From 5d11547c0299d7fe7156d515738546e4c288a9dc Mon Sep 17 00:00:00 2001
From: Michal Banka <michal.banka@nokia.com>
Date: Fri, 14 Feb 2020 14:55:14 +0100
Subject: Created docker-compose with ejbca and certservice

Docker-compose should run configured EJBCA and certservice.

Signed-off-by: Michal Banka <michal.banka@nokia.com>
Issue-ID: AAF-997
Change-Id: I2c815c7a97636e31cc07d8a6d7a172a3895523b7
---
 certService/README.md                              | 10 ++++++-
 certService/docker-compose.yml                     | 31 ++++++++++++++++++++++
 .../main/resources/scripts/ejbca-configuration.sh  | 22 +++++++++++++++
 3 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 certService/docker-compose.yml
 create mode 100755 certService/src/main/resources/scripts/ejbca-configuration.sh

(limited to 'certService')

diff --git a/certService/README.md b/certService/README.md
index 443390b3..16ad0d15 100644
--- a/certService/README.md
+++ b/certService/README.md
@@ -54,7 +54,15 @@ Go to the certService subfolder and execute following statement (1.0.0-SNAPSHOT
     docker run -p 8080:8080 --name aaf-certservice-api nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0
 
     ```
-    
+
+### Running Docker container from docker-compose with EJBCA
+ Docker-compose uses nexus image of certservice.
+ 
+    ```
+    docker-compose up
+     
+    ```
+
 ### Health Check
  Browser:
  
diff --git a/certService/docker-compose.yml b/certService/docker-compose.yml
new file mode 100644
index 00000000..04d4867f
--- /dev/null
+++ b/certService/docker-compose.yml
@@ -0,0 +1,31 @@
+version: "2.1"
+
+services:
+  ejbca:
+    image: primekey/ejbca-ce
+    hostname: cahostname
+    container_name: mycontainer
+    ports:
+        - "80:8080"
+        - "443:8443"
+    volumes:
+        - ./src/main/resources/scripts/:/opt/primekey/scripts
+    command: bash -c "
+      ./scripts/ejbca-configuration.sh &
+      /opt/primekey/bin/start.sh
+      "
+    healthcheck:
+      test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
+      interval: 10s
+      timeout: 3s
+      retries: 9
+
+  certservice:
+    image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0
+    container_name: certservice
+    ports:
+      - "8080:8080"
+    depends_on:
+      ejbca:
+        condition: service_healthy
+
diff --git a/certService/src/main/resources/scripts/ejbca-configuration.sh b/certService/src/main/resources/scripts/ejbca-configuration.sh
new file mode 100755
index 00000000..cdff77de
--- /dev/null
+++ b/certService/src/main/resources/scripts/ejbca-configuration.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+waitForEjbcaStartUp() {
+    sleep $1
+}
+
+configureEjbca() {
+    ejbca.sh config cmp addalias --alias cmpRA
+    ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
+    ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
+    ejbca.sh config cmp dumpalias --alias cmpRA
+    ejbca.sh config cmp addalias --alias cmp
+    ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
+    ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED
+    ejbca.sh ra setclearpwd --username Node123 --password mypassword
+    ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
+    ejbca.sh config cmp dumpalias --alias cmp
+    ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+}
+
+waitForEjbcaStartUp 30
+configureEjbca
-- 
cgit 1.2.3-korg