diff options
Diffstat (limited to 'docs/sections')
-rw-r--r-- | docs/sections/build.rst | 12 | ||||
-rw-r--r-- | docs/sections/configuration.rst | 14 | ||||
-rw-r--r-- | docs/sections/introduction.rst | 2 | ||||
-rw-r--r-- | docs/sections/logging.rst | 8 | ||||
-rw-r--r-- | docs/sections/offeredapis.rst | 2 | ||||
-rw-r--r-- | docs/sections/resources/OpenAPI.yaml | 2 | ||||
-rw-r--r-- | docs/sections/usage.rst | 30 |
7 files changed, 36 insertions, 34 deletions
diff --git a/docs/sections/build.rst b/docs/sections/build.rst index 44c38c46..17874de5 100644 --- a/docs/sections/build.rst +++ b/docs/sections/build.rst @@ -9,20 +9,20 @@ Jenkins ------- #. JJB Master - https://jenkins.onap.org/view/aaf/job/aaf-certservice-master-merge-java/ + https://jenkins.onap.org/view/oom-platform-cert-service/job/oom-platform-cert-service-master-merge-java/ #. JJB Stage - https://jenkins.onap.org/view/aaf/job/aaf-certservice-maven-docker-stage-master/ + https://jenkins.onap.org/view/oom-platform-cert-service/job//oom-platform-cert-service-maven-docker-stage-master/ #. JJB Release - https://jenkins.onap.org/view/aaf/job/aaf-certservice-maven-stage-master/ - https://jenkins.onap.org/view/aaf/job/aaf-certservice-release-merge/ + https://jenkins.onap.org/view/oom-platform-cert-service/job//oom-platform-cert-service-maven-stage-master/ + https://jenkins.onap.org/view/oom-platform-cert-service/job//oom-platform-cert-service-release-merge/ #. JJB CSIT - https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/ + https://jenkins.onap.org/view/CSIT/job/oom-platform-cert-service-master-csit-certservice/ Environment ----------- @@ -36,7 +36,7 @@ Environment How to build images? -------------------- -#. Checkout the project from https://gerrit.onap.org/r/#/admin/projects/aaf/certservice +#. Checkout the project from https://gerrit.onap.org/r/#/admin/projects/oom/platform/cert-service #. Read information stored in README.md file #. Use a Makefile to build images:: diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index b325712e..bf8791fb 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -18,7 +18,7 @@ Example cmpServers.json file: "cmpv2Servers": [ { "caName": "Client", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp", + "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", "issuerDN": "CN=ManagementCA", "caMode": "CLIENT", "authentication": { @@ -28,7 +28,7 @@ Example cmpServers.json file: }, { "caName": "RA", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", "issuerDN": "CN=ManagementCA", "caMode": "RA", "authentication": { @@ -77,16 +77,16 @@ When application is running: docker exec -it <certservice-container-name> bash e.g. - docker exec -it aafcert-service bash + docker exec -it oomcert-service bash 3. Edit *cmpServers.json* file:: - vim /etc/onap/aaf/certservice/cmpServers.json + vim /etc/onap/oom/certservice/cmpServers.json 4. Save the file. Note that this file is mounted as volume, so change will be persistent. 5. Reload configuration:: - curl -I https://localhost:8443/reload --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass $KEYSTORE_PASSWORD + curl -I https://localhost:8443/reload --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass $KEYSTORE_PASSWORD 6. Exit container:: @@ -99,7 +99,7 @@ Configuring in OOM deployment: Before OOM installation: """""""""""""""""""""""" -Note! This must be executed before calling *make all* (from OOM Installation) or needs remaking AAF charts. +Note! This must be executed before calling *make all* (from OOM Installation) or needs remaking OOM charts. 1. Edit *cmpServers.json* file. If OOM *global.addTestingComponents* flag is set to: @@ -233,7 +233,7 @@ Configuring EJBCA server for testing To instantiate an EJBCA server for testing purposes with an OOM deployment, cmpv2Enabled and cmpv2Testing have to be changed to true in oom/kubernetes/aaf/values.yaml. -cmpv2Enabled has to be true to enable aaf-cert-service to be instantiated and used with an external Certificate Authority to get certificates for secure communication. +cmpv2Enabled has to be true to enable oom-cert-service to be instantiated and used with an external Certificate Authority to get certificates for secure communication. If cmpv2Testing is enabled then an EJBCA test server will be instantiated in the OOM deployment as well, and will come pre-configured with a test CA to request a certificate from. diff --git a/docs/sections/introduction.rst b/docs/sections/introduction.rst index 9d6c7816..023066b8 100644 --- a/docs/sections/introduction.rst +++ b/docs/sections/introduction.rst @@ -12,6 +12,8 @@ Overview In Frankfurt release AAF was enhanced by Certificate Management Protocol ver. 2 (CMPv2) support. Such support is handled by new AAF's microservice called CertService. CertService provides certificates signed by external CMPv2 server - further on such certificates are called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP. +In Guilin release CertService was moved from AAF repository to OOM repository. + Context View ------------ diff --git a/docs/sections/logging.rst b/docs/sections/logging.rst index dba8f3e6..92a87fb0 100644 --- a/docs/sections/logging.rst +++ b/docs/sections/logging.rst @@ -17,7 +17,7 @@ To see CertService console logs use: docker logs <cert-service-container-name> e.g. - docker logs aafcert-service + docker logs oomcert-service - Kubernetes: @@ -39,7 +39,7 @@ CertService logs for different logging levels are available in the container: docker exec -it <cert-service-container-name> bash e.g. - docker exec -it aafcert-service bash + docker exec -it oomcert-service bash - Kubernetes: @@ -52,7 +52,7 @@ CertService logs for different logging levels are available in the container: Path to logs: - /var/log/onap/aaf/certservice + /var/log/onap/oom/certservice Available log files: @@ -75,7 +75,7 @@ To see CertService client console logs use : docker logs <cert-service-client-container-name> e.g. - docker logs aafcert-client + docker logs oomcert-client - Kubernetes: CertService client is used as init container in other components. In the following example: diff --git a/docs/sections/offeredapis.rst b/docs/sections/offeredapis.rst index b757b3bd..21a4bb60 100644 --- a/docs/sections/offeredapis.rst +++ b/docs/sections/offeredapis.rst @@ -6,7 +6,7 @@ Offered APIs ============= -AAF Cert Service Api +OOM Cert Service Api -------------------- .. code-block:: yaml diff --git a/docs/sections/resources/OpenAPI.yaml b/docs/sections/resources/OpenAPI.yaml index 14f8b6bc..d20f833e 100644 --- a/docs/sections/resources/OpenAPI.yaml +++ b/docs/sections/resources/OpenAPI.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# aaf-certservice +# oom-certservice # ================================================================================ # Copyright (C) 2020 Nokia. All rights reserved. # ================================================================================ diff --git a/docs/sections/usage.rst b/docs/sections/usage.rst index 759284bd..b8bf7f69 100644 --- a/docs/sections/usage.rst +++ b/docs/sections/usage.rst @@ -12,7 +12,7 @@ CertService client needs the following configuration parameters to work properly 1. Parameters for generating certification artifacts and connecting to CertService API to obtain certificate and trust anchors - - REQUEST_URL *(default: https://aaf-cert-service:8443/v1/certificate/)* - URL to CertService API + - REQUEST_URL *(default: https://oom-cert-service:8443/v1/certificate/)* - URL to CertService API - REQUEST_TIMEOUT *(default: 30000[ms])* - Timeout in milliseconds for REST API calls - OUTPUT_PATH *(required)* - Path where client will output generated certificate and trust anchor - CA_NAME *(required)* - Name of CA which will enroll certificate. Must be same as configured on server side. Used in REST API calls @@ -44,12 +44,12 @@ CertService client image can be found on Nexus repository : .. code-block:: bash - nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:$VERSION + nexus3.onap.org:10001/onap/org.onap.oom.certservice.oom-certservice-client:$VERSION As standalone docker container ------------------------------ -You need certificate and trust anchors to connect to CertService API via HTTPS. Information how to generate truststore and keystore files you can find in project repository README `Gerrit GitWeb <https://gerrit.onap.org/r/gitweb?p=aaf%2Fcertservice.git;a=summary>`__ +You need certificate and trust anchors to connect to CertService API via HTTPS. Information how to generate truststore and keystore files you can find in project repository README `Gerrit GitWeb <https://gerrit.onap.org/r/gitweb?p=oom%2Fplatform%2Fcert-service.git;a=summary>`__ To run CertService client as standalone docker container execute following steps: @@ -74,9 +74,9 @@ To run CertService client as standalone docker container execute following steps SANS=test.onap.org:onap.com #TLS config envs - KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks + KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks KEYSTORE_PASSWORD=<password to certServiceClient-keystore.jks> - TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-truststore.jks + TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-truststore.jks TRUSTSTORE_PASSWORD=<password to certServiceClient-truststore.jks> 2. Run docker container as in following example (API and client must be running in same network): @@ -85,13 +85,13 @@ To run CertService client as standalone docker container execute following steps docker run \ --rm \ - --name aafcert-client \ + --name oomcert-client \ --env-file <$PWD/client.env (same as in step1)> \ --network <docker network of cert service> \ --mount type=bind,src=<path to local host directory where certificate and trust anchor will be created>,dst=<OUTPUT_PATH (same as in step 1)> \ --volume <local path to keystore in JKS format>:<KEYSTORE_PATH> \ --volume <local path to truststore in JKS format>:<TRUSTSTORE_PATH> \ - nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:$VERSION + nexus3.onap.org:10001/onap/org.onap.oom.certservice.oom-certservice-client:$VERSION @@ -99,14 +99,14 @@ After successful creation of certifications, container exits with exit code 0, e .. code-block:: bash - INFO 1 [ main] o.o.a.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://aaf-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA, OUTPUT_TYPE: P12 + INFO 1 [ main] o.o.a.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://oom-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA, OUTPUT_TYPE: P12 INFO 1 [ main] o.o.a.c.c.c.f.CsrConfigurationFactory : Successful validation of CSR configuration. Configuration data: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org INFO 1 [ main] o.o.a.c.c.c.KeyPairFactory : KeyPair generation started with algorithm: RSA and key size: 2048 INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been started with following parameters: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been completed successfully INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Conversion of CSR to PEM has been started INFO 1 [ main] o.o.a.c.c.c.PrivateKeyToPemEncoder : Attempt to encode private key to PEM - INFO 1 [ main] o.o.a.c.c.h.HttpClient : Attempt to send request to API, on url: https://aaf-cert-service:8443/v1/certificate/RA + INFO 1 [ main] o.o.a.c.c.h.HttpClient : Attempt to send request to API, on url: https://oom-cert-service:8443/v1/certificate/RA INFO 1 [ main] o.o.a.c.c.h.HttpClient : Received response from API DEBUG 1 [ main] o.o.a.c.c.c.c.ConvertedArtifactsCreator : Attempt to create keystore files and saving data. File names: keystore.p12, keystore.pass INFO 1 [ main] o.o.a.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 keystore @@ -160,11 +160,11 @@ You can use the following deployment example as a reference: ... initContainers: - name: cert-service-client - image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest + image: nexus3.onap.org:10001/onap/org.onap.oom.certservice.oom-certservice-client:latest imagePullPolicy: Always env: - name: REQUEST_URL - value: https://aaf-cert-service:8443/v1/certificate/ + value: https://oom-cert-service:8443/v1/certificate/ - name: REQUEST_TIMEOUT value: "1000" - name: OUTPUT_PATH @@ -188,17 +188,17 @@ You can use the following deployment example as a reference: - name: SANS value: test.onap.org:onap.com - name: KEYSTORE_PATH - value: /etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks + value: /etc/onap/oom/certservice/certs/certServiceClient-keystore.jks - name: KEYSTORE_PASSWORD value: secret - name: TRUSTSTORE_PATH - value: /etc/onap/aaf/certservice/certs/truststore.jks + value: /etc/onap/oom/certservice/certs/truststore.jks - name: TRUSTSTORE_PASSWORD value: secret volumeMounts: - mountPath: /var/certs name: certs - - mountPath: /etc/onap/aaf/certservice/certs/ + - mountPath: /etc/onap/oom/certservice/certs/ name: tls-volume ... volumes: @@ -206,6 +206,6 @@ You can use the following deployment example as a reference: emptyDir: {} - name tls-volume secret: - secretName: aaf-cert-service-client-tls-secret # Value of global.aaf.certService.client.secret.name + secretName: oom-cert-service-client-tls-secret # Value of global.oom.certService.client.secret.name ... |