| ======================== |
| DFC (DataFile Collector) |
| ======================== |
| |
| :Date: 2018-09-21 |
| |
| .. contents:: |
| :depth: 3 |
| .. |
| |
| Overview |
| ======== |
| |
| Component description can be found under `DFC`_. |
| |
| .. _DFC: ../../sections/services/dfc/index.html |
| |
| |
| Paths |
| ===== |
| |
| GET /events/unauthenticated.VES_NOTIFICATION_OUTPUT |
| --------------------------------------------------- |
| |
| Description |
| ~~~~~~~~~~~ |
| |
| Reads fileReady events from DMaaP (Data Movement as a Platform) |
| |
| |
| Responses |
| ~~~~~~~~~ |
| |
| +-----------+---------------------+ |
| | HTTP Code | Description | |
| +===========+=====================+ |
| | **200** | successful response | |
| +-----------+---------------------+ |
| |
| |
| |
| POST /publish |
| ------------- |
| |
| Description |
| ~~~~~~~~~~~ |
| |
| Publish the collected file/s as a stream to DataRouter |
| - file as stream |
| - compression |
| - fileFormatType |
| - fileFormatVersion |
| |
| |
| Responses |
| ~~~~~~~~~ |
| |
| +-----------+---------------------+ |
| | HTTP Code | Description | |
| +===========+=====================+ |
| | **200** | successful response | |
| +-----------+---------------------+ |
| |
| Compiling DFC |
| ============= |
| |
| Whole project (top level of DFC directory) and each module (sub module directory) can be compiled using |
| `mvn clean install` command. |
| |
| Configuration file: Config/datafile_endpoints.json |
| |
| Maven GroupId: |
| ============== |
| |
| org.onap.dcaegen2.collectors |
| |
| Maven Parent ArtifactId: |
| ======================== |
| |
| dcae-collectors |
| |
| Maven Children Artifacts: |
| ========================= |
| |
| 1. datafile-app-server: DFC server |
| 2. datafile-dmaap-client: Contains implementation of DmaaP client |
| 3. datafile-commons: Common code for whole DFC modules |
| 4. docker-compose: Contains the docker-compose |
| |
| Configuration of Certificates in test environment(For FTP over TLS): |
| ==================================================================== |
| |
| DFC supports two protocols: FTPES and SFTP. |
| For FTPES, it is mutual authentication with certificates. |
| In our test environment, we use vsftpd to simulate xNF, and we generate self-signed |
| keys & certificates on both vsftpd server and DFC. |
| |
| 1. Generate key/certificate with openssl for DFC: |
| ------------------------------------------------- |
| .. code:: bash |
| |
| openssl genrsa -out dfc.key 2048 |
| openssl req -new -out dfc.csr -key dfc.key |
| openssl x509 -req -days 365 -in dfc.csr -signkey dfc.key -out dfc.crt |
| |
| 2. Generate key & certificate with openssl for vsftpd: |
| ------------------------------------------------------ |
| .. code:: bash |
| |
| openssl genrsa -out ftp.key 2048 |
| openssl req -new -out ftp.csr -key ftp.key |
| openssl x509 -req -days 365 -in ftp.csr -signkey ftp.key -out ftp.crt |
| |
| 3. Configure java keystore in DFC: |
| ---------------------------------- |
| We have two keystore files, one for TrustManager, one for KeyManager. |
| |
| **For TrustManager:** |
| |
| 1. First, create a jks keystore for TrustManager: |
| |
| .. code:: bash |
| |
| keytool -keystore ftp.jks -genkey -alias ftp |
| |
| 2. Second, convert your certificate in a DER format : |
| |
| .. code:: bash |
| |
| openssl x509 -outform der -in ftp.crt -out ftp.der |
| |
| 3. And after, import it in the keystore : |
| |
| .. code:: bash |
| |
| keytool -import -alias ftp -keystore ftp.jks -file ftp.der |
| |
| **For KeyManager:** |
| |
| 1. First, create a jks keystore: |
| |
| .. code:: bash |
| |
| keytool -keystore dfc.jks -genkey -alias dfc |
| |
| 2. Second, import dfc.crt and dfc.key to dfc.jks. This is a bit troublesome. |
| |
| 1). Step one: Convert x509 Cert and Key to a pkcs12 file |
| |
| .. code:: bash |
| |
| openssl pkcs12 -export -in dfc.crt -inkey dfc.key -out dfc.p12 -name [some-alias] |
| |
| Note: Make sure you put a password on the p12 file - otherwise you'll get a null reference exception when yy to import it. (In case anyone else had this headache). |
| |
| Note 2: You might want to add the -chainoption to preserve the full certificate chain. |
| |
| 2). Step two: Convert the pkcs12 file to a java keystore: |
| |
| .. code:: bash |
| |
| keytool -importkeystore -deststorepass [changeit] -destkeypass [changeit] -destkeystore dfc.jks -srckeystore dfc.p12 -srcstoretype PKCS12 -srcstorepass [some-password] -alias [some-alias] |
| |
| 3. Finished |
| |
| 4. Configure vsftpd: |
| -------------------- |
| update /etc/vsftpd/vsftpd.conf: |
| |
| .. code-block:: bash |
| |
| rsa_cert_file=/etc/ssl/private/ftp.crt |
| rsa_private_key_file=/etc/ssl/private/ftp.key |
| ssl_enable=YES |
| allow_anon_ssl=NO |
| force_local_data_ssl=YES |
| force_local_logins_ssl=YES |
| |
| ssl_tlsv1=YES |
| ssl_sslv2=YES |
| ssl_sslv3=YES |
| |
| require_ssl_reuse=NO |
| ssl_ciphers=HIGH |
| |
| require_cert=YES |
| ssl_request_cert=YES |
| ca_certs_file=/home/vsftpd/myuser/dfc.crt |
| |
| 5. Configure config/datafile_endpoints.json: |
| -------------------------------------------- |
| Update the file accordingly: |
| |
| .. code-block:: javascript |
| |
| "ftpesConfiguration": { |
| "keyCert": "/config/dfc.jks", |
| "keyPassword": "[yourpassword]", |
| "trustedCA": "/config/ftp.jks", |
| "trustedCAPassword": "[yourpassword]" |
| } |
| |
| 6. This has been tested with vsftpd and dfc, with self-signed certificates. |
| --------------------------------------------------------------------------- |
| In real deployment, we should use ONAP-CA signed certificate for DFC, and vendor-CA signed certificate for xNF |