summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sanitycheck/Makefile55
-rw-r--r--sanitycheck/README.md68
-rw-r--r--sanitycheck/dmaap-simulator/Dockerfile7
-rw-r--r--sanitycheck/dmaap-simulator/Makefile23
-rw-r--r--sanitycheck/dmaap-simulator/README.md22
-rw-r--r--sanitycheck/dmaap-simulator/requirements.txt6
-rw-r--r--sanitycheck/dmaap-simulator/simulator.py73
-rw-r--r--sanitycheck/events/eventToVes.json36
-rw-r--r--sanitycheck/events/eventToVesWithHttpServer.json36
-rw-r--r--sanitycheck/events/fewEventsToVes.json32
-rw-r--r--sanitycheck/events/fewEventsToVesWithHttpServer.json24
-rw-r--r--sanitycheck/events/vesAddressConfiguration.json3
-rw-r--r--sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gzbin0 -> 2046 bytes
-rw-r--r--sanitycheck/ves/Makefile23
-rw-r--r--sanitycheck/ves/README.md22
-rw-r--r--sanitycheck/ves/docker-compose.yml20
-rw-r--r--sanitycheck/vesclient-secured/README.md11
-rw-r--r--sanitycheck/vesclient-secured/certman/Makefile8
-rw-r--r--sanitycheck/vesclient-secured/certman/README.md91
-rw-r--r--sanitycheck/vesclient-secured/certman/docker-compose.yml69
-rw-r--r--sanitycheck/vesclient-secured/certservice/Makefile59
-rw-r--r--sanitycheck/vesclient-secured/certservice/README.md85
-rw-r--r--sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml39
-rw-r--r--sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml47
-rw-r--r--sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml33
-rw-r--r--sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml86
-rw-r--r--sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore3
-rw-r--r--sanitycheck/vesclient-secured/certservice/resources/certs/Makefile109
-rw-r--r--sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore3
-rw-r--r--sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env18
-rw-r--r--sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env19
-rw-r--r--sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env18
-rw-r--r--sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json24
-rwxr-xr-xsanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh19
34 files changed, 1191 insertions, 0 deletions
diff --git a/sanitycheck/Makefile b/sanitycheck/Makefile
new file mode 100644
index 0000000..85800a0
--- /dev/null
+++ b/sanitycheck/Makefile
@@ -0,0 +1,55 @@
+all: start
+
+.PHONY: start
+
+build:
+ @echo "##### build (dmaap sim) #####"
+ make -C dmaap-simulator build
+ @echo "##### DONE #####"
+
+start: build
+ @echo "##### start (dmaap sim,ves,ves-client sim) #####"
+ make -C ves start
+ make -C ../../ves-client start
+ @echo "##### DONE #####"
+
+stop:
+ @echo "##### Stop (dmaap sim,ves,ves-client sim) #####"
+ make -C ves stop
+ make -C ../../ves-client stop
+ @echo "##### DONE #####"
+
+upload-file-http-server:
+ @echo "##### Upload file to Http server #####"
+ curl -F "uploaded_file=@./resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz" -u demo:demo123456! http://localhost:32080/upload.php
+ @echo "\n##### DONE #####"
+
+generate-event:
+ @echo "##### Trigger VES client to generate event #####"
+ curl -X POST http://localhost:5000/simulator/event -d @events/eventToVes.json --header "Content-Type: application/json"
+ @echo "\n##### DONE #####"
+
+generate-event-http-server:
+ @echo "##### Trigger VES client to generate event with Http Server #####"
+ curl -X POST http://localhost:5000/simulator/event -d @events/eventToVesWithHttpServer.json --header "Content-Type: application/json"
+ @echo "\n##### DONE #####"
+
+reconfigure-ves-url:
+ @echo "##### Change VES address configuration in VES client#####"
+ curl -X PUT http://localhost:5000/simulator/config -d @events/vesAddressConfiguration.json --header "Content-Type: application/json"
+ @echo "\n##### DONE #####"
+
+generate-multiple-events:
+ @echo "\n##### Trigger VES client to generate multiple events #####"
+ curl -X POST http://localhost:5000/simulator/start -d @events/fewEventsToVes.json --header "Content-Type: application/json"
+ @echo "\n##### DONE #####"
+
+generate-multiple-events-http-server:
+ @echo "\n##### Trigger VES client to generate multiple events with http server#####"
+ curl -X POST http://localhost:5000/simulator/start -d @events/fewEventsToVesWithHttpServer.json --header "Content-Type: application/json"
+ @echo "\n##### DONE #####"
+
+check-dmaap:
+ @echo "##### Check dmaap simulator for collected events #####"
+ make -C dmaap-simulator get-data
+ @echo "\n##### DONE #####"
diff --git a/sanitycheck/README.md b/sanitycheck/README.md
new file mode 100644
index 0000000..643db18
--- /dev/null
+++ b/sanitycheck/README.md
@@ -0,0 +1,68 @@
+### Run test case ves client -> ves collector -> dmaap simulator
+
+### Prerequisites
+* Check your docker network ip:
+```
+ip a | grep docker0 | grep inet
+```
+
+If the IP address is different than 172.17.0.1/16:
+inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
+
+You have to change the IP address in file events/vesAddressConfiguration.json
+```
+{
+ "vesServerUrl": "http://<IP_Address>:8080/eventListener/v7"
+}
+```
+
+If you want use event with http server files:
+```
+make upload-file-http-server
+```
+### 1. Build Projects
+```
+make start
+```
+### 2. Reconfigure ves url
+```
+make reconfigure-ves-url
+```
+### 2.1 Check dmaap sim
+should return empty list
+```
+make check-dmaap
+```
+### 3. Send one event
+### 3.1 Send events:
+```
+make generate-event
+```
+send event with files from Http Server
+```
+generate-event-http-server
+```
+### 3.2 Check dmaap sim
+should return list containing 1 event
+```
+make check-dmaap
+```
+### 4. Send few events:
+### 4.1 Send events
+this will send 4 event with interval 1 second
+```
+make generate-multiple-events
+```
+this event will send 2 events with files from Http Server with interval 5 second
+```
+make generate-multiple-events-http-server
+```
+### 4.2 Check dmaap sim
+should return list containing 5 event (1 from point 3.1 and 4 from point 4.1)
+```
+make check-dmaap
+```
+### 5. Clear environment
+```
+make stop
+```
diff --git a/sanitycheck/dmaap-simulator/Dockerfile b/sanitycheck/dmaap-simulator/Dockerfile
new file mode 100644
index 0000000..f84cac2
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/Dockerfile
@@ -0,0 +1,7 @@
+FROM python:3
+WORKDIR /application
+COPY ./simulator.py ./
+COPY ./requirements.txt ./
+RUN pip install -r ./requirements.txt
+ENV FLASK_APP=./simulator.py
+CMD ["python", "./simulator.py"]
diff --git a/sanitycheck/dmaap-simulator/Makefile b/sanitycheck/dmaap-simulator/Makefile
new file mode 100644
index 0000000..af8f162
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/Makefile
@@ -0,0 +1,23 @@
+all: build
+
+.PHONY: build
+
+build:
+ @echo "##### Build dmaap simulator image #####"
+ docker build . -t dmaap-simulator
+ @echo "##### DONE #####"
+
+start:
+ @echo "##### Start dmaap simulator #####"
+ docker run -d -p 3904:3904 --name dmaap-simulator dmaap-simulator
+ @echo "##### DONE #####"
+
+stop:
+ @echo "##### Stop dmaap simulator #####"
+ docker rm -f dmaap-simulator
+ @echo "##### DONE #####"
+
+get-data:
+ @echo "##### Get data fetched by dmaap-simulator #####\n"
+ curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://localhost:3904/events
+ @echo "\n\n##### DONE #####"
diff --git a/sanitycheck/dmaap-simulator/README.md b/sanitycheck/dmaap-simulator/README.md
new file mode 100644
index 0000000..de0615a
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/README.md
@@ -0,0 +1,22 @@
+DMaaP simulator
+---------------
+
+### Build an image
+```
+make build
+```
+
+### Start
+```
+make start
+```
+
+### Stop
+```
+make stop
+```
+
+### Get fetched events
+```
+make get-data
+```
diff --git a/sanitycheck/dmaap-simulator/requirements.txt b/sanitycheck/dmaap-simulator/requirements.txt
new file mode 100644
index 0000000..a6d2d3a
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/requirements.txt
@@ -0,0 +1,6 @@
+Click==7.0
+Flask==1.1.1
+itsdangerous==1.1.0
+Jinja2==2.10.3
+MarkupSafe==1.1.1
+Werkzeug==0.16.0
diff --git a/sanitycheck/dmaap-simulator/simulator.py b/sanitycheck/dmaap-simulator/simulator.py
new file mode 100644
index 0000000..6a06266
--- /dev/null
+++ b/sanitycheck/dmaap-simulator/simulator.py
@@ -0,0 +1,73 @@
+import json
+import logging as sys_logging
+
+from flask import Flask, request, logging, Response
+
+app = Flask(__name__)
+
+sys_logging.basicConfig(level=sys_logging.DEBUG)
+logger = logging.create_logger(app)
+events = {}
+
+
+@app.route("/events/<path:topic>", methods=['POST'])
+def event_sec_fault_output(topic):
+ return handle_new_event(topic, request)
+
+
+@app.route("/events", methods=['GET'])
+def get_events():
+ resp = Response(json.dumps(events))
+ resp.headers['Content-Type'] = 'application/json'
+ return resp
+
+
+@app.route("/events/<path:topic>", methods=['GET'])
+def get_events_from_topic(topic):
+ resp = Response(json.dumps(get_events_from_map(topic)))
+ resp.headers['Content-Type'] = 'application/json'
+ return resp
+
+
+def handle_new_event(topic, http_request):
+ receive_events = decode_request_data(http_request.data)
+ for event in receive_events:
+ add_event_to_map(topic, json.loads(event))
+ return {}, 200
+
+
+def decode_request_data(request_data):
+ data = request_data.decode("utf-8")
+ receive_events = data.split("\n")
+ receive_events = receive_events[:-1]
+ logger.info("received events: " + str(receive_events))
+ correct_events = []
+ for event in receive_events:
+ logger.info("received event: " + str(event))
+ correct_events.append(get_correct_json(event))
+ return correct_events
+
+
+def get_correct_json(incorrect_json):
+ json_start_position = incorrect_json.find("{")
+ correct_json = incorrect_json[json_start_position:]
+ correct_json = correct_json.replace("\r", "").replace("\t", "").replace(" ", "")
+ return correct_json
+
+
+def add_event_to_map(topic, event):
+ if events.__contains__(topic):
+ events[topic].append(event)
+ else:
+ events[topic] = [event]
+
+
+def get_events_from_map(topic):
+ if events.__contains__(topic):
+ return events[topic]
+ else:
+ return []
+
+
+if __name__ == "__main__":
+ app.run(host='0.0.0.0', port=3904)
diff --git a/sanitycheck/events/eventToVes.json b/sanitycheck/events/eventToVes.json
new file mode 100644
index 0000000..8d37f5a
--- /dev/null
+++ b/sanitycheck/events/eventToVes.json
@@ -0,0 +1,36 @@
+{
+ "event": {
+ "event": {
+ "commonEventHeader": {
+ "version": "4.0.1",
+ "vesEventListenerVersion": "7.0.1",
+ "domain": "fault",
+ "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion",
+ "eventId": "fault0000245",
+ "sequence": 1,
+ "priority": "High",
+ "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234",
+ "reportingEntityName": "ibcx0001vm002oam001",
+ "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014",
+ "sourceName": "scfx0001vm002cap001",
+ "nfVendorName": "Ericsson",
+ "nfNamingCode": "scfx",
+ "nfcNamingCode": "ssc",
+ "startEpochMicrosec": 1413378172000000,
+ "lastEpochMicrosec": 1413378172000000,
+ "timeZoneOffset": "UTC-05:30"
+ },
+ "faultFields": {
+ "faultFieldsVersion": "4.0",
+ "alarmCondition": "PilotNumberPoolExhaustion",
+ "eventSourceType": "other",
+ "specificProblem": "Calls cannot complete - pilot numbers are unavailable",
+ "eventSeverity": "CRITICAL",
+ "vfStatus": "Active",
+ "alarmAdditionalInformation": {
+ "PilotNumberPoolSize": "1000"
+ }
+ }
+ }
+ }
+}
diff --git a/sanitycheck/events/eventToVesWithHttpServer.json b/sanitycheck/events/eventToVesWithHttpServer.json
new file mode 100644
index 0000000..a5e0a27
--- /dev/null
+++ b/sanitycheck/events/eventToVesWithHttpServer.json
@@ -0,0 +1,36 @@
+{
+ "event": {
+ "event": {
+ "commonEventHeader": {
+ "version": "4.0.1",
+ "vesEventListenerVersion": "7.0.1",
+ "domain": "notification",
+ "eventName": "Notification_gnb-Nokia_FileReady",
+ "eventId": "FileReady_1797490e-10ae-4d48-9ea7-3d7d790b25e1",
+ "lastEpochMicrosec": 8745745764578,
+ "priority": "Normal",
+ "reportingEntityName": "NOK6061ZW3",
+ "sequence": 0,
+ "sourceName": "NOK6061ZW3",
+ "startEpochMicrosec": 8745745764578,
+ "timeZoneOffset": "UTC+05.30"
+ },
+ "notificationFields": {
+ "changeIdentifier": "PM_MEAS_FILES",
+ "changeType": "FileReady",
+ "notificationFieldsVersion": "2.0",
+ "arrayOfNamedHashMap": [
+ {
+ "name": "C_28532_measData_pm_98.xml",
+ "hashMap": {
+ "location": "http://demo:demo123456!@localhost:32080/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz",
+ "compression": "gzip",
+ "fileFormatType": "org.3GPP.32.435#measCollec",
+ "fileFormatVersion": "V10"
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/sanitycheck/events/fewEventsToVes.json b/sanitycheck/events/fewEventsToVes.json
new file mode 100644
index 0000000..9733469
--- /dev/null
+++ b/sanitycheck/events/fewEventsToVes.json
@@ -0,0 +1,32 @@
+{
+ "simulatorParams": {
+ "repeatCount": 4,
+ "repeatInterval": 1
+ },
+ "templateName": "notification.json",
+ "patch": {
+ "event": {
+ "commonEventHeader": {
+ "domain": "notification",
+ "eventName": "vFirewallBroadcastPackets",
+ "eventId": "#RandomString(10)",
+ "priority": "Normal",
+ "reportingEntityName": "myVNF",
+ "sequence": 1,
+ "sourceName": "ClosedLoopVNF",
+ "startEpochMicrosec": 1531616794,
+ "lastEpochMicrosec": 1531719042,
+ "vesEventListenerVersion": "7.0.1",
+ "version": "4.0.1"
+ }
+ }
+ },
+ "variables": {
+ "dN": "NRNB=5, NRCEL=1234",
+ "dn": "Test_dn",
+ "attributeList": {
+ "threshXHighQ": "50",
+ "threshXHighP": "52"
+ }
+ }
+}
diff --git a/sanitycheck/events/fewEventsToVesWithHttpServer.json b/sanitycheck/events/fewEventsToVesWithHttpServer.json
new file mode 100644
index 0000000..de3f100
--- /dev/null
+++ b/sanitycheck/events/fewEventsToVesWithHttpServer.json
@@ -0,0 +1,24 @@
+{
+ "simulatorParams": {
+ "repeatCount": 2,
+ "repeatInterval": 5
+ },
+ "templateName": "notificationHttpServer.json",
+ "patch": {
+ "event": {
+ "commonEventHeader": {
+ "domain": "notification",
+ "eventName": "vFirewallBroadcastPackets",
+ "eventId": "#RandomString(10)",
+ "priority": "Normal",
+ "reportingEntityName": "myVNF",
+ "sequence": 1,
+ "sourceName": "ClosedLoopVNF",
+ "startEpochMicrosec": 1531616794,
+ "lastEpochMicrosec": 1531719042,
+ "vesEventListenerVersion": "7.0.1",
+ "version": "4.0.1"
+ }
+ }
+ }
+}
diff --git a/sanitycheck/events/vesAddressConfiguration.json b/sanitycheck/events/vesAddressConfiguration.json
new file mode 100644
index 0000000..9c6aa22
--- /dev/null
+++ b/sanitycheck/events/vesAddressConfiguration.json
@@ -0,0 +1,3 @@
+{
+ "vesServerUrl": "http://172.17.0.1:8080/eventListener/v7"
+}
diff --git a/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz b/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz
new file mode 100644
index 0000000..3af5ea8
--- /dev/null
+++ b/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz
Binary files differ
diff --git a/sanitycheck/ves/Makefile b/sanitycheck/ves/Makefile
new file mode 100644
index 0000000..4fe5e4b
--- /dev/null
+++ b/sanitycheck/ves/Makefile
@@ -0,0 +1,23 @@
+all: start
+
+.PHONY: start
+
+start:
+ @echo "##### Start VES with DMAAP simulator #####"
+ docker-compose up -d
+ @echo "##### DONE #####"
+
+stop:
+ @echo "##### Stop VES with DMAAP simulator #####"
+ docker-compose down
+ @echo "##### DONE #####"
+
+health-check:
+ @echo "##### Health check #####\n"
+
+ @echo "##### DMAAP simulator is ready #####\n"
+ curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://localhost:3904/events
+
+ @echo "\n\n##### VES is ready #####\n"
+ curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET GET http://localhost:8080/healthcheck
+ @echo "\n\n##### DONE #####"
diff --git a/sanitycheck/ves/README.md b/sanitycheck/ves/README.md
new file mode 100644
index 0000000..fc9e5dc
--- /dev/null
+++ b/sanitycheck/ves/README.md
@@ -0,0 +1,22 @@
+VES with DMAAP simulator
+------------------------
+
+### Prerequisites
+* DMaaP Simulator image available.
+
+See README.md in dmaap-simulator directory
+
+### Start
+```
+make start
+```
+
+### Health check
+```
+make health-check
+```
+
+### Stop
+```
+make stop
+```
diff --git a/sanitycheck/ves/docker-compose.yml b/sanitycheck/ves/docker-compose.yml
new file mode 100644
index 0000000..d9666d8
--- /dev/null
+++ b/sanitycheck/ves/docker-compose.yml
@@ -0,0 +1,20 @@
+version: '3'
+services:
+ ves:
+ container_name: ves
+ image: nexus3.onap.org:10003/onap/org.onap.dcaegen2.collectors.ves.vescollector:latest
+ ports:
+ - "8080:8080"
+ - "8443:8443"
+ networks:
+ - vesnetwork
+ onap-dmaap:
+ container_name: dmaap
+ image: dmaap-simulator
+ ports:
+ - "3904:3904"
+ networks:
+ - vesnetwork
+networks:
+ vesnetwork:
+ driver: bridge
diff --git a/sanitycheck/vesclient-secured/README.md b/sanitycheck/vesclient-secured/README.md
new file mode 100644
index 0000000..f791afb
--- /dev/null
+++ b/sanitycheck/vesclient-secured/README.md
@@ -0,0 +1,11 @@
+Standalone VES client configuration for HTTPS communication with VES
+------------------------
+
+This directory contains files for secured VES client deployments, which will use certificates for HTTPS communication with VES.
+
+Currently, there are two ways for VES client to fetch certificates:
+* Using AAF Certman
+* Using OOM CertService (CMPv2)
+
+Both ways are described in `certman` and `certservice` directories respectively
+
diff --git a/sanitycheck/vesclient-secured/certman/Makefile b/sanitycheck/vesclient-secured/certman/Makefile
new file mode 100644
index 0000000..d75b5d0
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certman/Makefile
@@ -0,0 +1,8 @@
+default:
+ @echo "There is no default target. Use: make <specific_target>"
+
+start-ves-client:
+ docker-compose -f docker-compose.yml up
+
+clean-ves-client:
+ docker-compose -f docker-compose.yml down
diff --git a/sanitycheck/vesclient-secured/certman/README.md b/sanitycheck/vesclient-secured/certman/README.md
new file mode 100644
index 0000000..92985f8
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certman/README.md
@@ -0,0 +1,91 @@
+## Fetching from AAF Certman
+This readme describes how to run VES client with certificates fetched using AAF Certman
+
+### Description
+
+docker-compose.yml prepares VES client container for HTTPS communication with VES.
+
+When docker-compose starts certs-init container fills connected volume with certificates, truststores, keystores,
+passwords etc. Next ves-client container starts and connects to the same volume. On startup it should read password
+values from proper files and set them in system environment variables. With these variables and files in volume
+application is ready to work on HTTPS.
+
+### Prerequisites
+
+certs-init container works with external AAF on cloud. Due to that fact it must have set correct IPs to workers that
+has access to AAF. In docker-compose.yml fields with mentioned IPs are:
+
+ * aaf-locate.onap
+ * aaf-cm.onap
+ * aaf-service.onap
+
+### Start
+
+Run VES client:
+
+```
+make start-ves-client
+```
+
+### Send event
+
+**ATTENTION**
+
+``sanitycheck/events/eventToVes.json`` file which is request for sending event to VES must have correct ``vesServerURL``
+field before sending event.
+IP of ``vesServerURL`` should be the same as given in docker-compose-certman.yml in ``aaf-locate.onap`` field.
+To use secured connection remember about setting protocol to https:// and port to proper secured port of VES.
+
+To send event from VES client to VES use this command from ``ne-simulator/sanitycheck`` directory:
+
+````
+make generate-event
+````
+
+Sample ``sanitycheck/events/eventToVes.json`` file content is:
+
+```json
+{
+ "vesServerUrl": "https://10.183.35.177:30417/eventListener/v7",
+ "event": {
+ "event": {
+ "commonEventHeader": {
+ "version": "4.0.1",
+ "vesEventListenerVersion": "7.0.1",
+ "domain": "fault",
+ "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion",
+ "eventId": "fault0000245",
+ "sequence": 1,
+ "priority": "High",
+ "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234",
+ "reportingEntityName": "ibcx0001vm002oam001",
+ "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014",
+ "sourceName": "scfx0001vm002cap001",
+ "nfVendorName": "Ericsson",
+ "nfNamingCode": "scfx",
+ "nfcNamingCode": "ssc",
+ "startEpochMicrosec": 1413378172000000,
+ "lastEpochMicrosec": 1413378172000000,
+ "timeZoneOffset": "UTC-05:30"
+ },
+ "faultFields": {
+ "faultFieldsVersion": "4.0",
+ "alarmCondition": "PilotNumberPoolExhaustion",
+ "eventSourceType": "other",
+ "specificProblem": "Calls cannot complete - pilot numbers are unavailable",
+ "eventSeverity": "CRITICAL",
+ "vfStatus": "Active",
+ "alarmAdditionalInformation": {
+ "PilotNumberPoolSize": "1000"
+ }
+ }
+ }
+ }
+}
+```
+
+### Stop
+To remove VES client containers use:
+```
+make clean-ves-client
+```
diff --git a/sanitycheck/vesclient-secured/certman/docker-compose.yml b/sanitycheck/vesclient-secured/certman/docker-compose.yml
new file mode 100644
index 0000000..2714751
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certman/docker-compose.yml
@@ -0,0 +1,69 @@
+version: '3'
+
+networks:
+ tls-init-network:
+
+volumes:
+ certs-volume:
+
+services:
+ certs-init:
+ image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ extra_hosts:
+ #set worker IP with access to AAF
+ aaf-locate.onap: <WORKER_IP> #for example 10.183.35.177
+ aaf-cm.onap: <WORKER_IP> #for example 10.183.35.177
+ aaf-service.onap: <WORKER_IP> #for example 10.183.35.177
+ environment:
+ - aaf_locate_url=https://aaf-locate.onap:31111
+ - aaf_url_cm=https://aaf-cm.onap:31114
+ - aaf_url=https://aaf-service.onap:31110
+ networks:
+ - tls-init-network
+ volumes:
+ - certs-volume:/opt/app/osaaf
+ mongo:
+ image: mongo
+ restart: always
+ environment:
+ MONGO_INITDB_ROOT_USERNAME: root
+ MONGO_INITDB_ROOT_PASSWORD: zXcVbN123!
+ MONGO_INITDB_DATABASE: pnf_simulator
+ networks:
+ - tls-init-network
+ volumes:
+ - ../../../../ves-client/db:/docker-entrypoint-initdb.d
+ ports:
+ - "27017:27017"
+
+ mongo-express:
+ image: mongo-express
+ restart: always
+ ports:
+ - 8081:8081
+ networks:
+ - tls-init-network
+ environment:
+ ME_CONFIG_MONGODB_ADMINUSERNAME: root
+ ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123!
+
+ ves-client:
+ image: onap/org.onap.integration.nfsimulator.vesclient
+ ports:
+ - "5000:5000"
+ command: bash -c "
+ while [[ $$(ls -1 /app/store | wc -l) != '10' ]]; do echo 'Waiting for certs...'; sleep 3; done
+ && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main
+ "
+ volumes:
+ - ../../../../ves-client/logs:/var/log
+ - ../../../../ves-client/templates:/app/templates
+ - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties
+ - certs-volume:/app/store
+ networks:
+ - tls-init-network
+ restart: on-failure
+ depends_on:
+ - certs-init
+ - mongo
+ - mongo-express
diff --git a/sanitycheck/vesclient-secured/certservice/Makefile b/sanitycheck/vesclient-secured/certservice/Makefile
new file mode 100644
index 0000000..0f41b0e
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/Makefile
@@ -0,0 +1,59 @@
+default:
+ @echo "There is no default target. Use: make <specific_target>"
+
+setup-env: --start-certservice-and-ejbca --run-certservice-clients --start-local-secured-ves
+
+start-ves-client:
+ docker-compose -f docker-compose-vesclient.yml up
+
+restart-ves-client: --clean-ves-client start-ves-client
+
+clean-all: --clean-ves-client --clean-env
+
+
+--start-certservice-and-ejbca: --create-certservice-internal-certs --start-certservice-ejbca-containers --configure-ejbca
+
+--start-certservice-ejbca-containers:
+ docker-compose -f docker-compose-certservice-ejbca.yml up -d
+
+--create-certservice-internal-certs:
+ make -C resources/certs all
+
+--configure-ejbca: --wait-for-ejbca --run-ejbca-script
+
+--wait-for-ejbca:
+ @echo 'Waiting for EJBCA... It may take a minute or two'
+ until docker container inspect oomcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done
+
+--run-ejbca-script:
+ docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+
+--run-certservice-clients: --create-client-volumes
+ docker-compose -f docker-compose-certservice-clients.yml up -d
+ @echo 'Waiting for client certifiactes...'
+ @until ls -1 ./resources/certservice-client/client-volume-for-vesclient | grep "store" 1>/dev/null; do sleep 3; done
+ @until ls -1 ./resources/certservice-client/client-volume-for-ves | grep "store" 1>/dev/null; do sleep 3; done
+ @until ls -1 ./resources/certservice-client/client-volume-for-httpserver | grep "store" 1>/dev/null; do sleep 3; done
+
+--create-client-volumes:
+ mkdir -p ./resources/certservice-client/client-volume-for-vesclient -m 777
+ mkdir -p ./resources/certservice-client/client-volume-for-ves -m 777
+ mkdir -p ./resources/certservice-client/client-volume-for-httpserver -m 777
+
+--start-local-secured-ves:
+ docker-compose -f docker-compose-ves-dmaap.yml up
+
+--clean-ves-client:
+ docker-compose -f docker-compose-vesclient.yml down
+ rm -rf ./resources/certservice-client/client-volume-for-vesclient || true
+ rm -rf ./resources/certservice-client/client-volume-for-httpserver || true
+
+
+--clean-env:
+ docker-compose -f docker-compose-ves-dmaap.yml down
+ docker-compose -f docker-compose-certservice-clients.yml down
+ rm -rf ./resources/certservice-client/client-volume-for-vesclient || true
+ rm -rf ./resources/certservice-client/client-volume-for-ves || true
+ rm -rf ./resources/certservice-client/client-volume-for-httpserver || true
+ docker-compose -f docker-compose-certservice-ejbca.yml down
+ make -C resources/certs clear
diff --git a/sanitycheck/vesclient-secured/certservice/README.md b/sanitycheck/vesclient-secured/certservice/README.md
new file mode 100644
index 0000000..27f68ef
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/README.md
@@ -0,0 +1,85 @@
+## Fetching certificates from OOM CertService (CMPv2)
+This readme describes how to run VES client with certificates fetched using OOM CertService (CMPv2)
+
+### Description
+
+Using Makefile in this directory following can be achieved:
+
+* Setup environment for VES client, i.e.:
+ * Create certificates that will be used for internal communication between CertService and CertService Clients.
+ Generated internal certificates should be present in `resources/certs` directory.
+ * Start and configure EJBCA
+ * Start and configure AAF Cert Service.
+ * Run Cert Service Clients to fetch certificates for VES and VES client. Certificates will be stored for the
+ components in `resources/certservice-client/client-volume-for-ves`
+ and `resources/certservice-client/client-volume-for-vesclient` accordingly.
+ * Start VES and DMaaP Simulator. Fetched certificates will be mounted to VES.
+
+* Start VES client. Fetched certificates will be mounted to VES client.
+* Clean up.
+
+### Prerequisites
+##### VES collector local deployment prerequisites
+
+By default, the image of VES from Nexus supports only HTTP communication. A local image with enabled HTTPS must be build
+to use local VES as VES client destination.
+
+1. Pull VES repository
+2. In `<VES_PROJECT_ROOT>/etc/collector.properties` file set field `auth.method=certBasicAuth`
+3. Build a local image: `mvn clean install docker:build` from VES project root directory.
+
+Local VES deployment uses also DMaaP simulator. Its image should be built locally as well.
+1. Go to `sanitycheck/dmaap-simulator` directory
+2. Run: `make build`
+
+### Setup environment
+To set up whole environment for VES client, i.e.:
+- deploy and configure EJBCA
+- deploy Cert Service
+- fetch certificates for VES and VES client using Cert Service clients
+- run DMaaP Simulator
+- run VES with fetched certificates
+
+execute:
+````
+make setup-env
+````
+Note that this command setups whole environment besides VES client itself.
+
+## Run VES client
+To run VES client execute:
+````
+make start-ves-client
+````
+VES client starts together with the http server.
+This command starts VES client with certificates fetched using CertService (certificates are fetched in the previous
+step)
+
+### Send event
+
+
+Configure VES client to use proper VES URL by executing this command from ``nf-simulator/sanitycheck`` directory:
+
+ TIP: edit vesAddressConfigure.json and set "vesServerUrl": "https://172.17.0.1:8443/eventListener/v7"
+
+```
+make reconfigure-ves-url
+```
+
+Send an event from VES client to VES by executing this command from ``nf-simulator/sanitycheck`` directory:
+```
+make generate-event
+```
+
+### Restart VES client
+
+To restart only VES client execute:
+```
+make restart-ves-client
+```
+
+### Clean up
+To clean all generated certificates, remove VES client, CertService, EJBCA, VES and DMaaP Simulator containers:
+```
+make clean-all
+```
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml
new file mode 100644
index 0000000..d721561
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml
@@ -0,0 +1,39 @@
+version: "2.1"
+
+networks:
+ onap:
+ external: true
+
+services:
+ oom-cert-client-ves:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1
+ container_name: oomcert-client-for-ves
+ env_file: ./resources/certservice-client/client-configuration-for-ves.env
+ networks:
+ - onap
+ volumes:
+ - ./resources/certservice-client/client-volume-for-ves:/var/certs:rw
+ - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+
+ oom-cert-client-vesclient:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1
+ container_name: oomcert-client
+ env_file: ./resources/certservice-client/client-configuration-for-vesclient.env
+ networks:
+ - onap
+ volumes:
+ - ./resources/certservice-client/client-volume-for-vesclient:/var/certs:rw
+ - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+
+ oom-cert-client-httpserver:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1
+ container_name: oomcert-client-for-httpserver
+ env_file: ./resources/certservice-client/client-configuration-for-httpserver.env
+ networks:
+ - onap
+ volumes:
+ - ./resources/certservice-client/client-volume-for-httpserver:/var/certs:rw
+ - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml
new file mode 100644
index 0000000..a400eb9
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml
@@ -0,0 +1,47 @@
+version: "2.1"
+
+networks:
+ onap:
+ driver: bridge
+ name: onap
+ public:
+ driver: bridge
+ name: public
+
+services:
+ ejbca:
+ image: primekey/ejbca-ce:6.15.2.5
+ hostname: cahostname
+ container_name: oomcert-ejbca
+ ports:
+ - "80:8080"
+ - "443:8443"
+ volumes:
+ - ./resources/ejbca/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth" ]
+ interval: 10s
+ timeout: 3s
+ retries: 15
+ networks:
+ - onap
+
+ oom-cert-service:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.1
+ volumes:
+ - ./resources/certservice/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json
+ - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./resources/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+ - ./resources/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+ - ./resources/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+ container_name: oomcert-service
+ ports:
+ - "8443:8443"
+ healthcheck:
+ test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+ interval: 10s
+ timeout: 3s
+ retries: 15
+ networks:
+ - onap
+ - public
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml
new file mode 100644
index 0000000..86f0202
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml
@@ -0,0 +1,33 @@
+version: "2.1"
+
+networks:
+ public:
+ external: true
+ onap:
+ external: true
+
+services:
+ ves:
+ container_name: ves
+ image: nexus3.onap.org:10003/onap/org.onap.dcaegen2.collectors.ves.vescollector:latest
+ ports:
+ - "8082:8080"
+ - "8444:8443"
+ networks:
+ - onap
+ - public
+ volumes:
+ - ./resources/certservice-client/client-volume-for-ves/keystore.jks:/opt/app/VESCollector/etc/keystore
+ - ./resources/certservice-client/client-volume-for-ves/keystore.pass:/opt/app/VESCollector/etc/passwordfile
+ - ./resources/certservice-client/client-volume-for-ves/truststore.jks:/opt/app/VESCollector/etc/truststore
+ - ./resources/certservice-client/client-volume-for-ves/truststore.pass:/opt/app/VESCollector/etc/trustpasswordfile
+ depends_on:
+ - onap-dmaap
+
+ onap-dmaap:
+ container_name: dmaap
+ image: dmaap-simulator
+ ports:
+ - "3904:3904"
+ networks:
+ - onap
diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml
new file mode 100644
index 0000000..f99330b
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml
@@ -0,0 +1,86 @@
+version: "2.1"
+
+networks:
+ ves-client:
+ driver: bridge
+ name: ves-client
+ public:
+ external: true
+ onap:
+ external: true
+
+services:
+ mongo:
+ image: mongo
+ restart: always
+ networks:
+ - ves-client
+ environment:
+ MONGO_INITDB_ROOT_USERNAME: root
+ MONGO_INITDB_ROOT_PASSWORD: zXcVbN123!
+ MONGO_INITDB_DATABASE: pnf_simulator
+ volumes:
+ - ../../../../ves-client/db:/docker-entrypoint-initdb.d
+ ports:
+ - "27017:27017"
+
+ mongo-express:
+ image: mongo-express
+ restart: always
+ networks:
+ - ves-client
+ ports:
+ - 8081:8081
+ environment:
+ ME_CONFIG_MONGODB_ADMINUSERNAME: root
+ ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123!
+
+ http-server:
+ image: nexus3.onap.org:10003/onap/org.onap.integration.nfsimulator.pmhttpsserver
+ ports:
+ - "8080:8080"
+ - "32000:32000"
+ - "32080:80"
+ - "32100:32100"
+ - "32443:443"
+ networks:
+ - ves-client
+ - public
+ volumes:
+ - ~/httpservervolumes/:/usr/local/apache2/htdocs
+ - ../../../httpserver/logs:/var/log/apache2
+ - ./resources/certservice-client/client-volume-for-httpserver/:/etc/apache2/certs/
+ command: bash -c "
+ echo 'Http Server start';
+ while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done;
+ chmod 777 /usr/local/apache2/htdocs;
+ cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php;
+ touch /usr/local/apache2/htdocs/index.html;
+ /usr/sbin/apache2ctl -D FOREGROUND;
+ "
+ restart: on-failure
+
+ ves-client:
+ image: onap/org.onap.integration.nfsimulator.vesclient
+ ports:
+ - "5000:5000"
+ networks:
+ - ves-client
+ - public
+ command: bash -c "
+ while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done
+ && cp /app/store/truststore.p12 /app/store/trust.jks
+ && cp /app/store/keystore.p12 /app/store/cert.p12
+ && cp /app/store/keystore.pass /app/store/p12.pass
+ && cp /app/store/truststore.pass /app/store/trust.pass
+ && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main
+ "
+ volumes:
+ - ../../../../ves-client/logs:/var/log
+ - ../../../../ves-client/templates:/app/templates
+ - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties
+ - ./resources/certservice-client/client-volume-for-vesclient/:/app/store/
+ restart: on-failure
+ depends_on:
+ - mongo
+ - mongo-express
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore b/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore
new file mode 100644
index 0000000..385dcde
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore
@@ -0,0 +1,3 @@
+*.jks
+*.p12
+*.crt
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile b/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile
new file mode 100644
index 0000000..507a23c
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile
@@ -0,0 +1,109 @@
+all: clear step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15
+.PHONY: all
+#Clear certificates
+clear:
+ @echo "Clear certificates"
+ rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 root-keystore.jks
+ @echo "#####done#####"
+
+#Generate root private and public keys
+step_1:
+ @echo "Generate root private and public keys"
+ keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+ -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+ -storepass secret -ext BasicConstraints:critical="ca:true"
+ @echo "#####done#####"
+
+#Export public key as certificate
+step_2:
+ @echo "(Export public key as certificate)"
+ keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+ @echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+step_3:
+ @echo "(Self-signed root (import root certificate into truststore))"
+ keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+ @echo "#####done#####"
+
+#Generate certService's client private and public keys
+step_4:
+ @echo "Generate certService's client private and public keys"
+ keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \
+ -keystore certServiceClient-keystore.jks -storetype JKS \
+ -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret
+ @echo "####done####"
+
+#Generate certificate signing request for certService's client
+step_5:
+ @echo "Generate certificate signing request for certService's client"
+ keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+ @echo "####done####"
+
+#Sign certService's client certificate by root CA
+step_6:
+ @echo "Sign certService's client certificate by root CA"
+ keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+ -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
+ @echo "####done####"
+
+#Import root certificate into client
+step_7:
+ @echo "Import root certificate into intermediate"
+ cat root.crt >> certServiceClientByRoot.crt
+ @echo "####done####"
+
+#Import signed certificate into certService's client
+step_8:
+ @echo "Import signed certificate into certService's client"
+ keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+ @echo "####done####"
+
+#Generate certService private and public keys
+step_9:
+ @echo "Generate certService private and public keys"
+ keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+ -keystore certServiceServer-keystore.jks -storetype JKS \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+ @echo "####done####"
+
+#Generate certificate signing request for certService
+step_10:
+ @echo "Generate certificate signing request for certService"
+ keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+ @echo "####done####"
+
+#Sign certService certificate by root CA
+step_11:
+ @echo "Sign certService certificate by root CA"
+ keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+ @echo "####done####"
+
+#Import root certificate into server
+step_12:
+ @echo "Import root certificate into intermediate(server)"
+ cat root.crt >> certServiceServerByRoot.crt
+ @echo "####done####"
+
+#Import signed certificate into certService
+step_13:
+ @echo "Import signed certificate into certService"
+ keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+ -storepass secret -noprompt
+ @echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+step_14:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Clear unused certificates
+step_15:
+ @echo "Clear unused certificates"
+ rm certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ @echo "#####done#####"
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore
new file mode 100644
index 0000000..ef10692
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore
@@ -0,0 +1,3 @@
+client-volume-for-httpserver
+client-volume-for-vesclient
+client-volume-for-ves
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env
new file mode 100644
index 0000000..8e8eb34
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env
@@ -0,0 +1,18 @@
+#Client envs
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=PEM
+#Csr config envs
+COMMON_NAME=httpserver-onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+#Tls config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env
new file mode 100644
index 0000000..e06d147
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env
@@ -0,0 +1,19 @@
+#Client envs
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=JKS
+#Csr config envs
+COMMON_NAME=ves-onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=ves
+#Tls config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env
new file mode 100644
index 0000000..c5f33b6
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env
@@ -0,0 +1,18 @@
+#Client envs
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=P12
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+#Tls config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json b/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json
new file mode 100644
index 0000000..7256494
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json
@@ -0,0 +1,24 @@
+{
+ "cmpv2Servers": [
+ {
+ "caName": "Client",
+ "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
+ "issuerDN": "CN=ManagementCA",
+ "caMode": "CLIENT",
+ "authentication": {
+ "iak": "mypassword",
+ "rv": "mypassword"
+ }
+ },
+ {
+ "caName": "RA",
+ "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+ "issuerDN": "CN=ManagementCA",
+ "caMode": "RA",
+ "authentication": {
+ "iak": "mypassword",
+ "rv": "mypassword"
+ }
+ }
+ ]
+}
diff --git a/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh b/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh
new file mode 100755
index 0000000..77f5c55
--- /dev/null
+++ b/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+configureEjbca() {
+ ejbca.sh config cmp addalias --alias cmpRA
+ ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
+ ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp dumpalias --alias cmpRA
+ ejbca.sh config cmp addalias --alias cmp
+ ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
+ ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
+ ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED
+ ejbca.sh ra setclearpwd --username Node123 --password mypassword
+ ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
+ ejbca.sh config cmp dumpalias --alias cmp
+ ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+}
+
+configureEjbca