diff options
| author |   Jack Lucas <jflucas@research.att.com> | 2019-06-04 12:47:56 -0400 |
|---|---|---|
| committer | Jack Lucas <jflucas@research.att.com> | 2019-06-04 12:47:56 -0400 |
| commit | d0395f7de8dea655f0e4ea214462311e23f45a78 (patch) | |
| tree | 2a487e334feccdd1912ec80a50935ac389f0ab14 | |
| parent | 058958bf64d14c00e77fd8c695fec49942be6f70 (diff) | |
Update bootstrap to support TLS for CM
Change-Id: Ie44a55eb7e209bbad1970530f9d723ac9540b156
Issue-ID: DCAEGEN2-1586
Signed-off-by: Jack Lucas <jflucas@research.att.com>
| -rwxr-xr-x | k8s-bootstrap-container/bootstrap.sh | 24 | ||||
| -rw-r--r-- | k8s-bootstrap-container/pom.xml | 2 |
2 files changed, 23 insertions, 3 deletions
diff --git a/k8s-bootstrap-container/bootstrap.sh b/k8s-bootstrap-container/bootstrap.sh index 838e1e0..82df4b4 100755 --- a/k8s-bootstrap-container/bootstrap.sh +++ b/k8s-bootstrap-container/bootstrap.sh @@ -27,6 +27,26 @@ # Input files for components to be installed in /inputs # Configuration JSON files that need to be loaded into Consul in /dcae-configs # Consul is installed in /opt/consul/bin/consul, with base config in /opt/consul/config/00consul.json +# Optionally, allows: +# CM protocol in CMPROTO environment variable (defaults to HTTP) +# CM port in CMPORT environment variable (defaults to 80) +# If CMPROTO is set to "https", bootstrap will use HTTPS to communicate with CM. Otherwise, +# it will use HTTP. +# If CMPROTO is set to "https", the script assumes the CA cert needed to verify the cert +# presented by CM is mounted at /certs/cacert.pem. + +# Set defaults for CM protocol and port +CMPROTO=${CMPROTO:-http} +CMPORT=${CMPORT:-80} + +# Set up additional parameters for using HTTPS +CFYTLS="" +CURLTLS="" +if [ $CMPROTO = "https" ] +then + CFYTLS="--rest-certificate /certs/cacert.pem --ssl" + CURLTLS="--cacert /certs/cacert.pem" +fi ### FUNCTION DEFINITIONS ### @@ -45,7 +65,7 @@ function cm_hasany { # We use _include=id to limit the amount of data the CM sends back # We rely on the "metadata.pagination.total" field in the response # for the total number of matching entities - COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} "${CMADDR}/api/v3.1/$1&_include=id" \ + COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} ${CURLTLS} "${CMPROTO}://${CMADDR}:${CMPORT}/api/v3.1/$1&_include=id" \ | /bin/jq .metadata.pagination.total) if (( $COUNT > 0 )) then @@ -133,7 +153,7 @@ fi PH_REG="${PH_REG}\"}" # Set up profile to access Cloudify Manager -cfy profiles use -u admin -t default_tenant -p "${CMPASS}" "${CMADDR}" +cfy profiles use -u admin -t default_tenant -p "${CMPASS}" ${CFYTLS} "${CMADDR}" # Output status, for debugging purposes cfy status diff --git a/k8s-bootstrap-container/pom.xml b/k8s-bootstrap-container/pom.xml index 04af8c7..98c2a83 100644 --- a/k8s-bootstrap-container/pom.xml +++ b/k8s-bootstrap-container/pom.xml @@ -27,7 +27,7 @@ limitations under the License. <groupId>org.onap.dcaegen2.deployments</groupId> <artifactId>k8s-bootstrap-container</artifactId> <name>dcaegen2-deployments-k8s-bootstrap-container</name> - <version>1.5.1</version> + <version>1.6.0</version> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> |