Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# ============LICENSE_START======================================================= 

2# org.onap.dcae 

3# ================================================================================ 

4# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. 

5# Copyright (c) 2019 Pantheon.tech. All rights reserved. 

6# Copyright (c) 2020-2021 Nokia. All rights reserved. 

7# ================================================================================ 

8# Licensed under the Apache License, Version 2.0 (the "License"); 

9# you may not use this file except in compliance with the License. 

10# You may obtain a copy of the License at 

11# 

12# http://www.apache.org/licenses/LICENSE-2.0 

13# 

14# Unless required by applicable law or agreed to in writing, software 

15# distributed under the License is distributed on an "AS IS" BASIS, 

16# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

17# See the License for the specific language governing permissions and 

18# limitations under the License. 

19# ============LICENSE_END========================================================= 

20 

21_CONFIG_PATH = "/opt/onap/config.txt" # Path to config file on the Cloudify Manager host 

22_CONSUL_KEY = "k8s-plugin" # Key under which CM configuration is stored in Consul 

23 

24# Default configuration values 

25DCAE_NAMESPACE = "dcae" 

26CONSUL_DNS_NAME = "consul" 

27DEFAULT_K8S_LOCATION = "central" 

28DEFAULT_MAX_WAIT = 1800 

29 

30FB_LOG_PATH = "/var/log/onap" 

31FB_DATA_PATH = "/usr/share/filebeat/data" 

32FB_CONFIG_PATH = "/usr/share/filebeat/filebeat.yml" 

33FB_CONFIG_SUBPATH = "filebeat.yml" 

34FB_CONFIG_MAP = "filebeat-conf" 

35FB_IMAGE = "docker.elastic.co/beats/filebeat:5.5.0" 

36 

37TLS_CERT_PATH = "/opt/app/osaaf" 

38TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0" 

39TLS_COMP_CERT_PATH = "/opt/dcae/cacert" 

40TLS_CA_CONFIGMAP = "dcae-cacert-configmap" 

41 

42EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0" 

43EXT_TLS_REQUEST_URL = "https://oom-cert-service:8443/v1/certificate/" 

44EXT_TLS_TIMEOUT = "30000" 

45EXT_TLS_COUNTRY = "US" 

46EXT_TLS_ORGANIZATION = "Linux-Foundation" 

47EXT_TLS_STATE = "California" 

48EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP" 

49EXT_TLS_LOCATION = "San-Francisco" 

50EXT_TLS_CERT_SECRET_NAME = "oom-cert-service-client-tls-secret" 

51EXT_TLS_KEYSTORE_PASSWORD_SECRET_NAME = "oom-cert-service-keystore-password" 

52EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_NAME = "oom-cert-service-truststore-password" 

53EXT_TLS_KEYSTORE_SECRET_KEY = "keystore.jks" 

54EXT_TLS_TRUSTSTORE_SECRET_KEY = "truststore.jks" 

55EXT_TLS_KEYSTORE_PASSWORD_SECRET_KEY = "password" 

56EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_KEY = "password" 

57 

58CERT_POST_PROCESSOR_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0" 

59CBS_BASE_URL = "https://config-binding-service:10443/service_component_all" 

60 

61CMPV2_ISSUER_ENABLED = "false" 

62CMPV2_ISSUER_NAME = "cmpv2-issuer-onap" 

63 

64def _set_defaults(): 

65 """ Set default configuration parameters """ 

66 return { 

67 "namespace" : DCAE_NAMESPACE, # k8s namespace to use for DCAE 

68 "consul_dns_name" : CONSUL_DNS_NAME, # k8s internal DNS name for Consul 

69 "default_k8s_location" : DEFAULT_K8S_LOCATION, # default k8s location to deploy components 

70 "image_pull_secrets" : [], # list of k8s secrets for accessing Docker registries 

71 "max_wait": DEFAULT_MAX_WAIT, # Default maximum time to wait for component to become healthy (secs) 

72 "filebeat": { # Configuration for setting up filebeat container 

73 "log_path" : FB_LOG_PATH, # mount point for log volume in filebeat container 

74 "data_path" : FB_DATA_PATH, # mount point for data volume in filebeat container 

75 "config_path" : FB_CONFIG_PATH, # mount point for config volume in filebeat container 

76 "config_subpath" : FB_CONFIG_SUBPATH, # subpath for config data in filebeat container 

77 "config_map" : FB_CONFIG_MAP, # ConfigMap holding the filebeat configuration 

78 "image": FB_IMAGE # Docker image to use for filebeat 

79 }, 

80 "tls": { # Configuration for setting up TLS 

81 "cert_path" : TLS_CERT_PATH, # mount point for certificate volume in TLS init container 

82 "image": TLS_IMAGE, # Docker image to use for TLS init container 

83 "component_cert_dir": TLS_COMP_CERT_PATH # default mount point for certificate volume in component container 

84 }, 

85 "external_cert": { 

86 "image_tag": EXT_TLS_IMAGE, # Docker image to use for external TLS init container 

87 "request_url" : EXT_TLS_REQUEST_URL, # URL to Cert Service API 

88 "timeout" : EXT_TLS_TIMEOUT, # Request timeout 

89 "country" : EXT_TLS_COUNTRY, # Country name in ISO 3166-1 alpha-2 format, for which certificate will be created 

90 "organization" : EXT_TLS_ORGANIZATION, # Organization name, for which certificate will be created 

91 "state" : EXT_TLS_STATE, # State name, for which certificate will be created 

92 "organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT, # Organizational unit name, for which certificate will be created 

93 "location" : EXT_TLS_LOCATION, # Location name, for which certificate will be created 

94 "cert_secret_name": EXT_TLS_CERT_SECRET_NAME, # Name of secret containing keystore and truststore for secure communication of Cert Service Client and Cert Service 

95 "keystore_secret_key" : EXT_TLS_KEYSTORE_SECRET_KEY, # Key for keystore value exists in secret (cert_secret_name) 

96 "truststore_secret_key" : EXT_TLS_TRUSTSTORE_SECRET_KEY, # Key for truststore value exists in secret (cert_secret_name) 

97 "keystore_password_secret_name": EXT_TLS_KEYSTORE_PASSWORD_SECRET_NAME, # Name of secret containing password for keystore for secure communication of Cert Service Client and Cert Service 

98 "truststore_password_secret_name": EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_NAME, # Name of secret containing password for truststore for secure communication of Cert Service Client and Cert Service 

99 "keystore_password_secret_key" : EXT_TLS_KEYSTORE_PASSWORD_SECRET_KEY, # Key for keystore password value exists in secret (keystore_password_secret_name) 

100 "truststore_password_secret_key" : EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_KEY # Key for truststore password value exists in secret (truststore_password_secret_name) 

101 

102 }, 

103 "cert_post_processor": { 

104 "image_tag": CERT_POST_PROCESSOR_IMAGE # Docker image to use for cert post processor init container 

105 }, 

106 "cbs": { 

107 "base_url" : CBS_BASE_URL # URL prefix for accessing config binding service 

108 }, 

109 "cmpv2_issuer": { 

110 "enabled": CMPV2_ISSUER_ENABLED, 

111 "name": CMPV2_ISSUER_NAME 

112 } 

113 } 

114 

115def configure(config_path=_CONFIG_PATH, key = _CONSUL_KEY): 

116 """ 

117 Get configuration information from local file and Consul. 

118 Note that the Cloudify context ("ctx") isn't available at 

119 module load time. 

120 """ 

121 

122 from cloudify.exceptions import NonRecoverableError 

123 try: 

124 import configparser 

125 except ImportError: 

126 import ConfigParser as configparser 

127 from k8splugin import discovery 

128 config = _set_defaults() 

129 

130 try: 

131 # Get Consul address from a config file 

132 c = configparser.ConfigParser() 

133 c.read(config_path) 

134 config["consul_host"] = c.get('consul','address') 

135 

136 # Get the rest of the config from Consul 

137 conn = discovery.create_kv_conn(config["consul_host"]) 

138 val = discovery.get_kv_value(conn, key) 

139 

140 # Merge Consul results into the config 

141 config.update(val) 

142 

143 except discovery.DiscoveryKVEntryNotFoundError as e: 

144 # Don't reraise error, assume defaults are wanted. 

145 pass 

146 

147 except Exception as e: 

148 raise NonRecoverableError(e) 

149 

150 return config