From d0395f7de8dea655f0e4ea214462311e23f45a78 Mon Sep 17 00:00:00 2001 From: Jack Lucas Date: Tue, 4 Jun 2019 12:47:56 -0400 Subject: Update bootstrap to support TLS for CM Change-Id: Ie44a55eb7e209bbad1970530f9d723ac9540b156 Issue-ID: DCAEGEN2-1586 Signed-off-by: Jack Lucas --- k8s-bootstrap-container/bootstrap.sh | 24 ++++++++++++++++++++++-- k8s-bootstrap-container/pom.xml | 2 +- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/k8s-bootstrap-container/bootstrap.sh b/k8s-bootstrap-container/bootstrap.sh index 838e1e0..82df4b4 100755 --- a/k8s-bootstrap-container/bootstrap.sh +++ b/k8s-bootstrap-container/bootstrap.sh @@ -27,6 +27,26 @@ # Input files for components to be installed in /inputs # Configuration JSON files that need to be loaded into Consul in /dcae-configs # Consul is installed in /opt/consul/bin/consul, with base config in /opt/consul/config/00consul.json +# Optionally, allows: +# CM protocol in CMPROTO environment variable (defaults to HTTP) +# CM port in CMPORT environment variable (defaults to 80) +# If CMPROTO is set to "https", bootstrap will use HTTPS to communicate with CM. Otherwise, +# it will use HTTP. +# If CMPROTO is set to "https", the script assumes the CA cert needed to verify the cert +# presented by CM is mounted at /certs/cacert.pem. + +# Set defaults for CM protocol and port +CMPROTO=${CMPROTO:-http} +CMPORT=${CMPORT:-80} + +# Set up additional parameters for using HTTPS +CFYTLS="" +CURLTLS="" +if [ $CMPROTO = "https" ] +then + CFYTLS="--rest-certificate /certs/cacert.pem --ssl" + CURLTLS="--cacert /certs/cacert.pem" +fi ### FUNCTION DEFINITIONS ### @@ -45,7 +65,7 @@ function cm_hasany { # We use _include=id to limit the amount of data the CM sends back # We rely on the "metadata.pagination.total" field in the response # for the total number of matching entities - COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} "${CMADDR}/api/v3.1/$1&_include=id" \ + COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} ${CURLTLS} "${CMPROTO}://${CMADDR}:${CMPORT}/api/v3.1/$1&_include=id" \ | /bin/jq .metadata.pagination.total) if (( $COUNT > 0 )) then @@ -133,7 +153,7 @@ fi PH_REG="${PH_REG}\"}" # Set up profile to access Cloudify Manager -cfy profiles use -u admin -t default_tenant -p "${CMPASS}" "${CMADDR}" +cfy profiles use -u admin -t default_tenant -p "${CMPASS}" ${CFYTLS} "${CMADDR}" # Output status, for debugging purposes cfy status diff --git a/k8s-bootstrap-container/pom.xml b/k8s-bootstrap-container/pom.xml index 04af8c7..98c2a83 100644 --- a/k8s-bootstrap-container/pom.xml +++ b/k8s-bootstrap-container/pom.xml @@ -27,7 +27,7 @@ limitations under the License. org.onap.dcaegen2.deployments k8s-bootstrap-container dcaegen2-deployments-k8s-bootstrap-container - 1.5.1 + 1.6.0 http://maven.apache.org UTF-8 -- cgit 1.2.3-korg