Add aaf tls certifiacte support

Updated registration input to match
k8s - https://git.onap.org/oom/tree/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml

Issue-ID: DCAEGEN2-716
Change-Id: I52041ddc168e31abe083eaed4a88bfc40a5a2780
Signed-off-by: Lusheng Ji <lji@research.att.com>
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>

diff --git a/heat/docker-compose-1.yaml b/heat/docker-compose-1.yaml
index edc6bba..72c84df 100644 (file)
--- a/heat/docker-compose-1.yaml
+++ b/heat/docker-compose-1.yaml
@@ -61,9 +61,19 @@ services:
        - "10000:10000"
       depends_on:
        - "consul"
+       - "tls-init"
       labels:
        - "SERVICE_10000_NAME=config_binding_service"
        - "SERVICE_10000_CHECK_HTTP=/healthcheck"
        - "SERVICE_10000_CHECK_INTERVAL=15s"
        - "SERVICE_10000_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
+
+   tls-init:
+      image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.deployments.tls-init-container:{{ dcae_docker_tls }}"
+      container_name: "tls-init"
+      hostname: "tls-init"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"

diff --git a/heat/docker-compose-2.yaml b/heat/docker-compose-2.yaml
index 317aec4..dca210e 100644 (file)
--- a/heat/docker-compose-2.yaml
+++ b/heat/docker-compose-2.yaml
@@ -20,6 +20,8 @@ services:
        - "SERVICE_8080_CHECK_HTTP=/healthcheck"
        - "SERVICE_8080_CHECK_INTERVAL=15s"
        - "SERVICE_8080_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
 
    mvp-dcaegen2-analytics-tca:
@@ -51,6 +53,8 @@ services:
        - "SERVICE_11011_CHECK_HTTP=/cdap/ns/cdap_tca_hi_lo"
        - "SERVICE_11011_CHECK_INTERVAL=15s"
        - "SERVICE_11011_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
    mvp-dcaegen2-analytics-holmes-engine-management:
       image: "{{ nexus_docker_repo }}/onap/holmes/engine-management:{{ holmes_docker_em }}"
@@ -70,6 +74,8 @@ services:
        - "9102:9102"
       labels:
        - "SERVICE_9102_IGNORE=true"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
    mvp-dcaegen2-analytics-holmes-rule-management:
       image: "{{ nexus_docker_repo }}/onap/holmes/rule-management:{{ holmes_docker_rm }}"
@@ -89,4 +95,5 @@ services:
        - "9101:9101"
       labels:
        - "SERVICE_9101_IGNORE=true"
-
+      volumes:
+       - "./tls/shared:/opt/tls/shared"

diff --git a/heat/docker-compose-3.yaml b/heat/docker-compose-3.yaml
index 3eef2bc..6ef467c 100644 (file)
--- a/heat/docker-compose-3.yaml
+++ b/heat/docker-compose-3.yaml
@@ -16,6 +16,8 @@ services:
        - "SERVICE_8080_CHECK_HTTP=/dcae-service-types"
        - "SERVICE_8080_CHECK_INTERVAL=15s"
        - "SERVICE_8080_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
 
    service-change-handler:
@@ -33,6 +35,8 @@ services:
        - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/health.sh"
        - "SERVICE_CHECK_INTERVAL=15s"
        - "SERVICE_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
 
    deployment_handler:
@@ -50,6 +54,8 @@ services:
        - "SERVICE_8443_CHECK_HTTP=/"
        - "SERVICE_8443_CHECK_INTERVAL=15s"
        - "SERVICE_8443_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/app/dh/etc/cert/"
 
 
    policy_handler:
@@ -64,4 +70,6 @@ services:
        - "SERVICE_25577_CHECK_HTTP=/healthcheck"
        - "SERVICE_25577_CHECK_INTERVAL=15s"
        - "SERVICE_25577_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/app/policy_handler/etc/tls/certs/"
 

diff --git a/heat/docker-compose-4.yaml b/heat/docker-compose-4.yaml
index f284f29..11272dd 100644 (file)
--- a/heat/docker-compose-4.yaml
+++ b/heat/docker-compose-4.yaml
@@ -20,6 +20,8 @@ services:
        - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/snmptrap/bin/snmptrapd.sh status"
        - "SERVICE_CHECK_INTERVAL=300s"
        - "SERVICE_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
 
    prh:
@@ -42,6 +44,8 @@ services:
        - "SERVICE_8082_CHECK_HTTP=/heartbeat"
        - "SERVICE_8082_CHECK_INTERVAL=15s"
        - "SERVICE_8082_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
 
    hvves:
@@ -64,6 +68,8 @@ services:
        - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/hvves/bin/healthcheck.sh"
        - "SERVICE_CHECK_INTERVAL=15s"
        - "SERVICE_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
 
    datafile:
@@ -84,6 +90,8 @@ services:
        - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
        - "SERVICE_CHECK_INTERVAL=15s"
        - "SERVICE_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
    mapper-universalvesadaptor:
       image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:{{ dcae_docker_mua }}"
@@ -103,6 +111,8 @@ services:
        - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
        - "SERVICE_CHECK_INTERVAL=15s"
        - "SERVICE_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
    mapper-snmp:
       image: "{{ nexus_docker_repo }}/onap/org.onap.dcaegen2.services.mapper.vesadapter.snmpmapper:{{ dcae_docker_msnmp }}"
@@ -122,6 +132,8 @@ services:
        - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
        - "SERVICE_CHECK_INTERVAL=15s"
        - "SERVICE_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 
 
    heartbeat:
@@ -142,4 +154,6 @@ services:
        - "SERVICE_CHECK_DOCKER_SCRIPT=/opt/app/datafile/bin/healthcheck.sh"
        - "SERVICE_CHECK_INTERVAL=15s"      
        - "SERVICE_CHECK_INITIAL_STATUS=passing"
+      volumes:
+       - "./tls/shared:/opt/tls/shared"
 

diff --git a/heat/register.sh b/heat/register.sh
index 6bd7b7b..66c4f72 100755 (executable)
--- a/heat/register.sh
+++ b/heat/register.sh
@@ -197,7 +197,10 @@ REGKV='
   "policy_handler": {
     "deploy_handler": {
         "target_entity": "deployment_handler",
+        "tls_ca_mode": "do_not_verify",
         "max_msg_length_mb": 5,
+        "url" : "https://{{ dcae_ip_addr }}:8188",
+        "tls_ca_mode" : "cert_directory",
         "query": {
           "cfy_tenant_name": "default_tenant"
         }
@@ -214,6 +217,9 @@ REGKV='
     },
     "policy_engine": {
       "path_api": "/pdp/api/",
+      "path_notifications" : "/pdp/notifications",
+      "tls_ca_mode" : "cert_directory",
+      "tls_wss_ca_mode" : "cert_directory",
       "headers": {
         "Environment": "TEST",
         "ClientAuth": "cHl0aG9uOnRlc3Q=",
@@ -222,8 +228,10 @@ REGKV='
         "Authorization": "Basic dGVzdHBkcDphbHBoYTEyMw=="
       },
       "path_pdp": "/pdp/",
-      "url": "http://{{ policy_ip_addr }}:8081",
-      "target_entity": "policy_engine"
+      "url": "https://{{ policy_ip_addr }}:8081",
+      "target_entity": "policy_engine",
+      "tls_wss_ca_mode": "do_not_verify", 
+      "tls_ca_mode": "do_not_verify"
     }
   }
 }'