Deploy dmaap-bc with downloaded certs
This fixes the charts to properly install new SSL artifacts from AAF.
And we use the newest container version that uses cadi library to read
these artifacts.
Issue-ID: DMAAP-1401
Signed-off-by: Dominic Lunanuova <dgl@research.att.com>
Change-Id: I4d70716220a7f3e629762d3bef2149e3b0147133
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
index cde43f9..84a42d6 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
@@ -14,4 +14,4 @@
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
-
+DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
index e43182d..59f64bd 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
@@ -12,43 +12,47 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-#####################################################
-#
-# ONAP Casablanca oom configurable deployment params:
-#
-#####################################################
-
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
-# Indicator for whether to use AAF
+# Indicator for whether to use AAF for authentication
UseAAF: {{ .Values.global.aafEnabled }}
-# csit: stubs out some southbound APIs for csit
-csit: No
+# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
+# Comment out in other environments to get default (No)
+#UnitTest: Yes
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
-# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments.
+# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
Feed.deleteHandling: SimulateDelete
+###########################################################
+# The following properties default to match ONAP DR instance.
+# However, there are some non-ONAP DR instances that require other values.
+# Sets the X-DR-ON-BEHALF-OF HTTP Header value
+#DR.onBehalfHeader:
+# Value for the Content-Type Header in DR Feed API
+#DR.feedContentType:
+# Value for the Content-Type Header in DR Subscription API
+#DR.subContentType:
+#
+# END OF properties helpful for non-ONAP DR instance.
+############################################################
+
#####################################################
#
# Settings for Soutbound API: Postgresql
@@ -86,6 +90,9 @@
# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
+# Indicator for whether we want hostname verification on SSL connection to MR
+MR.hostnameVerify: false
+
# MR Client Delete Level thoroughness:
# 0 = don't delete
# 1 = delete from persistent store
@@ -104,6 +111,12 @@
# Use Basic Authentication when provisioning topics
MR.authentication: basicAuth
+# MR topic name style (default is FQTN_LEGACY_FORMAT)
+#MR.topicStyle: FQTN_LEGACY_FORMAT
+#
+# end of MR Related Properties
+################################################################################
+
#####################################################
#
@@ -136,14 +149,20 @@
# Identity that is owner of any created namespaces for topics
aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-CredentialCodeKeyfile: etc/LocalKey
# this overrides the Class used for Decryption.
# This allows for a plugin encryption/decryption method if needed.
# Call this Class for decryption at runtime.
#AafDecryption.Class: com.company.proprietaryDecryptor
+# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
+# Not used in ONAP, but possibly used with Decryption override class.
+#CredentialCodeKeyfile: etc/LocalKey
+
+#
+# endof AAF Properties
+####################################################
+
#####################################################
#
@@ -172,11 +191,53 @@
# pwd for Identity used to publish MM prov cmds
MM.ProvUserPwd: demo123456!
-# AAF Role of MirrorMaker agent subscribed to prov cmds
+# AAF Role of MirrorMaker agent subscribed to prov cmds.
MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
#####################################################
#
+# Certificate Management
+#
+#####################################################
+
+# Indicates how we are expecting certificates to be provided:
+# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
+# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
+CertificateManagement: cadi
+
+# When CertificateManagement is cadi, then this is where all the cadi properties will be.
+# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
+cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
+
+###########################################################################################
+# When CertificateManagement is legacy, we need to provide more details about cert handling:
+#CertificateManagement: legacy
+# the type of keystore for https (for legacy CertificateManagment only)
+#KeyStoreType: jks
+
+# path to the keystore file (for legacy CertificateManagment only)
+#KeyStoreFile: etc/keystore
+
+# password for the https keystore (for legacy CertificateManagment only)
+#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
+# password for the private key in the https keystore (for legacy CertificateManagment only)
+#KeyPassword: changeit
+
+# type of truststore for https (for legacy CertificateManagment only)
+#TrustStoreType: jks
+
+# path to the truststore for https (for legacy CertificateManagment only)
+#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
+
+# password for the https truststore (for legacy CertificateManagment only)
+#TrustStorePassword: changeit
+#
+# END OF legacy CertificateManagement properties
+###########################################################################################
+
+
+#####################################################
+#
# HTTP Server Configuration
#
#####################################################
@@ -191,30 +252,24 @@
# set to 0 if no certificates are available.
IntHttpsPort: 8443
-# external port number for https taking port mapping into account
-ExtHttpsPort: 443
-# the type of keystore for https
-KeyStoreType: jks
-
-# path to the keystore file
-KeyStoreFile: etc/keystore
-
-# password for the https keystore
-KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# password for the private key in the https keystore
-KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-
-# type of truststore for https
-TrustStoreType: jks
-
-# path to the truststore for https
-TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
-
-# password for the https truststore
-TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY*
-
-# path to the file used to trigger an orderly shutdown
-QuiesceFile: etc/SHUTDOWN
inHttpsPort: 0
+
+#####################################################
+#
+# Deprecated
+#
+#####################################################
+# csit: stubs out some southbound APIs for csit (deprecated)
+#csit: No
+# name of this DMaaP instance (deprecated)
+#DmaapName: demo
+# external port number for https taking port mapping into account (deprecated)
+#ExtHttpsPort: 443
+# path to the file used to trigger an orderly shutdown (deprecated)
+#QuiesceFile: etc/SHUTDOWN
+# FQDN of DR Prov Server (deprecated)
+#DR.provhost: dcae-drps.domain.not.set
+# root of topic namespace (decrecated)
+#topicNsRoot: org.onap.dcae.dmaap