From 3dc8cc2b34ad03b027a07c65e2ed39b3162f9a1f Mon Sep 17 00:00:00 2001
From: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
Date: Sun, 5 Sep 2021 16:32:22 +0200
Subject: [OOM] Update Linux SSL Truststore /etc/ssl

Add update for /etc/ssl/cacerts/ca-certificates.crt

Issue-ID: CCSDK-3356
Change-Id: I797aea054bb80db805f4791a288e89b102e1d662
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
---
 .../common/cert-wrapper/resources/import-custom-certs.sh    | 13 +++++++++++++
 .../common/certInitializer/templates/_certInitializer.yaml  |  3 +++
 2 files changed, 16 insertions(+)

(limited to 'kubernetes')

diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index 6df7505e7b..0667ae214e 100755
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -22,6 +22,7 @@ WORK_DIR=${WORK_DIR:-/updatedTruststore}
 ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
 JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
 TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+SSL_WORKDIR=${SSL_WORKDIR:-/usr/local/share/ca-certificates}
 
 mkdir -p $WORK_DIR
 
@@ -76,3 +77,15 @@ for f in $WORK_DIR/*; do
     fi
   fi
 done
+
+# Import certificates to Linux SSL Truststore
+cp $CERTS_DIR/*.crt $SSL_WORKDIR/.
+cp $MORE_CERTS_DIR/*.crt $SSL_WORKDIR/.
+update-ca-certificates
+if [ $? != 0 ]
+  then
+    echo "failed importing certificates"
+    exit 1
+  else
+    cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
+fi
\ No newline at end of file
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index f3ba8a24e0..32bba457ee 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -174,6 +174,9 @@
 - mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
   name: updated-truststore
   subPath: {{ $initRoot.truststoreOutputFileName }}
+- mountPath: /etc/ssl/certs/ca-certificates.crt
+  name: updated-truststore
+  subPath: ca-certificates.crt
 {{- end -}}
 {{- end -}}
 
-- 
cgit