Rename sandesh ssl options

Naming convention for ssl options (keyfile, certfile, ca_cert) under [SANDESH]
conflicts with [SECURITY] options in contrail-api. Hence, prepended the
ssl options under [SANDESH] with sandesh_

Change-Id: I23f71d103270209eae5951ef044832bacff6e667
Closes-Bug: #1661084

src/analytics/contrail-broadview/contrail-broadview.conf

@@ -15,6 +15,6 @@ log_file=/var/log/contrail/contrail-broadview.log
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/analytics/contrail-broadview/contrail_broadview/config.py

@@ -76,9 +76,9 @@ def parse(self):
             'device_file'     : '/etc/contrail/bv_devices.conf',
         }
         sandesh_opts = {
-            'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-            'certfile': '/etc/contrail/ssl/certs/server.pem',
-            'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+            'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+            'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+            'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
             'sandesh_ssl_enable': False,
             'introspect_ssl_enable': False
         }
@@ -136,11 +136,11 @@ def parse(self):
             help="ip:port of zookeeper server")
         parser.add_argument("--sandesh_send_rate_limit", type=int,
             help="Sandesh send rate limit in messages/sec.")
-        parser.add_argument("--keyfile",
+        parser.add_argument("--sandesh_keyfile",
             help="Sandesh ssl private key")
-        parser.add_argument("--certfile",
+        parser.add_argument("--sandesh_certfile",
             help="Sandesh ssl certificate")
-        parser.add_argument("--ca_cert",
+        parser.add_argument("--sandesh_ca_cert",
             help="Sandesh CA ssl certificate")
         parser.add_argument("--sandesh_ssl_enable", action="store_true",
             help="Enable ssl for sandesh connection")
@@ -216,8 +216,8 @@ def device_file(self):
         return self._args.device_file
 
     def sandesh_config(self):
-        return SandeshConfig(self._args.keyfile,
-                             self._args.certfile,
-                             self._args.ca_cert,
+        return SandeshConfig(self._args.sandesh_keyfile,
+                             self._args.sandesh_certfile,
+                             self._args.sandesh_ca_cert,
                              self._args.sandesh_ssl_enable,
                              self._args.introspect_ssl_enable)

src/analytics/contrail-collector.conf

@@ -123,6 +123,6 @@ sandesh_send_rate_limit=100
 [SANDESH]
 # sandesh_ssl_enable=false
 # introspect_ssl_enable=false
-# keyfile=/etc/contrail/ssl/private/server-privkey.pem
-# certfile=/etc/contrail/ssl/certs/server.pem
-# ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+# sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+# sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+# sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/analytics/contrail-snmp-collector/contrail-snmp-collector.conf

@@ -31,6 +31,6 @@ log_file=/var/log/contrail/contrail-snmp-collector.log
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/analytics/contrail-snmp-collector/contrail_snmp_collector/snmpcfg.py

@@ -106,9 +106,9 @@ def parse(self):
             'disc_server_port'   : 5998,
         }
         sandesh_opts = {
-            'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-            'certfile': '/etc/contrail/ssl/certs/server.pem',
-            'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+            'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+            'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+            'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
             'sandesh_ssl_enable': False,
             'introspect_ssl_enable': False
         }
@@ -185,11 +185,11 @@ def parse(self):
             help="Discovery Server IP address")
         parser.add_argument("--disc_server_port", type=int,
             help="Discovery Server port")
-        parser.add_argument("--keyfile",
+        parser.add_argument("--sandesh_keyfile",
             help="Sandesh ssl private key")
-        parser.add_argument("--certfile",
+        parser.add_argument("--sandesh_certfile",
             help="Sandesh ssl certificate")
-        parser.add_argument("--ca_cert",
+        parser.add_argument("--sandesh_ca_cert",
             help="Sandesh CA ssl certificate")
         parser.add_argument("--sandesh_ssl_enable", action="store_true",
             help="Enable ssl for sandesh connection")
@@ -292,8 +292,8 @@ def sandesh_send_rate_limit(self):
         return self._args.sandesh_send_rate_limit
 
     def sandesh_config(self):
-        return SandeshConfig(self._args.keyfile,
-                             self._args.certfile,
-                             self._args.ca_cert,
+        return SandeshConfig(self._args.sandesh_keyfile,
+                             self._args.sandesh_certfile,
+                             self._args.sandesh_ca_cert,
                              self._args.sandesh_ssl_enable,
                              self._args.introspect_ssl_enable)

src/analytics/contrail-topology/contrail-topology.conf

@@ -15,6 +15,6 @@ log_file=/var/log/contrail/contrail-topology.log
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/analytics/contrail-topology/contrail_topology/config.py

@@ -96,9 +96,9 @@ def parse(self):
             'admin_tenant_name': 'default-domain'
         }
         sandesh_opts = {
-            'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-            'certfile': '/etc/contrail/ssl/certs/server.pem',
-            'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+            'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+            'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+            'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
             'sandesh_ssl_enable': False,
             'introspect_ssl_enable': False
         }
@@ -178,11 +178,11 @@ def parse(self):
                             help="Password of keystone admin user")
         parser.add_argument("--admin_tenant_name",
                             help="Tenant name for keystone admin user")
-        parser.add_argument("--keyfile",
+        parser.add_argument("--sandesh_keyfile",
             help="Sandesh ssl private key")
-        parser.add_argument("--certfile",
+        parser.add_argument("--sandesh_certfile",
             help="Sandesh ssl certificate")
-        parser.add_argument("--ca_cert",
+        parser.add_argument("--sandesh_ca_cert",
             help="Sandesh CA ssl certificate")
         parser.add_argument("--sandesh_ssl_enable", action="store_true",
             help="Enable ssl for sandesh connection")
@@ -256,9 +256,9 @@ def sandesh_send_rate_limit(self):
         return self._args.sandesh_send_rate_limit
 
     def sandesh_config(self):
-        return SandeshConfig(self._args.keyfile,
-                             self._args.certfile,
-                             self._args.ca_cert,
+        return SandeshConfig(self._args.sandesh_keyfile,
+                             self._args.sandesh_certfile,
+                             self._args.sandesh_ca_cert,
                              self._args.sandesh_ssl_enable,
                              self._args.introspect_ssl_enable)
 

src/analytics/options.cc

@@ -339,13 +339,13 @@ void Options::Initialize(EventManager &evm,
         ("KEYSTONE.cafile", opt::value<string>()->default_value(
                     "/etc/contrail/ks-ca"), "Keystone CA chain")
 
-        ("SANDESH.keyfile", opt::value<string>()->default_value(
+        ("SANDESH.sandesh_keyfile", opt::value<string>()->default_value(
             "/etc/contrail/ssl/private/server-privkey.pem"),
             "Sandesh ssl private key")
-        ("SANDESH.certfile", opt::value<string>()->default_value(
+        ("SANDESH.sandesh_certfile", opt::value<string>()->default_value(
             "/etc/contrail/ssl/certs/server.pem"),
             "Sandesh ssl certificate")
-        ("SANDESH.ca_cert", opt::value<string>()->default_value(
+        ("SANDESH.sandesh_ca_cert", opt::value<string>()->default_value(
             "/etc/contrail/ssl/certs/ca-cert.pem"),
             "Sandesh CA ssl certificate")
         ("SANDESH.sandesh_ssl_enable",
@@ -630,11 +630,11 @@ void Options::Process(int argc, char *argv[],
     GetOptValue<string>(var_map, ks_ca_, "KEYSTONE.cafile");
 
     GetOptValue<string>(var_map, sandesh_config_.keyfile,
-                        "SANDESH.keyfile");
+                        "SANDESH.sandesh_keyfile");
     GetOptValue<string>(var_map, sandesh_config_.certfile,
-                        "SANDESH.certfile");
+                        "SANDESH.sandesh_certfile");
     GetOptValue<string>(var_map, sandesh_config_.ca_cert,
-                        "SANDESH.ca_cert");
+                        "SANDESH.sandesh_ca_cert");
     GetOptValue<bool>(var_map, sandesh_config_.sandesh_ssl_enable,
                       "SANDESH.sandesh_ssl_enable");
     GetOptValue<bool>(var_map, sandesh_config_.introspect_ssl_enable,

src/config/api-server/contrail-api.conf

@@ -36,6 +36,6 @@ ifmap_credentials = control:secret
 [SANDESH]
 #sandesh_ssl_enable=false
 #introspect_ssl_enable=false
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/config/api-server/utils.py

@@ -144,9 +144,9 @@ def parse_args(args_str):
     }
     # sandesh options
     sandeshopts = {
-        'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-        'certfile': '/etc/contrail/ssl/certs/server.pem',
-        'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+        'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+        'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+        'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
         'sandesh_ssl_enable': False,
         'introspect_ssl_enable': False
     }
@@ -383,8 +383,8 @@ def parse_args(args_str):
             args_obj.rdbms_server_list.split()
     if type(args_obj.collectors) is str:
         args_obj.collectors = args_obj.collectors.split()
-    args_obj.sandesh_config = SandeshConfig(args_obj.keyfile,
-        args_obj.certfile, args_obj.ca_cert, args_obj.sandesh_ssl_enable,
+    args_obj.sandesh_config = SandeshConfig(args_obj.sandesh_keyfile,
+        args_obj.sandesh_certfile, args_obj.sandesh_ca_cert, args_obj.sandesh_ssl_enable,
         args_obj.introspect_ssl_enable)
 
     args_obj.conf_file = saved_conf_file

src/config/device-manager/contrail-device-manager.conf

@@ -8,6 +8,6 @@ disc_server_port = 5998
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/config/device-manager/device_manager/device_manager.py

@@ -382,9 +382,9 @@ def parse_args(args_str):
         'cassandra_password': None
     }
     sandeshopts = {
-        'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-        'certfile': '/etc/contrail/ssl/certs/server.pem',
-        'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+        'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+        'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+        'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
         'sandesh_ssl_enable': False,
         'introspect_ssl_enable': False
     }
@@ -494,8 +494,8 @@ def parse_args(args_str):
         args.cassandra_server_list = args.cassandra_server_list.split()
     if type(args.collectors) is str:
         args.collectors = args.collectors.split()
-    args.sandesh_config = SandeshConfig(args.keyfile,
-        args.certfile, args.ca_cert,
+    args.sandesh_config = SandeshConfig(args.sandesh_keyfile,
+        args.sandesh_certfile, args.sandesh_ca_cert,
         args.sandesh_ssl_enable, args.introspect_ssl_enable)
 
     args.conf_file = saved_conf_file

src/config/schema-transformer/contrail-schema.conf

@@ -8,6 +8,6 @@ disc_server_port = 5998
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/config/schema-transformer/to_bgp.py

@@ -422,9 +422,9 @@ def parse_args(args_str):
         'cassandra_password': None,
     }
     sandeshopts = {
-        'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-        'certfile': '/etc/contrail/ssl/certs/server.pem',
-        'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+        'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+        'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+        'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
         'sandesh_ssl_enable': False,
         'introspect_ssl_enable': False
     }
@@ -547,8 +547,8 @@ def _bool(s):
         args.cassandra_server_list = args.cassandra_server_list.split()
     if type(args.collectors) is str:
         args.collectors = args.collectors.split()
-    args.sandesh_config = SandeshConfig(args.keyfile,
-        args.certfile, args.ca_cert,
+    args.sandesh_config = SandeshConfig(args.sandesh_keyfile,
+        args.sandesh_certfile, args.sandesh_ca_cert,
         args.sandesh_ssl_enable, args.introspect_ssl_enable)
 
     return args

src/config/svc-monitor/contrail-svc-monitor.conf

@@ -39,6 +39,6 @@ cassandra_server_list=127.0.0.1:9160
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/config/svc-monitor/svc_monitor/svc_monitor.py

@@ -747,9 +747,9 @@ def parse_args(args_str):
         'cassandra_password': None,
     }
     sandeshopts = {
-        'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-        'certfile': '/etc/contrail/ssl/certs/server.pem',
-        'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+        'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+        'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+        'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
         'sandesh_ssl_enable': False,
         'introspect_ssl_enable': False
     }
@@ -867,8 +867,8 @@ def parse_args(args_str):
     if args.netns_availability_zone and \
             args.netns_availability_zone.lower() == 'none':
         args.netns_availability_zone = None
-    args.sandesh_config = SandeshConfig(args.keyfile,
-        args.certfile, args.ca_cert,
+    args.sandesh_config = SandeshConfig(args.sandesh_keyfile,
+        args.sandesh_certfile, args.sandesh_ca_cert,
         args.sandesh_ssl_enable, args.introspect_ssl_enable)
 
     return args

src/container/kube-manager/contrail-kubernetes.conf

@@ -24,6 +24,6 @@ log_file=/var/log/contrail/contrail-kube-manager.log
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/container/kube-manager/kube_manager/common/args.py

@@ -72,9 +72,9 @@ def parse_args():
     }
 
     sandesh_opts = {
-        'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-        'certfile': '/etc/contrail/ssl/certs/server.pem',
-        'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+        'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+        'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+        'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
         'sandesh_ssl_enable': False,
         'introspect_ssl_enable': False
     }
@@ -108,7 +108,7 @@ def parse_args():
         args.pod_subnets = args.pod_subnets.split()
     if type(args.service_subnets) is str:
         args.service_subnets = args.service_subnets.split()
-    args.sandesh_config = SandeshConfig(args.keyfile,
-        args.certfile, args.ca_cert,
+    args.sandesh_config = SandeshConfig(args.sandesh_keyfile,
+        args.sandesh_certfile, args.sandesh_ca_cert,
         args.sandesh_ssl_enable, args.introspect_ssl_enable)
     return args

src/container/mesos-manager/contrail-mesos.conf

@@ -23,6 +23,6 @@ log_file=/var/log/contrail/contrail-mesos-manager.log
 [SANDESH]
 #sandesh_ssl_enable=False
 #introspect_ssl_enable=False
-#keyfile=/etc/contrail/ssl/private/server-privkey.pem
-#certfile=/etc/contrail/ssl/certs/server.pem
-#ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+#sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
+#sandesh_certfile=/etc/contrail/ssl/certs/server.pem
+#sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem

src/container/mesos-manager/mesos_manager/common/args.py

@@ -54,9 +54,9 @@ def parse_args():
     }
 
     sandesh_opts = {
-        'keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
-        'certfile': '/etc/contrail/ssl/certs/server.pem',
-        'ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
+        'sandesh_keyfile': '/etc/contrail/ssl/private/server-privkey.pem',
+        'sandesh_certfile': '/etc/contrail/ssl/certs/server.pem',
+        'sandesh_ca_cert': '/etc/contrail/ssl/certs/ca-cert.pem',
         'sandesh_ssl_enable': False,
         'introspect_ssl_enable': False
     }
@@ -92,7 +92,7 @@ def parse_args():
         args.pod_subnets = args.pod_subnets.split()
     if type(args.service_subnets) is str:
         args.service_subnets = args.service_subnets.split()
-    args.sandesh_config = SandeshConfig(args.keyfile,
-        args.certfile, args.ca_cert,
+    args.sandesh_config = SandeshConfig(args.sandesh_keyfile,
+        args.sandesh_certfile, args.sandesh_ca_cert,
         args.sandesh_ssl_enable, args.introspect_ssl_enable)
     return args