diff options
| author | mrpa <miruna.paun@enea.com> | 2021-04-07 13:00:03 +0200 |
|---|---|---|
| committer | mrpa <miruna.paun@enea.com> | 2021-04-07 13:12:32 +0200 |
| commit | e647c97d8b6f631c56903a13d1467e130e47dfd2 (patch) | |
| tree | 4e0b5230a5ba96cf6b3a7e5c8eec64de3d9e7fbe | |
| parent | dca61bae299e6634568015a60e3a22b809206b8f (diff) | |
| download | nfv-access-documentation-e647c97d8b6f631c56903a13d1467e130e47dfd2.tar.gz | |
Added in Tomcat Certificate generation info andEnea_NFV_Access_2.4.0_RC7
the related limitation in the rel notes.
Change-Id: I92ff4209aefe6c5251e4462910152544c56ac82e
Signed-off-by: mrpa <miruna.paun@enea.com>
4 files changed, 99 insertions, 61 deletions
diff --git a/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml b/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml index 90de441..c596735 100644 --- a/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml +++ b/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml | |||
| @@ -411,6 +411,66 @@ node0.1048576kB = 3 </programlisting> | |||
| 411 | </section> | 411 | </section> |
| 412 | </section> | 412 | </section> |
| 413 | 413 | ||
| 414 | <section id="create_certificate"> | ||
| 415 | <title>Tomcat Certificate Generation</title> | ||
| 416 | |||
| 417 | <para>The self-signed Tomcat Certificate the Enea Edge | ||
| 418 | Management application uses is generated at installation time. It can | ||
| 419 | be regenerated anytime after installation by using the | ||
| 420 | <filename>createCertificate.sh</filename> script.</para> | ||
| 421 | |||
| 422 | <para>On the CentOS 7 server open a terminal, log into a bash shell with | ||
| 423 | the root account and perform the following:</para> | ||
| 424 | |||
| 425 | <orderedlist> | ||
| 426 | <listitem> | ||
| 427 | <para>Extract <literal>Enea_Edge_Management_<version>-build<build_number>.tar.gz</literal></para> | ||
| 428 | |||
| 429 | <para>The directory in which the archive has been unpacked will be | ||
| 430 | denoted as: <literal><uCPEM-installerdir></literal>.</para> | ||
| 431 | </listitem> | ||
| 432 | |||
| 433 | <listitem> | ||
| 434 | <para>Enter <literal><uCPEM-installerdir>/dist</literal>.</para> | ||
| 435 | </listitem> | ||
| 436 | |||
| 437 | <listitem> | ||
| 438 | <para>Run the following command:</para> | ||
| 439 | |||
| 440 | <programlisting>./createCertificate.sh ucpemanager <IP_or_domain> \ | ||
| 441 | /opt/ems [<service_username>]</programlisting> | ||
| 442 | |||
| 443 | <para>Where the following need to be included:</para> | ||
| 444 | |||
| 445 | <itemizedlist> | ||
| 446 | <listitem> | ||
| 447 | <para>The IP or domain name of the server the Enea Edge | ||
| 448 | Management application is running on.</para> | ||
| 449 | </listitem> | ||
| 450 | |||
| 451 | <listitem> | ||
| 452 | <para>The service username, which is the one set when installing the | ||
| 453 | Enea Edge Management application. For more details | ||
| 454 | see <olink targetdoc="book_enea_edge_getting_started" | ||
| 455 | targetptr="fresh_ucpemg_install">Fresh Installation of the Enea | ||
| 456 | Edge Management application in the <ns:include | ||
| 457 | href="../../s_docbuild/olinkdb/pardoc-names.xml" | ||
| 458 | xmlns:ns="http://www.w3.org/2001/XInclude" | ||
| 459 | xpointer="element(book_enea_edge_getting_started/1)" /></olink> Manual. | ||
| 460 | Providing the service username is optional. If it is not provided, the default | ||
| 461 | value will be used.</para> | ||
| 462 | </listitem> | ||
| 463 | </itemizedlist> | ||
| 464 | </listitem> | ||
| 465 | |||
| 466 | <listitem> | ||
| 467 | <para>Restart the Enea Edge Management service:</para> | ||
| 468 | |||
| 469 | <programlisting>service ucpemanager restart</programlisting> | ||
| 470 | </listitem> | ||
| 471 | </orderedlist> | ||
| 472 | </section> | ||
| 473 | |||
| 414 | <section condition="hidden" id="high_availability_ig"> | 474 | <section condition="hidden" id="high_availability_ig"> |
| 415 | <title>Installing the Enea Edge Management application in High | 475 | <title>Installing the Enea Edge Management application in High |
| 416 | Availability Mode</title> | 476 | Availability Mode</title> |
| @@ -1103,4 +1163,4 @@ Configuration complete.</programlisting> | |||
| 1103 | </orderedlist> | 1163 | </orderedlist> |
| 1104 | </section> | 1164 | </section> |
| 1105 | </section> | 1165 | </section> |
| 1106 | </chapter> \ No newline at end of file | 1166 | </chapter> |
diff --git a/doc/book-enea-edge-getting-started/doc/installation_guide.xml b/doc/book-enea-edge-getting-started/doc/installation_guide.xml index 1ca3b02..477b5c4 100644 --- a/doc/book-enea-edge-getting-started/doc/installation_guide.xml +++ b/doc/book-enea-edge-getting-started/doc/installation_guide.xml | |||
| @@ -578,7 +578,7 @@ Enea_NFV_Access_uCPEManager_<version>-build<build_number>.tar.gz</pr | |||
| 578 | <listitem> | 578 | <listitem> |
| 579 | <para>High Availability Configurations:</para> | 579 | <para>High Availability Configurations:</para> |
| 580 | 580 | ||
| 581 | <itemizedlist> | 581 | <itemizedlist spacing="compact"> |
| 582 | <listitem> | 582 | <listitem> |
| 583 | <para>Specify the IP address of the local interface: The | 583 | <para>Specify the IP address of the local interface: The |
| 584 | CentOS 7 Server loopback address: | 584 | CentOS 7 Server loopback address: |
| @@ -593,19 +593,35 @@ Enea_NFV_Access_uCPEManager_<version>-build<build_number>.tar.gz</pr | |||
| 593 | </listitem> | 593 | </listitem> |
| 594 | 594 | ||
| 595 | <listitem> | 595 | <listitem> |
| 596 | <para>Heap Configuration: <literal>Please enter the new | 596 | <para>Create the self-signed certificate: <literal>Specify IP or domain name</literal> |
| 597 | Maximum Heap Size [4g]</literal>:</para> | 597 | (or press <literal>Enter</literal> to skip):</para> |
| 598 | |||
| 599 | <para>The Tomcat self-signed certificate can be generated | ||
| 600 | again by running the | ||
| 601 | <filename>createCertificate.sh</filename>. For more details, please see <olink | ||
| 602 | targetdoc="book_enea_edge_getting_started" | ||
| 603 | targetptr="create_certificate">Tomcat Certificate | ||
| 604 | Generation in the <ns:include | ||
| 605 | href="../../s_docbuild/olinkdb/pardoc-names.xml" | ||
| 606 | xpointer="element(book_enea_edge_getting_started/1)" | ||
| 607 | xmlns:ns="http://www.w3.org/2001/XInclude" /></olink> Manual.</para> | ||
| 608 | |||
| 609 | <note> | ||
| 610 | <para>The generation of the Tomcat self-signed cerificate | ||
| 611 | should be skipped only if another certifcate will be | ||
| 612 | provided.</para> | ||
| 613 | </note> | ||
| 598 | </listitem> | 614 | </listitem> |
| 599 | 615 | ||
| 600 | <listitem> | 616 | <listitem> |
| 601 | <para>Create the self-signed certificate: <literal>Specify IP | 617 | <para>Heap Configuration:</para> |
| 602 | or domain name</literal>:</para> | 618 | |
| 603 | 619 | <itemizedlist spacing="compact"> | |
| 604 | <note> | 620 | <listitem> |
| 605 | <para>The certificate can be generated again by running the | 621 | <para>Please enter the new Maximum Heap Size |
| 606 | <filename>createCertificate</filename> script from the | 622 | [4g]:</para> |
| 607 | distribution folder.</para> | 623 | </listitem> |
| 608 | </note> | 624 | </itemizedlist> |
| 609 | </listitem> | 625 | </listitem> |
| 610 | </itemizedlist> | 626 | </itemizedlist> |
| 611 | 627 | ||
| @@ -1236,4 +1252,4 @@ of=/dev/sdb bs=4M conv=fsync</programlisting> | |||
| 1236 | </note> | 1252 | </note> |
| 1237 | </section> | 1253 | </section> |
| 1238 | </section> | 1254 | </section> |
| 1239 | </chapter> \ No newline at end of file | 1255 | </chapter> |
diff --git a/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml b/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml index 80473cb..ac2ebb6 100644 --- a/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml +++ b/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | <?xml version="1.0" encoding="UTF-8"?> | 1 | <?xml version="1.0" encoding="ISO-8859-1"?> |
| 2 | <chapter id="upgrade_ena"> | 2 | <chapter id="upgrade_ena"> |
| 3 | <title>Upgrading Enea Edge</title> | 3 | <title>Upgrading Enea Edge</title> |
| 4 | 4 | ||
| 5 | <para>Enea provides regular releases that will require the upgrading of Enea | 5 | <para>Enea provides regular releases that will require the upgrading of Enea |
| 6 | Edge components. The Enea Edge Management application must be upgraded | 6 | Edge components. The Enea Edge Management application must be upgraded |
| 7 | first, followed by upgrading the Enea Edge Runtime on the uCPE | 7 | first, followed by upgrading the Enea Edge Runtime on the uCPE |
| 8 | devices.</para> | 8 | devices.</para> |
| 9 | 9 | ||
| @@ -116,8 +116,7 @@ Enea_NFV_Access_uCPEManager_<version>-build<build_number>.tar.gz</pr | |||
| 116 | </listitem> | 116 | </listitem> |
| 117 | 117 | ||
| 118 | <listitem> | 118 | <listitem> |
| 119 | <para>Enter | 119 | <para>Enter <literal><uCPEM-installerdir>/dist</literal>.</para> |
| 120 | <literal><uCPEM-installerdir>/dist</literal>.</para> | ||
| 121 | </listitem> | 120 | </listitem> |
| 122 | 121 | ||
| 123 | <listitem> | 122 | <listitem> |
| @@ -165,7 +164,7 @@ Enea_NFV_Access_uCPEManager_<version>-build<build_number>.tar.gz</pr | |||
| 165 | <listitem> | 164 | <listitem> |
| 166 | <para>Enter | 165 | <para>Enter |
| 167 | <literal><uCPEM-installerdir>/dist</literal>.</para> | 166 | <literal><uCPEM-installerdir>/dist</literal>.</para> |
| 168 | </listitem> | 167 | </listitem> |
| 169 | 168 | ||
| 170 | <listitem> | 169 | <listitem> |
| 171 | <para>Run the following command with the root user and change | 170 | <para>Run the following command with the root user and change |
| @@ -602,7 +601,7 @@ Enea_NFV_Access_uCPEManager_<version>-build<build_number>.tar.gz</pr | |||
| 602 | </listitem> | 601 | </listitem> |
| 603 | 602 | ||
| 604 | <listitem> | 603 | <listitem> |
| 605 | <para>Select <emphasis role="bold">Operations</emphasis>, then | 604 | <para>Select <emphasis role="bold">Operations</emphasis>, then |
| 606 | <emphasis role="bold">Upgrade</emphasis>, enter the | 605 | <emphasis role="bold">Upgrade</emphasis>, enter the |
| 607 | <literal>Release Name</literal> and press <emphasis | 606 | <literal>Release Name</literal> and press <emphasis |
| 608 | role="bold">Execute</emphasis>. Filling in the <literal>Restore | 607 | role="bold">Execute</emphasis>. Filling in the <literal>Restore |
diff --git a/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml b/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml index 0fdb9aa..81816a5 100644 --- a/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml +++ b/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml | |||
| @@ -129,47 +129,10 @@ | |||
| 129 | </listitem> | 129 | </listitem> |
| 130 | 130 | ||
| 131 | <listitem> | 131 | <listitem> |
| 132 | <para><remark>ELCCR-1351</remark>The updated | 132 | <para><remark>ELCCR-1561</remark>Before starting an Enea Edge Management |
| 133 | <filename>.Keystore</filename> and <filename>server.xml</filename> files | 133 | upgrade, any owned Tomcat certificates should be manually copied into the |
| 134 | from the | 134 | <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/config/certificates</literal> |
| 135 | <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/</literal> | 135 | folder.</para> |
| 136 | folder are overwritten during a product upgrade. As a workaround for | ||
| 137 | this issue, after an upgrade, copy the updated | ||
| 138 | <filename>.Keystore</filename> and <filename>server.xml</filename> files | ||
| 139 | into the | ||
| 140 | <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/</literal> | ||
| 141 | folder and restart the ucpemanager service.</para> | ||
| 142 | </listitem> | ||
| 143 | |||
| 144 | <listitem> | ||
| 145 | <para><remark>ELCCR-1371</remark>The current self-signed certificate for | ||
| 146 | the Enea Edge Management application is generated at build time, with a | ||
| 147 | hard-coded common-name causing the uCPE device upgrade to fail in HTTPS | ||
| 148 | mode. As a workaround, another certificate (containing an IP based | ||
| 149 | common-name) must be generated.</para> | ||
| 150 | |||
| 151 | <para>Perform the following the steps to generate the | ||
| 152 | certificate:</para> | ||
| 153 | |||
| 154 | <orderedlist> | ||
| 155 | <listitem> | ||
| 156 | <para>Stop the Edge Management service.</para> | ||
| 157 | </listitem> | ||
| 158 | |||
| 159 | <listitem> | ||
| 160 | <para>Create the certificate using the | ||
| 161 | <filename>createCertificate.sh</filename> script from distribution | ||
| 162 | folder. This will create a new <filename>.Keystore</filename> file | ||
| 163 | and copy it into the | ||
| 164 | <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/config/certificates</literal> | ||
| 165 | folder.</para> | ||
| 166 | </listitem> | ||
| 167 | |||
| 168 | <listitem> | ||
| 169 | <para>Start the Enea Edge Management application, the new | ||
| 170 | certificate should now take effect.</para> | ||
| 171 | </listitem> | ||
| 172 | </orderedlist> | ||
| 173 | </listitem> | 136 | </listitem> |
| 174 | 137 | ||
| 175 | <listitem> | 138 | <listitem> |
| @@ -213,4 +176,4 @@ | |||
| 213 | 176 | ||
| 214 | <!-- <xi:include href="jiraissues_generated.xml" | 177 | <!-- <xi:include href="jiraissues_generated.xml" |
| 215 | xmlns:xi="http://www.w3.org/2001/XInclude" /> --> | 178 | xmlns:xi="http://www.w3.org/2001/XInclude" /> --> |
| 216 | </chapter> \ No newline at end of file | 179 | </chapter> |