*** Settings ***
-Documentation Test suite for Securing RESTCONF communication.
-... Note this suite requires PycURLLibrary to handle client certificates. While Requests library is able
-... to handle server certificates well, it lacks capabilities to deal with client certificates.
-... TODO: Investigate the possibility to incorporate this into TemplatedRequests
-Suite Setup Init Suite
-Suite Teardown Cleanup Suite
-Library OperatingSystem
-Library RequestsLibrary
-Library PycURLLibrary
-Library SSHLibrary
-Resource ../../../libraries/ClusterManagement.robot
-Resource ../../../variables/Variables.robot
-Resource ../../../libraries/Utils.robot
-Resource ../../../libraries/KarafKeywords.robot
+Documentation Test suite for Securing RESTCONF communication.
+... Note this suite requires PycURLLibrary to handle client certificates. While Requests library is able
+... to handle server certificates well, it lacks capabilities to deal with client certificates.
+... TODO: Investigate the possibility to incorporate this into TemplatedRequests
+
+Library OperatingSystem
+Library RequestsLibrary
+Library PycURLLibrary
+Library SSHLibrary
+Resource ../../../libraries/ClusterManagement.robot
+Resource ../../../variables/Variables.robot
+Resource ../../../libraries/Utils.robot
+Resource ../../../libraries/KarafKeywords.robot
+Resource ../../../libraries/SSHKeywords.robot
+
+Suite Setup Init Suite
+Suite Teardown Cleanup Suite
+
*** Variables ***
-${RESTCONF_MONITORING_URI} /restconf/operational/ietf-restconf-monitoring:restconf-state
-${RESTCONF_MONITORING_URL} https://${ODL_SYSTEM_IP}:${RESTCONFPORT_TLS}${RESTCONF_MONITORING_URI}
+${RESTCONF_MONITORING_URI} /restconf/operational/ietf-restconf-monitoring:restconf-state
+${RESTCONF_MONITORING_URL} https://${ODL_SYSTEM_IP}:${RESTCONFPORT_TLS}${RESTCONF_MONITORING_URI}
+
*** Test Cases ***
Basic Unsecure Restconf Request
[Documentation] Tests a basic HTTP request, just to ensure that system is working fine with normal, unsecure reqs
Create Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS}
- ${resp} RequestsLibrary.Get Request session ${RESTCONF_MONITORING_URI}
+ ${resp} RequestsLibrary.GET On Session session ${RESTCONF_MONITORING_URI} expected_status=anything
Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
Delete All Sessions
PycURLLibrary.Add Header "Content-Type:application/json"
PycURLLibrary.Add Header Authorization:Basic YWRtaW46YWRtaW4=
PycURLLibrary.Request Method GET
- Run Keyword And Expect Error error: (7, 'Failed *${RESTCONFPORT_TLS}* Connection refused') PycURLLibrary.Perform
+ Run Keyword And Expect Error
+ ... error: (7, 'Failed *${RESTCONFPORT_TLS}* Connection refused')
+ ... PycURLLibrary.Perform
PycURLLibrary.Log Response
-Activate TLS and Generate Server Certificate
- [Documentation] Generates a server certificate, self-signed and activates ODL secure configuration.
- Generate Server Self-Signed Certificate
+Activate TLS
+ [Documentation] Activates TLS configuration in ODL and restarts Karaf
Enable TLS in ODL
# Check ODL was restarted properly
Create Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS}
- ${resp} RequestsLibrary.Get Request session ${RESTCONF_MONITORING_URI}
+ ${resp} RequestsLibrary.GET On Session session ${RESTCONF_MONITORING_URI} expected_status=anything
Delete All Sessions
Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
TLS on Restconf with Server Cert (Self-signed) (insecure)
[Documentation] Tests HTTPS request. Server certificate is self-signed, thus communication is insecure
+ Clean Up Certificates In Server
+ Generate Server Self-Signed Certificate
+ #TLS Request
+ Insecure Ssl
PycURLLibrary.Set Url ${RESTCONF_MONITORING_URL}
PycURLLibrary.Add Header "Content-Type:application/json"
PycURLLibrary.Add Header Authorization:Basic YWRtaW46YWRtaW4=
PycURLLibrary.Log Response
PycURLLibrary.Response Status Should Contain 200
${resp} PycURLLibrary.Response
- Should Contain ${resp} "restconf-state":{"capabilities":{"capability":["urn:ietf:params:restconf:capability:depth
+ Should Contain
+ ... ${resp}
+ ... "restconf-state":{"capabilities":{"capability":["urn:ietf:params:restconf:capability:depth
-Activate Client Authentication and Generate Client Certificate
- [Documentation] Generates a client certificate and imports it into ODL truststore.
- ... Changes ODL config to require client authentication
- Generate Client Self-Signed Certificate
+TLS on Restconf with Server Cert (CA signed)
+ [Documentation] Tests HTTPS request with ODL TLS config by using CA signed certificates
+ Clean Up Certificates In Server
+ Generate Server CA Signed Certificate
+ #TLS Request
+ PycURLLibrary.Set Url ${RESTCONF_MONITORING_URL}
+ PycURLLibrary.Add Header "Content-Type:application/json"
+ PycURLLibrary.Add Header Authorization:Basic YWRtaW46YWRtaW4=
+ PycURLLibrary.Request Method GET
+ PycURLLibrary.Perform
+ PycURLLibrary.Log Response
+ PycURLLibrary.Response Status Should Contain 200
+ ${resp} PycURLLibrary.Response
+ Should Contain
+ ... ${resp}
+ ... "restconf-state":{"capabilities":{"capability":["urn:ietf:params:restconf:capability:depth
+
+Activate Client Authentication
+ [Documentation] Activates client authentication in odl by means of certificates.
Enable Client TLS Authentication in ODL
# Check ODL was restarted properly
Create Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS}
- ${resp} RequestsLibrary.Get Request session ${RESTCONF_MONITORING_URI}
+ ${resp} RequestsLibrary.GET On Session session ${RESTCONF_MONITORING_URI} expected_status=anything
Delete All Sessions
Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
TLS on Restconf with Server & Client Certs (Self-signed)
[Documentation] Test HTTPS request with ODL TLS config and client authentication by using certificate
+ Clean Up Certificates In Server
+ Generate Server Self-Signed Certificate
+ Generate Client Self-Signed Certificate
+ #TLS Request
PycURLLibrary.Set Url ${RESTCONF_MONITORING_URL}
PycURLLibrary.Add Header "Content-Type:application/json"
PycURLLibrary.Add Header Authorization:Basic YWRtaW46YWRtaW4=
PycURLLibrary.Log Response
PycURLLibrary.Response Status Should Contain 200
${resp} PycURLLibrary.Response
- Should Contain ${resp} "restconf-state":{"capabilities":{"capability":["urn:ietf:params:restconf:capability:depth
+ Should Contain
+ ... ${resp}
+ ... "restconf-state":{"capabilities":{"capability":["urn:ietf:params:restconf:capability:depth
TLS on Restconf with Server & Client Certs (CA signed)
[Documentation] Tests HTTPS request with ODL TLS config and client authentication by using CA signed certificates
- [Tags] exclude
+ Clean Up Certificates In Server
+ Generate Server CA Signed Certificate
+ Generate Client CA Signed Certificate
+ #TLS Request
+ PycURLLibrary.Set Url ${RESTCONF_MONITORING_URL}
+ PycURLLibrary.Add Header "Content-Type:application/json"
+ PycURLLibrary.Add Header Authorization:Basic YWRtaW46YWRtaW4=
+ PycURLLibrary.Client Certificate File ${USER_HOME}/client_ca_signed-cert.pem
+ PycURLLibrary.Private Key File ${USER_HOME}/client_ca_signed-key.pem
+ PycURLLibrary.Request Method GET
+ PycURLLibrary.Perform
+ PycURLLibrary.Log Response
+ PycURLLibrary.Response Status Should Contain 200
+ ${resp} PycURLLibrary.Response
+ Should Contain
+ ... ${resp}
+ ... "restconf-state":{"capabilities":{"capability":["urn:ietf:params:restconf:capability:depth
Restconf HTTPS/TLS Jolokia with server and client certificates CA signed
[Documentation] Tests HTTPS request with ODL TLS config and client authentication by using CA signed certificates for Jolokia
- [Tags] exclude
+ Clean Up Certificates In Server
+ Generate Server CA Signed Certificate
+ Generate Client CA Signed Certificate
+ #TLS Request
+ PycURLLibrary.Set Url https://${ODL_SYSTEM_IP}:${RESTCONFPORT_TLS}/${JOLOKIA_CONF_SHARD_MANAGER_URI}
+ PycURLLibrary.Add Header "Content-Type:application/json"
+ PycURLLibrary.Add Header Authorization:Basic YWRtaW46YWRtaW4=
+ PycURLLibrary.Client Certificate File ${USER_HOME}/client_ca_signed-cert.pem
+ PycURLLibrary.Private Key File ${USER_HOME}/client_ca_signed-key.pem
+ PycURLLibrary.Request Method GET
+ PycURLLibrary.Perform
+ PycURLLibrary.Log Response
+ PycURLLibrary.Response Status Should Contain 200
+ ${resp} PycURLLibrary.Response
+ Should Contain
+ ... ${resp}
+ ... "request":{"mbean":"org.opendaylight.controller:Category=ShardManager,name=shard-manager-config,type=DistributedConfigDatastore"
+
*** Keywords ***
Log Certificates in Keystore
[Documentation] Shows content of keystore
- ${output} Run Command On Remote System ${ODL_SYSTEM_IP} ${JAVA_HOME}/bin/keytool -list -storepass 123456 -keystore ${KEYSTORE_PATH}
+ ${output} Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -list -storepass 123456 -keystore ${KEYSTORE_PATH}
log ${output}
Clean Up Certificates In Server
[Documentation] Cleans keystore content (only for private keys and trusted certificates)
Log Certificates in Keystore
- Run Command On Remote System ${ODL_SYSTEM_IP} ${JAVA_HOME}/bin/keytool -list -keystore ${KEYSTORE_PATH} -storepass 123456|egrep -e "(trustedCertEntry|PrivateKeyEntry)"|cut -d"," -f1|xargs -I[] ${JAVA_HOME}/bin/keytool -delete -alias [] -keystore ${KEYSTORE_PATH} -storepass 123456
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -list -keystore ${KEYSTORE_PATH} -storepass 123456|egrep -e "(trustedCertEntry|PrivateKeyEntry)"|cut -d"," -f1|xargs -I[] ${JAVA_HOME}/bin/keytool -delete -alias [] -keystore ${KEYSTORE_PATH} -storepass 123456
Log Certificates in Keystore
Generate Server Self-Signed Certificate
[Documentation] Generates a self-signed certificate, stores it into keystore and restarts jetty to load changes
- ${KEYSTORE_DIR}= Split Path ${KEYSTORE_PATH}
+ ${KEYSTORE_DIR} Split Path ${KEYSTORE_PATH}
Run Command On Remote System ${ODL_SYSTEM_IP} mkdir -p ${KEYSTORE_DIR[0]}
Log Certificates in Keystore
# Generate with openssl
- Run Command On Remote System ${ODL_SYSTEM_IP} openssl req -x509 -newkey rsa:4096 -passout pass:myPass -keyout serverkey.pem -out servercert.pem -days 365 -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=AAA/CN=OpenDayLight/emailAddress=unknown@unknown.com"
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... openssl req -x509 -newkey rsa:4096 -passout pass:myPass -keyout serverkey.pem -out servercert.pem -days 365 -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=AAA/CN=OpenDayLight/emailAddress=unknown@unknown.com"
# Convert to pkcs12 (including public and private key together)
- Run Command On Remote System ${ODL_SYSTEM_IP} openssl pkcs12 -export -in servercert.pem -inkey serverkey.pem -out server.p12 -name odl -passin pass:myPass -passout pass:myPass
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... openssl pkcs12 -export -in servercert.pem -inkey serverkey.pem -out server.p12 -name odl -passin pass:myPass -passout pass:myPass
# Import Certifcate into keystore
- Run Command On Remote System ${ODL_SYSTEM_IP} ${JAVA_HOME}/bin/keytool -importkeystore -deststorepass 123456 -destkeypass myPass -destkeystore ${KEYSTORE_PATH} -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass myPass -alias odl
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -importkeystore -deststorepass 123456 -destkeypass myPass -destkeystore ${KEYSTORE_PATH} -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass myPass -alias odl
Log Certificates in Keystore
Restart Jetty
Generate Client Self-Signed Certificate
[Documentation] Generates a client self-signed certificate, stores it into the keystore (as trusted cert) and
... restarts jettty to load changes
- ${KEYSTORE_DIR}= Split Path ${KEYSTORE_PATH}
+ ${KEYSTORE_DIR} Split Path ${KEYSTORE_PATH}
Run Command On Remote System ${ODL_SYSTEM_IP} mkdir -p ${KEYSTORE_DIR[0]}
Log Certificates in Keystore
# Generate with openssl
# Note -nodes is used to avoid passphrase in private key. Also -passout pass:myPass is skipped. This is due to a
# limitation in pycurl library that does not support key pem files with passphrase in automatic mode (it asks for it)
- Run openssl req -x509 -newkey rsa:4096 -nodes -keyout ${USER_HOME}/clientkey.pem -out ${USER_HOME}/clientcert.pem -days 365 -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=AAA/CN=MiguelAngelMunoz/emailAddress=myemail@unknown.com"
+ Run
+ ... openssl req -x509 -newkey rsa:4096 -nodes -keyout ${USER_HOME}/clientkey.pem -out ${USER_HOME}/clientcert.pem -days 365 -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=AAA/CN=MiguelAngelMunoz/emailAddress=myemail@unknown.com"
# Import client's cert as trusted
- Copy File To Remote System ${ODL_SYSTEM_IP} ${USER_HOME}/clientcert.pem .
- Run Command On Remote System ${ODL_SYSTEM_IP} ${JAVA_HOME}/bin/keytool -import -trustcacerts -file clientcert.pem -keystore ${KEYSTORE_PATH} -storepass 123456 -noprompt
+ Copy File To Odl System ${ODL_SYSTEM_IP} ${USER_HOME}/clientcert.pem
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -import -trustcacerts -file clientcert.pem -keystore ${KEYSTORE_PATH} -storepass 123456 -noprompt
+ Log Certificates in Keystore
+ Restart Jetty
+
+Generate Server CA Signed Certificate
+ [Documentation] Generates a server certificate and signs it with own root CA
+ #Generates Root CA key and certificate (note this has to be self-signed)
+ Log Certificates in Keystore
+ Run openssl genrsa -out ${USER_HOME}/rootCA.key 2048
+ Run
+ ... openssl req -x509 -new -nodes -key ${USER_HOME}/rootCA.key -sha256 -days 1024 -out ${USER_HOME}/rootCA.pem -subj "/C=ES/ST=Madrid/L=Madrid/O=FakeCA/OU=FakeCA_ODL/CN=www.fakeca.com/emailAddress=unknown@fakeca.com"
+ #Generate server CSR
+ Run openssl genrsa -out ${USER_HOME}/server.key 2048
+ Run
+ ... openssl req -new -key ${USER_HOME}/server.key -out ${USER_HOME}/server.csr -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=AAA/CN=${ODL_SYSTEM_IP}/emailAddress=unknown@unknown.com"
+ #Sign CSR
+ Run
+ ... openssl x509 -req -in ${USER_HOME}/server.csr -CA ${USER_HOME}/rootCA.pem -CAkey ${USER_HOME}/rootCA.key -CAcreateserial -out ${USER_HOME}/server.crt -days 500 -sha256
+ # Convert to pkcs12 (including public and private key together)
+ Run
+ ... openssl pkcs12 -export -in ${USER_HOME}/server.crt -inkey ${USER_HOME}/server.key -out ${USER_HOME}/server.p12 -name odl -passin pass:myPass -passout pass:myPass
+ Copy File To Odl System ${ODL_SYSTEM_IP} ${USER_HOME}/server.p12
+ # Import Certifcate into keystore
+ ${KEYSTORE_DIR} Split Path ${KEYSTORE_PATH}
+ Run Command On Remote System ${ODL_SYSTEM_IP} mkdir -p ${KEYSTORE_DIR[0]}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -importkeystore -deststorepass 123456 -destkeypass myPass -destkeystore ${KEYSTORE_PATH} -srckeystore ${USER_HOME}/server.p12 -srcstoretype PKCS12 -srcstorepass myPass -alias odl
+ Log Certificates in Keystore
+ Restart Jetty
+
+Generate Client CA Signed Certificate
+ [Documentation] Generates a client certificate and signs it with own root CA
+ #Generates Root CA key and certificate (note this has to be self-signed)
+ Log Certificates in Keystore
+ Run openssl genrsa -out ${USER_HOME}/rootCA_for_clients-key.pem 2048
+ Run
+ ... openssl req -x509 -new -nodes -key ${USER_HOME}/rootCA_for_clients-key.pem -sha256 -days 1024 -out ${USER_HOME}/rootCA_for_clients-cert.pem -subj "/C=ES/ST=Madrid/L=Madrid/O=FakeCA_ForClient/OU=FakeCA_ForClient/CN=www.fakecaforclients.com/emailAddress=unknown@fakecaforclients.com"
+ #Generate client CSR
+ Run openssl genrsa -out ${USER_HOME}/client_ca_signed-key.pem 2048
+ Run
+ ... openssl req -new -key ${USER_HOME}/client_ca_signed-key.pem -out ${USER_HOME}/client_ca_signed.csr -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=RestClient/CN=RestClient/emailAddress=unknown@unknownclient.com"
+ #Sign CSR
+ Run
+ ... openssl x509 -req -in ${USER_HOME}/client_ca_signed.csr -CA ${USER_HOME}/rootCA_for_clients-cert.pem -CAkey ${USER_HOME}/rootCA_for_clients-key.pem -CAcreateserial -out ${USER_HOME}/client_ca_signed-cert.pem -days 500 -sha256
+ Copy File To Odl System ${ODL_SYSTEM_IP} ${USER_HOME}/rootCA_for_clients-cert.pem
+ # Import RootCA Certifcate into keystore
+ ${KEYSTORE_DIR} Split Path ${KEYSTORE_PATH}
+ Run Command On Remote System ${ODL_SYSTEM_IP} mkdir -p ${KEYSTORE_DIR[0]}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -import -trustcacerts -file rootCA_for_clients-cert.pem -keystore ${KEYSTORE_PATH} -storepass 123456 -noprompt
Log Certificates in Keystore
Restart Jetty
Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.keystore=/d' ${CUSTOMPROP}
Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.password=/d' ${CUSTOMPROP}
Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.keypassword=/d' ${CUSTOMPROP}
- Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.clientauthneeded=/d' ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... sed -i '/org.ops4j.pax.web.ssl.clientauthneeded=/d' ${CUSTOMPROP}
Restart Karaf
Enable TLS in ODL
[Documentation] Add new secure configuration in custom.properties
- Run Command On Remote System ${ODL_SYSTEM_IP} echo "org.osgi.service.http.secure.enabled=true">> ${CUSTOMPROP}
- Run Command On Remote System ${ODL_SYSTEM_IP} echo "org.ops4j.pax.web.ssl.keystore=${KEYSTORE_RELATIVE_PATH}">> ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.osgi.service.http.secure.enabled=/d' ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.keystore=/d' ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.password=/d' ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.keypassword=/d' ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... sed -i '/org.ops4j.pax.web.ssl.clientauthneeded=/d' ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... echo "org.osgi.service.http.secure.enabled=true">> ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... echo "org.ops4j.pax.web.ssl.keystore=${KEYSTORE_RELATIVE_PATH}">> ${CUSTOMPROP}
Run Command On Remote System ${ODL_SYSTEM_IP} echo "org.ops4j.pax.web.ssl.password=myPass">> ${CUSTOMPROP}
Run Command On Remote System ${ODL_SYSTEM_IP} echo "org.ops4j.pax.web.ssl.keypassword=123456">> ${CUSTOMPROP}
Restart Karaf
Enable Client TLS Authentication in ODL
[Documentation] Add custom.properties configuration to enable client auth
- Run Command On Remote System ${ODL_SYSTEM_IP} echo "org.ops4j.pax.web.ssl.clientauthneeded=true">> ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.osgi.service.http.secure.enabled=/d' ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.keystore=/d' ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.password=/d' ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} sed -i '/org.ops4j.pax.web.ssl.keypassword=/d' ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... sed -i '/org.ops4j.pax.web.ssl.clientauthneeded=/d' ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... echo "org.osgi.service.http.secure.enabled=true">> ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... echo "org.ops4j.pax.web.ssl.keystore=${KEYSTORE_RELATIVE_PATH}">> ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} echo "org.ops4j.pax.web.ssl.password=myPass">> ${CUSTOMPROP}
+ Run Command On Remote System ${ODL_SYSTEM_IP} echo "org.ops4j.pax.web.ssl.keypassword=123456">> ${CUSTOMPROP}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... echo "org.ops4j.pax.web.ssl.clientauthneeded=true">> ${CUSTOMPROP}
Restart Karaf
Init Suite
[Documentation] Cleans TLS configuration and restart Karaf system to reload
- ClusterManagement_Setup
+ KarafKeywords.Setup Karaf Keywords
Clean Up Certificates In Server
Disable TLS in ODL
+ Install a Feature odl-jolokia
Cleanup Suite
[Documentation] Deletes pending sessions in case there were any