Handling Credentials

To prevent clear text credentials in property files and at the same time use docker secrets to push those data into the container we decided to use the option with environment variable. Therefore we establish the possibility to set a property value in the config files as a env var, e.g.

[es]
esHosts=http://sdnrdb:9200
esArchiveLifetimeSeconds=2592001
esCluster=
esArchiveCheckIntervalSeconds=0
esNode=elasticsearchnode
esAuthUsername=${ESUSER}
esAuthPassword=${ESPASSWD}

or

[dcae]
dcaeUserCredentials=${DCAEUSER}:${DCAEPASSWD}
dcaeUrl=off
dcaeHeartbeatPeriodSeconds=120
dcaeTestCollector=no

These values will stay in the config and won't be replaced with its values. 


Overview

cluster sidefeatureconfig paramtersdescription
web serviceHelpserver-
odlux

-





devicemanager





WebsocketManager-
APIGateway

DBConfig

  • url(s) (multiple possible)
  • credentials
needed for mediatorserver entries/ mediatorserver request forwarding

RestConfig

  • url
  • credentials
for forwarding RESTCONF-Request to devicemanager cluster

AAIConfig:

  • BaseUrl
  • additionHeaders
showing some infos of AAI in GUI
DataProvider

DBConfig

  • url(s) (multiple possible)
  • credentials
  • esArchiveLimit=2592000 [in seconds]
  • esArchiveFolder=./backup

reading and writing db entries pushed by the GUI / backend


devicemanager-X

NotifyConfig:

  •  url
  •  credentials
forwarding netconf notifications to websocketmanager RPC to broadcast them to the GUI

AAIConfig

  • aaiHeaders=["X-TransactionId: 9999"]
  • aaiUrl=http://localhost:81
  • aaiUserCredentials=AAI:AAI
  • aaiDeleteOnMountpointRemove=false
  • aaiTrustAllCerts=false
  • aaiApiVersion=aai/v13
  • aaiPropertiesFile=aaiclient.properties
  • aaiApplicationId=SDNR
  • aaiPcks12ClientCertFile=/opt/logs/externals/data/stores/keystore.client.p12
  • aaiPcks12ClientCertPassphrase=adminadmin
  • aaiClientConnectionTimeout=30000

PMConfig

  • enabled
collect historical performance data

DCAEConfig

  • dcaeUserCredentials=admin:admin
  • dcaeUrl=off
  • dcaeHeartbeatPeriodSeconds=120
  • dcaeTestCollector=no

AAFConfig?
mountpoint-state-provider

DMaaPConfig

dmaapEnabled=true
TransportType=HTTPNOAUTH
host=172.18.0.6:3904
topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO
contenttype=application/json
timeout=20000
limit=10000
maxBatchSize=100
maxAgeMs=250
MessageSentThreadOccurance=50

to provide base mountpoint information to dmaap
mountpoint-registrar

RestConfig

  • url
  • credentials

Ex: 

baseUrl=http://localhost:8181
sdnrUser=admin
sdnrPasswd=admin

for creating new mountpoints pushed by DMaaP Messages

DMaaPConfig

  • TransportType=HTTPNOAUTH
  • host=172.18.0.6:3904
  • topic=unauthenticated.VES_PNFREG_OUTPUT
  • contenttype =application/json
  • group=myG
  • id=C1
  • timeout=20000
  • limit=10000

getting access to DMaaP Message Bus looking for VES-Messages. The default TransportType used is HTTPNOAUTH. For other TransportTypes such as DME2, HTTP, AUTH_KEY, please see below - 

TransportType=HTTP

host

topic

contenttype

username

password

group

id

timeout

limit

TransportType=DME2

ServiceName

topic

username

password

DME2preferredRouterFilePath

Partner || routeOffer

Protocol

MethodType

contenttype

Latitude

Longitude

AFT_ENVIRONMENT

Version

Environment

SubContextPath

sessionstickinessrequired

group

id

timeout

limit

TransportType=AUTHKEY

host

topic

contenttype

username

password

authKey

authDate

group

id

timeout

limit

Database


  • No labels