1 # ============LICENSE_START=======================================================
3 # ================================================================================
4 # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
5 # Copyright (c) 2019 Pantheon.tech. All rights reserved.
6 # Copyright (c) 2020-2021 Nokia. All rights reserved.
7 # ================================================================================
8 # Licensed under the Apache License, Version 2.0 (the "License");
9 # you may not use this file except in compliance with the License.
10 # You may obtain a copy of the License at
12 # http://www.apache.org/licenses/LICENSE-2.0
14 # Unless required by applicable law or agreed to in writing, software
15 # distributed under the License is distributed on an "AS IS" BASIS,
16 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 # See the License for the specific language governing permissions and
18 # limitations under the License.
19 # ============LICENSE_END=========================================================
21 _CONFIG_PATH = "/opt/onap/config.txt" # Path to config file on the Cloudify Manager host
22 _CONSUL_KEY = "k8s-plugin" # Key under which CM configuration is stored in Consul
24 # Default configuration values
25 DCAE_NAMESPACE = "dcae"
26 CONSUL_DNS_NAME = "consul"
27 DEFAULT_K8S_LOCATION = "central"
28 DEFAULT_MAX_WAIT = 1800
30 FB_LOG_PATH = "/var/log/onap"
31 FB_DATA_PATH = "/usr/share/filebeat/data"
32 FB_CONFIG_PATH = "/usr/share/filebeat/filebeat.yml"
33 FB_CONFIG_SUBPATH = "filebeat.yml"
34 FB_CONFIG_MAP = "filebeat-conf"
35 FB_IMAGE = "docker.elastic.co/beats/filebeat:5.5.0"
37 TLS_CERT_PATH = "/opt/app/osaaf"
38 TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0"
39 TLS_COMP_CERT_PATH = "/opt/dcae/cacert"
40 TLS_CA_CONFIGMAP = "dcae-cacert-configmap"
42 EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0"
43 EXT_TLS_REQUEST_URL = "https://oom-cert-service:8443/v1/certificate/"
44 EXT_TLS_TIMEOUT = "30000"
45 EXT_TLS_COUNTRY = "US"
46 EXT_TLS_ORGANIZATION = "Linux-Foundation"
47 EXT_TLS_STATE = "California"
48 EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP"
49 EXT_TLS_LOCATION = "San-Francisco"
50 EXT_TLS_CERT_SECRET_NAME = "oom-cert-service-client-tls-secret"
51 EXT_TLS_KEYSTORE_PASSWORD_SECRET_NAME = "oom-cert-service-keystore-password"
52 EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_NAME = "oom-cert-service-truststore-password"
53 EXT_TLS_KEYSTORE_SECRET_KEY = "keystore.jks"
54 EXT_TLS_TRUSTSTORE_SECRET_KEY = "truststore.jks"
55 EXT_TLS_KEYSTORE_PASSWORD_SECRET_KEY = "password"
56 EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_KEY = "password"
58 CERT_POST_PROCESSOR_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0"
59 CBS_BASE_URL = "https://config-binding-service:10443/service_component_all"
61 CMPV2_ISSUER_ENABLED = "false"
62 CMPV2_ISSUER_NAME = "cmpv2-issuer-onap"
65 """ Set default configuration parameters """
67 "namespace" : DCAE_NAMESPACE, # k8s namespace to use for DCAE
68 "consul_dns_name" : CONSUL_DNS_NAME, # k8s internal DNS name for Consul
69 "default_k8s_location" : DEFAULT_K8S_LOCATION, # default k8s location to deploy components
70 "image_pull_secrets" : [], # list of k8s secrets for accessing Docker registries
71 "max_wait": DEFAULT_MAX_WAIT, # Default maximum time to wait for component to become healthy (secs)
72 "filebeat": { # Configuration for setting up filebeat container
73 "log_path" : FB_LOG_PATH, # mount point for log volume in filebeat container
74 "data_path" : FB_DATA_PATH, # mount point for data volume in filebeat container
75 "config_path" : FB_CONFIG_PATH, # mount point for config volume in filebeat container
76 "config_subpath" : FB_CONFIG_SUBPATH, # subpath for config data in filebeat container
77 "config_map" : FB_CONFIG_MAP, # ConfigMap holding the filebeat configuration
78 "image": FB_IMAGE # Docker image to use for filebeat
80 "tls": { # Configuration for setting up TLS
81 "cert_path" : TLS_CERT_PATH, # mount point for certificate volume in TLS init container
82 "image": TLS_IMAGE, # Docker image to use for TLS init container
83 "component_cert_dir": TLS_COMP_CERT_PATH # default mount point for certificate volume in component container
86 "image_tag": EXT_TLS_IMAGE, # Docker image to use for external TLS init container
87 "request_url" : EXT_TLS_REQUEST_URL, # URL to Cert Service API
88 "timeout" : EXT_TLS_TIMEOUT, # Request timeout
89 "country" : EXT_TLS_COUNTRY, # Country name in ISO 3166-1 alpha-2 format, for which certificate will be created
90 "organization" : EXT_TLS_ORGANIZATION, # Organization name, for which certificate will be created
91 "state" : EXT_TLS_STATE, # State name, for which certificate will be created
92 "organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT, # Organizational unit name, for which certificate will be created
93 "location" : EXT_TLS_LOCATION, # Location name, for which certificate will be created
94 "cert_secret_name": EXT_TLS_CERT_SECRET_NAME, # Name of secret containing keystore and truststore for secure communication of Cert Service Client and Cert Service
95 "keystore_secret_key" : EXT_TLS_KEYSTORE_SECRET_KEY, # Key for keystore value exists in secret (cert_secret_name)
96 "truststore_secret_key" : EXT_TLS_TRUSTSTORE_SECRET_KEY, # Key for truststore value exists in secret (cert_secret_name)
97 "keystore_password_secret_name": EXT_TLS_KEYSTORE_PASSWORD_SECRET_NAME, # Name of secret containing password for keystore for secure communication of Cert Service Client and Cert Service
98 "truststore_password_secret_name": EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_NAME, # Name of secret containing password for truststore for secure communication of Cert Service Client and Cert Service
99 "keystore_password_secret_key" : EXT_TLS_KEYSTORE_PASSWORD_SECRET_KEY, # Key for keystore password value exists in secret (keystore_password_secret_name)
100 "truststore_password_secret_key" : EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_KEY # Key for truststore password value exists in secret (truststore_password_secret_name)
103 "cert_post_processor": {
104 "image_tag": CERT_POST_PROCESSOR_IMAGE # Docker image to use for cert post processor init container
107 "base_url" : CBS_BASE_URL # URL prefix for accessing config binding service
110 "enabled": CMPV2_ISSUER_ENABLED,
111 "name": CMPV2_ISSUER_NAME
115 def configure(config_path=_CONFIG_PATH, key = _CONSUL_KEY):
117 Get configuration information from local file and Consul.
118 Note that the Cloudify context ("ctx") isn't available at
122 from cloudify.exceptions import NonRecoverableError
126 import ConfigParser as configparser
127 from k8splugin import discovery
128 config = _set_defaults()
131 # Get Consul address from a config file
132 c = configparser.ConfigParser()
134 config["consul_host"] = c.get('consul','address')
136 # Get the rest of the config from Consul
137 conn = discovery.create_kv_conn(config["consul_host"])
138 val = discovery.get_kv_value(conn, key)
140 # Merge Consul results into the config
143 except discovery.DiscoveryKVEntryNotFoundError as e:
144 # Don't reraise error, assume defaults are wanted.
147 except Exception as e:
148 raise NonRecoverableError(e)