Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Access

You must be connected to the WindRiver "pod-onap-01" VPN to gain access to AAF Beijing

DNS (/etc/hosts)

At this time, there is no known DNS available for ONAP Entities.  It is recommended that you add the following entry into your "/etc/hosts" on your accessing machine:

/etc/hosts:

10.12.6.214 aaf-onap-beijing-test aaf-onap-beijing-test.osaaf.org

Environment Artifacts (AAF FS)

AAF has an HTTP Fileserver to gain access to needed public info.

http://aaf-onap-beijing-test.osaaf.org/-

Certificates

Root Certificate

AAF CA

At time of Beijing, an official Certificate Authority for ONAP was not declared, installed or operationalized.  Secure TLS requires certificates, so for the time being, the Certificate Authority is being run by AAF Team.

Root Certificate

The Root Certificate for ONAP Certificate Authority used by AAF is AAF_RootCA.cer
Depending on your Browser/ Operating System, clicking on this link will allow you to install this Cert into your Browser for GUI access (see next)

This Root Certificate is also available in "truststore" form, ready to be used by Java or other processes in pkcs12 format: truststoreONAP.p12.  

Note: as of Java 8, pkcs12 format is recommended, rather than jks.  Java's "keytool" utility provides a conversion for .jks for Java 7 and previous.

Identity

Certificates certify nothing if there is no identity or process to verify the Identity.  Typically, for a company, an HR department will establish the formal organization, specifically, who reports to whom.  For ONAP, at time of Beijing, no such formalized "Org Chart" existed, so we'll be building this up as we go along.

Therefore, with each Certificate Request, we'll need identity information as well, that will be entered into an ONAP Identity file.  Again, as a real company, this can be derived or accessed real-time (if available) as an "Organization Plugin".  Again, as there appears to be no such central formal system in ONAP, though, of course, Linux Foundation logins have some of this information for ALL LF projects.  Until ONAP declares such a system or decides how we might integrate with LF for Identity and we have time to create an Integration strategy, AAF will control this data.

For each Identity, we'll need:

  People

# 0 - unique ID (for Apps, just make sure it is unique, for People, one might consider your LinuxFoundation ID)
# 1 - full name (for App, name of the APP)
# 2 - first name (for App, 
# 3 - last name
# 4 - phone
# 5 - official email
# 6 - type - person
# 7 - reports to: If you are working as part of a Project, list the PTL of your Project.  If you are PTL, just declare you are the PTL 

  Applications

# 0 - unique ID - Let's go with this naming convention:  a[0-9]{4}[a-z,0-9], meaning the letter "a", followed by 4 digits and a final letter or digit. 
# 1 - full name of the App
# 2 - App Acronym
# 3 - App Description, or just "Application"
# 5 - official email - a Distribution list for the Application, or the Email of the Owner
# 6 - type - application
# 7 - reports to: give the Application Owner's Unique ID.  Note, this should also be the Owner in AAF Namespace

GUI

https://aaf-onap-beijing-test.osaaf.org

Note: this link is actually to the AAF Locator, which redirects you to an available GUI

The GUI uses the ONAP AAF Certificate Authority (private).  Before you can use the Browser, you will need to




  • No labels