From b06189e0c1f15237519d3727aeab007fadd952cb Mon Sep 17 00:00:00 2001 From: Michal Banka Date: Wed, 3 Jun 2020 10:51:51 +0200 Subject: Add deployment for fetching certs from CertService Change-Id: Icb59854a88e83b799781c227e465bfb98ed502b6 Signed-off-by: Michal Banka Issue-ID: INT-1612 --- .../docker-compose-certservice.yml | 93 ++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml (limited to 'sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml') diff --git a/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml b/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml new file mode 100644 index 0000000..4548f04 --- /dev/null +++ b/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml @@ -0,0 +1,93 @@ +version: "2.1" + +networks: + certservice-network: + driver: bridge + name: certservice-network + pnf-simulator-network: + driver: bridge + name: pnf-simulator-network + +services: + + aaf-cert-service: + image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-api:latest + volumes: + - ./certservice/certservice-resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json + - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks + - ./certservice/certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt + - ./certservice/certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks + - ./certservice/certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 + container_name: aafcert-service + ports: + - "8443:8443" + healthcheck: + test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"] + interval: 10s + timeout: 3s + retries: 15 + networks: + - certservice-network + + aaf-cert-client: + image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-client:latest + container_name: aafcert-client + env_file: ./certservice/client-resources/client-configuration.env + networks: + - certservice-network + volumes: + - ./certservice/client-resources/client-volume:/var/certs:rw + - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks + - ./certservice/certs/certServiceClient-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks + depends_on: + aaf-cert-service: + condition: service_healthy + + mongo: + image: mongo + restart: always + networks: + - pnf-simulator-network + environment: + MONGO_INITDB_ROOT_USERNAME: root + MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! + MONGO_INITDB_DATABASE: pnf_simulator + volumes: + - ../../pnfsimulator/db:/docker-entrypoint-initdb.d + ports: + - "27017:27017" + + mongo-express: + image: mongo-express + restart: always + networks: + - pnf-simulator-network + ports: + - 8081:8081 + environment: + ME_CONFIG_MONGODB_ADMINUSERNAME: root + ME_CONFIG_MONGODB_ADMINPASSWORD: zXcVbN123! + + pnf-simulator: + image: nexus3.onap.org:10003/onap/org.onap.integration.simulators.pnfsimulator + ports: + - "5000:5000" + networks: + - pnf-simulator-network + command: bash -c " + while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done + && mv /app/store/truststore.jks /app/store/trust.jks + && mv /app/store/keystore.jks /app/store/cert.p12 + && export CLIENT_CERT_PASS=$$(cat /app/store/keystore.pass) + && export TRUST_CERT_PASS=$$(cat /app/store/truststore.pass) + && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main + " + volumes: + - ../../pnfsimulator/logs:/var/log + - ../../pnfsimulator/templates:/app/templates + - ../../pnfsimulator/src/main/resources/application.properties:/app/application.properties + - ./certservice/client-resources/client-volume/:/app/store/ + restart: on-failure + depends_on: + - mongo + - mongo-express -- cgit 1.2.3-korg