aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be/src/main/docker/backend/chef-repo/cookbooks
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2023-05-05 11:57:56 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2023-05-08 13:11:02 +0000
commita2feaf9b65cbba66181fb560b5815a62427d65cc (patch)
treebe49cc57d447f7bb94e717e1ee970d4b095e1473 /catalog-be/src/main/docker/backend/chef-repo/cookbooks
parentaf3fdfce91aeea1804c76a8571c102b78dde3794 (diff)
Support SIP TLS
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3 Issue-ID: SDC-4483
Diffstat (limited to 'catalog-be/src/main/docker/backend/chef-repo/cookbooks')
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb4
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb2
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb8
3 files changed, 8 insertions, 6 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index a3e519826c..ba94e21449 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -11,11 +11,11 @@ default['disableHttp'] = true
#| Jetty |
#| |
#+----------------------------------+
-
default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd"
+default['jetty']['keystore_path'] = "etc/org.onap.sdc.p12"
default['jetty']['keystore_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
default['jetty']['keymanager_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
-default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore"
+default['jetty']['truststore_path'] = "etc/org.onap.sdc.trust.jks"
# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
# MUST BE ALSO CHANGE IN THE startup.sh FILE
default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
index 5655d0fd6f..ad66a67e22 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
@@ -51,8 +51,10 @@ template "ssl-ini" do
mode "0755"
variables ({
:https_port => "#{node['BE'][:https_port]}" ,
+ :jetty_keystore_path => "#{node['jetty'][:keystore_path]}" ,
:jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" ,
:jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" ,
+ :jetty_truststore_path => "#{node['jetty'][:truststore_path]}",
:jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}"
})
end
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
index 278fdea2ae..c489825c7b 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
@@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %>
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## Keystore file path (relative to $jetty.base)
-jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12
+jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %>
## Truststore file path (relative to $jetty.base)
-jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks
+jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %>
## Keystore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %>
## Keystore type and provider
-# jetty.sslContext.keyStoreType=JKS
+jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
@@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
## Truststore type and provider
-# jetty.sslContext.trustStoreType=JKS
+jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=
## whether client certificate authentication is required