diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-18 18:13:51 +0100 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-31 08:34:31 +0200 |
| commit | aadf545643827a440b082f4dcf6afdfd1c2012e2 (patch) | |
| tree | ba293ac6337478c5ab5371286d8213fb8dec3d31 /docs | |
| parent | 5af320fc0c9e5f250e595cfa8daa93835016fca1 (diff) | |
[SO] Onboard ONAP CA during init phase
Workaround for retrieving ONAP root CA and keeping SO container being
run by no root user.
Issue-ID: SO-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/oom_hardcoded_certificates.rst | 52 |
1 files changed, 37 insertions, 15 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index eb53a2d848..74a292cef4 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -11,18 +11,40 @@ ONAP Hardcoded certificates ONAP current installation have hardcoded certificates. Here's the list of these certificates: - +-----------------------------------------------------------------------------------------------------------------------------+ - | Project | ONAP Certificate | Own Certificate | Path | - +============+==================+==================+==========================================================================+ - | VID | No | Yes | kubernetes/vid/resources/cert | - +------------+------------------+------------------+--------------------------------------------------------------------------+ - | AAI | Yes | No | aai/oom/resources/config/haproxy/aai.pem | - +------------+------------------+------------------+--------------------------------------------------------------------------+ - | AAI | Yes | No | aai/oom/resources/config/aai/aai_keystore | - +------------+------------------+------------------+--------------------------------------------------------------------------+ - | AAI | Yes | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore | - +------------+------------------+------------------+--------------------------------------------------------------------------+ - | AAI | No | Yes | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore | - +------------+------------------+------------------+--------------------------------------------------------------------------+ - | AAI | Yes | Yes | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore | - +------------+------------------+------------------+--------------------------------------------------------------------------+ + +-----------------------------------------------------------------------------------------------------------------------------------------------------+ + | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path | + +==================+==================+==================+============================================================================================+ + | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | VID | No | Yes | No | kubernetes/vid/resources/cert | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ |