aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/vid/values.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-08 15:59:33 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-15 10:22:12 +0000
commitcc3141d86b6b9c18948b067d59387f7a3acaa39a (patch)
tree171abf9952449c2892b9b35bc2dad69f5d4a833f /kubernetes/vid/values.yaml
parentc5059432ac150c1a4c528eef6bda4212696f2b35 (diff)
[VID] Automatically retrieve certificates
Use certInitializer in order to retrieve the certificates instead of hardcoding them. Issue-ID: VID-959 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I72eb09cd2719995ee05141034936f8e0589c7ad1
Diffstat (limited to 'kubernetes/vid/values.yaml')
-rw-r--r--kubernetes/vid/values.yaml49
1 files changed, 48 insertions, 1 deletions
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index 8e8a17ae84..4510dc6908 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -36,6 +37,53 @@ secrets:
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: vid-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: vid
+ fqi: vid@vid.onap.org
+ public_fqdn: vid.onap.org
+ fqi_namespace: "org.onap.vid"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** retrieving password for keystore and trustore"
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
+ if [ -z "$cadi_keystore_password" ]
+ then
+ echo " /!\ certificates retrieval failed"
+ exit 1
+ else
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+ -storepass "${cadi_keystore_password_jks}" \
+ -keystore {{ .Values.fqi_namespace }}.jks
+ keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+ -keystore {{ .Values.fqi_namespace }}.jks \
+ -keypass "${cadi_keystore_password_jks}" \
+ -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+ echo "*** save the generated passwords"
+ echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+ echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 .
+ fi
+
subChartsOnly:
enabled: true
@@ -49,7 +97,6 @@ config:
userName: vidadmin
# userCredentialsExternalSecret: some secret
# userPassword: password
- vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
vidaaiport: "8443"