Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page contains information about the default security certs in A1 Policy Management Service, as well as how to update/replace them using docker.

...

The A1 Policy Management Service uses the default keystore and truststore that are built into the container. The paths and passwords for these stores are located in a yaml file, with an example is provided in the source code repository a1-policy-management/config/application.yaml

...

languageyml
titleSample: application.yaml
linenumberstrue
collapsetrue

...

passwords for these stores are located in a yaml file as shown in Istanbul - Component configuration

There is also Policy Management Service's own cert in the default truststore for mocking purposes and unit-testing (ApplicationTest.java).

The default keystoreThe default keystore, truststore truststore, and  and application.yaml files can be overridden by mounting new files using the  files can be overridden by mounting new files using the the docker "volumes" field of docker-compose or docker run command.

Assuming that the keystore, truststore, and application.yaml files are located in the same directory as docker-compose, the volumes field should have these entries:

volumes:
        -
command for docker-compose or docker run command. Assuming that the keystore, truststore, and application.yaml files are located in the same directory as docker-compose,
the volumes field should have these entries:

Code Block
titleDocker Volume configuration to change certs /static configuration
volumes:
        - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro

...


        - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro

...


        - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro

The target paths in the container should not be modified.

...

Example docker run command for mounting new files (assuming they are located in the current directory):

Code Block
languagebash
titleSample Docker command
docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" onap/ccsdk-oran-a1policymanagementservice:1.2.2