From 9979aa39e0b9ddbc8741b809c7aa79d11c18cfbf Mon Sep 17 00:00:00 2001 From: Tomasz Wrobel Date: Thu, 2 Apr 2020 16:35:31 +0200 Subject: Add description of turn off TLS Add description of running insecure hv-ves in test environments by cloudify Issue-ID: DCAEGEN2-2143 Signed-off-by: Tomasz Wrobel Change-Id: I02d60b50ebb139fda85f2d79a6a33e3b38547b1c --- docs/sections/services/ves-hv/index.rst | 1 + docs/sections/services/ves-hv/running-insecure.rst | 58 ++++++++++++++++++++++ docs/sections/services/ves-hv/troubleshooting.rst | 2 + 3 files changed, 61 insertions(+) create mode 100644 docs/sections/services/ves-hv/running-insecure.rst (limited to 'docs') diff --git a/docs/sections/services/ves-hv/index.rst b/docs/sections/services/ves-hv/index.rst index 144f557e..8c1105a1 100644 --- a/docs/sections/services/ves-hv/index.rst +++ b/docs/sections/services/ves-hv/index.rst @@ -34,6 +34,7 @@ High Volume VES Collector overview and functions run-time-configuration HV-VES Offered APIs <../../apis/ves-hv/index> authorization + running-insecure example-event healthcheck-and-monitoring troubleshooting diff --git a/docs/sections/services/ves-hv/running-insecure.rst b/docs/sections/services/ves-hv/running-insecure.rst new file mode 100644 index 00000000..8d366ac2 --- /dev/null +++ b/docs/sections/services/ves-hv/running-insecure.rst @@ -0,0 +1,58 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +.. _running_insecure: + +Running insecure HV-VES in test environments +============================================ + +HV-VES application is configured by default to use TLS/SSL encryption on TCP connection. However it is posible to turn off TLS/SSL authorization by overriding Cloudify blueprint inputs. + + +Accessing bootstrap container with Kubernetes command line tool +--------------------------------------------------------------- + +To find bootstrap pod, execute the following command: + +:: + + kubectl -n get pods | grep bootstrap + +To run command line in bootstrap pod, execute: + +:: + + kubectl -n exec -it bash + + +Disable TLS/SSL by overriding Cloudify blueprint inputs +------------------------------------------------------- + +1. If You have a running HV-VES instance, uninstall HV-VES and delete current deployment: + +:: + + cfy executions start -d hv-ves uninstall + cfy deployments delete hv-ves + +2. Create new deployment with inputs from yaml file and override 'security_ssl_disable' value: + +:: + + cfy deployments create -b hv-ves -i inputs/k8s-hv_ves-inputs.yaml -i security_ssl_disable=True hv-ves + +To verify inputs, You can execute: + +:: + + cfy deployments inputs hv-ves + +3. Install HV-VES deployment: + +:: + + cfy executions start -d hv-ves install + + + + diff --git a/docs/sections/services/ves-hv/troubleshooting.rst b/docs/sections/services/ves-hv/troubleshooting.rst index d6cf9f1e..15ce44c3 100644 --- a/docs/sections/services/ves-hv/troubleshooting.rst +++ b/docs/sections/services/ves-hv/troubleshooting.rst @@ -213,6 +213,8 @@ They can be changed by specifying ``security.keys.trustStore`` or ``security.key For testing purposes there is possibility to use plain TCP protocol. In order to do this navigate with your browser to consul-ui service and than pick KEY/VALUE tab. Select dcae-hv-ves-collector and change ``security.sslDisable`` to true. Update of configuration should let start TCP server without SSL/TLS configured. +In order to disable TLS/SSL by overriding Cloudify blueprint inputs, see :ref:`running_insecure`. + ==== **Invalid credentials** -- cgit 1.2.3-korg