Handling Credentials
To prevent clear text credentials in property files and at the same time use docker secrets to push those data into the container we decided to use the option with environment variable. Therefore we establish the possibility to set a property value in the config files as a env var, e.g.
Code Block |
---|
[es]
esHosts=http://sdnrdb:9200
esArchiveLifetimeSeconds=2592001
esCluster=
esArchiveCheckIntervalSeconds=0
esNode=elasticsearchnode
esAuthUsername=${ESUSER}
esAuthPassword=${ESPASSWD} |
or
Code Block |
---|
[dcae]
dcaeUserCredentials=${DCAEUSER}:${DCAEPASSWD}
dcaeUrl=off
dcaeHeartbeatPeriodSeconds=120
dcaeTestCollector=no |
These values will stay in the config and won't be replaced with its values.
Overview
cluster side | feature | config paramters | description |
---|
web service | Helpserver | - |
|
odlux | - |
|
|
|
|
devicemanager
| WebsocketManager | - |
|
APIGateway | DBConfig - url(s) (multiple possible)
- credentials
| needed for mediatorserver entries/ mediatorserver request forwarding |
RestConfig | for forwarding RESTCONF-Request to devicemanager cluster |
AAIConfig: | showing some infos of AAI in GUI |
Helpserver | - | odlux | - | WebsocketManager | - | mountpoint-registrar | RestConfig | for creating new mountpoints pushed by DMaaP Messages |
DMaaPConfig
TransportType=HTTPNOAUTHLatitude =47.778998Longitude =-122.182883Version =1.0ServiceName =dmaap-v1.dev.dmaap.dt.saat.acsi.att.com/events
Environment =TESTPartner =SubContextPath =/Protocol =httpMethodType =GETusername =password =contenttype =application/jsonauthKey=ABC123authDate=2016-05-10T13:13:50-0700host=172.18.0.6:3904topic=unauthenticated.VES_PNFREG_OUTPUTgroup=myGid=C1timeout=20000limit=10000getting access to DMaaP Message Bus looking for VES-Messages | DataProvider | DBConfig - url(s) (multiple possible)
- credentials
- esArchiveLimit=2592000 [in seconds]
- esArchiveFolder=./backup
| reading and writing db entries pushed by the GUI / backend |
devicemanager
|
devicemanager-X
| NotifyConfig: | forwarding netconf notifications to websocketmanager RPC to broadcast them to the GUI |
AAIConfig - aaiHeaders=["X-TransactionId: 9999"]
- aaiUrl=http://localhost:81
- aaiUserCredentials=AAI:AAI
- aaiDeleteOnMountpointRemove=false
- aaiTrustAllCerts=false
- aaiApiVersion=aai/v13
- aaiPropertiesFile=aaiclient.properties
- aaiApplicationId=SDNR
- aaiPcks12ClientCertFile=/opt/logs/externals/data/stores/keystore.client.p12
- aaiPcks12ClientCertPassphrase=adminadmin
- aaiClientConnectionTimeout=30000
|
|
PMConfig | collect historical performance data |
DCAEConfig - dcaeUserCredentials=admin:admin
- dcaeUrl=off
- dcaeHeartbeatPeriodSeconds=120
- dcaeTestCollector=no
|
|
AAFConfig? |
|
mountpoint-state-provider | DMaaPConfig dmaapEnabled=true TransportType=HTTPNOAUTH host=172.18.0.6:3904 topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO contenttype=application/json timeout=20000 limit=10000 maxBatchSize=100 maxAgeMs=250 MessageSentThreadOccurance=50 | to provide base mountpoint information to dmaap |
mountpoint-registrar | RestConfig Ex: baseUrl=http://localhost:8181 sdnrUser=admin sdnrPasswd=admin | for creating new mountpoints pushed by DMaaP Messages |
| DMaaPConfig - TransportType=HTTPNOAUTH
- host=172.18.0.6:3904
- topic=unauthenticated.VES_PNFREG_OUTPUT
- contenttype =application/json
- group=myG
- id=C1
- timeout=20000
- limit=10000
| getting access to DMaaP Message Bus looking for VES-Messages. The default TransportType used is HTTPNOAUTH. For other TransportTypes such as DME2, HTTP, AUTH_KEY, please see below -
TransportType=HTTP |
---|
host | topic | contenttype | username | password | group | id | timeout | limit |
TransportType=DME2 |
---|
ServiceName | topic | username | password | DME2preferredRouterFilePath | Partner || routeOffer | Protocol | MethodType | contenttype | Latitude | Longitude | AFT_ENVIRONMENT | Version | Environment | SubContextPath | sessionstickinessrequired | group | id | timeout | limit |
TransportType=AUTHKEY |
---|
host | topic | contenttype | username | password | authKey | authDate | group | id | timeout | limit |
|
Database |
|
|
|