Add https support in A1 controller
Add self-signed cert for NBI and SBI
Remove ONAP signed certs
Change-Id: I733cb48bf37cb124a330f9a2734920fda010de57
Issue-ID: NONRTRIC-196
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
index da53f92..02e32e7 100644
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
@@ -116,6 +116,10 @@
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.onap.ccsdk.sli.core</groupId>
<artifactId>sli-common</artifactId>
</dependency>
diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
index 6580983..d317e56 100644
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
@@ -20,11 +20,33 @@
package org.o_ran_sc.nonrtric.sdnc_a1.northbound.restadapter;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Properties;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContexts;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.util.ResourceUtils;
import org.springframework.web.client.RestTemplate;
/**
@@ -36,10 +58,44 @@
public class RestAdapterImpl implements RestAdapter {
- private RestTemplate restTemplate;
+ private static final String PROPERTIES_FILE = "nonrt-ric-api-provider.properties";
+ private final Logger log = LoggerFactory.getLogger(RestAdapterImpl.class);
+
+ private RestTemplate restTemplateHttp;
+ private RestTemplate restTemplateHttps;
public RestAdapterImpl() {
- restTemplate = new RestTemplate();
+ restTemplateHttp = new RestTemplate();
+ try {
+ restTemplateHttps = createRestTemplateForHttps();
+ } catch (IOException | UnrecoverableKeyException | KeyManagementException | CertificateException
+ | NoSuchAlgorithmException | KeyStoreException ex) {
+ log.error("Caught exception when trying to create restTemplateHttps: {}", ex.getMessage());
+ }
+ }
+
+ private RestTemplate createRestTemplateForHttps() throws IOException, UnrecoverableKeyException, CertificateException,
+ NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
+ InputStream inputStream = RestAdapterImpl.class.getClassLoader().getResourceAsStream(PROPERTIES_FILE);
+ if (inputStream == null) {
+ throw new FileNotFoundException("properties file not found in classpath");
+ } else {
+ Properties properties = new Properties();
+ properties.load(inputStream);
+ final String keystorePassword = properties.getProperty("key-store-password");
+ SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
+ SSLContexts.custom()
+ .loadKeyMaterial(ResourceUtils.getFile(properties.getProperty("key-store")),
+ keystorePassword.toCharArray(), keystorePassword.toCharArray())
+ .loadTrustMaterial(null, new TrustSelfSignedStrategy())
+ .build(),
+ NoopHostnameVerifier.INSTANCE);
+ HttpClient client = HttpClients.custom().setSSLSocketFactory(scsf).build();
+ HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+ requestFactory.setHttpClient(client);
+ inputStream.close();
+ return new RestTemplate(requestFactory);
+ }
}
private HttpEntity<?> getHttpEntity(final Object object) {
@@ -69,6 +125,19 @@
@SuppressWarnings("unchecked")
private <T> ResponseEntity<T> invokeHttpRequest(String uri, HttpMethod httpMethod, Class<?> clazz,
HttpEntity<?> entity) {
- return (ResponseEntity<T>) restTemplate.exchange(uri, httpMethod, entity, clazz);
+ try {
+ URL url = new URL(uri);
+ if (url.getProtocol().equals("https")) {
+ return (ResponseEntity<T>) restTemplateHttps.exchange(uri, httpMethod, entity, clazz);
+ } else if (url.getProtocol().equals("http")) {
+ return (ResponseEntity<T>) restTemplateHttp.exchange(uri, httpMethod, entity, clazz);
+ } else {
+ log.error("Invalid protocol in URL");
+ return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+ }
+ } catch (MalformedURLException ex) {
+ log.error("URL is not valid, exception: {}", ex.getMessage());
+ return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+ }
}
-}
+}
\ No newline at end of file
diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties
new file mode 100644
index 0000000..6a066a6
--- /dev/null
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties
@@ -0,0 +1,20 @@
+# ========================LICENSE_START=================================
+# O-RAN-SC
+# %%
+# Copyright (C) 2020 Nordix Foundation
+# %%
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ========================LICENSE_END===================================
+
+key-store-password = sdnc-a1-controller
+key-store = /etc/ssl/certs/java/keystore.jks
\ No newline at end of file
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
index bf8bfe3..3e0b468 100644
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
@@ -42,9 +42,6 @@
<sdnc.build.timestamp>${maven.build.timestamp}</sdnc.build.timestamp>
<sdnc.northbound.version>1.7.3-SNAPSHOT</sdnc.northbound.version>
<ccsdk.docker.version>0.6.3</ccsdk.docker.version>
- <sdnc.keystore>org.onap.sdnc.p12</sdnc.keystore>
- <sdnc.keypass><![CDATA[ff^G9D]yf&r}Ktum@BJ0YB?N]]></sdnc.keypass>
- <sdnc.secureport>8443</sdnc.secureport>
<docker.push.phase>deploy</docker.push.phase>
</properties>
@@ -194,7 +191,7 @@
<directory>src/main/resources</directory>
<includes>
<include>idmlight.db.mv.db</include>
- <include>truststoreONAPall.jks</include>
+ <include>keystore.jks</include>
<include>aaa-app-config.xml</include>
</includes>
<filtering>false</filtering>
@@ -242,27 +239,6 @@
</resources>
</configuration>
</execution>
- <execution>
- <id>copy-keystores</id>
- <goals>
- <goal>copy-resources</goal>
- </goals><!-- here the phase you need -->
- <phase>validate</phase>
- <configuration>
- <outputDirectory>${basedir}/target/docker-stage/opt/onap/sdnc/data/stores</outputDirectory>
- <resources>
- <resource>
- <directory>../src/main/stores</directory>
- <includes>
- <include>*.jks</include>
- <include>*.keyfile</include>
- <include>*.p12</include>
- </includes>
- <filtering>false</filtering>
- </resource>
- </resources>
- </configuration>
- </execution>
</executions>
</plugin>
<plugin>
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
index 3077ee5..80262ff 100755
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
@@ -25,13 +25,11 @@
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
ENV ODL_HOME /opt/opendaylight
ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
-ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores
-ENV SSL_CERTS_DIR /etc/ssl/certs
-ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
+ENV JAVA_SECURITY_DIR /etc/ssl/certs/java
ENV SDNC_NORTHBOUND_REPO mvn:org.o-ran-sc.nonrtric.sdnc-a1.northbound/sdnc-a1-northbound-all/${sdnc.northbound.version}/xml/features
-ENV SDNC_KEYSTORE ${sdnc.keystore}
-ENV SDNC_KEYPASS ${sdnc.keypass}
-ENV SDNC_SECUREPORT ${sdnc.secureport}
+ENV SDNC_KEYSTORE keystore.jks
+ENV SDNC_KEYPASS sdnc-a1-controller
+ENV SDNC_SECUREPORT 8443
USER root
@@ -43,15 +41,13 @@
RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-a1-northbound-all|" $ODL_HOME/etc/org.apache.karaf.features.cfg
RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-topology/g" $ODL_HOME/etc/org.apache.karaf.features.cfg
-# Install ssl and java certificates
-COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
-COPY truststoreONAPall.jks $SDNC_STORE_DIR
-RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts -deststorepass changeit
+# Install java certificate
+COPY $SDNC_KEYSTORE $JAVA_SECURITY_DIR
# Secure with TLS
RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties
RUN echo org.osgi.service.http.secure.port=$SDNC_SECUREPORT >> $ODL_HOME/etc/custom.properties
-RUN echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.keystore=$JAVA_SECURITY_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
RUN echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
RUN echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
@@ -60,4 +56,4 @@
USER odl
ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh
-EXPOSE 8181
+EXPOSE 8181 $SDNC_SECUREPORT
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks
new file mode 100644
index 0000000..705b284
--- /dev/null
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks
deleted file mode 100755
index ff844b1..0000000
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh
deleted file mode 100755
index c6f0e5a..0000000
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
-
-keyStoreFile=${SDNC_HOME}/data/stores/sdnc.p12
-
-if [ ! -f ${keyStoreFile} ]
-then
- keytool -genkeypair -dname "CN=SDNC, OU=ONAP, O=ONAP, L=, S=, C=" -alias sdncKey -keyalg RSA -keysize 1024 -keystore $keyStoreFile -storepass adminadmin -storetype pkcs12
-fi
-
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py
new file mode 100644
index 0000000..35a1d4b
--- /dev/null
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py
@@ -0,0 +1,68 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+
+# coding=utf-8
+import os
+import httplib
+import base64
+import time
+
+username = os.environ['ODL_ADMIN_USERNAME']
+password = os.environ['ODL_ADMIN_PASSWORD']
+TIMEOUT=1000
+INTERVAL=30
+timePassed=0
+
+headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password),
+ 'X-FromAppId': 'csit-sdnc',
+ 'X-TransactionId': 'csit-sdnc',
+ 'Accept':"application/json",
+ 'Content-type':"application/json"}
+
+def makeHealthcheckCall(headers, timePassed):
+ connected = False
+ # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200
+ while timePassed < TIMEOUT:
+ try:
+ conn = httplib.HTTPConnection("localhost",8181)
+ req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers)
+ res = conn.getresponse()
+ res.read()
+ if res.status == 200:
+ print ("Healthcheck Passed in %d seconds." %timePassed)
+ connected = True
+ break
+ else:
+ print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
+ except:
+ print ("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
+ timePassed = timeIncrement(timePassed)
+
+ if timePassed > TIMEOUT:
+ print ("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT)
+ return connected
+
+
+def timeIncrement(timePassed):
+ time.sleep(INTERVAL)
+ timePassed = timePassed + INTERVAL
+ return timePassed
+
+makeHealthcheckCall(headers, timePassed)
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py
deleted file mode 100644
index 17ada4c..0000000
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py
+++ /dev/null
@@ -1,202 +0,0 @@
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-#
-
-
-# coding=utf-8
-import os
-import httplib
-import base64
-import time
-import zipfile
-import shutil
-
-Path = "/tmp"
-
-zipFileList = []
-
-username = os.environ['ODL_ADMIN_USERNAME']
-password = os.environ['ODL_ADMIN_PASSWORD']
-TIMEOUT=1000
-INTERVAL=30
-timePassed=0
-
-postKeystore= "/restconf/operations/netconf-keystore:add-keystore-entry"
-postPrivateKey= "/restconf/operations/netconf-keystore:add-private-key"
-postTrustedCertificate= "/restconf/operations/netconf-keystore:add-trusted-certificate"
-
-
-headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password),
- 'X-FromAppId': 'csit-sdnc',
- 'X-TransactionId': 'csit-sdnc',
- 'Accept':"application/json",
- 'Content-type':"application/json"}
-
-def readFile(folder, file):
- key = open(Path + "/" + folder + "/" + file, "r")
- fileRead = key.read()
- key.close()
- fileRead = "\n".join(fileRead.splitlines()[1:-1])
- return fileRead
-
-def readTrustedCertificate(folder, file):
- listCert = list()
- caPem = ""
- startCa = False
- key = open(Path + "/" + folder + "/" + file, "r")
- lines = key.readlines()
- for line in lines:
- if not "BEGIN CERTIFICATE" in line and not "END CERTIFICATE" in line and startCa:
- caPem += line
- elif "BEGIN CERTIFICATE" in line:
- startCa = True
- elif "END CERTIFICATE" in line:
- startCa = False
- listCert.append(caPem)
- caPem = ""
- return listCert
-
-def makeKeystoreKey(clientKey, count):
- odl_private_key="ODL_private_key_%d" %count
-
- json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \
- '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format(
- odl_private_key=odl_private_key,
- clientKey=clientKey)
-
- return json_keystore_key
-
-
-
-def makePrivateKey(clientKey, clientCrt, certList, count):
- caPem = ""
- for cert in certList:
- caPem += '\"%s\",' % cert
-
- caPem = caPem.rsplit(',', 1)[0]
- odl_private_key="ODL_private_key_%d" %count
-
- json_private_key='{{\"input\": {{ \"private-key\":{{\"name\": \"{odl_private_key}\", \"data\" : ' \
- '\"{clientKey}\",\"certificate-chain\":[\"{clientCrt}\",{caPem}]}}}}}}'.format(
- odl_private_key=odl_private_key,
- clientKey=clientKey,
- clientCrt=clientCrt,
- caPem=caPem)
-
- return json_private_key
-
-def makeTrustedCertificate(certList, count):
- number = 0
- json_cert_format = ""
- for cert in certList:
- cert_name = "xNF_CA_certificate_%d_%d" %(count, number)
- json_cert_format += '{{\"name\": \"{trusted_name}\",\"certificate\":\"{cert}\"}},\n'.format(
- trusted_name=cert_name,
- cert=cert.strip())
- number += 1
-
- json_cert_format = json_cert_format.rsplit(',', 1)[0]
- json_trusted_cert='{{\"input\": {{ \"trusted-certificate\": [{certificates}]}}}}'.format(
- certificates=json_cert_format)
- return json_trusted_cert
-
-
-def makeRestconfPost(conn, json_file, apiCall):
- req = conn.request("POST", apiCall, json_file, headers=headers)
- res = conn.getresponse()
- res.read()
- if res.status != 200:
- print "Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason)
- else:
- print res.status, res.reason
-
-def extractZipFiles(zipFileList, count):
- for zipFolder in zipFileList:
- with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
- zip_ref.extractall(Path)
- folder = zipFolder.rsplit(".")[0]
- processFiles(folder, count)
-
-def processFiles(folder, count):
- conn = httplib.HTTPConnection("localhost",8181)
- for file in os.listdir(Path + "/" + folder):
- if os.path.isfile(Path + "/" + folder + "/" + file.strip()):
- if ".key" in file:
- clientKey = readFile(folder, file.strip())
- elif "trustedCertificate" in file:
- certList = readTrustedCertificate(folder, file.strip())
- elif ".crt" in file:
- clientCrt = readFile(folder, file.strip())
- else:
- print "Could not find file %s" % file.strip()
- shutil.rmtree(Path + "/" + folder)
- json_keystore_key = makeKeystoreKey(clientKey, count)
- json_private_key = makePrivateKey(clientKey, clientCrt, certList, count)
- json_trusted_cert = makeTrustedCertificate(certList, count)
-
- makeRestconfPost(conn, json_keystore_key, postKeystore)
- makeRestconfPost(conn, json_private_key, postPrivateKey)
- makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate)
-
-def makeHealthcheckCall(headers, timePassed):
- connected = False
- # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200
- while timePassed < TIMEOUT:
- try:
- conn = httplib.HTTPConnection("localhost",8181)
- req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers)
- res = conn.getresponse()
- res.read()
- if res.status == 200:
- print ("Healthcheck Passed in %d seconds." %timePassed)
- connected = True
- break
- else:
- print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
- except:
- print ("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
- timePassed = timeIncrement(timePassed)
-
- if timePassed > TIMEOUT:
- print ("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT)
- return connected
-
-
-def timeIncrement(timePassed):
- time.sleep(INTERVAL)
- timePassed = timePassed + INTERVAL
- return timePassed
-
-def readCertProperties():
- connected = makeHealthcheckCall(headers, timePassed)
-
- if connected:
- count = 0
- if os.path.isfile(Path + "/certs.properties"):
- with open(Path + "/certs.properties", "r") as f:
- for line in f:
- if not "*****" in line:
- zipFileList.append(line)
- else:
- extractZipFiles(zipFileList, count)
- count += 1
- del zipFileList[:]
- else:
- print "Error: File not found in path entered"
-
-readCertProperties()
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
index 1b8f519..78d3ea3 100755
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
@@ -53,8 +53,6 @@
then
echo "Installing SDNC-A1 database"
${SDNC_HOME}/bin/installSdncDb.sh
- echo "Installing SDNC-A1 keyStore"
- ${SDNC_HOME}/bin/addSdncKeyStore.sh
if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ]
then
@@ -63,8 +61,6 @@
fi
fi
-cp /opt/opendaylight/current/certs/* /tmp
-
-nohup python ${SDNC_BIN}/installCerts.py &
+nohup python ${SDNC_BIN}/healthcheck.py &
exec ${ODL_HOME}/bin/karaf server
diff --git a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props b/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props
deleted file mode 100644
index 8898383..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props
+++ /dev/null
@@ -1,17 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# by ubuntu
-# on 2019-04-26T17:48:02.614+0000
-# @copyright 2019, AT&T
-############################################################
-Challenge=enc:YLFZL0xwmf-22zzHjNwMDus4xQhhjOO_HERh0LisPjGFMODJtM77jjh7EctH-Pme
-cadi_alias=sdnc@sdnc.onap.org
-cadi_key_password=enc:fbgVR_kMh7wuaEfm16VlW84HJR_yiob_CUf3oDXSE0K2yPlp0t55xT335GMh8ZSv
-cadi_keyfile=/opt/sdnc/data/stores/org.onap.sdnc.keyfile
-cadi_keystore=/opt/sdnc/data/stores/org.onap.sdnc.p12
-cadi_keystore_password=enc:xAl_o-JBdI86B4pDUNyrY9IauP54ecsXLUZYl_9p9R4Roybcnppqwwkdp_wJq1Ir
-cadi_keystore_password_jks=enc:Qf5-2ZRKRMYBwvO14qENypmu4A1HNjkdu_KkM0N5i7v7QjC_GmshNrYmmeWLQWIr
-cadi_keystore_password_p12=enc:xAl_o-JBdI86B4pDUNyrY9IauP54ecsXLUZYl_9p9R4Roybcnppqwwkdp_wJq1Ir
-cadi_truststore=/opt/sdnc/data/stores/org.onap.sdnc.trust.jks
-cadi_truststore_password=enc:U-tuJC67-g5WkC4o8aYf-zqxfB-u2ep3NcB9CZt3VfGCP_NhTWFYVx8mCL3S-jhU
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props b/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props
deleted file mode 100644
index 5b96b90..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props
+++ /dev/null
@@ -1,15 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# by root
-# on 2019-02-15T20:08:07.125+0000
-# @copyright 2016, AT&T
-############################################################
-aaf_id=sdnc@sdnc.onap.org
-aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
-cadi_etc_dir=/opt/sdnc/data/stores
-cadi_latitude=38.432899
-cadi_longitude=-90.43248
-cadi_prop_files=/opt/sdnc/data/properties/org.onap.sdnc.cred.props
-cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
-cadi_bath_convert=/opt/sdnc/data/properties/bath_config.csv
diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12 b/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12
deleted file mode 100644
index 8fb4e2c..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12
+++ /dev/null
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile
deleted file mode 100644
index 4bbb0ab..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-ssTXV3XxGHmaZ_tDK60bUUwJMidA6-cMQbn8EVO1HWhwTS3vhftirZkfE-Ymv0xkhB82LT05cTjv
-MnM6E_OU8ZzQtNCb0XTTsOU-xTExWuIJzgfTKDanH14OB83r-pM0Q1z3iOjgIZyKNn7Qtl-7FyJu
-Fr6bmPKFMMSDROwH347eYBpunVPIa1X0NNqJcHDQsWFhW0bgsfRMnP3XZNltqbuAFZocYsY3Tk5N
-Iz52WXz6-nSWYBO0sPuBUZmkck1zKZ9PMn2SAPYx1V3i1-kOBLE6AHj-ad7e_dnJjdSTrjhG5z81
-QtmwAevh2ROCdNXTeyurrGXaLrMluE9csSVIp0YCCuhUCX02oDQBqIY5IDIQtAIXS8_i2bJWwmMv
-tZOTavGZH1_nwyQQ60lWF8w0GtL1m-s1SVH5v8VunYrjdnwFsrwUkKWfmz70OWFy6RwRis4IL434
-ln0RY48K-E_93jw3pbV4vZFTo8-RO59DGr_0pZf7ZhDSNrdy8sMpaSeHjjrVMfD5TI-JWDdzaKhi
-edKGZN_MZLfgPKwXTfXLDQKxowLUoDpEKfAj_KSOAdTCB2piala6Ht3FM5zfXFY7PnYgDho1fe2j
-nSWQhN6BqMr4LVKCLVonIiiAgyEetseUnW5_FCcFJALhfEKG4CHI0TvbRZ9IG7SwEFBovrk3RkBv
--UHxqqUAi9W3Zdm6wmYtSsUaT-lmMomJxHigWn9vCJ6fO0r_KSoGo-u8idP8P989hNdLqKx6sVWa
-en-Kyf0YUvYUk6TblucGVG0UYpjqMAr64tA2_a595QWriVRsxFWTZXBiXWUrOtbXxYZ6vn4jLomF
-KWAOu7ot-SQa9zAAAgIme5VB3I2h9s0mUOsQd-T1fJq_CdAGzyqXmBwt8TO4G8iQCMUtOptxJ220
-dq_unPUWJylDuU_9fTY95PLSIGfTCwOedOJb5A9IvyN_mahSPZqYH3a0P6gOgHPxQfTrUid31u7a
-BqsQdKKMoWCT7ZdX-ja95f3Z3PzHxhlI2dr1nCRBkN89GLyIK70dVN2QTVVWV5B4hLoyrON6QVwy
-1csZ1X6UGO-4YOX3_GUacJSnCenZzJFbn3moCkZ-QfpwU7Cqq2I7DEa8bDKz1sdeNtycOxiQnmnA
-AnVdXfOavctGcpA6tWyj-WAkZvV6yedt6Kb4BPL5_qDsCNa0r1wYNaQqzH1bYQnJu0aVjspTzlj4
-2ik_2i9t36Avoqj_g3e8fvwmF0r__yPpF2oULa4LcIQ8Cs3U9Oq3BmxlNXlEj7dyNOTIlJLcvrzX
-Js_5iv5rA_rIWY7YpOc-UCVrZw3yb8Ih-XI4tNuUn3qE7tHHQclWrrYRVM2Jt_u-73WYqL-iCvwQ
-BU5soWkSK5TwgR1BHfDs5-yNh1MRnr9RbNd8x_p3ohQrFtepgBHodTl98er9XANCy-HycLZhDP3D
-TUQdWVKxAwDFVBB-p6itYB9oVvkQtSosLQUYcAjbMTrFz4zqOj0CHMvquE-Wbznkayo5ZdvKoPXk
-loNtiG4qPx3UXpvfHElps-vPi8y1TlcmwqWEOn2vxKd5IIk2fglHXM9tv2m86XRgvTjppSs1V7NS
-Uoz_C_bW8zH5D-Twmq2DGHxuKbpUpqe0FDFXxoQezGCVhN6bzp-44CBkz9I9QeNVkm3XFu8s2fDn
-PeP2B_hGxkLhJHAJ28_3zZex818zqvFW-flWY43w6Cke8qWns3gxdyvXLUTluoidkFdTEvMBPIos
-itOB1MsLxsZNdAZtn3vxANPm7dTf8YIAJdMYH6yL9G83PxgKZ8uhoIZIsbrV2UWOJMLH8agctEZI
-pFqCipM8RZwuZwq7JmTYPyIjUDVTvAmiLJbG127T9eAfrZa2TYDWaE469v9f-7MdTD4_PK2JSogD
-8dg30EruD1VwQq03M98hL9EQsRNwAZ4MAshE2Kp3jQje2A-ZxGtMKNiw6DV0j3BM42FBitpV-Ley
-UaqWwELwDh7-BFmUeCu_RSP4XwrTUcOV725yIYcGkk06wLahMf2UvFzYS3PAmZLrs4fvLMK5
\ No newline at end of file
diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12 b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12
deleted file mode 100644
index 079ee67..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12
+++ /dev/null
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks
deleted file mode 100644
index e1f2e57..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks
+++ /dev/null
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks b/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks
deleted file mode 100755
index 28afd8f..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks
+++ /dev/null
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks b/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks
deleted file mode 100644
index 6c854b4..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks
+++ /dev/null
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
index acf15a1..7051351 100644
--- a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
+++ b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
@@ -47,6 +47,7 @@
entrypoint: ["/opt/onap/sdnc/bin/startODL.sh"]
ports:
- "8282:8181"
+ - "8383:8443"
links:
- db:dbhost
- db:sdnctldb01