From aadf545643827a440b082f4dcf6afdfd1c2012e2 Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Wed, 18 Mar 2020 18:13:51 +0100
Subject: [SO] Onboard ONAP CA during init phase

Workaround for retrieving ONAP root CA and keeping SO container being
run by no root user.

Issue-ID: SO-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a
---
 docs/oom_hardcoded_certificates.rst | 52 ++++++++++++++++++++++++++-----------
 1 file changed, 37 insertions(+), 15 deletions(-)

(limited to 'docs/oom_hardcoded_certificates.rst')

diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index eb53a2d848..74a292cef4 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -11,18 +11,40 @@ ONAP Hardcoded certificates
 ONAP current installation have hardcoded certificates.
 Here's the list of these certificates:
 
- +-----------------------------------------------------------------------------------------------------------------------------+
- | Project    | ONAP Certificate | Own Certificate  | Path                                                                     |
- +============+==================+==================+==========================================================================+
- | VID        | No               | Yes              | kubernetes/vid/resources/cert                                            |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI        | Yes              | No               | aai/oom/resources/config/haproxy/aai.pem                                 |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI        | Yes              | No               | aai/oom/resources/config/aai/aai_keystore                                |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI        | Yes              | No               | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI        | No               | Yes              | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore       |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI        | Yes              | Yes              | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
+ +-----------------------------------------------------------------------------------------------------------------------------------------------------+
+ | Project          | ONAP Certificate | Own Certificate  | MSB Certificate | Path                                                                     |
+ +==================+==================+==================+============================================================================================+
+ | AAI              | Yes              | No               | No              | aai/oom/resources/config/haproxy/aai.pem                                 |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI              | Yes              | No               | No              | aai/oom/resources/config/aai/aai_keystore                                |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/SEARCH-DATA  | Yes              | No               | No              | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/BABEL        | No               | Yes              | No              | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore       |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/MODEL-LOADER | Yes              | Yes              | No              | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO               | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/BPMN          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Catalog       | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Monitoring    | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/OpenStack     | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/RequestDb     | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDC           | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDNC          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VE/VNFM       | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VFC           | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | VID              | No               | Yes              | No              | kubernetes/vid/resources/cert                                            |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
-- 
cgit 1.2.3-korg