From f404a66530eac7b072014af437deb1771977b1f4 Mon Sep 17 00:00:00 2001 From: Remigiusz Janeczek Date: Wed, 18 Mar 2020 13:21:35 +0100 Subject: Add certservice client to Makefile (local run) Move files used only in local run from submodules to base dir Issue-ID: AAF-1107 Signed-off-by: Remigiusz Janeczek Change-Id: Ia027bfb5859fb2b316215b3f2633b51666d06280 --- .gitignore | 2 +- Makefile | 37 +++++++++ README.md | 88 ++++++++++++++++++++++ certService/Makefile | 31 -------- certService/README.md | 61 +-------------- certService/docker-compose.yml | 40 ---------- .../main/resources/scripts/ejbca-configuration.sh | 19 ----- certServiceClient/client_docker.env | 14 ---- certServiceClient/docker-compose.yml | 59 --------------- compose-resources/client-configuration.env | 14 ++++ compose-resources/ejbca-configuration.sh | 19 +++++ docker-compose.yml | 37 +++++++++ 12 files changed, 197 insertions(+), 224 deletions(-) create mode 100644 Makefile create mode 100644 README.md delete mode 100644 certService/Makefile delete mode 100644 certService/docker-compose.yml delete mode 100755 certService/src/main/resources/scripts/ejbca-configuration.sh delete mode 100644 certServiceClient/client_docker.env delete mode 100644 certServiceClient/docker-compose.yml create mode 100644 compose-resources/client-configuration.env create mode 100755 compose-resources/ejbca-configuration.sh create mode 100644 docker-compose.yml diff --git a/.gitignore b/.gitignore index 35cc9b4e..8a3ca168 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ target/ !**/src/main/** !**/src/test/** **/var -certServiceClient/certs_volume +compose-resources/client-volume ### STS ### .apt_generated diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..1e4f871c --- /dev/null +++ b/Makefile @@ -0,0 +1,37 @@ +all: build start-backend run-client stop-client stop-backend +start-with-client: start-backend run-client +.PHONY: build + +build: + @echo "##### Build Cert Service images locally #####" + mvn clean install -P docker + @echo "##### DONE #####" + +start-backend: + @echo "##### Start Cert Service #####" + docker-compose up -d + @echo "## Configure ejbca ##" + docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh + @echo "##### DONE #####" + +run-client: + @echo "##### Create Cert Service Client volume folder: `pwd`/compose-resources/client-volume/ #####" + mkdir -p `pwd`/compose-resources/client-volume/ + @echo "##### Start Cert Service Client #####" + docker run \ + --name aafcert-client \ + --env-file ./compose-resources/client-configuration.env \ + --network certservice_certservice \ + --mount type=bind,src=`pwd`/compose-resources/client-volume/,dst=/var/certs \ + onap/org.onap.aaf.certservice.aaf-certservice-client:latest + +stop-client: + @echo "##### Remove Cert Service Client #####" + @echo "Removing aafcert-client" + @docker rm aafcert-client > /dev/null 2> /dev/null || true + @echo "##### DONE #####" + +stop-backend: + @echo "##### Stop Cert Service #####" + docker-compose down + @echo "##### DONE #####" diff --git a/README.md b/README.md new file mode 100644 index 00000000..8fabbee9 --- /dev/null +++ b/README.md @@ -0,0 +1,88 @@ +# Cert service + +### General description + +More information about the project and all its functionalities you can find under the wiki page: + ``` + https://wiki.onap.org/display/DW/AAF+Certification+Service + ``` + +Project consists of two submodules: +1. aaf-certservice-api +2. aaf-certservice-client + +Detailed information about submodules can be found in ```README.md``` in their directories. + +### Project building +``` +mvn clean package +``` + +### Install the packages into the local repository +``` +mvn clean install +``` + +### Building Docker images and install packages into local repository +``` +mvn clean install -P docker +or +make build +``` + +### Running Docker containers from docker-compose with EJBCA +Docker-compose uses a local image of certservice-api and make run-client uses a local image of certservice-client +Build docker images locally before running docker compose command. +``` +1. Build local images +make build +2. Start Cert Service with configured EJBCA +make start-backend +3. Run Cert Service Client +make run-client +3. Remove client container +make stop-client +4. Stop Cert Service and EJBCA +make stop-backend +``` + +### Running API with Helm +1. Use environment/server with installed kubernetes and helm. +2. Copy certService/helm/aaf-cert-service directory to that environment. +3. Enter that environment +4. Run ```helm install ./aaf-cert-service``` + + +### AAF CertService CSITs +#### CSIT repository +``` +https://gerrit.onap.org/r/admin/repos/integration/csit +``` + +####How to run tests locally +1. Checkout CSIT repository +2. Configure CSIT local environment +3. Inside CSIT directory execute +``` +sudo ./run-csit.sh plans/aaf/certservice +``` + +####Jenkins build +https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/ + +### Sonar results +``` +https://sonarcloud.io/dashboard?id=onap_aaf-certservice +``` + +### Maven artifacts +All maven artifacts are deployed under nexus uri: +``` +https://nexus.onap.org/content/repositories/snapshots/org/onap/aaf/certservice/ +``` + +### Docker artifacts +All docker images are hosted under nexus3 uri: +``` +https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.aaf.certservice.aaf-certservice-api/ +``` \ No newline at end of file diff --git a/certService/Makefile b/certService/Makefile deleted file mode 100644 index b1b63b4d..00000000 --- a/certService/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -all: build start stop -.PHONY: build - -build: - @echo "##### Build Cert Service images locally #####" - mvn clean install -P docker - @echo "##### DONE #####" -start: - @echo "##### Start Cert Service #####" - docker-compose up -d - @echo "## Configure ejbca ##" - docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh - @echo "##### DONE #####" -stop: - @echo "##### Stop Cert Service #####" - docker-compose down - @echo "##### DONE #####" - - - - - - - - - - - - - - diff --git a/certService/README.md b/certService/README.md index 9f23504e..8e7fccc4 100644 --- a/certService/README.md +++ b/certService/README.md @@ -48,8 +48,6 @@ mvn clean install ### Building Docker image and install the package into local repository ``` mvn clean install -P docker -or -make build ``` ### Running Docker container local @@ -61,25 +59,7 @@ docker run -p 8080:8080 --name aaf-certservice-api --mount type=bind,source=//cmpServers.json,target=/etc/onap/aaf/certservice/cmpServers.json nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 ``` - -### Running Docker container from docker-compose with EJBCA -Docker-compose uses a local image of certservice. -Build a docker image locally before run docker compose command. -``` -1. Build local image -make build -2. Start Cert Service with configured EJBCA -make start -3. Stop containers -make stop -``` -### Running with Helm -1. Use environment/server with installed kubernetes and helm. -2. Copy helm/aaf-cert-service directory to that environment. -3. Enter that environment -4. Run ```helm install ./aaf-cert-service``` - ### Health Check Browser: ``` @@ -92,23 +72,6 @@ curl localhost:8080/actuator/health ``` Should return {"status":"UP"} -### AAF CertService CSITs -#### CSIT repository -``` -https://gerrit.onap.org/r/admin/repos/integration/csit -``` - -####How to run tests locally -1. Checkout CSIT repository -2. Configure CSIT local environment -3. Inside CSIT directory execute -``` -sudo ./run-csit.sh plans/aaf/certservice -``` - -####Jenkins build -https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/ - ### Logs locally path: @@ -127,31 +90,9 @@ cd /var/log/onap/aaf/certservice You should see: audit.log error.log trace.log -### Sonar results -``` -https://sonarcloud.io/dashboard?id=onap_aaf-certservice -``` - -### Maven artifacts -All maven artifacts are deployed under nexus uri: -``` -https://nexus.onap.org/content/repositories/snapshots/org/onap/aaf/certservice/ -``` - -### Docker artifacts -All docker images are hosted under nexus3 uri: -``` -https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.aaf.certservice.aaf-certservice-api/ -``` - ### RestAPI API is described by Swagger ( OpenAPI 3.0 ) on endpoint /docs ( endpoint is defined in properties as springdoc.swagger-ui.path ) ``` http://localchost:8080/docs -``` - -### Sonar results -``` -https://sonarcloud.io/dashboard?id=onap_aaf-certservice -``` +``` \ No newline at end of file diff --git a/certService/docker-compose.yml b/certService/docker-compose.yml deleted file mode 100644 index 2f4f4b4a..00000000 --- a/certService/docker-compose.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: "2.1" - -services: - ejbca: - image: primekey/ejbca-ce:6.15.2.5 - hostname: cahostname - container_name: aafcert-ejbca - ports: - - "80:8080" - - "443:8443" - volumes: - - ./src/main/resources/scripts/:/opt/primekey/scripts - command: bash -c " - /opt/primekey/bin/start.sh - " - healthcheck: - test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] - interval: 10s - timeout: 3s - retries: 9 - networks: - - certservice - - certservice: - image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest - volumes: - - ./helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json - container_name: aafcert-service - ports: - - "8080:8080" - depends_on: - ejbca: - condition: service_healthy - networks: - - certservice - - -networks: - certservice: - driver: bridge diff --git a/certService/src/main/resources/scripts/ejbca-configuration.sh b/certService/src/main/resources/scripts/ejbca-configuration.sh deleted file mode 100755 index 77f5c555..00000000 --- a/certService/src/main/resources/scripts/ejbca-configuration.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -configureEjbca() { - ejbca.sh config cmp addalias --alias cmpRA - ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra - ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe - ejbca.sh config cmp dumpalias --alias cmpRA - ejbca.sh config cmp addalias --alias cmp - ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true - ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe - ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED - ejbca.sh ra setclearpwd --username Node123 --password mypassword - ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN - ejbca.sh config cmp dumpalias --alias cmp - ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem -} - -configureEjbca diff --git a/certServiceClient/client_docker.env b/certServiceClient/client_docker.env deleted file mode 100644 index f2697173..00000000 --- a/certServiceClient/client_docker.env +++ /dev/null @@ -1,14 +0,0 @@ -#Client envs -REQUEST_URL=http://certservice:8080/v1/certificate/ -REQUEST_TIMEOUT=1000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=example.org - diff --git a/certServiceClient/docker-compose.yml b/certServiceClient/docker-compose.yml deleted file mode 100644 index b0c65be9..00000000 --- a/certServiceClient/docker-compose.yml +++ /dev/null @@ -1,59 +0,0 @@ -version: "2.1" - -services: - ejbca: - image: primekey/ejbca-ce:6.15.2.5 - hostname: cahostname - container_name: aafcert-ejbca - ports: - - "80:8080" - - "443:8443" - volumes: - - ../certService/src/main/resources/scripts/:/opt/primekey/scripts - command: bash -c " - ./scripts/ejbca-configuration.sh & - /opt/primekey/bin/start.sh - " - healthcheck: - test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] - interval: 20s - timeout: 3s - retries: 9 - networks: - - certservice - - certservice: - image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest - volumes: - - ../certService/helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json - container_name: aafcert-service - ports: - - "8080:8080" - depends_on: - ejbca: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health"] - interval: 10s - timeout: 3s - retries: 9 - networks: - - certservice - - certservice-client: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:latest - container_name: aafcert-client - env_file: - - ./client_docker.env - user: root #Run as root to avoid volume permission issues - volumes: - - ./certs_volume/:/var/certs - depends_on: - certservice: - condition: service_healthy - networks: - - certservice - -networks: - certservice: - driver: bridge diff --git a/compose-resources/client-configuration.env b/compose-resources/client-configuration.env new file mode 100644 index 00000000..e79aa618 --- /dev/null +++ b/compose-resources/client-configuration.env @@ -0,0 +1,14 @@ +#Client envs +REQUEST_URL=http://aafcert-service:8080/v1/certificate/ +REQUEST_TIMEOUT=1000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.org + diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh new file mode 100755 index 00000000..77f5c555 --- /dev/null +++ b/compose-resources/ejbca-configuration.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +configureEjbca() { + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra + ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh config cmp addalias --alias cmp + ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe + ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED + ejbca.sh ra setclearpwd --username Node123 --password mypassword + ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN + ejbca.sh config cmp dumpalias --alias cmp + ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem +} + +configureEjbca diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..851ad317 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,37 @@ +version: "2.1" + +services: + ejbca: + image: primekey/ejbca-ce:6.15.2.5 + hostname: cahostname + container_name: aafcert-ejbca + ports: + - "80:8080" + - "443:8443" + volumes: + - ./compose-resources/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh + healthcheck: + test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] + interval: 10s + timeout: 3s + retries: 15 + networks: + - certservice + + certservice: + image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest + container_name: aafcert-service + volumes: + - ./certService/helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json + ports: + - "8080:8080" + depends_on: + ejbca: + condition: service_healthy + networks: + - certservice + + +networks: + certservice: + driver: bridge -- cgit 1.2.3-korg