From 384b7b14722c5a2e351d61b3779869d680cebf8f Mon Sep 17 00:00:00 2001
From: tkogut <tomasz.kogut@nokia.com>
Date: Fri, 16 Oct 2020 13:01:29 +0200
Subject: Adjust PNF simulator to use strict hostname checking. Use separate
 keystore/truststore for ves. Add network for communication between ves and
 pnfsim.

Issue-ID: INT-1744
Signed-off-by: tkogut <tomasz.kogut@nokia.com>
Change-Id: I6626ac6d6f74e739aeb93879eddfd44f9e9383ea
---
 .../docker-compose-certservice-ejbca.yml           | 47 ++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml

(limited to 'sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml')

diff --git a/sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml
new file mode 100644
index 0000000..38b130f
--- /dev/null
+++ b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-certservice-ejbca.yml
@@ -0,0 +1,47 @@
+version: "2.1"
+
+networks:
+  onap:
+    driver: bridge
+    name: onap
+  public:
+    driver: bridge
+    name: public
+
+services:
+  ejbca:
+    image: primekey/ejbca-ce:6.15.2.5
+    hostname: cahostname
+    container_name: oomcert-ejbca
+    ports:
+      - "80:8080"
+      - "443:8443"
+    volumes:
+      - ./resources/ejbca/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth" ]
+      interval: 10s
+      timeout: 3s
+      retries: 15
+    networks:
+      - onap
+
+  oom-cert-service:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
+    volumes:
+      - ./resources/certservice/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json
+      - ./resources/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+      - ./resources/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+      - ./resources/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+      - ./resources/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+    container_name: oomcert-service
+    ports:
+      - "8443:8443"
+    healthcheck:
+      test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+      interval: 10s
+      timeout: 3s
+      retries: 15
+    networks:
+      - onap
+      - public
-- 
cgit 1.2.3-korg