Implement truststore & keystore handling for cassandra
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ib8f21142f7f760f5a8787971dbd0bb7e023e22d1
Issue-ID: SDC-4637
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index 3f7a041..787a764 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -46,7 +46,6 @@
#| Portal |
#| |
#+----------------------------------+
-
default['ECompP']['cipher_key'] = "AGLDdG4D04BKm2IxIWEr8o=="
default['ECompP']['portal_user'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA="
default['ECompP']['portal_pass'] = "j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI="
@@ -58,7 +57,6 @@
#| DMAAP Consumer |
#| |
#+----------------------------------+
-
default['DMAAP']['active'] = false
default['DMAAP']['consumer']['aftEnvironment'] = "AFTUAT"
default['DMAAP']['consumer']['consumerGroup'] = "ccd_onap"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
index a1d0df5..d2ec242 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
@@ -30,7 +30,10 @@
:DC_NAME => node['cassandra']['datacenter_name'],
:DC_NAME_WITH_REP => janusgraph_dcname_with_rep,
:janus_connection_timeout => node['cassandra']['janusgraph_connection_timeout'],
- :cassandra_truststore_password => node['cassandra'][:truststore_password],
+ :cassandra_keystore_path => node['cassandra'][:cassandra_keystore_path],
+ :cassandra_keystore_password => node['cassandra'][:cassandra_keystore_password],
+ :cassandra_truststore_path => node['cassandra'][:cassandra_truststore_path],
+ :cassandra_truststore_password => node['cassandra'][:cassandra_truststore_password],
:cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}",
:cassandra_read_consistency_level => node['cassandra'][:read_consistency_level],
:cassandra_write_consistency_level => node['cassandra'][:write_consistency_level],
@@ -62,7 +65,6 @@
:socket_read_timeout => node['cassandra']['socket_read_timeout'],
:cassandra_pwd => node['cassandra'][:cassandra_password],
:cassandra_usr => node['cassandra'][:cassandra_user],
- :cassandra_truststore_password => node['cassandra'][:truststore_password],
:cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}",
:permittedAncestors => "#{ENV['permittedAncestors']}",
:dmaap_active => node['DMAAP']['active']
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index ada01a9..3f5ec42 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -102,6 +102,10 @@
username: <%= @cassandra_usr %>
password: <%= @cassandra_pwd %>
ssl: <%= @cassandra_ssl_enabled %>
+ keystorePath: <%= @cassandra_keystore_password %>
+ keystorePassword: <%= @cassandra_ssl_enabled %>
+ truststorePath: <%= @cassandra_truststore_path %>
+ truststorePassword: <%= @cassandra_truststore_password %>
keySpaces:
- { name: dox, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
- { name: sdcaudit, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
@@ -109,7 +113,6 @@
- { name: sdccomponent, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
- { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
-
licenseTypes:
- User
- Installation
@@ -909,7 +912,6 @@
displayName: Testing
type: OTHER
-
additionalInformationMaxNumberOfKeys: 50
systemMonitoring:
@@ -1164,7 +1166,6 @@
aftDme2SslEnable: true
aftDme2ClientSslCertAlias: certman
-
# ToDo: AF - had to remove due to configuration laod class failure
#dmeConfiguration:
# lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
index c8130dd..4c894b4 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
@@ -7,6 +7,8 @@
storage.cql.keyspace=sdctitan
storage.cql.ssl.enabled=<%= @cassandra_ssl_enabled %>
+storage.cql.ssl.keystore.location=<%= @cassandra_keystore_path %>
+storage.cql.ssl.keystore.password=<%= @cassandra_keystore_password %>
storage.cql.ssl.truststore.location=<%= @cassandra_truststore_path %>
storage.cql.ssl.truststore.password=<%= @cassandra_truststore_password %>
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
index 3222c26..d33a80d 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
@@ -221,12 +221,14 @@
private String username;
private String password;
private boolean ssl;
+ private String keystorePath;
+ private String keystorePassword;
private String truststorePath;
private String truststorePassword;
private int maxWaitSeconds = 120;
public Integer getCassandraPort() {
- return cassandraPort != null ? cassandraPort : Configuration.CassandrConfig.CASSANDRA_DEFAULT_PORT;
+ return cassandraPort != null ? cassandraPort : CASSANDRA_DEFAULT_PORT;
}
@Getter
diff --git a/sdc-os-chef/environments/Template.json b/sdc-os-chef/environments/Template.json
index 7cd95cc..369d224 100644
--- a/sdc-os-chef/environments/Template.json
+++ b/sdc-os-chef/environments/Template.json
@@ -91,7 +91,11 @@
"socket_read_timeout": "40000",
"socket_connect_timeout": "40000",
"janusgraph_connection_timeout": "20000",
- "replication_factor": "1"
+ "replication_factor": "1",
+ "cassandra_keystore_path": "cassandra_keystore_path",
+ "cassandra_keystore_password": "cassandra_keystore_password",
+ "cassandra_truststore_path": "cassandra_truststore_path",
+ "cassandra_truststore_password": "cassandra_truststore_password"
},
"DMAAP": {
"consumer": {