Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# ============LICENSE_START======================================================= 

2# org.onap.dcae 

3# ================================================================================ 

4# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. 

5# Copyright (c) 2019 Pantheon.tech. All rights reserved. 

6# Copyright (c) 2020-2021 Nokia. All rights reserved. 

7# ================================================================================ 

8# Licensed under the Apache License, Version 2.0 (the "License"); 

9# you may not use this file except in compliance with the License. 

10# You may obtain a copy of the License at 

11# 

12# http://www.apache.org/licenses/LICENSE-2.0 

13# 

14# Unless required by applicable law or agreed to in writing, software 

15# distributed under the License is distributed on an "AS IS" BASIS, 

16# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

17# See the License for the specific language governing permissions and 

18# limitations under the License. 

19# ============LICENSE_END========================================================= 

20 

21_CONFIG_PATH = "/opt/onap/config.txt" # Path to config file on the Cloudify Manager host 

22_CONSUL_KEY = "k8s-plugin" # Key under which CM configuration is stored in Consul 

23 

24# Default configuration values 

25DCAE_NAMESPACE = "dcae" 

26CONSUL_DNS_NAME = "consul" 

27DEFAULT_K8S_LOCATION = "central" 

28DEFAULT_MAX_WAIT = 1800 

29 

30FB_LOG_PATH = "/var/log/onap" 

31FB_DATA_PATH = "/usr/share/filebeat/data" 

32FB_CONFIG_PATH = "/usr/share/filebeat/filebeat.yml" 

33FB_CONFIG_SUBPATH = "filebeat.yml" 

34FB_CONFIG_MAP = "filebeat-conf" 

35FB_IMAGE = "docker.elastic.co/beats/filebeat:5.5.0" 

36 

37TLS_CERT_PATH = "/opt/app/osaaf" 

38TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0" 

39TLS_COMP_CERT_PATH = "/opt/dcae/cacert" 

40TLS_CA_CONFIGMAP = "dcae-cacert-configmap" 

41 

42EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0" 

43EXT_TLS_REQUEST_URL = "https://oom-cert-service:8443/v1/certificate/" 

44EXT_TLS_TIMEOUT = "30000" 

45EXT_TLS_COUNTRY = "US" 

46EXT_TLS_ORGANIZATION = "Linux-Foundation" 

47EXT_TLS_STATE = "California" 

48EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP" 

49EXT_TLS_LOCATION = "San-Francisco" 

50EXT_TLS_CERT_SECRET_NAME = "oom-cert-service-client-tls-secret" 

51EXT_TLS_KEYSTORE_PASSWORD = "secret" 

52EXT_TLS_TRUSTSTORE_PASSWORD = "secret" 

53 

54CERT_POST_PROCESSOR_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0" 

55CBS_BASE_URL = "https://config-binding-service:10443/service_component_all" 

56 

57CMPV2_ISSUER_ENABLED = "false" 

58CMPV2_ISSUER_NAME = "cmpv2-issuer-onap" 

59 

60def _set_defaults(): 

61 """ Set default configuration parameters """ 

62 return { 

63 "namespace" : DCAE_NAMESPACE, # k8s namespace to use for DCAE 

64 "consul_dns_name" : CONSUL_DNS_NAME, # k8s internal DNS name for Consul 

65 "default_k8s_location" : DEFAULT_K8S_LOCATION, # default k8s location to deploy components 

66 "image_pull_secrets" : [], # list of k8s secrets for accessing Docker registries 

67 "max_wait": DEFAULT_MAX_WAIT, # Default maximum time to wait for component to become healthy (secs) 

68 "filebeat": { # Configuration for setting up filebeat container 

69 "log_path" : FB_LOG_PATH, # mount point for log volume in filebeat container 

70 "data_path" : FB_DATA_PATH, # mount point for data volume in filebeat container 

71 "config_path" : FB_CONFIG_PATH, # mount point for config volume in filebeat container 

72 "config_subpath" : FB_CONFIG_SUBPATH, # subpath for config data in filebeat container 

73 "config_map" : FB_CONFIG_MAP, # ConfigMap holding the filebeat configuration 

74 "image": FB_IMAGE # Docker image to use for filebeat 

75 }, 

76 "tls": { # Configuration for setting up TLS 

77 "cert_path" : TLS_CERT_PATH, # mount point for certificate volume in TLS init container 

78 "image": TLS_IMAGE, # Docker image to use for TLS init container 

79 "component_cert_dir": TLS_COMP_CERT_PATH # default mount point for certificate volume in component container 

80 }, 

81 "external_cert": { 

82 "image_tag": EXT_TLS_IMAGE, # Docker image to use for external TLS init container 

83 "request_url" : EXT_TLS_REQUEST_URL, # URL to Cert Service API 

84 "timeout" : EXT_TLS_TIMEOUT, # Request timeout 

85 "country" : EXT_TLS_COUNTRY, # Country name in ISO 3166-1 alpha-2 format, for which certificate will be created 

86 "organization" : EXT_TLS_ORGANIZATION, # Organization name, for which certificate will be created 

87 "state" : EXT_TLS_STATE, # State name, for which certificate will be created 

88 "organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT, # Organizational unit name, for which certificate will be created 

89 "location" : EXT_TLS_LOCATION, # Location name, for which certificate will be created 

90 "cert_secret_name": EXT_TLS_CERT_SECRET_NAME, # Name of secret containing keystore and truststore for secure communication of Cert Service Client and Cert Service 

91 "keystore_password" : EXT_TLS_KEYSTORE_PASSWORD, # Password to keystore file 

92 "truststore_password" : EXT_TLS_TRUSTSTORE_PASSWORD # Password to truststore file 

93 }, 

94 "cert_post_processor": { 

95 "image_tag": CERT_POST_PROCESSOR_IMAGE # Docker image to use for cert post processor init container 

96 }, 

97 "cbs": { 

98 "base_url" : CBS_BASE_URL # URL prefix for accessing config binding service 

99 }, 

100 "cmpv2_issuer": { 

101 "enabled": CMPV2_ISSUER_ENABLED, 

102 "name": CMPV2_ISSUER_NAME 

103 } 

104 } 

105 

106def configure(config_path=_CONFIG_PATH, key = _CONSUL_KEY): 

107 """ 

108 Get configuration information from local file and Consul. 

109 Note that the Cloudify context ("ctx") isn't available at 

110 module load time. 

111 """ 

112 

113 from cloudify.exceptions import NonRecoverableError 

114 try: 

115 import configparser 

116 except ImportError: 

117 import ConfigParser as configparser 

118 from k8splugin import discovery 

119 config = _set_defaults() 

120 

121 try: 

122 # Get Consul address from a config file 

123 c = configparser.ConfigParser() 

124 c.read(config_path) 

125 config["consul_host"] = c.get('consul','address') 

126 

127 # Get the rest of the config from Consul 

128 conn = discovery.create_kv_conn(config["consul_host"]) 

129 val = discovery.get_kv_value(conn, key) 

130 

131 # Merge Consul results into the config 

132 config.update(val) 

133 

134 except discovery.DiscoveryKVEntryNotFoundError as e: 

135 # Don't reraise error, assume defaults are wanted. 

136 pass 

137 

138 except Exception as e: 

139 raise NonRecoverableError(e) 

140 

141 return config