diff options
| author |   Vijay Venkatesh Kumar <vv770d@att.com> | 2020-04-13 18:00:26 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2020-04-13 18:00:26 +0000 |
| commit | 06d45b681f12fcb88fcca76bcc6170eaf020560b (patch) | |
| tree | a07c98ded83da95a9c44a6f67a9616b8cd7dbf55 | |
| parent | 0fbf888a2d6acfc67f7e555fdaec485ecb8c6ff9 (diff) | |
| parent | 9979aa39e0b9ddbc8741b809c7aa79d11c18cfbf (diff) | |
Merge "Add description of turn off TLS"
| -rw-r--r-- | docs/sections/services/ves-hv/index.rst | 1 | ||||
| -rw-r--r-- | docs/sections/services/ves-hv/running-insecure.rst | 58 | ||||
| -rw-r--r-- | docs/sections/services/ves-hv/troubleshooting.rst | 2 |
3 files changed, 61 insertions, 0 deletions
diff --git a/docs/sections/services/ves-hv/index.rst b/docs/sections/services/ves-hv/index.rst index 144f557e..8c1105a1 100644 --- a/docs/sections/services/ves-hv/index.rst +++ b/docs/sections/services/ves-hv/index.rst @@ -34,6 +34,7 @@ High Volume VES Collector overview and functions run-time-configuration HV-VES Offered APIs <../../apis/ves-hv/index> authorization + running-insecure example-event healthcheck-and-monitoring troubleshooting diff --git a/docs/sections/services/ves-hv/running-insecure.rst b/docs/sections/services/ves-hv/running-insecure.rst new file mode 100644 index 00000000..8d366ac2 --- /dev/null +++ b/docs/sections/services/ves-hv/running-insecure.rst @@ -0,0 +1,58 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +.. _running_insecure: + +Running insecure HV-VES in test environments +============================================ + +HV-VES application is configured by default to use TLS/SSL encryption on TCP connection. However it is posible to turn off TLS/SSL authorization by overriding Cloudify blueprint inputs. + + +Accessing bootstrap container with Kubernetes command line tool +--------------------------------------------------------------- + +To find bootstrap pod, execute the following command: + +:: + + kubectl -n <onap namespace> get pods | grep bootstrap + +To run command line in bootstrap pod, execute: + +:: + + kubectl -n <onap namespace> exec -it <bootstrap-pod-name> bash + + +Disable TLS/SSL by overriding Cloudify blueprint inputs +------------------------------------------------------- + +1. If You have a running HV-VES instance, uninstall HV-VES and delete current deployment: + +:: + + cfy executions start -d hv-ves uninstall + cfy deployments delete hv-ves + +2. Create new deployment with inputs from yaml file and override 'security_ssl_disable' value: + +:: + + cfy deployments create -b hv-ves -i inputs/k8s-hv_ves-inputs.yaml -i security_ssl_disable=True hv-ves + +To verify inputs, You can execute: + +:: + + cfy deployments inputs hv-ves + +3. Install HV-VES deployment: + +:: + + cfy executions start -d hv-ves install + + + + diff --git a/docs/sections/services/ves-hv/troubleshooting.rst b/docs/sections/services/ves-hv/troubleshooting.rst index d6cf9f1e..15ce44c3 100644 --- a/docs/sections/services/ves-hv/troubleshooting.rst +++ b/docs/sections/services/ves-hv/troubleshooting.rst @@ -213,6 +213,8 @@ They can be changed by specifying ``security.keys.trustStore`` or ``security.key For testing purposes there is possibility to use plain TCP protocol. In order to do this navigate with your browser to consul-ui service and than pick KEY/VALUE tab. Select dcae-hv-ves-collector and change ``security.sslDisable`` to true. Update of configuration should let start TCP server without SSL/TLS configured. +In order to disable TLS/SSL by overriding Cloudify blueprint inputs, see :ref:`running_insecure`. + ==== **Invalid credentials** |