diff options
Diffstat (limited to 'docs/sections')
-rw-r--r-- | docs/sections/services/dfc/certificates.rst | 86 | ||||
-rw-r--r-- | docs/sections/services/dfc/consule-certificate-update.png | bin | 0 -> 137126 bytes | |||
-rw-r--r-- | docs/sections/services/mapper/installation.rst | 38 | ||||
-rw-r--r-- | docs/sections/services/pm-subscription-handler/configuration.rst | 14 |
4 files changed, 76 insertions, 62 deletions
diff --git a/docs/sections/services/dfc/certificates.rst b/docs/sections/services/dfc/certificates.rst index 350cda63..9c4d46b2 100644 --- a/docs/sections/services/dfc/certificates.rst +++ b/docs/sections/services/dfc/certificates.rst @@ -47,72 +47,65 @@ We have two keystore files, one for TrustManager, one for KeyManager. openssl x509 -outform der -in ftp.crt -out ftp.der -2. And after, import it in the keystore : +2. And after copy existing keystore and password from container: .. code:: bash - keytool -import -alias ftp -keystore ftp.jks -file ftp.der + kubectl cp <DFC pod>:/opt/app/datafile/etc/cert/trust.jks trust.jks + kubectl cp <DFC pod>:/opt/app/datafile/etc/cert/trust.pass trust.pass -**For KeyManager:** - -1. First, create a jks keystore: +3. Import DER certificate in the keystore : .. code:: bash - keytool -keystore dfc.jks -genkey -alias dfc + keytool -import -alias ftp -keystore trust.jks -file ftp.der + +**For KeyManager:** -2. Second, import dfc.crt and dfc.key to dfc.jks. This is a bit troublesome. +1. Import dfc.crt and dfc.key to dfc.jks. This is a bit troublesome. - 1). Step one: Convert x509 Cert and Key to a pkcs12 file + Convert x509 Cert and Key to a pkcs12 file .. code:: bash - openssl pkcs12 -export -in dfc.crt -inkey dfc.key -out dfc.p12 -name [some-alias] + openssl pkcs12 -export -in dfc.crt -inkey dfc.key -out cert.p12 -name dfc Note: Make sure you put a password on the p12 file - otherwise you'll get a null reference exception when you try to import it. - Note 2: You might want to add the -chainoption to preserve the full certificate chain. - - 2). Step two: Convert the pkcs12 file to a java keystore: +2. Create password files for cert.p12 + .. code:: bash - .. code:: bash + printf "[your password]" > p12.pass - keytool -importkeystore -deststorepass [changeit] -destkeypass [changeit] -destkeystore dfc.jks -srckeystore dfc.p12 -srcstoretype PKCS12 -srcstorepass [some-password] -alias [some-alias] - -4. Update existing jks.b64 files +4. Update existing KeyStore files --------------------------------- -Copy the existing jks from the DFC container to a local environment. +Copy the new trust.jks and cert.p12 and password files from local environment to the DFC container. .. code:: bash - - docker cp <DFC container>:/opt/app/datafile/config/ftp.jks . - docker cp <DFC container>:/opt/app/datafile/config/dfc.jks . - + mkdir mycert + cp cert.p12 mycert/ + cp p12.pass mycert/ + cp trust.jks mycert/ + cp trust.pass mycert/ + kubectl cp mycert/ <DFC pod>:/opt/app/datafile/etc/cert/ + +5. Update configuration in consul +----------------------------------- +Change path in consul: .. code:: bash + dmaap.ftpesConfig.keyCert": "/opt/app/datafile/etc/cert/mycert/cert.p12 + dmaap.ftpesConfig.keyPasswordPath": "/opt/app/datafile/etc/cert/mycert/p12.pass + dmaap.ftpesConfig.trustedCa": "/opt/app/datafile/etc/cert/mycert/trust.jks + dmaap.ftpesConfig.trustedCaPasswordPath": "/opt/app/datafile/etc/cert/mycert/trust.pass - openssl base64 -in ftp.jks -out ftp.jks.b64 - openssl base64 -in dfc.jks -out dfc.jks.b64 - +Consul's address: http://<worker external IP>:<Consul External Port> .. code:: bash + kubectl -n onap get svc | grep consul - chmod 755 ftp.jks.b64 - chmod 755 dfc.jks.b64 - -Copy the new jks.64 files from local environment to the DFC container. +.. image:: ./consule-certificate-update.png - .. code:: bash - - docker cp ftp.jks.b64 <DFC container>:/opt/app/datafile/config/ - docker cp dfc.jks.b64 <DFC container>:/opt/app/datafile/config/ - -Finally - - .. code:: bash - - docker restart <DFC container> - -5. Configure vsftpd: +6. Configure vsftpd: -------------------- update /etc/vsftpd/vsftpd.conf: @@ -136,19 +129,6 @@ Finally ssl_request_cert=YES ca_certs_file=/home/vsftpd/myuser/dfc.crt -6. Configure config/datafile_endpoints.json: --------------------------------------------- - Update the file accordingly: - - .. code-block:: javascript - - "ftpesConfiguration": { - "keyCert": "/config/dfc.jks", - "keyPassword": "[yourpassword]", - "trustedCA": "/config/ftp.jks", - "trustedCAPassword": "[yourpassword]" - } - 7. Other conditions --------------------------------------------------------------------------- This has been tested with vsftpd and dfc, with self-signed certificates. diff --git a/docs/sections/services/dfc/consule-certificate-update.png b/docs/sections/services/dfc/consule-certificate-update.png Binary files differnew file mode 100644 index 00000000..8f7f8c35 --- /dev/null +++ b/docs/sections/services/dfc/consule-certificate-update.png diff --git a/docs/sections/services/mapper/installation.rst b/docs/sections/services/mapper/installation.rst index d8d00396..af4189fe 100644 --- a/docs/sections/services/mapper/installation.rst +++ b/docs/sections/services/mapper/installation.rst @@ -11,12 +11,10 @@ Installation VES-Mapper can be deployed individually though it will throw errors if it can't reach to DMaaP instance's APIs. To test it functionally, DMaaP is the only required prerequisite outside DCAE. As VES-Mapper is integrated with Consul / CBS, it fetches the initial configuration from Consul. -**Note:** Currently VES-Mapper fetches configuration from Consul only during initialization. It does not periodically refresh the local configuration by getting updates from Consul. This is planned for E release. - **Blueprint/model/image** VES-Mapper blueprint is available @ -https://git.onap.org/dcaegen2/services/mapper/tree/UniversalVesAdapter/dpo/blueprints/k8s-vesmapper.yaml-template.yaml?h=elalto +https://git.onap.org/dcaegen2/platform/blueprints/tree/blueprints/k8s-ves-mapper.yaml?h=guilin VES-Mapper docker image is available in Nexus repo @ `nexus3.onap.org:10001/onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:latest <nexus3.onap.org:10001/onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:latest>`_ @@ -37,13 +35,26 @@ VES-Mapper docker image is available in Nexus repo @ `nexus3.onap.org:10001/onap For this step, DCAE's Cloudify instance should be in running state. Transfer blueprint file in DCAE bootstrap POD under /blueprints directory. Log-in to the DCAE bootstrap POD's main container. +.. note:: + For doing this, we should run the below commands + + * To get the bootstrap pod name, run this: kubectl get pods -n onap | grep bootstrap + * To transfer blueprint file in bootstrap pod, run this: kubectl cp <source file path> <bootstrap pod>:/blueprints -n onap + * To login to bootstrap pod name, run this: kubectl exec -it <bootstrap pod> bash -n onap + +.. note:: + Verify the below versions before validate blueprint + + * The version of the plugin used is different from "cfy plugins list", update the blueprint import to match. + * If the tag_version under inputs is old, update with the latest + Validate blueprint - ``cfy blueprints validate /blueprints/k8s-vesmapper.yaml-template.yaml`` + ``cfy blueprints validate /blueprints/k8s-ves-mapper.yaml`` Use following command for validated blueprint to upload: - ``cfy blueprints upload -b ves-mapper /blueprints/k8s-vesmapper.yaml-template.yaml`` + ``cfy blueprints upload -b ves-mapper /blueprints/k8s-ves-mapper.yaml`` *d. Create the Deployment* After VES-Mapper's validated blueprint is uploaded, create Cloudify Deployment by following command @@ -54,10 +65,25 @@ After VES-Mapper's validated blueprint is uploaded, create Cloudify Deployment ``cfy executions start -d ves-mapper install`` +To undeploy running ves-mapper, follow the below steps + +*a. cfy uninstall ves-mapper -f* + +.. note:: + The deployment uninstall will also delete the blueprint. In some case you might notice 400 error reported indicating active deployment exist such as below. + + Ex: An error occurred on the server: 400: Can't delete deployment ves-mapper - There are running or queued executions for this deployment. Running executions ids: d89fdd0c-8e12-4dfa-ba39-a6187fcf2f18 + +*b. In that case, cancel the execution ID then run uninstall as below* + +.. code-block:: bash + + cfy executions cancel <Running executions ID> + cfy uninstall ves-mapper **2.To run on standalone mode** Though this is not a preferred way, to run VES-Mapper container on standalone mode using local configuration file carried in the docker image, following docker run command can be used. - ``docker run -d nexus3.onap.org:10003/onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.0.1`` + ``docker run -d nexus3.onap.org:10003/onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.1.0`` diff --git a/docs/sections/services/pm-subscription-handler/configuration.rst b/docs/sections/services/pm-subscription-handler/configuration.rst index 598d948c..7b8b7211 100644 --- a/docs/sections/services/pm-subscription-handler/configuration.rst +++ b/docs/sections/services/pm-subscription-handler/configuration.rst @@ -79,7 +79,10 @@ The subscription is configured within the monitoring policy. The subscription mo ], "modelVersionIDs":[ "e80a6ae3-cafd-4d24-850d-e14c084a5ca9" - ] + ], + "modelNames": [ + "pnf102" + ] }, "measurementGroups":[ { @@ -131,8 +134,8 @@ The subscription is configured within the monitoring policy. The subscription mo **nfFilter** -The ``nfFilter`` will be used in order to filter the list of NF's retrieved from A&AI. There are three criteria that -can be filtered on, nfNames, modelInvariantIDs and/or modelVersionIDs. All 3 of these are optional fields but at +The ``nfFilter`` will be used in order to filter the list of NF's retrieved from A&AI. There are four criteria that +can be filtered on, nfNames, modelInvariantIDs, modelVersionIDs and/or modelNames. All 4 of these are optional fields but at least 1 must be present for the filter to work. .. code-block:: json @@ -148,6 +151,9 @@ least 1 must be present for the filter to work. ], "modelVersionIDs": [ "e80a6ae3-cafd-4d24-850d-e14c084a5ca9" + ], + "modelNames": [ + "pnf102" ] } @@ -160,6 +166,8 @@ least 1 must be present for the filter to work. +------------------------+-----------------------------------------------------------------------------------------------+------+----------+ | modelVersionIDs | List of modelVersionIDs. These IDs will be checked for exact matches with AAI entities. | list | False | +------------------------+-----------------------------------------------------------------------------------------------+------+----------+ +| modelNames | List of modelNames. These names will be checked for exact matches with AAI entities. | list | False | ++------------------------+-----------------------------------------------------------------------------------------------+------+----------+ **measurementGroup** |