5 files changed, 105 insertions, 22 deletions
diff --git a/plans/aaf/certservice/cmpServers.json b/plans/aaf/certservice/cmpServers.json
index f461edc7..d6557c52 100644
--- a/plans/aaf/certservice/cmpServers.json
+++ b/plans/aaf/certservice/cmpServers.json
@@ -1,23 +1,23 @@
 {
   "cmpv2Servers": [
     {
-      "caName": "TEST",
-      "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
+      "caName": "Client",
+      "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
       "issuerDN": "CN=ManagementCA",
       "caMode": "CLIENT",
       "authentication": {
-        "iak": "xxx",
-        "rv": "yyy"
+        "iak": "mypassword",
+        "rv": "mypassword"
       }
     },
     {
-      "caName": "TEST2",
-      "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA",
-      "issuerDN": "CN=ManagementCA2",
+      "caName": "RA",
+      "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+      "issuerDN": "CN=ManagementCA",
       "caMode": "RA",
       "authentication": {
-        "iak": "xxx",
-        "rv": "yyy"
+        "iak": "mypassword",
+        "rv": "mypassword"
       }
     }
   ]
diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml
new file mode 100644
index 00000000..384158ab
--- /dev/null
+++ b/plans/aaf/certservice/docker-compose.yml
@@ -0,0 +1,42 @@
+version: "2.1"
+
+services:
+  ejbca:
+    image: primekey/ejbca-ce:6.15.2.5
+    hostname: cahostname
+    container_name: aafcert-ejbca
+    ports:
+      - "80:8080"
+      - "443:8443"
+    volumes:
+      - $SCRIPTS_PATH:/opt/primekey/scripts
+    command: bash -c "
+      ./scripts/ejbca-configuration.sh &
+      /opt/primekey/bin/start.sh
+      "
+    healthcheck:
+      test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
+      interval: 10s
+      timeout: 3s
+      retries: 9
+    networks:
+      - certservice
+
+  certservice:
+    image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
+    volumes:
+      - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json
+    container_name: aafcert
+    ports:
+      - "8080:8080"
+    depends_on:
+      ejbca:
+        condition: service_healthy
+    networks:
+      - certservice
+
+
+networks:
+  certservice:
+    driver: bridge
+
diff --git a/plans/aaf/certservice/scripts/ejbca-configuration.sh b/plans/aaf/certservice/scripts/ejbca-configuration.sh
new file mode 100755
index 00000000..7ec1fa3a
--- /dev/null
+++ b/plans/aaf/certservice/scripts/ejbca-configuration.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+waitForEjbcaStartUp() {
+    sleep $1
+}
+
+configureEjbca() {
+    ejbca.sh config cmp addalias --alias cmpRA
+    ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
+    ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
+    ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+    ejbca.sh config cmp dumpalias --alias cmpRA
+    ejbca.sh config cmp addalias --alias cmp
+    ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
+    ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
+    ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED
+    ejbca.sh ra setclearpwd --username Node123 --password mypassword
+    ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
+    ejbca.sh config cmp dumpalias --alias cmp
+    ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+}
+
+waitForEjbcaStartUp 45
+configureEjbca
diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh
index 1bf57470..dde516ae 100644
--- a/plans/aaf/certservice/setup.sh
+++ b/plans/aaf/certservice/setup.sh
@@ -15,31 +15,47 @@
 # limitations under the License.
 #
 
-AAFCERT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
-
-echo AAFCERT_IMAGE=${AAFCERT_IMAGE}
-
 # ------------------------------------
-# Resolve path to cmp servers configuration
+# Resolve path to script's directory and cmp servers configuration
 
 SCRIPT=`realpath $0`
 CURRENT_WORKDIR_PATH=`dirname $SCRIPT`
+PROJECT_DIRECTORY="plans/aaf/certservice"
+
+SCRIPTS_DIRECTORY="scripts"
+
+JENKINS_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$SCRIPTS_DIRECTORY"
+LOCAL_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$SCRIPTS_DIRECTORY"
+
+if test -d "$JENKINS_SCRIPTS_PATH"; then
+    SCRIPTS_PATH=$JENKINS_SCRIPTS_PATH
+else test -f "$LOCAL_SCRIPTS_PATH";
+    SCRIPTS_PATH=$LOCAL_SCRIPTS_PATH
+fi
+echo "Use scripts from: $SCRIPTS_PATH"
 
 CONFIGURATION_FILE="cmpServers.json"
-if test -f "$CURRENT_WORKDIR_PATH/plans/aaf/certservice/$CONFIGURATION_FILE"; then
-    CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/plans/aaf/certservice/$CONFIGURATION_FILE"
-else test -f "$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE";
-    CONFIGURATION_PATH=$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE
+
+JENKINS_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$CONFIGURATION_FILE"
+LOCAL_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE"
+
+if test -f "$JENKINS_CONFIGURATION_PATH"; then
+    CONFIGURATION_PATH="$JENKINS_CONFIGURATION_PATH"
+else test -f "$LOCAL_CONFIGURATION_PATH";
+    CONFIGURATION_PATH=$LOCAL_CONFIGURATION_PATH
 fi
 echo "Use configuration from: $CONFIGURATION_PATH"
+
 # -------------------------------------
 
-# Start AAF Cert Srevice
-docker run -p 8080:8080 -d --mount type=bind,source=${CONFIGURATION_PATH},target=/etc/onap/aaf/certservice/cmpServers.json --name aafcert ${AAFCERT_IMAGE}
+export CONFIGURATION_PATH=${CONFIGURATION_PATH}
+export SCRIPTS_PATH=${SCRIPTS_PATH}
+
+docker-compose up -d
 
 AAFCERT_IP=`get-instance-ip.sh aafcert`
 export AAFCERT_IP=${AAFCERT_IP}
 
 # Wait container ready
-sleep 5
+sleep 15
 
diff --git a/plans/aaf/certservice/teardown.sh b/plans/aaf/certservice/teardown.sh
index a613944d..3f10eaeb 100644
--- a/plans/aaf/certservice/teardown.sh
+++ b/plans/aaf/certservice/teardown.sh
@@ -15,4 +15,5 @@
 # limitations under the License.
 #
 
-kill-instance.sh aafcert
-\ No newline at end of file
+kill-instance.sh aafcert
+kill-instance.sh aafcert-ejbca
+\ No newline at end of file