From ccdbec825673153bd57681fa8e1e5a507f4f776b Mon Sep 17 00:00:00 2001 From: Filip Krzywka Date: Wed, 12 Dec 2018 08:14:57 +0100 Subject: Add helper scripts Change-Id: I8d5b48511e1b7f9cb7d1f65e8605ebe4cf1b17fc Issue-ID: DCAEGEN2-1027 Signed-off-by: Filip Krzywka --- development/bin/consul.sh | 79 ++++++++++++++++++++++++ development/bin/dcae-msgs.sh | 64 ++++++++++++++++++++ development/bin/dcae-reset.sh | 65 ++++++++++++++++++++ development/bin/dcae-topic.sh | 66 +++++++++++++++++++++ development/bin/run-xnf-simulator.sh | 81 +++++++++++++++++++++++++ development/bin/xnf-simulation.sh | 103 ++++++++++++++++++++++++++++++++ development/docker-compose.yml | 112 +++++++++++++++++++++++++++++++++++ development/ssl/.gitignore | 7 +++ development/ssl/Makefile-openssl | 41 +++++++++++++ development/ssl/README.md | 54 +++++++++++++++++ development/ssl/gen-certs.sh | 58 ++++++++++++++++++ docker-compose.yml | 112 ----------------------------------- ssl/.gitignore | 7 --- ssl/Makefile-openssl | 41 ------------- ssl/README.md | 54 ----------------- ssl/gen-certs.sh | 58 ------------------ 16 files changed, 730 insertions(+), 272 deletions(-) create mode 100755 development/bin/consul.sh create mode 100755 development/bin/dcae-msgs.sh create mode 100755 development/bin/dcae-reset.sh create mode 100755 development/bin/dcae-topic.sh create mode 100755 development/bin/run-xnf-simulator.sh create mode 100755 development/bin/xnf-simulation.sh create mode 100644 development/docker-compose.yml create mode 100644 development/ssl/.gitignore create mode 100644 development/ssl/Makefile-openssl create mode 100644 development/ssl/README.md create mode 100755 development/ssl/gen-certs.sh delete mode 100644 docker-compose.yml delete mode 100644 ssl/.gitignore delete mode 100644 ssl/Makefile-openssl delete mode 100644 ssl/README.md delete mode 100755 ssl/gen-certs.sh diff --git a/development/bin/consul.sh b/development/bin/consul.sh new file mode 100755 index 00000000..c229f83e --- /dev/null +++ b/development/bin/consul.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +# ============LICENSE_START======================================================= +# dcaegen2-collectors-veshv +# ================================================================================ +# Copyright (C) 2018 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +set -euo pipefail + +usage() { + echo "Put HV-VES configuration into Consul key-value store" + echo "Usage: $0 [-h|--help] [-v|--verbose] [domain [topic]]" + exit 1 +} + +optspec=":vh-:" # catch v, h and - +while getopts "$optspec" arg; do + case "${arg}" in + -) # handle longopts + case "${OPTARG}" in + verbose) + VERBOSE=True + ;; + help) + usage + ;; + *) + echo "Unknown option --${OPTARG}" >&2 + usage + ;; + esac + ;; + v) + VERBOSE=True + ;; + h) + usage + ;; + *) + echo "Unknown option -${OPTARG}" >&2 + usage + ;; + esac +done +shift $((OPTIND-1)) + +DOMAIN=${1:-perf3gpp} +TOPIC=${2:-HV_VES_PERF3GPP} + +CONFIGURATION=" +{ + \"dmaap.kafkaBootstrapServers\": \"message-router-kafka:9092\", + \"collector.routing\": + [{ + \"fromDomain\": \"${DOMAIN}\", + \"toTopic\": \"${TOPIC}\" + }] +}" +CONFIGURATION_ENDPOINT=localhost:8500/v1/kv/veshv-config + + +if [ -n "${VERBOSE+x}" ]; then + echo "Configuration: ${CONFIGURATION}" + echo "Putting configuration under ${CONFIGURATION_ENDPOINT}." +fi +curl --request PUT ${CONFIGURATION_ENDPOINT} -d "${CONFIGURATION}" +echo diff --git a/development/bin/dcae-msgs.sh b/development/bin/dcae-msgs.sh new file mode 100755 index 00000000..cb05a8c3 --- /dev/null +++ b/development/bin/dcae-msgs.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash +# ============LICENSE_START======================================================= +# dcaegen2-collectors-veshv +# ================================================================================ +# Copyright (C) 2018 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +set -euo pipefail + +usage() { + echo "Return current amount of consumed messages by dcae-app-simulator" + echo "Usage: $0 [-h|--help] [-v|--verbose]" + exit 1 +} + +optspec=":vh-:" # catch v, h and - +while getopts "$optspec" arg; do + case "${arg}" in + -) # handle longopts + case "${OPTARG}" in + verbose) + VERBOSE=True + ;; + help) + usage + ;; + *) + echo "Unknown option --${OPTARG}" >&2 + usage + ;; + esac + ;; + v) + VERBOSE=True + ;; + h) + usage + ;; + *) + echo "Unknown option -${OPTARG}" >&2 + usage + ;; + esac +done +shift $((OPTIND-1)) + +if [ -n "${VERBOSE+x}" ]; then + echo "All messages count currently consumed by dcae app simulator: " +fi + +curl --request GET localhost:6063/messages/all/count +echo diff --git a/development/bin/dcae-reset.sh b/development/bin/dcae-reset.sh new file mode 100755 index 00000000..e5b7b056 --- /dev/null +++ b/development/bin/dcae-reset.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash +# ============LICENSE_START======================================================= +# dcaegen2-collectors-veshv +# ================================================================================ +# Copyright (C) 2018 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +set -euo pipefail + + +usage() { + echo "Resets dcae-app-simulator consumed messages count" + echo "Usage: $0 [-h|--help] [-v|--verbose]" + exit 1 +} + +optspec=":vh-:" # catch v, h and - +while getopts "$optspec" arg; do + case "${arg}" in + -) # handle longopts + case "${OPTARG}" in + verbose) + VERBOSE=True + ;; + help) + usage + ;; + *) + echo "Unknown option --${OPTARG}" >&2 + usage + ;; + esac + ;; + v) + VERBOSE=True + ;; + h) + usage + ;; + *) + echo "Unknown option -${OPTARG}" >&2 + usage + ;; + esac +done +shift $((OPTIND-1)) + +if [ -n "${VERBOSE+x}" ]; then + echo "Requesting DCAE app running on port 6063 to reset messages count" +fi + +curl --request DELETE localhost:6063/messages +echo diff --git a/development/bin/dcae-topic.sh b/development/bin/dcae-topic.sh new file mode 100755 index 00000000..8c176221 --- /dev/null +++ b/development/bin/dcae-topic.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +# ============LICENSE_START======================================================= +# dcaegen2-collectors-veshv +# ================================================================================ +# Copyright (C) 2018 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +set -euo pipefail + +usage() { + echo "Set dcae-app-simulator to start consuming messages from given topic (HV_VES_PERF3GPP by default)" + echo "Usage: $0 [-h|--help] [-v|--verbose] [topic]" + exit 1 +} + +optspec=":vh-:" # catch v, h and - +while getopts "$optspec" arg; do + case "${arg}" in + -) # handle longopts + case "${OPTARG}" in + verbose) + VERBOSE=True + ;; + help) + usage + ;; + *) + echo "Unknown option --${OPTARG}" >&2 + usage + ;; + esac + ;; + v) + VERBOSE=True + ;; + h) + usage + ;; + *) + echo "Unknown option -${OPTARG}" >&2 + usage + ;; + esac +done +shift $((OPTIND-1)) + +TOPIC=${1:-HV_VES_PERF3GPP} + +if [ -n "${VERBOSE+x}" ]; then + echo "Requesting DCAE app running on port 6063 to consume messages from topic: ${TOPIC}" +fi + +curl --request PUT localhost:6063/configuration/topics -d ${TOPIC} +echo \ No newline at end of file diff --git a/development/bin/run-xnf-simulator.sh b/development/bin/run-xnf-simulator.sh new file mode 100755 index 00000000..3fe96928 --- /dev/null +++ b/development/bin/run-xnf-simulator.sh @@ -0,0 +1,81 @@ +#!/usr/bin/env bash +# ============LICENSE_START======================================================= +# dcaegen2-collectors-veshv +# ================================================================================ +# Copyright (C) 2018 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +set -euo pipefail + +usage() { + echo "Start xnf-simulator container on given port and inside of given docker-network (by default 'development_default')" + echo "Usage: $0 [-h|--help] [-v|--verbose] []" + exit 1 +} + +optspec=":vh-:" # catch v, h and - +while getopts "$optspec" arg; do + case "${arg}" in + -) # handle longopts + case "${OPTARG}" in + verbose) + VERBOSE=True + ;; + help) + usage + ;; + *) + echo "Unknown option --${OPTARG}" >&2 + usage + ;; + esac + ;; + v) + VERBOSE=True + ;; + h) + usage + ;; + *) + echo "Unknown option -${OPTARG}" >&2 + usage + ;; + esac +done +shift $((OPTIND-1)) + +[ $# -eq 0 ] && usage + + +LISTEN_PORT=$1 +HV_VES_NETWORK=${2:-development_default} + +PORTS="${LISTEN_PORT}:${LISTEN_PORT}/tcp" +HV_VES_REPO_HOME=`pwd`/.. + +if [ -n "${VERBOSE+x}" ]; then + echo "Starting xnf-simulator with ports configuration: ${PORTS} on network: ${HV_VES_NETWORK}" + echo "Container id:" +fi +docker run -d \ + -v ${HV_VES_REPO_HOME}/ssl/:/etc/ves-hv/ \ + -p ${PORTS} \ + --network ${HV_VES_NETWORK} \ + onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator \ + --listen-port ${LISTEN_PORT} \ + --ves-host ves-hv-collector \ + --ves-port 6061 \ + --key-store-password onaponap \ + --trust-store-password onaponap \ No newline at end of file diff --git a/development/bin/xnf-simulation.sh b/development/bin/xnf-simulation.sh new file mode 100755 index 00000000..e1d65aa0 --- /dev/null +++ b/development/bin/xnf-simulation.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +# ============LICENSE_START======================================================= +# dcaegen2-collectors-veshv +# ================================================================================ +# Copyright (C) 2018 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +set -euo pipefail + +usage() { + echo "Send request to xnf-simulator" + echo "Usage: $0 [-h|--help] [-v|--verbose] [ [ [ []]]]" + exit 1 +} + +optspec=":vh-:" # catch v, h and - +while getopts "$optspec" arg; do + case "${arg}" in + -) # handle longopts + case "${OPTARG}" in + verbose) + VERBOSE=True + ;; + help) + usage + ;; + *) + echo "Unknown option --${OPTARG}" >&2 + usage + ;; + esac + ;; + v) + VERBOSE=True + ;; + h) + usage + ;; + *) + echo "Unknown option -${OPTARG}" >&2 + usage + ;; + esac +done +shift $((OPTIND-1)) + +XNF_PORT=${1:-6062} +MESSAGES_AMOUNT=${2:-1} +MESSAGES_TYPE=${3:-VALID} +XNF_ENDPOINT=simulator/async + +if [ -n "${VERBOSE+x}" ]; then + echo "Requesting xnf-simulator on port ${XNF_PORT} to send ${MESSAGES_AMOUNT} messages of type ${MESSAGES_TYPE}" +fi + +REQUEST_ID=$(curl --request POST -s localhost:${XNF_PORT}/${XNF_ENDPOINT} -d " +[ + { + \"commonEventHeader\": { + \"version\": \"sample-version\", + \"domain\": \"perf3gpp\", + \"sequence\": 1, + \"priority\": 1, + \"eventId\": \"sample-event-id\", + \"eventName\": \"sample-event-name\", + \"eventType\": \"sample-event-type\", + \"startEpochMicrosec\": 120034455, + \"lastEpochMicrosec\": 120034455, + \"nfNamingCode\": \"sample-nf-naming-code\", + \"nfcNamingCode\": \"sample-nfc-naming-code\", + \"reportingEntityId\": \"sample-reporting-entity-id\", + \"reportingEntityName\": \"sample-reporting-entity-name\", + \"sourceId\": \"sample-source-id\", + \"sourceName\": \"sample-source-name\", + \"vesEventListenerVersion\": \"7.2.0\" + }, + \"messageType\": \"${MESSAGES_TYPE}\", + \"messagesAmount\": ${MESSAGES_AMOUNT} + } +]") + +if [ -n "${VERBOSE+x}" ]; then + echo -e "Request id: ${REQUEST_ID}\n" + + echo "To check request status execute:" + echo "curl --request GET localhost:${XNF_PORT}/simulator/${REQUEST_ID}" + echo "To further debug you can try something similiar to:" + echo "docker ps -a | grep ${XNF_PORT} | awk '{ print \$1 }' | xargs docker logs" +else + echo "${REQUEST_ID}" +fi \ No newline at end of file diff --git a/development/docker-compose.yml b/development/docker-compose.yml new file mode 100644 index 00000000..d4c3f1d8 --- /dev/null +++ b/development/docker-compose.yml @@ -0,0 +1,112 @@ +version: "3.5" +services: + + # + # DMaaP Message Router + # + + message-router-zookeeper: + image: wurstmeister/zookeeper + ports: + - "2181:2181" + + message-router-kafka: +# image: nexus3.onap.org:10001/onap/dmaap/kafka01101:0.0.1 + image: wurstmeister/kafka + ports: + - "9092:9092" + environment: + KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true' + KAFKA_ZOOKEEPER_CONNECT: "message-router-zookeeper:2181" + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT" + KAFKA_ADVERTISED_LISTENERS: "INTERNAL_PLAINTEXT://message-router-kafka:9092" + KAFKA_LISTENERS: "INTERNAL_PLAINTEXT://0.0.0.0:9092" + KAFKA_INTER_BROKER_LISTENER_NAME: "INTERNAL_PLAINTEXT" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + depends_on: + - message-router-zookeeper + + + # + # Consul / CBS + # + + consul-server: + image: docker.io/consul:1.0.6 + ports: + - "8500:8500" + command: ["agent","-bootstrap", "-client=0.0.0.0", "-server", "-ui"] + + consul-config: + image: consul + depends_on: + - consul-server + restart: on-failure + command: ["kv", "put", "-http-addr=http://consul-server:8500", "veshv-config", '{ + "dmaap.kafkaBootstrapServers": "message-router-kafka:9092", + "collector.routing": [ + { + "fromDomain": "perf3gpp", + "toTopic": "HV_VES_PERF3GPP" + } + ] + }'] + + + # + # DCAE HV VES Collector + # + + ves-hv-collector: + image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest + ports: + - "6060:6060" + - "6061:6061/tcp" + entrypoint: ["java", "-Dio.netty.leakDetection.level=paranoid", + "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"] + command: ["--listen-port", "6061", + "--health-check-api-port", "6060", + "--config-url", "http://consul-server:8500/v1/kv/veshv-config?raw=true", + "--key-store-password", "onaponap", + "--trust-store-password", "onaponap"] + healthcheck: + test: curl -f http://localhost:6060/health/ready || exit 1 + interval: 10s + timeout: 3s + retries: 3 + start_period: 20s + depends_on: + - message-router-kafka + - consul-server + volumes: + - ./ssl/:/etc/ves-hv/ + + + # + # Simulators + # + + xnf-simulator: + image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator + ports: + - "6062:6062/tcp" + command: ["--listen-port", "6062", + "--ves-host", "ves-hv-collector", + "--ves-port", "6061", + "--key-store-password", "onaponap", + "--trust-store-password", "onaponap"] + depends_on: + - ves-hv-collector + volumes: + - ./ssl/:/etc/ves-hv/ + + dcae-app-simulator: + image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator + ports: + - "6063:6063/tcp" + command: ["--listen-port", "6063", + "--kafka-bootstrap-servers", "message-router-kafka:9092", + "--kafka-topics", "HV_VES_PERF3GPP"] + depends_on: + - message-router-kafka diff --git a/development/ssl/.gitignore b/development/ssl/.gitignore new file mode 100644 index 00000000..23888eb0 --- /dev/null +++ b/development/ssl/.gitignore @@ -0,0 +1,7 @@ +*.crt +*.key +*.srl +*.csr +*.pkcs12 +*.p12 + diff --git a/development/ssl/Makefile-openssl b/development/ssl/Makefile-openssl new file mode 100644 index 00000000..09802ce4 --- /dev/null +++ b/development/ssl/Makefile-openssl @@ -0,0 +1,41 @@ +FILE=sample +PASSWD=onaponap +CA_PASSWD=onaponap +SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO +CA=trust + +sign: $(FILE).crt + +clean: + rm -f *.crt *.key *.srl *.csr *.pkcs12 + +generate-ca-certificate: $(CA).crt + +generate-private-key: $(FILE).key + +create-public-key: $(FILE).pub + +create-sign-request: $(FILE).csr + +create-key-store: $(FILE).ks.pkcs12 + +create-trust-store: $(CA).crt + openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD) + +$(CA).crt: + openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" + +$(FILE).key: + openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048 + +$(FILE).pub: $(FILE).key + openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt + +$(FILE).csr: $(FILE).key + openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" + +$(FILE).crt: $(CA).crt $(FILE).csr + openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) + +$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt + openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD) diff --git a/development/ssl/README.md b/development/ssl/README.md new file mode 100644 index 00000000..c2819d24 --- /dev/null +++ b/development/ssl/README.md @@ -0,0 +1,54 @@ +# Generating SSL certificates + +## Java keytool way (recommended) + +To generate: + +```shell +./gen-certs.sh +``` + +To clean (remove generated files): + +```shell +./gen-certs.sh clean +``` + +## OpenSSL way (currently might not work) + +> Add `-f Makefile-openssl` to each command + +Typical usage: + +```shell +make FILE=client +make FILE=server +``` + +or (to generate PKCS12 key and trust stores): + +```shell +make create-key-store FILE=client +make create-key-store FILE=server +make create-trust-store +``` + +Will generate CA certificate and signed client and server certificates. + +More "low-level" usage: + +```shell +make generate-ca-certificate +make generate-private-key FILE=client +make sign FILE=client +``` + +# Connecting to a server + +First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. + +After that you can: + +```shell +./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat +``` diff --git a/development/ssl/gen-certs.sh b/development/ssl/gen-certs.sh new file mode 100755 index 00000000..b4f78227 --- /dev/null +++ b/development/ssl/gen-certs.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash + +set -eu -o pipefail -o xtrace + +STORE_PASS=onaponap +CN_PREFIX=dcaegen2-hvves +DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" +TRUST=trust + +store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" + +function gen_key() { + local key_name="$1" + local ca="$2" + local keystore="-keystore ${key_name}.p12 ${store_opts}" + keytool -genkey -alias ${key_name} \ + ${keystore} \ + -keyalg RSA \ + -validity 730 \ + -keysize 2048 \ + -dname "${DNAME_PREFIX}-${key_name}" + keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} + + keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ + keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ + keytool -alias ${key_name} -importcert ${keystore} +} + + +function gen_ca() { + local ca="$1" + keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 + keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 +} + +function gen_truststore() { + local trusted_ca="$1" + keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12 +} + +function clean() { + rm -f *.crt *.p12 +} + +if [[ $# -eq 0 ]]; then + gen_ca ca + gen_ca untrustedca + gen_truststore ca + gen_key client ca + gen_key server ca + gen_key untrustedclient untrustedca +elif [[ $1 == "clean" ]]; then + clean +else + echo "usage: $0 [clean]" + exit 1 +fi + diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index d4c3f1d8..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,112 +0,0 @@ -version: "3.5" -services: - - # - # DMaaP Message Router - # - - message-router-zookeeper: - image: wurstmeister/zookeeper - ports: - - "2181:2181" - - message-router-kafka: -# image: nexus3.onap.org:10001/onap/dmaap/kafka01101:0.0.1 - image: wurstmeister/kafka - ports: - - "9092:9092" - environment: - KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true' - KAFKA_ZOOKEEPER_CONNECT: "message-router-zookeeper:2181" - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT" - KAFKA_ADVERTISED_LISTENERS: "INTERNAL_PLAINTEXT://message-router-kafka:9092" - KAFKA_LISTENERS: "INTERNAL_PLAINTEXT://0.0.0.0:9092" - KAFKA_INTER_BROKER_LISTENER_NAME: "INTERNAL_PLAINTEXT" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - depends_on: - - message-router-zookeeper - - - # - # Consul / CBS - # - - consul-server: - image: docker.io/consul:1.0.6 - ports: - - "8500:8500" - command: ["agent","-bootstrap", "-client=0.0.0.0", "-server", "-ui"] - - consul-config: - image: consul - depends_on: - - consul-server - restart: on-failure - command: ["kv", "put", "-http-addr=http://consul-server:8500", "veshv-config", '{ - "dmaap.kafkaBootstrapServers": "message-router-kafka:9092", - "collector.routing": [ - { - "fromDomain": "perf3gpp", - "toTopic": "HV_VES_PERF3GPP" - } - ] - }'] - - - # - # DCAE HV VES Collector - # - - ves-hv-collector: - image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest - ports: - - "6060:6060" - - "6061:6061/tcp" - entrypoint: ["java", "-Dio.netty.leakDetection.level=paranoid", - "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"] - command: ["--listen-port", "6061", - "--health-check-api-port", "6060", - "--config-url", "http://consul-server:8500/v1/kv/veshv-config?raw=true", - "--key-store-password", "onaponap", - "--trust-store-password", "onaponap"] - healthcheck: - test: curl -f http://localhost:6060/health/ready || exit 1 - interval: 10s - timeout: 3s - retries: 3 - start_period: 20s - depends_on: - - message-router-kafka - - consul-server - volumes: - - ./ssl/:/etc/ves-hv/ - - - # - # Simulators - # - - xnf-simulator: - image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator - ports: - - "6062:6062/tcp" - command: ["--listen-port", "6062", - "--ves-host", "ves-hv-collector", - "--ves-port", "6061", - "--key-store-password", "onaponap", - "--trust-store-password", "onaponap"] - depends_on: - - ves-hv-collector - volumes: - - ./ssl/:/etc/ves-hv/ - - dcae-app-simulator: - image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator - ports: - - "6063:6063/tcp" - command: ["--listen-port", "6063", - "--kafka-bootstrap-servers", "message-router-kafka:9092", - "--kafka-topics", "HV_VES_PERF3GPP"] - depends_on: - - message-router-kafka diff --git a/ssl/.gitignore b/ssl/.gitignore deleted file mode 100644 index 23888eb0..00000000 --- a/ssl/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -*.crt -*.key -*.srl -*.csr -*.pkcs12 -*.p12 - diff --git a/ssl/Makefile-openssl b/ssl/Makefile-openssl deleted file mode 100644 index 09802ce4..00000000 --- a/ssl/Makefile-openssl +++ /dev/null @@ -1,41 +0,0 @@ -FILE=sample -PASSWD=onaponap -CA_PASSWD=onaponap -SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO -CA=trust - -sign: $(FILE).crt - -clean: - rm -f *.crt *.key *.srl *.csr *.pkcs12 - -generate-ca-certificate: $(CA).crt - -generate-private-key: $(FILE).key - -create-public-key: $(FILE).pub - -create-sign-request: $(FILE).csr - -create-key-store: $(FILE).ks.pkcs12 - -create-trust-store: $(CA).crt - openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD) - -$(CA).crt: - openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" - -$(FILE).key: - openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048 - -$(FILE).pub: $(FILE).key - openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt - -$(FILE).csr: $(FILE).key - openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" - -$(FILE).crt: $(CA).crt $(FILE).csr - openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) - -$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt - openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD) diff --git a/ssl/README.md b/ssl/README.md deleted file mode 100644 index c2819d24..00000000 --- a/ssl/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# Generating SSL certificates - -## Java keytool way (recommended) - -To generate: - -```shell -./gen-certs.sh -``` - -To clean (remove generated files): - -```shell -./gen-certs.sh clean -``` - -## OpenSSL way (currently might not work) - -> Add `-f Makefile-openssl` to each command - -Typical usage: - -```shell -make FILE=client -make FILE=server -``` - -or (to generate PKCS12 key and trust stores): - -```shell -make create-key-store FILE=client -make create-key-store FILE=server -make create-trust-store -``` - -Will generate CA certificate and signed client and server certificates. - -More "low-level" usage: - -```shell -make generate-ca-certificate -make generate-private-key FILE=client -make sign FILE=client -``` - -# Connecting to a server - -First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. - -After that you can: - -```shell -./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat -``` diff --git a/ssl/gen-certs.sh b/ssl/gen-certs.sh deleted file mode 100755 index b4f78227..00000000 --- a/ssl/gen-certs.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env bash - -set -eu -o pipefail -o xtrace - -STORE_PASS=onaponap -CN_PREFIX=dcaegen2-hvves -DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" -TRUST=trust - -store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" - -function gen_key() { - local key_name="$1" - local ca="$2" - local keystore="-keystore ${key_name}.p12 ${store_opts}" - keytool -genkey -alias ${key_name} \ - ${keystore} \ - -keyalg RSA \ - -validity 730 \ - -keysize 2048 \ - -dname "${DNAME_PREFIX}-${key_name}" - keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} - - keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ - keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ - keytool -alias ${key_name} -importcert ${keystore} -} - - -function gen_ca() { - local ca="$1" - keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 - keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 -} - -function gen_truststore() { - local trusted_ca="$1" - keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12 -} - -function clean() { - rm -f *.crt *.p12 -} - -if [[ $# -eq 0 ]]; then - gen_ca ca - gen_ca untrustedca - gen_truststore ca - gen_key client ca - gen_key server ca - gen_key untrustedclient untrustedca -elif [[ $1 == "clean" ]]; then - clean -else - echo "usage: $0 [clean]" - exit 1 -fi - -- cgit 1.2.3-korg