X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=certServiceClient%2FREADME.md;h=15f63f4e1ded319f010263a0019842cc5b260728;hb=5b7535bde830b1e29ebd49b33a92db004a0636a1;hp=092eb3263fe1f68d6dffe690e72f5a50035871d1;hpb=d42cfe761abd4458e74c826486da43d11d48e07f;p=oom%2Fplatform%2Fcert-service.git diff --git a/certServiceClient/README.md b/certServiceClient/README.md index 092eb326..15f63f4e 100644 --- a/certServiceClient/README.md +++ b/certServiceClient/README.md @@ -1,15 +1,14 @@ -# Cert service client +# Cert service client *(deprecated)* + +> Deprecated since Istanbul release in favor of Cert Manager certificates +> (for more details see certServiceK8sExternalProvider submodule). + ### Project building ``` mvn clean package ``` -### Building Docker image manually -Go to the certServiceClient subfolder and execute following statement (1.0.0-SNAPSHOT is related to a current project.version parameter): -``` -docker build --build-arg VERSION=1.0.0-SNAPSHOT -t onap/org.onap.aaf.certservice.aaf-certservice-client . -``` ### Install the package into the local repository ``` @@ -21,59 +20,77 @@ mvn clean install mvn clean install -P docker ``` -### Running Docker container local +### Nexus container image ``` -docker run --name aaf-certservice-client onap/org.onap.aaf.certservice.aaf-certservice-client +nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 ``` -### Running Docker container from nexus -``` -docker run --name aaf-certservice-client nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:1.0.0 -``` +### Running local client application as standalone docker container +CertService API and client must be running in same network. -### Running client as standalone docker container -``` -AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest -DOCKER_ENV_FILE= -NETWORK_CERT_SERVICE= - -docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE $AAFCERT_CLIENT_IMAGE +You need certificate and trust anchors (in JKS format) to connect to CertService API via HTTPS. Information how to generate truststore and keystore files you can find in CertService main README. + +To run CertService client as standalone docker container execute following steps: + +1. Create file ‘$PWD/client.env’ with environment variables as in example below: ``` -Sample Environment file: -```aidl #Client envs -REQUEST_TIMEOUT=1000 -OUTPUT_PATH=/var/log +REQUEST_URL= +REQUEST_TIMEOUT=10000 +OUTPUT_PATH=/var/certs CA_NAME=RA -#Csr config envs +OUTPUT_TYPE=P12 + +#CSR config envs COMMON_NAME=onap.org ORGANIZATION=Linux-Foundation ORGANIZATION_UNIT=ONAP LOCATION=San-Francisco STATE=California COUNTRY=US -SANS=example.com:example2.com -``` +SANS=test.onap.org,onap.com,onap@onap.org,127.0.0.1,onap://cluster.local/ + +#TLS config envs +KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD= +TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-truststore.jks +TRUSTSTORE_PASSWORD= +``` +2. Run docker container as in following example (API and client must be running in same network): +``` +docker run \ +--rm \ +--name oomcert-client \ +--env-file <$PWD/client.env (same as in step1)> \ +--network \ +--mount type=bind,src=,dst= \ +--volume : \ +--volume : \ +nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 +``` +After successful creation of certifications, container exits with exit code 0. ### Logs locally path: ``` -var/log/onap/aaf/certservice-client/certservice-client.log +var/log/onap/oom/certservice-client/certservice-client.log ``` ### Logs in Docker container ``` -docker logs aaf-certservice-client +docker logs oom-certservice-client ``` ###Exit codes ``` 0 Success 1 Invalid client configuration -2 Invalid CSR data -3 Failed key pair generation -4 Failed CSR generation -5 API return unsuccessful response -6 Problem with Http Client connection -7 Failed PKCS12 conversion -8 Failed Private Key to PEM Encoding -``` \ No newline at end of file +2 Invalid CSR configuration +3 Fail in key pair generation +4 Fail in CSR generation +5 CertService HTTP unsuccessful response +6 Internal HTTP Client connection problem +7 Fail in PEM conversion +8 Fail in Private Key to PEM Encoding +9 Wrong TLS configuration +10 File could not be created +99 Application exited abnormally