Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# ============LICENSE_START======================================================= 

2# org.onap.dcae 

3# ================================================================================ 

4# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. 

5# Copyright (c) 2019 Pantheon.tech. All rights reserved. 

6# Copyright (c) 2020 Nokia. All rights reserved. 

7# ================================================================================ 

8# Licensed under the Apache License, Version 2.0 (the "License"); 

9# you may not use this file except in compliance with the License. 

10# You may obtain a copy of the License at 

11# 

12# http://www.apache.org/licenses/LICENSE-2.0 

13# 

14# Unless required by applicable law or agreed to in writing, software 

15# distributed under the License is distributed on an "AS IS" BASIS, 

16# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

17# See the License for the specific language governing permissions and 

18# limitations under the License. 

19# ============LICENSE_END========================================================= 

20 

21_CONFIG_PATH = "/opt/onap/config.txt" # Path to config file on the Cloudify Manager host 

22_CONSUL_KEY = "k8s-plugin" # Key under which CM configuration is stored in Consul 

23 

24# Default configuration values 

25DCAE_NAMESPACE = "dcae" 

26CONSUL_DNS_NAME = "consul" 

27DEFAULT_K8S_LOCATION = "central" 

28DEFAULT_MAX_WAIT = 1800 

29 

30FB_LOG_PATH = "/var/log/onap" 

31FB_DATA_PATH = "/usr/share/filebeat/data" 

32FB_CONFIG_PATH = "/usr/share/filebeat/filebeat.yml" 

33FB_CONFIG_SUBPATH = "filebeat.yml" 

34FB_CONFIG_MAP = "filebeat-conf" 

35FB_IMAGE = "docker.elastic.co/beats/filebeat:5.5.0" 

36 

37TLS_CERT_PATH = "/opt/app/osaaf" 

38TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0" 

39TLS_COMP_CERT_PATH = "/opt/dcae/cacert" 

40TLS_CA_CONFIGMAP = "dcae-cacert-configmap" 

41 

42EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0" 

43EXT_TLS_REQUEST_URL = "https://aaf-cert-service:8443/v1/certificate/" 

44EXT_TLS_TIMEOUT = "30000" 

45EXT_TLS_COUNTRY = "US" 

46EXT_TLS_ORGANIZATION = "Linux-Foundation" 

47EXT_TLS_STATE = "California" 

48EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP" 

49EXT_TLS_LOCATION = "San-Francisco" 

50EXT_TLS_KEYSTORE_PASSWORD = "secret" 

51EXT_TLS_TRUSTSTORE_PASSWORD = "secret" 

52 

53CBS_BASE_URL = "https://config-binding-service:10443/service_component_all" 

54 

55def _set_defaults(): 

56 """ Set default configuration parameters """ 

57 return { 

58 "namespace" : DCAE_NAMESPACE, # k8s namespace to use for DCAE 

59 "consul_dns_name" : CONSUL_DNS_NAME, # k8s internal DNS name for Consul 

60 "default_k8s_location" : DEFAULT_K8S_LOCATION, # default k8s location to deploy components 

61 "image_pull_secrets" : [], # list of k8s secrets for accessing Docker registries 

62 "max_wait": DEFAULT_MAX_WAIT, # Default maximum time to wait for component to become healthy (secs) 

63 "filebeat": { # Configuration for setting up filebeat container 

64 "log_path" : FB_LOG_PATH, # mount point for log volume in filebeat container 

65 "data_path" : FB_DATA_PATH, # mount point for data volume in filebeat container 

66 "config_path" : FB_CONFIG_PATH, # mount point for config volume in filebeat container 

67 "config_subpath" : FB_CONFIG_SUBPATH, # subpath for config data in filebeat container 

68 "config_map" : FB_CONFIG_MAP, # ConfigMap holding the filebeat configuration 

69 "image": FB_IMAGE # Docker image to use for filebeat 

70 }, 

71 "tls": { # Configuration for setting up TLS 

72 "cert_path" : TLS_CERT_PATH, # mount point for certificate volume in TLS init container 

73 "image": TLS_IMAGE, # Docker image to use for TLS init container 

74 "component_cert_dir": TLS_COMP_CERT_PATH # default mount point for certificate volume in component container 

75 }, 

76 "external_cert": { 

77 "image_tag": EXT_TLS_IMAGE, # Docker image to use for external TLS init container 

78 "request_url" : EXT_TLS_REQUEST_URL, # URL to Cert Service API 

79 "timeout" : EXT_TLS_TIMEOUT, # Request timeout 

80 "country" : EXT_TLS_COUNTRY, # Country name in ISO 3166-1 alpha-2 format, for which certificate will be created 

81 "organization" : EXT_TLS_ORGANIZATION, # Organization name, for which certificate will be created 

82 "state" : EXT_TLS_STATE, # State name, for which certificate will be created 

83 "organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT, # Organizational unit name, for which certificate will be created 

84 "location" : EXT_TLS_LOCATION, # Location name, for which certificate will be created 

85 "keystore_password" : EXT_TLS_KEYSTORE_PASSWORD, # Password to keystore file 

86 "truststore_password" : EXT_TLS_TRUSTSTORE_PASSWORD # Password to truststore file 

87 }, 

88 "cbs": { 

89 "base_url" : CBS_BASE_URL # URL prefix for accessing config binding service 

90 } 

91 

92 } 

93 

94def configure(config_path=_CONFIG_PATH, key = _CONSUL_KEY): 

95 """ 

96 Get configuration information from local file and Consul. 

97 Note that the Cloudify context ("ctx") isn't available at 

98 module load time. 

99 """ 

100 

101 from cloudify.exceptions import NonRecoverableError 

102 try: 

103 import configparser 

104 except ImportError: 

105 import ConfigParser as configparser 

106 from k8splugin import discovery 

107 config = _set_defaults() 

108 

109 try: 

110 # Get Consul address from a config file 

111 c = configparser.ConfigParser() 

112 c.read(config_path) 

113 config["consul_host"] = c.get('consul','address') 

114 

115 # Get the rest of the config from Consul 

116 conn = discovery.create_kv_conn(config["consul_host"]) 

117 val = discovery.get_kv_value(conn, key) 

118 

119 # Merge Consul results into the config 

120 config.update(val) 

121 

122 except discovery.DiscoveryKVEntryNotFoundError as e: 

123 # Don't reraise error, assume defaults are wanted. 

124 pass 

125 

126 except Exception as e: 

127 raise NonRecoverableError(e) 

128 

129 return config