diff options
author | vasraz <vasyl.razinkov@est.tech> | 2023-05-05 11:57:56 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2023-05-08 13:11:02 +0000 |
commit | a2feaf9b65cbba66181fb560b5815a62427d65cc (patch) | |
tree | be49cc57d447f7bb94e717e1ee970d4b095e1473 /catalog-be/src/main/docker/backend/chef-repo/cookbooks | |
parent | af3fdfce91aeea1804c76a8571c102b78dde3794 (diff) |
Support SIP TLS
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3
Issue-ID: SDC-4483
Diffstat (limited to 'catalog-be/src/main/docker/backend/chef-repo/cookbooks')
3 files changed, 8 insertions, 6 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb index a3e519826c..ba94e21449 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb @@ -11,11 +11,11 @@ default['disableHttp'] = true #| Jetty | #| | #+----------------------------------+ - default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd" +default['jetty']['keystore_path'] = "etc/org.onap.sdc.p12" default['jetty']['keystore_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31" default['jetty']['keymanager_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31" -default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore" +default['jetty']['truststore_path'] = "etc/org.onap.sdc.trust.jks" # TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION # MUST BE ALSO CHANGE IN THE startup.sh FILE default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0" diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb index 5655d0fd6f..ad66a67e22 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb @@ -51,8 +51,10 @@ template "ssl-ini" do mode "0755" variables ({ :https_port => "#{node['BE'][:https_port]}" , + :jetty_keystore_path => "#{node['jetty'][:keystore_path]}" , :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" , :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" , + :jetty_truststore_path => "#{node['jetty'][:truststore_path]}", :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}" }) end diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb index 278fdea2ae..c489825c7b 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb @@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %> ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html ## Keystore file path (relative to $jetty.base) -jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 +jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %> ## Truststore file path (relative to $jetty.base) -jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks +jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %> ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %> ## Keystore type and provider -# jetty.sslContext.keyStoreType=JKS +jetty.sslContext.keyStoreType=JKS # jetty.sslContext.keyStoreProvider= ## KeyManager password @@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %> jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %> ## Truststore type and provider -# jetty.sslContext.trustStoreType=JKS +jetty.sslContext.trustStoreType=JKS # jetty.sslContext.trustStoreProvider= ## whether client certificate authentication is required |