diff options
-rw-r--r-- | docs/sections/services/ves-hv/index.rst | 2 | ||||
-rw-r--r-- | docs/sections/services/ves-hv/installation.rst | 77 | ||||
-rw-r--r-- | docs/sections/services/ves-hv/running-insecure.rst | 58 | ||||
-rw-r--r-- | docs/sections/tls_enablement.rst | 1 |
4 files changed, 79 insertions, 59 deletions
diff --git a/docs/sections/services/ves-hv/index.rst b/docs/sections/services/ves-hv/index.rst index 94703119..6f849dc4 100644 --- a/docs/sections/services/ves-hv/index.rst +++ b/docs/sections/services/ves-hv/index.rst @@ -31,10 +31,10 @@ High Volume VES Collector overview and functions design repositories deployment + installation run-time-configuration HV-VES Offered APIs <../../apis/ves-hv/index> authorization - running-insecure example-event healthcheck-and-monitoring troubleshooting diff --git a/docs/sections/services/ves-hv/installation.rst b/docs/sections/services/ves-hv/installation.rst new file mode 100644 index 00000000..d97db068 --- /dev/null +++ b/docs/sections/services/ves-hv/installation.rst @@ -0,0 +1,77 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +.. _installation: + +HV-VES installation +=================== + +Starting from ONAP/Honolulu release, HV-VES is installed with a DCAEGEN2-Services Helm charts. +This installation mechanism is convenient, but it doesn`t support all HV-VES features (e.g. CMP v2 certificates, and IPv4/IPv6 dual stack networking). This description demonstrates, how to deploy HV-VES collector using Cloudify orchestrator. + +Setting insecure mode for testing +--------------------------------- + +HV-VES application is configured by default to use TLS/SSL encryption on TCP connection. +However it is posible to turn off TLS/SSL authorization by overriding Cloudify blueprint inputs. + +Accessing bootstrap container with Kubernetes command line tool +--------------------------------------------------------------- + +To find bootstrap pod, execute the following command: + +:: + + kubectl -n <onap namespace> get pods | grep bootstrap + +To run command line in bootstrap pod, execute: + +:: + + kubectl -n <onap namespace> exec -it <bootstrap-pod-name> bash + + +Install HV-VES collector using Cloudify blueprint inputs +--------------------------------------------------------- + +1. If You have a running HV-VES instance, uninstall HV-VES and delete current deployment: + +:: + + cfy executions start -d hv-ves uninstall + cfy deployments delete hv-ves + +2. Create new deployment with inputs from yaml file (available by default in bootstrap container): + +:: + + cfy deployments create -b hv-ves -i inputs/k8s-hv_ves-inputs.yaml hv-ves + +In order to disable the TLS security, override the 'secuirty_ssl_disable' value in the deloyment: + +:: + + cfy deployments create -b hv-ves -i inputs/k8s-hv_ves-inputs.yaml -i security_ssl_disable=True hv-ves + +To verify inputs, You can execute: + +:: + + cfy deployments inputs hv-ves + +3. Install HV-VES deployment: + +:: + + cfy executions start -d hv-ves install + + +Using external TLS certificates obtained using CMP v2 protocol +-------------------------------------------------------------- + +In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description: + +.. toctree:: + :maxdepth: 1 + + Enabling TLS with external x.509 certificates <../../tls_enablement> diff --git a/docs/sections/services/ves-hv/running-insecure.rst b/docs/sections/services/ves-hv/running-insecure.rst deleted file mode 100644 index 8d366ac2..00000000 --- a/docs/sections/services/ves-hv/running-insecure.rst +++ /dev/null @@ -1,58 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 - -.. _running_insecure: - -Running insecure HV-VES in test environments -============================================ - -HV-VES application is configured by default to use TLS/SSL encryption on TCP connection. However it is posible to turn off TLS/SSL authorization by overriding Cloudify blueprint inputs. - - -Accessing bootstrap container with Kubernetes command line tool ---------------------------------------------------------------- - -To find bootstrap pod, execute the following command: - -:: - - kubectl -n <onap namespace> get pods | grep bootstrap - -To run command line in bootstrap pod, execute: - -:: - - kubectl -n <onap namespace> exec -it <bootstrap-pod-name> bash - - -Disable TLS/SSL by overriding Cloudify blueprint inputs -------------------------------------------------------- - -1. If You have a running HV-VES instance, uninstall HV-VES and delete current deployment: - -:: - - cfy executions start -d hv-ves uninstall - cfy deployments delete hv-ves - -2. Create new deployment with inputs from yaml file and override 'security_ssl_disable' value: - -:: - - cfy deployments create -b hv-ves -i inputs/k8s-hv_ves-inputs.yaml -i security_ssl_disable=True hv-ves - -To verify inputs, You can execute: - -:: - - cfy deployments inputs hv-ves - -3. Install HV-VES deployment: - -:: - - cfy executions start -d hv-ves install - - - - diff --git a/docs/sections/tls_enablement.rst b/docs/sections/tls_enablement.rst index 3d5a8cd5..bd907697 100644 --- a/docs/sections/tls_enablement.rst +++ b/docs/sections/tls_enablement.rst @@ -1,5 +1,6 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 +.. _tls_enablement: TLS Support =========== |