summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2021-01-29 23:47:51 +0100
committerKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2021-02-11 12:44:34 +0100
commit40d7f92673108ce09dce9c796a8633686e12828e (patch)
tree42c2575e9e22a33153a4c0e9e38cb9f5cfe22035 /docs
parent6132c206cc4a64df2248647326d569393605cf90 (diff)
Add HTTPS as new protocol to collect files from xNFs
- documentation Issue-ID: DCAEGEN2-2528 Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com> Change-Id: I0fe0117a1b36207e9332ab8d99911a6f962036a7
Diffstat (limited to 'docs')
-rw-r--r--docs/sections/services/dfc/architecture.rst4
-rw-r--r--docs/sections/services/dfc/http-notes.rst55
-rw-r--r--docs/sections/services/dfc/troubleshooting.rst6
3 files changed, 62 insertions, 3 deletions
diff --git a/docs/sections/services/dfc/architecture.rst b/docs/sections/services/dfc/architecture.rst
index cbd1876d..6d44b7a8 100644
--- a/docs/sections/services/dfc/architecture.rst
+++ b/docs/sections/services/dfc/architecture.rst
@@ -30,7 +30,9 @@ Interaction
"""""""""""
DFC will interact with the DMaaP Message Router, using json, and with the Data Router, using metadata in the header and
file in the body, via secured protocol.
-So far, the implemented protocols to communicate with xNFs are http (with basic authentication), sftp and ftpes.
+So far, the implemented protocols to communicate with xNFs are http (with basic authentication), https, sftp and ftpes.
+When https protocol is used, the following ways of connection are possible: client certificate authentication, basic
+authentication, and no authentication.
Retry mechanism
"""""""""""""""
diff --git a/docs/sections/services/dfc/http-notes.rst b/docs/sections/services/dfc/http-notes.rst
index bd297b14..7f65b6ca 100644
--- a/docs/sections/services/dfc/http-notes.rst
+++ b/docs/sections/services/dfc/http-notes.rst
@@ -1,8 +1,8 @@
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-HTTP notes
-==========
+HTTP/HTTPS notes
+================
HTTP Basic Authentication in FileReady messages
"""""""""""""""""""""""""""""""""""""""""""""""
@@ -61,3 +61,54 @@ Example file ready message is as follows:
Note, more than one file from the same location can be added to the "arrayOfNamedHashMap". If so, they are downloaded
from the endpoint through single http connection.
+
+HTTPS connection with DFC
+"""""""""""""""""""""""""
+The file ready message for https server is the same as used in other protocols and http. The only difference is that the scheme is set to
+"https":
+
+.. code-block:: bash
+
+ ...
+ "arrayOfNamedHashMap": [
+ {
+ "name": "C_28532_measData_file.xml",
+ "hashMap": {
+ "location": "https://login:password@server.com:443/file.xml.gz",
+ ...
+
+The processed uri depends on the https connection type that has to be established (client certificate authentication, basic
+authentication, and no authentication).
+
+For client certificate authentication:
+
+.. code-block:: bash
+
+ scheme://host:port/path
+ i.e.
+ https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Authentication is based on the certificate used by the DFC.
+
+For basic authentication:
+
+.. code-block:: bash
+
+ scheme://userinfo@host:port/path
+ i.e.
+ https://demo:demo123456!@example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Authentication is based on the "userinfo" applied within the link.
+
+If no authentication is required:
+
+.. code-block:: bash
+
+ scheme://host:port/path
+ i.e.
+ https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Note, effective way of authentication depends of uri provided and http server configuration.
+
+If port number was not supplied , port 443 is used by default.
+Every file is sent through separate https connection.
diff --git a/docs/sections/services/dfc/troubleshooting.rst b/docs/sections/services/dfc/troubleshooting.rst
index 96816228..bdc0cd80 100644
--- a/docs/sections/services/dfc/troubleshooting.rst
+++ b/docs/sections/services/dfc/troubleshooting.rst
@@ -167,3 +167,9 @@ When StrictHostKeyChecking is enabled and DFC cannot find a known_hosts file, th
|WARN |StrictHostKeyChecking is enabled but environment variable KNOWN_HOSTS_FILE_PATH is not set or points to not existing file [/home/datafile/.ssh/known_hosts] --> falling back to StrictHostKeyChecking='no'.
To resolve this warning, provide a known_hosts file or disable StrictHostKeyChecking, see DFC config page - :ref:`strict_host_checking_config`.
+
+Inability to download file from xNF due to certificate problem
+""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+When collecting files using HTTPS and DFC contains certs from CMPv2 server, an exception like "unable to find valid certification path to requested target" may occur.
+Except obvious certificates problems make sure, that xNF which are connecting to the DFC are supplied with certificates coming from the same ONAP unit where DFC was installed. \ No newline at end of file