From 6b9990df40f2fac4184ae40fe4d0b441241da712 Mon Sep 17 00:00:00 2001 From: Bartosz Gardziejewski Date: Tue, 13 Apr 2021 11:21:40 +0200 Subject: Update sanitycheck Add new tests and update dmaap-simulator Signed-off-by: Bartosz Gardziejewski Issue-ID: INT-1869 Change-Id: Ibaba12467983d20e95015ed09964367a2baf81b0 --- sanitycheck/Makefile | 61 +++++++----- sanitycheck/README.md | 97 ++++++++++++------ sanitycheck/dmaap-simulator/Makefile | 5 + sanitycheck/dmaap-simulator/simulator.py | 6 ++ sanitycheck/events/eventToVes.json | 36 ------- sanitycheck/events/eventToVesWithHttpServer.json | 36 ------- sanitycheck/events/fewEventsToVes.json | 32 ------ .../events/fewEventsToVesWithHttpServer.json | 24 ----- sanitycheck/events/vesAddressConfiguration.json | 3 - sanitycheck/https-server/Makefile | 28 ++++++ sanitycheck/https-server/docker-compose.yml | 33 +++++++ .../events/eventToVesWithHttpServer.json | 36 +++++++ .../events/fewEventsToVesWithHttpServer.json | 24 +++++ .../E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz | Bin 0 -> 2046 bytes sanitycheck/netconf/Makefile | 22 +++++ sanitycheck/netconf/docker-compose.yml | 75 ++++++++++++++ .../netconf/test_models/models-configuration.ini | 2 + .../netconf/test_models/test-model.data.xml | 25 +++++ sanitycheck/netconf/test_models/test-model.yang | 10 ++ .../E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz | Bin 2046 -> 0 bytes sanitycheck/ves-client/Makefile | 28 ++++++ sanitycheck/ves-client/events/eventToVes.json | 36 +++++++ sanitycheck/ves-client/events/fewEventsToVes.json | 32 ++++++ .../ves-client/events/vesAddressConfiguration.json | 3 + sanitycheck/ves-client/vesclient-secured/README.md | 11 +++ .../ves-client/vesclient-secured/certman/Makefile | 8 ++ .../ves-client/vesclient-secured/certman/README.md | 91 +++++++++++++++++ .../vesclient-secured/certman/docker-compose.yml | 69 +++++++++++++ .../vesclient-secured/certservice/Makefile | 59 +++++++++++ .../vesclient-secured/certservice/README.md | 85 ++++++++++++++++ .../docker-compose-certservice-clients.yml | 39 ++++++++ .../docker-compose-certservice-ejbca.yml | 47 +++++++++ .../certservice/docker-compose-ves-dmaap.yml | 33 +++++++ .../certservice/docker-compose-vesclient.yml | 86 ++++++++++++++++ .../certservice/resources/certs/.gitignore | 3 + .../certservice/resources/certs/Makefile | 109 +++++++++++++++++++++ .../resources/certservice-client/.gitignore | 3 + .../client-configuration-for-httpserver.env | 18 ++++ .../client-configuration-for-ves.env | 19 ++++ .../client-configuration-for-vesclient.env | 18 ++++ .../resources/certservice/cmpServers.json | 24 +++++ .../resources/ejbca/ejbca-configuration.sh | 19 ++++ sanitycheck/ves/Makefile | 1 + sanitycheck/ves/docker-compose.yml | 17 +++- sanitycheck/vesclient-secured/README.md | 11 --- sanitycheck/vesclient-secured/certman/Makefile | 8 -- sanitycheck/vesclient-secured/certman/README.md | 91 ----------------- .../vesclient-secured/certman/docker-compose.yml | 69 ------------- sanitycheck/vesclient-secured/certservice/Makefile | 59 ----------- .../vesclient-secured/certservice/README.md | 85 ---------------- .../docker-compose-certservice-clients.yml | 39 -------- .../docker-compose-certservice-ejbca.yml | 47 --------- .../certservice/docker-compose-ves-dmaap.yml | 33 ------- .../certservice/docker-compose-vesclient.yml | 86 ---------------- .../certservice/resources/certs/.gitignore | 3 - .../certservice/resources/certs/Makefile | 109 --------------------- .../resources/certservice-client/.gitignore | 3 - .../client-configuration-for-httpserver.env | 18 ---- .../client-configuration-for-ves.env | 19 ---- .../client-configuration-for-vesclient.env | 18 ---- .../resources/certservice/cmpServers.json | 24 ----- .../resources/ejbca/ejbca-configuration.sh | 19 ---- 62 files changed, 1221 insertions(+), 933 deletions(-) delete mode 100644 sanitycheck/events/eventToVes.json delete mode 100644 sanitycheck/events/eventToVesWithHttpServer.json delete mode 100644 sanitycheck/events/fewEventsToVes.json delete mode 100644 sanitycheck/events/fewEventsToVesWithHttpServer.json delete mode 100644 sanitycheck/events/vesAddressConfiguration.json create mode 100644 sanitycheck/https-server/Makefile create mode 100644 sanitycheck/https-server/docker-compose.yml create mode 100644 sanitycheck/https-server/events/eventToVesWithHttpServer.json create mode 100644 sanitycheck/https-server/events/fewEventsToVesWithHttpServer.json create mode 100644 sanitycheck/https-server/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz create mode 100644 sanitycheck/netconf/Makefile create mode 100644 sanitycheck/netconf/docker-compose.yml create mode 100644 sanitycheck/netconf/test_models/models-configuration.ini create mode 100644 sanitycheck/netconf/test_models/test-model.data.xml create mode 100644 sanitycheck/netconf/test_models/test-model.yang delete mode 100644 sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz create mode 100644 sanitycheck/ves-client/Makefile create mode 100644 sanitycheck/ves-client/events/eventToVes.json create mode 100644 sanitycheck/ves-client/events/fewEventsToVes.json create mode 100644 sanitycheck/ves-client/events/vesAddressConfiguration.json create mode 100644 sanitycheck/ves-client/vesclient-secured/README.md create mode 100644 sanitycheck/ves-client/vesclient-secured/certman/Makefile create mode 100644 sanitycheck/ves-client/vesclient-secured/certman/README.md create mode 100644 sanitycheck/ves-client/vesclient-secured/certman/docker-compose.yml create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/Makefile create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/README.md create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-clients.yml create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-ves-dmaap.yml create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-vesclient.yml create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/.gitignore create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/Makefile create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/.gitignore create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env create mode 100644 sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice/cmpServers.json create mode 100755 sanitycheck/ves-client/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh delete mode 100644 sanitycheck/vesclient-secured/README.md delete mode 100644 sanitycheck/vesclient-secured/certman/Makefile delete mode 100644 sanitycheck/vesclient-secured/certman/README.md delete mode 100644 sanitycheck/vesclient-secured/certman/docker-compose.yml delete mode 100644 sanitycheck/vesclient-secured/certservice/Makefile delete mode 100644 sanitycheck/vesclient-secured/certservice/README.md delete mode 100644 sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml delete mode 100644 sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml delete mode 100644 sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml delete mode 100644 sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml delete mode 100644 sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore delete mode 100644 sanitycheck/vesclient-secured/certservice/resources/certs/Makefile delete mode 100644 sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore delete mode 100644 sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env delete mode 100644 sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env delete mode 100644 sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env delete mode 100644 sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json delete mode 100755 sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh diff --git a/sanitycheck/Makefile b/sanitycheck/Makefile index 85800a0..84b3483 100644 --- a/sanitycheck/Makefile +++ b/sanitycheck/Makefile @@ -8,48 +8,57 @@ build: @echo "##### DONE #####" start: build - @echo "##### start (dmaap sim,ves,ves-client sim) #####" + @echo "##### Starting #####" + make -C ./ves-client start make -C ves start - make -C ../../ves-client start + make -C ./https-server start + make -C ./netconf start @echo "##### DONE #####" stop: - @echo "##### Stop (dmaap sim,ves,ves-client sim) #####" + @echo "##### Stoping #####" make -C ves stop - make -C ../../ves-client stop + make -C ./https-server stop + make -C ./netconf stop + make -C ./ves-client stop + docker network rm nf-simulator-network @echo "##### DONE #####" -upload-file-http-server: - @echo "##### Upload file to Http server #####" - curl -F "uploaded_file=@./resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz" -u demo:demo123456! http://localhost:32080/upload.php - @echo "\n##### DONE #####" + +# ves client +reconfigure-ves-url: + make -C ./ves-client reconfigure-ves-url generate-event: - @echo "##### Trigger VES client to generate event #####" - curl -X POST http://localhost:5000/simulator/event -d @events/eventToVes.json --header "Content-Type: application/json" - @echo "\n##### DONE #####" + make -C ./ves-client generate-event -generate-event-http-server: - @echo "##### Trigger VES client to generate event with Http Server #####" - curl -X POST http://localhost:5000/simulator/event -d @events/eventToVesWithHttpServer.json --header "Content-Type: application/json" - @echo "\n##### DONE #####" +generate-multiple-events: + make -C ./ves-client generate-multiple-events -reconfigure-ves-url: - @echo "##### Change VES address configuration in VES client#####" - curl -X PUT http://localhost:5000/simulator/config -d @events/vesAddressConfiguration.json --header "Content-Type: application/json" - @echo "\n##### DONE #####" -generate-multiple-events: - @echo "\n##### Trigger VES client to generate multiple events #####" - curl -X POST http://localhost:5000/simulator/start -d @events/fewEventsToVes.json --header "Content-Type: application/json" - @echo "\n##### DONE #####" +# http server +upload-file-http-server: + make -C ./https-server upload-file-http-server + +generate-event-http-server: + make -C ./https-server generate-event-http-server generate-multiple-events-http-server: - @echo "\n##### Trigger VES client to generate multiple events with http server#####" - curl -X POST http://localhost:5000/simulator/start -d @events/fewEventsToVesWithHttpServer.json --header "Content-Type: application/json" - @echo "\n##### DONE #####" + make -C ./https-server generate-multiple-events-http-server + +# netconf server +change-config: + make -C ./netconf change-config + + +# dmaap check-dmaap: @echo "##### Check dmaap simulator for collected events #####" make -C dmaap-simulator get-data @echo "\n##### DONE #####" + +clean-dmaap: + @echo "##### Check dmaap simulator for collected events #####" + make -C dmaap-simulator clean-data + @echo "\n##### DONE #####" diff --git a/sanitycheck/README.md b/sanitycheck/README.md index 643db18..10f7cf1 100644 --- a/sanitycheck/README.md +++ b/sanitycheck/README.md @@ -1,68 +1,105 @@ -### Run test case ves client -> ves collector -> dmaap simulator +# Sanity check for NF simulator -### Prerequisites -* Check your docker network ip: -``` -ip a | grep docker0 | grep inet -``` -If the IP address is different than 172.17.0.1/16: -inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 +## Build and run NF simulator -You have to change the IP address in file events/vesAddressConfiguration.json -``` -{ - "vesServerUrl": "http://:8080/eventListener/v7" -} -``` +### 1. Build and start projects +**In order to start NF simulator for testing local images are required**: +- onap/org.onap.integration.nfsimulator.vesclient +- onap/org.onap.integration.nfsimulator.netconfserver +- onap/org.onap.integration.nfsimulator.avcnmanager +- onap/org.onap.integration.nfsimulator.pmhttpsserver -If you want use event with http server files: -``` -make upload-file-http-server -``` -### 1. Build Projects ``` make start ``` + ### 2. Reconfigure ves url +if this command returns `curl: (56) Recv failure: Connection reset by peer`, +it means VES-Client is not ready yet. Pleas try again after few seconds. ``` make reconfigure-ves-url ``` -### 2.1 Check dmaap sim should return empty list ``` make check-dmaap ``` -### 3. Send one event -### 3.1 Send events: + + +## Run test case: +### ves-client -> ves-collector -> dmaap-simulator + +### 1. Send one event ``` make generate-event ``` -send event with files from Http Server +dmaap should return list containing 1 event +``` +make check-dmaap +``` +``` +make clean-dmaap +``` +### 2. Send one http event ``` generate-event-http-server ``` -### 3.2 Check dmaap sim -should return list containing 1 event +dmaap should return list containing 1 event ``` make check-dmaap ``` -### 4. Send few events: -### 4.1 Send events +``` +make clean-dmaap +``` +### 3. Send few events: this will send 4 event with interval 1 second ``` make generate-multiple-events ``` +dmaap should return list containing 4 event, +if run least 4 seconds after `generate-multiple-events` +``` +make check-dmaap +``` +``` +make clean-dmaap +``` +### 3. Send few Http events: this event will send 2 events with files from Http Server with interval 5 second ``` make generate-multiple-events-http-server ``` -### 4.2 Check dmaap sim -should return list containing 5 event (1 from point 3.1 and 4 from point 4.1) +dmaap should return list containing 2 event, +if run least 10 seconds after `generate-multiple-events-http-server` +``` +make check-dmaap +``` +``` +make clean-dmaap +``` + + +## Run test case: +### netconf-server -> kafka -> avcn-manager -> ves-client -> ves-collector -> dmaap-simulator + +### 1. Change configuration of network model +This command will change configuration of test model. +In case new configuration is same as old, no event will be generated. +In that case please change numeric values in file +`./netconf/test_models/test-model.data.xml` +``` +make change-config +``` +dmaap should return list containing 3 event ``` make check-dmaap ``` -### 5. Clear environment +``` +make clean-dmaap +``` + + +## Stop project and clear environment ``` make stop ``` diff --git a/sanitycheck/dmaap-simulator/Makefile b/sanitycheck/dmaap-simulator/Makefile index af8f162..27aedcd 100644 --- a/sanitycheck/dmaap-simulator/Makefile +++ b/sanitycheck/dmaap-simulator/Makefile @@ -21,3 +21,8 @@ get-data: @echo "##### Get data fetched by dmaap-simulator #####\n" curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://localhost:3904/events @echo "\n\n##### DONE #####" + +clean-data: + @echo "##### Clean data saved by dmaap-simulator #####\n" + curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X DELETE http://localhost:3904/events + @echo "\n\n##### DONE #####" diff --git a/sanitycheck/dmaap-simulator/simulator.py b/sanitycheck/dmaap-simulator/simulator.py index 6a06266..136afb8 100644 --- a/sanitycheck/dmaap-simulator/simulator.py +++ b/sanitycheck/dmaap-simulator/simulator.py @@ -22,6 +22,12 @@ def get_events(): return resp +@app.route("/events", methods=['DELETE']) +def clear_events(): + events.clear() + return {}, 200 + + @app.route("/events/", methods=['GET']) def get_events_from_topic(topic): resp = Response(json.dumps(get_events_from_map(topic))) diff --git a/sanitycheck/events/eventToVes.json b/sanitycheck/events/eventToVes.json deleted file mode 100644 index 8d37f5a..0000000 --- a/sanitycheck/events/eventToVes.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "event": { - "event": { - "commonEventHeader": { - "version": "4.0.1", - "vesEventListenerVersion": "7.0.1", - "domain": "fault", - "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion", - "eventId": "fault0000245", - "sequence": 1, - "priority": "High", - "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234", - "reportingEntityName": "ibcx0001vm002oam001", - "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014", - "sourceName": "scfx0001vm002cap001", - "nfVendorName": "Ericsson", - "nfNamingCode": "scfx", - "nfcNamingCode": "ssc", - "startEpochMicrosec": 1413378172000000, - "lastEpochMicrosec": 1413378172000000, - "timeZoneOffset": "UTC-05:30" - }, - "faultFields": { - "faultFieldsVersion": "4.0", - "alarmCondition": "PilotNumberPoolExhaustion", - "eventSourceType": "other", - "specificProblem": "Calls cannot complete - pilot numbers are unavailable", - "eventSeverity": "CRITICAL", - "vfStatus": "Active", - "alarmAdditionalInformation": { - "PilotNumberPoolSize": "1000" - } - } - } - } -} diff --git a/sanitycheck/events/eventToVesWithHttpServer.json b/sanitycheck/events/eventToVesWithHttpServer.json deleted file mode 100644 index a5e0a27..0000000 --- a/sanitycheck/events/eventToVesWithHttpServer.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "event": { - "event": { - "commonEventHeader": { - "version": "4.0.1", - "vesEventListenerVersion": "7.0.1", - "domain": "notification", - "eventName": "Notification_gnb-Nokia_FileReady", - "eventId": "FileReady_1797490e-10ae-4d48-9ea7-3d7d790b25e1", - "lastEpochMicrosec": 8745745764578, - "priority": "Normal", - "reportingEntityName": "NOK6061ZW3", - "sequence": 0, - "sourceName": "NOK6061ZW3", - "startEpochMicrosec": 8745745764578, - "timeZoneOffset": "UTC+05.30" - }, - "notificationFields": { - "changeIdentifier": "PM_MEAS_FILES", - "changeType": "FileReady", - "notificationFieldsVersion": "2.0", - "arrayOfNamedHashMap": [ - { - "name": "C_28532_measData_pm_98.xml", - "hashMap": { - "location": "http://demo:demo123456!@localhost:32080/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz", - "compression": "gzip", - "fileFormatType": "org.3GPP.32.435#measCollec", - "fileFormatVersion": "V10" - } - } - ] - } - } - } -} diff --git a/sanitycheck/events/fewEventsToVes.json b/sanitycheck/events/fewEventsToVes.json deleted file mode 100644 index 9733469..0000000 --- a/sanitycheck/events/fewEventsToVes.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "simulatorParams": { - "repeatCount": 4, - "repeatInterval": 1 - }, - "templateName": "notification.json", - "patch": { - "event": { - "commonEventHeader": { - "domain": "notification", - "eventName": "vFirewallBroadcastPackets", - "eventId": "#RandomString(10)", - "priority": "Normal", - "reportingEntityName": "myVNF", - "sequence": 1, - "sourceName": "ClosedLoopVNF", - "startEpochMicrosec": 1531616794, - "lastEpochMicrosec": 1531719042, - "vesEventListenerVersion": "7.0.1", - "version": "4.0.1" - } - } - }, - "variables": { - "dN": "NRNB=5, NRCEL=1234", - "dn": "Test_dn", - "attributeList": { - "threshXHighQ": "50", - "threshXHighP": "52" - } - } -} diff --git a/sanitycheck/events/fewEventsToVesWithHttpServer.json b/sanitycheck/events/fewEventsToVesWithHttpServer.json deleted file mode 100644 index de3f100..0000000 --- a/sanitycheck/events/fewEventsToVesWithHttpServer.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "simulatorParams": { - "repeatCount": 2, - "repeatInterval": 5 - }, - "templateName": "notificationHttpServer.json", - "patch": { - "event": { - "commonEventHeader": { - "domain": "notification", - "eventName": "vFirewallBroadcastPackets", - "eventId": "#RandomString(10)", - "priority": "Normal", - "reportingEntityName": "myVNF", - "sequence": 1, - "sourceName": "ClosedLoopVNF", - "startEpochMicrosec": 1531616794, - "lastEpochMicrosec": 1531719042, - "vesEventListenerVersion": "7.0.1", - "version": "4.0.1" - } - } - } -} diff --git a/sanitycheck/events/vesAddressConfiguration.json b/sanitycheck/events/vesAddressConfiguration.json deleted file mode 100644 index 9c6aa22..0000000 --- a/sanitycheck/events/vesAddressConfiguration.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "vesServerUrl": "http://172.17.0.1:8080/eventListener/v7" -} diff --git a/sanitycheck/https-server/Makefile b/sanitycheck/https-server/Makefile new file mode 100644 index 0000000..00bd3d9 --- /dev/null +++ b/sanitycheck/https-server/Makefile @@ -0,0 +1,28 @@ +all: start + +.PHONY: start + +start: + @echo "##### Start HTTPS server #####" + docker-compose up -d + @echo "##### DONE #####" + +stop: + @echo "##### Stop HTTPS server #####" + docker-compose down + @echo "##### DONE #####" + +upload-file-http-server: + @echo "##### Upload file to Http server #####" + curl -F "uploaded_file=@./resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz" -u demo:demo123456! http://localhost:32080/upload.php + @echo "\n##### DONE #####" + +generate-event-http-server: + @echo "##### Trigger VES client to generate event with Http Server #####" + curl -X POST http://localhost:5000/simulator/event -d @events/eventToVesWithHttpServer.json --header "Content-Type: application/json" + @echo "\n##### DONE #####" + +generate-multiple-events-http-server: + @echo "\n##### Trigger VES client to generate multiple events with http server#####" + curl -X POST http://localhost:5000/simulator/start -d @events/fewEventsToVesWithHttpServer.json --header "Content-Type: application/json" + @echo "\n##### DONE #####" diff --git a/sanitycheck/https-server/docker-compose.yml b/sanitycheck/https-server/docker-compose.yml new file mode 100644 index 0000000..fabce9a --- /dev/null +++ b/sanitycheck/https-server/docker-compose.yml @@ -0,0 +1,33 @@ +version: "2.1" + +services: + + http-server: + image: onap/org.onap.integration.nfsimulator.pmhttpsserver + ports: + - "32080:80" + - "38080:8080" + - "32443:443" + - "32000:32000" + - "32100:32100" + networks: + - nf-simulator-network + volumes: + - ./volumes/httpservervolumes/:/usr/local/apache2/htdocs + - ./volumes/logs:/var/log/apache2 + command: bash -c " + echo 'Http Server start'; + while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done; + chmod 777 /usr/local/apache2/htdocs; + cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php; + touch /usr/local/apache2/htdocs/index.html; + /usr/sbin/apache2ctl -D FOREGROUND; + " + restart: on-failure + +# +# external network +networks: + nf-simulator-network: + external: + name: nf-simulator-network diff --git a/sanitycheck/https-server/events/eventToVesWithHttpServer.json b/sanitycheck/https-server/events/eventToVesWithHttpServer.json new file mode 100644 index 0000000..a5e0a27 --- /dev/null +++ b/sanitycheck/https-server/events/eventToVesWithHttpServer.json @@ -0,0 +1,36 @@ +{ + "event": { + "event": { + "commonEventHeader": { + "version": "4.0.1", + "vesEventListenerVersion": "7.0.1", + "domain": "notification", + "eventName": "Notification_gnb-Nokia_FileReady", + "eventId": "FileReady_1797490e-10ae-4d48-9ea7-3d7d790b25e1", + "lastEpochMicrosec": 8745745764578, + "priority": "Normal", + "reportingEntityName": "NOK6061ZW3", + "sequence": 0, + "sourceName": "NOK6061ZW3", + "startEpochMicrosec": 8745745764578, + "timeZoneOffset": "UTC+05.30" + }, + "notificationFields": { + "changeIdentifier": "PM_MEAS_FILES", + "changeType": "FileReady", + "notificationFieldsVersion": "2.0", + "arrayOfNamedHashMap": [ + { + "name": "C_28532_measData_pm_98.xml", + "hashMap": { + "location": "http://demo:demo123456!@localhost:32080/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz", + "compression": "gzip", + "fileFormatType": "org.3GPP.32.435#measCollec", + "fileFormatVersion": "V10" + } + } + ] + } + } + } +} diff --git a/sanitycheck/https-server/events/fewEventsToVesWithHttpServer.json b/sanitycheck/https-server/events/fewEventsToVesWithHttpServer.json new file mode 100644 index 0000000..de3f100 --- /dev/null +++ b/sanitycheck/https-server/events/fewEventsToVesWithHttpServer.json @@ -0,0 +1,24 @@ +{ + "simulatorParams": { + "repeatCount": 2, + "repeatInterval": 5 + }, + "templateName": "notificationHttpServer.json", + "patch": { + "event": { + "commonEventHeader": { + "domain": "notification", + "eventName": "vFirewallBroadcastPackets", + "eventId": "#RandomString(10)", + "priority": "Normal", + "reportingEntityName": "myVNF", + "sequence": 1, + "sourceName": "ClosedLoopVNF", + "startEpochMicrosec": 1531616794, + "lastEpochMicrosec": 1531719042, + "vesEventListenerVersion": "7.0.1", + "version": "4.0.1" + } + } + } +} diff --git a/sanitycheck/https-server/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz b/sanitycheck/https-server/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz new file mode 100644 index 0000000..3af5ea8 Binary files /dev/null and b/sanitycheck/https-server/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz differ diff --git a/sanitycheck/netconf/Makefile b/sanitycheck/netconf/Makefile new file mode 100644 index 0000000..b880202 --- /dev/null +++ b/sanitycheck/netconf/Makefile @@ -0,0 +1,22 @@ +all: start + +.PHONY: start + +start: + @echo "##### Start NETCONF server with AVCN manager #####" + docker-compose up -d + @echo "##### DONE #####" + +stop: + @echo "##### Stop NETCONF server with AVCN manager #####" + docker-compose down + @echo "##### DONE #####" + +health-check: + @echo "##### NETCONF simulator Health check #####\n" + curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://localhost:6555/readiness + +change-config: + @echo "##### Trigger config change for model test-model #####" + curl -X POST http://localhost:6555/change_config/test-model -d @test_models/test-model.data.xml --header "Content-Type: application/xml" + @echo "\n##### DONE #####" diff --git a/sanitycheck/netconf/docker-compose.yml b/sanitycheck/netconf/docker-compose.yml new file mode 100644 index 0000000..6db483d --- /dev/null +++ b/sanitycheck/netconf/docker-compose.yml @@ -0,0 +1,75 @@ +version: '3.5' + +services: + +# +# Kafka + + zookeeper: + image: wurstmeister/zookeeper + ports: + - "2181:2181" + networks: + - nf-simulator-network + + kafka1: + image: wurstmeister/kafka:1.1.0 + ports: + - "9092:9092" + hostname: kafka1 + networks: + - nf-simulator-network + environment: + KAFKA_ADVERTISED_PORT: 9092 + KAFKA_ADVERTISED_HOST_NAME: kafka1 + KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 + KAFKA_CREATE_TOPICS: "config:1:1" + KAFKA_DELETE_RETENTION_MS: 604800000 + KAFKA_LOG_CLEANER_DELETE_RETENTION_MS: 604800000 + depends_on: + - zookeeper + +# +# NETCONF - server + + netconf-server: + container_name: netconf-server + image: onap/org.onap.integration.nfsimulator.netconfserver:latest + ports: + - "830:830" + - "6513:6513" + - "6555:6555" + volumes: + - ./test_models:/resources/models + networks: + - nf-simulator-network + depends_on: + - zookeeper + - kafka1 + +# +# AVCN - manager + avcn-manager: + image: onap/org.onap.integration.nfsimulator.avcnmanager:latest + ports: + - "9090:8080" + restart: on-failure + hostname: avcn-manager + networks: + - nf-simulator-network + environment: + REST_CLIENT_VES_ENDPOINT: https://sample1:sample1@ves:8443/eventListener/v7 + KAFKA_BOOTSTRAP_SERVERS: kafka1:9092 + KAFKA_SOURCE_TOPIC: config + KAFKA_APPLICATION_ID: avcn-manager + REST_CLIENT_PNFSIMULATOR_ENDPOINT: http://ves-client:5000/simulator/start + depends_on: + - zookeeper + - kafka1 + +# +# external network +networks: + nf-simulator-network: + external: + name: nf-simulator-network diff --git a/sanitycheck/netconf/test_models/models-configuration.ini b/sanitycheck/netconf/test_models/models-configuration.ini new file mode 100644 index 0000000..1fee0aa --- /dev/null +++ b/sanitycheck/netconf/test_models/models-configuration.ini @@ -0,0 +1,2 @@ +[SUBSCRIPTION] +models = test-model diff --git a/sanitycheck/netconf/test_models/test-model.data.xml b/sanitycheck/netconf/test_models/test-model.data.xml new file mode 100644 index 0000000..8f30188 --- /dev/null +++ b/sanitycheck/netconf/test_models/test-model.data.xml @@ -0,0 +1,25 @@ + + + + 45 + 37 + 58 + diff --git a/sanitycheck/netconf/test_models/test-model.yang b/sanitycheck/netconf/test_models/test-model.yang new file mode 100644 index 0000000..0f4e699 --- /dev/null +++ b/sanitycheck/netconf/test_models/test-model.yang @@ -0,0 +1,10 @@ +module test-model { + namespace "http://onap.org/test-model"; + prefix config; + container config { + config true; + leaf itemValue1 {type uint32;} + leaf itemValue2 {type uint32;} + leaf itemValue3 {type uint32;} + } +} diff --git a/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz b/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz deleted file mode 100644 index 3af5ea8..0000000 Binary files a/sanitycheck/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz and /dev/null differ diff --git a/sanitycheck/ves-client/Makefile b/sanitycheck/ves-client/Makefile new file mode 100644 index 0000000..23f10b4 --- /dev/null +++ b/sanitycheck/ves-client/Makefile @@ -0,0 +1,28 @@ +all: start + +.PHONY: start + +start: + @echo "##### start (dmaap sim,ves,ves-client sim) #####" + make -C ../../ves-client start + @echo "##### DONE #####" + +stop: + @echo "##### Stop (dmaap sim,ves,ves-client sim) #####" + make -C ../../ves-client stop + @echo "##### DONE #####" + +reconfigure-ves-url: + @echo "##### Change VES address configuration in VES client#####" + curl -X PUT http://localhost:5000/simulator/config -d @events/vesAddressConfiguration.json --header "Content-Type: application/json" + @echo "\n##### DONE #####" + +generate-event: + @echo "##### Trigger VES client to generate event #####" + curl -X POST http://localhost:5000/simulator/event -d @events/eventToVes.json --header "Content-Type: application/json" + @echo "\n##### DONE #####" + +generate-multiple-events: + @echo "\n##### Trigger VES client to generate multiple events #####" + curl -X POST http://localhost:5000/simulator/start -d @events/fewEventsToVes.json --header "Content-Type: application/json" + @echo "\n##### DONE #####" diff --git a/sanitycheck/ves-client/events/eventToVes.json b/sanitycheck/ves-client/events/eventToVes.json new file mode 100644 index 0000000..8d37f5a --- /dev/null +++ b/sanitycheck/ves-client/events/eventToVes.json @@ -0,0 +1,36 @@ +{ + "event": { + "event": { + "commonEventHeader": { + "version": "4.0.1", + "vesEventListenerVersion": "7.0.1", + "domain": "fault", + "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion", + "eventId": "fault0000245", + "sequence": 1, + "priority": "High", + "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234", + "reportingEntityName": "ibcx0001vm002oam001", + "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014", + "sourceName": "scfx0001vm002cap001", + "nfVendorName": "Ericsson", + "nfNamingCode": "scfx", + "nfcNamingCode": "ssc", + "startEpochMicrosec": 1413378172000000, + "lastEpochMicrosec": 1413378172000000, + "timeZoneOffset": "UTC-05:30" + }, + "faultFields": { + "faultFieldsVersion": "4.0", + "alarmCondition": "PilotNumberPoolExhaustion", + "eventSourceType": "other", + "specificProblem": "Calls cannot complete - pilot numbers are unavailable", + "eventSeverity": "CRITICAL", + "vfStatus": "Active", + "alarmAdditionalInformation": { + "PilotNumberPoolSize": "1000" + } + } + } + } +} diff --git a/sanitycheck/ves-client/events/fewEventsToVes.json b/sanitycheck/ves-client/events/fewEventsToVes.json new file mode 100644 index 0000000..9733469 --- /dev/null +++ b/sanitycheck/ves-client/events/fewEventsToVes.json @@ -0,0 +1,32 @@ +{ + "simulatorParams": { + "repeatCount": 4, + "repeatInterval": 1 + }, + "templateName": "notification.json", + "patch": { + "event": { + "commonEventHeader": { + "domain": "notification", + "eventName": "vFirewallBroadcastPackets", + "eventId": "#RandomString(10)", + "priority": "Normal", + "reportingEntityName": "myVNF", + "sequence": 1, + "sourceName": "ClosedLoopVNF", + "startEpochMicrosec": 1531616794, + "lastEpochMicrosec": 1531719042, + "vesEventListenerVersion": "7.0.1", + "version": "4.0.1" + } + } + }, + "variables": { + "dN": "NRNB=5, NRCEL=1234", + "dn": "Test_dn", + "attributeList": { + "threshXHighQ": "50", + "threshXHighP": "52" + } + } +} diff --git a/sanitycheck/ves-client/events/vesAddressConfiguration.json b/sanitycheck/ves-client/events/vesAddressConfiguration.json new file mode 100644 index 0000000..c819637 --- /dev/null +++ b/sanitycheck/ves-client/events/vesAddressConfiguration.json @@ -0,0 +1,3 @@ +{ + "vesServerUrl": "https://sample1:sample1@ves:8443/eventListener/v7" +} diff --git a/sanitycheck/ves-client/vesclient-secured/README.md b/sanitycheck/ves-client/vesclient-secured/README.md new file mode 100644 index 0000000..f791afb --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/README.md @@ -0,0 +1,11 @@ +Standalone VES client configuration for HTTPS communication with VES +------------------------ + +This directory contains files for secured VES client deployments, which will use certificates for HTTPS communication with VES. + +Currently, there are two ways for VES client to fetch certificates: +* Using AAF Certman +* Using OOM CertService (CMPv2) + +Both ways are described in `certman` and `certservice` directories respectively + diff --git a/sanitycheck/ves-client/vesclient-secured/certman/Makefile b/sanitycheck/ves-client/vesclient-secured/certman/Makefile new file mode 100644 index 0000000..d75b5d0 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certman/Makefile @@ -0,0 +1,8 @@ +default: + @echo "There is no default target. Use: make " + +start-ves-client: + docker-compose -f docker-compose.yml up + +clean-ves-client: + docker-compose -f docker-compose.yml down diff --git a/sanitycheck/ves-client/vesclient-secured/certman/README.md b/sanitycheck/ves-client/vesclient-secured/certman/README.md new file mode 100644 index 0000000..92985f8 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certman/README.md @@ -0,0 +1,91 @@ +## Fetching from AAF Certman +This readme describes how to run VES client with certificates fetched using AAF Certman + +### Description + +docker-compose.yml prepares VES client container for HTTPS communication with VES. + +When docker-compose starts certs-init container fills connected volume with certificates, truststores, keystores, +passwords etc. Next ves-client container starts and connects to the same volume. On startup it should read password +values from proper files and set them in system environment variables. With these variables and files in volume +application is ready to work on HTTPS. + +### Prerequisites + +certs-init container works with external AAF on cloud. Due to that fact it must have set correct IPs to workers that +has access to AAF. In docker-compose.yml fields with mentioned IPs are: + + * aaf-locate.onap + * aaf-cm.onap + * aaf-service.onap + +### Start + +Run VES client: + +``` +make start-ves-client +``` + +### Send event + +**ATTENTION** + +``sanitycheck/events/eventToVes.json`` file which is request for sending event to VES must have correct ``vesServerURL`` +field before sending event. +IP of ``vesServerURL`` should be the same as given in docker-compose-certman.yml in ``aaf-locate.onap`` field. +To use secured connection remember about setting protocol to https:// and port to proper secured port of VES. + +To send event from VES client to VES use this command from ``ne-simulator/sanitycheck`` directory: + +```` +make generate-event +```` + +Sample ``sanitycheck/events/eventToVes.json`` file content is: + +```json +{ + "vesServerUrl": "https://10.183.35.177:30417/eventListener/v7", + "event": { + "event": { + "commonEventHeader": { + "version": "4.0.1", + "vesEventListenerVersion": "7.0.1", + "domain": "fault", + "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion", + "eventId": "fault0000245", + "sequence": 1, + "priority": "High", + "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234", + "reportingEntityName": "ibcx0001vm002oam001", + "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014", + "sourceName": "scfx0001vm002cap001", + "nfVendorName": "Ericsson", + "nfNamingCode": "scfx", + "nfcNamingCode": "ssc", + "startEpochMicrosec": 1413378172000000, + "lastEpochMicrosec": 1413378172000000, + "timeZoneOffset": "UTC-05:30" + }, + "faultFields": { + "faultFieldsVersion": "4.0", + "alarmCondition": "PilotNumberPoolExhaustion", + "eventSourceType": "other", + "specificProblem": "Calls cannot complete - pilot numbers are unavailable", + "eventSeverity": "CRITICAL", + "vfStatus": "Active", + "alarmAdditionalInformation": { + "PilotNumberPoolSize": "1000" + } + } + } + } +} +``` + +### Stop +To remove VES client containers use: +``` +make clean-ves-client +``` diff --git a/sanitycheck/ves-client/vesclient-secured/certman/docker-compose.yml b/sanitycheck/ves-client/vesclient-secured/certman/docker-compose.yml new file mode 100644 index 0000000..2714751 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certman/docker-compose.yml @@ -0,0 +1,69 @@ +version: '3' + +networks: + tls-init-network: + +volumes: + certs-volume: + +services: + certs-init: + image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + extra_hosts: + #set worker IP with access to AAF + aaf-locate.onap: #for example 10.183.35.177 + aaf-cm.onap: #for example 10.183.35.177 + aaf-service.onap: #for example 10.183.35.177 + environment: + - aaf_locate_url=https://aaf-locate.onap:31111 + - aaf_url_cm=https://aaf-cm.onap:31114 + - aaf_url=https://aaf-service.onap:31110 + networks: + - tls-init-network + volumes: + - certs-volume:/opt/app/osaaf + mongo: + image: mongo + restart: always + environment: + MONGO_INITDB_ROOT_USERNAME: root + MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! + MONGO_INITDB_DATABASE: pnf_simulator + networks: + - tls-init-network + volumes: + - ../../../../ves-client/db:/docker-entrypoint-initdb.d + ports: + - "27017:27017" + + mongo-express: + image: mongo-express + restart: always + ports: + - 8081:8081 + networks: + - tls-init-network + environment: + ME_CONFIG_MONGODB_ADMINUSERNAME: root + ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123! + + ves-client: + image: onap/org.onap.integration.nfsimulator.vesclient + ports: + - "5000:5000" + command: bash -c " + while [[ $$(ls -1 /app/store | wc -l) != '10' ]]; do echo 'Waiting for certs...'; sleep 3; done + && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main + " + volumes: + - ../../../../ves-client/logs:/var/log + - ../../../../ves-client/templates:/app/templates + - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties + - certs-volume:/app/store + networks: + - tls-init-network + restart: on-failure + depends_on: + - certs-init + - mongo + - mongo-express diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/Makefile b/sanitycheck/ves-client/vesclient-secured/certservice/Makefile new file mode 100644 index 0000000..0f41b0e --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/Makefile @@ -0,0 +1,59 @@ +default: + @echo "There is no default target. Use: make " + +setup-env: --start-certservice-and-ejbca --run-certservice-clients --start-local-secured-ves + +start-ves-client: + docker-compose -f docker-compose-vesclient.yml up + +restart-ves-client: --clean-ves-client start-ves-client + +clean-all: --clean-ves-client --clean-env + + +--start-certservice-and-ejbca: --create-certservice-internal-certs --start-certservice-ejbca-containers --configure-ejbca + +--start-certservice-ejbca-containers: + docker-compose -f docker-compose-certservice-ejbca.yml up -d + +--create-certservice-internal-certs: + make -C resources/certs all + +--configure-ejbca: --wait-for-ejbca --run-ejbca-script + +--wait-for-ejbca: + @echo 'Waiting for EJBCA... It may take a minute or two' + until docker container inspect oomcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done + +--run-ejbca-script: + docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh + +--run-certservice-clients: --create-client-volumes + docker-compose -f docker-compose-certservice-clients.yml up -d + @echo 'Waiting for client certifiactes...' + @until ls -1 ./resources/certservice-client/client-volume-for-vesclient | grep "store" 1>/dev/null; do sleep 3; done + @until ls -1 ./resources/certservice-client/client-volume-for-ves | grep "store" 1>/dev/null; do sleep 3; done + @until ls -1 ./resources/certservice-client/client-volume-for-httpserver | grep "store" 1>/dev/null; do sleep 3; done + +--create-client-volumes: + mkdir -p ./resources/certservice-client/client-volume-for-vesclient -m 777 + mkdir -p ./resources/certservice-client/client-volume-for-ves -m 777 + mkdir -p ./resources/certservice-client/client-volume-for-httpserver -m 777 + +--start-local-secured-ves: + docker-compose -f docker-compose-ves-dmaap.yml up + +--clean-ves-client: + docker-compose -f docker-compose-vesclient.yml down + rm -rf ./resources/certservice-client/client-volume-for-vesclient || true + rm -rf ./resources/certservice-client/client-volume-for-httpserver || true + + +--clean-env: + docker-compose -f docker-compose-ves-dmaap.yml down + docker-compose -f docker-compose-certservice-clients.yml down + rm -rf ./resources/certservice-client/client-volume-for-vesclient || true + rm -rf ./resources/certservice-client/client-volume-for-ves || true + rm -rf ./resources/certservice-client/client-volume-for-httpserver || true + docker-compose -f docker-compose-certservice-ejbca.yml down + make -C resources/certs clear diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/README.md b/sanitycheck/ves-client/vesclient-secured/certservice/README.md new file mode 100644 index 0000000..a0fc5cb --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/README.md @@ -0,0 +1,85 @@ +## Fetching certificates from OOM CertService (CMPv2) +This readme describes how to run VES client with certificates fetched using OOM CertService (CMPv2) + +### Description + +Using Makefile in this directory following can be achieved: + +* Setup environment for VES client, i.e.: + * Create certificates that will be used for internal communication between CertService and CertService Clients. + Generated internal certificates should be present in `resources/certs` directory. + * Start and configure EJBCA + * Start and configure AAF Cert Service. + * Run Cert Service Clients to fetch certificates for VES and VES client. Certificates will be stored for the + components in `resources/certservice-client/client-volume-for-ves` + and `resources/certservice-client/client-volume-for-vesclient` accordingly. + * Start VES and DMaaP Simulator. Fetched certificates will be mounted to VES. + +* Start VES client. Fetched certificates will be mounted to VES client. +* Clean up. + +### Prerequisites +##### VES collector local deployment prerequisites + +By default, the image of VES from Nexus supports only HTTP communication. A local image with enabled HTTPS must be build +to use local VES as VES client destination. + +1. Pull VES repository +2. In `/etc/collector.properties` file set field `auth.method=certBasicAuth` +3. Build a local image: `mvn clean install docker:build` from VES project root directory. + +Local VES deployment uses also DMaaP simulator. Its image should be built locally as well. +1. Go to `sanitycheck/dmaap-simulator` directory +2. Run: `make build` + +### Setup environment +To set up whole environment for VES client, i.e.: +- deploy and configure EJBCA +- deploy Cert Service +- fetch certificates for VES and VES client using Cert Service clients +- run DMaaP Simulator +- run VES with fetched certificates + +execute: +```` +make setup-env +```` +Note that this command setups whole environment besides VES client itself. + +## Run VES client +To run VES client execute: +```` +make start-ves-client +```` +VES client starts together with the http server. +This command starts VES client with certificates fetched using CertService (certificates are fetched in the previous +step) + +### Send event + + +Configure VES client to use proper VES URL by executing this command from ``nf-simulator/sanitycheck`` directory: + + TIP: edit vesAddressConfigure.json and set "vesServerUrl": "https://ves:8443/eventListener/v7" + +``` +make reconfigure-ves-url +``` + +Send an event from VES client to VES by executing this command from ``nf-simulator/sanitycheck`` directory: +``` +make generate-event +``` + +### Restart VES client + +To restart only VES client execute: +``` +make restart-ves-client +``` + +### Clean up +To clean all generated certificates, remove VES client, CertService, EJBCA, VES and DMaaP Simulator containers: +``` +make clean-all +``` diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-clients.yml b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-clients.yml new file mode 100644 index 0000000..d721561 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-clients.yml @@ -0,0 +1,39 @@ +version: "2.1" + +networks: + onap: + external: true + +services: + oom-cert-client-ves: + image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1 + container_name: oomcert-client-for-ves + env_file: ./resources/certservice-client/client-configuration-for-ves.env + networks: + - onap + volumes: + - ./resources/certservice-client/client-volume-for-ves:/var/certs:rw + - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks + - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks + + oom-cert-client-vesclient: + image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1 + container_name: oomcert-client + env_file: ./resources/certservice-client/client-configuration-for-vesclient.env + networks: + - onap + volumes: + - ./resources/certservice-client/client-volume-for-vesclient:/var/certs:rw + - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks + - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks + + oom-cert-client-httpserver: + image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1 + container_name: oomcert-client-for-httpserver + env_file: ./resources/certservice-client/client-configuration-for-httpserver.env + networks: + - onap + volumes: + - ./resources/certservice-client/client-volume-for-httpserver:/var/certs:rw + - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks + - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml new file mode 100644 index 0000000..a400eb9 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml @@ -0,0 +1,47 @@ +version: "2.1" + +networks: + onap: + driver: bridge + name: onap + public: + driver: bridge + name: public + +services: + ejbca: + image: primekey/ejbca-ce:6.15.2.5 + hostname: cahostname + container_name: oomcert-ejbca + ports: + - "80:8080" + - "443:8443" + volumes: + - ./resources/ejbca/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh + healthcheck: + test: [ "CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth" ] + interval: 10s + timeout: 3s + retries: 15 + networks: + - onap + + oom-cert-service: + image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.1 + volumes: + - ./resources/certservice/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json + - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks + - ./resources/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt + - ./resources/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks + - ./resources/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 + container_name: oomcert-service + ports: + - "8443:8443" + healthcheck: + test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"] + interval: 10s + timeout: 3s + retries: 15 + networks: + - onap + - public diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-ves-dmaap.yml b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-ves-dmaap.yml new file mode 100644 index 0000000..86f0202 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-ves-dmaap.yml @@ -0,0 +1,33 @@ +version: "2.1" + +networks: + public: + external: true + onap: + external: true + +services: + ves: + container_name: ves + image: nexus3.onap.org:10003/onap/org.onap.dcaegen2.collectors.ves.vescollector:latest + ports: + - "8082:8080" + - "8444:8443" + networks: + - onap + - public + volumes: + - ./resources/certservice-client/client-volume-for-ves/keystore.jks:/opt/app/VESCollector/etc/keystore + - ./resources/certservice-client/client-volume-for-ves/keystore.pass:/opt/app/VESCollector/etc/passwordfile + - ./resources/certservice-client/client-volume-for-ves/truststore.jks:/opt/app/VESCollector/etc/truststore + - ./resources/certservice-client/client-volume-for-ves/truststore.pass:/opt/app/VESCollector/etc/trustpasswordfile + depends_on: + - onap-dmaap + + onap-dmaap: + container_name: dmaap + image: dmaap-simulator + ports: + - "3904:3904" + networks: + - onap diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-vesclient.yml b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-vesclient.yml new file mode 100644 index 0000000..f99330b --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/docker-compose-vesclient.yml @@ -0,0 +1,86 @@ +version: "2.1" + +networks: + ves-client: + driver: bridge + name: ves-client + public: + external: true + onap: + external: true + +services: + mongo: + image: mongo + restart: always + networks: + - ves-client + environment: + MONGO_INITDB_ROOT_USERNAME: root + MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! + MONGO_INITDB_DATABASE: pnf_simulator + volumes: + - ../../../../ves-client/db:/docker-entrypoint-initdb.d + ports: + - "27017:27017" + + mongo-express: + image: mongo-express + restart: always + networks: + - ves-client + ports: + - 8081:8081 + environment: + ME_CONFIG_MONGODB_ADMINUSERNAME: root + ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123! + + http-server: + image: nexus3.onap.org:10003/onap/org.onap.integration.nfsimulator.pmhttpsserver + ports: + - "8080:8080" + - "32000:32000" + - "32080:80" + - "32100:32100" + - "32443:443" + networks: + - ves-client + - public + volumes: + - ~/httpservervolumes/:/usr/local/apache2/htdocs + - ../../../httpserver/logs:/var/log/apache2 + - ./resources/certservice-client/client-volume-for-httpserver/:/etc/apache2/certs/ + command: bash -c " + echo 'Http Server start'; + while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done; + chmod 777 /usr/local/apache2/htdocs; + cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php; + touch /usr/local/apache2/htdocs/index.html; + /usr/sbin/apache2ctl -D FOREGROUND; + " + restart: on-failure + + ves-client: + image: onap/org.onap.integration.nfsimulator.vesclient + ports: + - "5000:5000" + networks: + - ves-client + - public + command: bash -c " + while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done + && cp /app/store/truststore.p12 /app/store/trust.jks + && cp /app/store/keystore.p12 /app/store/cert.p12 + && cp /app/store/keystore.pass /app/store/p12.pass + && cp /app/store/truststore.pass /app/store/trust.pass + && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main + " + volumes: + - ../../../../ves-client/logs:/var/log + - ../../../../ves-client/templates:/app/templates + - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties + - ./resources/certservice-client/client-volume-for-vesclient/:/app/store/ + restart: on-failure + depends_on: + - mongo + - mongo-express diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/.gitignore b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/.gitignore new file mode 100644 index 0000000..385dcde --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/.gitignore @@ -0,0 +1,3 @@ +*.jks +*.p12 +*.crt diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/Makefile b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/Makefile new file mode 100644 index 0000000..507a23c --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certs/Makefile @@ -0,0 +1,109 @@ +all: clear step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15 +.PHONY: all +#Clear certificates +clear: + @echo "Clear certificates" + rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 root-keystore.jks + @echo "#####done#####" + +#Generate root private and public keys +step_1: + @echo "Generate root private and public keys" + keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "#####done#####" + +#Export public key as certificate +step_2: + @echo "(Export public key as certificate)" + keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "#####done#####" + +#Self-signed root (import root certificate into truststore) +step_3: + @echo "(Self-signed root (import root certificate into truststore))" + keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "#####done#####" + +#Generate certService's client private and public keys +step_4: + @echo "Generate certService's client private and public keys" + keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "####done####" + +#Generate certificate signing request for certService's client +step_5: + @echo "Generate certificate signing request for certService's client" + keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "####done####" + +#Sign certService's client certificate by root CA +step_6: + @echo "Sign certService's client certificate by root CA" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "####done####" + +#Import root certificate into client +step_7: + @echo "Import root certificate into intermediate" + cat root.crt >> certServiceClientByRoot.crt + @echo "####done####" + +#Import signed certificate into certService's client +step_8: + @echo "Import signed certificate into certService's client" + keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "####done####" + +#Generate certService private and public keys +step_9: + @echo "Generate certService private and public keys" + keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "####done####" + +#Generate certificate signing request for certService +step_10: + @echo "Generate certificate signing request for certService" + keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr + @echo "####done####" + +#Sign certService certificate by root CA +step_11: + @echo "Sign certService certificate by root CA" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" + @echo "####done####" + +#Import root certificate into server +step_12: + @echo "Import root certificate into intermediate(server)" + cat root.crt >> certServiceServerByRoot.crt + @echo "####done####" + +#Import signed certificate into certService +step_13: + @echo "Import signed certificate into certService" + keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ + -storepass secret -noprompt + @echo "####done####" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +step_14: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Clear unused certificates +step_15: + @echo "Clear unused certificates" + rm certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "#####done#####" diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/.gitignore b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/.gitignore new file mode 100644 index 0000000..ef10692 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/.gitignore @@ -0,0 +1,3 @@ +client-volume-for-httpserver +client-volume-for-vesclient +client-volume-for-ves diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env new file mode 100644 index 0000000..8e8eb34 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env @@ -0,0 +1,18 @@ +#Client envs +REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ +REQUEST_TIMEOUT=10000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +OUTPUT_TYPE=PEM +#Csr config envs +COMMON_NAME=httpserver-onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +#Tls config envs +KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env new file mode 100644 index 0000000..e06d147 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env @@ -0,0 +1,19 @@ +#Client envs +REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ +REQUEST_TIMEOUT=10000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +OUTPUT_TYPE=JKS +#Csr config envs +COMMON_NAME=ves-onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=ves +#Tls config envs +KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env new file mode 100644 index 0000000..c5f33b6 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env @@ -0,0 +1,18 @@ +#Client envs +REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ +REQUEST_TIMEOUT=10000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +OUTPUT_TYPE=P12 +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +#Tls config envs +KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice/cmpServers.json b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice/cmpServers.json new file mode 100644 index 0000000..7256494 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/certservice/cmpServers.json @@ -0,0 +1,24 @@ +{ + "cmpv2Servers": [ + { + "caName": "Client", + "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", + "issuerDN": "CN=ManagementCA", + "caMode": "CLIENT", + "authentication": { + "iak": "mypassword", + "rv": "mypassword" + } + }, + { + "caName": "RA", + "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=ManagementCA", + "caMode": "RA", + "authentication": { + "iak": "mypassword", + "rv": "mypassword" + } + } + ] +} diff --git a/sanitycheck/ves-client/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh b/sanitycheck/ves-client/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh new file mode 100755 index 0000000..77f5c55 --- /dev/null +++ b/sanitycheck/ves-client/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +configureEjbca() { + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra + ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh config cmp addalias --alias cmp + ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe + ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED + ejbca.sh ra setclearpwd --username Node123 --password mypassword + ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN + ejbca.sh config cmp dumpalias --alias cmp + ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem +} + +configureEjbca diff --git a/sanitycheck/ves/Makefile b/sanitycheck/ves/Makefile index 4fe5e4b..0f631aa 100644 --- a/sanitycheck/ves/Makefile +++ b/sanitycheck/ves/Makefile @@ -21,3 +21,4 @@ health-check: @echo "\n\n##### VES is ready #####\n" curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET GET http://localhost:8080/healthcheck @echo "\n\n##### DONE #####" + diff --git a/sanitycheck/ves/docker-compose.yml b/sanitycheck/ves/docker-compose.yml index d9666d8..bffa8b8 100644 --- a/sanitycheck/ves/docker-compose.yml +++ b/sanitycheck/ves/docker-compose.yml @@ -1,5 +1,7 @@ -version: '3' +version: '3.5' + services: + ves: container_name: ves image: nexus3.onap.org:10003/onap/org.onap.dcaegen2.collectors.ves.vescollector:latest @@ -7,14 +9,19 @@ services: - "8080:8080" - "8443:8443" networks: - - vesnetwork + - nf-simulator-network + onap-dmaap: container_name: dmaap image: dmaap-simulator ports: - "3904:3904" networks: - - vesnetwork + - nf-simulator-network + +# +# external network networks: - vesnetwork: - driver: bridge + nf-simulator-network: + external: + name: nf-simulator-network diff --git a/sanitycheck/vesclient-secured/README.md b/sanitycheck/vesclient-secured/README.md deleted file mode 100644 index f791afb..0000000 --- a/sanitycheck/vesclient-secured/README.md +++ /dev/null @@ -1,11 +0,0 @@ -Standalone VES client configuration for HTTPS communication with VES ------------------------- - -This directory contains files for secured VES client deployments, which will use certificates for HTTPS communication with VES. - -Currently, there are two ways for VES client to fetch certificates: -* Using AAF Certman -* Using OOM CertService (CMPv2) - -Both ways are described in `certman` and `certservice` directories respectively - diff --git a/sanitycheck/vesclient-secured/certman/Makefile b/sanitycheck/vesclient-secured/certman/Makefile deleted file mode 100644 index d75b5d0..0000000 --- a/sanitycheck/vesclient-secured/certman/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -default: - @echo "There is no default target. Use: make " - -start-ves-client: - docker-compose -f docker-compose.yml up - -clean-ves-client: - docker-compose -f docker-compose.yml down diff --git a/sanitycheck/vesclient-secured/certman/README.md b/sanitycheck/vesclient-secured/certman/README.md deleted file mode 100644 index 92985f8..0000000 --- a/sanitycheck/vesclient-secured/certman/README.md +++ /dev/null @@ -1,91 +0,0 @@ -## Fetching from AAF Certman -This readme describes how to run VES client with certificates fetched using AAF Certman - -### Description - -docker-compose.yml prepares VES client container for HTTPS communication with VES. - -When docker-compose starts certs-init container fills connected volume with certificates, truststores, keystores, -passwords etc. Next ves-client container starts and connects to the same volume. On startup it should read password -values from proper files and set them in system environment variables. With these variables and files in volume -application is ready to work on HTTPS. - -### Prerequisites - -certs-init container works with external AAF on cloud. Due to that fact it must have set correct IPs to workers that -has access to AAF. In docker-compose.yml fields with mentioned IPs are: - - * aaf-locate.onap - * aaf-cm.onap - * aaf-service.onap - -### Start - -Run VES client: - -``` -make start-ves-client -``` - -### Send event - -**ATTENTION** - -``sanitycheck/events/eventToVes.json`` file which is request for sending event to VES must have correct ``vesServerURL`` -field before sending event. -IP of ``vesServerURL`` should be the same as given in docker-compose-certman.yml in ``aaf-locate.onap`` field. -To use secured connection remember about setting protocol to https:// and port to proper secured port of VES. - -To send event from VES client to VES use this command from ``ne-simulator/sanitycheck`` directory: - -```` -make generate-event -```` - -Sample ``sanitycheck/events/eventToVes.json`` file content is: - -```json -{ - "vesServerUrl": "https://10.183.35.177:30417/eventListener/v7", - "event": { - "event": { - "commonEventHeader": { - "version": "4.0.1", - "vesEventListenerVersion": "7.0.1", - "domain": "fault", - "eventName": "Fault_Vscf:Acs-Ericcson_PilotNumberPoolExhaustion", - "eventId": "fault0000245", - "sequence": 1, - "priority": "High", - "reportingEntityId": "cc305d54-75b4-431b-adb2-eb6b9e541234", - "reportingEntityName": "ibcx0001vm002oam001", - "sourceId": "de305d54-75b4-431b-adb2-eb6b9e546014", - "sourceName": "scfx0001vm002cap001", - "nfVendorName": "Ericsson", - "nfNamingCode": "scfx", - "nfcNamingCode": "ssc", - "startEpochMicrosec": 1413378172000000, - "lastEpochMicrosec": 1413378172000000, - "timeZoneOffset": "UTC-05:30" - }, - "faultFields": { - "faultFieldsVersion": "4.0", - "alarmCondition": "PilotNumberPoolExhaustion", - "eventSourceType": "other", - "specificProblem": "Calls cannot complete - pilot numbers are unavailable", - "eventSeverity": "CRITICAL", - "vfStatus": "Active", - "alarmAdditionalInformation": { - "PilotNumberPoolSize": "1000" - } - } - } - } -} -``` - -### Stop -To remove VES client containers use: -``` -make clean-ves-client -``` diff --git a/sanitycheck/vesclient-secured/certman/docker-compose.yml b/sanitycheck/vesclient-secured/certman/docker-compose.yml deleted file mode 100644 index 2714751..0000000 --- a/sanitycheck/vesclient-secured/certman/docker-compose.yml +++ /dev/null @@ -1,69 +0,0 @@ -version: '3' - -networks: - tls-init-network: - -volumes: - certs-volume: - -services: - certs-init: - image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - extra_hosts: - #set worker IP with access to AAF - aaf-locate.onap: #for example 10.183.35.177 - aaf-cm.onap: #for example 10.183.35.177 - aaf-service.onap: #for example 10.183.35.177 - environment: - - aaf_locate_url=https://aaf-locate.onap:31111 - - aaf_url_cm=https://aaf-cm.onap:31114 - - aaf_url=https://aaf-service.onap:31110 - networks: - - tls-init-network - volumes: - - certs-volume:/opt/app/osaaf - mongo: - image: mongo - restart: always - environment: - MONGO_INITDB_ROOT_USERNAME: root - MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! - MONGO_INITDB_DATABASE: pnf_simulator - networks: - - tls-init-network - volumes: - - ../../../../ves-client/db:/docker-entrypoint-initdb.d - ports: - - "27017:27017" - - mongo-express: - image: mongo-express - restart: always - ports: - - 8081:8081 - networks: - - tls-init-network - environment: - ME_CONFIG_MONGODB_ADMINUSERNAME: root - ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123! - - ves-client: - image: onap/org.onap.integration.nfsimulator.vesclient - ports: - - "5000:5000" - command: bash -c " - while [[ $$(ls -1 /app/store | wc -l) != '10' ]]; do echo 'Waiting for certs...'; sleep 3; done - && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main - " - volumes: - - ../../../../ves-client/logs:/var/log - - ../../../../ves-client/templates:/app/templates - - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties - - certs-volume:/app/store - networks: - - tls-init-network - restart: on-failure - depends_on: - - certs-init - - mongo - - mongo-express diff --git a/sanitycheck/vesclient-secured/certservice/Makefile b/sanitycheck/vesclient-secured/certservice/Makefile deleted file mode 100644 index 0f41b0e..0000000 --- a/sanitycheck/vesclient-secured/certservice/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -default: - @echo "There is no default target. Use: make " - -setup-env: --start-certservice-and-ejbca --run-certservice-clients --start-local-secured-ves - -start-ves-client: - docker-compose -f docker-compose-vesclient.yml up - -restart-ves-client: --clean-ves-client start-ves-client - -clean-all: --clean-ves-client --clean-env - - ---start-certservice-and-ejbca: --create-certservice-internal-certs --start-certservice-ejbca-containers --configure-ejbca - ---start-certservice-ejbca-containers: - docker-compose -f docker-compose-certservice-ejbca.yml up -d - ---create-certservice-internal-certs: - make -C resources/certs all - ---configure-ejbca: --wait-for-ejbca --run-ejbca-script - ---wait-for-ejbca: - @echo 'Waiting for EJBCA... It may take a minute or two' - until docker container inspect oomcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done - ---run-ejbca-script: - docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh - ---run-certservice-clients: --create-client-volumes - docker-compose -f docker-compose-certservice-clients.yml up -d - @echo 'Waiting for client certifiactes...' - @until ls -1 ./resources/certservice-client/client-volume-for-vesclient | grep "store" 1>/dev/null; do sleep 3; done - @until ls -1 ./resources/certservice-client/client-volume-for-ves | grep "store" 1>/dev/null; do sleep 3; done - @until ls -1 ./resources/certservice-client/client-volume-for-httpserver | grep "store" 1>/dev/null; do sleep 3; done - ---create-client-volumes: - mkdir -p ./resources/certservice-client/client-volume-for-vesclient -m 777 - mkdir -p ./resources/certservice-client/client-volume-for-ves -m 777 - mkdir -p ./resources/certservice-client/client-volume-for-httpserver -m 777 - ---start-local-secured-ves: - docker-compose -f docker-compose-ves-dmaap.yml up - ---clean-ves-client: - docker-compose -f docker-compose-vesclient.yml down - rm -rf ./resources/certservice-client/client-volume-for-vesclient || true - rm -rf ./resources/certservice-client/client-volume-for-httpserver || true - - ---clean-env: - docker-compose -f docker-compose-ves-dmaap.yml down - docker-compose -f docker-compose-certservice-clients.yml down - rm -rf ./resources/certservice-client/client-volume-for-vesclient || true - rm -rf ./resources/certservice-client/client-volume-for-ves || true - rm -rf ./resources/certservice-client/client-volume-for-httpserver || true - docker-compose -f docker-compose-certservice-ejbca.yml down - make -C resources/certs clear diff --git a/sanitycheck/vesclient-secured/certservice/README.md b/sanitycheck/vesclient-secured/certservice/README.md deleted file mode 100644 index a0fc5cb..0000000 --- a/sanitycheck/vesclient-secured/certservice/README.md +++ /dev/null @@ -1,85 +0,0 @@ -## Fetching certificates from OOM CertService (CMPv2) -This readme describes how to run VES client with certificates fetched using OOM CertService (CMPv2) - -### Description - -Using Makefile in this directory following can be achieved: - -* Setup environment for VES client, i.e.: - * Create certificates that will be used for internal communication between CertService and CertService Clients. - Generated internal certificates should be present in `resources/certs` directory. - * Start and configure EJBCA - * Start and configure AAF Cert Service. - * Run Cert Service Clients to fetch certificates for VES and VES client. Certificates will be stored for the - components in `resources/certservice-client/client-volume-for-ves` - and `resources/certservice-client/client-volume-for-vesclient` accordingly. - * Start VES and DMaaP Simulator. Fetched certificates will be mounted to VES. - -* Start VES client. Fetched certificates will be mounted to VES client. -* Clean up. - -### Prerequisites -##### VES collector local deployment prerequisites - -By default, the image of VES from Nexus supports only HTTP communication. A local image with enabled HTTPS must be build -to use local VES as VES client destination. - -1. Pull VES repository -2. In `/etc/collector.properties` file set field `auth.method=certBasicAuth` -3. Build a local image: `mvn clean install docker:build` from VES project root directory. - -Local VES deployment uses also DMaaP simulator. Its image should be built locally as well. -1. Go to `sanitycheck/dmaap-simulator` directory -2. Run: `make build` - -### Setup environment -To set up whole environment for VES client, i.e.: -- deploy and configure EJBCA -- deploy Cert Service -- fetch certificates for VES and VES client using Cert Service clients -- run DMaaP Simulator -- run VES with fetched certificates - -execute: -```` -make setup-env -```` -Note that this command setups whole environment besides VES client itself. - -## Run VES client -To run VES client execute: -```` -make start-ves-client -```` -VES client starts together with the http server. -This command starts VES client with certificates fetched using CertService (certificates are fetched in the previous -step) - -### Send event - - -Configure VES client to use proper VES URL by executing this command from ``nf-simulator/sanitycheck`` directory: - - TIP: edit vesAddressConfigure.json and set "vesServerUrl": "https://ves:8443/eventListener/v7" - -``` -make reconfigure-ves-url -``` - -Send an event from VES client to VES by executing this command from ``nf-simulator/sanitycheck`` directory: -``` -make generate-event -``` - -### Restart VES client - -To restart only VES client execute: -``` -make restart-ves-client -``` - -### Clean up -To clean all generated certificates, remove VES client, CertService, EJBCA, VES and DMaaP Simulator containers: -``` -make clean-all -``` diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml deleted file mode 100644 index d721561..0000000 --- a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-clients.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: "2.1" - -networks: - onap: - external: true - -services: - oom-cert-client-ves: - image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1 - container_name: oomcert-client-for-ves - env_file: ./resources/certservice-client/client-configuration-for-ves.env - networks: - - onap - volumes: - - ./resources/certservice-client/client-volume-for-ves:/var/certs:rw - - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks - - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks - - oom-cert-client-vesclient: - image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1 - container_name: oomcert-client - env_file: ./resources/certservice-client/client-configuration-for-vesclient.env - networks: - - onap - volumes: - - ./resources/certservice-client/client-volume-for-vesclient:/var/certs:rw - - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks - - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks - - oom-cert-client-httpserver: - image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.1 - container_name: oomcert-client-for-httpserver - env_file: ./resources/certservice-client/client-configuration-for-httpserver.env - networks: - - onap - volumes: - - ./resources/certservice-client/client-volume-for-httpserver:/var/certs:rw - - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks - - ./resources/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml deleted file mode 100644 index a400eb9..0000000 --- a/sanitycheck/vesclient-secured/certservice/docker-compose-certservice-ejbca.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: "2.1" - -networks: - onap: - driver: bridge - name: onap - public: - driver: bridge - name: public - -services: - ejbca: - image: primekey/ejbca-ce:6.15.2.5 - hostname: cahostname - container_name: oomcert-ejbca - ports: - - "80:8080" - - "443:8443" - volumes: - - ./resources/ejbca/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh - healthcheck: - test: [ "CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth" ] - interval: 10s - timeout: 3s - retries: 15 - networks: - - onap - - oom-cert-service: - image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.1 - volumes: - - ./resources/certservice/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json - - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks - - ./resources/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt - - ./resources/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks - - ./resources/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 - container_name: oomcert-service - ports: - - "8443:8443" - healthcheck: - test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"] - interval: 10s - timeout: 3s - retries: 15 - networks: - - onap - - public diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml deleted file mode 100644 index 86f0202..0000000 --- a/sanitycheck/vesclient-secured/certservice/docker-compose-ves-dmaap.yml +++ /dev/null @@ -1,33 +0,0 @@ -version: "2.1" - -networks: - public: - external: true - onap: - external: true - -services: - ves: - container_name: ves - image: nexus3.onap.org:10003/onap/org.onap.dcaegen2.collectors.ves.vescollector:latest - ports: - - "8082:8080" - - "8444:8443" - networks: - - onap - - public - volumes: - - ./resources/certservice-client/client-volume-for-ves/keystore.jks:/opt/app/VESCollector/etc/keystore - - ./resources/certservice-client/client-volume-for-ves/keystore.pass:/opt/app/VESCollector/etc/passwordfile - - ./resources/certservice-client/client-volume-for-ves/truststore.jks:/opt/app/VESCollector/etc/truststore - - ./resources/certservice-client/client-volume-for-ves/truststore.pass:/opt/app/VESCollector/etc/trustpasswordfile - depends_on: - - onap-dmaap - - onap-dmaap: - container_name: dmaap - image: dmaap-simulator - ports: - - "3904:3904" - networks: - - onap diff --git a/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml b/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml deleted file mode 100644 index f99330b..0000000 --- a/sanitycheck/vesclient-secured/certservice/docker-compose-vesclient.yml +++ /dev/null @@ -1,86 +0,0 @@ -version: "2.1" - -networks: - ves-client: - driver: bridge - name: ves-client - public: - external: true - onap: - external: true - -services: - mongo: - image: mongo - restart: always - networks: - - ves-client - environment: - MONGO_INITDB_ROOT_USERNAME: root - MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! - MONGO_INITDB_DATABASE: pnf_simulator - volumes: - - ../../../../ves-client/db:/docker-entrypoint-initdb.d - ports: - - "27017:27017" - - mongo-express: - image: mongo-express - restart: always - networks: - - ves-client - ports: - - 8081:8081 - environment: - ME_CONFIG_MONGODB_ADMINUSERNAME: root - ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123! - - http-server: - image: nexus3.onap.org:10003/onap/org.onap.integration.nfsimulator.pmhttpsserver - ports: - - "8080:8080" - - "32000:32000" - - "32080:80" - - "32100:32100" - - "32443:443" - networks: - - ves-client - - public - volumes: - - ~/httpservervolumes/:/usr/local/apache2/htdocs - - ../../../httpserver/logs:/var/log/apache2 - - ./resources/certservice-client/client-volume-for-httpserver/:/etc/apache2/certs/ - command: bash -c " - echo 'Http Server start'; - while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done; - chmod 777 /usr/local/apache2/htdocs; - cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php; - touch /usr/local/apache2/htdocs/index.html; - /usr/sbin/apache2ctl -D FOREGROUND; - " - restart: on-failure - - ves-client: - image: onap/org.onap.integration.nfsimulator.vesclient - ports: - - "5000:5000" - networks: - - ves-client - - public - command: bash -c " - while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done - && cp /app/store/truststore.p12 /app/store/trust.jks - && cp /app/store/keystore.p12 /app/store/cert.p12 - && cp /app/store/keystore.pass /app/store/p12.pass - && cp /app/store/truststore.pass /app/store/trust.pass - && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/vesclient.jar org.onap.integration.simulators.nfsimulator.vesclient.Main - " - volumes: - - ../../../../ves-client/logs:/var/log - - ../../../../ves-client/templates:/app/templates - - ../../../../ves-client/src/main/resources/application.properties:/app/application.properties - - ./resources/certservice-client/client-volume-for-vesclient/:/app/store/ - restart: on-failure - depends_on: - - mongo - - mongo-express diff --git a/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore b/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore deleted file mode 100644 index 385dcde..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/certs/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.jks -*.p12 -*.crt diff --git a/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile b/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile deleted file mode 100644 index 507a23c..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/certs/Makefile +++ /dev/null @@ -1,109 +0,0 @@ -all: clear step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15 -.PHONY: all -#Clear certificates -clear: - @echo "Clear certificates" - rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 root-keystore.jks - @echo "#####done#####" - -#Generate root private and public keys -step_1: - @echo "Generate root private and public keys" - keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ - -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ - -storepass secret -ext BasicConstraints:critical="ca:true" - @echo "#####done#####" - -#Export public key as certificate -step_2: - @echo "(Export public key as certificate)" - keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc - @echo "#####done#####" - -#Self-signed root (import root certificate into truststore) -step_3: - @echo "(Self-signed root (import root certificate into truststore))" - keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt - @echo "#####done#####" - -#Generate certService's client private and public keys -step_4: - @echo "Generate certService's client private and public keys" - keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \ - -keystore certServiceClient-keystore.jks -storetype JKS \ - -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ - -keypass secret -storepass secret - @echo "####done####" - -#Generate certificate signing request for certService's client -step_5: - @echo "Generate certificate signing request for certService's client" - keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr - @echo "####done####" - -#Sign certService's client certificate by root CA -step_6: - @echo "Sign certService's client certificate by root CA" - keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ - -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" - @echo "####done####" - -#Import root certificate into client -step_7: - @echo "Import root certificate into intermediate" - cat root.crt >> certServiceClientByRoot.crt - @echo "####done####" - -#Import signed certificate into certService's client -step_8: - @echo "Import signed certificate into certService's client" - keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt - @echo "####done####" - -#Generate certService private and public keys -step_9: - @echo "Generate certService private and public keys" - keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \ - -keystore certServiceServer-keystore.jks -storetype JKS \ - -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ - -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" - @echo "####done####" - -#Generate certificate signing request for certService -step_10: - @echo "Generate certificate signing request for certService" - keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr - @echo "####done####" - -#Sign certService certificate by root CA -step_11: - @echo "Sign certService certificate by root CA" - keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ - -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ - -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" - @echo "####done####" - -#Import root certificate into server -step_12: - @echo "Import root certificate into intermediate(server)" - cat root.crt >> certServiceServerByRoot.crt - @echo "####done####" - -#Import signed certificate into certService -step_13: - @echo "Import signed certificate into certService" - keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ - -storepass secret -noprompt - @echo "####done####" - -#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) -step_14: - @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" - keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret - @echo "#####done#####" - -#Clear unused certificates -step_15: - @echo "Clear unused certificates" - rm certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr - @echo "#####done#####" diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore deleted file mode 100644 index ef10692..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -client-volume-for-httpserver -client-volume-for-vesclient -client-volume-for-ves diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env deleted file mode 100644 index 8e8eb34..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-httpserver.env +++ /dev/null @@ -1,18 +0,0 @@ -#Client envs -REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ -REQUEST_TIMEOUT=10000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -OUTPUT_TYPE=PEM -#Csr config envs -COMMON_NAME=httpserver-onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -#Tls config envs -KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env deleted file mode 100644 index e06d147..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-ves.env +++ /dev/null @@ -1,19 +0,0 @@ -#Client envs -REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ -REQUEST_TIMEOUT=10000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -OUTPUT_TYPE=JKS -#Csr config envs -COMMON_NAME=ves-onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=ves -#Tls config envs -KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env b/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env deleted file mode 100644 index c5f33b6..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/certservice-client/client-configuration-for-vesclient.env +++ /dev/null @@ -1,18 +0,0 @@ -#Client envs -REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ -REQUEST_TIMEOUT=10000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -OUTPUT_TYPE=P12 -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -#Tls config envs -KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret diff --git a/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json b/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json deleted file mode 100644 index 7256494..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/certservice/cmpServers.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "cmpv2Servers": [ - { - "caName": "Client", - "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - }, - { - "caName": "RA", - "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", - "caMode": "RA", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - } - ] -} diff --git a/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh b/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh deleted file mode 100755 index 77f5c55..0000000 --- a/sanitycheck/vesclient-secured/certservice/resources/ejbca/ejbca-configuration.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -configureEjbca() { - ejbca.sh config cmp addalias --alias cmpRA - ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra - ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe - ejbca.sh config cmp dumpalias --alias cmpRA - ejbca.sh config cmp addalias --alias cmp - ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true - ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe - ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED - ejbca.sh ra setclearpwd --username Node123 --password mypassword - ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN - ejbca.sh config cmp dumpalias --alias cmp - ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem -} - -configureEjbca -- cgit 1.2.3-korg