Code Review / dmaap / buscontroller.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: d416829)
Integrate AAF certificate and CA truststore 83/44983/1
authordglFromAtt <dgl@research.att.com>
Tue, 24 Apr 2018 12:46:34 +0000 (08:46 -0400)
committerdglFromAtt <dgl@research.att.com>
Tue, 24 Apr 2018 12:46:40 +0000 (08:46 -0400)
This installs a server certificate with CN: dbc.api.simpledemo.onap.org
which is probably good for the heat integration environment.

Also, the container truststore is updated with the AAFRootCA
so that Bus Controller can be a client to other ONAP components with
AAF provided certificates.

Change-Id: I158929dd86fa550f964fab18eb8e975cde8062d8
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-435

Dockerfile patch | blob | history
README.md patch | blob | history
misc/cert-client-init.sh patch | blob | history
misc/dbc-api.jks [new file with mode: 0644] patch | blob
misc/dmaapbc patch | blob | history
misc/doaction patch | blob | history
pom.xml patch | blob | history
version.properties patch | blob | history

diff --git a/Dockerfile b/Dockerfile
index cea2529..8c4eb17 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,7 @@ COPY target/buscontroller.jar ${insdir}/lib/
 # COPY target/site/apidocs/ ${insdir}/www/doc/
 COPY misc/LocalKey ${insdir}/etc/
 COPY misc/logback.xml ${insdir}/etc/
+COPY misc/dbc-api.jks ${insdir}/etc/keystore
 COPY misc/opensource.env ${insdir}/misc/
 COPY misc/*.tmpl ${insdir}/misc/
 COPY misc/cert-client-init.sh ${insdir}/misc/
diff --git a/README.md b/README.md
index 3bc4fb4..773c04b 100644 (file)
--- a/README.md
+++ b/README.md
@@ -78,7 +78,7 @@ DMAAPBC_PE_AAF_ENV=TBD
 Then the following steps could be used to pull and run the Bus Controller.  (onap-nexus is just an example)
 ```
 $ 
-$ docker pull ecomp-nexus:51212/dcae_dmaapbc:1.0.0
-$ docker run -d -p 18080:8080 -v /tmp/docker-databus-controller.conf:/opt/app/config/conf onap-nexus:51212/dmaap/buscontroller:1.0.0
+$ docker pull nexus3.onap.org:10003/onap/dmaap/buscontroller:latest
+$ docker run -d -p 18080:8080 -p 18443:8443 -v /tmp/docker-databus-controller.conf:/opt/app/config/conf nexus3.onap.org:10003/onap/dmaap/buscontroller:latest
 ```
 
diff --git a/misc/cert-client-init.sh b/misc/cert-client-init.sh
index 53701f8..cba9354 100644 (file)
--- a/misc/cert-client-init.sh
+++ b/misc/cert-client-init.sh
@@ -8,35 +8,49 @@
 #      Works on both CentOS and Ubuntu.
 #
 set -x
-cat >/tmp/aafcacert.crt <<'!EOF'
+
+# IMPORTANT: use a .crt suffix for update-ca-certificates to work
+#
+AAFCERT=AAF_RootCA.crt
+cat >/tmp/$AAFCERT <<'!EOF'
 -----BEGIN CERTIFICATE-----
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-*******   PUT REAL CERTIFICATE HERE ****************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
 -----END CERTIFICATE-----
 !EOF
-chmod 444 /tmp/aafcacert.crt
+chmod 444 /tmp/$AAFCERT
 if [ -f /etc/redhat-release ]
 then
-       mv /tmp/aafcacert.crt /etc/pki/ca-trust/source/anchors/aafcacert.pem
+       mv /tmp/$AAFCERT /etc/pki/ca-trust/source/anchors/aafcacert.pem
        update-ca-trust
 else
-       mv /tmp/aafcacert.crt /usr/local/share/ca-certificates/aafcacert.crt
+       mv /tmp/$AAFCERT /usr/local/share/ca-certificates/$AAFCERT
        update-ca-certificates
 fi
diff --git a/misc/dbc-api.jks b/misc/dbc-api.jks
new file mode 100644 (file)
index 0000000..8c0f61a
Binary files /dev/null and b/misc/dbc-api.jks differ
diff --git a/misc/dmaapbc b/misc/dmaapbc
index c63fcee..5254108 100644 (file)
--- a/misc/dmaapbc
+++ b/misc/dmaapbc
@@ -43,13 +43,15 @@ config() {
        else
                echo "Not creating $APP_ROOT/ok_to_exit"
        fi      
-       # comment out till certs are available
-       #if [ ! -f $APP_ROOT/misc/cert-client-init.sh ]
-       #then
-       #       echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore"
-       #       exit 1
-       #fi
-       #$APP_ROOT/misc/cert-client-init.sh
+       
+       if [ ! -f $APP_ROOT/misc/cert-client-init.sh ]
+       then
+               echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore"
+               exit 1
+       fi
+       $APP_ROOT/misc/cert-client-init.sh
+       . misc/havecert.tmpl > etc/havecert
+       chmod +x etc/havecert
        . misc/dmaapbc.properties.tmpl > etc/dmaapbc.properties
     . misc/PolicyEngineApi.properties.tmpl > config/PolicyEngineApi.properties
        set +x
@@ -71,14 +73,13 @@ start() {
        fi
        cd $APP_ROOT
 
-# disable until we use certs
-#      if etc/havecert
-#      then
+       if etc/havecert
+       then
                echo >/dev/null
-#      else
-#              echo No certificate file available.  Cannot start
-#              exit 0
-#      fi
+       else
+               echo No certificate file available.  Cannot start
+               exit 0
+       fi
        PIDS=`pids`
        if [ "$PIDS" != "" ]
        then
diff --git a/misc/doaction b/misc/doaction
index d3dd9b8..18b0caa 100644 (file)
--- a/misc/doaction
+++ b/misc/doaction
@@ -20,7 +20,6 @@ case "$action" in
        /bin/bash dmaapbc.properties.tmpl >dmaapbc.properties
        /bin/bash havecert.tmpl >havecert
        /bin/bash PolicyEngineApi.properties.tmpl > ../config/PolicyEngineApi.properties
-       echo "$AFTSWM_ACTION_NEW_VERSION" >VERSION.dmaapbc
        chmod +x havecert
        rm -f /opt/app/platform/rc.d/K90dmaapbc /opt/app/platform/rc.d/S10dmaapbc
        ln -s ../init.d/dmaapbc /opt/app/platform/rc.d/K90dmaapbc
diff --git a/pom.xml b/pom.xml
index 3625897..876c12d 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -302,7 +302,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <jettyVersion>9.3.7.v20160115</jettyVersion>
     <eelf.version>0.0.1</eelf.version>
-    <artifact.version>1.0.8</artifact.version>
+    <artifact.version>1.0.9</artifact.version>
                <!--  SONAR  -->
                 <jacoco.version>0.7.7.201606060606</jacoco.version>
            <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
diff --git a/version.properties b/version.properties
index 9a4bc7e..8f72e5e 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -27,7 +27,7 @@
 
 major=1
 minor=0
-patch=8
+patch=9
 base_version=${major}.${minor}.${patch}
 
 # Release must be completed with git revision # in Jenkins
Provides a northbound REST API to ONAP clients to manage DMaaP resources. This includes DMaaP components such as MR and DR, as well as provisioning of topics and feeds. Southbound, it communicates with the respective component APIs.