.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020 Huawei Technologies Co., Ltd.
Docker-config
=============
In SO (Service Orchestration) every component running on docker engine and respective containers. here we can see how so is working with Dokcer.
CA(Certificate Authority)
=========================
Certificate Authorities/ CAs, issue Digital Certificates. Digital Certificates are verifiable small data files that contain identity credentials to help websites, people, and devices represent their authentic online identity (authentic because the CA has verified the identity). CAs play a critical role in how the Internet operates and how transparent, trusted transactions can take place online. CAs issue millions of Digital Certificates each year, and these certificates are used to protect information, encrypt billions of transactions, and enable secure communication.
CA(file)
/so/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt
Example CA cirtifiacte:-
-----BEGIN CERTIFICATE-----
MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix
EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD
VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y
aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy
MDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEU
MBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFBy
aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0Eg
THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyu
vBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGM
ak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb
8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0Awzl
kVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbb
rvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7P
OfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCB
tAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkG
A1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0Eg
THRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpX
xQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6Kr
XcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7g
BMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56Y
It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/
7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX
-----END CERTIFICATE-----
Configurations:-
================
Every component has its own over-ride yaml file. We can over-ride the file according the Configurations and Dependencies required for Deploying.
Over-ride yaml for api-handler
==============================
Path:- /docker-config/volumes/so/config/api-handler-infra/onapheat/override.yaml
.. code-block:: bash
server:
port: 8080
tomcat:
max-threads: 50
ssl-enable: false
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
logPath: logs
site-name: onapheat
adapters:
requestDb:
endpoint: http://request-db-adapter:8083
auth: Basic YnBlbDpwYXNzd29yZDEk
catalog:
db:
spring:
endpoint: http://catalog-db-adapter:8082
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
config:
path: /src/main/resources/
infra:
default:
alacarte:
orchestrationUri: /mso/async/services/ALaCarteOrchestrator
recipeTimeout: 180
testApi: VNF_API
service:
macro:
default:
testApi: GR_API
camundaURL: http://bpmn-infra:8081
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
auth: F3473596C526938329DF877495B494DC374D1C4198ED3AD305EA3ADCBBDA1862
activate:
instanceid: test
userid: cs0008
endpoint: http://c1.vm1.mso.simpledemo.onap.org:28090
tenant:
isolation:
retry:
count: 3
aai:
endpoint: https://aai.api.simpledemo.onap.org:8443
auth: 2630606608347B7124C244AB0FE34F6F
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
so:
operational-environment:
dmaap:
username: testuser
password: VjR5NDcxSzA=
host: http://c1.vm1.mso.simpledemo.onap.org:28090
auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
spring:
datasource:
hikari:
jdbcUrl: jdbc:mariadb://mariadb:3306/catalogdb
username: cataloguser
password: catalog123
driver-class-name: org.mariadb.jdbc.Driver
pool-name: catdb-pool
registerMbeans: true
jpa:
show-sql: true
hibernate:
dialect: org.hibernate.dialect.MySQL5Dialect
ddl-auto: validate
naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
enable-lazy-load-no-trans: true
jersey:
type: filter
security:
usercredentials:
-
username: sitecontrol
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: SiteControl-Client
-
username: gui
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: GUI-Client
-
username: infraportal
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: InfraPortal-Client
-
username: InfraPortalClient
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: InfraPortal-Client
-
username: bpel
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: BPEL-Client
-
username: mso_admin
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: ACTUATOR
request:
datasource:
hikari:
jdbcUrl: jdbc:mariadb://mariadb:3306/requestdb
username: requestuser
password: request123
driver-class-name: org.mariadb.jdbc.Driver
pool-name: reqdb-pool
registerMbeans: true
org:
onap:
so:
cloud-owner: CloudOwner
adapters:
network:
encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
Start the container
=======================
cd /home/root1/docker-config/
CMD:-
===
sudo docker-compose up -d
*Example Output:*
root1@slave-node:~/docker-config$ sudo docker-compose up -d
docker-config_mariadb_1 is up-to-date
Starting docker-config_catalog-db-adapter_1 ... done
Starting docker-config_request-db-adapter_1 ... done
Starting docker-config_bpmn-infra_1 ... done
Starting docker-config_vfc-adapter_1 ... done
Starting docker-config_sdc-controller_1 ... done
Starting docker-config_sdnc-adapter_1 ... done
Starting docker-config_openstack-adapter_1 ... done
Starting docker-config_api-handler-infra_1 ... done
Starting docker-config_so-monitoring_1 ... done
Starting docker-config_nssmf-adapter_1 ... done
Example Output:
===============
docker ps
*Example Output:*
root1@slave-node:~/docker-config$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d930caf28508 nexus3.onap.org:10001/onap/so/openstack-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 30 seconds 0.0.0.0:8087->8087/tcp docker-config_openstack-adapter_1
599af283319e nexus3.onap.org:10001/onap/so/vfc-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 30 seconds 0.0.0.0:8084->8084/tcp docker-config_vfc-adapter_1
5549305c8dd6 nexus3.onap.org:10001/onap/so/api-handler-infra "/app/wait-for.sh -q…" 5 weeks ago Up 27 seconds 0.0.0.0:8080->8080/tcp docker-config_api-handler-infra_1
59d3aa684ecb nexus3.onap.org:10001/onap/so/sdnc-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 29 seconds 0.0.0.0:8086->8086/tcp docker-config_sdnc-adapter_1
ade4cef97bd3 nexus3.onap.org:10001/onap/so/bpmn-infra "/app/wait-for.sh -q…" 5 weeks ago Up 29 seconds 0.0.0.0:8081->8081/tcp docker-config_bpmn-infra_1
e9558560c4d7 nexus3.onap.org:10001/onap/so/sdc-controller "/app/wait-for.sh -q…" 5 weeks ago Up 25 seconds 0.0.0.0:8085->8085/tcp docker-config_sdc-controller_1
ae27ec2f8b04 nexus3.onap.org:10001/onap/so/so-monitoring "/app/wait-for.sh -q…" 5 weeks ago Up 26 seconds 0.0.0.0:8088->8088/tcp docker-config_so-monitoring_1
8d2c64d48f1a nexus3.onap.org:10001/onap/so/request-db-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 32 seconds 0.0.0.0:8083->8083/tcp docker-config_request-db-adapter_1
a126dd29c540 nexus3.onap.org:10001/mariadb:10.1.11 "/docker-entrypoint.…" 5 weeks ago Up 17 minutes 0.0.0.0:32768->3306/tcp docker-config_mariadb_1
Inspect a docker image
======================
This command shows interesting information about the structure of the mso image. Note that an image is NOT a running container. It is the template that a container is created from.
CMD:-
=====
sudo docker inspect onap/so/api-handler-infra
Example Output:
.. code-block:: bash
[
{
"Id": "sha256:2573165483e9ac87826da9c08984a9d0e1d93a90c681b22d9b4f90ed579350dc",
"RepoTags": [
"onap/so/api-handler-infra:1.3.0-SNAPSHOT",
"onap/so/api-handler-infra:1.3.0-SNAPSHOT-20190213T0846",
"onap/so/api-handler-infra:1.3.0-SNAPSHOT-latest",
"onap/so/api-handler-infra:latest"
],
"RepoDigests": [],
"Parent": "sha256:66b508441811ab4ed9968f8702a0d0a697f517bbc10d8d9076e5b98ae4437344",
"Comment": "",
"Created": "2019-02-13T09:37:33.770342225Z",
"Container": "8be46c735d21935631130f9017c3747779aab26eab54a9149b1edde122f7576d",
"ContainerConfig": {
"Hostname": "ac4a12e21390",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin",
"LANG=C.UTF-8",
"JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk",
"JAVA_VERSION=8u191",
"JAVA_ALPINE_VERSION=8.191.12-r0",
"HTTP_PROXY=",
"HTTPS_PROXY=",
"http_proxy=",
"https_proxy="
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"/app/start-app.sh\"]"
],
"ArgsEscaped": true,
"Image": "sha256:66b508441811ab4ed9968f8702a0d0a697f517bbc10d8d9076e5b98ae4437344",
"Volumes": {
"/app/ca-certificates": {},
"/app/config": {}
},
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": [],
"Labels": {}
},
"DockerVersion": "17.05.0-ce",
"Author": "",
"Config": {
"Hostname": "ac4a12e21390",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin",
"LANG=C.UTF-8",
"JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk",
"JAVA_VERSION=8u191",
"JAVA_ALPINE_VERSION=8.191.12-r0",
"HTTP_PROXY=",
"HTTPS_PROXY=",
"http_proxy=",
"https_proxy="
],
"Cmd": [
"/app/start-app.sh"
],
"ArgsEscaped": true,
"Image": "sha256:66b508441811ab4ed9968f8702a0d0a697f517bbc10d8d9076e5b98ae4437344",
"Volumes": {
"/app/ca-certificates": {},
"/app/config": {}
},
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": [],
"Labels": {}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 245926705,
"VirtualSize": 245926705,
"GraphDriver": {
"Data": null,
"Name": "aufs"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:503e53e365f34399c4d58d8f4e23c161106cfbce4400e3d0a0357967bad69390",
"sha256:744b4cd8cf79c70508aace3697b6c3b46bee2c14f1c14b6ff09fd0ba5735c6d4",
"sha256:4c6899b75fdbea2f44efe5a2f8d9f5319c1cf7e87151de0de1014aba6ce71244",
"sha256:2e076d24f6d1277456e33e58fc8adcfd69dfd9c025f61aa7b98d500e7195beb2",
"sha256:bb67f2d5f8196c22137a9e98dd4190339a65c839822d16954070eeb0b2a17aa2",
"sha256:afbbd0cc43999d5c5b0ff54dfd82365a3feb826e5c857d9b4a7cf378001cd4b3",
"sha256:1920a7ca0f8ae38a79a1339ce742aaf3d7a095922d96e37074df67cf031d5035",
"sha256:1261fbaef67c5be677dae1c0f50394587832ea9d8c7dc105df2f3db6dfb92a3a",
"sha256:a33d8ee5c18908807458ffe643184228c21d3c5d5c5df1251f0f7dfce512f7e8",
"sha256:80704fca12eddb4cc638cee105637266e04ab5706b4e285d4fc6cac990e96d63",
"sha256:55abe39073a47f29aedba790a92c351501f21b3628414fa49a073c010ee747d1",
"sha256:cc4136c2c52ad522bd492545d4dd18265676ca690aa755994adf64943b119b28",
"sha256:2163a1f989859fdb3af6e253b74094e92a0fc1ee59f5eb959971f94eb1f98094"
]
}
}
]