diff options
| author |   dglFromAtt <dgl@research.att.com> | 2019-03-22 19:42:37 +0000 |
|---|---|---|
| committer | dglFromAtt <dgl@research.att.com> | 2019-03-22 19:42:43 +0000 |
| commit | a2f7b3212b5105eeb5942d75ca25c0a5dbebae52 (patch) | |
| tree | 8659d0ebcdce4e4f4e3515dc8ec910ee492949f7 | |
| parent | ff7ac524776b850b0054026566d4d1026067896d (diff) | |
Install curl and client certificate
Change-Id: I7a85151f43cf65483a9d79171212cc00378168ff
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-1120
| -rw-r--r-- | dbc-client/pom.xml | 1 | ||||
| -rw-r--r-- | dbc-client/src/main/resources/Dockerfile | 11 | ||||
| -rw-r--r-- | dmaap-bc/pom.xml | 1 | ||||
| -rw-r--r-- | dmaap-bc/src/main/resources/Dockerfile | 9 | ||||
| -rw-r--r-- | misc/aaf-ca.crt | 31 | ||||
| -rw-r--r-- | misc/cert-client-init.sh | 48 |
6 files changed, 52 insertions, 49 deletions
diff --git a/dbc-client/pom.xml b/dbc-client/pom.xml index d0945ac..17c877c 100644 --- a/dbc-client/pom.xml +++ b/dbc-client/pom.xml @@ -131,6 +131,7 @@ <directory>${multiproject.basedir}/misc</directory> <includes> <include>cert-client-init.sh</include> + <include>aaf-ca.crt</include> </includes> </resource> </resources> diff --git a/dbc-client/src/main/resources/Dockerfile b/dbc-client/src/main/resources/Dockerfile index 1e49e42..2025a5e 100644 --- a/dbc-client/src/main/resources/Dockerfile +++ b/dbc-client/src/main/resources/Dockerfile @@ -26,7 +26,16 @@ COPY /opt /opt WORKDIR /opt/app/dbc-client -#RUN apk add --no-cache curl +# Install AAF CA certificate +RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* +RUN mkdir -p /usr/local/share/ca-certificates && \ + mv misc/aaf-ca.crt /usr/local/share/ca-certificates/aaf-ca.crt +RUN update-ca-certificates + +# Install curl +RUN apk add --no-cache curl + +RUN apk add --no-cache curl RUN chmod +x /opt/app/dbc-client/misc/cert-client-init.sh && \ chmod +x /opt/app/dbc-client/bin/* && \ diff --git a/dmaap-bc/pom.xml b/dmaap-bc/pom.xml index 0a77b8d..24f9e42 100644 --- a/dmaap-bc/pom.xml +++ b/dmaap-bc/pom.xml @@ -222,6 +222,7 @@ <directory>${multiproject.basedir}/misc</directory> <includes> <include>cert-client-init.sh</include> + <include>aaf-ca.crt</include> </includes> </resource> <resource> diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile index 344e277..f900fed 100644 --- a/dmaap-bc/src/main/resources/Dockerfile +++ b/dmaap-bc/src/main/resources/Dockerfile @@ -26,6 +26,15 @@ COPY /opt /opt WORKDIR /opt/app/dmaapbc +# Install AAF CA certificate +RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* +RUN mkdir -p /usr/local/share/ca-certificates && \ + mv misc/aaf-ca.crt /usr/local/share/ca-certificates/aaf-ca.crt +RUN update-ca-certificates + +# Install curl +RUN apk add --no-cache curl + RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \ chmod 600 etc/keystore && \ chmod 600 etc/org.onap.dmaap-bc.trust.jks && \ diff --git a/misc/aaf-ca.crt b/misc/aaf-ca.crt new file mode 100644 index 0000000..e9a50d7 --- /dev/null +++ b/misc/aaf-ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/misc/cert-client-init.sh b/misc/cert-client-init.sh index a909895..e9a50d7 100644 --- a/misc/cert-client-init.sh +++ b/misc/cert-client-init.sh @@ -1,41 +1,3 @@ -#!/bin/bash -# -# ============LICENSE_START========================================== -# org.onap.dmaap -# =================================================================== -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# =================================================================== -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# -# - -# -# This script adds a known local certificate authority (CA) -# to be a recognized certificate authority. -# i.e. it updates the truststore -# -# This script must be run as root. -# -# Works on both CentOS and Ubuntu. -# -set -x - -# IMPORTANT: use a .crt suffix for update-ca-certificates to work -# -AAFCERT=AAF_RootCA.crt -cat >/tmp/$AAFCERT <<'!EOF' -----BEGIN CERTIFICATE----- MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx @@ -67,13 +29,3 @@ cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX dYY= -----END CERTIFICATE----- -!EOF -chmod 444 /tmp/$AAFCERT -if [ -f /etc/redhat-release ] -then - mv /tmp/$AAFCERT /etc/pki/ca-trust/source/anchors/aafcacert.pem - update-ca-trust -else - mv /tmp/$AAFCERT /usr/local/share/ca-certificates/$AAFCERT - update-ca-certificates -fi |