Change AAF Certservice CSITs to send requests via HTTPS
Signed-off-by: Aleksandra Maciaga <aleksandra.maciaga@nokia.com>
Signed-off-by: Michal Banka <michal.banka@nokia.com>
Change-Id: Ia7b5d8d548f4ae3727302772fc56e6b0142b0da0
Issue-ID: AAF-1084
diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml
index ae7ee87..dcac7df 100644
--- a/plans/aaf/certservice/docker-compose.yml
+++ b/plans/aaf/certservice/docker-compose.yml
@@ -10,9 +10,6 @@
- "443:8443"
volumes:
- $SCRIPTS_PATH:/opt/primekey/scripts
- command: bash -c "
- /opt/primekey/bin/start.sh
- "
healthcheck:
test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
interval: 20s
@@ -21,16 +18,25 @@
networks:
- certservice
- certservice:
+ aaf-cert-service:
image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
volumes:
- $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json
- container_name: aafcert
+ - ./certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
+ - ./certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt
+ - ./certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
+ - ./certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
+ container_name: aafcert-service
ports:
- - "8080:8080"
+ - "8443:8443"
depends_on:
ejbca:
condition: service_healthy
+ healthcheck:
+ test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+ interval: 10s
+ timeout: 3s
+ retries: 15
networks:
- certservice