase}</phase> - <goals> - <goal>build</goal> - <goal>push</goal> - </goals> - </execution> + <id>push-images</id> + <phase>${docker.push.phase}</phase> + <goals> + <goal>build</goal> + <goal>push</goal> + </goals> + <configuration> + <images> + <image> + <name>${image.name}</name> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir> + <dockerFile>Dockerfile</dockerFile> + <tags> + <tag>${project.docker.latestminortag.version}</tag> + <tag>${project.docker.latestfulltag.version}</tag> + <tag>${project.docker.latesttagtimestamp.version}</tag> + </tags> + </build> + </image> + </images> + </configuration> + </execution> + <execution> + <id>generate-standalone-images</id> + <phase>package</phase> + <goals> + <goal>build</goal> + </goals> + <configuration> + <images> + <image> + <name>${standalone.image.name}</name> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir> + <dockerFile>standalone.Dockerfile</dockerFile> + <tags> + <tag>${project.docker.latestminortag.version}</tag> + <tag>${project.docker.latestfulltag.version}</tag> + <tag>${project.docker.latesttagtimestamp.version}</tag> + </tags> + </build> + </image> + </images> + </configuration> + </execution> + <execution> + <id>push-standalone-images</id> + <phase>${docker.push.phase}</phase> + <goals> + <goal>build</goal> + <goal>push</goal> + </goals> + <configuration> + <images> + <image> + <name>${standalone.image.name}</name> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${basedir}/target/docker-stage</dockerFileDir> + <dockerFile>standalone.Dockerfile</dockerFile> + <tags> + <tag>${project.docker.latestminortag.version}</tag> + <tag>${project.docker.latestfulltag.version}</tag> + <tag>${project.docker.latesttagtimestamp.version}</tag> + </tags> + </build> + </image> + </images> + </configuration> + </execution> </executions> </plugin> - - - <plugin> <artifactId>maven-resources-plugin</artifactId> <version>2.6</version> @@ -140,6 +203,7 @@ <directory>src/main/docker</directory> <includes> <include>Dockerfile</include> + <include>standalone.Dockerfile</include> </includes> <filtering>true</filtering> </resource> @@ -157,8 +221,8 @@ <resources> <resource> <directory>src/main/scripts</directory> - <includes> - <include>*.py</include> + <includes> + <include>*.py</include> <include>*.sh</include> </includes> <filtering>false</filtering> @@ -179,8 +243,8 @@ <directory>src/main/resources</directory> <includes> <include>idmlight.db.mv.db</include> - <include>AAF_RootCA.cer</include> <include>truststoreONAPall.jks</include> + <include>aaa-app-config.xml</include> </includes> <filtering>false</filtering> </resource> @@ -219,6 +283,8 @@ <directory>../src/main/properties</directory> <includes> <include>*.properties</include> + <include>*.props</include> + <include>*.csv</include> </includes> <filtering>false</filtering> </resource> @@ -238,6 +304,8 @@ <directory>../src/main/stores</directory> <includes> <include>*.jks</include> + <include>*.keyfile</include> + <include>*.p12</include> </includes> <filtering>false</filtering> </resource> @@ -305,7 +373,6 @@ <groupId>org.codehaus.mojo</groupId> <version>1.5.0</version> <executions> - <execution> <id>change shell permissions</id> <phase>process-sources</phase> @@ -329,7 +396,6 @@ </executions> </plugin> </plugins> - </build> <organization> <name>ONAP</name> diff --git a/installation/sdnc/src/main/docker/Dockerfile b/installation/sdnc/src/main/docker/Dockerfile index d8ab5c39..315d023a 100755 --- a/installation/sdnc/src/main/docker/Dockerfile +++ b/installation/sdnc/src/main/docker/Dockerfile @@ -12,18 +12,8 @@ ENV SSL_CERTS_DIR /etc/ssl/certs ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features - USER root - -# imstall ssl and java certificates -COPY AAF_RootCA.cer $SSL_CERTS_DIR -COPY truststoreONAPall.jks $JAVA_SECURITY_DIR -COPY AAF_RootCA.cer $SDNC_STORE_DIR -COPY truststoreONAPall.jks $SDNC_STORE_DIR - -RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit - # copy onap COPY opt /opt RUN test -L /opt/sdnc || ln -s /opt/onap/sdnc /opt/sdnc @@ -39,6 +29,16 @@ RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|" $ODL_HOME/ RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-northbound-all|" $ODL_HOME/etc/org.apache.karaf.features.cfg RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-topology/g" $ODL_HOME/etc/org.apache.karaf.features.cfg +# install AAF configs +COPY aaa-app-config.xml $ODL_HOME/etc/opendaylight/datastore/initial/config/ +RUN echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties + +# install ssl and java certificates +COPY truststoreONAPall.jks $JAVA_SECURITY_DIR +COPY truststoreONAPall.jks $SDNC_STORE_DIR + +RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit + RUN chown -R odl /opt USER odl diff --git a/installation/sdnc/src/main/docker/standalone.Dockerfile b/installation/sdnc/src/main/docker/standalone.Dockerfile new file mode 100755 index 00000000..f271ca01 --- /dev/null +++ b/installation/sdnc/src/main/docker/standalone.Dockerfile @@ -0,0 +1,42 @@ +# Base ubuntu with added packages needed for open ecomp +FROM onap/ccsdk-odlsli-alpine-image:${ccsdk.docker.version} + +MAINTAINER SDN-C Team (sdnc@lists.onap.org) + +#ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64 +ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk +ENV ODL_HOME /opt/opendaylight +ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties +ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores +ENV SSL_CERTS_DIR /etc/ssl/certs +ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java +ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features + +USER root + +# copy onap +COPY opt /opt +RUN test -L /opt/sdnc || ln -s /opt/onap/sdnc /opt/sdnc +RUN mkdir /opt/opendaylight/current/certs + +# copy SDNC mvn artifacts to ODL repository +COPY system /tmp/system +RUN rsync -a /tmp/system $ODL_HOME && rm -rf /tmp/system + +# Add SDNC repositories to boot repositories +RUN cp $ODL_HOME/etc/org.apache.karaf.features.cfg $ODL_HOME/etc/org.apache.karaf.features.cfg.orig +RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|" $ODL_HOME/etc/org.apache.karaf.features.cfg +RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-northbound-all|" $ODL_HOME/etc/org.apache.karaf.features.cfg +RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-connector-all,odl-netconf-clustered-topology/g" $ODL_HOME/etc/org.apache.karaf.features.cfg + +# install ssl and java certificates +COPY truststoreONAPall.jks $JAVA_SECURITY_DIR +COPY truststoreONAPall.jks $SDNC_STORE_DIR + +RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit + +RUN chown -R odl /opt +USER odl + +ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh +EXPOSE 8181 diff --git a/installation/sdnc/src/main/resources/AAF_RootCA.cer b/installation/sdnc/src/main/resources/AAF_RootCA.cer deleted file mode 100755 index e9a50d7e..00000000 --- a/installation/sdnc/src/main/resources/AAF_RootCA.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/installation/sdnc/src/main/resources/aaa-app-config.xml b/installation/sdnc/src/main/resources/aaa-app-config.xml new file mode 100644 index 00000000..86e66674 --- /dev/null +++ b/installation/sdnc/src/main/resources/aaa-app-config.xml @@ -0,0 +1,320 @@ +<?xml version="1.0" ?> +<!-- + Copyright (c) 2017 Inocybe Technologies and others. All rights reserved. + + This program and the accompanying materials are made available under the + terms of the Eclipse Public License v1.0 which accompanies this distribution, + and is available at http://www.eclipse.org/legal/epl-v10.html +--> + +<!-- + /////////////////////////////////////////////////////////////////////////////////////// + // clustered-app-config instance responsible for AAA configuration. In the future, // + // this will contain all AAA related configuration. // + /////////////////////////////////////////////////////////////////////////////////////// +--> + +<shiro-configuration xmlns="urn:opendaylight:aaa:app:config"> + + <!-- + /////////////////////////////////////////////////////////////////////////////////// + // shiro-configuration is the model based container that contains all shiro // + // related information used in ODL AAA configuration. It is the sole pain of // + // glass for shiro related configuration, and is how to configure shiro concepts // + // such as: // + // * realms // + // * urls // + // * security manager settings // + // // + // In general, you really shouldn't muck with the settings in this file. The // + // way an operator should configure AAA shiro settings is through one of ODL's // + // northbound interfaces (i.e., RESTCONF or NETCONF). These are just the // + // defaults if no values are specified in MD-SAL. The reason this file is so // + // verbose is for two reasons: // + // 1) to demonstrate payload examples for plausible configuration scenarios // + // 2) to allow bootstrap of the controller (first time start) since otherwise // + // configuration becomes a chicken and the egg problem. // + // // + /////////////////////////////////////////////////////////////////////////////////// + --> + + <!-- + =================================================================================== + = = + = = + = MAIN = + = = + = = + =================================================================================== + --> + + <!-- + =================================================================================== + ============================ ODLJndiLdapRealmAuthNOnly ============================ + =================================================================================== + = = + = Description: A Realm implementation aimed at federating with an external LDAP = + = server for authentication only. For authorization support, refer = + = to ODLJndiLdapRealm. = + =================================================================================== + --> + <!-- Start ldapRealm commented out + <main> + <pair-key>ldapRealm</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value> + </main> + <main> + <pair-key>ldapRealm.userDnTemplate</pair-key> + <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value> + </main> + <main> + <pair-key>ldapRealm.contextFactory.url</pair-key> + <pair-value>ldap://<URL>:389</pair-value> + </main> + <main> + <pair-key>ldapRealm.searchBase</pair-key> + <pair-value>dc=DOMAIN,dc=TLD</pair-value> + </main> + <main> + <pair-key>ldapRealm.groupRolesMap</pair-key> + <pair-value>"person":"admin", "organizationalPerson":"user"</pair-value> + </main> + <main> + <pair-key>ldapRealm.ldapAttributeForComparison</pair-key> + <pair-value>objectClass</pair-value> + </main> + End ldapRealm commented out--> + + <!-- + =================================================================================== + ============================= ODLActiveDirectoryRealm ============================= + =================================================================================== + = = + = Description: A Realm implementation aimed at federating with an external AD = + = IDP server. = + =================================================================================== + --> + <!-- Start adRealm commented out + <main> + <pair-key>adRealm</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value> + </main> + <main> + <pair-key>adRealm.searchBase</pair-key> + <pair-value>"CN=Users,DC=example,DC=com"</pair-value> + </main> + <main> + <pair-key>adRealm.systemUsername</pair-key> + <pair-value>aduser@example.com</pair-value> + </main> + <main> + <pair-key>adRealm.systemPassword</pair-key> + <pair-value>adpassword</pair-value> + </main> + <main> + <pair-key>adRealm.url</pair-key> + <pair-value>ldaps://adserver:636</pair-value> + </main> + <main> + <pair-key>adRealm.groupRolesMap</pair-key> + <pair-value>"CN=sysadmin,CN=Users,DC=example,DC=com":"admin", "CN=unprivileged,CN=Users,DC=example,DC=com":"user"</pair-value> + </main> + End adRealm commented out--> + + <!-- + =================================================================================== + ================================== ODLJdbcRealm =================================== + =================================================================================== + = = + = Description: A Realm implementation aimed at federating with an external JDBC = + = DBMS. = + =================================================================================== + --> + <!-- Start jdbcRealm commented out + <main> + <pair-key>ds</pair-key> + <pair-value>com.mysql.jdbc.Driver</pair-value> + </main> + <main> + <pair-key>ds.serverName</pair-key> + <pair-value>localhost</pair-value> + </main> + <main> + <pair-key>ds.user</pair-key> + <pair-value>user</pair-value> + </main> + <main> + <pair-key>ds.password</pair-key> + <pair-value>password</pair-value> + </main> + <main> + <pair-key>ds.databaseName</pair-key> + <pair-value>db_name</pair-value> + </main> + <main> + <pair-key>jdbcRealm</pair-key> + <pair-value>ODLJdbcRealm</pair-value> + </main> + <main> + <pair-key>jdbcRealm.dataSource</pair-key> + <pair-value>$ds</pair-value> + </main> + <main> + <pair-key>jdbcRealm.authenticationQuery</pair-key> + <pair-value>"SELECT password FROM users WHERE user_name = ?"</pair-value> + </main> + <main> + <pair-key>jdbcRealm.userRolesQuery</pair-key> + <pair-value>"SELECT role_name FROM user_rolesWHERE user_name = ?"</pair-value> + </main> + End jdbcRealm commented out--> + + <!-- + =================================================================================== + ================================= TokenAuthRealm ================================== + =================================================================================== + = = + = Description: A Realm implementation utilizing a per node H2 database store. = + =================================================================================== + --> + <main> + <pair-key>tokenAuthRealm</pair-key> + <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value> + <!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> --> + </main> + + <!-- + =================================================================================== + =================================== MdsalRealm ==================================== + =================================================================================== + = = + = Description: A Realm implementation utilizing the aaa.yang model. = + =================================================================================== + --> + <!-- Start mdsalRealm commented out + <main> + <pair-key>mdsalRealm</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value> + </main> + End mdsalRealm commented out--> + + <!-- + =================================================================================== + ================================= MoonAuthRealm =================================== + =================================================================================== + = = + = Description: A Realm implementation aimed at federating with OPNFV Moon. = + =================================================================================== + --> + <!-- Start moonAuthRealm commented out + <main> + <pair-key>moonAuthRealm</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value> + </main> + <main> + <pair-key>moonAuthRealm.moonServerURL</pair-key> + <pair-value>http://<host>:<port></pair-value> + </main> + End moonAuthRealm commented out--> + + <!-- + =================================================================================== + ================================= KeystoneAuthRealm == ============================ + =================================================================================== + = = + = Description: A Realm implementation aimed at federating with an OpenStack = + = Keystone. = + =================================================================================== + --> + <!-- Start keystoneAuthRealm commented out + <main> + <pair-key>keystoneAuthRealm</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value> + </main> + <main> + <pair-key>keystoneAuthRealm.url</pair-key> + <pair-value>https://<host>:<port></pair-value> + </main> + <main> + <pair-key>keystoneAuthRealm.sslVerification</pair-key> + <pair-value>true</pair-value> + </main> + <main> + <pair-key>keystoneAuthRealm.defaultDomain</pair-key> + <pair-value>Default</pair-value> + </main> + --> + + <!-- + Add tokenAuthRealm as the only realm. To enable mdsalRealm, add it to the list to he right of tokenAuthRealm. + --> + <main> + <pair-key>securityManager.realms</pair-key> + <pair-value>$tokenAuthRealm</pair-value> + </main> + <!-- Used to support OAuth2 use case. --> + <main> + <pair-key>authcBasic</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value> + </main> + + <!-- Start moonAuthRealm commented out + <main> + <pair-key>rest</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value> + </main> + End moonAuthRealm commented out--> + + <!-- in order to track AAA challenge attempts --> + <main> + <pair-key>accountingListener</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value> + </main> + <main> + <pair-key>securityManager.authenticator.authenticationListeners</pair-key> + <pair-value>$accountingListener</pair-value> + </main> + + <!-- Model based authorization scheme supporting RBAC for REST endpoints --> + <main> + <pair-key>dynamicAuthorization</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value> + </main> + + + <!-- + =================================================================================== + = = + = = + = URLS = + = = + = = + =================================================================================== + --> + <!-- Start moonAuthRealm commented out + <urls> + <pair-key>/token</pair-key> + <pair-value>rest</pair-value> + </urls> + End moonAuthRealm commented out--> + <!-- URLS comment out + <urls> + <pair-key>/operations/cluster-admin**</pair-key> + <pair-value>authcBasic, roles[admin]</pair-value> + </urls> + <urls> + <pair-key>/v1/**</pair-key> + <pair-value>authcBasic, roles[admin]</pair-value> + </urls> + <urls> + <pair-key>/config/aaa*/**</pair-key> + <pair-value>authcBasic, roles[admin]</pair-value> + </urls> + End URLS commented out --> + <urls> + <pair-key>/**</pair-key> + <!-- <pair-value>authcBasic</pair-value> --> + <pair-value>authcBasic, rest[org.onap.sdnc.odl:odl-api]</pair-value> + </urls> +</shiro-configuration> + diff --git a/installation/src/main/properties/bath_config.csv b/installation/src/main/properties/bath_config.csv new file mode 100644 index 00000000..b6db7784 --- /dev/null +++ b/installation/src/main/properties/bath_config.csv @@ -0,0 +1 @@ +Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 diff --git a/installation/src/main/properties/org.onap.sdnc.cred.props b/installation/src/main/properties/org.onap.sdnc.cred.props new file mode 100644 index 00000000..bf17c8fa --- /dev/null +++ b/installation/src/main/properties/org.onap.sdnc.cred.props @@ -0,0 +1,16 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-02-15T20:08:10.860+0000 +# @copyright 2016, AT&T +############################################################ +Challenge=enc:oGjvjifDJqw2I9ipISWLXcNZSimLv-lxGBbQV0MXl8yTlDok71cU9bZZPSXhY6Uo +cadi_alias=sdnc@sdnc.onap.org +cadi_key_password=enc:tz_2Pq5zN4PnVC0pUsWUBnzDtqBaZXkdgZB-DlU3gS4PFSjKifMnJxGg5rFZzZNe +cadi_keyfile=/opt/sdnc/data/stores/org.onap.sdnc.keyfile +cadi_keystore=/opt/sdnc/data/stores/org.onap.sdnc.p12 +cadi_keystore_password=enc:JetlhxTZNNDxsOvg-ZpBuRBJBFP8LN1UkFkkjT4aiEZExnglL717p-YVl2Lf3wMq +cadi_keystore_password_p12=enc:JetlhxTZNNDxsOvg-ZpBuRBJBFP8LN1UkFkkjT4aiEZExnglL717p-YVl2Lf3wMq +cadi_truststore=/opt/sdnc/data/stores/org.onap.sdnc.trust.jks +cadi_truststore_password=enc:QrEzLSaLryxoB2Z2UXJEbRWxZRAhs2i4BAvKIcNYgbDPZY4gnpJWUhEbIwqnbGEn +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=ATT AAF CADI Issuing CA 01, OU=CSO, O=ATT, C=US:CN=ATT AAF CADI Issuing CA 02, OU=CSO, O=ATT, C=US diff --git a/installation/src/main/properties/org.onap.sdnc.props b/installation/src/main/properties/org.onap.sdnc.props new file mode 100644 index 00000000..5b96b907 --- /dev/null +++ b/installation/src/main/properties/org.onap.sdnc.props @@ -0,0 +1,15 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-02-15T20:08:07.125+0000 +# @copyright 2016, AT&T +############################################################ +aaf_id=sdnc@sdnc.onap.org +aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +cadi_etc_dir=/opt/sdnc/data/stores +cadi_latitude=38.432899 +cadi_longitude=-90.43248 +cadi_prop_files=/opt/sdnc/data/properties/org.onap.sdnc.cred.props +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 +cadi_bath_convert=/opt/sdnc/data/properties/bath_config.csv diff --git a/installation/src/main/stores/org.onap.sdnc.keyfile b/installation/src/main/stores/org.onap.sdnc.keyfile new file mode 100644 index 00000000..2aa22f05 --- /dev/null +++ b/installation/src/main/stores/org.onap.sdnc.keyfile @@ -0,0 +1,27 @@ +__xWcKUL9kIQ-CVozfIv2AEmpntzCP8U9jWKxgnMJFHHlp2yPPpyPxYzigQX54HU9rtM4mfB5nob +TzJw7zNzgmOlBbysPQNNoZwekF2vCR3YAtU_9cAzd9_rp8AS_XhaILCxCk3btgVWp-deoAMdvkdS +3VYd7DQvSqZbuKOdTsQDJo1xrCEs3nblVoeBPglYrsBcgqEA-m7caibASeDmm8S2AXpelZXCRSQU +u4xNFGp02GFiezSQTDoH7LWjbwI3j3nuJbSjjtQbNGPZKii6CrYDwrA9MSXXiR4XBWJR4aNj52KH +QlYZdezYZTjsGuReqnov3SqjPmPhzyYqxmmRGQFrOO_U1ITqeVgnrZdL6mSSljqoqw5GzSrHRk8A +EL26hEM9pExJdGvJOj9q9z7wjpfz4bJ4xddEnwccbK0mHDv2aW1oTCRZXe7tlhFujstFY5ONaZIi +IINmYSW8-yy_pq62rndmG-wv4HsiuBocxUZhJPOlPewCar3Jm4Nr4RTyEBXPWIm3bgbzPnOYQuKw +22K_XkTdbEHWK4_jVV8k_kvxb1Gnf9eelcZOVE5sc7Qm1ulW5E5x21AeM277QtYHubyCQpaLZ-dS +2ZJHHdS6m11rc-kI_rAs6lq-ZgzR_AfbqTdgTRbt5ydjCPSR5Z7akIYjiNLXhH2rqPAczsPZ19D7 +obI6gd67db0S1GJuCni7AAFWaEmyhwjjqF-UoUGXaBMJG5DDlq14-fkCGvSPI_A8Bs9IrRaIF7Un +6WDQklz0keTp3g9FL8DWT2YMus35Gy2-5xckotOOSuANT0rLrtH4VDDufB-5IukTbe3g3KALNl96 +DLIthbH_5wsje0LHi5a4DBfYZCJuqL5-dtpcjaozywNbDUPkoGGA3gHsj5ymB0uP1xWGg2HL5L8B +XIVS1JziY9wJH2eOdTAemoh2QAiJ07HksKIrI0BshmFi3yqMG3WNDaLPT9lqdGIeu4cSGjG9gFk1 +1IdfP0lhIVuNDqXkDdyQ1isw_pDJPTWAh86kS6e5iWu2Nz12vv1Yz0r0D8KAtMFiqtQOWCyDIT9l +n64p_-1swaeOASoK3xXf4s53EOOOD91iwUf3t2PkAQwPGHrEYcc1pCT6xy0mSOx3pSN10ez0_-Y8 +ANYRCarVOp0IWdIf4ZmIMK76ITbu4iRMKVtYNJH1J8IPsYI75cULyzL1G9q1DFWGWpB25KCPAird +kJmUoT_pI82tFJt7tCTACsdQ5_5uEoACF9crth2MBE0D_fRb6PhEZrZqW4JpRRSDpZHOEredQY5k +QV119KaN5GtuKwb45wzxyGR6c6MvIGYQ3-0ni1xGde84lUI8gEtIOhzLE8W54m52BE27UC78G3oq +WUwIaHxxMDfGKxxRJNgovIyXuyLXPOZaU_hivgNxniLy_PrSihUZ6vM7Mku18_p8pAQtjKryWbpg +39SY2GeTodUNYznRB94n2ob4yDt85H_zDvyDpcLj91W5vMMaQb8skoA-x_pTxJvrcx-Iq9U-XaNl +nf4BonnggI9E0YL3GH_-pg-bVlO7rzZ9EGQI1omhRBrinawMKdoVIXD9L4y8pULgZZNSQuI6AAKu +jwwT3ALe_PUJaPNZNR4ldiAfURAqQtVLUrHMX1O3cptkju3lMiURJO7-Xrr6jwR078IiS5RNKACB +EAvX8zVON3Ggt101NgFKgdYEy5JaoUvazndLGnoqos3LEMVNm6Ukx1U56AP27Yq-xaqdpnICupiz +M6LCCAgdksyn84IFexB2y_oxsBppvTNwqGsMQvVTiVkKXGWHcunzVr8eQdwrGWFoU_Qi6XG9V2mO +i5kIulkzEgjaBsG2VErF8DfTWXUcv2HYk9kRAQQ8ABRbiRwHdVjwPvXIlTLgrKxF_LhmFIBhrI1W +5BHEKF9FQb6DGI-vNrqFSaVjDSGAT-r5SBZFPkkiO7yg5E4L9LnB4zGc4IbwDAjYuzXooo73FuHs +EdLz0GTc_4DUDXe0T-OnUzq4mZevZ9KxvgvVSRcPIwvYh26p3IPyeurK_OwDI6KevAo2Lady
\ No newline at end of file diff --git a/installation/src/main/stores/org.onap.sdnc.p12 b/installation/src/main/stores/org.onap.sdnc.p12 Binary files differnew file mode 100644 index 00000000..d3e4d9d2 --- /dev/null +++ b/installation/src/main/stores/org.onap.sdnc.p12 diff --git a/installation/src/main/stores/org.onap.sdnc.trust.jks b/installation/src/main/stores/org.onap.sdnc.trust.jks Binary files differnew file mode 100644 index 00000000..fdb8cdf7 --- /dev/null +++ b/installation/src/main/stores/org.onap.sdnc.trust.jks diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml index 38522518..12ca37bb 100644 --- a/installation/src/main/yaml/docker-compose.yml +++ b/installation/src/main/yaml/docker-compose.yml @@ -66,6 +66,8 @@ services: options: max-size: "30m" max-file: "5" + extra_hosts: + aaf.osaaf.org: 10.12.6.214 web: |