diff options
-rw-r--r-- | docs/sections/services/dfc/architecture.rst | 4 | ||||
-rw-r--r-- | docs/sections/services/dfc/http-notes.rst | 55 | ||||
-rw-r--r-- | docs/sections/services/dfc/troubleshooting.rst | 6 |
3 files changed, 62 insertions, 3 deletions
diff --git a/docs/sections/services/dfc/architecture.rst b/docs/sections/services/dfc/architecture.rst index cbd1876d..6d44b7a8 100644 --- a/docs/sections/services/dfc/architecture.rst +++ b/docs/sections/services/dfc/architecture.rst @@ -30,7 +30,9 @@ Interaction """"""""""" DFC will interact with the DMaaP Message Router, using json, and with the Data Router, using metadata in the header and file in the body, via secured protocol. -So far, the implemented protocols to communicate with xNFs are http (with basic authentication), sftp and ftpes. +So far, the implemented protocols to communicate with xNFs are http (with basic authentication), https, sftp and ftpes. +When https protocol is used, the following ways of connection are possible: client certificate authentication, basic +authentication, and no authentication. Retry mechanism """"""""""""""" diff --git a/docs/sections/services/dfc/http-notes.rst b/docs/sections/services/dfc/http-notes.rst index bd297b14..7f65b6ca 100644 --- a/docs/sections/services/dfc/http-notes.rst +++ b/docs/sections/services/dfc/http-notes.rst @@ -1,8 +1,8 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 -HTTP notes -========== +HTTP/HTTPS notes +================ HTTP Basic Authentication in FileReady messages """"""""""""""""""""""""""""""""""""""""""""""" @@ -61,3 +61,54 @@ Example file ready message is as follows: Note, more than one file from the same location can be added to the "arrayOfNamedHashMap". If so, they are downloaded from the endpoint through single http connection. + +HTTPS connection with DFC +""""""""""""""""""""""""" +The file ready message for https server is the same as used in other protocols and http. The only difference is that the scheme is set to +"https": + +.. code-block:: bash + + ... + "arrayOfNamedHashMap": [ + { + "name": "C_28532_measData_file.xml", + "hashMap": { + "location": "https://login:password@server.com:443/file.xml.gz", + ... + +The processed uri depends on the https connection type that has to be established (client certificate authentication, basic +authentication, and no authentication). + +For client certificate authentication: + +.. code-block:: bash + + scheme://host:port/path + i.e. + https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz + +Authentication is based on the certificate used by the DFC. + +For basic authentication: + +.. code-block:: bash + + scheme://userinfo@host:port/path + i.e. + https://demo:demo123456!@example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz + +Authentication is based on the "userinfo" applied within the link. + +If no authentication is required: + +.. code-block:: bash + + scheme://host:port/path + i.e. + https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz + +Note, effective way of authentication depends of uri provided and http server configuration. + +If port number was not supplied , port 443 is used by default. +Every file is sent through separate https connection. diff --git a/docs/sections/services/dfc/troubleshooting.rst b/docs/sections/services/dfc/troubleshooting.rst index 96816228..bdc0cd80 100644 --- a/docs/sections/services/dfc/troubleshooting.rst +++ b/docs/sections/services/dfc/troubleshooting.rst @@ -167,3 +167,9 @@ When StrictHostKeyChecking is enabled and DFC cannot find a known_hosts file, th |WARN |StrictHostKeyChecking is enabled but environment variable KNOWN_HOSTS_FILE_PATH is not set or points to not existing file [/home/datafile/.ssh/known_hosts] --> falling back to StrictHostKeyChecking='no'. To resolve this warning, provide a known_hosts file or disable StrictHostKeyChecking, see DFC config page - :ref:`strict_host_checking_config`. + +Inability to download file from xNF due to certificate problem +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" + +When collecting files using HTTPS and DFC contains certs from CMPv2 server, an exception like "unable to find valid certification path to requested target" may occur. +Except obvious certificates problems make sure, that xNF which are connecting to the DFC are supplied with certificates coming from the same ONAP unit where DFC was installed.
\ No newline at end of file |