Re: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING

Wed, 11 Jul 2018 06:11:28 -0700 

Hi James / Harysh,

I was able to make add our signed certificate to aai by modifying 
“oom/kubernets/aai/templates/deployment.yaml”:

      containers:
        volumeMounts:
        - mountPath: /etc/ssl/private/aai.pem
          subPath: aai.pem
          name: aai-haproxy-sec

      volumes:
        - name: aai-haproxy-sec
          secret:
            secretName: aai-haproxy-secret

And, by putting the signed certificate in 
“oom/kubernetes/aai/resources/config/haproxy/aai.pem”

Thanks,

Abdelmuhaimen Seaudi
Orange Labs Egypt
Email: [email protected]<mailto:[email protected]>
Mobile: +2012 84644 733

From: FORSYTH, JAMES [mailto:[email protected]]
Sent: Friday, June 29, 2018 3:35 PM
To: [email protected]
Cc: SEAUDI Abdelmuhaimen OBS/CSO
Subject: FW: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING

Hi, Seaudi,

See below.

Thanks,
jimmy

From: HARISH V KAJUR <[email protected]>
Date: Thursday, June 28, 2018 at 3:52 PM
To: "FORSYTH, JAMES" <[email protected]>
Subject: RE: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING

Hi Jimmy,

Yes we weren’t able to keep the certificate in oom due to limitations of the 
secret.
I believe the file is stored as a secret in the config map but we didn’t add 
the file here:

oom/kubernetes/aai/resources/config/haproxy/aai.pem

[cid:[email protected]]


They would need to update this file:

https://git.onap.org/oom/tree/kubernetes/aai/templates/deployment.yaml

under volumes add this with same spacing:

        - name: aai-haproxy-sec
          configMap:
            name: aai-haproxy-secret

And under volumeMounts:


        - mountPath: /etc/ssl/private/aai.pem
          subPath: aai.pem
          name: aai-haproxy-sec


Thanks,
Harish

From: FORSYTH, JAMES
Sent: Thursday, June 28, 2018 2:16 PM
To: KAJUR, HARISH V <[email protected]>
Subject: Re: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING

Harish,

We couldn’t keep the cert file in OOM because of the limitations on the 
secrets, right, so it’s baked into the haproxy docker image?

Thanks,
jimmy

From: <[email protected]<mailto:[email protected]>> on 
behalf of Abdelmuhaimen Seaudi 
<[email protected]<mailto:[email protected]>>
Date: Thursday, June 28, 2018 at 2:05 PM
To: "[email protected]<mailto:[email protected]>" 
<[email protected]<mailto:[email protected]>>
Cc: SEAUDI Abdelmuhaimen OBS/CSO 
<[email protected]<mailto:[email protected]>>
Subject: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING

Hi

When I try to add a signed certificate to AAI pod in OOM Beijing, I find that I 
am still getting the original AAI certificate when I try to access AAI.

This means I need to restart the haproxy docker container ?

I tried deleting the haproxy pod, but this builds a new container and my signed 
certificate disappears.

I tried looking up the node hosting the haproxy container and restarting the 
k8s_haproxy_xxx container and it worked and the new certificate is working.

Is there a better way to add a signed certificate to AAI OOM Beijing ?

Thanks

A. Seaudi

Sent from Samsung tablet.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.



This message and its attachments may contain confidential or privileged 
information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete 
this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.

Thank you.


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11023): https://lists.onap.org/g/onap-discuss/message/11023
Mute This Topic: https://lists.onap.org/mt/23245114/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to