diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-10-27 17:30:51 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2020-10-27 17:30:51 +0000 |
| commit | 0f4fb5208a4c0727e08ea1d2c3b5ca5c9e2d21a8 (patch) | |
| tree | 620461666dfa4aaa539e7ec75a3a4dd776978cb9 | |
| parent | b1ee058f941a9c9ff27467054d98b8a56c988797 (diff) | |
| parent | 2954823e469dc10ec45f8170dac5a8041ab3fd44 (diff) | |
Merge "[SO] Import various CAs in truststore"
3 files changed, 10 insertions, 4 deletions
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index 97ebd93ed1..bc36fc1f46 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -39,6 +39,7 @@ spec: {{- if .Values.global.aafEnabled }} export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export TRUSTSTORE="file:/${TRUSTSTORE}" {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password}" {{- end }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index fa25ba5177..ef3b0768f5 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -16,7 +16,11 @@ keytool -import -trustcacerts -alias msb_root -file \ /certificates/msb-ca.crt -keystore \ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ - -keypass $cadi_truststore_password -noprompt + -storepass $cadi_truststore_password -noprompt + keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ + -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ + -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -deststorepass $cadi_truststore_password -noprompt volumeMounts: {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} - name: {{ include "common.name" $dot }}-msb-certificate diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index 5dbe46cf9e..391938199e 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -37,7 +37,7 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: "so-onap-certs" + - uid: 'so-onap-certs' name: '{{ include "common.release" . }}-so-certs' externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic @@ -54,10 +54,11 @@ certInitializer: fqdn: so fqi: so@so.onap.org public_fqdn: so.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" + cadi_longitude: '0.0' + cadi_latitude: '0.0' app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local + trustStoreAllPass: changeit aaf_add_config: > /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop |