aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be/sdc-backend-init
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2023-09-18 09:18:44 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2023-10-27 14:32:56 +0000
commit532abef3013434369b0d6a126b417db7b6134bd2 (patch)
treefd55c00a9c33bc1debfec3a6c2098264406f22ea /catalog-be/sdc-backend-init
parentc6d49ae4af0b13bd0f75a878ffa88487ef38afc2 (diff)
TLS sdc-be-init: truststore & keystore handling
Issue-ID: SDC-4671 Change-Id: Iaa6e4810cb06cc44a393ca4fda561b24ec208711 Signed-off-by: MichaelMorris <michael.morris@est.tech>
Diffstat (limited to 'catalog-be/sdc-backend-init')
-rw-r--r--catalog-be/sdc-backend-init/Dockerfile2
-rw-r--r--catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb14
-rw-r--r--catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb14
-rw-r--r--catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb12
4 files changed, 36 insertions, 6 deletions
diff --git a/catalog-be/sdc-backend-init/Dockerfile b/catalog-be/sdc-backend-init/Dockerfile
index 76e502ab16..4013733259 100644
--- a/catalog-be/sdc-backend-init/Dockerfile
+++ b/catalog-be/sdc-backend-init/Dockerfile
@@ -20,7 +20,7 @@ RUN apk update && \
curl-dev && \
# needed libcurl to install correctly \
python -m pip install --upgrade pip \
- pip install 'pycurl==7.44.1' && \
+ pip install 'pycurl==7.44.1' && \
set -ex && \
gem update --system --no-document && \
gem install --no-update-sources public_suffix:4.0.7 multipart-post:2.2.0 etc:1.3.0 bundler:2.3.26 chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 webrick --no-document && \
diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb
index 3aabb0a10e..5de3453bf0 100644
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb
@@ -3,6 +3,16 @@ if node['disableHttp']
protocol = "https"
https_flag = "--https"
be_port = node['BE']['https_port']
+ if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+ tls_key = "--tls_key " + node['BE-init']['tls_key']
+ tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+ if node['BE-init']['tls_password']
+ tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+ end
+ end
+ if node['BE-init']['ca_cert']
+ ca_cert = "--ca_cert " + node['BE-init']['ca_cert']
+ end
else
protocol = "http"
https_flag = ""
@@ -29,10 +39,10 @@ if node['basic_auth']
end
execute "executing-create_users" do
- command "sdcuserinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{user_conf_dir} #{https_flag}"
+ command "sdcuserinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{user_conf_dir} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}"
action :run
end
execute "executing-create_consumers" do
- command "sdcconsumerinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag}"
+ command "sdcconsumerinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}"
action :run
end
diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb
index 2e479e0848..72686111f5 100644
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb
@@ -3,6 +3,16 @@ if node['disableHttp']
protocol = "https"
https_flag = "--https"
be_port = node['BE']['https_port']
+ if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+ tls_key = "--tls_key " + node['BE-init']['tls_key']
+ tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+ if node['BE-init']['tls_password']
+ tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+ end
+ end
+ if node['BE-init']['ca_cert']
+ ca_cert = "--ca_cert " + node['BE-init']['ca_cert']
+ end
else
protocol = "http"
https_flag = ""
@@ -22,6 +32,6 @@ if node['basic_auth']
end
execute "executing-check_backend_health" do
- command "sdccheckbackend -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag}"
+ command "sdccheckbackend -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}"
action :run
-end \ No newline at end of file
+end
diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
index be32e98f2b..cb36ffdc3d 100644
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
@@ -5,6 +5,16 @@ if node['disableHttp']
protocol = "https"
be_port = node['BE']['https_port']
param="-i #{be_ip} -p #{be_port} --https"
+ if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+ tls_key = "--tls_key " + node['BE-init']['tls_key']
+ tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+ if node['BE-init']['tls_password']
+ tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+ end
+ end
+ if node['BE-init']['ca_cert']
+ ca_cert = "--ca_cert " + node['BE-init']['ca_cert']
+ end
else
protocol = "http"
be_port = node['BE']['http_port']
@@ -27,7 +37,7 @@ cookbook_file "/var/tmp/normatives.tar.gz" do
end
execute "create-jetty-modules" do
- command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} > #{ENV['ONAP_LOG']}/init.log"
+ command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert} > #{ENV['ONAP_LOG']}/init.log"
cwd "/var/tmp/"
action :run
end