diff options
| author |   Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2020-04-02 16:35:31 +0200 |
|---|---|---|
| committer | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2020-04-09 08:43:11 +0200 |
| commit | 9979aa39e0b9ddbc8741b809c7aa79d11c18cfbf (patch) | |
| tree | 4ccd0cb32cc6761f420e09aecdabc1ccd6559135 | |
| parent | 8d44c1bb2b6e7b7bf85341bb5123c4f2bff62b53 (diff) | |
Add description of turn off TLS
Add description of running insecure hv-ves in test environments by cloudify
Issue-ID: DCAEGEN2-2143
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I02d60b50ebb139fda85f2d79a6a33e3b38547b1c
| -rw-r--r-- | docs/sections/services/ves-hv/index.rst | 1 | ||||
| -rw-r--r-- | docs/sections/services/ves-hv/running-insecure.rst | 58 | ||||
| -rw-r--r-- | docs/sections/services/ves-hv/troubleshooting.rst | 2 |
3 files changed, 61 insertions, 0 deletions
diff --git a/docs/sections/services/ves-hv/index.rst b/docs/sections/services/ves-hv/index.rst index 144f557e..8c1105a1 100644 --- a/docs/sections/services/ves-hv/index.rst +++ b/docs/sections/services/ves-hv/index.rst @@ -34,6 +34,7 @@ High Volume VES Collector overview and functions run-time-configuration HV-VES Offered APIs <../../apis/ves-hv/index> authorization + running-insecure example-event healthcheck-and-monitoring troubleshooting diff --git a/docs/sections/services/ves-hv/running-insecure.rst b/docs/sections/services/ves-hv/running-insecure.rst new file mode 100644 index 00000000..8d366ac2 --- /dev/null +++ b/docs/sections/services/ves-hv/running-insecure.rst @@ -0,0 +1,58 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +.. _running_insecure: + +Running insecure HV-VES in test environments +============================================ + +HV-VES application is configured by default to use TLS/SSL encryption on TCP connection. However it is posible to turn off TLS/SSL authorization by overriding Cloudify blueprint inputs. + + +Accessing bootstrap container with Kubernetes command line tool +--------------------------------------------------------------- + +To find bootstrap pod, execute the following command: + +:: + + kubectl -n <onap namespace> get pods | grep bootstrap + +To run command line in bootstrap pod, execute: + +:: + + kubectl -n <onap namespace> exec -it <bootstrap-pod-name> bash + + +Disable TLS/SSL by overriding Cloudify blueprint inputs +------------------------------------------------------- + +1. If You have a running HV-VES instance, uninstall HV-VES and delete current deployment: + +:: + + cfy executions start -d hv-ves uninstall + cfy deployments delete hv-ves + +2. Create new deployment with inputs from yaml file and override 'security_ssl_disable' value: + +:: + + cfy deployments create -b hv-ves -i inputs/k8s-hv_ves-inputs.yaml -i security_ssl_disable=True hv-ves + +To verify inputs, You can execute: + +:: + + cfy deployments inputs hv-ves + +3. Install HV-VES deployment: + +:: + + cfy executions start -d hv-ves install + + + + diff --git a/docs/sections/services/ves-hv/troubleshooting.rst b/docs/sections/services/ves-hv/troubleshooting.rst index d6cf9f1e..15ce44c3 100644 --- a/docs/sections/services/ves-hv/troubleshooting.rst +++ b/docs/sections/services/ves-hv/troubleshooting.rst @@ -213,6 +213,8 @@ They can be changed by specifying ``security.keys.trustStore`` or ``security.key For testing purposes there is possibility to use plain TCP protocol. In order to do this navigate with your browser to consul-ui service and than pick KEY/VALUE tab. Select dcae-hv-ves-collector and change ``security.sslDisable`` to true. Update of configuration should let start TCP server without SSL/TLS configured. +In order to disable TLS/SSL by overriding Cloudify blueprint inputs, see :ref:`running_insecure`. + ==== **Invalid credentials** |