From: RehanRaza Date: Thu, 30 Apr 2020 12:04:57 +0000 (+0200) Subject: Add https support in A1 controller X-Git-Tag: 2.0.0~61^2 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=e01af69c31f9a9dfebb591af0b35f420c247c8e7;p=nonrtric.git Add https support in A1 controller Add self-signed cert for NBI and SBI Remove ONAP signed certs Change-Id: I733cb48bf37cb124a330f9a2734920fda010de57 Issue-ID: NONRTRIC-196 Signed-off-by: RehanRaza --- diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml index da53f920..02e32e70 100644 --- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml +++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml @@ -115,6 +115,10 @@ org.apache.commons commons-lang3 + + org.apache.httpcomponents + httpclient + org.onap.ccsdk.sli.core sli-common diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java index 65809836..d317e56a 100644 --- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java +++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java @@ -20,11 +20,33 @@ package org.o_ran_sc.nonrtric.sdnc_a1.northbound.restadapter; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URL; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Properties; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContexts; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.util.ResourceUtils; import org.springframework.web.client.RestTemplate; /** @@ -36,10 +58,44 @@ import org.springframework.web.client.RestTemplate; public class RestAdapterImpl implements RestAdapter { - private RestTemplate restTemplate; + private static final String PROPERTIES_FILE = "nonrt-ric-api-provider.properties"; + private final Logger log = LoggerFactory.getLogger(RestAdapterImpl.class); + + private RestTemplate restTemplateHttp; + private RestTemplate restTemplateHttps; public RestAdapterImpl() { - restTemplate = new RestTemplate(); + restTemplateHttp = new RestTemplate(); + try { + restTemplateHttps = createRestTemplateForHttps(); + } catch (IOException | UnrecoverableKeyException | KeyManagementException | CertificateException + | NoSuchAlgorithmException | KeyStoreException ex) { + log.error("Caught exception when trying to create restTemplateHttps: {}", ex.getMessage()); + } + } + + private RestTemplate createRestTemplateForHttps() throws IOException, UnrecoverableKeyException, CertificateException, + NoSuchAlgorithmException, KeyStoreException, KeyManagementException { + InputStream inputStream = RestAdapterImpl.class.getClassLoader().getResourceAsStream(PROPERTIES_FILE); + if (inputStream == null) { + throw new FileNotFoundException("properties file not found in classpath"); + } else { + Properties properties = new Properties(); + properties.load(inputStream); + final String keystorePassword = properties.getProperty("key-store-password"); + SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory( + SSLContexts.custom() + .loadKeyMaterial(ResourceUtils.getFile(properties.getProperty("key-store")), + keystorePassword.toCharArray(), keystorePassword.toCharArray()) + .loadTrustMaterial(null, new TrustSelfSignedStrategy()) + .build(), + NoopHostnameVerifier.INSTANCE); + HttpClient client = HttpClients.custom().setSSLSocketFactory(scsf).build(); + HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); + requestFactory.setHttpClient(client); + inputStream.close(); + return new RestTemplate(requestFactory); + } } private HttpEntity getHttpEntity(final Object object) { @@ -69,6 +125,19 @@ public class RestAdapterImpl implements RestAdapter { @SuppressWarnings("unchecked") private ResponseEntity invokeHttpRequest(String uri, HttpMethod httpMethod, Class clazz, HttpEntity entity) { - return (ResponseEntity) restTemplate.exchange(uri, httpMethod, entity, clazz); + try { + URL url = new URL(uri); + if (url.getProtocol().equals("https")) { + return (ResponseEntity) restTemplateHttps.exchange(uri, httpMethod, entity, clazz); + } else if (url.getProtocol().equals("http")) { + return (ResponseEntity) restTemplateHttp.exchange(uri, httpMethod, entity, clazz); + } else { + log.error("Invalid protocol in URL"); + return new ResponseEntity<>(HttpStatus.BAD_REQUEST); + } + } catch (MalformedURLException ex) { + log.error("URL is not valid, exception: {}", ex.getMessage()); + return new ResponseEntity<>(HttpStatus.BAD_REQUEST); + } } -} +} \ No newline at end of file diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties new file mode 100644 index 00000000..6a066a6d --- /dev/null +++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties @@ -0,0 +1,20 @@ +# ========================LICENSE_START================================= +# O-RAN-SC +# %% +# Copyright (C) 2020 Nordix Foundation +# %% +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ========================LICENSE_END=================================== + +key-store-password = sdnc-a1-controller +key-store = /etc/ssl/certs/java/keystore.jks \ No newline at end of file diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml index bf8bfe31..3e0b4680 100644 --- a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml +++ b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml @@ -42,9 +42,6 @@ ${maven.build.timestamp} 1.7.3-SNAPSHOT 0.6.3 - org.onap.sdnc.p12 - - 8443 deploy @@ -194,7 +191,7 @@ src/main/resources idmlight.db.mv.db - truststoreONAPall.jks + keystore.jks aaa-app-config.xml false @@ -242,27 +239,6 @@ - - copy-keystores - - copy-resources - - validate - - ${basedir}/target/docker-stage/opt/onap/sdnc/data/stores - - - ../src/main/stores - - *.jks - *.keyfile - *.p12 - - false - - - - diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile index 3077ee5a..80262ff3 100755 --- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile +++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile @@ -25,13 +25,11 @@ MAINTAINER O-RAN-SC NONRTRIC Team ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk ENV ODL_HOME /opt/opendaylight ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties -ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores -ENV SSL_CERTS_DIR /etc/ssl/certs -ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java +ENV JAVA_SECURITY_DIR /etc/ssl/certs/java ENV SDNC_NORTHBOUND_REPO mvn:org.o-ran-sc.nonrtric.sdnc-a1.northbound/sdnc-a1-northbound-all/${sdnc.northbound.version}/xml/features -ENV SDNC_KEYSTORE ${sdnc.keystore} -ENV SDNC_KEYPASS ${sdnc.keypass} -ENV SDNC_SECUREPORT ${sdnc.secureport} +ENV SDNC_KEYSTORE keystore.jks +ENV SDNC_KEYPASS sdnc-a1-controller +ENV SDNC_SECUREPORT 8443 USER root @@ -43,15 +41,13 @@ RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|" $ODL_HOME/ RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-a1-northbound-all|" $ODL_HOME/etc/org.apache.karaf.features.cfg RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-topology/g" $ODL_HOME/etc/org.apache.karaf.features.cfg -# Install ssl and java certificates -COPY truststoreONAPall.jks $JAVA_SECURITY_DIR -COPY truststoreONAPall.jks $SDNC_STORE_DIR -RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit +# Install java certificate +COPY $SDNC_KEYSTORE $JAVA_SECURITY_DIR # Secure with TLS RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties RUN echo org.osgi.service.http.secure.port=$SDNC_SECUREPORT >> $ODL_HOME/etc/custom.properties -RUN echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties +RUN echo org.ops4j.pax.web.ssl.keystore=$JAVA_SECURITY_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties RUN echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties RUN echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties @@ -60,4 +56,4 @@ RUN chown -R odl:odl /opt USER odl ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh -EXPOSE 8181 +EXPOSE 8181 $SDNC_SECUREPORT diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks new file mode 100644 index 00000000..705b2845 Binary files /dev/null and b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks differ diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks deleted file mode 100755 index ff844b10..00000000 Binary files a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks and /dev/null differ diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh deleted file mode 100755 index c6f0e5ae..00000000 --- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} - -keyStoreFile=${SDNC_HOME}/data/stores/sdnc.p12 - -if [ ! -f ${keyStoreFile} ] -then - keytool -genkeypair -dname "CN=SDNC, OU=ONAP, O=ONAP, L=, S=, C=" -alias sdncKey -keyalg RSA -keysize 1024 -keystore $keyStoreFile -storepass adminadmin -storetype pkcs12 -fi - diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py new file mode 100644 index 00000000..35a1d4bb --- /dev/null +++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py @@ -0,0 +1,68 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# + + +# coding=utf-8 +import os +import httplib +import base64 +import time + +username = os.environ['ODL_ADMIN_USERNAME'] +password = os.environ['ODL_ADMIN_PASSWORD'] +TIMEOUT=1000 +INTERVAL=30 +timePassed=0 + +headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password), + 'X-FromAppId': 'csit-sdnc', + 'X-TransactionId': 'csit-sdnc', + 'Accept':"application/json", + 'Content-type':"application/json"} + +def makeHealthcheckCall(headers, timePassed): + connected = False + # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200 + while timePassed < TIMEOUT: + try: + conn = httplib.HTTPConnection("localhost",8181) + req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers) + res = conn.getresponse() + res.read() + if res.status == 200: + print ("Healthcheck Passed in %d seconds." %timePassed) + connected = True + break + else: + print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + except: + print ("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + timePassed = timeIncrement(timePassed) + + if timePassed > TIMEOUT: + print ("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT) + return connected + + +def timeIncrement(timePassed): + time.sleep(INTERVAL) + timePassed = timePassed + INTERVAL + return timePassed + +makeHealthcheckCall(headers, timePassed) diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py deleted file mode 100644 index 17ada4c1..00000000 --- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py +++ /dev/null @@ -1,202 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# - - -# coding=utf-8 -import os -import httplib -import base64 -import time -import zipfile -import shutil - -Path = "/tmp" - -zipFileList = [] - -username = os.environ['ODL_ADMIN_USERNAME'] -password = os.environ['ODL_ADMIN_PASSWORD'] -TIMEOUT=1000 -INTERVAL=30 -timePassed=0 - -postKeystore= "/restconf/operations/netconf-keystore:add-keystore-entry" -postPrivateKey= "/restconf/operations/netconf-keystore:add-private-key" -postTrustedCertificate= "/restconf/operations/netconf-keystore:add-trusted-certificate" - - -headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password), - 'X-FromAppId': 'csit-sdnc', - 'X-TransactionId': 'csit-sdnc', - 'Accept':"application/json", - 'Content-type':"application/json"} - -def readFile(folder, file): - key = open(Path + "/" + folder + "/" + file, "r") - fileRead = key.read() - key.close() - fileRead = "\n".join(fileRead.splitlines()[1:-1]) - return fileRead - -def readTrustedCertificate(folder, file): - listCert = list() - caPem = "" - startCa = False - key = open(Path + "/" + folder + "/" + file, "r") - lines = key.readlines() - for line in lines: - if not "BEGIN CERTIFICATE" in line and not "END CERTIFICATE" in line and startCa: - caPem += line - elif "BEGIN CERTIFICATE" in line: - startCa = True - elif "END CERTIFICATE" in line: - startCa = False - listCert.append(caPem) - caPem = "" - return listCert - -def makeKeystoreKey(clientKey, count): - odl_private_key="ODL_private_key_%d" %count - - json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \ - '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format( - odl_private_key=odl_private_key, - clientKey=clientKey) - - return json_keystore_key - - - -def makePrivateKey(clientKey, clientCrt, certList, count): - caPem = "" - for cert in certList: - caPem += '\"%s\",' % cert - - caPem = caPem.rsplit(',', 1)[0] - odl_private_key="ODL_private_key_%d" %count - - json_private_key='{{\"input\": {{ \"private-key\":{{\"name\": \"{odl_private_key}\", \"data\" : ' \ - '\"{clientKey}\",\"certificate-chain\":[\"{clientCrt}\",{caPem}]}}}}}}'.format( - odl_private_key=odl_private_key, - clientKey=clientKey, - clientCrt=clientCrt, - caPem=caPem) - - return json_private_key - -def makeTrustedCertificate(certList, count): - number = 0 - json_cert_format = "" - for cert in certList: - cert_name = "xNF_CA_certificate_%d_%d" %(count, number) - json_cert_format += '{{\"name\": \"{trusted_name}\",\"certificate\":\"{cert}\"}},\n'.format( - trusted_name=cert_name, - cert=cert.strip()) - number += 1 - - json_cert_format = json_cert_format.rsplit(',', 1)[0] - json_trusted_cert='{{\"input\": {{ \"trusted-certificate\": [{certificates}]}}}}'.format( - certificates=json_cert_format) - return json_trusted_cert - - -def makeRestconfPost(conn, json_file, apiCall): - req = conn.request("POST", apiCall, json_file, headers=headers) - res = conn.getresponse() - res.read() - if res.status != 200: - print "Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason) - else: - print res.status, res.reason - -def extractZipFiles(zipFileList, count): - for zipFolder in zipFileList: - with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref: - zip_ref.extractall(Path) - folder = zipFolder.rsplit(".")[0] - processFiles(folder, count) - -def processFiles(folder, count): - conn = httplib.HTTPConnection("localhost",8181) - for file in os.listdir(Path + "/" + folder): - if os.path.isfile(Path + "/" + folder + "/" + file.strip()): - if ".key" in file: - clientKey = readFile(folder, file.strip()) - elif "trustedCertificate" in file: - certList = readTrustedCertificate(folder, file.strip()) - elif ".crt" in file: - clientCrt = readFile(folder, file.strip()) - else: - print "Could not find file %s" % file.strip() - shutil.rmtree(Path + "/" + folder) - json_keystore_key = makeKeystoreKey(clientKey, count) - json_private_key = makePrivateKey(clientKey, clientCrt, certList, count) - json_trusted_cert = makeTrustedCertificate(certList, count) - - makeRestconfPost(conn, json_keystore_key, postKeystore) - makeRestconfPost(conn, json_private_key, postPrivateKey) - makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate) - -def makeHealthcheckCall(headers, timePassed): - connected = False - # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200 - while timePassed < TIMEOUT: - try: - conn = httplib.HTTPConnection("localhost",8181) - req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers) - res = conn.getresponse() - res.read() - if res.status == 200: - print ("Healthcheck Passed in %d seconds." %timePassed) - connected = True - break - else: - print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) - except: - print ("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) - timePassed = timeIncrement(timePassed) - - if timePassed > TIMEOUT: - print ("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT) - return connected - - -def timeIncrement(timePassed): - time.sleep(INTERVAL) - timePassed = timePassed + INTERVAL - return timePassed - -def readCertProperties(): - connected = makeHealthcheckCall(headers, timePassed) - - if connected: - count = 0 - if os.path.isfile(Path + "/certs.properties"): - with open(Path + "/certs.properties", "r") as f: - for line in f: - if not "*****" in line: - zipFileList.append(line) - else: - extractZipFiles(zipFileList, count) - count += 1 - del zipFileList[:] - else: - print "Error: File not found in path entered" - -readCertProperties() diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh index 1b8f5192..78d3ea3d 100755 --- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh +++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh @@ -53,8 +53,6 @@ if [ ! -f ${INSTALLED_DIR}/.installed ] then echo "Installing SDNC-A1 database" ${SDNC_HOME}/bin/installSdncDb.sh - echo "Installing SDNC-A1 keyStore" - ${SDNC_HOME}/bin/addSdncKeyStore.sh if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ] then @@ -63,8 +61,6 @@ then fi fi -cp /opt/opendaylight/current/certs/* /tmp - -nohup python ${SDNC_BIN}/installCerts.py & +nohup python ${SDNC_BIN}/healthcheck.py & exec ${ODL_HOME}/bin/karaf server diff --git a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props b/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props deleted file mode 100644 index 88983837..00000000 --- a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props +++ /dev/null @@ -1,17 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by ubuntu -# on 2019-04-26T17:48:02.614+0000 -# @copyright 2019, AT&T -############################################################ -Challenge=enc:YLFZL0xwmf-22zzHjNwMDus4xQhhjOO_HERh0LisPjGFMODJtM77jjh7EctH-Pme -cadi_alias=sdnc@sdnc.onap.org -cadi_key_password=enc:fbgVR_kMh7wuaEfm16VlW84HJR_yiob_CUf3oDXSE0K2yPlp0t55xT335GMh8ZSv -cadi_keyfile=/opt/sdnc/data/stores/org.onap.sdnc.keyfile -cadi_keystore=/opt/sdnc/data/stores/org.onap.sdnc.p12 -cadi_keystore_password=enc:xAl_o-JBdI86B4pDUNyrY9IauP54ecsXLUZYl_9p9R4Roybcnppqwwkdp_wJq1Ir -cadi_keystore_password_jks=enc:Qf5-2ZRKRMYBwvO14qENypmu4A1HNjkdu_KkM0N5i7v7QjC_GmshNrYmmeWLQWIr -cadi_keystore_password_p12=enc:xAl_o-JBdI86B4pDUNyrY9IauP54ecsXLUZYl_9p9R4Roybcnppqwwkdp_wJq1Ir -cadi_truststore=/opt/sdnc/data/stores/org.onap.sdnc.trust.jks -cadi_truststore_password=enc:U-tuJC67-g5WkC4o8aYf-zqxfB-u2ep3NcB9CZt3VfGCP_NhTWFYVx8mCL3S-jhU -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props b/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props deleted file mode 100644 index 5b96b907..00000000 --- a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props +++ /dev/null @@ -1,15 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2019-02-15T20:08:07.125+0000 -# @copyright 2016, AT&T -############################################################ -aaf_id=sdnc@sdnc.onap.org -aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_etc_dir=/opt/sdnc/data/stores -cadi_latitude=38.432899 -cadi_longitude=-90.43248 -cadi_prop_files=/opt/sdnc/data/properties/org.onap.sdnc.cred.props -cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 -cadi_bath_convert=/opt/sdnc/data/properties/bath_config.csv diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12 b/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12 deleted file mode 100644 index 8fb4e2cd..00000000 Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12 and /dev/null differ diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile deleted file mode 100644 index 4bbb0abc..00000000 --- a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -ssTXV3XxGHmaZ_tDK60bUUwJMidA6-cMQbn8EVO1HWhwTS3vhftirZkfE-Ymv0xkhB82LT05cTjv -MnM6E_OU8ZzQtNCb0XTTsOU-xTExWuIJzgfTKDanH14OB83r-pM0Q1z3iOjgIZyKNn7Qtl-7FyJu -Fr6bmPKFMMSDROwH347eYBpunVPIa1X0NNqJcHDQsWFhW0bgsfRMnP3XZNltqbuAFZocYsY3Tk5N -Iz52WXz6-nSWYBO0sPuBUZmkck1zKZ9PMn2SAPYx1V3i1-kOBLE6AHj-ad7e_dnJjdSTrjhG5z81 -QtmwAevh2ROCdNXTeyurrGXaLrMluE9csSVIp0YCCuhUCX02oDQBqIY5IDIQtAIXS8_i2bJWwmMv -tZOTavGZH1_nwyQQ60lWF8w0GtL1m-s1SVH5v8VunYrjdnwFsrwUkKWfmz70OWFy6RwRis4IL434 -ln0RY48K-E_93jw3pbV4vZFTo8-RO59DGr_0pZf7ZhDSNrdy8sMpaSeHjjrVMfD5TI-JWDdzaKhi -edKGZN_MZLfgPKwXTfXLDQKxowLUoDpEKfAj_KSOAdTCB2piala6Ht3FM5zfXFY7PnYgDho1fe2j -nSWQhN6BqMr4LVKCLVonIiiAgyEetseUnW5_FCcFJALhfEKG4CHI0TvbRZ9IG7SwEFBovrk3RkBv --UHxqqUAi9W3Zdm6wmYtSsUaT-lmMomJxHigWn9vCJ6fO0r_KSoGo-u8idP8P989hNdLqKx6sVWa -en-Kyf0YUvYUk6TblucGVG0UYpjqMAr64tA2_a595QWriVRsxFWTZXBiXWUrOtbXxYZ6vn4jLomF -KWAOu7ot-SQa9zAAAgIme5VB3I2h9s0mUOsQd-T1fJq_CdAGzyqXmBwt8TO4G8iQCMUtOptxJ220 -dq_unPUWJylDuU_9fTY95PLSIGfTCwOedOJb5A9IvyN_mahSPZqYH3a0P6gOgHPxQfTrUid31u7a -BqsQdKKMoWCT7ZdX-ja95f3Z3PzHxhlI2dr1nCRBkN89GLyIK70dVN2QTVVWV5B4hLoyrON6QVwy -1csZ1X6UGO-4YOX3_GUacJSnCenZzJFbn3moCkZ-QfpwU7Cqq2I7DEa8bDKz1sdeNtycOxiQnmnA -AnVdXfOavctGcpA6tWyj-WAkZvV6yedt6Kb4BPL5_qDsCNa0r1wYNaQqzH1bYQnJu0aVjspTzlj4 -2ik_2i9t36Avoqj_g3e8fvwmF0r__yPpF2oULa4LcIQ8Cs3U9Oq3BmxlNXlEj7dyNOTIlJLcvrzX -Js_5iv5rA_rIWY7YpOc-UCVrZw3yb8Ih-XI4tNuUn3qE7tHHQclWrrYRVM2Jt_u-73WYqL-iCvwQ -BU5soWkSK5TwgR1BHfDs5-yNh1MRnr9RbNd8x_p3ohQrFtepgBHodTl98er9XANCy-HycLZhDP3D -TUQdWVKxAwDFVBB-p6itYB9oVvkQtSosLQUYcAjbMTrFz4zqOj0CHMvquE-Wbznkayo5ZdvKoPXk -loNtiG4qPx3UXpvfHElps-vPi8y1TlcmwqWEOn2vxKd5IIk2fglHXM9tv2m86XRgvTjppSs1V7NS -Uoz_C_bW8zH5D-Twmq2DGHxuKbpUpqe0FDFXxoQezGCVhN6bzp-44CBkz9I9QeNVkm3XFu8s2fDn -PeP2B_hGxkLhJHAJ28_3zZex818zqvFW-flWY43w6Cke8qWns3gxdyvXLUTluoidkFdTEvMBPIos -itOB1MsLxsZNdAZtn3vxANPm7dTf8YIAJdMYH6yL9G83PxgKZ8uhoIZIsbrV2UWOJMLH8agctEZI -pFqCipM8RZwuZwq7JmTYPyIjUDVTvAmiLJbG127T9eAfrZa2TYDWaE469v9f-7MdTD4_PK2JSogD -8dg30EruD1VwQq03M98hL9EQsRNwAZ4MAshE2Kp3jQje2A-ZxGtMKNiw6DV0j3BM42FBitpV-Ley -UaqWwELwDh7-BFmUeCu_RSP4XwrTUcOV725yIYcGkk06wLahMf2UvFzYS3PAmZLrs4fvLMK5 \ No newline at end of file diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12 b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12 deleted file mode 100644 index 079ee67a..00000000 Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12 and /dev/null differ diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks deleted file mode 100644 index e1f2e570..00000000 Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks and /dev/null differ diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks b/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks deleted file mode 100755 index 28afd8fa..00000000 Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks and /dev/null differ diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks b/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks deleted file mode 100644 index 6c854b4c..00000000 Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks and /dev/null differ diff --git a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml index acf15a13..70513515 100644 --- a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml +++ b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml @@ -47,6 +47,7 @@ services: entrypoint: ["/opt/onap/sdnc/bin/startODL.sh"] ports: - "8282:8181" + - "8383:8443" links: - db:dbhost - db:sdnctldb01