From 45a1d744521ec556dc930666c3151be4bdd696d1 Mon Sep 17 00:00:00 2001 From: elinuxhenrik Date: Mon, 29 Jun 2020 12:06:17 +0200 Subject: [PATCH] Update docker-compose for configurable certs Change-Id: Iebf697c6f0a0e2d62e05afad2996f1eadefab297 Signed-off-by: elinuxhenrik --- ...plication.yaml => application-policyagent.yaml} | 6 +++--- docker-compose/nosdnc/docker-compose.yml | 7 ++++++- ...plication.yaml => application-policyagent.yaml} | 6 +++--- .../config/https-props-a1controller.properties | 24 ++++++++++++++++++++++ docker-compose/sdnc/docker-compose.yml | 13 +++++++++++- 5 files changed, 48 insertions(+), 8 deletions(-) rename docker-compose/nosdnc/config/{application.yaml => application-policyagent.yaml} (79%) rename docker-compose/sdnc/config/{application.yaml => application-policyagent.yaml} (79%) create mode 100644 docker-compose/sdnc/config/https-props-a1controller.properties diff --git a/docker-compose/nosdnc/config/application.yaml b/docker-compose/nosdnc/config/application-policyagent.yaml similarity index 79% rename from docker-compose/nosdnc/config/application.yaml rename to docker-compose/nosdnc/config/application-policyagent.yaml index c0ddfb57..e9146e01 100755 --- a/docker-compose/nosdnc/config/application.yaml +++ b/docker-compose/nosdnc/config/application-policyagent.yaml @@ -25,13 +25,13 @@ server: ssl: key-store-type: JKS key-store-password: policy_agent - key-store: classpath:keystore.jks + key-store: /opt/app/policy-agent/etc/cert/keystore.jks key-password: policy_agent key-alias: policy_agent app: - filepath: /opt/app/policy-agent/config/application_configuration.json + filepath: /opt/app/policy-agent/data/application_configuration.json webclient: trust-store-used: false trust-store-password: policy_agent - trust-store: classpath:keystore.jks + trust-store: /opt/app/policy-agent/etc/cert/truststore.jks diff --git a/docker-compose/nosdnc/docker-compose.yml b/docker-compose/nosdnc/docker-compose.yml index 043ecdef..aa83c7ac 100644 --- a/docker-compose/nosdnc/docker-compose.yml +++ b/docker-compose/nosdnc/docker-compose.yml @@ -26,7 +26,12 @@ services: - 8081:8081 - 8433:8433 volumes: - - ./config:/opt/app/policy-agent/config:ro + - ./config/application_configuration.json:/opt/app/policy-agent/data/application_configuration.json:ro + # For using own certs instead of the default ones (built into the container), + # place them in config/ directory, update the application-policyagent.yaml file, and uncomment the following lines + # - ./config/keystore-policyagent.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro + # - ./config/truststore-policyagent.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro + # - ./config/application-policyagent.yaml:/opt/app/policy-agent/config/application.yaml:ro a1-sim-OSC: image: nexus3.o-ran-sc.org:10004/o-ran-sc/a1-simulator:2.0.0 diff --git a/docker-compose/sdnc/config/application.yaml b/docker-compose/sdnc/config/application-policyagent.yaml similarity index 79% rename from docker-compose/sdnc/config/application.yaml rename to docker-compose/sdnc/config/application-policyagent.yaml index c0ddfb57..e9146e01 100755 --- a/docker-compose/sdnc/config/application.yaml +++ b/docker-compose/sdnc/config/application-policyagent.yaml @@ -25,13 +25,13 @@ server: ssl: key-store-type: JKS key-store-password: policy_agent - key-store: classpath:keystore.jks + key-store: /opt/app/policy-agent/etc/cert/keystore.jks key-password: policy_agent key-alias: policy_agent app: - filepath: /opt/app/policy-agent/config/application_configuration.json + filepath: /opt/app/policy-agent/data/application_configuration.json webclient: trust-store-used: false trust-store-password: policy_agent - trust-store: classpath:keystore.jks + trust-store: /opt/app/policy-agent/etc/cert/truststore.jks diff --git a/docker-compose/sdnc/config/https-props-a1controller.properties b/docker-compose/sdnc/config/https-props-a1controller.properties new file mode 100644 index 00000000..e3155c5b --- /dev/null +++ b/docker-compose/sdnc/config/https-props-a1controller.properties @@ -0,0 +1,24 @@ +# ========================LICENSE_START================================= +# O-RAN-SC +# %% +# Copyright (C) 2020 Nordix Foundation +# %% +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ========================LICENSE_END=================================== + +key-store=/etc/ssl/certs/java/keystore.jks +key-password=sdnc-a1-controller +keystore-password=sdnc-a1-controller +isTrustStoreUsed=true +trust-store=/etc/ssl/certs/java/truststore.jks +truststore-password=sdnc-a1-controller diff --git a/docker-compose/sdnc/docker-compose.yml b/docker-compose/sdnc/docker-compose.yml index f12f08c4..1b5a2969 100644 --- a/docker-compose/sdnc/docker-compose.yml +++ b/docker-compose/sdnc/docker-compose.yml @@ -26,7 +26,12 @@ services: - 8081:8081 - 8433:8433 volumes: - - ./config:/opt/app/policy-agent/config:ro + - ./config/application_configuration.json:/opt/app/policy-agent/data/application_configuration.json:ro + # For using own certs instead of the default ones (built into the container), + # place them in config/ directory, update the application-policyagent.yaml file, and uncomment the following lines + # - ./config/keystore-policyagent.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro + # - ./config/truststore-policyagent.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro + # - ./config/application-policyagent.yaml:/opt/app/policy-agent/config/application.yaml:ro a1-sim-OSC: image: nexus3.o-ran-sc.org:10004/o-ran-sc/a1-simulator:2.0.0 @@ -97,6 +102,12 @@ services: environment: - MYSQL_ROOT_PASSWORD=openECOMP1.0 - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties + # For using own certs instead of the default ones (built into the container), + # place them in config/ directory, update the https-props-a1controller.properties file, and uncomment the following lines + #volumes: + # - ./config/keystore-a1controller.jks:/etc/ssl/certs/java/keystore.jks:ro + # - ./config/truststore-a1controller.jks:/etc/ssl/certs/java/truststore.jks:ro + # - ./config/https-props-a1controller.properties:/opt/onap/sdnc/data/properties/https-props.properties:ro logging: driver: "json-file" options: -- 2.16.6