From: Agarwal, Ruchira (ra1926) Date: Thu, 9 Apr 2020 16:15:58 +0000 (+0000) Subject: integrate spring sli container with AAF X-Git-Tag: 1.0.0~18 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=ccsdk%2Fdistribution.git;a=commitdiff_plain;h=c54e03858c9fd593f239843fbcc3a81c5a909dd8;ds=sidebyside integrate spring sli container with AAF add certs and configure spring sli for AAF Issue-ID: CCSDK-2304 Signed-off-by: Agarwal, Ruchira (ra1926) Change-Id: Ia4f784a42ee7e5db0b3a2b82b55b23af705797ce --- diff --git a/sliboot/pom.xml b/sliboot/pom.xml index 9b67bdd2..7e0d73f7 100644 --- a/sliboot/pom.xml +++ b/sliboot/pom.xml @@ -99,10 +99,20 @@ src/main/resources *.properties + *.props *.sql true + + src/main/resources + + *.keyfile + *.jks + *.p12 + + false + diff --git a/sliboot/src/main/compose/docker-compose.yaml b/sliboot/src/main/compose/docker-compose.yaml index fbce3b6d..45b185ff 100755 --- a/sliboot/src/main/compose/docker-compose.yaml +++ b/sliboot/src/main/compose/docker-compose.yaml @@ -22,7 +22,7 @@ services: - db container_name: sliboot_sli_container ports: - - "8080:8080" + - "8443:8443" links: - db:dbhost environment: @@ -36,5 +36,7 @@ services: options: max-size: "30m" max-file: "5" + extra_hosts: + aaf-onap-test.osaaf.org: 10.12.5.145 diff --git a/sliboot/src/main/docker/Dockerfile b/sliboot/src/main/docker/Dockerfile index 3be2717e..3269d43e 100644 --- a/sliboot/src/main/docker/Dockerfile +++ b/sliboot/src/main/docker/Dockerfile @@ -42,4 +42,4 @@ RUN chmod +x ${CCSDK_HOME}/bin/*.sh USER sli WORKDIR ${CCSDK_HOME} ENTRYPOINT /opt/onap/ccsdk/bin/startSliboot.sh -EXPOSE 8080 +EXPOSE 8443 diff --git a/sliboot/src/main/resources/application.properties b/sliboot/src/main/resources/application.properties index 9be28c3a..db2f39e0 100644 --- a/sliboot/src/main/resources/application.properties +++ b/sliboot/src/main/resources/application.properties @@ -1,6 +1,5 @@ springfox.documentation.swagger.v2.path=/api-docs server.contextPath=/restconf -server.port=8080 spring.jackson.date-format=org.onap.ccsdk.sli.core.sliapi.springboot.controllers.swagger.RFC3339DateFormat spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS=false logging.level.com.att=TRACE @@ -15,4 +14,12 @@ spring.jpa.show-sql=true spring.jpa.hibernate.ddl-auto=update spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyHbmImpl spring.jpa.hibernate.naming.physical-strategy=org.springframework.boot.orm.jpa.hibernate.SpringPhysicalNamingStrategy -spring.jpa.database=mysql \ No newline at end of file +spring.jpa.database=mysql +server.port=8443 +server.ssl.key-store=classpath:org.onap.sdnc.p12 +server.ssl.key-store-type=PKCS12 +server.ssl.key-store-password=;:G58,7ZhqOSI:7^oZCY[9Dv +server.ssl.key-password=;:G58,7ZhqOSI:7^oZCY[9Dv +server.ssl.enabled=true +server.ssl.protocol=TLS +server.ssl.key-alias=sdnc@sdnc.onap.org diff --git a/sliboot/src/main/resources/org.onap.sdnc.cred.props b/sliboot/src/main/resources/org.onap.sdnc.cred.props new file mode 100644 index 00000000..e702d610 --- /dev/null +++ b/sliboot/src/main/resources/org.onap.sdnc.cred.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2020-04-07T19:49:10.483+0000 +# @copyright 2019, AT&T +############################################################ +Challenge=enc:gsZC3qJk3ylRSusYHUQqBiflWlKXn4rnh-fULJmfIU3RAphd_AHmZ6c6kl42qcJE +cadi_alias=sdnc@sdnc.onap.org +cadi_key_password=enc:HLzeIrsDqKLcY1fNlbRTXVch5RrfUvAXKW_sJ9cv9Rs49q8GsiPsZDqboJXAT-lF +cadi_keyfile=/opt/onap/ccsdk/config/org.onap.sdnc.keyfile +cadi_keystore=/opt/onap/ccsdk/config/org.onap.sdnc.p12 +cadi_keystore_password=enc:aH6rL1KPu8ZzMtQ16FiMvGE-janpERZBU3tnVuGcXBaK2T9_3F28UuBH-GJ2BRjM +cadi_keystore_password_jks=enc:ydq6zoDeWGdBbFXkF_bLHJ4HrhMn-cSZ11m-NUNCm116gYhsjF1HKfkqs6Wrn6Zl +cadi_keystore_password_p12=enc:aH6rL1KPu8ZzMtQ16FiMvGE-janpERZBU3tnVuGcXBaK2T9_3F28UuBH-GJ2BRjM +cadi_truststore=/opt/onap/ccsdk/config/org.onap.sdnc.trust.jks +cadi_truststore_password=enc:Lhl6jEPxCYutrEpioq0woR1ypC4K1i9yPWKGRG7s9eARe5egSzsEBCooiKB7om5B +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/sliboot/src/main/resources/org.onap.sdnc.keyfile b/sliboot/src/main/resources/org.onap.sdnc.keyfile new file mode 100644 index 00000000..eb8fe842 --- /dev/null +++ b/sliboot/src/main/resources/org.onap.sdnc.keyfile @@ -0,0 +1,27 @@ +Xgwa72kLHXU9NRElW4t4taIjudICPqMwywqYe1HVQ7Ve9ccqRRksY9gjK4hnDwU9mn0XdYEMlIU2 +OMWL4ck6PaxjHlaVR1qVBIFRcrkXs_ttagrjijBxXvJvJVI60JMCBGmIgNkI78wnEZOi6PLG0x7S +agVQM34a5HHBEMePfqtgO-J8rBXMaeIrpHOTTEEtZXU-ZvbI8VZWhCD0e9fnn3YlFQaPeni0zqOE +NY_lV6ZxlAtD5RCKdQWuU4O_cmmv3_LpIm41NT7Dn4sG6QzHjw2WM5essLTCEUvXJntlj3OmZTkr +p4lPBVAWg2-qc_ZZyY2VEtoxVmKIMP15ctq50RVgPtQMmd-hdj5I51yW5MQYSM4jTgxtspiGUDJq +ftsxb76K5w76X-ADxpZt85bEe068dwEoqZd5Qe33jIcZD2iNfGUb_ee1vSVlTQO1JlGqHAelUNks +ellL5WE7X4g4TCG8KW38_GUOyohyQ5pv-Mozq-Sxz2bK8JCBs6hFBhKbnE07x3yY7SOBVnDbdCec +cXZ86TNcdOsxBdqfNXD4PK_qMiXZTh3OMRsEG8IhhFyD3sbpFEyVhU_96o47iOgvAeAAiIKJ2Uww +QUTHfNxp7LWUTw7aHhmK4wZLpFS-Lz1seat65uNp9DRuQ9jin0Hpi0XW1UwY4WzYvWeiQh2swwM8 +XCz9jawem18wTJ-pZUvKtkAQ5ImwSBuIFaKoUkbiowrNAGFOFGaFhtapV1uvehPlpmzbvn9HfPO8 +1xAp3Jusu3G4tGrrsJdvkenUB-3BbcJHMPE-Ku1jEWGoOXnrn0WURiHXhYMy8gWbko56ykftIJRP +Q4bq4TCwxNE8nzhNXSh0_dqYK0JlAkoOtvkBogM42Ljly5ODCIDb7NZFtTyK3FpYVXLC-um9wYxI +2t7V5N-nPinFf9hWzgTCvnjfAn0X2kAWTBQVwO-Sxepy40ZbTkEkQzsKyFKa3pnB_BmkE6dvQMqj +QZlg5dpu3eacVSMPaZCdgISYN-pYrWNYtPKKlxYQgsK0Z6hJuS-87snx-WYRN4SRhWBY_b-G1EsZ +SeL9L8daNXYzmOHnprenlz5ZqitnM_KoL9th_rG4krV8-Nlw1Rh7K_YcXuFsKGTlzYbuoHyM1CBn +oWPIf32W5DN4BRcSTi74wV_tScQL4sueKYo3epZMrTA0djFyq94-wyA0bOzySQxcrGIvvLMITJ51 +U6c845RXFAK8_Z2Nt8-Mdv6Ox_KDmZtX4P9bNJ21nM9D9Htgr2H5GIBXFBt_ZDUzwZ5WLrs-l4Li +26dHL5OudyekOaI4BVxg_09hRD9xNPpU5kiVcz5_QAi7QsnYqf53oB55H_NEhq1h3KOmqzJw9q7M +kYQgO-q5Y5dIvduBe9zruFIQIt-WhhRJM8v4i50QNaOCnbZfmDalStlSzFX9xEXKESU8q-7VwxRT +Aro7Teu_fS3PXvsgr6hHSf-SK2zbrizPG-5AaPn3SkBoU-3Ofr-HeJfihx0NnvcCnjDYvQw9C5d6 +845zvcrJrphNkXVPNO23lRMTEuStQiCbbdZcaNcPFXMpjlS4x8tonxwNqBBa4CwO7p5omkayEVLi +i_JbOg4JSor1C_cSnA9TIfEcwVe9znPeEE01uFp_IBP5rJHuiInca-f7NbZFDkhO5LJPIoyvmTHZ +76LBniKhcocSW8CR7Gc9Q8wxXJFEivQb4JvA1gd8VZ_A31yqnSTnApxGcAu1DEHNnCd9AVYIq9jd +weFikVaf5n3GF-DBYxeesu1ChEmTOLN0tZw43uyAvqWrqLU_m5DspMAv-MNA0ddgcMOw8yph0035 +5HgcosFyhnx_FByGJtbr0bahZ1dJnswN_lXlRUYB2-WYnWUot-ONKiw3cD7kU095p3zPOHkd6KlI +cyRcCDVN9KQkE-S9VDWBWD8V2A6wudLLICsRug_Ypa6doZKGcF335ZT9U54R9DNqUHCf3IEu0xl3 +YlQrkCwrFZB8WVMkfJQJKFfqYyjeH-t-afS3JR-PkH-qBRDFFYZ3m1anYuZI20-IiP8BZKCI \ No newline at end of file diff --git a/sliboot/src/main/resources/org.onap.sdnc.p12 b/sliboot/src/main/resources/org.onap.sdnc.p12 new file mode 100644 index 00000000..23a701a2 Binary files /dev/null and b/sliboot/src/main/resources/org.onap.sdnc.p12 differ diff --git a/sliboot/src/main/resources/org.onap.sdnc.props b/sliboot/src/main/resources/org.onap.sdnc.props new file mode 100644 index 00000000..adef904d --- /dev/null +++ b/sliboot/src/main/resources/org.onap.sdnc.props @@ -0,0 +1,14 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2020-04-07T19:49:08.370+0000 +# @copyright 2019, AT&T +############################################################ +aaf_id=sdnc@sdnc.onap.org +aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +cadi_latitude=38.432899 +cadi_longitude=-90.43248 +cadi_prop_files=/opt/onap/ccsdk/config/org.onap.sdnc.cred.props +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 +cadi_protocols=TLSv1.1,TLSv1.2 diff --git a/sliboot/src/main/resources/org.onap.sdnc.trust.jks b/sliboot/src/main/resources/org.onap.sdnc.trust.jks new file mode 100644 index 00000000..7a698619 Binary files /dev/null and b/sliboot/src/main/resources/org.onap.sdnc.trust.jks differ diff --git a/sliboot/src/main/resources/startSliboot.sh b/sliboot/src/main/resources/startSliboot.sh index db1dfaa0..8c5f723c 100644 --- a/sliboot/src/main/resources/startSliboot.sh +++ b/sliboot/src/main/resources/startSliboot.sh @@ -25,6 +25,8 @@ export CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} export SLIBOOT_JAR=${SLIBOOT_JAR:-${ccsdk.sliboot.jar}} export SVCLOGIC_DIR=${SVCLOGIC_DIR:-opt/onap/ccsdk/svclogic/graphs} export LOG_PATH=${LOG_PATH:-/var/log/onap/ccsdk} +export CCSDK_CONFIG_DIR=${CCSDK_CONFIG_DIR:-/opt/onap/ccsdk/config} +export JAVA_SECURITY_DIR=${JAVA_SECURITY_DIR:-/etc/ssl/certs/java} # # Wait for database @@ -51,6 +53,12 @@ END # Initialize schema mysql -h ${MYSQL_DB_HOST} -u ${MYSQL_DB_USER} -p${MYSQL_DB_PASSWD} ${MYSQL_DB_DATABASE} < ${CCSDK_HOME}/config/schema.sql +# Install ssl and java certificates +COPY $CCSDK_CONFIG_DIR/truststoreONAPall.jks $JAVA_SECURITY_DIR +RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit + +echo -e "\nCerts ready" + cd $CCSDK_HOME -java -DserviceLogicDirectory=${SVCLOGIC_DIR} -DLOG_PATH=${LOG_PATH} -jar ${CCSDK_HOME}/lib/${SLIBOOT_JAR} +java -DserviceLogicDirectory=${SVCLOGIC_DIR} -Dcadi_prop_files=${CCSDK_CONFIG_DIR}/org.onap.sdnc.props -Dserver.ssl.key-store=${CCSDK_CONFIG_DIR}/org.onap.sdnc.p12 -DLOG_PATH=${LOG_PATH} -jar ${CCSDK_HOME}/lib/${SLIBOOT_JAR} diff --git a/sliboot/src/main/resources/truststoreONAPall.jks b/sliboot/src/main/resources/truststoreONAPall.jks new file mode 100644 index 00000000..ff844b10 Binary files /dev/null and b/sliboot/src/main/resources/truststoreONAPall.jks differ