From 032814878abc66aa25dff8498ec95f76c36222a9 Mon Sep 17 00:00:00 2001 From: Maciej Malewski Date: Thu, 3 Sep 2020 07:04:16 +0200 Subject: [OOM-CPMv2] Edit cert-service docs Documentation for cert-service installation and configuration updated regarding cert-service move from aaf to oom Issue-ID: OOM-2526 Signed-off-by: Maciej Malewski Change-Id: I8919b3904b3a93ecb7a12454371b88e96cf244cd --- docs/sections/configuration.rst | 36 ++++++++++++++++++------------------ docs/sections/installation.rst | 7 +++---- 2 files changed, 21 insertions(+), 22 deletions(-) (limited to 'docs') diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index bf8791fb..c165fa3b 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -104,8 +104,8 @@ Note! This must be executed before calling *make all* (from OOM Installation) or 1. Edit *cmpServers.json* file. If OOM *global.addTestingComponents* flag is set to: - - *true* - edit *kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json* - - *false* - edit *kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json* + - *true* - edit *kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json* + - *false* - edit *kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json 2. Build and start OOM deployment @@ -123,7 +123,7 @@ When CertService is deployed: kubectl -n onap edit secret e.g. - kubectl -n onap edit secret aaf-cert-service-secret + kubectl -n onap edit secret oom-cert-service-secret 4. Replace value for *cmpServers.json* with your base64 encoded configuration. For example: @@ -135,10 +135,10 @@ When CertService is deployed: kind: Secret metadata: creationTimestamp: "2020-04-21T16:30:29Z" - name: aaf-cert-service-secret + name: oom-cert-service-secret namespace: default resourceVersion: "33892990" - selfLink: /api/v1/namespaces/default/secrets/aaf-cert-service-secret + selfLink: /api/v1/namespaces/default/secrets/oom-cert-service-secret uid: 6a037526-83ed-11ea-b731-fa163e2144f6 type: Opaque @@ -181,19 +181,19 @@ This will clear existing certs and generate new ones. ONAP OOM installation: ^^^^^^^^^^^^^^^^^^^^^^ -Certificates are stored in secrets, which are mounted to pods as volumes. Both secrets are stored in *kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml*. -Secrets take certificates from *kubernetes/aaf/charts/aaf-cert-service/resources* directory. Certificates are generated automatically during building (using Make) OOM repository. +Certificates are stored in secrets, which are mounted to pods as volumes. Both secrets are stored in *kubernetes/platform/components/oom-cert-service/templates/secret.yaml*. +Secrets take certificates from *kubernetes/platform/components/oom-cert-service/resources* directory. Certificates are generated automatically during building (using Make) OOM repository. -*kubernetes/aaf/charts/aaf-cert-service/Makefile* is similar to the one stored in certservice repository. It actually generates certificates. -This Makefile is executed by *kubernetes/aaf/Makefile*, which is automatically executed during OOM build. +*kubernetes/platform/components/oom-cert-service/Makefile* is similar to the one stored in certservice repository. It actually generates certificates. +This Makefile is executed by *kubernetes/platform/Makefile*, which is automatically executed during OOM build. Using external certificates for CertService and CertService Client ------------------------------------------------------------------ This section describes how to use custom, external certificates for CertService and CertService Client communication in OOM installation. - -1. Set *tls.certificateExternalSecret* flag to true in *kubernetes/aaf/charts/aaf-cert-service/values.yaml* +*kubernetes/platform/components/oom-cert-service/values.yaml* +1. Set *tls.certificateExternalSecret* flag to true in *kubernetes/platform/components/oom-cert-service/values.yaml* 2. Prepare secret for CertService. It must be provided before OOM installation. It must contain four files: - *certServiceServer-keystore.jks* - keystore in JKS format. Signed by some Root CA @@ -201,18 +201,18 @@ This section describes how to use custom, external certificates for CertService - *truststore.jks* - truststore in JKS format, containing certificates of the Root CA that signed CertService Client certificate - *root.crt* - certificate of the RootCA that signed Client certificate in CRT format -3. Name the secret properly - the name should match *tls.server.secret.name* value from *kubernetes/aaf/charts/aaf-cert-service/values.yaml* file +3. Name the secret properly - the name should match *tls.server.secret.name* value from *kubernetes/platform/components/oom-cert-service/values.yaml* file 4. Prepare secret for CertService Client. It must be provided before OOM installation. It must contain two files: - *certServiceClient-keystore.jks* - keystore in JKS format. Signed by some Root CA - *truststore.jks* - truststore in JKS format, containing certificates of the RootCA that signed CertService certificate -5. Name the secret properly - the name should match *global.aaf.certService.client.secret.name* value from *kubernetes/onap/values.yaml* file +5. Name the secret properly - the name should match *global.oom.certService.client.secret.name* value from *kubernetes/onap/values.yaml* file 6. Provide keystore and truststore passwords for CertService. It can be done in two ways: - - by inlining them into *kubernetes/aaf/charts/aaf-cert-service/values.yaml*: + - by inlining them into *kubernetes/platform/components/oom-cert-service/values.yaml*: - override *credentials.tls.keystorePassword* value with keystore password - override *credentials.tls.truststorePassword* value with truststore password @@ -224,14 +224,14 @@ This section describes how to use custom, external certificates for CertService 7. Override default keystore and truststore passwords for CertService Client in *kubernetes/onap/values.yaml* file: - - override *global.aaf.certServiceClient.envVariables.keystorePassword* value with keystore password - - override *global.aaf.certServiceClient.envVariables.truststorePassword* value with truststore password + - override *global.oom.certServiceClient.envVariables.keystorePassword* value with keystore password + - override *global.oom.certServiceClient.envVariables.truststorePassword* value with truststore password Configuring EJBCA server for testing ------------------------------------ -To instantiate an EJBCA server for testing purposes with an OOM deployment, cmpv2Enabled and cmpv2Testing have to be changed to true in oom/kubernetes/aaf/values.yaml. +To instantiate an EJBCA server for testing purposes with an OOM deployment, cmpv2Enabled and cmpv2Testing have to be changed to true in oom/kubernetes/platform/values.yaml. cmpv2Enabled has to be true to enable oom-cert-service to be instantiated and used with an external Certificate Authority to get certificates for secure communication. @@ -245,7 +245,7 @@ Default Values: +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ | Name | Value | +=====================+=================================================================================================================================+ -| Request URL | http://aaf-ejbca:8080/ejbca/publicweb/cmp/cmpRA | +| Request URL | http://ejbca:8080/ejbca/publicweb/cmp/cmpRA | +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ | Response Type | PKI Response | +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ diff --git a/docs/sections/installation.rst b/docs/sections/installation.rst index c41c0fca..b77c997b 100644 --- a/docs/sections/installation.rst +++ b/docs/sections/installation.rst @@ -5,8 +5,7 @@ Installation ============= - -When enabling CMPv2, *kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml* file with override values need to be used during OOM installation. +When enabling CMPv2, *kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml* file with override values need to be used during OOM installation. CertService can be easily installed with OOM installation, simply by setting proper flag. It's possible to also install EJBCA server for testing purposes. It also can be done by setting proper flag. @@ -15,7 +14,7 @@ It's possible to also install EJBCA server for testing purposes. It also can be Enabling CertService -------------------- -In order to install CertService during OOM deployment, global flag *global.cmpv2Enabled* in *kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml* file must be set to true. +In order to install CertService during OOM deployment, global flag *global.cmpv2Enabled* in *kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml* file must be set to true. Enabling EJBCA - testing CMPV2 server @@ -23,4 +22,4 @@ Enabling EJBCA - testing CMPV2 server In order to install EJBCA server, global flag *global.addTestingComponents* in *kubernetes/onap/values.yaml* file or other file with override values must be set to true. -Setting this flag, will also cause CertService to load test configuration from *kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json* +Setting this flag, will also cause CertService to load test configuration from *kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json* -- cgit 1.2.3-korg