diff options
author | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2020-03-26 09:43:41 +0100 |
---|---|---|
committer | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2020-03-27 08:35:55 +0100 |
commit | 71986212d4088b3cc5c41c2ed96ec352ea899fe5 (patch) | |
tree | adf2f276554908c9f00eddfabbe6fc47b3e2e0bb | |
parent | 483ccbf2d8f0c71ebb15a4a47246a68a42e68f3e (diff) |
Add Certification Client documentation
Issue-ID: AAF-1091
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I8eb762063767f8532845e7f66b1d7398468ab650
-rw-r--r-- | docs/sections/configuration.rst | 108 | ||||
-rw-r--r-- | docs/sections/logging.rst | 51 |
2 files changed, 143 insertions, 16 deletions
diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index 47f2dd87..d49c86bd 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -5,24 +5,106 @@ Configuration ============= -.. note:: - * This section is used to describe the options a software component offers for configuration. +Standalone docker container +--------------------------- - * Configuration is typically: provided for platform-component and sdk projects; - and referenced in developer and user guides. - - * This note must be removed after content has been added. +Certification Service Client image: +.. code-block:: + nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest -Example ... -You can provide the following in ``basic.conf`` +1. Create file with environments as in example below. -``host=ADDRESS`` - The address of the host +.. code-block:: -``port=PORT`` - The port used for signaling + #Client envs + REQUEST_URL=http://aaf-cert-service-service:8080/v1/certificate/ + REQUEST_TIMEOUT=1000 + OUTPUT_PATH=/var/certs + CA_NAME=RA + #Csr config envs + COMMON_NAME=onap.org + ORGANIZATION=Linux-Foundation + ORGANIZATION_UNIT=ONAP + LOCATION=San-Francisco + STATE=California + COUNTRY=US + SANS=test.onap.org:onap.com - Optional. Default: ``8080`` + +2. Run docker container with environments file and docker network (API and client must be running in same network). + +.. code-block:: bash + + AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest + DOCKER_ENV_FILE= <path to environment file> + NETWORK_CERT_SERVICE= <docker network of cert service> + DOCKER_VOLUME="<absolute path to local dir>:<output path>" + + docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE --volume $DOCKER_VOLUME $AAFCERT_CLIENT_IMAGE + + + +Init Container for K8s +---------------------- + +Example deployment: + +.. code-block:: yaml + + ... + kind: Deployment + metadata: + ... + spec: + ... + template: + ... + spec: + containers: + - image: sample.image + name: sample.name + ... + volumeMounts: + - mountPath: /var/certs #CERTS CAN BE FOUND IN THIS DIRECTORY + name: certs + ... + initContainers: + - name: cert-service-client + image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest + imagePullPolicy: Always + env: + - name: REQUEST_URL + value: http://aaf-cert-service-service:8080/v1/certificate/ + - name: REQUEST_TIMEOUT + value: "1000" + - name: OUTPUT_PATH + value: /var/certs + - name: CA_NAME + value: RA + - name: COMMON_NAME + value: onap.org + - name: ORGANIZATION + value: Linux-Foundation + - name: ORGANIZATION_UNIT + value: ONAP + - name: LOCATION + value: San-Francisco + - name: STATE + value: California + - name: COUNTRY + value: US + - name: SANS + value: test.onap.org:onap.com + volumeMounts: + - mountPath: /var/certs + name: certs + ... + volumes: + -emptyDir: {} + name: certs + ... + +
\ No newline at end of file diff --git a/docs/sections/logging.rst b/docs/sections/logging.rst index 159b5132..422b70a0 100644 --- a/docs/sections/logging.rst +++ b/docs/sections/logging.rst @@ -5,8 +5,9 @@ Logging ======= -Where to Access Information ---------------------------- +Certification Service API +-------------------------- + Certification Service logs are available in the Docker container @@ -17,9 +18,53 @@ Path to logs: /var/log/onap/aaf/certservice Available log files: - * audit.log * debug.log * error.log +Certification Service Client +---------------------------- +To see logs use : + +- Docker: + +.. code-block:: bash + + docker logs cert-service-client + +- Kubernetes: + +.. code-block:: bash + + kubectl logs <pod-name> cert-service-client + + +Logs are stored inside container log path: + + /var/logs + +Client application exits with following exit codes: + + ++-------+------------------------------------------------+ +| Code | Information | ++=======+================================================+ +| 0 | Success | ++-------+------------------------------------------------+ +| 1 | Invalid client configuration | ++-------+------------------------------------------------+ +| 2 | Invalid CSR configuration | ++-------+------------------------------------------------+ +| 3 | Fail in key pair generation | ++-------+------------------------------------------------+ +| 4 | Fail in CSR generation | ++-------+------------------------------------------------+ +| 5 | CertService HTTP unsuccessful response | ++-------+------------------------------------------------+ +| 6 | Internal HTTP Client connection problem | ++-------+------------------------------------------------+ +| 7 | Fail in PKCS12 conversion | ++-------+------------------------------------------------+ +| 8 | Fail in Private Key to PEM Encoding | ++-------+------------------------------------------------+ |