From c6d49ae4af0b13bd0f75a878ffa88487ef38afc2 Mon Sep 17 00:00:00 2001 From: vasraz Date: Tue, 26 Sep 2023 14:22:31 +0100 Subject: [PATCH] Implement truststore & keystore handling for cassandra Signed-off-by: Vasyl Razinkov Change-Id: Ib8f21142f7f760f5a8787971dbd0bb7e023e22d1 Issue-ID: SDC-4637 --- .../chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb | 2 -- .../cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb | 6 ++++-- .../sdc-catalog-be/templates/default/BE-configuration.yaml.erb | 7 ++++--- .../sdc-catalog-be/templates/default/BE-janusgraph.properties.erb | 2 ++ .../src/main/java/org/openecomp/sdc/be/config/Configuration.java | 4 +++- sdc-os-chef/environments/Template.json | 6 +++++- 6 files changed, 18 insertions(+), 9 deletions(-) diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb index 3f7a041a4c..787a764262 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb @@ -46,7 +46,6 @@ default['Pair_EnvName'] = "" #| Portal | #| | #+----------------------------------+ - default['ECompP']['cipher_key'] = "AGLDdG4D04BKm2IxIWEr8o==" default['ECompP']['portal_user'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA=" default['ECompP']['portal_pass'] = "j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=" @@ -58,7 +57,6 @@ default['ECompP']['portal_app_name'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3e #| DMAAP Consumer | #| | #+----------------------------------+ - default['DMAAP']['active'] = false default['DMAAP']['consumer']['aftEnvironment'] = "AFTUAT" default['DMAAP']['consumer']['consumerGroup'] = "ccd_onap" diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb index a1d0df5037..d2ec242f05 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb @@ -30,7 +30,10 @@ template "janusgraph.properties" do :DC_NAME => node['cassandra']['datacenter_name'], :DC_NAME_WITH_REP => janusgraph_dcname_with_rep, :janus_connection_timeout => node['cassandra']['janusgraph_connection_timeout'], - :cassandra_truststore_password => node['cassandra'][:truststore_password], + :cassandra_keystore_path => node['cassandra'][:cassandra_keystore_path], + :cassandra_keystore_password => node['cassandra'][:cassandra_keystore_password], + :cassandra_truststore_path => node['cassandra'][:cassandra_truststore_path], + :cassandra_truststore_password => node['cassandra'][:cassandra_truststore_password], :cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}", :cassandra_read_consistency_level => node['cassandra'][:read_consistency_level], :cassandra_write_consistency_level => node['cassandra'][:write_consistency_level], @@ -62,7 +65,6 @@ template "catalog-be-config" do :socket_read_timeout => node['cassandra']['socket_read_timeout'], :cassandra_pwd => node['cassandra'][:cassandra_password], :cassandra_usr => node['cassandra'][:cassandra_user], - :cassandra_truststore_password => node['cassandra'][:truststore_password], :cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}", :permittedAncestors => "#{ENV['permittedAncestors']}", :dmaap_active => node['DMAAP']['active'] diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb index ada01a96e5..3f5ec422ad 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -102,6 +102,10 @@ cassandraConfig: username: <%= @cassandra_usr %> password: <%= @cassandra_pwd %> ssl: <%= @cassandra_ssl_enabled %> + keystorePath: <%= @cassandra_keystore_password %> + keystorePassword: <%= @cassandra_ssl_enabled %> + truststorePath: <%= @cassandra_truststore_path %> + truststorePassword: <%= @cassandra_truststore_password %> keySpaces: - { name: dox, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} - { name: sdcaudit, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} @@ -109,7 +113,6 @@ cassandraConfig: - { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} - { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} - licenseTypes: - User - Installation @@ -909,7 +912,6 @@ serviceApiArtifacts: displayName: Testing type: OTHER - additionalInformationMaxNumberOfKeys: 50 systemMonitoring: @@ -1164,7 +1166,6 @@ dmaapProducerConfiguration: aftDme2SslEnable: true aftDme2ClientSslCertAlias: certman - # ToDo: AF - had to remove due to configuration laod class failure #dmeConfiguration: # lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT" diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb index c8130ddd4a..4c894b4106 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb @@ -7,6 +7,8 @@ storage.connection-timeout=<%= @janus_connection_timeout %> storage.cql.keyspace=sdctitan storage.cql.ssl.enabled=<%= @cassandra_ssl_enabled %> +storage.cql.ssl.keystore.location=<%= @cassandra_keystore_path %> +storage.cql.ssl.keystore.password=<%= @cassandra_keystore_password %> storage.cql.ssl.truststore.location=<%= @cassandra_truststore_path %> storage.cql.ssl.truststore.password=<%= @cassandra_truststore_password %> diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java index 3222c267df..d33a80d8f7 100644 --- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java +++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java @@ -221,12 +221,14 @@ public class Configuration extends BasicConfiguration { private String username; private String password; private boolean ssl; + private String keystorePath; + private String keystorePassword; private String truststorePath; private String truststorePassword; private int maxWaitSeconds = 120; public Integer getCassandraPort() { - return cassandraPort != null ? cassandraPort : Configuration.CassandrConfig.CASSANDRA_DEFAULT_PORT; + return cassandraPort != null ? cassandraPort : CASSANDRA_DEFAULT_PORT; } @Getter diff --git a/sdc-os-chef/environments/Template.json b/sdc-os-chef/environments/Template.json index 7cd95cc3f9..369d22489d 100644 --- a/sdc-os-chef/environments/Template.json +++ b/sdc-os-chef/environments/Template.json @@ -91,7 +91,11 @@ "socket_read_timeout": "40000", "socket_connect_timeout": "40000", "janusgraph_connection_timeout": "20000", - "replication_factor": "1" + "replication_factor": "1", + "cassandra_keystore_path": "cassandra_keystore_path", + "cassandra_keystore_password": "cassandra_keystore_password", + "cassandra_truststore_path": "cassandra_truststore_path", + "cassandra_truststore_password": "cassandra_truststore_password" }, "DMAAP": { "consumer": { -- 2.16.6