From dd70cf21332d6fd7954073735547ffe2062275a1 Mon Sep 17 00:00:00 2001 From: Jorge Hernandez Date: Wed, 25 Apr 2018 10:49:09 -0500 Subject: cook policy-keystore into drools image OOM team reported issues with ONAP installation in terms of config map sizes. After discussion with OOM team, one solution is to cook it in the docker image itself. This will solve the size issue on the OOM side. Change-Id: I6848370f119cabdae450a1153a88ebd8c0f6b392 Issue-ID: POLICY-747 Signed-off-by: Jorge Hernandez --- packages/base/src/files/etc/ssl/policy-keystore | Bin 0 -> 114865 bytes packages/docker/src/main/docker/do-start.sh | 8 ++++---- packages/docker/src/main/docker/docker-install.sh | 17 ++++++++++++++++- .../src/main/server/config/system.properties | 2 +- 4 files changed, 21 insertions(+), 6 deletions(-) create mode 100644 packages/base/src/files/etc/ssl/policy-keystore diff --git a/packages/base/src/files/etc/ssl/policy-keystore b/packages/base/src/files/etc/ssl/policy-keystore new file mode 100644 index 00000000..c3890965 Binary files /dev/null and b/packages/base/src/files/etc/ssl/policy-keystore differ diff --git a/packages/docker/src/main/docker/do-start.sh b/packages/docker/src/main/docker/do-start.sh index c1ae41d2..dfb65e52 100644 --- a/packages/docker/src/main/docker/do-start.sh +++ b/packages/docker/src/main/docker/do-start.sh @@ -56,10 +56,10 @@ else . /opt/app/policy/etc/profile.d/env.sh - # install policy keystore - - mkdir -p ${POLICY_HOME}/etc/ssl - cp config/policy-keystore ${POLICY_HOME}/etc/ssl + if [[ -f config/policy-keystore ]]; then + # install policy keystore if present + cp config/policy-keystore ${POLICY_HOME}/etc/ssl + fi if [[ -x config/drools-tweaks.sh ]] ; then echo "Executing tweaks" diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh index 4c647f11..c17cba2a 100644 --- a/packages/docker/src/main/docker/docker-install.sh +++ b/packages/docker/src/main/docker/docker-install.sh @@ -239,6 +239,20 @@ function configure_settings() { } +function configure_keystore() { + if [[ $DEBUG == y ]]; then + echo "-- ${FUNCNAME[0]} $@ --" + set -x + fi + + local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap" + + if [[ -n ${KEYSTORE_PASSWD} ]]; then + keytool -storepasswd -storepass ${DEFAULT_KEYSTORE_PASSWORD} -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -new ${KEYSTORE_PASSWD} + keytool -list -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -storepass ${KEYSTORE_PASSWD} + fi +} + function check_r_file() { if [[ $DEBUG == y ]]; then @@ -329,7 +343,8 @@ function configure_base() { configure_component "${BASE_CONF}" "${POLICY_HOME}" configure_settings - + configure_keystore + BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh" PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh" diff --git a/policy-management/src/main/server/config/system.properties b/policy-management/src/main/server/config/system.properties index fbac119a..7f92c879 100644 --- a/policy-management/src/main/server/config/system.properties +++ b/policy-management/src/main/server/config/system.properties @@ -28,7 +28,7 @@ com.sun.management.jmxremote.ssl=false # certs -javax.net.ssl.trustStore=/opt/app/policy/etc/ssl/policy-keystore +javax.net.ssl.trustStore=${{POLICY_HOME}}/etc/ssl/policy-keystore javax.net.ssl.trustStorePassword=${{KEYSTORE_PASSWD}} # standard logging -- cgit 1.2.3-korg