Versions Compared

Old Version 7

changes.mady.by.user Patrik Buhr

Saved on

compared with

New Version 8

changes.mady.by.user Patrik Buhr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page contains information about the default certs in A1 Policy Management Service and how to update/replace them using docker.

...

General

The A1 Policy Management Service and the Enrichment Coordinator Service has a default keystore keystores and truststore truststores that are built into the containercontainers. The paths and passwords for these stores are located in a yaml file:
            nonrtric/policy-agent/ config/application.yaml

The default truststore trust store includes a1simulator cert as a trusted cert which is located here:
https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate;h=172c1e5aacd52d760e4416288dc5648a5817ce65;hb=HEAD

The default truststore trust store also includes a1controller cert as a trusted cert which is located here (keystore.jks file):
https://gerrit.o-ran-sc.org/r/gitweb?p=nonrtric.git;a=tree;f=sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources;h=17fdf6cecc7a866c5ce10a35672b742a9f0c4acf;hb=HEADThere is also

A1 Policy Management Service

...

, configuration of SSL in Kubernetes

The keystore and truststore can be configured in Kubernetes.  In the source code repository, the default files are located.  Updating this in a running cluster can be done in more than one way, but this is probably the simplest.
First you need to create a directory with three files.

config/
  application.yaml
  keystore.jks
  truststore.jks

The default application.yaml can be taken from the source code repository or by using command "kubectl describe configmap policymanagementservice-configmap -n nonrtric"
Then you need to create the keystore.jks and (if used, this is not used by default) a truststore.jks .
There is a README file in the source code repository that describes how the default keystore and truststore are created. This involves creating a CA cert used for signing.

...

The three files file be placed in the configuration directory for the service. A POD restart is needed for the changes to take effect.

Enrichment Coordinator Service, configuration of SSL in Kubernetes

Configuration of the SSL for the ECS is done in the same was as for the A1 Policy Management Service (see above). There are two differences:

  1. The name of the configmap config map is enrichmentservice-configmap.
  2. The file paths for the config directory for this component (where the configmap config map is mounted) is /opt/app/enrichment-coordinator-service/config.

...

The command for updating the config map will then beis:


>kubectl create configmap  enrichmentservice-configmap --from-file=./config --dry-run=client -n nonrtric -o yaml | sudo kubectl apply -f -

A1 Policy Management Service, configuration of SSL in Docker

The default keystore, truststore, and application.yaml files can be overridden by mounting new files using the "volumes" field of docker-compose or docker run command.

...