Add self signed cert in Dockerfile
Change-Id: Ie013fe125e5b76cf7243a51f25d2d933283a0f86
Issue-ID: DCAEGEN2-562
Signed-off-by: Tommy Carpenter <tommy@research.att.com>
diff --git a/Changelog.md b/Changelog.md
index 9a83c20..d1c2fac 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,9 @@
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
+## [2.2.3] - 7/25/2018
+* By request, include a self signed cert so the image always comes up.
+
## [2.2.2] - 7/9/2018
* Add EELF metrics log and logging statements
* Fixed a redundant Consul call where client.resolve_all did not need to call the transaction API twice
diff --git a/Dockerfile b/Dockerfile
index ae2f079..6c783f0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,9 +15,16 @@
COPY nginxhttps.conf /etc/nginx/conf.d/nginxhttps.conf
+#443 is https, 10000 is http
+# in the future, hopefully http can go away completely
ENV LISTEN_PORT 10000
EXPOSE 443
EXPOSE 10000
+# Mount a self signed certificate that should be overwritten upon Run
+RUN apt-get update && \
+ apt-get install -y openssl && \
+ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=US/ST=NJ/L=foo/O=ONAP/OU=ONAP/CN=configbinding"
+
#this is a registrator flag that tells it to ignore 80 from service discovery. Nothing is listening on 80, but the parent Dockerfile here exposes it. This container is internally listening on 10000 and 443.
ENV SERVICE_80_IGNORE true
diff --git a/README.md b/README.md
index cffbe73..6cc17c4 100644
--- a/README.md
+++ b/README.md
@@ -15,13 +15,7 @@
In addition, this service provides the capability to retrieve either the DTI events (not history) or the policies for a given service_component.
# Usage
-hit `url_of_this/service_component/service_component_name` and you are returned your bound config.
-
-hit `url_of_this/dtievents/service_component_name` and you are returned the dti events for your service_component.
-
-hit `url_of_this/policies/service_component_name` and you are returned the policies for your service_component.
-
-(Note: there is also a backdoor in the `client` module that allows you to pass in a direct JSON and a direct rels, but this isn't exposed via the HTTP API as of now)
+See the Swagger spec.
# Assumptions
1. `CONSUL_HOST` is set as an environmental variable where this binding service is run. If it is not, it defaults to the Rework Consul which is probably not what you want.
@@ -47,24 +41,40 @@
This project uses https://hub.docker.com/r/tiangolo/uwsgi-nginx-flask/
This is a solution that runs a productionalized setup using NGINX+uwsgi+Flask (Flask is not meant to be run as a real webserver per their docs). This project requires the app/app structure. Tox still works from the root due to tox magic.
-# Testing
-You need tox:
-```
-pip install tox
-```
-Then from the root dir, *not in a virtual env*, just run:
+This structure, combined with Sonar limitations, leads to an unfortunate need of having three nested poms. There is a top level pom, a tiny pom in /app, and the "main" pom in /app/app.
+
+# Development
+## Version changes
+An unforunate consequence of the nested poms is that development changes require a version bump in several places. They are:
+1. top level pom
+2. pom in /app
+3. pom in /app/app
+4. setup.py in /app/app
+5. Changelod.md
+
+Additionally, if the development leads to an API change,
+6. swagger.yaml in /app/app
+
+## Testing
+You need `tox`.
+
+To recreate the tox that the ONAP build process calls, from /app/app, *not in a virtual env*, just run:
```
tox
```
-You may have to alter the tox.ini for the python envs you wish to test with.
-# Deployment information
+For local development, there is a tox that outputs to an html website that is easier to read and navigate then xml. From the *root*, run
+```
+tox -c tox-local.ini
+```
+
+# Deployment
## Ports, HTTPS key/cert location
The CBS frontend (NGINX) exposes 10000 and 443. It runs HTTP on 10000 and HTTPS on 443. 80 is also exposed by the parent Dockerfile but nothing is listening there so it can be ignored.
-If you wish to use HTTPS, it expects a key to be mounted at `/etc/nginx/ssl/nginx.key` and a cert to be mounted at `/etc/nginx/ssl/nginx.crt`. For example, a snippet from a `docker run` command:
+The dockerimage mounts it's own self signed certificate. If deploying into a production level scenario, *you should overwrite this cert!*! It expects a key to be mounted at `/etc/nginx/ssl/nginx.key` and a cert to be mounted at `/etc/nginx/ssl/nginx.crt`. For example, a snippet from a `docker run` command:
```
... -v /host/path/to/nginx.key:/etc/nginx/ssl/nginx.key -v /host/path/to/nginx.crt:/etc/nginx/ssl/nginx.crt ...
diff --git a/app/app/pom.xml b/app/app/pom.xml
index 133c9b5..806098d 100644
--- a/app/app/pom.xml
+++ b/app/app/pom.xml
@@ -24,13 +24,13 @@
<parent>
<groupId>org.onap.dcaegen2.platform.configbinding</groupId>
<artifactId>app</artifactId>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
</parent>
<!--- CHANGE THE FOLLOWING 3 OBJECTS for your own repo -->
<groupId>org.onap.dcaegen2.platform.configbinding</groupId>
<artifactId>app-app</artifactId>
<name>dcaegen2-platform-configbinding-app-app</name>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/app/app/setup.py b/app/app/setup.py
index afca622..237f7c4 100644
--- a/app/app/setup.py
+++ b/app/app/setup.py
@@ -20,7 +20,7 @@
setup(
name='config_binding_service',
- version='2.2.2',
+ version='2.2.3',
packages=find_packages(exclude=["tests.*", "tests"]),
author="Tommy Carpenter",
author_email="tommy@research.att.com",
diff --git a/app/app/tox.ini b/app/app/tox.ini
index 7b42d9b..c58161e 100644
--- a/app/app/tox.ini
+++ b/app/app/tox.ini
@@ -1,7 +1,6 @@
# content of: tox.ini , put in same dir as setup.py
[tox]
envlist = py36,flake8
-#setupdir=app/app
[testenv]
deps=
diff --git a/app/pom.xml b/app/pom.xml
index 4f5506b..52387e6 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -23,14 +23,14 @@
<parent>
<groupId>org.onap.dcaegen2.platform</groupId>
<artifactId>configbinding</artifactId>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
</parent>
<!--- CHANGE THE FOLLOWING 3 OBJECTS for your own repo -->
<groupId>org.onap.dcaegen2.platform.configbinding</groupId>
<artifactId>app</artifactId>
<name>dcaegen2-platform-configbinding-app</name>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<packaging>pom</packaging>
diff --git a/pom.xml b/pom.xml
index a4df1f9..2eef1f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
<groupId>org.onap.dcaegen2.platform</groupId>
<artifactId>configbinding</artifactId>
<name>dcaegen2-platform-configbinding</name>
- <version>2.2.2-SNAPSHOT</version>
+ <version>2.2.3-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<packaging>pom</packaging>
diff --git a/tox-local.ini b/tox-local.ini
index f4a3f65..be6fb90 100644
--- a/tox-local.ini
+++ b/tox-local.ini
@@ -1,6 +1,6 @@
# content of: tox.ini , put in same dir as setup.py
[tox]
-envlist = py37,flake8
+envlist = py36,flake8
setupdir=app/app
[testenv]