Versions Compared

Old Version 30

changes.mady.by.user Pawel Baniewski

Saved on

compared with

New Version 31

changes.mady.by.user Pawel Baniewski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

GroupProperty nameOriginDefaultDescription
external_cert













image_tagpluginnexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:$VERSIONImage CertService client image name and version
request_urlpluginhttps://aaf-cert-service:8443/v1/certificate/URL to Cert Service API
timeoutplugin30000Request timeout. Needs to be taken from global CMPv2 helm variable
countrypluginUSCountry name in ISO 3166-1 alpha-2 format, for which certificate will be created. Needs to be taken from global CMPv2 helm variable
organizationpluginLinux-FoundationOrganization name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable
statepluginCaliforniaState name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable
organizational_unitpluginONAPOrganizational unit name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable
locationpluginSan-FranciscoLocation name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable

...

Optionally adjust components (e.g. DFC) which use different certificates internally and externally to support the same truststore and keystore on both traffics.


Truststore merger properties

...

Property nameExampleDescription
TRUSTSTORES/etc/dcae/truststore.jks:/etc/dcae/truststore2.p12:/etc/dcae/cacert.pemList of truststores to be merged. Certificates from all provided truststores will be added to first provided truststore after success execution.
TRUSTSTORES_PASSWORDS/etc/dcae/truststore.pass:/etc/dcae/truststore2.pass:/etc/dcae/cacert.keyList of passwords to provided truststores - order must be the same as in truststores

...

Truststore merger flow

Gliffy Diagram
size600
nametrusts_merger_flow
pagePin6


Policy to generate new aliases

...

for certificates from PEM files

Use as prefix pem-trusted-certificate- and $INDEX

Extra K8s plugin property

...

GroupProperty nameOriginDefaultDescription
external_certtrust_merger_image_tagpluginnexus3.onap.org:10001/onap/org.onap.dcae.trust-merger:$VERSION
Name
Truststore merger image name and version
of truststore merger image

Option 2 (Adjust DCAE components to support two internal and external truststores and keystores)

...