Uploaded image for project: 'Data Movement as a Platform'
  1. Data Movement as a Platform
  2. DMAAP-1547

[MR] Generate certificats automatically for message router

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Medium
    • Resolution: Done
    • Honolulu Release
    • Honolulu Release
    • None

    Description

      Updating TLS Certificates for Message-router.

       

      Following changes are required after adding the AAF init container to Kafka and MR charts

       

      1. In Kafka and MR charts, Remove the existing volume creation from configmap for the cadi.properties and update the cadi volume mount with the volume create from the AAF init container. Make sure the name cadi.properties is retained in Kafka charts
      2. In MR charts, Mount the following files (By creating configmap and volume)to /appl/dmaapMR1/bundleconfig/etc/sysprops/ sys-props.properties  and /appl/dmaapMR1/etc/ajsc-jetty.xml

      https://gerrit.onap.org/r/gitweb?p=dmaap/messagerouter/messageservice.git;a=blob;f=bundleconfig-local/etc/sysprops/sys-props.properties

      https://gerrit.onap.org/r/gitweb?p=dmaap/messagerouter/messageservice.git;a=blob;f=src/main/config/ajsc-jetty.xml

                    Refer Step 4 and 5 for the changes required in the sys-props.properties  and ajsc-jetty.xml

      1. In MR charts, mount the cert password file generated by the AAF init container to /appl/dmaapMR1/bundleconfig/etc/sysprops. (MR converts these as system properties while starting the server)
      2. In sys-props.properties , add the property cadi_prop_files=<full path of cadi properties>. This step is not required. If the cadi.properties is mounted to /appl/dmaapMR1/etc/cadi.properties
      3. In ajsc-jetty.xml you may hardcode the KeyStorePath or add it as system properties in step 4. Set the KeyStorePassword and KeyManagerPassword from  properties set in step 3

      Attachments

        Issue Links

          clones

          Task - A task that needs to be done. DMAAP-1322 [MR] Dynamic cert distribution from AAF

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DMAAP-1546 Updating TLS Certificates for Message-router

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. DMAAP-1546 Updating TLS Certificates for Message-router

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              sdesbure Sylvain Desbureaux
              sdesbure Sylvain Desbureaux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: