From ee5d337468ebeb98f8d56778cb5b17996be357ca Mon Sep 17 00:00:00 2001 From: Pawel Date: Wed, 30 Sep 2020 15:51:47 +0200 Subject: Adjust PNF simulator to use CertService from OOM repo Issue-ID: INT-1730 Signed-off-by: Pawel Change-Id: Ica77a1099847e3b4c2670b6567416de75d6e2f45 --- netconfsimulator/Dockerfile_netopeer | 2 +- sanitycheck/pnfsimulator-secured/Makefile | 8 ++--- sanitycheck/pnfsimulator-secured/README.md | 4 +-- .../certservice/certs/Makefile | 10 +++---- .../client-resources/client-configuration.env | 8 ++--- .../docker-compose-certservice.yml | 34 +++++++++++----------- .../pnfsimulator-secured/docker-compose-ves.yml | 8 +---- 7 files changed, 34 insertions(+), 40 deletions(-) diff --git a/netconfsimulator/Dockerfile_netopeer b/netconfsimulator/Dockerfile_netopeer index ad8db7c..4d15392 100644 --- a/netconfsimulator/Dockerfile_netopeer +++ b/netconfsimulator/Dockerfile_netopeer @@ -1,4 +1,4 @@ -FROM docker.io/sysrepo/sysrepo-netopeer2:v0.7.7 +FROM docker.io/sysrepo/sysrepo-netopeer2:legacy ADD apt.conf /etc/apt/apt.conf RUN apt-get update && apt-get install -y python3 python3-pip python-pip && pip3 install flask flask_restful kafka-python && pip install kafka-python RUN cd /opt/dev/sysrepo && cmake -DGEN_PYTHON_VERSION=2 -DREPOSITORY_LOC:PATH=/etc/sysrepo . && make install diff --git a/sanitycheck/pnfsimulator-secured/Makefile b/sanitycheck/pnfsimulator-secured/Makefile index 92a9e1e..3783fbe 100644 --- a/sanitycheck/pnfsimulator-secured/Makefile +++ b/sanitycheck/pnfsimulator-secured/Makefile @@ -15,7 +15,7 @@ clean-pnfsim-with-certman-setup: docker-compose -f docker-compose-certman.yml down clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean-client-volume - docker rm -f aafcert-ejbca || true + docker rm -f oomcert-ejbca || true docker-compose -f docker-compose-certservice.yml down docker-compose -f docker-compose-ves.yml down @@ -23,7 +23,7 @@ clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean- docker run \ -d \ --rm \ - --name aafcert-ejbca \ + --name oomcert-ejbca \ --hostname cahostname \ -p 80:8080 \ -p 443:8443 \ @@ -35,7 +35,7 @@ clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean- primekey/ejbca-ce:6.15.2.5 --configure-ejbca: - docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh + docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh --create-client-volume: mkdir -p ./certservice/client-resources/client-volume -m 777 @@ -54,4 +54,4 @@ clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean- --wait-for-ejbca: @echo 'Waiting for EJBCA...' - until docker container inspect aafcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done + until docker container inspect oomcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done diff --git a/sanitycheck/pnfsimulator-secured/README.md b/sanitycheck/pnfsimulator-secured/README.md index 661806b..6a2cb37 100644 --- a/sanitycheck/pnfsimulator-secured/README.md +++ b/sanitycheck/pnfsimulator-secured/README.md @@ -9,7 +9,7 @@ chosen source. Makefile offers functionalities that allows to: * Run PNF simulator with fetching certs from AAF Certman - * Run PNF simulator with fetching certs from AAF Certservice (CMPv2) + * Run PNF simulator with fetching certs from OOM Certservice (CMPv2) ## Fetching from AAF Certman ### Description @@ -103,7 +103,7 @@ To remove pnf-simulator containers use: make clean-pnfsim-with-certman-setup ``` -## Fetching certificates from AAF Certservice (CMPv2) +## Fetching certificates from OOM Certservice (CMPv2) ### Description Running Makefile with Certservice target will start the following flow: diff --git a/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile b/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile index d6c3855..507a23c 100644 --- a/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile +++ b/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile @@ -63,16 +63,16 @@ step_8: #Generate certService private and public keys step_9: @echo "Generate certService private and public keys" - keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \ + keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \ -keystore certServiceServer-keystore.jks -storetype JKS \ - -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" @echo "####done####" #Generate certificate signing request for certService step_10: @echo "Generate certificate signing request for certService" - keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr + keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr @echo "####done####" #Sign certService certificate by root CA @@ -80,7 +80,7 @@ step_11: @echo "Sign certService certificate by root CA" keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ - -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost" + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" @echo "####done####" #Import root certificate into server @@ -92,7 +92,7 @@ step_12: #Import signed certificate into certService step_13: @echo "Import signed certificate into certService" - keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \ + keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ -storepass secret -noprompt @echo "####done####" diff --git a/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env b/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env index bc62f1f..cda235d 100644 --- a/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env +++ b/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env @@ -1,8 +1,9 @@ #Client envs -REQUEST_URL=https://aaf-cert-service:8443/v1/certificate/ +REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ REQUEST_TIMEOUT=10000 OUTPUT_PATH=/var/certs CA_NAME=RA +OUTPUT_TYPE=JKS #Csr config envs COMMON_NAME=onap.org ORGANIZATION=Linux-Foundation @@ -10,9 +11,8 @@ ORGANIZATION_UNIT=ONAP LOCATION=San-Francisco STATE=California COUNTRY=US -SANS=example.org #Tls config envs -KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks +TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks TRUSTSTORE_PASSWORD=secret diff --git a/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml b/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml index 4548f04..e7d4cb6 100644 --- a/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml +++ b/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml @@ -10,37 +10,37 @@ networks: services: - aaf-cert-service: - image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-api:latest + oom-cert-service: + image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 volumes: - - ./certservice/certservice-resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json - - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks - - ./certservice/certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt - - ./certservice/certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks - - ./certservice/certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 - container_name: aafcert-service + - ./certservice/certservice-resources/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json + - ./certservice/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks + - ./certservice/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt + - ./certservice/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks + - ./certservice/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 + container_name: oomcert-service ports: - "8443:8443" healthcheck: - test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"] + test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"] interval: 10s timeout: 3s retries: 15 networks: - certservice-network - aaf-cert-client: - image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-client:latest - container_name: aafcert-client + oom-cert-client: + image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + container_name: oomcert-client env_file: ./certservice/client-resources/client-configuration.env networks: - certservice-network volumes: - ./certservice/client-resources/client-volume:/var/certs:rw - - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks - - ./certservice/certs/certServiceClient-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks + - ./certservice/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks + - ./certservice/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks depends_on: - aaf-cert-service: + oom-cert-service: condition: service_healthy mongo: @@ -76,8 +76,8 @@ services: - pnf-simulator-network command: bash -c " while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done - && mv /app/store/truststore.jks /app/store/trust.jks - && mv /app/store/keystore.jks /app/store/cert.p12 + && cp /app/store/truststore.jks /app/store/trust.jks + && cp /app/store/keystore.jks /app/store/cert.p12 && export CLIENT_CERT_PASS=$$(cat /app/store/keystore.pass) && export TRUST_CERT_PASS=$$(cat /app/store/truststore.pass) && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main diff --git a/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml b/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml index 85e4286..43d4f63 100644 --- a/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml +++ b/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml @@ -8,14 +8,8 @@ services: - "8444:8443" networks: - vesnetwork - command: bash -c " - rm -f /opt/app/VESCollector/etc/keystore - && echo $$(cat /opt/app/VESCollector/etc/trustpasswordfile) - && keytool -importkeystore -srckeystore /opt/app/VESCollector/etc/cert.p12 -srcstorepass $$(cat /opt/app/VESCollector/etc/passwordfile) -srcstoretype pkcs12 -destkeystore /opt/app/VESCollector/etc/keystore -deststoretype jks -deststorepass $$(cat /opt/app/VESCollector/etc/passwordfile) - && bin/docker-entry.sh - " volumes: - - ./certservice/client-resources/client-volume/cert.p12:/opt/app/VESCollector/etc/cert.p12 + - ./certservice/client-resources/client-volume/keystore.jks:/opt/app/VESCollector/etc/keystore - ./certservice/client-resources/client-volume/keystore.pass:/opt/app/VESCollector/etc/passwordfile - ./certservice/client-resources/client-volume/trust.jks:/opt/app/VESCollector/etc/truststore - ./certservice/client-resources/client-volume/truststore.pass:/opt/app/VESCollector/etc/trustpasswordfile -- cgit 1.2.3-korg