diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | Makefile | 37 | ||||
-rw-r--r-- | README.md | 88 | ||||
-rw-r--r-- | certService/Makefile | 31 | ||||
-rw-r--r-- | certService/README.md | 61 | ||||
-rw-r--r-- | certServiceClient/docker-compose.yml | 59 | ||||
-rw-r--r-- | compose-resources/client-configuration.env (renamed from certServiceClient/client_docker.env) | 2 | ||||
-rwxr-xr-x | compose-resources/ejbca-configuration.sh (renamed from certService/src/main/resources/scripts/ejbca-configuration.sh) | 0 | ||||
-rw-r--r-- | docker-compose.yml (renamed from certService/docker-compose.yml) | 11 |
9 files changed, 132 insertions, 159 deletions
@@ -2,7 +2,7 @@ target/ !**/src/main/** !**/src/test/** **/var -certServiceClient/certs_volume +compose-resources/client-volume ### STS ### .apt_generated diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..1e4f871c --- /dev/null +++ b/Makefile @@ -0,0 +1,37 @@ +all: build start-backend run-client stop-client stop-backend +start-with-client: start-backend run-client +.PHONY: build + +build: + @echo "##### Build Cert Service images locally #####" + mvn clean install -P docker + @echo "##### DONE #####" + +start-backend: + @echo "##### Start Cert Service #####" + docker-compose up -d + @echo "## Configure ejbca ##" + docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh + @echo "##### DONE #####" + +run-client: + @echo "##### Create Cert Service Client volume folder: `pwd`/compose-resources/client-volume/ #####" + mkdir -p `pwd`/compose-resources/client-volume/ + @echo "##### Start Cert Service Client #####" + docker run \ + --name aafcert-client \ + --env-file ./compose-resources/client-configuration.env \ + --network certservice_certservice \ + --mount type=bind,src=`pwd`/compose-resources/client-volume/,dst=/var/certs \ + onap/org.onap.aaf.certservice.aaf-certservice-client:latest + +stop-client: + @echo "##### Remove Cert Service Client #####" + @echo "Removing aafcert-client" + @docker rm aafcert-client > /dev/null 2> /dev/null || true + @echo "##### DONE #####" + +stop-backend: + @echo "##### Stop Cert Service #####" + docker-compose down + @echo "##### DONE #####" diff --git a/README.md b/README.md new file mode 100644 index 00000000..8fabbee9 --- /dev/null +++ b/README.md @@ -0,0 +1,88 @@ +# Cert service + +### General description + +More information about the project and all its functionalities you can find under the wiki page: + ``` + https://wiki.onap.org/display/DW/AAF+Certification+Service + ``` + +Project consists of two submodules: +1. aaf-certservice-api +2. aaf-certservice-client + +Detailed information about submodules can be found in ```README.md``` in their directories. + +### Project building +``` +mvn clean package +``` + +### Install the packages into the local repository +``` +mvn clean install +``` + +### Building Docker images and install packages into local repository +``` +mvn clean install -P docker +or +make build +``` + +### Running Docker containers from docker-compose with EJBCA +Docker-compose uses a local image of certservice-api and make run-client uses a local image of certservice-client +Build docker images locally before running docker compose command. +``` +1. Build local images +make build +2. Start Cert Service with configured EJBCA +make start-backend +3. Run Cert Service Client +make run-client +3. Remove client container +make stop-client +4. Stop Cert Service and EJBCA +make stop-backend +``` + +### Running API with Helm +1. Use environment/server with installed kubernetes and helm. +2. Copy certService/helm/aaf-cert-service directory to that environment. +3. Enter that environment +4. Run ```helm install ./aaf-cert-service``` + + +### AAF CertService CSITs +#### CSIT repository +``` +https://gerrit.onap.org/r/admin/repos/integration/csit +``` + +####How to run tests locally +1. Checkout CSIT repository +2. Configure CSIT local environment +3. Inside CSIT directory execute +``` +sudo ./run-csit.sh plans/aaf/certservice +``` + +####Jenkins build +https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/ + +### Sonar results +``` +https://sonarcloud.io/dashboard?id=onap_aaf-certservice +``` + +### Maven artifacts +All maven artifacts are deployed under nexus uri: +``` +https://nexus.onap.org/content/repositories/snapshots/org/onap/aaf/certservice/ +``` + +### Docker artifacts +All docker images are hosted under nexus3 uri: +``` +https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.aaf.certservice.aaf-certservice-api/ +```
\ No newline at end of file diff --git a/certService/Makefile b/certService/Makefile deleted file mode 100644 index b1b63b4d..00000000 --- a/certService/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -all: build start stop -.PHONY: build - -build: - @echo "##### Build Cert Service images locally #####" - mvn clean install -P docker - @echo "##### DONE #####" -start: - @echo "##### Start Cert Service #####" - docker-compose up -d - @echo "## Configure ejbca ##" - docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh - @echo "##### DONE #####" -stop: - @echo "##### Stop Cert Service #####" - docker-compose down - @echo "##### DONE #####" - - - - - - - - - - - - - - diff --git a/certService/README.md b/certService/README.md index 9f23504e..8e7fccc4 100644 --- a/certService/README.md +++ b/certService/README.md @@ -48,8 +48,6 @@ mvn clean install ### Building Docker image and install the package into local repository ``` mvn clean install -P docker -or -make build ``` ### Running Docker container local @@ -61,25 +59,7 @@ docker run -p 8080:8080 --name aaf-certservice-api --mount type=bind,source=/<ab ``` docker run -p 8080:8080 --name aaf-certservice-api --mount type=bind,source=/<absolute_path>/cmpServers.json,target=/etc/onap/aaf/certservice/cmpServers.json nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 ``` - -### Running Docker container from docker-compose with EJBCA -Docker-compose uses a local image of certservice. -Build a docker image locally before run docker compose command. -``` -1. Build local image -make build -2. Start Cert Service with configured EJBCA -make start -3. Stop containers -make stop -``` -### Running with Helm -1. Use environment/server with installed kubernetes and helm. -2. Copy helm/aaf-cert-service directory to that environment. -3. Enter that environment -4. Run ```helm install ./aaf-cert-service``` - ### Health Check Browser: ``` @@ -92,23 +72,6 @@ curl localhost:8080/actuator/health ``` Should return {"status":"UP"} -### AAF CertService CSITs -#### CSIT repository -``` -https://gerrit.onap.org/r/admin/repos/integration/csit -``` - -####How to run tests locally -1. Checkout CSIT repository -2. Configure CSIT local environment -3. Inside CSIT directory execute -``` -sudo ./run-csit.sh plans/aaf/certservice -``` - -####Jenkins build -https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/ - ### Logs locally path: @@ -127,31 +90,9 @@ cd /var/log/onap/aaf/certservice You should see: audit.log error.log trace.log -### Sonar results -``` -https://sonarcloud.io/dashboard?id=onap_aaf-certservice -``` - -### Maven artifacts -All maven artifacts are deployed under nexus uri: -``` -https://nexus.onap.org/content/repositories/snapshots/org/onap/aaf/certservice/ -``` - -### Docker artifacts -All docker images are hosted under nexus3 uri: -``` -https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.aaf.certservice.aaf-certservice-api/ -``` - ### RestAPI API is described by Swagger ( OpenAPI 3.0 ) on endpoint /docs ( endpoint is defined in properties as springdoc.swagger-ui.path ) ``` http://localchost:8080/docs -``` - -### Sonar results -``` -https://sonarcloud.io/dashboard?id=onap_aaf-certservice -``` +```
\ No newline at end of file diff --git a/certServiceClient/docker-compose.yml b/certServiceClient/docker-compose.yml deleted file mode 100644 index b0c65be9..00000000 --- a/certServiceClient/docker-compose.yml +++ /dev/null @@ -1,59 +0,0 @@ -version: "2.1" - -services: - ejbca: - image: primekey/ejbca-ce:6.15.2.5 - hostname: cahostname - container_name: aafcert-ejbca - ports: - - "80:8080" - - "443:8443" - volumes: - - ../certService/src/main/resources/scripts/:/opt/primekey/scripts - command: bash -c " - ./scripts/ejbca-configuration.sh & - /opt/primekey/bin/start.sh - " - healthcheck: - test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] - interval: 20s - timeout: 3s - retries: 9 - networks: - - certservice - - certservice: - image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest - volumes: - - ../certService/helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json - container_name: aafcert-service - ports: - - "8080:8080" - depends_on: - ejbca: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health"] - interval: 10s - timeout: 3s - retries: 9 - networks: - - certservice - - certservice-client: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:latest - container_name: aafcert-client - env_file: - - ./client_docker.env - user: root #Run as root to avoid volume permission issues - volumes: - - ./certs_volume/:/var/certs - depends_on: - certservice: - condition: service_healthy - networks: - - certservice - -networks: - certservice: - driver: bridge diff --git a/certServiceClient/client_docker.env b/compose-resources/client-configuration.env index f2697173..e79aa618 100644 --- a/certServiceClient/client_docker.env +++ b/compose-resources/client-configuration.env @@ -1,5 +1,5 @@ #Client envs -REQUEST_URL=http://certservice:8080/v1/certificate/ +REQUEST_URL=http://aafcert-service:8080/v1/certificate/ REQUEST_TIMEOUT=1000 OUTPUT_PATH=/var/certs CA_NAME=RA diff --git a/certService/src/main/resources/scripts/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh index 77f5c555..77f5c555 100755 --- a/certService/src/main/resources/scripts/ejbca-configuration.sh +++ b/compose-resources/ejbca-configuration.sh diff --git a/certService/docker-compose.yml b/docker-compose.yml index 2f4f4b4a..851ad317 100644 --- a/certService/docker-compose.yml +++ b/docker-compose.yml @@ -9,23 +9,20 @@ services: - "80:8080" - "443:8443" volumes: - - ./src/main/resources/scripts/:/opt/primekey/scripts - command: bash -c " - /opt/primekey/bin/start.sh - " + - ./compose-resources/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh healthcheck: test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] interval: 10s timeout: 3s - retries: 9 + retries: 15 networks: - certservice certservice: image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest - volumes: - - ./helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json container_name: aafcert-service + volumes: + - ./certService/helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json ports: - "8080:8080" depends_on: |