From ea4a60cb697f80beb03ac6ad7744541d7851661a Mon Sep 17 00:00:00 2001
From: mharazin <mateusz.harazin@nokia.com>
Date: Wed, 25 Mar 2020 14:44:00 +0100
Subject: Add default settings of TLS

Update troubleshooting for consul TLS disable procedure

Issue-ID: DCAEGEN2-2143
Signed-off-by: mharazin <mateusz.harazin@nokia.com>
Change-Id: I17d14824ba225d02faa1e4771dca42710687655c
---
 docs/sections/services/ves-hv/authorization.rst                | 7 ++++---
 docs/sections/services/ves-hv/deployment.rst                   | 1 -
 docs/sections/services/ves-hv/resources/blueprint-snippet.yaml | 3 +++
 docs/sections/services/ves-hv/troubleshooting.rst              | 5 +++--
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/docs/sections/services/ves-hv/authorization.rst b/docs/sections/services/ves-hv/authorization.rst
index 054f7b33..9cbd789a 100644
--- a/docs/sections/services/ves-hv/authorization.rst
+++ b/docs/sections/services/ves-hv/authorization.rst
@@ -1,11 +1,12 @@
-    **WARNING: SSL/TLS authorization is a part of an experimental feature for ONAP Casablanca release and thus should be treated as unstable and subject to change in future releases.**
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
 
 .. _ssl_tls_authorization:
 
 SSL/TLS authorization
 =====================
 
-HV-VES can be configured to require usage of SSL/TLS on every TCP connection. This can be done only during deployment of application container. For reference about exact commands, see :ref:`deployment`.
+HV-VES requires usage of SSL/TLS on every TCP connection. This can be done only during deployment of application container. For reference about exact commands, see :ref:`deployment`.
 
 General steps for configuring TLS for HV-VES collector:
 
@@ -19,7 +20,7 @@ General steps for configuring TLS for HV-VES collector:
 
 
 
-HV-VES uses OpenJDK (version 8u181) implementation of TLS ciphers. For reference, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/overview/jsoverview.html.
+HV-VES uses OpenJDK (version 11.0.6) implementation of TLS ciphers. For reference, see https://docs.oracle.com/en/java/javase/11/security/java-security-overview1.html.
 
 If SSL/TLS is enabled for HV-VES container then service turns on also client authentication. HV-VES requires clients to provide their certificates on connection. In addition, HV-VES provides its certificate to every client during SSL/TLS-handshake to enable two-way authorization.
 
diff --git a/docs/sections/services/ves-hv/deployment.rst b/docs/sections/services/ves-hv/deployment.rst
index caad3978..e764a9aa 100644
--- a/docs/sections/services/ves-hv/deployment.rst
+++ b/docs/sections/services/ves-hv/deployment.rst
@@ -1,7 +1,6 @@
 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
 .. http://creativecommons.org/licenses/by/4.0
 
-
 .. _deployment:
 
 Deployment
diff --git a/docs/sections/services/ves-hv/resources/blueprint-snippet.yaml b/docs/sections/services/ves-hv/resources/blueprint-snippet.yaml
index 912c0c5a..7ed36684 100644
--- a/docs/sections/services/ves-hv/resources/blueprint-snippet.yaml
+++ b/docs/sections/services/ves-hv/resources/blueprint-snippet.yaml
@@ -22,3 +22,6 @@ node_templates:
             kafka_info:
               bootstrap_servers: "message-router-kafka:9092"
               topic_name: "HV_VES_HEARTBEAT"
+      tls_info:
+        cert_directory: "/etc/ves-hv/ssl"
+        use_tls: true
diff --git a/docs/sections/services/ves-hv/troubleshooting.rst b/docs/sections/services/ves-hv/troubleshooting.rst
index 6b9ec8b6..d6cf9f1e 100644
--- a/docs/sections/services/ves-hv/troubleshooting.rst
+++ b/docs/sections/services/ves-hv/troubleshooting.rst
@@ -198,20 +198,21 @@ For more information, see the :ref:`hv_ves_behaviors` section.
 Authorization related errors
 ----------------------------
 
-**WARNING: SSL/TLS authorization is a part of an experimental feature for ONAP Dublin release and should be treated as unstable and subject to change in future releases.**
 **For more information, see** :ref:`ssl_tls_authorization`.
 
 **Key or trust store missing**
 
 ::
 
-    | org.onap.dcae.collectors.veshv.main | ERROR | Failed to start a server | java.io.FileNotFoundException: /etc/ves-hv/server.p12
+    | org.onap.dcae.collectors.veshv.main | ERROR | Failed to start a server | java.nio.file.NoSuchFileException: /etc/ves-hv/server.p12
 
 
 
 The above error is logged when key store is not provided. Similarly, when trust store is not provided, **/etc/ves-hv/trust.p12** file missing is logged.
 They can be changed by specifying ``security.keys.trustStore`` or ``security.keys.keyStore`` file configuration entries.
 
+For testing purposes there is possibility to use plain TCP protocol. In order to do this navigate with your browser to consul-ui service and than pick KEY/VALUE tab. Select dcae-hv-ves-collector and change ``security.sslDisable`` to true. Update of configuration should let start TCP server without SSL/TLS configured.
+
 ====
 
 **Invalid credentials**
-- 
cgit 1.2.3-korg