summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-10-21 18:15:08 +0200
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-10-22 14:18:25 +0200
commit2954823e469dc10ec45f8170dac5a8041ab3fd44 (patch)
treeaf4ff61b346637c960260a9b1155e42bcf78ca7e
parent3ed223d7f77b43033fa97d584246db4a386d6b0c (diff)
[SO] Import various CAs in truststore
Per default, SO truststore has only one CA, the ONAP one. But we also need MSB root CA. The process to onboard was broken and this patch solves it We also needs "common root CAs" in order to discuss with other components such as the underneath OpenStack. In this patch we also import all "known" root CA from truststoreONAPall. Issue-ID: OOM-2606 Issue-ID: OOM-2607 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia67bd4aec7a0b122fb9fda11e1e48c4e6e55430c
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml1
-rw-r--r--kubernetes/so/components/soHelpers/templates/_certificates.tpl6
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml7
3 files changed, 10 insertions, 4 deletions
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
index 45668eda98..2327e19b67 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -39,6 +39,7 @@ spec:
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export TRUSTSTORE="file:/${TRUSTSTORE}"
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
index fa25ba5177..ef3b0768f5 100644
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -16,7 +16,11 @@
keytool -import -trustcacerts -alias msb_root -file \
/certificates/msb-ca.crt -keystore \
"{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -keypass $cadi_truststore_password -noprompt
+ -storepass $cadi_truststore_password -noprompt
+ keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+ -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+ -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -deststorepass $cadi_truststore_password -noprompt
volumeMounts:
{{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- name: {{ include "common.name" $dot }}-msb-certificate
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 5dbe46cf9e..391938199e 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -37,7 +37,7 @@ global:
# Secrets metaconfig
#################################################################
secrets:
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
@@ -54,10 +54,11 @@ certInitializer:
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
+ trustStoreAllPass: changeit
aaf_add_config: >
/opt/app/aaf_config/bin/agent.sh local showpass
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop