Add sanitycheck for ves client

Issue-ID: INT-1869
Signed-off-by: Bogumil Zebek <bogumil.zebek@nokia.com>
Change-Id: Ib297493ad9386594b4451f05378e070747187428

34 files changed, 1191 insertions, 0 deletions

diff --git a/sanitycheck/Makefile b/sanitycheck/Makefile
new file mode 100644
index 0000000..85800a0
--- /dev/null
+++ b/sanitycheck/Makefile
@@ -0,0 +1,55 @@
+all: start
+
+.PHONY: start
+
+build:
+	@echo "##### build (dmaap sim) #####"
+	make -C dmaap-simulator build
+	@echo "##### DONE #####"
+
+start: build
+	@echo "##### start (dmaap sim,ves,ves-client sim) #####"
+	make -C ves start
+	make -C ../../ves-client start
+	@echo "##### DONE #####"
+
+stop:
+	@echo "##### Stop (dmaap sim,ves,ves-client sim)  #####"
+	make -C ves stop
+	make -C ../../ves-client stop
+	@echo "##### DONE #####"
+
+upload-file-http-server:
+	@echo "##### Upload file to Http server #####"
+	curl -F "uploaded_file=@./resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz" -u demo:demo123456! http://localhost:32080/upload.php
+	@echo "\n##### DONE #####"
+
+generate-event:
+	@echo "##### Trigger VES client to generate event #####"
+	curl -X  POST http://localhost:5000/simulator/event -d @events/eventToVes.json --header "Content-Type: application/json"
+	@echo "\n##### DONE #####"
+
+generate-event-http-server:
+	@echo "##### Trigger VES client to generate event with Http Server #####"
+	curl -X  POST http://localhost:5000/simulator/event -d @events/eventToVesWithHttpServer.json --header "Content-Type: application/json"
+	@echo "\n##### DONE #####"
+
+reconfigure-ves-url:
+	@echo "##### Change VES address configuration in VES client#####"
+	curl -X  PUT http://localhost:5000/simulator/config -d @events/vesAddressConfiguration.json --header "Content-Type: application/json"
+	@echo "\n##### DONE #####"
+
+generate-multiple-events:
+	@echo "\n##### Trigger VES client to generate multiple events #####"
+	curl -X  POST http://localhost:5000/simulator/start -d @events/fewEventsToVes.json --header "Content-Type: application/json"
+	@echo "\n##### DONE #####"
+
+generate-multiple-events-http-server:
+	@echo "\n##### Trigger VES client to generate multiple events with http server#####"
+	curl -X  POST http://localhost:5000/simulator/start -d @events/fewEventsToVesWithHttpServer.json --header "Content-Type: application/json"
+	@echo "\n##### DONE #####"
+
+check-dmaap:
+	@echo "##### Check dmaap simulator for collected events #####"
+	make -C dmaap-simulator get-data
+	@echo "\n##### DONE #####"
diff --git a/sanitycheck/README.md b/sanitycheck/README.md
new file mode 100644
index 0000000..643db18
--- /dev/null
+++ b/sanitycheck/README.md
@@ -0,0 +1,68 @@
+### Run  test case ves client -> ves collector -> dmaap simulator
+
+### Prerequisites
+* Check your docker network ip:
+```
+ip a | grep docker0 | grep inet
+```
+
+If the IP address is different than 172.17.0.1/16:
+inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
+
+You have to change the IP address in file events/vesAddressConfiguration.json
+```
+{
+  "vesServerUrl": "http://<IP_Address>:8080/eventListener/v7"
+}
+```
+
+If you want use event with http server files:
+```
+make upload-file-http-server
+```
+### 1. Build Projects
+```
+make start
+```
+### 2. Reconfigure ves url
+```
+make reconfigure-ves-url
+```
+### 2.1 Check dmaap sim
+should return empty list 
+```
+make check-dmaap
+```
+### 3. Send one event
+### 3.1 Send events:
+```
+make generate-event
+```
+send event with files from Http Server
+```
+generate-event-http-server
+```
+### 3.2 Check dmaap sim
+should return list containing 1 event
+```
+make check-dmaap
+```
+### 4. Send few events:
+### 4.1 Send events
+this will send 4 event with interval 1 second
+```
+make generate-multiple-events
+```
+this event will send 2 events with files from Http Server with interval 5 second
+```
+make generate-multiple-events-http-server
+```
+### 4.2 Check dmaap sim
+should return list containing 5 event (1 from point 3.1 and 4 from point 4.1)
+```
+make check-dmaap
+```
+### 5. Clear environment
+```
+make stop
+```
diff --git a/sanitycheck/dmaap-simulator/Dockerfile b/sanitycheck/dmaap-simulator/Dockerfile
new file mode 100644
index 0000000..f84cac2
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/Dockerfile
@@ -0,0 +1,7 @@
+FROM python:3
+WORKDIR /application
+COPY ./simulator.py ./
+COPY ./requirements.txt ./
+RUN pip install -r ./requirements.txt
+ENV FLASK_APP=./simulator.py
+CMD ["python", "./simulator.py"]
diff --git a/sanitycheck/dmaap-simulator/Makefile b/sanitycheck/dmaap-simulator/Makefile
new file mode 100644
index 0000000..af8f162
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/Makefile
@@ -0,0 +1,23 @@
+all: build
+
+.PHONY: build
+
+build:
+	@echo "##### Build dmaap simulator image #####"
+	docker build . -t dmaap-simulator
+	@echo "##### DONE #####"
+
+start:
+	@echo "##### Start dmaap simulator #####"
+	docker run -d -p 3904:3904 --name dmaap-simulator dmaap-simulator
+	@echo "##### DONE #####"
+
+stop:
+	@echo "##### Stop dmaap simulator #####"
+	docker rm -f dmaap-simulator
+	@echo "##### DONE #####"
+
+get-data:
+	@echo "##### Get data fetched by dmaap-simulator #####\n"
+	curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://localhost:3904/events
+	@echo "\n\n##### DONE #####"
diff --git a/sanitycheck/dmaap-simulator/README.md b/sanitycheck/dmaap-simulator/README.md
new file mode 100644
index 0000000..de0615a
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/README.md
@@ -0,0 +1,22 @@
+DMaaP simulator
+---------------
+
+### Build an image
+```
+make build
+```
+
+### Start
+```
+make start
+```
+
+### Stop
+```
+make stop
+```
+
+### Get fetched events
+```
+make get-data
+```
diff --git a/sanitycheck/dmaap-simulator/requirements.txt b/sanitycheck/dmaap-simulator/requirements.txt
new file mode 100644
index 0000000..a6d2d3a
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/requirements.txt
@@ -0,0 +1,6 @@
+Click==7.0
+Flask==1.1.1
+itsdangerous==1.1.0
+Jinja2==2.10.3
+MarkupSafe==1.1.1
+Werkzeug==0.16.0
diff --git a/sanitycheck/dmaap-simulator/simulator.py b/sanitycheck/dmaap-simulator/simulator.py
new file mode 100644
index 0000000..6a06266
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/simulator.py
@@ -0,0 +1,73 @@
+import json
+import logging as sys_logging
+
+from flask import Flask, request, logging, Response
+
+app = Flask(__name__)
+
+sys_logging.basicConfig(level=sys_logging.DEBUG)
+logger = logging.create_logger(app)
+events = {}
+
+
+@app.route("/events/<path:topic>", methods=['POST'])
+def event_sec_fault_output(topic):
+    return handle_new_event(topic, request)
+
+
+@app.route("/events", methods=['GET'])
+def get_events():
+    resp = Response(json.dumps(events))
+    resp.headers['Content-Type'] = 'application/json'
+    return resp
+
+
+@app.route("/events/<path:topic>", methods=['GET'])
+def get_events_from_topic(topic):
+    resp = Response(json.dumps(get_events_from_map(topic)))
+    resp.headers['Content-Type'] = 'application/json'
+    return resp
+
+
+def handle_new_event(topic, http_request):
+    receive_events = decode_request_data(http_request.data)
+    for event in receive_events:
+        add_event_to_map(topic, json.loads(event))
+    return {}, 200
+
+
+def decode_request_data(request_data):
+    data = request_data.decode("utf-8")
+    receive_events = data.split("\n")
+    receive_events = receive_events[:-1]
+    logger.info("received events: " + str(receive_events))
+    correct_events = []
+    for event in receive_events:
+        logger.info("received event: " + str(event))
+        correct_events.append(get_correct_json(event))
+    return correct_events
+
+
+def get_correct_json(incorrect_json):
+    json_start_position = incorrect_json.find("{")
+    correct_json = incorrect_json[json_start_position:]
+    correct_json = correct_json.replace("\r", "").replace("\t", "").replace(" ", "")
+    return correct_json
+
+
+def add_event_to_map(topic, event):
+    if events.__contains__(topic):
+        events[topic].append(event)
+    else:
+        events[topic] = [event]
+
+
+def get_events_from_map(topic):
+    if events.__contains__(topic):
+        return events[topic]
+    else:
+        return []
+
+
+if __name__ == "__main__":
+    app.run(host='0.0.0.0', port=3904)
diff --git a/sanitycheck/events/eventToVes.json b/sanitycheck/events/eventToVes.json
new file mode 100644
index 0000000..8d37f5a
--- /dev/null
+++ b/sanitycheck/events/eventToVes.json
@@ -0,0 +1,36 @@
+{
+  "event": {
+    "event": {
+      "commonEventHeader": {
+        "version": "4.0.1",
+        "vesEventListenerVersion": "7.0.1",
+        "domain": "fault",
+        "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion",
+        "eventId": "fault0000245",
+        "sequence": 1,
+        "priority": "High",
+        "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234",
+        "reportingEntityName": "ibcx0001vm002oam001",
+        "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014",
+        "sourceName": "scfx0001vm002cap001",
+        "nfVendorName": "Ericsson",
+        "nfNamingCode": "scfx",
+        "nfcNamingCode": "ssc",
+        "startEpochMicrosec": 1413378172000000,
+        "lastEpochMicrosec": 1413378172000000,
+        "timeZoneOffset": "UTC-05:30"
+      },
+      "faultFields": {
+        "faultFieldsVersion": "4.0",
+        "alarmCondition": "PilotNumberPoolExhaustion",
+        "eventSourceType": "other",
+        "specificProblem": "Calls cannot complete - pilot numbers are unavailable",
+        "eventSeverity": "CRITICAL",
+        "vfStatus": "Active",
+        "alarmAdditionalInformation": {
+          "PilotNumberPoolSize": "1000"
+        }
+      }
+    }
+  }
+}
diff --git a/sanitycheck/events/eventToVesWithHttpServer.json b/sanitycheck/events/eventToVesWithHttpServer.json
new file mode 100644
index 0000000..a5e0a27
--- /dev/null
+++ b/sanitycheck/events/eventToVesWithHttpServer.json
@@ -0,0 +1,36 @@
+{
+  "event": {
+    "event": {
+      "commonEventHeader": {
+        "version": "4.0.1",
+        "vesEventListenerVersion": "7.0.1",
+        "domain": "notification",
+        "eventName": "Notification_gnb-Nokia_FileReady",
+        "eventId": "FileReady_1797490e-10ae-4d48-9ea7-3d7d790b25e1",
+        "lastEpochMicrosec": 8745745764578,
+        "priority": "Normal",
+        "reportingEntityName": "NOK6061ZW3",
+        "sequence": 0,
+        "sourceName": "NOK6061ZW3",
+        "startEpochMicrosec": 8745745764578,
+        "timeZoneOffset": "UTC+05.30"
+      },
+      "notificationFields": {
+        "changeIdentifier": "PM_MEAS_FILES",
+        "changeType": "FileReady",
+        "notificationFieldsVersion": "2.0",
+        "arrayOfNamedHashMap": [
+          {
+            "name": "C_28532_measData_pm_98.xml",
+            "hashMap": {
+              "location": "http://demo:demo123456!@localhost:32080/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz",
+              "compression": "gzip",
+              "fileFormatType": "org.3GPP.32.435#measCollec",
+              "fileFormatVersion": "V10"
+            }
+          }
+        ]
+      }
+    }
+  }
+}
diff --git a/sanitycheck/events/fewEventsToVes.json b/sanitycheck/events/fewEventsToVes.json
new file mode 100644
index 0000000..9733469
--- /dev/null
+++ b/sanitycheck/events/fewEventsToVes.json
@@ -0,0 +1,32 @@
+{
+  "simulatorParams": {
+    "repeatCount": 4,
+    "repeatInterval": 1
+  },
+  "templateName": "notification.json",
+  "patch": {
+    "event": {
+      "commonEventHeader": {
+        "domain": "notification",
+        "eventName": "vFirewallBroadcastPackets",
+        "eventId": "#RandomString(10)",
+        "priority": "Normal",
+        "reportingEntityName": "myVNF",
+        "sequence": 1,
+        "sourceName": "ClosedLoopVNF",
+        "startEpochMicrosec": 1531616794,
+        "lastEpochMicrosec": 1531719042,
+        "vesEventListenerVersion": "7.0.1",
+        "version": "4.0.1"
+      }
+    }
+  },
+  "variables": {
+    "dN": "NRNB=5, NRCEL=1234",
+    "dn": "Test_dn",
+    "attributeList": {
+      "threshXHighQ": "50",
+      "threshXHighP": "52"
+    }
+  }
+}
diff --git a/sanitycheck/events/fewEventsToVesWithHttpServer.json b/sanitycheck/events/fewEventsToVesWithHttpServer.json
new file mode 100644
index 0000000..de3f100
--- /dev/null
+++ b/sanitycheck/events/fewEventsToVesWithHttpServer.json
@@ -0,0 +1,24 @@
+{
+  "simulatorParams": {
+    "repeatCount": 2,
+    "repeatInterval": 5
+  },
+  "templateName": "notificationHttpServer.json",
+  "patch": {
+    "event": {
+      "commonEventHeader": {
+        "domain": "notification",
+        "eventName": "vFirewallBroadcastPackets",
+        "eventId": "#RandomString(10)",
+        "priority": "Normal",
+        "reportingEntityName": "myVNF",
+        "sequence": 1,
+        "sourceName": "ClosedLoopVNF",
+        "startEpochMicrosec": 1531616794,
+        "lastEpochMicrosec": 1531719042,
+        "vesEventListenerVersion": "7.0.1",
+        "version": "4.0.1"
+      }
+    }
+  }
+}
diff --git a/sanitycheck/events/vesAddressConfiguration.json b/sanitycheck/events/vesAddressConfiguration.json
new file mode 100644
index 0000000..9c6aa22
--- /dev/null
+++ b/sanitycheck/events/vesAddressConfiguration.json
@@ -0,0 +1,3 @@
+{
+  "vesServerUrl": "http://172.17.0.1:8080/eventListener/v7"
+}
diff --git a/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz b/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz
new file mode 100644
index 0000000..3af5ea8
--- /dev/null
+++ b/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz
diff --git a/sanitycheck/ves/Makefile b/sanitycheck/ves/Makefile
new file mode 100644
index 0000000..4fe5e4b
--- /dev/null
+++ b/sanitycheck/ves/Makefile
@@ -0,0 +1,23 @@
+all: start
+
+.PHONY: start
+
+start:
+	@echo "##### Start VES with DMAAP simulator #####"
+	docker-compose up -d
+	@echo "##### DONE #####"
+
+stop:
+	@echo "##### Stop VES with DMAAP simulator #####"
+	docker-compose down
+	@echo "##### DONE #####"
+
+health-check:
+	@echo "##### Health check #####\n"
+
+	@echo "##### DMAAP simulator is ready #####\n"
+	curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://localhost:3904/events
+
+	@echo "\n\n##### VES is ready #####\n"
+	curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET GET http://localhost:8080/healthcheck
+	@echo "\n\n##### DONE #####"
diff --git a/sanitycheck/ves/README.md b/sanitycheck/ves/README.md
new file mode 100644
index 0000000..fc9e5dc
--- /dev/null
+++ b/sanitycheck/ves/README.md
@@ -0,0 +1,22 @@
+VES with DMAAP simulator
+------------------------
+
+### Prerequisites
+* DMaaP Simulator image available.
+
+See README.md in dmaap-simulator directory
+
+### Start
+```
+make start
+```
+
+### Health check
+```
+make health-check
+```
+
+### Stop
+```
+make stop
+```
diff --git a/sanitycheck/ves/docker-compose.yml b/sanitycheck/ves/docker-compose.yml
new file mode 100644
index 0000000..d9666d8
--- /dev/null
+++ b/sanitycheck/ves/docker-compose.yml
@@ -0,0 +1,20 @@
+version: '3'
+services:
+  ves:
+    container_name: ves
+    image: nexus3.onap.org:10003/onap/org.onap.dcaegen2.collectors.ves.vescollector:latest
+    ports:
+      - "8080:8080"
+      - "8443:8443"
+    networks:
+      - vesnetwork
+  onap-dmaap:
+    container_name: dmaap
+    image: dmaap-simulator
+    ports:
+      - "3904:3904"
+    networks:
+      - vesnetwork
+networks:
+  vesnetwork:
+    driver: bridge
diff --git a/sanitycheck/vesclient-secured/README.md b/sanitycheck/vesclient-secured/README.md
new file mode 100644
index 0000000..f791afb
--- /dev/null
+++ b/sanitycheck/vesclient-secured/README.md
@@ -0,0 +1,11 @@
+Standalone VES client configuration for HTTPS communication with VES
+------------------------
+
+This directory contains files for secured VES client deployments, which will use certificates for HTTPS communication with VES.  
+
+Currently, there are two ways for VES client to fetch certificates:
+* Using AAF Certman 
+* Using OOM CertService (CMPv2) 
+    
+Both ways are described in `certman` and `certservice` directories respectively
+
diff --git a/sanitycheck/vesclient-secured/certman/Makefile b/sanitycheck/vesclient-secured/certman/Makefile
new file mode 100644
index 0000000..d75b5d0
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certman/Makefile
@@ -0,0 +1,8 @@
+default:
+	@echo "There is no default target. Use: make <specific_target>"
+
+start-ves-client:
+	docker-compose -f docker-compose.yml up
+
+clean-ves-client:
+	docker-compose -f docker-compose.yml down
diff --git a/sanitycheck/vesclient-secured/certman/README.md b/sanitycheck/vesclient-secured/certman/README.md
new file mode 100644
index 0000000..92985f8
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certman/README.md
@@ -0,0 +1,91 @@
+## Fetching from AAF Certman
+This readme describes how to run VES client with certificates fetched using AAF Certman
+
+### Description
+
+docker-compose.yml prepares VES client container for HTTPS communication with VES.
+
+When docker-compose starts certs-init container fills connected volume with certificates, truststores, keystores, 
+passwords etc. Next ves-client container starts and connects to the same volume. On startup it should read password
+values from proper files and set them in system environment variables. With these variables and files in volume 
+application is ready to work on HTTPS.
+
+### Prerequisites
+
+certs-init container works with external AAF on cloud. Due to that fact it must have set correct IPs to workers that
+has access to AAF. In docker-compose.yml fields with mentioned IPs are:
+    
+    * aaf-locate.onap
+    * aaf-cm.onap
+    * aaf-service.onap
+
+### Start
+
+Run VES client:
+
+```
+make start-ves-client
+```
+
+### Send event
+
+**ATTENTION**
+
+``sanitycheck/events/eventToVes.json`` file which is request for sending event to VES must have correct ``vesServerURL`` 
+field before sending event. 
+IP of ``vesServerURL`` should be the same as given in docker-compose-certman.yml in ``aaf-locate.onap`` field.
+To use secured connection remember about setting protocol to https:// and port to proper secured port of VES.
+
+To send event from VES client to VES use this command from ``ne-simulator/sanitycheck`` directory:
+
+````
+make generate-event
+````
+
+Sample ``sanitycheck/events/eventToVes.json`` file content is:
+
+```json
+{
+  "vesServerUrl": "https://10.183.35.177:30417/eventListener/v7",
+  "event": {
+    "event": {
+      "commonEventHeader": {
+        "version": "4.0.1",
+        "vesEventListenerVersion": "7.0.1",
+        "domain": "fault",
+        "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion",
+        "eventId": "fault0000245",
+        "sequence": 1,
+        "priority": "High",
+        "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234",
+        "reportingEntityName": "ibcx0001vm002oam001",
+        "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014",
+        "sourceName": "scfx0001vm002cap001",
+        "nfVendorName": "Ericsson",
+        "nfNamingCode": "scfx",
+        "nfcNamingCode": "ssc",
+        "startEpochMicrosec": 1413378172000000,
+        "lastEpochMicrosec": 1413378172000000,
+        "timeZoneOffset": "UTC-05:30"
+      },
+      "faultFields": {
+        "faultFieldsVersion": "4.0",
+        "alarmCondition": "PilotNumberPoolExhaustion",
+        "eventSourceType": "other",
+        "specificProblem": "Calls cannot complete - pilot numbers are unavailable",
+        "eventSeverity": "CRITICAL",
+        "vfStatus": "Active",
+        "alarmAdditionalInformation": {
+          "PilotNumberPoolSize": "1000"
+        }
+      }
+    }
+  }
+}
+```
+
+### Stop
+To remove VES client containers use:
+```
+make clean-ves-client
+```
diff --git a/sanitycheck/vesclient-secured/certman/docker-compose.yml b/sanitycheck/vesclient-secured/certman/docker-compose.yml
new file mode 100644
index 0000000..2714751
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certman/docker-compose.yml
@@ -0,0 +1,69 @@
+version: '3'
+
+networks:
+  tls-init-network:
+
+volumes:
+  certs-volume:
+
+services:
+  certs-init:
+    image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+    extra_hosts:
+      #set worker IP with access to AAF
+      aaf-locate.onap: <WORKER_IP> #for example 10.183.35.177
+      aaf-cm.onap: <WORKER_IP> #for example 10.183.35.177
+      aaf-service.onap: <WORKER_IP> #for example 10.183.35.177
+    environment:
+      - aaf_locate_url=https://aaf-locate.onap:31111
+      - aaf_url_cm=https://aaf-cm.onap:31114
+      - aaf_url=https://aaf-service.onap:31110
+    networks:
+      - tls-init-network
+    volumes:
+      - certs-volume:/opt/app/osaaf
+  mongo:
+    image: mongo
+    restart: always
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: root
+      MONGO_INITDB_ROOT_PASSWORD: zXcVbN123!
+      MONGO_INITDB_DATABASE: pnf_simulator
+    networks:
+      - tls-init-network
+    volumes:
+      - ../../../../ves-client/db:/docker-entrypoint-initdb.d
+    ports:
+      - "27017:27017"
+
+  mongo-express:
+    image: mongo-express
+    restart: always
+    ports:
+      - 8081:8081
+    networks:
+      - tls-init-network
+    environment:
+      ME_CONFIG_MONGODB_ADMINUSERNAME: root
+      ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123!
+
+  ves-client:
+    image: onap/org.onap.integration.nfsimulator.vesclient
+    ports:
+      - "5000:5000"
+    command: bash -c "
+      while [[ $$(ls -1 /app/store | wc -l) != '10' ]]; do echo 'Waiting for certs...'; sleep 3; done
+      && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main
+      "
+    volumes:
+      - ../../../../ves-client/logs:/var/log
+      - ../../../../ves-client/templates:/app/templates
+      - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties
+      - certs-volume:/app/store
+    networks:
+      - tls-init-network
+    restart: on-failure
+    depends_on:
+      - certs-init
+      - mongo
+      - mongo-express
diff --git a/sanitycheck/vesclient-secured/certservice/Makefile b/sanitycheck/vesclient-secured/certservice/Makefile
new file mode 100644
index 0000000..0f41b0e
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/Makefile
@@ -0,0 +1,59 @@
+default:
+	@echo "There is no default target. Use: make <specific_target>"
+
+setup-env: --start-certservice-and-ejbca --run-certservice-clients --start-local-secured-ves
+
+start-ves-client:
+	docker-compose -f docker-compose-vesclient.yml up
+
+restart-ves-client: --clean-ves-client start-ves-client
+
+clean-all: --clean-ves-client --clean-env
+
+
+--start-certservice-and-ejbca: --create-certservice-internal-certs --start-certservice-ejbca-containers --configure-ejbca
+
+--start-certservice-ejbca-containers:
+	docker-compose -f docker-compose-certservice-ejbca.yml up -d
+
+--create-certservice-internal-certs:
+	make -C resources/certs all
+
+--configure-ejbca: --wait-for-ejbca --run-ejbca-script
+
+--wait-for-ejbca:
+	@echo 'Waiting for EJBCA... It may take a minute or two'
+	until docker container inspect oomcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done
+
+--run-ejbca-script:
+	docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+
+--run-certservice-clients: --create-client-volumes
+	docker-compose -f docker-compose-certservice-clients.yml up -d
+	@echo 'Waiting for client certifiactes...'
+	@until ls -1 ./resources/certservice-client/client-volume-for-vesclient | grep "store" 1>/dev/null; do sleep 3; done
+	@until ls -1 ./resources/certservice-client/client-volume-for-ves | grep "store" 1>/dev/null; do sleep 3; done
+	@until ls -1 ./resources/certservice-client/client-volume-for-httpserver | grep "store" 1>/dev/null; do sleep 3; done
+
+--create-client-volumes:
+	mkdir -p ./resources/certservice-client/client-volume-for-vesclient  -m 777
+	mkdir -p ./resources/certservice-client/client-volume-for-ves -m 777
+	mkdir -p ./resources/certservice-client/client-volume-for-httpserver -m 777
+
+--start-local-secured-ves:
+	docker-compose -f docker-compose-ves-dmaap.yml up
+
+--clean-ves-client:
+	docker-compose -f docker-compose-vesclient.yml down
+	rm -rf ./resources/certservice-client/client-volume-for-vesclient || true
+	rm -rf ./resources/certservice-client/client-volume-for-httpserver || true
+
+
+--clean-env:
+	docker-compose -f docker-compose-ves-dmaap.yml down
+	docker-compose -f docker-compose-certservice-clients.yml down
+	rm -rf ./resources/certservice-client/client-volume-for-vesclient || true
+	rm -rf ./resources/certservice-client/client-volume-for-ves || true
+	rm -rf ./resources/certservice-client/client-volume-for-httpserver || true
+	docker-compose -f docker-compose-certservice-ejbca.yml down
+	make -C resources/certs clear
diff --git a/sanitycheck/vesclient-secured/certservice/README.md b/sanitycheck/vesclient-secured/certservice/README.md
new file mode 100644
index 0000000..27f68ef
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/README.md
@@ -0,0 +1,85 @@
+## Fetching certificates from OOM CertService (CMPv2)
+This readme describes how to run VES client with certificates fetched using OOM CertService (CMPv2) 
+
+### Description
+
+Using Makefile in this directory following can be achieved:
+
+* Setup environment for VES client, i.e.:
+    * Create certificates that will be used for internal communication between CertService and CertService Clients.
+      Generated internal certificates should be present in `resources/certs` directory.
+    * Start and configure EJBCA
+    * Start and configure AAF Cert Service.
+    * Run Cert Service Clients to fetch certificates for VES and VES client. Certificates will be stored for the
+      components in `resources/certservice-client/client-volume-for-ves`
+      and `resources/certservice-client/client-volume-for-vesclient` accordingly.
+    * Start VES and DMaaP Simulator. Fetched certificates will be mounted to VES.
+
+* Start VES client. Fetched certificates will be mounted to VES client.
+* Clean up.
+
+### Prerequisites
+##### VES collector local deployment prerequisites
+
+By default, the image of VES from Nexus supports only HTTP communication. A local image with enabled HTTPS must be build
+to use local VES as VES client destination.
+
+1. Pull VES repository
+2. In `<VES_PROJECT_ROOT>/etc/collector.properties` file set field `auth.method=certBasicAuth`
+3. Build a local image: `mvn clean install docker:build` from VES project root directory.
+
+Local VES deployment uses also DMaaP simulator. Its image should be built locally as well.
+1. Go to `sanitycheck/dmaap-simulator` directory
+2. Run: `make build`
+
+### Setup environment
+To set up whole environment for VES client, i.e.:
+- deploy and configure EJBCA
+- deploy Cert Service
+- fetch certificates for VES and VES client using Cert Service clients
+- run DMaaP Simulator
+- run VES with fetched certificates
+
+execute:
+````
+make setup-env
+````
+Note that this command setups whole environment besides VES client itself. 
+
+## Run VES client
+To run VES client execute:
+````
+make start-ves-client
+````
+VES client starts together with the http server.
+This command starts VES client with certificates fetched using CertService (certificates are fetched in the previous
+step)
+
+### Send event
+
+
+Configure VES client to use proper VES URL by executing this command from ``nf-simulator/sanitycheck`` directory:
+
+  TIP: edit vesAddressConfigure.json and set "vesServerUrl": "https://172.17.0.1:8443/eventListener/v7"
+
+```
+make reconfigure-ves-url
+```
+
+Send an event from VES client to VES by executing this command from ``nf-simulator/sanitycheck`` directory:
+```
+make generate-event
+```
+
+### Restart VES client
+
+To restart only VES client execute:
+```
+make restart-ves-client
+```
+
+### Clean up
+To clean all generated certificates, remove VES client, CertService, EJBCA, VES and DMaaP Simulator containers:
+```
+make clean-all
+```
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml
new file mode 100644
index 0000000..d721561
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml
@@ -0,0 +1,39 @@
+version: "2.1"
+
+networks:
+  onap:
+    external: true
+
+services:
+  oom-cert-client-ves:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1
+    container_name: oomcert-client-for-ves
+    env_file: ./resources/certservice-client/client-configuration-for-ves.env
+    networks:
+      - onap
+    volumes:
+      - ./resources/certservice-client/client-volume-for-ves:/var/certs:rw
+      - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+      - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+
+  oom-cert-client-vesclient:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1
+    container_name: oomcert-client
+    env_file: ./resources/certservice-client/client-configuration-for-vesclient.env
+    networks:
+      - onap
+    volumes:
+      - ./resources/certservice-client/client-volume-for-vesclient:/var/certs:rw
+      - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+      - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+
+  oom-cert-client-httpserver:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1
+    container_name: oomcert-client-for-httpserver
+    env_file: ./resources/certservice-client/client-configuration-for-httpserver.env
+    networks:
+      - onap
+    volumes:
+      - ./resources/certservice-client/client-volume-for-httpserver:/var/certs:rw
+      - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+      - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml
new file mode 100644
index 0000000..a400eb9
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml
@@ -0,0 +1,47 @@
+version: "2.1"
+
+networks:
+  onap:
+    driver: bridge
+    name: onap
+  public:
+    driver: bridge
+    name: public
+
+services:
+  ejbca:
+    image: primekey/ejbca-ce:6.15.2.5
+    hostname: cahostname
+    container_name: oomcert-ejbca
+    ports:
+      - "80:8080"
+      - "443:8443"
+    volumes:
+      - ./resources/ejbca/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth" ]
+      interval: 10s
+      timeout: 3s
+      retries: 15
+    networks:
+      - onap
+
+  oom-cert-service:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.1
+    volumes:
+      - ./resources/certservice/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json
+      - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+      - ./resources/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+      - ./resources/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+      - ./resources/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+    container_name: oomcert-service
+    ports:
+      - "8443:8443"
+    healthcheck:
+      test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+      interval: 10s
+      timeout: 3s
+      retries: 15
+    networks:
+      - onap
+      - public
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml
new file mode 100644
index 0000000..86f0202
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml
@@ -0,0 +1,33 @@
+version: "2.1"
+
+networks:
+  public:
+    external: true
+  onap:
+    external: true
+
+services:
+  ves:
+    container_name: ves
+    image: nexus3.onap.org:10003/onap/org.onap.dcaegen2.collectors.ves.vescollector:latest
+    ports:
+      - "8082:8080"
+      - "8444:8443"
+    networks:
+      - onap
+      - public
+    volumes:
+      - ./resources/certservice-client/client-volume-for-ves/keystore.jks:/opt/app/VESCollector/etc/keystore
+      - ./resources/certservice-client/client-volume-for-ves/keystore.pass:/opt/app/VESCollector/etc/passwordfile
+      - ./resources/certservice-client/client-volume-for-ves/truststore.jks:/opt/app/VESCollector/etc/truststore
+      - ./resources/certservice-client/client-volume-for-ves/truststore.pass:/opt/app/VESCollector/etc/trustpasswordfile
+    depends_on:
+      - onap-dmaap
+
+  onap-dmaap:
+    container_name: dmaap
+    image: dmaap-simulator
+    ports:
+      - "3904:3904"
+    networks:
+      - onap
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml
new file mode 100644
index 0000000..f99330b
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml
@@ -0,0 +1,86 @@
+version: "2.1"
+
+networks:
+  ves-client:
+    driver: bridge
+    name: ves-client
+  public:
+    external: true
+  onap:
+    external: true
+
+services:
+  mongo:
+    image: mongo
+    restart: always
+    networks:
+      - ves-client
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: root
+      MONGO_INITDB_ROOT_PASSWORD: zXcVbN123!
+      MONGO_INITDB_DATABASE: pnf_simulator
+    volumes:
+      - ../../../../ves-client/db:/docker-entrypoint-initdb.d
+    ports:
+      - "27017:27017"
+
+  mongo-express:
+    image: mongo-express
+    restart: always
+    networks:
+      - ves-client
+    ports:
+      - 8081:8081
+    environment:
+      ME_CONFIG_MONGODB_ADMINUSERNAME: root
+      ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123!
+
+  http-server:
+    image: nexus3.onap.org:10003/onap/org.onap.integration.nfsimulator.pmhttpsserver
+    ports:
+      - "8080:8080"
+      - "32000:32000"
+      - "32080:80"
+      - "32100:32100"
+      - "32443:443"
+    networks:
+      - ves-client
+      - public
+    volumes:
+      - ~/httpservervolumes/:/usr/local/apache2/htdocs
+      - ../../../httpserver/logs:/var/log/apache2
+      - ./resources/certservice-client/client-volume-for-httpserver/:/etc/apache2/certs/
+    command: bash -c "
+      echo 'Http Server start';
+      while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done;
+      chmod 777 /usr/local/apache2/htdocs;
+      cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php;
+      touch /usr/local/apache2/htdocs/index.html;
+      /usr/sbin/apache2ctl -D FOREGROUND;
+      "
+    restart: on-failure
+
+  ves-client:
+    image: onap/org.onap.integration.nfsimulator.vesclient
+    ports:
+      - "5000:5000"
+    networks:
+      - ves-client
+      - public
+    command: bash -c "
+      while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done
+      && cp /app/store/truststore.p12 /app/store/trust.jks
+      && cp /app/store/keystore.p12 /app/store/cert.p12
+      && cp /app/store/keystore.pass /app/store/p12.pass
+      && cp /app/store/truststore.pass /app/store/trust.pass
+      && java -Dspring.config.location=file:/app/application.properties  -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main
+      "
+    volumes:
+      - ../../../../ves-client/logs:/var/log
+      - ../../../../ves-client/templates:/app/templates
+      - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties
+      - ./resources/certservice-client/client-volume-for-vesclient/:/app/store/
+    restart: on-failure
+    depends_on:
+      - mongo
+      - mongo-express
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore b/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore
new file mode 100644
index 0000000..385dcde
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore
@@ -0,0 +1,3 @@
+*.jks
+*.p12
+*.crt
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile b/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile
new file mode 100644
index 0000000..507a23c
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile
@@ -0,0 +1,109 @@
+all: clear step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15
+.PHONY: all
+#Clear certificates
+clear:
+	@echo "Clear certificates"
+	rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 root-keystore.jks
+	@echo "#####done#####"
+
+#Generate root private and public keys
+step_1:
+	@echo "Generate root private and public keys"
+	keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+    -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+    -storepass secret -ext BasicConstraints:critical="ca:true"
+	@echo "#####done#####"
+
+#Export public key as certificate
+step_2:
+	@echo "(Export public key as certificate)"
+	keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+	@echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+step_3:
+	@echo "(Self-signed root (import root certificate into truststore))"
+	keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+	@echo "#####done#####"
+
+#Generate certService's client private and public keys
+step_4:
+	@echo "Generate certService's client private and public keys"
+	keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \
+    -keystore certServiceClient-keystore.jks -storetype JKS \
+    -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+    -keypass secret -storepass secret
+	@echo "####done####"
+
+#Generate certificate signing request for certService's client
+step_5:
+	@echo "Generate certificate signing request for certService's client"
+	keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+	@echo "####done####"
+
+#Sign certService's client certificate by root CA
+step_6:
+	@echo "Sign certService's client certificate by root CA"
+	keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+    -outfile certServiceClientByRoot.crt -rfc -ext bc=0  -ext ExtendedkeyUsage="serverAuth,clientAuth"
+	@echo "####done####"
+
+#Import root certificate into client
+step_7:
+	@echo "Import root certificate into intermediate"
+	cat root.crt >> certServiceClientByRoot.crt
+	@echo "####done####"
+
+#Import signed certificate into certService's client
+step_8:
+	@echo "Import signed certificate into certService's client"
+	keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+	@echo "####done####"
+
+#Generate certService private and public keys
+step_9:
+	@echo "Generate certService private and public keys"
+	keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+    -keystore certServiceServer-keystore.jks -storetype JKS \
+    -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+    -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+	@echo "####done####"
+
+#Generate certificate signing request for certService
+step_10:
+	@echo "Generate certificate signing request for certService"
+	keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+	@echo "####done####"
+
+#Sign certService certificate by root CA
+step_11:
+	@echo "Sign certService certificate by root CA"
+	keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+    -outfile certServiceServerByRoot.crt -rfc -ext bc=0  -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+    -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+	@echo "####done####"
+
+#Import root certificate into server
+step_12:
+	@echo "Import root certificate into intermediate(server)"
+	cat root.crt >> certServiceServerByRoot.crt
+	@echo "####done####"
+
+#Import signed certificate into certService
+step_13:
+	@echo "Import signed certificate into certService"
+	keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+    -storepass secret -noprompt
+	@echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+step_14:
+	@echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+	keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+	@echo "#####done#####"
+
+#Clear unused certificates
+step_15:
+	@echo "Clear unused certificates"
+	rm certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt  certServiceServer.csr
+	@echo "#####done#####"
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore
new file mode 100644
index 0000000..ef10692
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore
@@ -0,0 +1,3 @@
+client-volume-for-httpserver
+client-volume-for-vesclient
+client-volume-for-ves
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env
new file mode 100644
index 0000000..8e8eb34
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env
@@ -0,0 +1,18 @@
+#Client envs
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=PEM
+#Csr config envs
+COMMON_NAME=httpserver-onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+#Tls config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env
new file mode 100644
index 0000000..e06d147
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env
@@ -0,0 +1,19 @@
+#Client envs
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=JKS
+#Csr config envs
+COMMON_NAME=ves-onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=ves
+#Tls config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env
new file mode 100644
index 0000000..c5f33b6
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env
@@ -0,0 +1,18 @@
+#Client envs
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=P12
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+#Tls config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json b/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json
new file mode 100644
index 0000000..7256494
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json
@@ -0,0 +1,24 @@
+{
+  "cmpv2Servers": [
+    {
+      "caName": "Client",
+      "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
+      "issuerDN": "CN=ManagementCA",
+      "caMode": "CLIENT",
+      "authentication": {
+        "iak": "mypassword",
+        "rv": "mypassword"
+      }
+    },
+    {
+      "caName": "RA",
+      "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+      "issuerDN": "CN=ManagementCA",
+      "caMode": "RA",
+      "authentication": {
+        "iak": "mypassword",
+        "rv": "mypassword"
+      }
+    }
+  ]
+}
diff --git a/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh b/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh
new file mode 100755
index 0000000..77f5c55
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+configureEjbca() {
+    ejbca.sh config cmp addalias --alias cmpRA
+    ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
+    ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
+    ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+    ejbca.sh config cmp dumpalias --alias cmpRA
+    ejbca.sh config cmp addalias --alias cmp
+    ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
+    ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
+    ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED
+    ejbca.sh ra setclearpwd --username Node123 --password mypassword
+    ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
+    ejbca.sh config cmp dumpalias --alias cmp
+    ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+}
+
+configureEjbca