.. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2020 Huawei Technologies Co., Ltd. Docker-config ============= In SO (Service Orchestration) every component running on docker engine and respective containers. here we can see how so is working with Dokcer. CA(Certificate Authority) ========================= Certificate Authorities/ CAs, issue Digital Certificates. Digital Certificates are verifiable small data files that contain identity credentials to help websites, people, and devices represent their authentic online identity (authentic because the CA has verified the identity). CAs play a critical role in how the Internet operates and how transparent, trusted transactions can take place online. CAs issue millions of Digital Certificates each year, and these certificates are used to protect information, encrypt billions of transactions, and enable secure communication. CA(file) /so/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt Example CA cirtifiacte:- -----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy MDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEU MBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFBy aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0Eg THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyu vBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGM ak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb 8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0Awzl kVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbb rvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7P OfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCB tAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkG A1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0Eg THRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRp b24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTAD AQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpX xQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6Kr XcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7g BMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56Y It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/ 7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX -----END CERTIFICATE----- Configurations:- ================ Every component has its own over-ride yaml file. We can over-ride the file according the Configurations and Dependencies required for Deploying. Over-ride yaml for api-handler ============================== Path:- /docker-config/volumes/so/config/api-handler-infra/onapheat/override.yaml .. code-block:: bash server: port: 8080 tomcat: max-threads: 50 ssl-enable: false mso: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 logPath: logs site-name: onapheat adapters: requestDb: endpoint: http://request-db-adapter:8083 auth: Basic YnBlbDpwYXNzd29yZDEk catalog: db: spring: endpoint: http://catalog-db-adapter:8082 db: auth: Basic YnBlbDpwYXNzd29yZDEk config: path: /src/main/resources/ infra: default: alacarte: orchestrationUri: /mso/async/services/ALaCarteOrchestrator recipeTimeout: 180 testApi: VNF_API service: macro: default: testApi: GR_API camundaURL: http://bpmn-infra:8081 camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A async: core-pool-size: 50 max-pool-size: 50 queue-capacity: 500 sdc: client: auth: F3473596C526938329DF877495B494DC374D1C4198ED3AD305EA3ADCBBDA1862 activate: instanceid: test userid: cs0008 endpoint: http://c1.vm1.mso.simpledemo.onap.org:28090 tenant: isolation: retry: count: 3 aai: endpoint: https://aai.api.simpledemo.onap.org:8443 auth: 2630606608347B7124C244AB0FE34F6F extApi: endpoint: http://nbi.onap:8080/nbi/api/v3 so: operational-environment: dmaap: username: testuser password: VjR5NDcxSzA= host: http://c1.vm1.mso.simpledemo.onap.org:28090 auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A publisher: topic: com.att.ecomp.mso.operationalEnvironmentEvent spring: datasource: hikari: jdbcUrl: jdbc:mariadb://mariadb:3306/catalogdb username: cataloguser password: catalog123 driver-class-name: org.mariadb.jdbc.Driver pool-name: catdb-pool registerMbeans: true jpa: show-sql: true hibernate: dialect: org.hibernate.dialect.MySQL5Dialect ddl-auto: validate naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy enable-lazy-load-no-trans: true jersey: type: filter security: usercredentials: - username: sitecontrol password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: SiteControl-Client - username: gui password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: GUI-Client - username: infraportal password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: InfraPortal-Client - username: InfraPortalClient password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: InfraPortal-Client - username: bpel password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: BPEL-Client - username: mso_admin password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: ACTUATOR request: datasource: hikari: jdbcUrl: jdbc:mariadb://mariadb:3306/requestdb username: requestuser password: request123 driver-class-name: org.mariadb.jdbc.Driver pool-name: reqdb-pool registerMbeans: true org: onap: so: cloud-owner: CloudOwner adapters: network: encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 Start the container ======================= cd /home/root1/docker-config/ CMD:- === sudo docker-compose up -d *Example Output:* root1@slave-node:~/docker-config$ sudo docker-compose up -d docker-config_mariadb_1 is up-to-date Starting docker-config_catalog-db-adapter_1 ... done Starting docker-config_request-db-adapter_1 ... done Starting docker-config_bpmn-infra_1 ... done Starting docker-config_vfc-adapter_1 ... done Starting docker-config_sdc-controller_1 ... done Starting docker-config_sdnc-adapter_1 ... done Starting docker-config_openstack-adapter_1 ... done Starting docker-config_api-handler-infra_1 ... done Starting docker-config_so-monitoring_1 ... done Starting docker-config_nssmf-adapter_1 ... done Example Output: =============== docker ps *Example Output:* root1@slave-node:~/docker-config$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d930caf28508 nexus3.onap.org:10001/onap/so/openstack-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 30 seconds 0.0.0.0:8087->8087/tcp docker-config_openstack-adapter_1 599af283319e nexus3.onap.org:10001/onap/so/vfc-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 30 seconds 0.0.0.0:8084->8084/tcp docker-config_vfc-adapter_1 5549305c8dd6 nexus3.onap.org:10001/onap/so/api-handler-infra "/app/wait-for.sh -q…" 5 weeks ago Up 27 seconds 0.0.0.0:8080->8080/tcp docker-config_api-handler-infra_1 59d3aa684ecb nexus3.onap.org:10001/onap/so/sdnc-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 29 seconds 0.0.0.0:8086->8086/tcp docker-config_sdnc-adapter_1 ade4cef97bd3 nexus3.onap.org:10001/onap/so/bpmn-infra "/app/wait-for.sh -q…" 5 weeks ago Up 29 seconds 0.0.0.0:8081->8081/tcp docker-config_bpmn-infra_1 e9558560c4d7 nexus3.onap.org:10001/onap/so/sdc-controller "/app/wait-for.sh -q…" 5 weeks ago Up 25 seconds 0.0.0.0:8085->8085/tcp docker-config_sdc-controller_1 ae27ec2f8b04 nexus3.onap.org:10001/onap/so/so-monitoring "/app/wait-for.sh -q…" 5 weeks ago Up 26 seconds 0.0.0.0:8088->8088/tcp docker-config_so-monitoring_1 8d2c64d48f1a nexus3.onap.org:10001/onap/so/request-db-adapter "/app/wait-for.sh -q…" 5 weeks ago Up 32 seconds 0.0.0.0:8083->8083/tcp docker-config_request-db-adapter_1 a126dd29c540 nexus3.onap.org:10001/mariadb:10.1.11 "/docker-entrypoint.…" 5 weeks ago Up 17 minutes 0.0.0.0:32768->3306/tcp docker-config_mariadb_1 Inspect a docker image ====================== This command shows interesting information about the structure of the mso image. Note that an image is NOT a running container. It is the template that a container is created from. CMD:- ===== sudo docker inspect onap/so/api-handler-infra Example Output: .. code-block:: bash [ { "Id": "sha256:2573165483e9ac87826da9c08984a9d0e1d93a90c681b22d9b4f90ed579350dc", "RepoTags": [ "onap/so/api-handler-infra:1.3.0-SNAPSHOT", "onap/so/api-handler-infra:1.3.0-SNAPSHOT-20190213T0846", "onap/so/api-handler-infra:1.3.0-SNAPSHOT-latest", "onap/so/api-handler-infra:latest" ], "RepoDigests": [], "Parent": "sha256:66b508441811ab4ed9968f8702a0d0a697f517bbc10d8d9076e5b98ae4437344", "Comment": "", "Created": "2019-02-13T09:37:33.770342225Z", "Container": "8be46c735d21935631130f9017c3747779aab26eab54a9149b1edde122f7576d", "ContainerConfig": { "Hostname": "ac4a12e21390", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin", "LANG=C.UTF-8", "JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk", "JAVA_VERSION=8u191", "JAVA_ALPINE_VERSION=8.191.12-r0", "HTTP_PROXY=", "HTTPS_PROXY=", "http_proxy=", "https_proxy=" ], "Cmd": [ "/bin/sh", "-c", "#(nop) ", "CMD [\"/app/start-app.sh\"]" ], "ArgsEscaped": true, "Image": "sha256:66b508441811ab4ed9968f8702a0d0a697f517bbc10d8d9076e5b98ae4437344", "Volumes": { "/app/ca-certificates": {}, "/app/config": {} }, "WorkingDir": "/app", "Entrypoint": null, "OnBuild": [], "Labels": {} }, "DockerVersion": "17.05.0-ce", "Author": "", "Config": { "Hostname": "ac4a12e21390", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin", "LANG=C.UTF-8", "JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk", "JAVA_VERSION=8u191", "JAVA_ALPINE_VERSION=8.191.12-r0", "HTTP_PROXY=", "HTTPS_PROXY=", "http_proxy=", "https_proxy=" ], "Cmd": [ "/app/start-app.sh" ], "ArgsEscaped": true, "Image": "sha256:66b508441811ab4ed9968f8702a0d0a697f517bbc10d8d9076e5b98ae4437344", "Volumes": { "/app/ca-certificates": {}, "/app/config": {} }, "WorkingDir": "/app", "Entrypoint": null, "OnBuild": [], "Labels": {} }, "Architecture": "amd64", "Os": "linux", "Size": 245926705, "VirtualSize": 245926705, "GraphDriver": { "Data": null, "Name": "aufs" }, "RootFS": { "Type": "layers", "Layers": [ "sha256:503e53e365f34399c4d58d8f4e23c161106cfbce4400e3d0a0357967bad69390", "sha256:744b4cd8cf79c70508aace3697b6c3b46bee2c14f1c14b6ff09fd0ba5735c6d4", "sha256:4c6899b75fdbea2f44efe5a2f8d9f5319c1cf7e87151de0de1014aba6ce71244", "sha256:2e076d24f6d1277456e33e58fc8adcfd69dfd9c025f61aa7b98d500e7195beb2", "sha256:bb67f2d5f8196c22137a9e98dd4190339a65c839822d16954070eeb0b2a17aa2", "sha256:afbbd0cc43999d5c5b0ff54dfd82365a3feb826e5c857d9b4a7cf378001cd4b3", "sha256:1920a7ca0f8ae38a79a1339ce742aaf3d7a095922d96e37074df67cf031d5035", "sha256:1261fbaef67c5be677dae1c0f50394587832ea9d8c7dc105df2f3db6dfb92a3a", "sha256:a33d8ee5c18908807458ffe643184228c21d3c5d5c5df1251f0f7dfce512f7e8", "sha256:80704fca12eddb4cc638cee105637266e04ab5706b4e285d4fc6cac990e96d63", "sha256:55abe39073a47f29aedba790a92c351501f21b3628414fa49a073c010ee747d1", "sha256:cc4136c2c52ad522bd492545d4dd18265676ca690aa755994adf64943b119b28", "sha256:2163a1f989859fdb3af6e253b74094e92a0fc1ee59f5eb959971f94eb1f98094" ] } } ]