-FROM docker.io/sysrepo/sysrepo-netopeer2:v0.7.7
+FROM docker.io/sysrepo/sysrepo-netopeer2:legacy
ADD apt.conf /etc/apt/apt.conf
RUN apt-get update && apt-get install -y python3 python3-pip python-pip && pip3 install flask flask_restful kafka-python && pip install kafka-python
RUN cd /opt/dev/sysrepo && cmake -DGEN_PYTHON_VERSION=2 -DREPOSITORY_LOC:PATH=/etc/sysrepo . && make install
docker-compose -f docker-compose-certman.yml down
clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean-client-volume
- docker rm -f aafcert-ejbca || true
+ docker rm -f oomcert-ejbca || true
docker-compose -f docker-compose-certservice.yml down
docker-compose -f docker-compose-ves.yml down
docker run \
-d \
--rm \
- --name aafcert-ejbca \
+ --name oomcert-ejbca \
--hostname cahostname \
-p 80:8080 \
-p 443:8443 \
primekey/ejbca-ce:6.15.2.5
--configure-ejbca:
- docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+ docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
--create-client-volume:
mkdir -p ./certservice/client-resources/client-volume -m 777
--wait-for-ejbca:
@echo 'Waiting for EJBCA...'
- until docker container inspect aafcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done
+ until docker container inspect oomcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done
Makefile offers functionalities that allows to:
* Run PNF simulator with fetching certs from AAF Certman
- * Run PNF simulator with fetching certs from AAF Certservice (CMPv2)
+ * Run PNF simulator with fetching certs from OOM Certservice (CMPv2)
## Fetching from AAF Certman
### Description
make clean-pnfsim-with-certman-setup
```
-## Fetching certificates from AAF Certservice (CMPv2)
+## Fetching certificates from OOM Certservice (CMPv2)
### Description
Running Makefile with Certservice target will start the following flow:
#Generate certService private and public keys
step_9:
@echo "Generate certService private and public keys"
- keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+ keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \
-keystore certServiceServer-keystore.jks -storetype JKS \
- -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
-keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
@echo "####done####"
#Generate certificate signing request for certService
step_10:
@echo "Generate certificate signing request for certService"
- keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr
+ keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
@echo "####done####"
#Sign certService certificate by root CA
@echo "Sign certService certificate by root CA"
keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
-outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
- -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost"
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
@echo "####done####"
#Import root certificate into server
#Import signed certificate into certService
step_13:
@echo "Import signed certificate into certService"
- keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \
+ keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
-storepass secret -noprompt
@echo "####done####"
#Client envs
-REQUEST_URL=https://aaf-cert-service:8443/v1/certificate/
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
REQUEST_TIMEOUT=10000
OUTPUT_PATH=/var/certs
CA_NAME=RA
+OUTPUT_TYPE=JKS
#Csr config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
LOCATION=San-Francisco
STATE=California
COUNTRY=US
-SANS=example.org
#Tls config envs
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
services:
- aaf-cert-service:
- image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
+ oom-cert-service:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
volumes:
- - ./certservice/certservice-resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json
- - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
- - ./certservice/certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt
- - ./certservice/certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
- - ./certservice/certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
- container_name: aafcert-service
+ - ./certservice/certservice-resources/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json
+ - ./certservice/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./certservice/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+ - ./certservice/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+ - ./certservice/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+ container_name: oomcert-service
ports:
- "8443:8443"
healthcheck:
- test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+ test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
interval: 10s
timeout: 3s
retries: 15
networks:
- certservice-network
- aaf-cert-client:
- image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
- container_name: aafcert-client
+ oom-cert-client:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ container_name: oomcert-client
env_file: ./certservice/client-resources/client-configuration.env
networks:
- certservice-network
volumes:
- ./certservice/client-resources/client-volume:/var/certs:rw
- - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
- - ./certservice/certs/certServiceClient-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+ - ./certservice/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./certservice/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
depends_on:
- aaf-cert-service:
+ oom-cert-service:
condition: service_healthy
mongo:
- pnf-simulator-network
command: bash -c "
while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done
- && mv /app/store/truststore.jks /app/store/trust.jks
- && mv /app/store/keystore.jks /app/store/cert.p12
+ && cp /app/store/truststore.jks /app/store/trust.jks
+ && cp /app/store/keystore.jks /app/store/cert.p12
&& export CLIENT_CERT_PASS=$$(cat /app/store/keystore.pass)
&& export TRUST_CERT_PASS=$$(cat /app/store/truststore.pass)
&& java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main
- "8444:8443"
networks:
- vesnetwork
- command: bash -c "
- rm -f /opt/app/VESCollector/etc/keystore
- && echo $$(cat /opt/app/VESCollector/etc/trustpasswordfile)
- && keytool -importkeystore -srckeystore /opt/app/VESCollector/etc/cert.p12 -srcstorepass $$(cat /opt/app/VESCollector/etc/passwordfile) -srcstoretype pkcs12 -destkeystore /opt/app/VESCollector/etc/keystore -deststoretype jks -deststorepass $$(cat /opt/app/VESCollector/etc/passwordfile)
- && bin/docker-entry.sh
- "
volumes:
- - ./certservice/client-resources/client-volume/cert.p12:/opt/app/VESCollector/etc/cert.p12
+ - ./certservice/client-resources/client-volume/keystore.jks:/opt/app/VESCollector/etc/keystore
- ./certservice/client-resources/client-volume/keystore.pass:/opt/app/VESCollector/etc/passwordfile
- ./certservice/client-resources/client-volume/trust.jks:/opt/app/VESCollector/etc/truststore
- ./certservice/client-resources/client-volume/truststore.pass:/opt/app/VESCollector/etc/trustpasswordfile
Code Review / integration / simulators / pnf-simulator.git / commitdiff