diff options
Diffstat (limited to 'sanitycheck/vesclient-secured/certman')
-rw-r--r-- | sanitycheck/vesclient-secured/certman/Makefile | 8 | ||||
-rw-r--r-- | sanitycheck/vesclient-secured/certman/README.md | 91 | ||||
-rw-r--r-- | sanitycheck/vesclient-secured/certman/docker-compose.yml | 69 |
3 files changed, 168 insertions, 0 deletions
diff --git a/sanitycheck/vesclient-secured/certman/Makefile b/sanitycheck/vesclient-secured/certman/Makefile new file mode 100644 index 0000000..d75b5d0 --- /dev/null +++ b/sanitycheck/vesclient-secured/certman/Makefile @@ -0,0 +1,8 @@ +default: + @echo "There is no default target. Use: make <specific_target>" + +start-ves-client: + docker-compose -f docker-compose.yml up + +clean-ves-client: + docker-compose -f docker-compose.yml down diff --git a/sanitycheck/vesclient-secured/certman/README.md b/sanitycheck/vesclient-secured/certman/README.md new file mode 100644 index 0000000..92985f8 --- /dev/null +++ b/sanitycheck/vesclient-secured/certman/README.md @@ -0,0 +1,91 @@ +## Fetching from AAF Certman +This readme describes how to run VES client with certificates fetched using AAF Certman + +### Description + +docker-compose.yml prepares VES client container for HTTPS communication with VES. + +When docker-compose starts certs-init container fills connected volume with certificates, truststores, keystores, +passwords etc. Next ves-client container starts and connects to the same volume. On startup it should read password +values from proper files and set them in system environment variables. With these variables and files in volume +application is ready to work on HTTPS. + +### Prerequisites + +certs-init container works with external AAF on cloud. Due to that fact it must have set correct IPs to workers that +has access to AAF. In docker-compose.yml fields with mentioned IPs are: + + * aaf-locate.onap + * aaf-cm.onap + * aaf-service.onap + +### Start + +Run VES client: + +``` +make start-ves-client +``` + +### Send event + +**ATTENTION** + +``sanitycheck/events/eventToVes.json`` file which is request for sending event to VES must have correct ``vesServerURL`` +field before sending event. +IP of ``vesServerURL`` should be the same as given in docker-compose-certman.yml in ``aaf-locate.onap`` field. +To use secured connection remember about setting protocol to https:// and port to proper secured port of VES. + +To send event from VES client to VES use this command from ``ne-simulator/sanitycheck`` directory: + +```` +make generate-event +```` + +Sample ``sanitycheck/events/eventToVes.json`` file content is: + +```json +{ + "vesServerUrl": "https://10.183.35.177:30417/eventListener/v7", + "event": { + "event": { + "commonEventHeader": { + "version": "4.0.1", + "vesEventListenerVersion": "7.0.1", + "domain": "fault", + "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion", + "eventId": "fault0000245", + "sequence": 1, + "priority": "High", + "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234", + "reportingEntityName": "ibcx0001vm002oam001", + "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014", + "sourceName": "scfx0001vm002cap001", + "nfVendorName": "Ericsson", + "nfNamingCode": "scfx", + "nfcNamingCode": "ssc", + "startEpochMicrosec": 1413378172000000, + "lastEpochMicrosec": 1413378172000000, + "timeZoneOffset": "UTC-05:30" + }, + "faultFields": { + "faultFieldsVersion": "4.0", + "alarmCondition": "PilotNumberPoolExhaustion", + "eventSourceType": "other", + "specificProblem": "Calls cannot complete - pilot numbers are unavailable", + "eventSeverity": "CRITICAL", + "vfStatus": "Active", + "alarmAdditionalInformation": { + "PilotNumberPoolSize": "1000" + } + } + } + } +} +``` + +### Stop +To remove VES client containers use: +``` +make clean-ves-client +``` diff --git a/sanitycheck/vesclient-secured/certman/docker-compose.yml b/sanitycheck/vesclient-secured/certman/docker-compose.yml new file mode 100644 index 0000000..2714751 --- /dev/null +++ b/sanitycheck/vesclient-secured/certman/docker-compose.yml @@ -0,0 +1,69 @@ +version: '3' + +networks: + tls-init-network: + +volumes: + certs-volume: + +services: + certs-init: + image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + extra_hosts: + #set worker IP with access to AAF + aaf-locate.onap: <WORKER_IP> #for example 10.183.35.177 + aaf-cm.onap: <WORKER_IP> #for example 10.183.35.177 + aaf-service.onap: <WORKER_IP> #for example 10.183.35.177 + environment: + - aaf_locate_url=https://aaf-locate.onap:31111 + - aaf_url_cm=https://aaf-cm.onap:31114 + - aaf_url=https://aaf-service.onap:31110 + networks: + - tls-init-network + volumes: + - certs-volume:/opt/app/osaaf + mongo: + image: mongo + restart: always + environment: + MONGO_INITDB_ROOT_USERNAME: root + MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! + MONGO_INITDB_DATABASE: pnf_simulator + networks: + - tls-init-network + volumes: + - ../../../../ves-client/db:/docker-entrypoint-initdb.d + ports: + - "27017:27017" + + mongo-express: + image: mongo-express + restart: always + ports: + - 8081:8081 + networks: + - tls-init-network + environment: + ME_CONFIG_MONGODB_ADMINUSERNAME: root + ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123! + + ves-client: + image: onap/org.onap.integration.nfsimulator.vesclient + ports: + - "5000:5000" + command: bash -c " + while [[ $$(ls -1 /app/store | wc -l) != '10' ]]; do echo 'Waiting for certs...'; sleep 3; done + && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main + " + volumes: + - ../../../../ves-client/logs:/var/log + - ../../../../ves-client/templates:/app/templates + - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties + - certs-volume:/app/store + networks: + - tls-init-network + restart: on-failure + depends_on: + - certs-init + - mongo + - mongo-express |