From: efiacor Date: Thu, 18 Mar 2021 12:37:58 +0000 (+0000) Subject: [DMAAP-DR] Refactoring ssl csit suite X-Git-Url: https://gerrit.onap.org/r/gitweb?p=integration%2Fcsit.git;a=commitdiff_plain;h=452cf07374e1eba2220ca516e6ad690f7715b248 [DMAAP-DR] Refactoring ssl csit suite Signed-off-by: efiacor Change-Id: I6eafd28c5a61fda42ddc61b2d40c4c8208f62670 Issue-ID: DMAAP-1571 --- diff --git a/plans/dmaap-datarouter/ssl-dr-suite/setup.sh b/plans/dmaap-datarouter/ssl-dr-suite/setup.sh index e1f2cb46..53b4387c 100755 --- a/plans/dmaap-datarouter/ssl-dr-suite/setup.sh +++ b/plans/dmaap-datarouter/ssl-dr-suite/setup.sh @@ -1,8 +1,7 @@ #!/bin/bash -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,83 +15,11 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# - - -source ${SCRIPTS}/common_functions.sh - -# Clone DMaaP Data Router repo -mkdir -p $WORKSPACE/archives/dmaapdr -cd $WORKSPACE/archives/dmaapdr - -git clone --depth 1 https://gerrit.onap.org/r/dmaap/datarouter -b master -cd datarouter -git pull -cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources -cp $WORKSPACE/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml . -cp $WORKSPACE/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties ./prov_data/provserver.properties -cp $WORKSPACE/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties ./node_data/node.properties - -# start DMaaP DR containers with docker compose and configuration from docker-compose.yml -docker login -u docker -p docker nexus3.onap.org:10001 -docker-compose up -d - -# Wait for initialization of Docker container for datarouter-node, datarouter-prov and mariadb -for i in {1..10}; do - if [ $(docker inspect --format '{{ .State.Running }}' subscriber-node2) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' subscriber-node) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' datarouter-node) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' datarouter-prov) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' mariadb) ] - then - echo "DR Service Running" - break - else - echo sleep $i - sleep $i - fi -done - -# Wait for healthy container datarouter-prov -for i in {1..10}; do - if [ "$(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)" = 'healthy' ] - then - echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) - echo "DR Service Running, datarouter-prov container is healthy" - break - else - echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) - echo sleep $i - sleep $i - if [ $i = 10 ] - then - echo datarouter-prov container is not in healthy state - the test is not made, teardown... - cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources - docker-compose rm -sf - exit 1 - fi - fi -done - -DR_PROV_IP=`get-instance-ip.sh datarouter-prov` -DR_NODE_IP=`get-instance-ip.sh datarouter-node` -DR_SUB_IP=`get-instance-ip.sh subscriber-node` -DR_SUB2_IP=`get-instance-ip.sh subscriber-node2` -DR_GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' datarouter-prov) - -echo DR_PROV_IP=${DR_PROV_IP} -echo DR_NODE_IP=${DR_NODE_IP} -echo DR_SUB_IP=${DR_SUB_IP} -echo DR_SUB2_IP=${DR_SUB2_IP} -echo DR_GATEWAY_IP=${DR_GATEWAY_IP} - -sudo sed -i "$ a $DR_PROV_IP dmaap-dr-prov" /etc/hosts -sudo sed -i "$ a $DR_NODE_IP dmaap-dr-node" /etc/hosts - -python $WORKSPACE/scripts/dmaap-datarouter/update_ca.py - -docker exec -i datarouter-prov sh -c "curl -k -X PUT https://$DR_PROV_IP:8443/internal/api/PROV_AUTH_ADDRESSES?val=dmaap-dr-prov\|$DR_GATEWAY_IP" - -#Pass any variables required by Robot test suites in ROBOT_VARIABLES -ROBOT_VARIABLES="-v DR_PROV_IP:${DR_PROV_IP} -v DR_NODE_IP:${DR_NODE_IP} -v DR_SUB_IP:${DR_SUB_IP} -v DR_SUB2_IP:${DR_SUB2_IP}" \ No newline at end of file +# ============LICENSE_END===================================================== + +source ${WORKSPACE}/scripts/dmaap-datarouter/datarouter-launch.sh +# Launch DR. If true is passed, 2 subscriber containers are also deployed, else false. +dmaap_dr_launch true +cd ${WORKSPACE}/scripts/dmaap-datarouter/robot_ssl +# Add the root CA to robot framework. This is then removed on teardown. +python -c 'import update_ca; update_ca.add_onap_ca_cert()' \ No newline at end of file diff --git a/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh b/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh index d8ec4dc9..7ffd1fe2 100755 --- a/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh +++ b/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh @@ -1,8 +1,7 @@ #!/bin/bash -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,11 +15,18 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# +# ============LICENSE_END===================================================== -cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources +cd ${WORKSPACE}/archives/dmaap/dr +rm -rf last_run_logs/* +docker cp datarouter-prov:/opt/app/datartr/logs last_run_logs/prov_logs +docker cp datarouter-node:/opt/app/datartr/logs last_run_logs/node_event_logs +docker cp datarouter-node:/var/log/onap/datarouter last_run_logs/node_server_logs +docker cp subscriber-node:/var/log/onap/datarouter last_run_logs/sub1_logs +docker cp subscriber-node2:/var/log/onap/datarouter last_run_logs/sub2_logs +cd ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose sudo sed -i".bak" '/dmaap-dr-prov/d' /etc/hosts sudo sed -i".bak" '/dmaap-dr-node/d' /etc/hosts docker-compose rm -sf -python $WORKSPACE/scripts/dmaap-datarouter/remove_cert_from_ca.py +cd ${WORKSPACE}/scripts/dmaap-datarouter/robot_ssl +python -c 'import update_ca; update_ca.remove_onap_ca_cert()' diff --git a/scripts/dmaap-datarouter/datarouter-launch.sh b/scripts/dmaap-datarouter/datarouter-launch.sh new file mode 100644 index 00000000..0339e389 --- /dev/null +++ b/scripts/dmaap-datarouter/datarouter-launch.sh @@ -0,0 +1,92 @@ +#!/bin/bash +# +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# + +function dmaap_dr_launch() { + + subscribers_required=$1 + mkdir -p ${WORKSPACE}/archives/dmaap/dr/last_run_logs + cd ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose + + # start DMaaP DR containers with docker compose and configuration from docker-compose.yml + docker login -u docker -p docker nexus3.onap.org:10001 + if [[ ${subscribers_required} == true ]]; then + docker-compose up -d + else + docker-compose up -d datarouter-prov datarouter-node mariadb + fi + + # Wait for initialization of Docker container for datarouter-node, datarouter-prov and mariadb + for i in 1 2 3 4 5 6 7 8 9 10; do + if [[ $(docker inspect --format '{{ .State.Running }}' datarouter-node) ]] && \ + [[ $(docker inspect --format '{{ .State.Running }}' datarouter-prov) ]] && \ + [[ $(docker inspect --format '{{ .State.Running }}' mariadb) ]] + then + echo "DR Service Running" + break + else + echo sleep ${i} + sleep ${i} + fi + done + + # Wait for healthy container datarouter-prov + for i in 1 2 3 4 5 6 7 8 9 10; do + if [[ "$(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)" = 'healthy' ]] + then + echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) + echo "DR Service Running, datarouter-prov container is healthy" + break + else + echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) + echo sleep ${i} + sleep ${i} + if [[ ${i} = 10 ]] + then + echo datarouter-prov container is not in healthy state - the test is not made, teardown... + docker-compose rm -sf + exit 1 + fi + fi + done + + DR_PROV_IP=`get-instance-ip.sh datarouter-prov` + DR_NODE_IP=`get-instance-ip.sh datarouter-node` + DR_GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' datarouter-prov) + echo DR_PROV_IP=${DR_PROV_IP} + echo DR_NODE_IP=${DR_NODE_IP} + echo DR_GATEWAY_IP=${DR_GATEWAY_IP} + if [[ ${subscribers_required} == true ]] + then + DR_SUB_IP=`get-instance-ip.sh subscriber-node` + DR_SUB2_IP=`get-instance-ip.sh subscriber-node2` + echo DR_SUB_IP=${DR_SUB_IP} + echo DR_SUB2_IP=${DR_SUB2_IP} + fi + + + sudo sed -i "$ a $DR_PROV_IP dmaap-dr-prov" /etc/hosts + sudo sed -i "$ a $DR_NODE_IP dmaap-dr-node" /etc/hosts + + docker exec -i datarouter-prov sh -c "curl -k -X PUT https://$DR_PROV_IP:8443/internal/api/PROV_AUTH_ADDRESSES?val=dmaap-dr-prov\|$DR_GATEWAY_IP" + + #Pass any variables required by Robot test suites in ROBOT_VARIABLES + ROBOT_VARIABLES="-v DR_PROV_IP:${DR_PROV_IP} -v DR_NODE_IP:${DR_NODE_IP} -v DR_SUB_IP:${DR_SUB_IP} -v DR_SUB2_IP:${DR_SUB2_IP}" +} \ No newline at end of file diff --git a/scripts/dmaap-datarouter/datarouterCA.crt b/scripts/dmaap-datarouter/datarouterCA.crt deleted file mode 100644 index a8a0ed84..00000000 --- a/scripts/dmaap-datarouter/datarouterCA.crt +++ /dev/null @@ -1,39 +0,0 @@ - -# Issuer: C=US,O=ONAP,OU=OSAAF -# Subject: C=US,O=ONAP,OU=OSAAF -# Label: "" -# Serial: 0x9EAEEDC0A7CEB59D -# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F -# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B -# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- \ No newline at end of file diff --git a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml similarity index 75% rename from plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml rename to scripts/dmaap-datarouter/docker-compose/docker-compose.yml index ed8a7c04..377e5514 100644 --- a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml +++ b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml @@ -1,6 +1,6 @@ # # ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. +# Copyright (C) 2019-21 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,11 +29,12 @@ services: - "8443:8443" - "8080:8080" volumes: - - ./prov_data/provserver.properties:/opt/app/datartr/etc/provserver.properties - - ./prov_data/addSubscriber.txt:/opt/app/datartr/addSubscriber.txt - - ./prov_data/addFeed3.txt:/opt/app/datartr/addFeed3.txt + - ./provserver.properties:/opt/app/datartr/etc/provserver.properties + - ../dr_certs/dr_prov/truststore.jks:/opt/app/osaaf/local/truststore.jks + - ../dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12 + - ../dr_certs/dr_prov/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props depends_on: - mariadb_container: + mariadb: condition: service_healthy healthcheck: test: ["CMD", "curl", "-f", "http://dmaap-dr-prov:8080/internal/prov"] @@ -53,7 +54,10 @@ services: - "9443:8443" - "9090:8080" volumes: - - ./node_data/node.properties:/opt/app/datartr/etc/node.properties + - ./node.properties:/opt/app/datartr/etc/node.properties + - ../dr_certs/dr_node/truststore.jks:/opt/app/osaaf/local/truststore.jks + - ../dr_certs/dr_node/org.onap.dmaap-dr-node.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12 + - ../dr_certs/dr_node/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props depends_on: datarouter-prov: condition: service_healthy @@ -69,7 +73,7 @@ services: ports: - "7070:7070" volumes: - - ./subscriber_data/subscriber.properties:/opt/app/subscriber/etc/subscriber.properties + - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties networks: testing_net: aliases: @@ -82,13 +86,13 @@ services: ports: - "7071:7070" volumes: - - ./subscriber_data/subscriber.properties:/opt/app/subscriber/etc/subscriber.properties + - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties networks: testing_net: aliases: - subscriber2.com - mariadb_container: + mariadb: image: mariadb:10.2.14 container_name: mariadb hostname: datarouter-mariadb diff --git a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties b/scripts/dmaap-datarouter/docker-compose/node.properties similarity index 63% rename from plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties rename to scripts/dmaap-datarouter/docker-compose/node.properties index 1d7a5d42..58639cfd 100644 --- a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties +++ b/scripts/dmaap-datarouter/docker-compose/node.properties @@ -1,25 +1,20 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== # # Configuration parameters set at startup for the DataRouter node # diff --git a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties b/scripts/dmaap-datarouter/docker-compose/provserver.properties similarity index 60% rename from plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties rename to scripts/dmaap-datarouter/docker-compose/provserver.properties index 3930bd09..b54868e2 100755 --- a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties +++ b/scripts/dmaap-datarouter/docker-compose/provserver.properties @@ -1,26 +1,20 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * Modifications Copyright (C) 2018 Nokia. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== #Jetty Server properties org.onap.dmaap.datarouter.provserver.http.port = 8080 diff --git a/scripts/dmaap-datarouter/docker-compose/subscriber.properties b/scripts/dmaap-datarouter/docker-compose/subscriber.properties new file mode 100644 index 00000000..311bbe56 --- /dev/null +++ b/scripts/dmaap-datarouter/docker-compose/subscriber.properties @@ -0,0 +1,35 @@ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== + +#Subscriber properties +org.onap.dmaap.datarouter.subscriber.http.port = 7070 +org.onap.dmaap.datarouter.subscriber.https.port = 7443 +org.onap.dmaap.datarouter.subscriber.auth.user = LOGIN +org.onap.dmaap.datarouter.subscriber.auth.password = PASSWORD +org.onap.dmaap.datarouter.subscriber.delivery.dir = /opt/app/subscriber/delivery + +org.onap.dmaap.datarouter.subscriber.https.relaxation = true +org.onap.dmaap.datarouter.subscriber.keystore.type = jks +org.onap.dmaap.datarouter.subscriber.keymanager.password = changeit +org.onap.dmaap.datarouter.subscriber.keystore.path = /opt/app/datartr/self_signed/keystore.jks +org.onap.dmaap.datarouter.subscriber.keystore.password = changeit +org.onap.dmaap.datarouter.subscriber.truststore.path = /opt/app/datartr/self_signed/cacerts.jks +org.onap.dmaap.datarouter.subscriber.truststore.password = changeit + + + diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 new file mode 100644 index 00000000..3793a9d4 Binary files /dev/null and b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 differ diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props new file mode 100644 index 00000000..e32e7282 --- /dev/null +++ b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2021-03-12T11:38:49.244+0000 +# @copyright 2019, AT&T +############################################################ +Challenge=secret +cadi_alias=dmaap-dr-node@dmaap-dr.onap.org +cadi_key_password=secret +#cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile +cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12 +cadi_keystore_password=secret +cadi_keystore_password_jks=secret +cadi_keystore_password_p12=secret +cadi_truststore=/opt/app/osaaf/local/truststore.jks +cadi_truststore_password=secret +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks b/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks new file mode 100644 index 00000000..91547c60 Binary files /dev/null and b/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks differ diff --git a/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12 b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12 new file mode 100755 index 00000000..1393fb05 Binary files /dev/null and b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12 differ diff --git a/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props new file mode 100644 index 00000000..18f91ba8 --- /dev/null +++ b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2021-03-12T11:29:50.699+0000 +# @copyright 2019, AT&T +############################################################ +Challenge=secret +cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org +cadi_key_password=secret +#cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile +cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12 +cadi_keystore_password=secret +cadi_keystore_password_jks=secret +cadi_keystore_password_p12=secret +cadi_truststore=/opt/app/osaaf/local/truststore.jks +cadi_truststore_password=secret +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks b/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks new file mode 100644 index 00000000..91547c60 Binary files /dev/null and b/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks differ diff --git a/scripts/dmaap-datarouter/remove_cert_from_ca.py b/scripts/dmaap-datarouter/remove_cert_from_ca.py deleted file mode 100644 index 4ed9b777..00000000 --- a/scripts/dmaap-datarouter/remove_cert_from_ca.py +++ /dev/null @@ -1,51 +0,0 @@ -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# - -import certifi -import os - -cafile = certifi.where() -number_of_lines_to_delete = 39 -count = 0 -dr_cert_exists = False - -with open(cafile, 'r+b', buffering=0) as outfile: - for line in outfile.readlines()[-35:-34]: - if '# Serial: 0x9EAEEDC0A7CEB59D'.encode() in line: - dr_cert_exists = True - if dr_cert_exists: - outfile.seek(0, os.SEEK_END) - end = outfile.tell() - while outfile.tell() > 0: - outfile.seek(-1, os.SEEK_CUR) - char = outfile.read(1) - if char == b'\n': - count += 1 - if count == number_of_lines_to_delete: - outfile.truncate() - print("Removed " + str(number_of_lines_to_delete) + " lines from end of CA File") - exit(0) - outfile.seek(-1, os.SEEK_CUR) - else: - print("No DR cert in CA File to remove") - -if count < number_of_lines_to_delete + 1: - print("Number of lines in file less than number of lines to delete. Exiting...") - exit(1) diff --git a/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem b/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem new file mode 100644 index 00000000..1f9d08e5 --- /dev/null +++ b/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem @@ -0,0 +1,40 @@ + +# Issuer: C=US,O=ONAP,OU=OSAAF +# Subject: C=US,O=ONAP,OU=OSAAF +# Label: "" +# Serial: 0x9EAEEDC0A7CEB59D +# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F +# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B +# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA +-----BEGIN CERTIFICATE----- +MIIFczCCA1ugAwIBAgIUVl0TXS1NTKZy68+AFpfvCBbs3JwwDQYJKoZIhvcNAQEL +BQAwQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNVBAoM +BE9OQVAxDjAMBgNVBAsMBU9TQUFGMB4XDTIxMDMxNjE1MjA1MloXDTQxMDMxMTE1 +MjA1MlowQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNV +BAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA1NdArmwTe6C9NZnMAPP0uvy9IH/+Lc9dgO9+j6F+JqLDXn+O5vaj +6EMU5o60sGzymbMdwk26jiR7KYG8puZzI0EsjwELrLV5NYrUR1y7g+sbJWFUiB0X +SseifQD9bSG0YBX7J6bQEilh18+oWpXIygl8/VJuiuDhaYdakmwn9AxQRm/zRDcI +tMS49gq7ARpwMrZaZkQ5eL2R0eX4yj915fAgsvLNmfNTkkTCTBuGYAfixz2+uz8r +4xZqxXrln6CVe6pV5MOxxQsJq0QfSfNxKFqhVJTSj3STG8UDKDPIcTqVLS6v3/iY +WX43pHuqjfrGLy3HjPCIWphsx9EWq02bnLvwsnibRgfXjZNbdhePOZV8Xd+4MfHy +uyFRf5xHvQm3f3vLtCQ1rmHk/3wb2Mb1SbTGt6sL6Waqs/VnnPyTwhXJk6RnU991 +qAnqSCLzKNEPNnpSTQKU35NPbdCAw/z97K5Ar8JWH2XiM65dV0j0d/Ura0PXUXRN +Royi7rREJKBMFszwxqCCHZkH6/Fbs8vmBWC1gLQgDqK+IgU1/+ytUPOsMVqPcNjM +RrZyd8xCoxEyd+Ly6y2EF9RE6qS/rlW/yUh3AIBlpcsVxc+Kh1nvNRLLJzHvrvSs +wvd6LpWHVaffO02hp3suXDwOtLq91lAHLA48iDty/Js+jFjohZJ/+LsCAwEAAaNj +MGEwHQYDVR0OBBYEFMeiRem06VRh0sL0L5k9B5A01QAoMB8GA1UdIwQYMBaAFMei +Rem06VRh0sL0L5k9B5A01QAoMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBGdpwWyOIw7jBkEJbheeje8ccc51Z0SY/8 +oo/cYi9cI2SNtE4yt9SOZtXiWO1ga1PuFP5vNkPZu3MtqtsDt8CsSgYfgCKX1DH4 +RloTJJO73UKuMmnoqHNsuE6rHRrcoqcV8XJJ9uBz2cDVWfVDG5Pf92lB1cLQ5AGb +X7O7MKNHu4woFdbbI8f3TN6Qx5oAcrS1alLMuPJhIkwcHuiWdjJuORx2MK4K9gov +yRJceVyqMiTr7GGYFi/FQKIzIaHeKgQy+YGLfQ1GcbUmVItU4aQMfSM2RXb7wJ90 +XBFi0NjXZfMXVZ9kxqIki/s6NefrDAOFjHINUxGucXjEw1raewprErlsNt/8SUKT +EDSLe1YD558jzUaqVdWinL6gMRTyyHOwt/51mg4sn3i2WLdL1Hno4F7GUIbkBmi5 +VSDDWnXdpwaFWeqA8JAvy+JIh+Ju671U1HhB68lGRvNOgfZbvW3m8GGpXldR5krR +OYhwbxdU1rNYHH+DJ0KE4L1Y6es/571+UH7NFbvO6jAk9G/Fudel+SwhXVfFo0pi +mmXAwT2bmDEiYBzDNHFwyT3+OGKXiDXuMvMB9ic7p3Zk9X0mRtpubW1gfZvUqIqe +jaVeZdad0DX1yfjwi5zYT+ViI7pjXVYlgiBAnjMrEmWOpRcs793F5zBiyDjaUNFt +3arVcS9XgA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/scripts/dmaap-datarouter/robot_ssl/update_ca.py b/scripts/dmaap-datarouter/robot_ssl/update_ca.py new file mode 100644 index 00000000..d36f8acc --- /dev/null +++ b/scripts/dmaap-datarouter/robot_ssl/update_ca.py @@ -0,0 +1,65 @@ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== + +import certifi +import os + + +def add_onap_ca_cert(): + cafile = certifi.where() + dir_path = os.path.dirname(os.path.realpath(__file__)) + datarouter_ca = dir_path + '/onap_ca_cert.pem' + with open(datarouter_ca, 'rb') as infile: + customca = infile.read() + + with open(cafile, 'ab') as outfile: + outfile.write(customca) + + print("Added DR Cert to CA") + + +def remove_onap_ca_cert(): + cafile = certifi.where() + number_of_lines_to_delete = 40 + count = 0 + dr_cert_exists = False + + with open(cafile, 'r+b', buffering=0) as outfile: + for line in outfile.readlines()[-36:-35]: + if '# Serial: 0x9EAEEDC0A7CEB59D'.encode() in line: + dr_cert_exists = True + if dr_cert_exists: + outfile.seek(0, os.SEEK_END) + end = outfile.tell() + while outfile.tell() > 0: + outfile.seek(-1, os.SEEK_CUR) + char = outfile.read(1) + if char == b'\n': + count += 1 + if count == number_of_lines_to_delete: + outfile.truncate() + print( + "Removed " + str(number_of_lines_to_delete) + " lines from end of CA File") + exit(0) + outfile.seek(-1, os.SEEK_CUR) + else: + print("No DR cert in CA File to remove") + + if count < number_of_lines_to_delete + 1: + print("Number of lines in file less than number of lines to delete. Exiting...") + exit(1) diff --git a/scripts/dmaap-datarouter/update_ca.py b/scripts/dmaap-datarouter/update_ca.py deleted file mode 100644 index 0d76e224..00000000 --- a/scripts/dmaap-datarouter/update_ca.py +++ /dev/null @@ -1,33 +0,0 @@ -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# - -import certifi -import os - -cafile = certifi.where() -dir_path = os.path.dirname(os.path.realpath(__file__)) -datarouter_ca = dir_path + '/datarouterCA.crt' -with open(datarouter_ca, 'rb') as infile: - customca = infile.read() - -with open(cafile, 'ab') as outfile: - outfile.write(customca) - -print("Added DR Cert to CA")