aboutsummaryrefslogtreecommitdiffstats
path: root/development
diff options
context:
space:
mode:
authorFilip Krzywka <filip.krzywka@nokia.com>2018-12-12 08:14:57 +0100
committerFilip Krzywka <filip.krzywka@nokia.com>2018-12-12 14:29:28 +0100
commitccdbec825673153bd57681fa8e1e5a507f4f776b (patch)
tree5a08208daa706ad1d816be1ebd8bce3067e30f6a /development
parenta239958522a9edd0951854884dd11a7ef5513ca4 (diff)
Add helper scripts
Change-Id: I8d5b48511e1b7f9cb7d1f65e8605ebe4cf1b17fc Issue-ID: DCAEGEN2-1027 Signed-off-by: Filip Krzywka <filip.krzywka@nokia.com>
Diffstat (limited to 'development')
-rwxr-xr-xdevelopment/bin/consul.sh79
-rwxr-xr-xdevelopment/bin/dcae-msgs.sh64
-rwxr-xr-xdevelopment/bin/dcae-reset.sh65
-rwxr-xr-xdevelopment/bin/dcae-topic.sh66
-rwxr-xr-xdevelopment/bin/run-xnf-simulator.sh81
-rwxr-xr-xdevelopment/bin/xnf-simulation.sh103
-rw-r--r--development/docker-compose.yml112
-rw-r--r--development/ssl/.gitignore7
-rw-r--r--development/ssl/Makefile-openssl41
-rw-r--r--development/ssl/README.md54
-rwxr-xr-xdevelopment/ssl/gen-certs.sh58
11 files changed, 730 insertions, 0 deletions
diff --git a/development/bin/consul.sh b/development/bin/consul.sh
new file mode 100755
index 00000000..c229f83e
--- /dev/null
+++ b/development/bin/consul.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# dcaegen2-collectors-veshv
+# ================================================================================
+# Copyright (C) 2018 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -euo pipefail
+
+usage() {
+ echo "Put HV-VES configuration into Consul key-value store"
+ echo "Usage: $0 [-h|--help] [-v|--verbose] [domain [topic]]"
+ exit 1
+}
+
+optspec=":vh-:" # catch v, h and -
+while getopts "$optspec" arg; do
+ case "${arg}" in
+ -) # handle longopts
+ case "${OPTARG}" in
+ verbose)
+ VERBOSE=True
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ echo "Unknown option --${OPTARG}" >&2
+ usage
+ ;;
+ esac
+ ;;
+ v)
+ VERBOSE=True
+ ;;
+ h)
+ usage
+ ;;
+ *)
+ echo "Unknown option -${OPTARG}" >&2
+ usage
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+DOMAIN=${1:-perf3gpp}
+TOPIC=${2:-HV_VES_PERF3GPP}
+
+CONFIGURATION="
+{
+ \"dmaap.kafkaBootstrapServers\": \"message-router-kafka:9092\",
+ \"collector.routing\":
+ [{
+ \"fromDomain\": \"${DOMAIN}\",
+ \"toTopic\": \"${TOPIC}\"
+ }]
+}"
+CONFIGURATION_ENDPOINT=localhost:8500/v1/kv/veshv-config
+
+
+if [ -n "${VERBOSE+x}" ]; then
+ echo "Configuration: ${CONFIGURATION}"
+ echo "Putting configuration under ${CONFIGURATION_ENDPOINT}."
+fi
+curl --request PUT ${CONFIGURATION_ENDPOINT} -d "${CONFIGURATION}"
+echo
diff --git a/development/bin/dcae-msgs.sh b/development/bin/dcae-msgs.sh
new file mode 100755
index 00000000..cb05a8c3
--- /dev/null
+++ b/development/bin/dcae-msgs.sh
@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# dcaegen2-collectors-veshv
+# ================================================================================
+# Copyright (C) 2018 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -euo pipefail
+
+usage() {
+ echo "Return current amount of consumed messages by dcae-app-simulator"
+ echo "Usage: $0 [-h|--help] [-v|--verbose]"
+ exit 1
+}
+
+optspec=":vh-:" # catch v, h and -
+while getopts "$optspec" arg; do
+ case "${arg}" in
+ -) # handle longopts
+ case "${OPTARG}" in
+ verbose)
+ VERBOSE=True
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ echo "Unknown option --${OPTARG}" >&2
+ usage
+ ;;
+ esac
+ ;;
+ v)
+ VERBOSE=True
+ ;;
+ h)
+ usage
+ ;;
+ *)
+ echo "Unknown option -${OPTARG}" >&2
+ usage
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+if [ -n "${VERBOSE+x}" ]; then
+ echo "All messages count currently consumed by dcae app simulator: "
+fi
+
+curl --request GET localhost:6063/messages/all/count
+echo
diff --git a/development/bin/dcae-reset.sh b/development/bin/dcae-reset.sh
new file mode 100755
index 00000000..e5b7b056
--- /dev/null
+++ b/development/bin/dcae-reset.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# dcaegen2-collectors-veshv
+# ================================================================================
+# Copyright (C) 2018 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -euo pipefail
+
+
+usage() {
+ echo "Resets dcae-app-simulator consumed messages count"
+ echo "Usage: $0 [-h|--help] [-v|--verbose]"
+ exit 1
+}
+
+optspec=":vh-:" # catch v, h and -
+while getopts "$optspec" arg; do
+ case "${arg}" in
+ -) # handle longopts
+ case "${OPTARG}" in
+ verbose)
+ VERBOSE=True
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ echo "Unknown option --${OPTARG}" >&2
+ usage
+ ;;
+ esac
+ ;;
+ v)
+ VERBOSE=True
+ ;;
+ h)
+ usage
+ ;;
+ *)
+ echo "Unknown option -${OPTARG}" >&2
+ usage
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+if [ -n "${VERBOSE+x}" ]; then
+ echo "Requesting DCAE app running on port 6063 to reset messages count"
+fi
+
+curl --request DELETE localhost:6063/messages
+echo
diff --git a/development/bin/dcae-topic.sh b/development/bin/dcae-topic.sh
new file mode 100755
index 00000000..8c176221
--- /dev/null
+++ b/development/bin/dcae-topic.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# dcaegen2-collectors-veshv
+# ================================================================================
+# Copyright (C) 2018 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -euo pipefail
+
+usage() {
+ echo "Set dcae-app-simulator to start consuming messages from given topic (HV_VES_PERF3GPP by default)"
+ echo "Usage: $0 [-h|--help] [-v|--verbose] [topic]"
+ exit 1
+}
+
+optspec=":vh-:" # catch v, h and -
+while getopts "$optspec" arg; do
+ case "${arg}" in
+ -) # handle longopts
+ case "${OPTARG}" in
+ verbose)
+ VERBOSE=True
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ echo "Unknown option --${OPTARG}" >&2
+ usage
+ ;;
+ esac
+ ;;
+ v)
+ VERBOSE=True
+ ;;
+ h)
+ usage
+ ;;
+ *)
+ echo "Unknown option -${OPTARG}" >&2
+ usage
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+TOPIC=${1:-HV_VES_PERF3GPP}
+
+if [ -n "${VERBOSE+x}" ]; then
+ echo "Requesting DCAE app running on port 6063 to consume messages from topic: ${TOPIC}"
+fi
+
+curl --request PUT localhost:6063/configuration/topics -d ${TOPIC}
+echo \ No newline at end of file
diff --git a/development/bin/run-xnf-simulator.sh b/development/bin/run-xnf-simulator.sh
new file mode 100755
index 00000000..3fe96928
--- /dev/null
+++ b/development/bin/run-xnf-simulator.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# dcaegen2-collectors-veshv
+# ================================================================================
+# Copyright (C) 2018 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -euo pipefail
+
+usage() {
+ echo "Start xnf-simulator container on given port and inside of given docker-network (by default 'development_default')"
+ echo "Usage: $0 [-h|--help] [-v|--verbose] <xnf listen port> [<hv ves docker network>]"
+ exit 1
+}
+
+optspec=":vh-:" # catch v, h and -
+while getopts "$optspec" arg; do
+ case "${arg}" in
+ -) # handle longopts
+ case "${OPTARG}" in
+ verbose)
+ VERBOSE=True
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ echo "Unknown option --${OPTARG}" >&2
+ usage
+ ;;
+ esac
+ ;;
+ v)
+ VERBOSE=True
+ ;;
+ h)
+ usage
+ ;;
+ *)
+ echo "Unknown option -${OPTARG}" >&2
+ usage
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+[ $# -eq 0 ] && usage
+
+
+LISTEN_PORT=$1
+HV_VES_NETWORK=${2:-development_default}
+
+PORTS="${LISTEN_PORT}:${LISTEN_PORT}/tcp"
+HV_VES_REPO_HOME=`pwd`/..
+
+if [ -n "${VERBOSE+x}" ]; then
+ echo "Starting xnf-simulator with ports configuration: ${PORTS} on network: ${HV_VES_NETWORK}"
+ echo "Container id:"
+fi
+docker run -d \
+ -v ${HV_VES_REPO_HOME}/ssl/:/etc/ves-hv/ \
+ -p ${PORTS} \
+ --network ${HV_VES_NETWORK} \
+ onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator \
+ --listen-port ${LISTEN_PORT} \
+ --ves-host ves-hv-collector \
+ --ves-port 6061 \
+ --key-store-password onaponap \
+ --trust-store-password onaponap \ No newline at end of file
diff --git a/development/bin/xnf-simulation.sh b/development/bin/xnf-simulation.sh
new file mode 100755
index 00000000..e1d65aa0
--- /dev/null
+++ b/development/bin/xnf-simulation.sh
@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# dcaegen2-collectors-veshv
+# ================================================================================
+# Copyright (C) 2018 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -euo pipefail
+
+usage() {
+ echo "Send request to xnf-simulator"
+ echo "Usage: $0 [-h|--help] [-v|--verbose] [<xnf listen port> [<messages amount> [<messages type> [<xnf endpoint>]]]]"
+ exit 1
+}
+
+optspec=":vh-:" # catch v, h and -
+while getopts "$optspec" arg; do
+ case "${arg}" in
+ -) # handle longopts
+ case "${OPTARG}" in
+ verbose)
+ VERBOSE=True
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ echo "Unknown option --${OPTARG}" >&2
+ usage
+ ;;
+ esac
+ ;;
+ v)
+ VERBOSE=True
+ ;;
+ h)
+ usage
+ ;;
+ *)
+ echo "Unknown option -${OPTARG}" >&2
+ usage
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+XNF_PORT=${1:-6062}
+MESSAGES_AMOUNT=${2:-1}
+MESSAGES_TYPE=${3:-VALID}
+XNF_ENDPOINT=simulator/async
+
+if [ -n "${VERBOSE+x}" ]; then
+ echo "Requesting xnf-simulator on port ${XNF_PORT} to send ${MESSAGES_AMOUNT} messages of type ${MESSAGES_TYPE}"
+fi
+
+REQUEST_ID=$(curl --request POST -s localhost:${XNF_PORT}/${XNF_ENDPOINT} -d "
+[
+ {
+ \"commonEventHeader\": {
+ \"version\": \"sample-version\",
+ \"domain\": \"perf3gpp\",
+ \"sequence\": 1,
+ \"priority\": 1,
+ \"eventId\": \"sample-event-id\",
+ \"eventName\": \"sample-event-name\",
+ \"eventType\": \"sample-event-type\",
+ \"startEpochMicrosec\": 120034455,
+ \"lastEpochMicrosec\": 120034455,
+ \"nfNamingCode\": \"sample-nf-naming-code\",
+ \"nfcNamingCode\": \"sample-nfc-naming-code\",
+ \"reportingEntityId\": \"sample-reporting-entity-id\",
+ \"reportingEntityName\": \"sample-reporting-entity-name\",
+ \"sourceId\": \"sample-source-id\",
+ \"sourceName\": \"sample-source-name\",
+ \"vesEventListenerVersion\": \"7.2.0\"
+ },
+ \"messageType\": \"${MESSAGES_TYPE}\",
+ \"messagesAmount\": ${MESSAGES_AMOUNT}
+ }
+]")
+
+if [ -n "${VERBOSE+x}" ]; then
+ echo -e "Request id: ${REQUEST_ID}\n"
+
+ echo "To check request status execute:"
+ echo "curl --request GET localhost:${XNF_PORT}/simulator/${REQUEST_ID}"
+ echo "To further debug you can try something similiar to:"
+ echo "docker ps -a | grep ${XNF_PORT} | awk '{ print \$1 }' | xargs docker logs"
+else
+ echo "${REQUEST_ID}"
+fi \ No newline at end of file
diff --git a/development/docker-compose.yml b/development/docker-compose.yml
new file mode 100644
index 00000000..d4c3f1d8
--- /dev/null
+++ b/development/docker-compose.yml
@@ -0,0 +1,112 @@
+version: "3.5"
+services:
+
+ #
+ # DMaaP Message Router
+ #
+
+ message-router-zookeeper:
+ image: wurstmeister/zookeeper
+ ports:
+ - "2181:2181"
+
+ message-router-kafka:
+# image: nexus3.onap.org:10001/onap/dmaap/kafka01101:0.0.1
+ image: wurstmeister/kafka
+ ports:
+ - "9092:9092"
+ environment:
+ KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
+ KAFKA_ZOOKEEPER_CONNECT: "message-router-zookeeper:2181"
+ KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT"
+ KAFKA_ADVERTISED_LISTENERS: "INTERNAL_PLAINTEXT://message-router-kafka:9092"
+ KAFKA_LISTENERS: "INTERNAL_PLAINTEXT://0.0.0.0:9092"
+ KAFKA_INTER_BROKER_LISTENER_NAME: "INTERNAL_PLAINTEXT"
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ depends_on:
+ - message-router-zookeeper
+
+
+ #
+ # Consul / CBS
+ #
+
+ consul-server:
+ image: docker.io/consul:1.0.6
+ ports:
+ - "8500:8500"
+ command: ["agent","-bootstrap", "-client=0.0.0.0", "-server", "-ui"]
+
+ consul-config:
+ image: consul
+ depends_on:
+ - consul-server
+ restart: on-failure
+ command: ["kv", "put", "-http-addr=http://consul-server:8500", "veshv-config", '{
+ "dmaap.kafkaBootstrapServers": "message-router-kafka:9092",
+ "collector.routing": [
+ {
+ "fromDomain": "perf3gpp",
+ "toTopic": "HV_VES_PERF3GPP"
+ }
+ ]
+ }']
+
+
+ #
+ # DCAE HV VES Collector
+ #
+
+ ves-hv-collector:
+ image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest
+ ports:
+ - "6060:6060"
+ - "6061:6061/tcp"
+ entrypoint: ["java", "-Dio.netty.leakDetection.level=paranoid",
+ "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"]
+ command: ["--listen-port", "6061",
+ "--health-check-api-port", "6060",
+ "--config-url", "http://consul-server:8500/v1/kv/veshv-config?raw=true",
+ "--key-store-password", "onaponap",
+ "--trust-store-password", "onaponap"]
+ healthcheck:
+ test: curl -f http://localhost:6060/health/ready || exit 1
+ interval: 10s
+ timeout: 3s
+ retries: 3
+ start_period: 20s
+ depends_on:
+ - message-router-kafka
+ - consul-server
+ volumes:
+ - ./ssl/:/etc/ves-hv/
+
+
+ #
+ # Simulators
+ #
+
+ xnf-simulator:
+ image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator
+ ports:
+ - "6062:6062/tcp"
+ command: ["--listen-port", "6062",
+ "--ves-host", "ves-hv-collector",
+ "--ves-port", "6061",
+ "--key-store-password", "onaponap",
+ "--trust-store-password", "onaponap"]
+ depends_on:
+ - ves-hv-collector
+ volumes:
+ - ./ssl/:/etc/ves-hv/
+
+ dcae-app-simulator:
+ image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator
+ ports:
+ - "6063:6063/tcp"
+ command: ["--listen-port", "6063",
+ "--kafka-bootstrap-servers", "message-router-kafka:9092",
+ "--kafka-topics", "HV_VES_PERF3GPP"]
+ depends_on:
+ - message-router-kafka
diff --git a/development/ssl/.gitignore b/development/ssl/.gitignore
new file mode 100644
index 00000000..23888eb0
--- /dev/null
+++ b/development/ssl/.gitignore
@@ -0,0 +1,7 @@
+*.crt
+*.key
+*.srl
+*.csr
+*.pkcs12
+*.p12
+
diff --git a/development/ssl/Makefile-openssl b/development/ssl/Makefile-openssl
new file mode 100644
index 00000000..09802ce4
--- /dev/null
+++ b/development/ssl/Makefile-openssl
@@ -0,0 +1,41 @@
+FILE=sample
+PASSWD=onaponap
+CA_PASSWD=onaponap
+SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO
+CA=trust
+
+sign: $(FILE).crt
+
+clean:
+ rm -f *.crt *.key *.srl *.csr *.pkcs12
+
+generate-ca-certificate: $(CA).crt
+
+generate-private-key: $(FILE).key
+
+create-public-key: $(FILE).pub
+
+create-sign-request: $(FILE).csr
+
+create-key-store: $(FILE).ks.pkcs12
+
+create-trust-store: $(CA).crt
+ openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD)
+
+$(CA).crt:
+ openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)"
+
+$(FILE).key:
+ openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048
+
+$(FILE).pub: $(FILE).key
+ openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt
+
+$(FILE).csr: $(FILE).key
+ openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)"
+
+$(FILE).crt: $(CA).crt $(FILE).csr
+ openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD)
+
+$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt
+ openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD)
diff --git a/development/ssl/README.md b/development/ssl/README.md
new file mode 100644
index 00000000..c2819d24
--- /dev/null
+++ b/development/ssl/README.md
@@ -0,0 +1,54 @@
+# Generating SSL certificates
+
+## Java keytool way (recommended)
+
+To generate:
+
+```shell
+./gen-certs.sh
+```
+
+To clean (remove generated files):
+
+```shell
+./gen-certs.sh clean
+```
+
+## OpenSSL way (currently might not work)
+
+> Add `-f Makefile-openssl` to each command
+
+Typical usage:
+
+```shell
+make FILE=client
+make FILE=server
+```
+
+or (to generate PKCS12 key and trust stores):
+
+```shell
+make create-key-store FILE=client
+make create-key-store FILE=server
+make create-trust-store
+```
+
+Will generate CA certificate and signed client and server certificates.
+
+More "low-level" usage:
+
+```shell
+make generate-ca-certificate
+make generate-private-key FILE=client
+make sign FILE=client
+```
+
+# Connecting to a server
+
+First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority.
+
+After that you can:
+
+```shell
+./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat
+```
diff --git a/development/ssl/gen-certs.sh b/development/ssl/gen-certs.sh
new file mode 100755
index 00000000..b4f78227
--- /dev/null
+++ b/development/ssl/gen-certs.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+set -eu -o pipefail -o xtrace
+
+STORE_PASS=onaponap
+CN_PREFIX=dcaegen2-hvves
+DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}"
+TRUST=trust
+
+store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt"
+
+function gen_key() {
+ local key_name="$1"
+ local ca="$2"
+ local keystore="-keystore ${key_name}.p12 ${store_opts}"
+ keytool -genkey -alias ${key_name} \
+ ${keystore} \
+ -keyalg RSA \
+ -validity 730 \
+ -keysize 2048 \
+ -dname "${DNAME_PREFIX}-${key_name}"
+ keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore}
+
+ keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \
+ keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \
+ keytool -alias ${key_name} -importcert ${keystore}
+}
+
+
+function gen_ca() {
+ local ca="$1"
+ keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12
+ keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12
+}
+
+function gen_truststore() {
+ local trusted_ca="$1"
+ keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12
+}
+
+function clean() {
+ rm -f *.crt *.p12
+}
+
+if [[ $# -eq 0 ]]; then
+ gen_ca ca
+ gen_ca untrustedca
+ gen_truststore ca
+ gen_key client ca
+ gen_key server ca
+ gen_key untrustedclient untrustedca
+elif [[ $1 == "clean" ]]; then
+ clean
+else
+ echo "usage: $0 [clean]"
+ exit 1
+fi
+