X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Fsections%2Fconfiguration.rst;h=b325712ea4dbe38b1298bc579fbb8dcad76fac47;hb=3472d39bd861fc88c48a2f3217d73716b81f6ae3;hp=43de0e438c96087d7c9d7a7d15be331968f550e0;hpb=0c3c68ba16c8c1953247776e48072ff7668a7b02;p=oom%2Fplatform%2Fcert-service.git

diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst
index 43de0e43..b325712e 100644
--- a/docs/sections/configuration.rst
+++ b/docs/sections/configuration.rst
@@ -3,7 +3,7 @@
 .. Copyright 2020 NOKIA
 
 Configuration
-=============
+==============
 
 
 Configuring Cert Service
@@ -41,7 +41,7 @@ Example cmpServers.json file:
 
 This contains list of CMP Servers, where each server has following properties:
 
-    - *caName* - name of the external CA server. It's used to match *CA_NAME* sent by client in order to match proper configuration.
+    - *caName* - name of the external CA server. It's used to match *CA_NAME* sent by CertService client in order to match proper configuration.
     - *url* - URL to CMPv2 server
     - *issuerDN* - Distinguished Name of the CA that will sign the certificate
     - *caMode* - Issuer mode. Allowed values are *CLIENT* and *RA*
@@ -57,8 +57,8 @@ This configuration is read on the application start. It can also be reloaded in
 Next sections explain how to configure Cert Service in local (docker-compose) and OOM Deployments.
 
 
-Configuring in local(docker-compose) deployment:
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Configuring in local (docker-compose) deployment:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Before application start:
 """""""""""""""""""""""""
@@ -76,6 +76,9 @@ When application is running:
 
     docker exec -it <certservice-container-name> bash
 
+    e.g.
+    docker exec -it aafcert-service bash
+
 3. Edit *cmpServers.json* file::
 
     vim /etc/onap/aaf/certservice/cmpServers.json
@@ -83,7 +86,7 @@ When application is running:
 4. Save the file. Note that this file is mounted as volume, so change will be persistent.
 5. Reload configuration::
 
-    curl -I https://localhost:8443/reload --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret
+    curl -I https://localhost:8443/reload --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass $KEYSTORE_PASSWORD
 
 6. Exit container::
 
@@ -96,7 +99,7 @@ Configuring in OOM deployment:
 Before OOM installation:
 """"""""""""""""""""""""
 
-Note! This must be executed before calling *make all* (from OOM Installation) or needs remaking aaf Charts.
+Note! This must be executed before calling *make all* (from OOM Installation) or needs remaking AAF charts.
 
 
 1. Edit *cmpServers.json* file. If OOM *global.addTestingComponents* flag is set to:
@@ -109,15 +112,20 @@ Note! This must be executed before calling *make all* (from OOM Installation) or
 When CertService is deployed:
 """""""""""""""""""""""""""""
 
-1. Encode your configuration to base64::
+1. Create file with configuration
+
+2. Encode your configuration to base64::
 
-    echo "CONFIGURATION_TO_ENCODE" | base64
+    cat <configuration_file> | base64
 
-2. Edit secret::
+3. Edit secret::
 
-    kubectl edit secret <cmp-servers-secret-name> # aaf-cert-service-secret by default
+    kubectl -n onap edit secret <cmp-servers-secret-name>
 
-3. Replace value for *cmpServers.json* with your base64 encoded configuration. For example:
+    e.g.
+    kubectl -n onap edit secret aaf-cert-service-secret
+
+4. Replace value for *cmpServers.json* with your base64 encoded configuration. For example:
 
   .. code-block:: yaml
 
@@ -134,17 +142,20 @@ When CertService is deployed:
           uid: 6a037526-83ed-11ea-b731-fa163e2144f6
         type: Opaque
 
-4. Save and exit
-5. New configuration will be automatically mounted to CertService pod, but application configuration reload is needed.
-6. To reload configuration enter CertService pod::
+5. Save and exit
+6. New configuration will be automatically mounted to CertService pod, but application configuration reload is needed.
+7. To reload configuration enter CertService pod::
+
+    kubectl -n onap exec -it <cert-service-pod-name> bash
 
-    kubectl exec -it <cert-service-pod-name> bash
+    e.g.
+    kubectl -n onap exec -it $(kubectl -n onap get pods | grep cert-service | awk '{print $1}') bash
 
-7. Reload configuration::
+8. Reload configuration::
 
     curl -I https://localhost:$HTTPS_PORT/reload --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
 
-8. Exit container::
+9. Exit container::
 
     exit
 
@@ -185,19 +196,19 @@ This section describes how to use custom, external certificates for CertService
 1. Set *tls.certificateExternalSecret* flag to true in *kubernetes/aaf/charts/aaf-cert-service/values.yaml*
 2. Prepare secret for CertService. It must be provided before OOM installation. It must contain four files:
 
-    - *certServiceServer-keystore.jks*  - keystore in jks format. Signed by some Root CA
-    - *certServiceServer-keystore.p12* - same keystore in p12 format
-    - *truststore.jks* - truststore in jks format, containing certificates of the Root CA that signed CertService Client certificate
-    - *root.crt* - certificate of the RootCA that signed Client certificate in crt format
+    - *certServiceServer-keystore.jks*  - keystore in JKS format. Signed by some Root CA
+    - *certServiceServer-keystore.p12* - same keystore in PKCS#12 format
+    - *truststore.jks* - truststore in JKS format, containing certificates of the Root CA that signed CertService Client certificate
+    - *root.crt* - certificate of the RootCA that signed Client certificate in CRT format
 
 3. Name the secret properly - the name should match *tls.server.secret.name* value from *kubernetes/aaf/charts/aaf-cert-service/values.yaml* file
 
 4. Prepare secret for CertService Client. It must be provided before OOM installation. It must contain two files:
 
-    - *certServiceClient-keystore.jks*  - keystore in jks format. Signed by some Root CA
-    - *truststore.jks* - truststore in jks format, containing certificates of the RootCA that signed CertService certificate
+    - *certServiceClient-keystore.jks*  - keystore in JKS format. Signed by some Root CA
+    - *truststore.jks* - truststore in JKS format, containing certificates of the RootCA that signed CertService certificate
 
-5. Name the secret properly - the name should match *global.aaf.certService.client.secret.name*
+5. Name the secret properly - the name should match *global.aaf.certService.client.secret.name* value from *kubernetes/onap/values.yaml* file
 
 6. Provide keystore and truststore passwords for CertService. It can be done in two ways: