From d060b429ac549682dce9dd8b1225aa6726b74181 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Wed, 10 Feb 2021 12:11:53 +0100 Subject: [PATCH] [DMAAP][MR] Update hardcoded certificates Instead of hardcoding certificates inside the container, add them into helm charts, so it's easier to update. Issue-ID: DMAAP-1547 Signed-off-by: Sylvain Desbureaux Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a (cherry picked from commit e5b6ffc663a2314fd545aa540cbdee6380adf00b) --- .../resources/{config => certs}/cadi.properties | 6 +- .../resources/certs/org.onap.dmaap.mr.keyfile | 27 ++++ .../resources/certs/org.onap.dmaap.mr.p12 | Bin 0 -> 4637 bytes .../resources/certs/org.onap.dmaap.mr.trust.jks | Bin 0 -> 1413 bytes .../message-router-kafka/templates/configmap.yaml | 13 -- .../message-router-kafka/templates/secrets.yaml | 14 +++ .../templates/statefulset.yaml | 25 ++-- .../components/message-router/requirements.yaml | 1 + .../resources/certs/org.onap.dmaap.mr.jks | Bin 0 -> 4105 bytes .../resources/certs/org.onap.dmaap.mr.keyfile | 27 ++++ .../resources/certs/org.onap.dmaap.mr.p12 | Bin 0 -> 4637 bytes .../resources/certs/org.onap.dmaap.mr.trust.jks | Bin 0 -> 1413 bytes .../resources/config/dmaap/cadi.properties | 19 --- .../resources/config/etc/ajsc-jetty.xml | 138 +++++++++++++++++++++ .../resources/config/etc/cadi.properties | 15 +++ .../message-router/templates/configmap.yaml | 12 +- .../message-router/templates/secrets.yaml | 14 +++ .../message-router/templates/statefulset.yaml | 16 ++- 18 files changed, 271 insertions(+), 56 deletions(-) rename kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/{config => certs}/cadi.properties (73%) create mode 100644 kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile create mode 100644 kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12 create mode 100644 kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jks create mode 100644 kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jks create mode 100644 kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile create mode 100644 kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12 create mode 100644 kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks delete mode 100755 kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties create mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml create mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties similarity index 73% rename from kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties rename to kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties index 2bee404c0b..9d190f4c39 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties @@ -3,16 +3,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ +cadi_truststore_password=enc:_ZrH3rkJPIOYVD7lAxlE_s2mGBNsWa4e7gHLlPz7_KC84_UQwc26MLEOoYS2ROxB cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W +cadi_keystore_password=enc:GbVFJzhyO_a-JqjrwLrlzBl63x4pKsygTWSATlYYKLsCRFSFP6x4MtwKEpGbbtrk cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 \ No newline at end of file +cadi_longitude=-122.26147 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile new file mode 100644 index 0000000000..7acb332c2e --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile @@ -0,0 +1,27 @@ +SV2A4lpBx7lrU86oIEs5Vi994hdhdk3ZOzN-o8r3VHBOp6NQks-r494popXjGEeepzkPtV2x8OS0 +yKJzc19D8jRTLWnsI9_c2gl_6YjYQ7mPKqzGcbM8WtF9mBKtxs-P3e1KJj0hg0uyY4JFjUVOoLG8 +5eAXW1MvAqmoMg6pZy5ygF8qqaB-eOrW9KeMMQGxn6U4PWS-SBDhoROY6CGjirTAFbcDOdfSvmrV +5gprS8aT5g3gUeGX9yJIIo3ZUrpgSE7kqUa__kxUoP7KJtXyHjpwGoCMwcaLkn7yD_9rrSvHRARc +MGYG18NgZCdiDNM059D6TyTMTEObQzgLLsxPmOawaQsa-XIhvMLQO4WeFAyza8RiAwR_0czLouFv +JUjKXgfJJuxYCfUU-YLI3ptsxrDeX73geeUUsbsDKQll6bjxdl4ehj8einnkcWklWikRAY2FDbmY +GvkSv3SoywIMMhQKPdccpqEnm_Gu5a8SVHklpqxh1s7ExWKdjJ026c9EwRUzJ5i1zkPzssUUH0Pd +l07x2-2ROF8GTxEGECacfcDqaClG6SkyuSN1Xl3U0RTtTfesJo_Jvf2d268ejdC-XejCrQfvAxa4 +XNNTPhc_aY_xaG-9vBmH1rQXcNxS4NX-u3cBEGqtDeDy8x6ODhWGHwHpX4XH6kX_2HenGPHKW2rK +J5CSP5QqmLP-idYI1zPuHRijSEMKNIYGQHuQmU5ZumnS9Qi7GXnY63Vvi1QKyTztImDSktbdzFD_ +AJDBwDtMHKe4f-NkNf3vPro_-8xeQPhPR7NkYq8HYnFhKQuHgMwzPpTaHhERLl5PJlVUEOf9Yk2u +_7a1DAeM651FTNnpMiqEH2dqlk-fnJYA5GaNARf5bGhAJbex3Y0IHemsSuMShqORHQbQy4d0VGh6 +IsYwHEAufH0L6Kamo6LYcVMaDaHvxCUpZyYrGniZ7Bt65zl-E6s4kqPLwuoiyA2aVlmGZfwGHkXq +teYutF2w2OzkhihDpcYQfPlavIxLUhVdXODzzHDkUwrdP2pvS7YSevk0hrNMiY9mAPlwwDV4MkiY +ckPHcqkmRckLkp5Kt-_8GnR9rOCLHtgTOAP3xNi4i-JpSt7Eow-_g0Oedd5pcDB-qXV8SA0xs2Yb +dTUOkrZ3-MvI0SfzSNuN5Uq5kkFjCUwWlcPIbIi19cuUbeM_88zKhtFtnmmxwtALNxs3fx0OjRXb +4I9k_PsSP6rzoAljOshVlPUXScE0iA7M2yqjjfSSY50ROCIgVnJuL3m_tMr1CR83qwRLvgSgrzKm +JvlUR4QzXfM2jpsQjUCxU3j4bangqg5mB0UFGoU8ONharVP1CrWI9YccgBePeuWvmseVwx8mkYWk +FUHITpR0bHdSTHCWFC3N15ZjEj54dcGS-XNJyOtgisRFHHeob88_vljCfDQRp3LCU_FVFDRd4Pbf +SwHtfvlWBfctm-N2XUx6WECNl2M40X6yDhqbYfbSdpOhc7ZpEoy57PTCBQrFkIK6_LexY8ruI794 +XSRRkg9DCr3Ph7ACOZDEeHFJuPy8h0BrCM9_YCLhtRLg03U0AOCM2mNriLN-ul2BRsL4exWmDwcs +HTHXCycAoqctWKFruvonirdSSMYK1NkU1viqXQxs2qOHcYYagwIIzZFvcxuvBbAI90dCl_siy-iU +f1MLLB8MSoxuATZtoIwJQopbyBoHby6-kYyRw-mD9EWg0ZprVRZAQ3U2Da42LZ3rZDiKTECJWtlk +mSuNnQ69YXF6kSQrkfgpuWMYl6lqxaJWpkpenUkQq0NkzJhSvON6ktEMAFNR-t8ppk6nt0-fIEMQ +WfbhUj3x3SSJL0kXYZZBe37rK0GhGOi9zrOImZ0EZ2erSMmkoU_sitmq5grDNSjWu5DynNAkRpdl +mZbXprHJnki6LBB-_TeOBBT1TONDBB5SvrRnEM3UPMMJkIq-zLtD06w4uk7zrF5uC7B6K30M-126 +geHJwwiK-VfjswEU_fQn7oJ1ub3J4JWvR7wZsd7Y35txDzutSPHJX8s4hdOQEJnozvFoo7te \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12 new file mode 100644 index 0000000000000000000000000000000000000000..7ff192b960fc74a715cca32d1730118614563218 GIT binary patch literal 4637 zcmY+FbyyVKw#J8Hh7N(DyGvlep@v3U5EP_4B!?P6K$IGgk{Uv#r4f)uy1PS$5NV`C z1f-nn`JQ{vx#wAX?X{lYyZ8F@UC=N}dLRxiG>l>zk5C{|Bl40I2OlRljG_k=M$z#X zw?M)l3XIcGIa+CSId3E_5;AZago z?AV$hDceM70prX)KONn4Qj#_WpFkaMUcHD$F8cH7mOCZeXP4Z`!;!_^SrM&WWjMs? z##9L-H=0`)9O_Va7kLp~&ogOBkB$p@#2WZw_|MnbX!EF6Mv0WRZvH1WGZrP*wSP2b zXzAz5MakQXj>LUv!?+fs{KC^0VBC{F%gHMe-H@y}awDIfVaGFWFvwtyPW(#W( z>xR?TG%GxxQ%2zJnAk3vzu=o#Wpnq4qQ!6Dj%0LFi|N@)D#2jH7jzqCLc5m0D`6ly zd4cKavMMKtchyz=nE8Ar!f6PPFxDIsWKh=-0})l#>TAlmRnTvQ5yE>8x)u}lmL5x5 zQ5aDN51}i|MB@|)3n)lO#;;g4iRdRaK35G&6BI8GQ2BHA%s;q@Mj-CZ8vJf+M!*Y z?%J6fu7o3RXUt-yOW>QvI{Kd{wdsFb@1;A*&-1%ZDd!&#Ri+4E?ku?rvM?wxuo9)vUjBBd(A zS|mQ~q=me^Rw&0Ygd>pf!F6n);npK;9)Vu|&zYO~*xu zOQzTo`seT}qgSZ}D;sXm1@~AVwnoJwCnkbIwa2cvq4M*gI$$fS&~X#MK_Nv zdZEyNk{3PluKgzqDZD8Jh0$<&0JfkB*LnnI`q}BwBhinTm0d^njC2ha8rknatNo;$ z*Hk-Dd;3A}I~BQ`4pJXQXM}oui)}(hrx|06WFIXp)>%Na0-n9e*%9*NP-}ft#fC5l zJifi(7N=v3yli4GwzB`xajb20KXG;yzeiNeZ_~)tk6;0pzZo(d=b9goJs8|U1+*-4 z><2^QVwtb;u2bo3uwP@Vi;j{eZZTUix#ANf6Qyfs7OY!w_RT+6KCZdO<@GIM5-JMI z=@c{>D_4hUy{pzw^iJ=83H-PmS&DzsUlP|%|Fmn~0^KZv>9RUsyQ&-P=euAQeGXOn zw^b5CL}4sq0DAxeVDmRT|5k5+;y<_W|D(bH4}kkW`oB7FfFqRsKO?9`As|WvXM_Wr zsD!8_R8m45`u9jd!$`RP{Rkf~H;jb(FQNeA0R9%D|0p>B<->UY^5Mc>o~bsYUANN8 zogHr2#JcpE!?%BYI3$dCl4;iUG;>cc5>J5+q@L;ZfPOc7@>e|@U5SIE>v7p#X+ij! zTevYkBW2%hYm?lxzVd5t)=%&IpdunxU5ApG2Tx(bwBJ55PX^dyFIW1a^OT zV6D-oQ_2gvtbRZ2zouG}_7{d|zJ>vIdI)3Sd!QYxo#qJjy>-oRdXvewUXhW_s9&KG z9BPbPY5nVf$sYQiC;SAO-c0snH5g`tlWJyb$LFXVjeAtVa8zHbu!-e8!5?P${v4+a zrtwHA-06v`QK=#39`6lplZK~PROsQ46ci=&Qz;cr$yHt|b-R&+Z#vWL;=f^K%-~P# zSHOT+glf!=wABT9VEaCNbP-cI9X+$T@Q2t^QmP8|F8$Vyr2=SqZF2C$e{N%y6Qr;v zHgFS{%gpe(#ohhmeB*a-T72Hr74OTi(+FK?`R(QS8))7K{3{&kImQ!0SB5}r! zA{Zd46bTOnGn(uj(Ah=IK>e@p`CjZviNtNq|ww}ThOz@}MWsK#p ztV!7WG#S49f6?I8uxsdeLMvSL= z@p`;fYO3*Eps5k7dS4}!Yn(p(@tt8zM>+F_E0Ech*nF+nQIKXZ|0G`!8`i?~ceM`xMw9YC<^?tyPV8gS_)dB-hwj{l<1#Hc2ab2Ey5!eQ9a-j@3<}rx!KtQ3N+E?kf-BV)f60;8a&1@m)c=|z6i7v!lEsAZ%!A=N?l0hG zf?x7?%Z{f8_dJeA2=WteNk^G|wcdn$C%I$O(r|X|Q4qr4ZAjzKV(vbd{5hk^prH8# z=~fDi*4{jQkd#SF#rW$j&RYQoQZqD4)z(JBg=1dmWFc|pObU}KdARv9hs^BPBa)0L z$k~1D1%$087z3J#YVv;~A#UrL7_zmu63jTCPaM%Nbg%M{0? zFaPM(f)Y3G76u!yB5m19c6d(kJHF?u=;?g;%0+DYX(Xli9@Zw}Pz=A&Vx*YNZfNvK zIh)EDQSh^kiqS@CIG&fukJxOj7S#XZYUzE~0AO5ER!F>SY=Y7c6Rw=)Qo5|A5fwEy zoXIZZ@-JH9&=QAg4t%Mj@I~`y*9Led1k$tDPzDSIC32{7pB7 zmU)8APnq<;EMCh7h0@eT7-Lk?4GE2=FQ;ElU0jao@?F;1>9vAebup~zo!ZW6OpPYk zi9&%KY;@jG0liUy9BlKau}uZf!}DJ&k)T(q--ft$&DM={eGGQ2smeZ*v=be9Zp?Eg zm99!`;ArT%yvPapu$i}yQcCJ7cr$loHzNb|nbqpPRqhBt2J634>@3A82jOvJ%|{Z4 zS;=`L+%|RS?b&4os~kP~U0$}DOImUc>#3m0WMSRGdCcU$Uq+YgdK=r!U8<{ns78a_ zy{4|E!R$7&(N?=84uSFr?Kxc*B}WEIO`FU8s@|5f#W-&kvrK999os3(dl78v3>TK} z;{h9eW&e^B4*vj9QW#lntvoIw_W`gvYDp0z`1m90kY$d^1)+-~dfCfMjJHZ{W9lhY7|F4UWJP`Lbb+;FLn zCMNp=OKMcJ_I14;aOQ)P(5>l-r-+5AUp3+YD5Lm2^8^w4@caVrmbrC&2HWm2-1^rp zD*;qLBfK+y+zZYj`ax!-`Fh|TgMQ_WxUoY@!6!d4c|pq+_MwJGN^XH9o-3S_buY}# zv1BQ_YwW%PmPSvtg5~=rRSC!VkqW6mDa66xgS{Qf%CdQJqU=HC5O1SQA9Lpf{e#1F zr@;CYIbAcynIsX3)d~HLty6=y6(bP>Ep+<`ZZW#F5QnI#0=57U?GRvQS0)NZB=I}j zdd3NXzhiq^#gXGc>g=i@{HW&`c`no1_}DC{c|@D1B3GLEnW`%!YHVYDik|>>7KB&x z)7b>M+7M4=T!5e3>OKWt&5^hF5#(GWYNyc>1i(Dplyp2f>&BzHd?+oSXo;fAnq-Q7$nh^Wd4OXoK9 zwi|j)Qm{BpQoAYE5@Aca=D+p`W;rY2GL|wc0h2aMLnOL$wm4tI=D(FW%evxp~ z0mD`EZzZlSfoqK~x~$qsZ&Q5Z%|d+KYW#Ex74ium|1xsKO-kl)iEo1I52C&=Y;dhsPMHId zF^&;l$o?N*G#Mg>>H#k#{DXc9H?p?|D71=*Xcw|#FQEEz;>%nJ*MuzqA)>f~?_L=e^7t4s3W#ZpA zP_gRhUdPHYEXe$DwnN+)YvO}oe>@zDpz=_5C?OtLkPH{d00w{{QvK~Pa~+p^|D2=Q$txaK4-mzvq44_xC=(=l9`#RWqs?5C{ZW8}L7< zafTic8h(Zz8UU)mxF^7P8-l%=Neit_oEITI88u(ovNWAR4-tg zt~QPc>;VY4Jvf3j(N|X+PXzFI+`sgHUSmPF|M(6V4uY~END#n+Xh2vHFsQ?(%vqvDWW9lybuN>;@#+Y?`KoBbJuGia!NwObz8aZFR9s@=vif~jxJ zfJg!cgU^yrVf!0$TdzNv3QAL2kPCvcEq&y?KlbmP7MivoUHzN*NxB(n?$tu<^j={b zXH*?|fRP+o61bA}J`L6qV$2&U%`S)|91571_GuYZVo$YoqNVMg+?xrj-dM$CM)*SG zL&s}JlfBDZ#j(8Wotdl1Ao2Jsk73abKhyF-IrhX}-}wuRU8 zWvu+qdLEKcHMs(kyO}%saj<8wCzl{f7)Q}QBMRjBssznD2$~sPyQ|8gvL^ghoy!2x zAJ&TQ<&h%MbgfG5-$dE=m~%|KkvVgkPeh?YklI@B6LYUuZ0hH-~+Q~N( zE%Z{Cs?qy}*~n2lOgnDlgQ0eMjQ5uW^|u3lA$O1KK%ig{xbzG_2MpIDXo!HJVVk|E z_yx+e+*8yUeY+Eji<^5t^DAJqzBYwn0CeJi8<6V;6d1e;g9Fet01)c}a$SI}6@>F+ z4A)w*7DF(IWYo>5jxKVmA?bzCZQHDlbxSv#S2@)X#*)KK@w;VLcODgcV^lZp_;qp>-SMf|ApCSp) z{rCV#&yVTfLOkGS_>Fn-M5lQN|9j5!doV%7m9ec?qIq`;?mN;;zq<7H*L3(hRumWd zp|bjRR3*N%mvmVxYa=eP>zW&h#!qf2)6CefJyLZ@(So9~1=)+}xTy=>X_%^)LM}f_ z{CHbziaFJ#x~Y|Nq(9sQ{Gq$vX($(=j7s@Lc%%obbG=)1{XEMTOB1c6eo^+i-H)g~&1sRU(t^;BEfPhyLZrbm3-f7?*wO;@oML zo|0#@dat|!jenwvUBoKF)O}_&!7__ zY}B5fDY` z3`G#>MG=vX(mT=#!VB`|Eq!n1y)|pSA9vlm&pP|u@7()+d!OC;-FXlQ1fgEw?-!pF z7K6Er#j9fR$nTFxoHyn&5{GxCW(0;BDD#0pFc3h5?f@*bjMB7VC|C-@1_r}GP$G1S zUrjPQafEkm>T*3{@FiX9Mgp1rdU;rCXc9NN#EV-lbtFlwXq(eI&wk`2f7q2Fv9n5L z&)e$A-zIu<^1w>%?S9TIh?9aZ32|ag7xRLdm7(*GA;fW#BjBi?d(XX8P7T>YlwHcaSYli(GVP#EUK2;GhiFT;w5w z6shwnHjr2ANl}mT;nf`J=npNf875pP-iS04Rt8yG^v)8=GX3OgXQ}MR)`C3Xl^GM| zft5vm`S3*dc_~|M*%$bcmw}~fWW)T`My+SdiXOJ_cW=woXZp?L<({_IonLpog+DB< z{sFAP*19hFSSE9zEaGHVYY=FYvTletGbQ}(nDmOtXM@z0L&-v}uB>}wnuidxdtIk< z9oM%)pM;!Uw)I?oy2XFJ^sWBz^|$C2Kl@P5y4O8b$|TdMTDLa78vnwlx0yC17O(R$ ztAv3h3?Eu5YOyRa%G@V9ZL7a4#bW31d+c+@7V{$5`vKt|jjwi*9@8#EvIFlqRx-QK zLFXJCL?bS2=+IBWHzbdUXQPEESQuMQ5p4Kdh$N5h+Dlr)rrgl@}=fu}C?LZzy~@qH|79GR(!QryKKhOvpdvRWL8h;5Px>rix#OPVdK|w5TPJBEl4%-} zVRnUgJ4~g2_pC**R8-l9xrJBd^moq$Ojh9%P;s`jdGL2h!pFh3cMP6SzxtitX@TB^sDi42&kKyPkgeOo8X;$Glti@!0?>V`^v~ouz6tot!AvPE zm9FO(rJt|no0cDaYEoZ1dN)wMGvvLtp8orwT|l6*i`vm*t-x&+`s~E?riU!nu`0Mz0PseX-OuWu-xP*ANe8#bq3i| zf=<<=(oXZ=${y9+GAyxk9QJ|sY?(znA7xNC@7QWCKlhM4u~x7|%ja$288^N>bz;{w z$15tF_3rbq5Mqm7VIVwrkKi|TwMCo$NkgFI6E&@GE_$LIjmIWCjKUl%O?z_fkBy^6z|P<>v3LGq4q7)uqe)L2nY&h=Tb zTZ#0wmDcFB7a+ag+g^Sc^nB!j)j;GizJ{9*!1BBJ@jIG_$K)gH#6GdJdFA<-C;=rl z(=$ZS=}+FYKe- zWsr){jo4rYgW*)w)Iq@k23i_(C@lxX+ziDG!1n z58&CyG)#xwy?veWSZ619jIXnXn!N%b$ipm$0_5cZ;5dMiM_Ey!+z$|NMX>>_2W0y1 zDlUt~qr`!u2lbEqrN%32YF+q`b^O~he{2CDf<=C8l4=7qL@+DWAHa+dA{Y$Hx33SE zx%#BuGu&fOr1e58r%QK?fi!m0Bj6K*P}-3D7uAp6T~2jff%LKcG)&r&+$8yOm`9&+5r3>Hp_TF5kZB@>$eVb0=7q(zet+{u!lb6q4oSdbX)3-Kl&3jk>+AN-d zG!0=;-8*`79!>|@l`)FeXz}6hzxr}et7gHail{fRULs>x5^fmdMhVIZU1+9B=Lz0; z>89JFtd;{%?2Jppm+obVyPdjSyH>btBfzqA*47wQ`YYQsAb7utVji zLYV!XfI$I&gTRl7 zkX3*PS^EC(k8nUC0ElXyH0DQG!Qee8lm-GD0TBCGY#(z2oV4^*V}-%!Xu$t^f&l0D zGen_=fWbA+(2cv+hsqjbhE`1NW{lh)YMjm+%mA{GfXv_ddqglDaAdzK3zQqmxe+6Z zm03b7`DvedYj1#qyuM^ap{`nSKYmd z6#7vasPacu1~ACF|D;n!tIj=(!BO7ISC{5S;3%uDH&sIxONq<@;e-d1RsreT5q-oZ zA7vXljoV6kZ$u-Qt!9;hvYR|tvSTGNZe34ap;2XHVT?Au^1H zACi(Nld88=rV;&X&=k{z;a6fzlKIt>w3P6ul0}aBTRU7<D;AdnX3^9J{EY^lFPECNb$9b zH4|H7-UxIw=nvO`22qD-KkAvXJ#Y=`S^PJ*_*-Xr-x5%#fKweLC8JbK>}oKX;#Yb;^j_;_f(T`?8sGT`;>z&YpN3(qM#-$l!B5ggqSvmxP2MJN5Z#`S) zE83*Zg4%n#=o2O&{b~cpgk@9SzL9D|r;#y^v)UmjH1b$J-e&>pv%zq|K@*lZ=}YNNa@ZO?WnAz}FKaPF5n$h(1V7eU zvvnZ(p%Fl6*bnOZXNnC79Y{JazpU3q6Kv^&4FB5N+Gt6&FM9FvvL{(wiTOvUkb4{)E`xP4lf?iH!U6Z zUNJRSJqf3bSKO^IF*Oi2&|;3e;Blo}-<{(H@$F*-GZ*B+r;Y(Ls}zFFh?t2cmrbF- zC)ix{>FqlWt8JKCaC?SAeVO5jf!&Win4!e6i)@>E)^ru74X)6~R!)yQT^2^!`$(3g z-_&bI(iGvCUxm9aZ55oEpyM&~m21edN@fLSaLscL!J+LWpsFG7;+q|XW0KWs^UG0( zyP9A^1L@f>BkndF*v@gmGRobn_U#SQ?my!^#Eg?*2 zNAgVSt>hA<-|QlIq02p8VUL*g(DtelJwe(=E^}?-s_Sv1JR%7|fCq67jEFMA8fA^@ z{Km!@$yJJM4lrr|O{?1SL`h2lW3n@clJ|JguK`&|@_cBSTxn*cZt!jKxii1}jQ7Yp zciux8cw@X6 zo$|{KL%UwX&J<(rk8<0CeYv4se1qnX+DW|8H^{V(JVx6{>rvdz4>daEsA>+xgVQ1cZ2lMgSOKRHrorik*KeTcS?s2qH-1ls!{&6_*LI+MY}*FeWf%jpxN_kH;pmt zz3x#s+c0zJUT12T!o*fg)z(-arqSFINrRC&qK z$Jy0;8wlZS4JlIka70+tH5H&Z_k(F!Pt_v1f`!>vsE;vuVI~B*`ouuCK3nc&fGq6^ zGlk0~{{Tx#v!On<+Vo56GmocBV~{~CwG#DSzEFbJIQ9~OdWKf4-|>6jdVI{3`BC2c zXbGctyJnjS9e&$Qg#anRtKdOtZ+$NHM6C>WId!;o%=^L5IVa4;y~#|1t==&6$Dy_P z6Z2grtkD8PR^F)A)U`OpJbxh$O7Bo{hZje1PxX~GAx`~oCX|eCvohSlIOjuM65d-Z zyn>;)_TS#*R`TtL6C7r=#98Wco$dAC79|^^aCAE|F`P!!q&jwMUPh5#YOEy0fm$@kP(51NUip?@|JGbln;+(9dGUoFG($ znyb8;<=R4ntWuZ0THu3Sb8h7=h4Yh$W+BqDr=l%I)&#i_?pOQabzyO~zgKgc&!#nd1|ehAu*}MAXoi!plSP z!;AAyAbEO+V=?Engp=knORRZikJJ@i|JS*%|1Fr-^9K~c2P1Zg&5%5Abr!gUvjXm zdqnr*(}*2+Rf?Q_yJ0VoR7c>^Wja!rf6d49f3sy!EPse$q1Vvl8!jaAt=kSq#I zAE#0~HmsYUJW38*#?d(_lDDRE=o1@-A7g1eY1$H6Hc{&o%7h56;aO@vnY3?0r=`1G zOawkTemaKsEX?Z~Vpc>T_l09fBQ=9ALG&5t0k(ZFsx_~K&eI1$a+>Af|uno8BL zZ2UuQuZ3ocwn~_vB#j9ay5QqjGgj1GF-+g(-<;yWA5Oi{4o|Wrg2rdhYT|VeMD{6D?plI)$Og4eCSx5IjRE0%-atEOs`+TI{Q(dejRU>lzEG< zRl?iB_i}AGTNbJS^(9};mOL#@_rK}~HvSGGn!TsEMDzRtVd|gqTQUD*2w!|n^f|s@ zt5g`LG1ID<)Nk^dYOCo8H@yf_cV)I2aR&oQEK92si(38oPX3qc{dGm!t&JxF&e;Lx z=l~&W|NG!aF-i1oL$8J!inmNzo=J~CCe$)Twe4$J5UcTqz4t17yW$=Z+{+iDb0Fyg zRQtCo$rvPMxTNr$@I3Jx{w|-t)fZ3opY#6zqxbQ=@x1=Y|L5k5_X5cKpAn3b3;;UQ zm!8f%k|0Srpd3j4fus~r5(uNb`|lQ^}FF?oM z<}~ont;%XXeiXR|9QgluI08m7eJIL(hO+Kr-=$FR`s=8r|(_<)J|6*)}lU(CIlzNz88b5uzZ`AN9soTy9gwhLro=`RvHba9rLw9EH=gtUUf)?+ll7kq%JO^< z_iEMBLkvfk1kd~%Rgq=9`|QHERtC?Us|)3k9Ig&cdFaOngl874Qi$=3?uG z?z_HVPwH0+t@l3;ch)S|0X(Nn%FmxtQqw~kY2JBdvYsjZdf8e9;Iq3Jx!qO_>MoJf zWaIPK<;PyU)G^D~VFH(7{GsWt*5i6S&n?g#4==uDA&D-ia4I#2~cGwzLCqp`G_P25ONQ zmo;prD@Ubq-Bp62Zg=g6Pe@y!?wZS%^_o0`zNlB^6E_H8ctLa8f331QV~r$~XKp9U zg)@v^6@0EB#o=ynQfg5?=ce1h8)uiM0&LG}j+pVERg1y}wZlI78p)4wvg!6%~A^?Mj zqyBPcBEhPeOKfMKw={Mol2c$u8WL}28TS1;P6mIfn6`B-o=~AGLO)ez2KI6B3I6## z$#eJVpn1KJG|yV1cD~bx=F>vCcUkb>U!%vI7l$y(JpJ6nAc#3!5?t8FKI(m{sEQyt*-$U=4AD~5DZ*EY^86&BK2<+ynle2qd)pi(rL z+cL!OZ0SGJ`z_V?<_b=s9Fo~JOl9X1lJ+|C{U+@Ug=s3IMZMIQfzAK~Lg5d>CIdb; z%A3VM`Tb8%1-Q6>Cx5Y8p^o9R@(SVGyDpwcSI51rh=(K~%-^p+KBG7Y_SYs4|DGzg z>{dJ_L_mI|sb{(m|HDPoYfA$P8k%5ef8Abr1z#&l$Gnd3(Wi&-i`_dhSFioa7}Dv9 z412%XKT`M(f+#(8gxW>NIrL{DD)J2JuAXhL&{aa?4CRu!X4OkTcce=RLefj4EiK2W zNu-U2f-KR?$Y_6@Jn->s#9d%Hab!AKFQQY{LW-=G)8Bjpq<5`L8|li~Sm;b<&|*P?27$1ha=U4`_YKUm8sjJ)U+pnD6}-tn zDf=9DPCvGn_j`*lY64MyyU^V2w5Q(8^+=9)InJb3Goer=9>;?3rAo{>F!-lB=45l z#l)-QB5P?EHOvM|gLgl}%6qb{MSq~yI;=mFvp`zPOh_6^ZCAQehS)9@S!?62x@C9g z9-Nuf?NA)(5#CBVc-UlcCr9kkr_|;F@+V@udtzv&4T*-xkLy3KO8}bvCm~aw+Ui?m z3yNUj8(Uest0%HO`fhska4A1t+d5ic*&AmLSVwWY;x9aupHAT2ZQ7n*4#7Hy-U)&> zDliX~@5E5AdyMHCMt`Pgv2*Up5sZ#3x4ZBE_P1)IC+^f~5#QTPLD8l*uAXUlPB7CGd)=249!lck_v-XaZ6{APnk zlqa1Gt6DGlHcue-B(F&&Hf%4q)Ud*#EHgcMX6eLkxs~d)r3O%3Hx93+I)DvdXv~)k zxku8uD%xL2u7NdC|g_|awjR8l}o4yEc-XwZUF#`=#a^}qpY8bg1XMJAPNbgh^SR5$&=`HLNs<03E2Ywjj zNIx7_m8n~Yw@#z**zAREw9ZZyrM0zog3V4G{iap~>KoYmaC>1nY;Imb3-ai;J}U+8 zE-Qb%@1nF1X6Ib_7E&k{o(1xm#AU|U9k@3fgDW?8Nz5=_r2y`SzwKy&DysDIigb4H zn)+LdE}=gqb~XFkZ!_0YwxLH6p~-sdf!2G;N!iM%#oTP>-46fQ>eL-~%rDr0AHN>a zc0EU)+mK`QM8dV~xgh4U>D`9nIXq%%;Pm|Z<8$Lw)1PJ19TKFQ8r!_QObWls1vBK1 zyukf0BPV}ot~imw@a#a6nHQU`_td%B>QYt<_>apf5wt3kd!o2+mL*^ZsrDb?Rv!{a z&`@vTZULfnplv6b9+;0W^zLD=3fpLqFD`-0TqWwTeZSni?nB}gqTxJ zk?~q_TsVW`&Co`7ULRC?o>0-=cD`hb|Th@o>9$ zU8m}NR!&h0Bb9JjHF?`Fu`HGckDN4eY)_L+ z)N52jjmUE<7%QMIQ$(rTTvs~9p!cwciVu`QqTFuV?cp2IEQXU?aiZmgY(xuX!H$lc@(J!7To-bMu5aP!c{0l8J)R6!H literal 0 HcmV?d00001 diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks new file mode 100644 index 0000000000000000000000000000000000000000..f9d240447d9ea313404aeba403a9d7f43efe502d GIT binary patch literal 1413 zcmb7DYdF&j9NtyOZA&!ECFF9JL;kZ?Q#4lOm}{B|#VV{4sU!Di?6id@x7^AYI)oLA zx#Yf-`h{*Fp# zX#OE#XJ{e*fLw}7BwJ{J;NE-ifE5S?Cjm_OA%F=r;Xxr_2t*N7_+YN1TrA`QstSsx zY)AHIRWMi?4g$=u2tY*vN`Wb>z}-CU>>RMFfbu3+Qh~X-+PPzu0mV(KpbnvU0y{NT zu>@c*fXD8|;w=e2nyNSgfWu+`rT_C96SC{acffEElnFtC0478U!i0c99ad$IYPGdA zbm-2rZ9^)1;=Pg1~GuZwcp*1N&zAhAl{Ezb0;?W=5J@H6Js(kKe`~ zQ$!x5Cqs74GdGZd!pT?eBZ3?H<&SM!2AtN6<1Q^Qv!d+`X*X?hMB6IeDEqX{ zo!0~d9k+}ZNxv_vu)RCk4bgg&0rmKV^%6A?vHiXMA+@9BBh=S!&>-hwJYlA7>Gfh6 zGyk)eyC_6KG7ibrNE!P$)H~FhixCM-vcdl`QWUnD&yLx2&BE7DvX= zDN>=u)2VDnN>P8j&FR`}_e%{&&YA%tKjE{!lQVLxXZ+$q7FuBnJNYnqak!&TH zYNf7JqYm)1kz+RKcI?&%!|k+auP^b6ZwGyY?;cl!K*1nz=^20q=*lCgi-4hE8lDu~ z5_wkQA?S>{-HE}*F1(-n70}yU8^X{4D&fBk$W4Pf7`y?415h~th)n^xDZu0fVgDFI zc`M{G1cQirJ@o3RB9|JXRxr)F&HPwT_m=ZAhZ_7uQm7%$LcE+e49$yFxVWaKL_}n2 z^AZ{4Zhujx7B%HUo*;`w+T)wkKEEb2F=*BgrMJ!#3*0X~8@61!yi(m&JlD@9i-K}L zJ^<45qX)JV4*KeTV_ZDZY0|-6&v||i#tXkPvExb<=T50E=y@`_$5|db0b0j$qi|m5$m;ksv0qhS5&qnei0QrbD<{ygAJve9?hdDWdM68T| znoQXKhGp(E0fP%7LurRPJTua**g5TdWSOZffx)u#GWq4hz-mM~Ujq}G!a8+v;WSfA z%F)}nS6+d_JyFIiW5z=znPnRx3@a@`1};^*FS5}ZqyKkF{!w)y&SE-98bGu@Qg*k( zfT}*!7EF3W=YcC$`=&>U^&Pvvh{?QH-Z{sLxwEe0Al>`Li&q00X3%t|&d|sK>H^m` zJpa@2c*)e|hvhDQMv~-R&9_&Pce?pg<2pIBmOo|GkwT8h+=-31+ffEx*CsA_1fB?H z*@~x$jP=tTs`a*y=r|dfFBY&2kENI5MLLhhVy`0Kp?1W* + + + + + + + + true + + + /etc/runner-web.xml + /etc/ajsc-override-web.xml + true + /extJars/json-20131018.jar + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + /extApps + 10 + true + + + + + + + + + + + + + + + + + + + + + + + /appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.jks + wHOPeeVegmGk6OoiuEyUPuJjNgrlvKza62Mf6c0Mm4gMb5fAETzpMBv1BT2yv9Mx + wHOPeeVegmGk6OoiuEyUPuJjNgrlvKza62Mf6c0Mm4gMb5fAETzpMBv1BT2yv9Mx + true + + + + + + + + + + + + http/1.1 + + + + + + + + + + + + + + + + + + + + + + 30000 + + + + + + + + + + false + + + diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties new file mode 100644 index 0000000000..789a44de26 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties @@ -0,0 +1,15 @@ +aaf_locate_url=https://aaf-locate.onap:8095 +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 +aaf_env=DEV +aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm +cadi_truststore=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.trust.jks +cadi_truststore_password=Eav*,dKoFUukNM$;?HMfvc2; +cadi_keyfile=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.keyfile +cadi_alias=dmaapmr@mr.dmaap.onap.org +cadi_keystore=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.p12 +cadi_keystore_password=358ia?XLZ)nPeM?HFh3M6{Nc +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US +cadi_loglevel=INFO +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_latitude=37.78187 +cadi_longitude=-122.26147 diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index a253c512eb..7ca9bd872a 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -30,7 +30,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-cadi-prop-configmap + name: {{ include "common.fullname" . }}-logback-xml-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -38,13 +38,12 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/dmaap/cadi.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }} --- - apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-logback-xml-configmap + name: {{ include "common.fullname" . }}-etc namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -52,9 +51,8 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }} --- - apiVersion: v1 kind: ConfigMap metadata: @@ -96,5 +94,3 @@ data: {{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }} --- {{ end }} - - diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml index 9456c15994..bdae4c86b7 100644 --- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml @@ -28,3 +28,17 @@ metadata: data: {{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }} type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 940ad25ce5..2426bd81a3 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -97,10 +97,15 @@ spec: name: logback - mountPath: /appl/dmaapMR1/etc/cadi.properties subPath: cadi.properties - name: cadi + name: etc - mountPath: /appl/dmaapMR1/etc/keyfile subPath: mykey name: mykey + - mountPath: /appl/dmaapMR1/etc/ajsc-jetty.xml + subPath: ajsc-jetty.xml + name: etc + - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/local/ + name: certs resources: {{ include "common.resources" . | nindent 12 }} volumes: - name: localtime @@ -109,12 +114,12 @@ spec: - name: appprops configMap: name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap + - name: etc + configMap: + name: {{ include "common.fullname" . }}-etc - name: logback configMap: name: {{ include "common.fullname" . }}-logback-xml-configmap - - name: cadi - configMap: - name: {{ include "common.fullname" . }}-cadi-prop-configmap {{- if .Values.prometheus.jmx.enabled }} - name: jmx-config configMap: @@ -123,5 +128,8 @@ spec: - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret + - name: certs + secret: + secretName: {{ include "common.fullname" . }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" -- 2.16.6