Versions Compared

Old Version 11

changes.mady.by.user Jack Lucas

Saved on

compared with

New Version Current

changes.mady.by.user Jack Lucas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Note:  For Frankfurt, the certificates are no longer preloaded into DCAE tls-init-container. The newer version of org.onap.dcaegen2.deployments.tls-init-container:1.2.2 (build off onap/aaf/aaf_agent:2.1.15) generates the DCAE certificate during component deployments.  


For DUBLIN - DCAE service components will use common certifcates generated from AAF/test instance and made available during deployment of DCAE TLS init container.

...

DCAE has generalized process of certificate distribution as documented here - https://docs.onap.org/en/latest/submodules/dcaegen2.git/docs/sections/tls_enablement.html

...


Setup of AAF based certificate

Note: Check validity of cert is at least 1 year from date of generation

...

Once the VPN is set up, you can access the AAF gui at https://aaf-onap-test.osaaf.org:8200/gui/home, use the following credentials to login:

  • username: aaf_admin mmanager
  • password: demo123456!

Once there, click My Namespaces > org.onap.dcae > Cred Details > Expand > View All > Details:

...

Now you are finished with the AAF gui.

For the Frankfurt release, this is all that needs to be done.  The manual steps described below have been replaced by automatic actions performed at the time a component is deployed.

Translation of the generated certificate into TLS container artifacts

...

  • org.onap.dcae.jks
  • org.onap.dcae.key
  • org.onap.dcae.p12
  • org.onap.dcae.trust.jks


Following steps are specific to DCAE to load the generated certificate into org.onap.dcaegen2.deployments.tls-init-container

Rename these files as follows:

...

Code Block
languageyml
tls_info:
  cert_directory: '/opt/app/component-name/etc/cert'
  use_tls: true

(Note that the `certcert_directory` directory entry does not have a trailing ` /`.)

Current SAN Listing

Code Block
config-binding-service, config-binding-service.onap, config-binding-service.onap.svc.cluster.local, dcae-cloudify-manager, dcae-cloudify-manager.onap, dcae-cloudify-manager.onap.svc.cluster.local, dcae-tca-analytics, dcae-tca-analytics.onap, dcae-tca-analytics.onap.svc.cluster.local, dcae-ves-collector, dcae-ves-collector.onap, dcae-ves-collector.onap.svc.cluster.local, deployment-handler, deployment-handler.onap, deployment-handler.onap.svc.cluster.local, holmes-engine-mgmt, holmes-engine-mgmt.onap, holmes-engine-mgmt.onap.svc.cluster.local, holmes-rule-mgmt, holmes-rules-mgmt.onap, holmes-rules-mgmt.onap.svc.cluster.local, inventory, inventory.onap, inventory.onap.svc.cluster.local, policy-handler, policy-handler.onap, policy-handler.onap.svc.cluster.local,dcae-hv-ves-collector, dcae-hv-ves-collector.onap, dcae-hv-ves-collector.onap.svc.cluster.local, dcae-prh, dcae-prh.onap, dcae-prh.onap.svc.cluster.local, dcae-datafile-collector, dcae-datafile-collector.onap, dcae-datafile-collector.onap.svc.cluster.local, dcae-pm-mapper, dcae-pm-mapper.onap, dcae-pm-mapper.onap.svc.cluster.local, bbs-event-processor, bbs-event-processor.onap, bbs-event-processor.onap.svc.cluster.local

...