diff options
author | vasraz <vasyl.razinkov@est.tech> | 2023-05-05 11:57:56 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2023-05-08 13:11:02 +0000 |
commit | a2feaf9b65cbba66181fb560b5815a62427d65cc (patch) | |
tree | be49cc57d447f7bb94e717e1ee970d4b095e1473 /catalog-fe/sdc-frontend/chef-repo | |
parent | af3fdfce91aeea1804c76a8571c102b78dde3794 (diff) |
Support SIP TLS
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3
Issue-ID: SDC-4483
Diffstat (limited to 'catalog-fe/sdc-frontend/chef-repo')
3 files changed, 9 insertions, 5 deletions
diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb index 9fbb363bf9..85f8fcf6a3 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb @@ -4,8 +4,10 @@ default['BE'][:https_port] = 8443 default['FE'][:http_port] = 8181 default['FE'][:https_port] = 9443 default['disableHttp'] = true +default['jetty']['keystore_path'] = "etc/org.onap.sdc.p12" default['jetty'][:keystore_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31" default['jetty'][:keymanager_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31" +default['jetty']['truststore_path'] = "etc/org.onap.sdc.trust.jks" # TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION # MUST BE ALSO CHANGE IN THE startup.sh FILE default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0" @@ -17,4 +19,4 @@ default['ONBOARDING_BE'][:https_port] = 8445 #BasicAuth default['basic_auth']['enabled'] = true default['basic_auth'][:user_name] = "testName" -default['basic_auth'][:user_pass] = "testPass"
\ No newline at end of file +default['basic_auth'][:user_pass] = "testPass" diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb index 734c05ae02..e465d9f087 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb @@ -49,8 +49,10 @@ template "ssl-ini" do mode "0755" variables({ :https_port => "#{node['FE'][:https_port]}" , + :jetty_keystore_path => "#{node['jetty'][:keystore_path]}" , :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" , :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" , + :jetty_truststore_path => "#{node['jetty'][:truststore_path]}", :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}" }) end diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb index 278fdea2ae..c489825c7b 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb @@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %> ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html ## Keystore file path (relative to $jetty.base) -jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 +jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %> ## Truststore file path (relative to $jetty.base) -jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks +jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %> ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %> ## Keystore type and provider -# jetty.sslContext.keyStoreType=JKS +jetty.sslContext.keyStoreType=JKS # jetty.sslContext.keyStoreProvider= ## KeyManager password @@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %> jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %> ## Truststore type and provider -# jetty.sslContext.trustStoreType=JKS +jetty.sslContext.trustStoreType=JKS # jetty.sslContext.trustStoreProvider= ## whether client certificate authentication is required |