Adjust PNF simulator to use strict hostname checking.

Use separate keystore/truststore for ves. Add network for communication between ves and pnfsim. Issue-ID: INT-1744 Signed-off-by: tkogut <tomasz.kogut@nokia.com> Change-Id: I6626ac6d6f74e739aeb93879eddfd44f9e9383ea
author: tkogut <tomasz.kogut@nokia.com> 2020-10-16 13:01:29 +0200
committer: Adam Wudzinski <adam.wudzinski@nokia.com> 2020-10-21 20:11:48 +0200
commit: 384b7b14722c5a2e351d61b3779869d680cebf8f (patch)
tree: b22cdd6ebe422728bc462a774c3af6f79de7e036 /sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml
parent: 9d44aaf054a1746149ce3bbc4c1e54e68d25f712 (diff)
1 files changed, 47 insertions, 0 deletions
diff --git a/sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml
new file mode 100644
index 0000000..38b130f
--- /dev/null
+++ b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml
@@ -0,0 +1,47 @@
+version: "2.1"
+
+networks:
+  onap:
+    driver: bridge
+    name: onap
+  public:
+    driver: bridge
+    name: public
+
+services:
+  ejbca:
+    image: primekey/ejbca-ce:6.15.2.5
+    hostname: cahostname
+    container_name: oomcert-ejbca
+    ports:
+      - "80:8080"
+      - "443:8443"
+    volumes:
+      - ./resources/ejbca/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth" ]
+      interval: 10s
+      timeout: 3s
+      retries: 15
+    networks:
+      - onap
+
+  oom-cert-service:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
+    volumes:
+      - ./resources/certservice/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json
+      - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+      - ./resources/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+      - ./resources/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+      - ./resources/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+    container_name: oomcert-service
+    ports:
+      - "8443:8443"
+    healthcheck:
+      test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+      interval: 10s
+      timeout: 3s
+      retries: 15
+    networks:
+      - onap
+      - public
author	tkogut <tomasz.kogut@nokia.com>	2020-10-16 13:01:29 +0200
committer	Adam Wudzinski <adam.wudzinski@nokia.com>	2020-10-21 20:11:48 +0200
commit	384b7b14722c5a2e351d61b3779869d680cebf8f (patch)
tree	b22cdd6ebe422728bc462a774c3af6f79de7e036 /sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml
parent	9d44aaf054a1746149ce3bbc4c1e54e68d25f712 (diff)