From 71986212d4088b3cc5c41c2ed96ec352ea899fe5 Mon Sep 17 00:00:00 2001 From: Tomasz Wrobel Date: Thu, 26 Mar 2020 09:43:41 +0100 Subject: Add Certification Client documentation Issue-ID: AAF-1091 Signed-off-by: Tomasz Wrobel Change-Id: I8eb762063767f8532845e7f66b1d7398468ab650 --- docs/sections/configuration.rst | 108 +++++++++++++++++++++++++++++++++++----- docs/sections/logging.rst | 51 +++++++++++++++++-- 2 files changed, 143 insertions(+), 16 deletions(-) (limited to 'docs') diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index 47f2dd87..d49c86bd 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -5,24 +5,106 @@ Configuration ============= -.. note:: - * This section is used to describe the options a software component offers for configuration. +Standalone docker container +--------------------------- - * Configuration is typically: provided for platform-component and sdk projects; - and referenced in developer and user guides. - - * This note must be removed after content has been added. +Certification Service Client image: +.. code-block:: + nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest -Example ... -You can provide the following in ``basic.conf`` +1. Create file with environments as in example below. -``host=ADDRESS`` - The address of the host +.. code-block:: -``port=PORT`` - The port used for signaling + #Client envs + REQUEST_URL=http://aaf-cert-service-service:8080/v1/certificate/ + REQUEST_TIMEOUT=1000 + OUTPUT_PATH=/var/certs + CA_NAME=RA + #Csr config envs + COMMON_NAME=onap.org + ORGANIZATION=Linux-Foundation + ORGANIZATION_UNIT=ONAP + LOCATION=San-Francisco + STATE=California + COUNTRY=US + SANS=test.onap.org:onap.com - Optional. Default: ``8080`` + +2. Run docker container with environments file and docker network (API and client must be running in same network). + +.. code-block:: bash + + AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest + DOCKER_ENV_FILE= + NETWORK_CERT_SERVICE= + DOCKER_VOLUME=":" + + docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE --volume $DOCKER_VOLUME $AAFCERT_CLIENT_IMAGE + + + +Init Container for K8s +---------------------- + +Example deployment: + +.. code-block:: yaml + + ... + kind: Deployment + metadata: + ... + spec: + ... + template: + ... + spec: + containers: + - image: sample.image + name: sample.name + ... + volumeMounts: + - mountPath: /var/certs #CERTS CAN BE FOUND IN THIS DIRECTORY + name: certs + ... + initContainers: + - name: cert-service-client + image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest + imagePullPolicy: Always + env: + - name: REQUEST_URL + value: http://aaf-cert-service-service:8080/v1/certificate/ + - name: REQUEST_TIMEOUT + value: "1000" + - name: OUTPUT_PATH + value: /var/certs + - name: CA_NAME + value: RA + - name: COMMON_NAME + value: onap.org + - name: ORGANIZATION + value: Linux-Foundation + - name: ORGANIZATION_UNIT + value: ONAP + - name: LOCATION + value: San-Francisco + - name: STATE + value: California + - name: COUNTRY + value: US + - name: SANS + value: test.onap.org:onap.com + volumeMounts: + - mountPath: /var/certs + name: certs + ... + volumes: + -emptyDir: {} + name: certs + ... + + \ No newline at end of file diff --git a/docs/sections/logging.rst b/docs/sections/logging.rst index 159b5132..422b70a0 100644 --- a/docs/sections/logging.rst +++ b/docs/sections/logging.rst @@ -5,8 +5,9 @@ Logging ======= -Where to Access Information ---------------------------- +Certification Service API +-------------------------- + Certification Service logs are available in the Docker container @@ -17,9 +18,53 @@ Path to logs: /var/log/onap/aaf/certservice Available log files: - * audit.log * debug.log * error.log +Certification Service Client +---------------------------- +To see logs use : + +- Docker: + +.. code-block:: bash + + docker logs cert-service-client + +- Kubernetes: + +.. code-block:: bash + + kubectl logs cert-service-client + + +Logs are stored inside container log path: + + /var/logs + +Client application exits with following exit codes: + + ++-------+------------------------------------------------+ +| Code | Information | ++=======+================================================+ +| 0 | Success | ++-------+------------------------------------------------+ +| 1 | Invalid client configuration | ++-------+------------------------------------------------+ +| 2 | Invalid CSR configuration | ++-------+------------------------------------------------+ +| 3 | Fail in key pair generation | ++-------+------------------------------------------------+ +| 4 | Fail in CSR generation | ++-------+------------------------------------------------+ +| 5 | CertService HTTP unsuccessful response | ++-------+------------------------------------------------+ +| 6 | Internal HTTP Client connection problem | ++-------+------------------------------------------------+ +| 7 | Fail in PKCS12 conversion | ++-------+------------------------------------------------+ +| 8 | Fail in Private Key to PEM Encoding | ++-------+------------------------------------------------+ -- cgit 1.2.3-korg