aboutsummaryrefslogtreecommitdiffstats
path: root/development
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-04-10 10:32:00 +0200
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-04-10 11:37:50 +0200
commitc138b700030d22ae0bdbd6992fb4a4d8a3431798 (patch)
tree35926c24ef0eb4c770f3592bedc6e4d3cf69c98e /development
parentd52444107a3c62c1027e35178b76645ceb4d2c4e (diff)
Read passwords from files
Key- and trust-store passwords should be read from files in order to work with DCAE tls-init-container. Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396 Issue-ID: DCAEGEN2-1412 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'development')
-rw-r--r--development/configuration/base.json4
-rw-r--r--development/configuration/local.json4
-rw-r--r--development/docker-compose.yml5
-rw-r--r--development/ssl/.gitignore2
-rwxr-xr-xdevelopment/ssl/gen-certs.sh22
5 files changed, 29 insertions, 8 deletions
diff --git a/development/configuration/base.json b/development/configuration/base.json
index 1b723b72..9bf9194b 100644
--- a/development/configuration/base.json
+++ b/development/configuration/base.json
@@ -5,7 +5,7 @@
"cbs.firstRequestDelaySec": 10,
"cbs.requestIntervalSec": 5,
"security.keys.keyStoreFile": "/etc/ves-hv/ssl/server.p12",
- "security.keys.keyStorePassword": "onaponap",
+ "security.keys.keyStorePasswordFile": "/etc/ves-hv/ssl/server.pass",
"security.keys.trustStoreFile": "/etc/ves-hv/ssl/trust.p12",
- "security.keys.trustStorePassword": "onaponap"
+ "security.keys.trustStorePasswordFile": "/etc/ves-hv/ssl/trust.pass"
} \ No newline at end of file
diff --git a/development/configuration/local.json b/development/configuration/local.json
index ebf2f82e..cfaaaa40 100644
--- a/development/configuration/local.json
+++ b/development/configuration/local.json
@@ -5,7 +5,7 @@
"cbs.firstRequestDelaySec": 10,
"cbs.requestIntervalSec": 5,
"security.keys.keyStoreFile": "development/ssl/server.p12",
- "security.keys.keyStorePassword": "onaponap",
+ "security.keys.keyStorePasswordFile": "development/ssl/server.pass",
"security.keys.trustStoreFile": "development/ssl/trust.p12",
- "security.keys.trustStorePassword": "onaponap"
+ "security.keys.trustStorePasswordFile": "development/ssl/server.pass"
}
diff --git a/development/docker-compose.yml b/development/docker-compose.yml
index d135e8b4..9272c618 100644
--- a/development/docker-compose.yml
+++ b/development/docker-compose.yml
@@ -110,8 +110,9 @@ services:
"--ves-host", "ves-hv-collector",
"--ves-port", "6061",
"--key-store", "/etc/ves-hv/client.p12",
- "--key-store-password", "onaponap",
- "--trust-store-password", "onaponap"]
+ "--key-store-password-file", "/etc/ves-hv/client.pass",
+ "--trust-store", "/etc/ves-hv/trust.p12",
+ "--trust-store-password-file", "/etc/ves-hv/trust.pass"]
healthcheck:
test: curl -f http://localhost:6063/health/ready || exit 1
interval: 10s
diff --git a/development/ssl/.gitignore b/development/ssl/.gitignore
index 23888eb0..955c17d1 100644
--- a/development/ssl/.gitignore
+++ b/development/ssl/.gitignore
@@ -4,4 +4,4 @@
*.csr
*.pkcs12
*.p12
-
+*.pass
diff --git a/development/ssl/gen-certs.sh b/development/ssl/gen-certs.sh
index b4f78227..bf28ca02 100755
--- a/development/ssl/gen-certs.sh
+++ b/development/ssl/gen-certs.sh
@@ -1,4 +1,21 @@
#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# csit-dcaegen2-collectors-hv-ves
+# ================================================================================
+# Copyright (C) 2018-2019 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
set -eu -o pipefail -o xtrace
@@ -24,6 +41,8 @@ function gen_key() {
keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \
keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \
keytool -alias ${key_name} -importcert ${keystore}
+
+ printf ${STORE_PASS} > ${key_name}.pass
}
@@ -36,10 +55,11 @@ function gen_ca() {
function gen_truststore() {
local trusted_ca="$1"
keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12
+ printf ${STORE_PASS} > ${TRUST}.pass
}
function clean() {
- rm -f *.crt *.p12
+ rm -f *.crt *.p12 *.pass
}
if [[ $# -eq 0 ]]; then