From 7a5e3f62e3db0052112938397c4b194836b6a91b Mon Sep 17 00:00:00 2001 From: Aleksandra Maciaga Date: Tue, 3 Mar 2020 12:35:16 +0100 Subject: Add EJBCA setup to AAF Cert Service CSITs Signed-off-by: Aleksandra Maciaga Issue-ID: AAF-997 Change-Id: I61942341d1db495a3b8757391a5dd132c236473c --- plans/aaf/certservice/docker-compose.yml | 33 ++++++++++++++++++++++ .../aaf/certservice/scripts/ejbca-configuration.sh | 22 +++++++++++++++ plans/aaf/certservice/setup.sh | 23 +++++++++------ plans/aaf/certservice/teardown.sh | 3 +- 4 files changed, 72 insertions(+), 9 deletions(-) create mode 100644 plans/aaf/certservice/docker-compose.yml create mode 100755 plans/aaf/certservice/scripts/ejbca-configuration.sh diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml new file mode 100644 index 00000000..84da7353 --- /dev/null +++ b/plans/aaf/certservice/docker-compose.yml @@ -0,0 +1,33 @@ +version: "2.1" + +services: + ejbca: + image: primekey/ejbca-ce + hostname: cahostname + container_name: aafcert-ejbca + ports: + - "80:8080" + - "443:8443" + volumes: + - $SCRIPTS_PATH:/opt/primekey/scripts + command: bash -c " + ./scripts/ejbca-configuration.sh & + /opt/primekey/bin/start.sh + " + healthcheck: + test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] + interval: 10s + timeout: 3s + retries: 9 + + certservice: + image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest + volumes: + - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json + container_name: aafcert + ports: + - "8080:8080" + depends_on: + ejbca: + condition: service_healthy + diff --git a/plans/aaf/certservice/scripts/ejbca-configuration.sh b/plans/aaf/certservice/scripts/ejbca-configuration.sh new file mode 100755 index 00000000..cdff77de --- /dev/null +++ b/plans/aaf/certservice/scripts/ejbca-configuration.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +waitForEjbcaStartUp() { + sleep $1 +} + +configureEjbca() { + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra + ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh config cmp addalias --alias cmp + ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED + ejbca.sh ra setclearpwd --username Node123 --password mypassword + ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN + ejbca.sh config cmp dumpalias --alias cmp + ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem +} + +waitForEjbcaStartUp 30 +configureEjbca diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh index 1bf57470..4911e475 100644 --- a/plans/aaf/certservice/setup.sh +++ b/plans/aaf/certservice/setup.sh @@ -15,16 +15,20 @@ # limitations under the License. # -AAFCERT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest - -echo AAFCERT_IMAGE=${AAFCERT_IMAGE} - # ------------------------------------ -# Resolve path to cmp servers configuration +# Resolve path to script's folder and cmp servers configuration SCRIPT=`realpath $0` CURRENT_WORKDIR_PATH=`dirname $SCRIPT` +SCRIPTS_DIRECTORY="scripts" +if test -d "$CURRENT_WORKDIR_PATH/plans/aaf/certservice/$SCRIPTS_DIRECTORY"; then + SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/plans/aaf/certservice/$SCRIPTS_DIRECTORY" +else test -f "$CURRENT_WORKDIR_PATH/$SCRIPTS_DIRECTORY"; + SCRIPTS_PATH=$CURRENT_WORKDIR_PATH/$SCRIPTS_DIRECTORY +fi +echo "Use scripts from: $SCRIPTS_PATH" + CONFIGURATION_FILE="cmpServers.json" if test -f "$CURRENT_WORKDIR_PATH/plans/aaf/certservice/$CONFIGURATION_FILE"; then CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/plans/aaf/certservice/$CONFIGURATION_FILE" @@ -32,14 +36,17 @@ else test -f "$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE"; CONFIGURATION_PATH=$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE fi echo "Use configuration from: $CONFIGURATION_PATH" + # ------------------------------------- -# Start AAF Cert Srevice -docker run -p 8080:8080 -d --mount type=bind,source=${CONFIGURATION_PATH},target=/etc/onap/aaf/certservice/cmpServers.json --name aafcert ${AAFCERT_IMAGE} +export CONFIGURATION_PATH=${CONFIGURATION_PATH} +export SCRIPTS_PATH=${SCRIPTS_PATH} + +docker-compose up -d AAFCERT_IP=`get-instance-ip.sh aafcert` export AAFCERT_IP=${AAFCERT_IP} # Wait container ready -sleep 5 +sleep 10 diff --git a/plans/aaf/certservice/teardown.sh b/plans/aaf/certservice/teardown.sh index a613944d..3f10eaeb 100644 --- a/plans/aaf/certservice/teardown.sh +++ b/plans/aaf/certservice/teardown.sh @@ -15,4 +15,5 @@ # limitations under the License. # -kill-instance.sh aafcert \ No newline at end of file +kill-instance.sh aafcert +kill-instance.sh aafcert-ejbca \ No newline at end of file -- cgit 1.2.3-korg