1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
7 .. contents:: Table of Contents
9 SSL DmaaP Certificates and Configuration
10 ----------------------------------------
12 Configuration related to ssl can be found in the ``dmaapbc.properties``.
13 File is located in the ``/opt/app/dmaapbc/etc`` on the dmaap-bc pod. Directory contains also truststore and keystore files used in the ssl setup.
14 Each change in the configuration file requires restart of the application container
19 # Allow http access to API
23 # The port number for http as seen within the server
27 # The port number for https as seen within the server
28 # Set to 0 if no certificate is available yet...
32 # The external port number for https taking port mapping into account
36 # The type of keystore for https
40 # The path to the keystore for https
42 KeyStoreFile: etc/keystore
44 # The password for the https keystore
46 KeyStorePassword: <keystore_password>
48 # The password for the private key in the https keystore
50 KeyPassword: <key_password>
52 # The type of truststore for https
56 # The path to the truststore for https
58 TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
60 # The password for the https truststore
62 TrustStorePassword: <truststore_password>
68 Usage of AAF can be turned on/off by setting ``UseAAF`` flag to ``true/false`` in the ``dmaapbc.properties`` file. By default AFF usage is turned on.
69 Property ``cadi.properties`` points to absolute path of the property file generated by AAF for the DmaaP BC application (``dmaap-bc@dmaap-bc.onap.org`` user).
70 This file is one of the AAF configuration files enabling authentication and authorization for DmaaP BC REST API.
80 # path to cadi.properties
82 cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
85 Complete AAF configuration consist of following files:
86 - org.onap.dmaap-bc.props - main configuration file
87 - org.onap.dmaap-bc.location.props - geographic coordinates of the application
88 - org.onap.dmaap-bc.cred.props - properties related to credentials, keystore and truststore
89 - org.onap.dmaap-bc.keyfile - keyfile
90 - org.onap.dmaap-bc.p12 - keystore
91 - org.onap.dmaap-bc.trust.jks - truststore
94 All listed files are located in the ``/opt/app/dmaapbc/etc`` directory.
95 File ``org.onap.dmaap-bc.props`` links together all property files by defining them in the ``cadi_prop_files`` property.
96 By default all paths to other AAF related configuration points to ``/opt/app/osaaf/local/`` directory.
97 This directory is default location that can be changed during generation of configuration files in the AAF application.
98 In order to not duplicate mentioned files on the dmaap-bc pod following symbolic link is created in the filesystem:
102 ln -s /opt/app/dmaapbc/etc /opt/app/osaaf/local
105 User configured and used in DmaaP BC
106 ------------------------------------
108 dmaap-bc@dmaap-bc.onap.org
109 ~~~~~~~~~~~~~~~~~~~~~~~~~~
111 It is main user for the DmaaP BC application. It has permissions to validate if user accessing DmaaP BC REST api has appropriate permissions to
120 List Permissions by User[dmaap-bc@dmaap-bc.onap.org]
121 --------------------------------------------------------------------------------
122 PERM Type Instance Action
123 --------------------------------------------------------------------------------
124 org.onap.dmaap-bc.api.access * read
125 org.onap.dmaap-bc.certman local request,ignoreIPs,showpass
126 org.onap.dmaap-dr.feed * *
127 org.onap.dmaap-dr.sub * *
128 org.onap.dmaap.mr.access * *
129 org.onap.dmaap.mr.topic * *
130 org.onap.dmaap.mr.topic * view
131 org.onap.dmaap.mr.topicFactory :org.onap.dmaap.mr.topic:org.onap.dmaap.mr create,destroy
134 dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org
135 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
137 When ``UseAAF`` is set to true then creating topic also will create required perms in AAF. The perms will be created in ``org.onap.dmaap.mr`` namespace.
138 User ``dmaap-bc-topic-mgr`` is used in the process of creating such permissions.
145 org.onap.dmaap.mr.topic|:topic.org.onap.dmaap.mr.aSimpleTopic|pub org.onap.dmaap.mr.topic|:topic.org.onap.dmaap.mr.aSimpleTopic|sub org.onap.dmaap.mr.topic|:topic.org.onap.dmaap.mr.aSimpleTopic|view
153 List Permissions by User[dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org]
154 ---------------------------------------------------------------------------------------
155 PERM Type Instance Action
156 ---------------------------------------------------------------------------------------
157 org.onap.dmaap-dr.feed * *
158 org.onap.dmaap-dr.sub * *
159 org.onap.dmaap.mr.PNF_READY.access * *
160 org.onap.dmaap.mr.PNF_REGISTRATION.access * *
161 org.onap.dmaap.mr.access * *
162 org.onap.dmaap.mr.dgl_ready.access * *
163 org.onap.dmaap.mr.mirrormaker * admin
164 org.onap.dmaap.mr.mirrormaker * user
165 org.onap.dmaap.mr.topic * view
166 org.onap.dmaap.mr.topic :topic.org.onap.dmaap.mr.mirrormakeragent pub
167 org.onap.dmaap.mr.topic :topic.org.onap.dmaap.mr.mirrormakeragent sub
168 org.onap.dmaap.mr.topicFactory :org.onap.dmaap.mr.topic:org.onap.dmaap.mr create
169 org.onap.dmaap.mr.topicFactory :org.onap.dmaap.mr.topic:org.onap.dmaap.mr destroy
172 aaf_admin@people.osaaf.org
173 ~~~~~~~~~~~~~~~~~~~~~~~~~~
175 This user is used in the process of the post-installation during which appropriate namespaces and permissions are created in AAF.