| Table of Contents |
|---|
...
| No Format |
|---|
root@hv-ves-sim:~# kafkacat -C -b localhost:9092 -t HV_VES_PERF3GPP -D "" -o -1 -c 1 | protoc --decode_raw --proto_path=/root/hv-ves_sim/proto/
1 {
1: "sample-version"
2: "perf3gpp"
3: 1
4: 1
5: "perf3GPP22"
6: "sample-event-name"
7: "sample-event-type"
8: 1539263857
9: 1539263857
10: "sample-nf-naming-code"
11: "sample-nfc-naming-code"
12: "sample-nf-vendor-name"
13: "sample-reporting-entity-id"
14: "sample-reporting-entity-name"
15: "sample-source-id"
16: "sample-xnf-name"
17: "UTC+02:00"
18: "7.0.2"
}
2: "test test test"
root@hv-ves-sim:~# |
HV-VES with
...
SSL enabled
Casablanca
Generate testing PKCS #12 files usingĀ https://gerrit.onap.org/r/gitweb?p=dcaegen2/collectors/hv-ves.git;a=blob_plain;f=tools/ssl/gen-certs.sh;hb=
...
refs/heads/master and store in k8s nfs dir /dockerdata-nfs/ssl
Edit HV-VES deployment (kubectl -n onap edit deployment/dep-dcae-hv-ves-collector) by removing VESHV_SSL_DISABLE flagand adding VESHV_TRUST_STORE, VESHV_KEY_STORE, VESHV_TRUST_STORE_PASSWORD, VESHV_KEY_STORE_PASSWORD ones.
Add entry to mount node:/dockerdata-nfs/ssl to containter:/etc/ves-hv :
| No Format |
|---|
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "4"
creationTimestamp: 2018-10-04T15:15:21Z
generation: 4
labels:
app: dcae-hv-ves-collector
cfydeployment: hv-ves
cfynode: hv-ves
cfynodeinstance: hv-ves_eipq6a
k8sdeployment: dep-dcae-hv-ves-collector
name: dep-dcae-hv-ves-collector
namespace: onap
resourceVersion: "1452331"
selfLink: /apis/extensions/v1beta1/namespaces/onap/deployments/dep-dcae-hv-ves-collector
uid: 4f6c9488-c7e8-11e8-b920-026901117392
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: dcae-hv-ves-collector
cfydeployment: hv-ves
cfynode: hv-ves
cfynodeinstance: hv-ves_eipq6a
k8sdeployment: dep-dcae-hv-ves-collector
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: dcae-hv-ves-collector
cfydeployment: hv-ves
cfynode: hv-ves
cfynodeinstance: hv-ves_eipq6a
k8sdeployment: dep-dcae-hv-ves-collector
spec:
containers:
- env:
- name: CONSUL_HOST
value: consul-server.onap
- name: VESHV_KEY_STORE_PASSWORD
value: onaponap
- name: VESHV_TRUST_STORE_PASSWORD
value: onaponap
- name: VESHV_KEY_STORE
value: /etc/ves-hv/server.p12
- name: VESHV_TRUST_STORE
value: /etc/ves-hv/trust.p12
- name: VESHV_CONFIG_URL
value: http://consul-server.onap:8500/v1/kv/dcae-hv-ves-collector
- name: VESHV_LISTEN_PORT
value: "6061"
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.0.0-SNAPSHOT
imagePullPolicy: IfNotPresent
name: dcae-hv-ves-collector
ports:
- containerPort: 6061
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/app/HvVesCollector/logs
name: component-log
- mountPath: /etc/ves-hv
name: ssldir
- env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: docker.elastic.co/beats/filebeat:5.5.0
imagePullPolicy: IfNotPresent
name: filebeat
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/log/onap/dcae-hv-ves-collector
name: component-log
- mountPath: /usr/share/filebeat/data
name: filebeat-data
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
dnsPolicy: ClusterFirst
hostname: dcae-hv-ves-collector
imagePullSecrets:
- name: onap-docker-registry-key
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: component-log
- emptyDir: {}
name: filebeat-data
- configMap:
defaultMode: 420
name: dcae-filebeat-configmap
name: filebeat-conf
- hostPath:
path: /dockerdata-nfs/ssl
type: ""
name: ssldir
status:
availableReplicas: 1
conditions:
- lastTransitionTime: 2018-10-04T15:15:21Z
lastUpdateTime: 2018-10-04T15:15:21Z
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: 2018-10-04T15:15:21Z
lastUpdateTime: 2018-10-05T14:10:15Z
message: ReplicaSet "dep-dcae-hv-ves-collector-7986d777dc" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 4
readyReplicas: 1
replicas: 1
updatedReplicas: 1 |
Deploy HV-VES simulator inĀ onapmode with tls enabled using Heat template : https://gerrit.onap.org/r/gitweb?p=integration.git;a=blob_plain;f=test/mocks/hvvessimulator/hvves_sim.yaml;hb=HEAD
Dublin onward
Prepare CA, Server and Client Private Keys and CSR.
| No Format | ||
|---|---|---|
| ||
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 36500 -key ca.key -out ca.pem -subj /CN=dcae-hv-ves-ca
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj /CN=dcae-hv-ves-collector
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj /CN=dcae-hv-ves-client
|
Sign Server and Client certificates by the CA.
| No Format | ||
|---|---|---|
| ||
openssl x509 -req -days 36500 -in server.csr -CA ca.pem -CAkey ca.key -out server.pem -set_serial 00
openssl x509 -req -days 36500 -in client.csr -CA ca.pem -CAkey ca.key -out client.pem -set_serial 00 |
Create passwordless p12 CA and Server certificate files.
| No Format | ||
|---|---|---|
| ||
openssl pkcs12 -export -out ca.p12 -inkey ca.key -in ca.pem
openssl pkcs12 -export -out server.p12 -inkey server.key -in server.pem |
Enable SSL feature in HV-VES collector via Consul UI :
http://<node_ip>:30270/ui/#/dc1/kv/dcae-hv-ves-collector/edit
Combine Client Private Key and Public Certificate into PEM file.
| No Format | ||
|---|---|---|
| ||
cat client.key client.pem > client-all.pem |
Send message to HV-VES collector using openssl command.
| No Format | ||
|---|---|---|
| ||
echo -ne "\xaa\x01\x00\x00\x00\x00\x00\x01\x00\x00\x01\x27\x0a\x94\x02\x0a\x0e\x73\x61\x6d\x70\x6c\x65\x2d\x76\x65\x72\x73\x69\x6f\x6e\x12\x08\x70\x65\x72\x66\x33\x67\x70\x70\x18\x01\x20\x01\x2a\x0a\x70\x65\x72\x66\x33\x47\x50\x50\x32\x32\x32\x11\x73\x61\x6d\x70\x6c\x65\x2d\x65\x76\x65\x6e\x74\x2d\x6e\x61\x6d\x65\x3a\x11\x73\x61\x6d\x70\x6c\x65\x2d\x65\x76\x65\x6e\x74\x2d\x74\x79\x70\x65\x40\xf1\x9a\xfd\xdd\x05\x48\xf1\x9a\xfd\xdd\x05\x52\x15\x73\x61\x6d\x70\x6c\x65\x2d\x6e\x66\x2d\x6e\x61\x6d\x69\x6e\x67\x2d\x63\x6f\x64\x65\x5a\x16\x73\x61\x6d\x70\x6c\x65\x2d\x6e\x66\x63\x2d\x6e\x61\x6d\x69\x6e\x67\x2d\x63\x6f\x64\x65\x62\x15\x73\x61\x6d\x70\x6c\x65\x2d\x6e\x66\x2d\x76\x65\x6e\x64\x6f\x72\x2d\x6e\x61\x6d\x65\x6a\x1a\x73\x61\x6d\x70\x6c\x65\x2d\x72\x65\x70\x6f\x72\x74\x69\x6e\x67\x2d\x65\x6e\x74\x69\x74\x79\x2d\x69\x64\x72\x1c\x73\x61\x6d\x70\x6c\x65\x2d\x72\x65\x70\x6f\x72\x74\x69\x6e\x67\x2d\x65\x6e\x74\x69\x74\x79\x2d\x6e\x61\x6d\x65\x7a\x10\x73\x61\x6d\x70\x6c\x65\x2d\x73\x6f\x75\x72\x63\x65\x2d\x69\x64\x82\x01\x0f\x73\x61\x6d\x70\x6c\x65\x2d\x78\x6e\x66\x2d\x6e\x61\x6d\x65\x8a\x01\x09\x55\x54\x43\x2b\x30\x32\x3a\x30\x30\x92\x01\x05\x37\x2e\x30\x2e\x32\x12\x0e\x74\x65\x73\x74\x20\x74\x65\x73\x74\x20\x74\x65\x73\x74" | openssl s_client -connect dcae-hv-ves-collector:30222 -CAfile ca.pem -msg -state -cert client-all.pem |