diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-10-21 18:15:08 +0200 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-10-22 14:18:25 +0200 |
| commit | 2954823e469dc10ec45f8170dac5a8041ab3fd44 (patch) | |
| tree | af4ff61b346637c960260a9b1155e42bcf78ca7e | |
| parent | 3ed223d7f77b43033fa97d584246db4a386d6b0c (diff) | |
[SO] Import various CAs in truststore
Per default, SO truststore has only one CA, the ONAP one.
But we also need MSB root CA. The process to onboard was broken and this
patch solves it
We also needs "common root CAs" in order to discuss with other
components such as the underneath OpenStack.
In this patch we also import all "known" root CA from truststoreONAPall.
Issue-ID: OOM-2606
Issue-ID: OOM-2607
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia67bd4aec7a0b122fb9fda11e1e48c4e6e55430c
3 files changed, 10 insertions, 4 deletions
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index 45668eda98..2327e19b67 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -39,6 +39,7 @@ spec: {{- if .Values.global.aafEnabled }} export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export TRUSTSTORE="file:/${TRUSTSTORE}" {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password}" {{- end }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index fa25ba5177..ef3b0768f5 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -16,7 +16,11 @@ keytool -import -trustcacerts -alias msb_root -file \ /certificates/msb-ca.crt -keystore \ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ - -keypass $cadi_truststore_password -noprompt + -storepass $cadi_truststore_password -noprompt + keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ + -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ + -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -deststorepass $cadi_truststore_password -noprompt volumeMounts: {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} - name: {{ include "common.name" $dot }}-msb-certificate diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index 5dbe46cf9e..391938199e 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -37,7 +37,7 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: "so-onap-certs" + - uid: 'so-onap-certs' name: '{{ include "common.release" . }}-so-certs' externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic @@ -54,10 +54,11 @@ certInitializer: fqdn: so fqi: so@so.onap.org public_fqdn: so.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" + cadi_longitude: '0.0' + cadi_latitude: '0.0' app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local + trustStoreAllPass: changeit aaf_add_config: > /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop |