From 532abef3013434369b0d6a126b417db7b6134bd2 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Mon, 18 Sep 2023 09:18:44 +0100 Subject: TLS sdc-be-init: truststore & keystore handling Issue-ID: SDC-4671 Change-Id: Iaa6e4810cb06cc44a393ca4fda561b24ec208711 Signed-off-by: MichaelMorris --- catalog-be/sdc-backend-init/Dockerfile | 2 +- .../recipes/1_create_consumer_and_user.rb | 14 ++++++++++++-- .../sdc-catalog-be-setup/recipes/2_check_Backend.rb | 14 ++++++++++++-- .../sdc-catalog-be-setup/recipes/3_import_Normatives.rb | 12 +++++++++++- 4 files changed, 36 insertions(+), 6 deletions(-) (limited to 'catalog-be/sdc-backend-init') diff --git a/catalog-be/sdc-backend-init/Dockerfile b/catalog-be/sdc-backend-init/Dockerfile index 76e502ab16..4013733259 100644 --- a/catalog-be/sdc-backend-init/Dockerfile +++ b/catalog-be/sdc-backend-init/Dockerfile @@ -20,7 +20,7 @@ RUN apk update && \ curl-dev && \ # needed libcurl to install correctly \ python -m pip install --upgrade pip \ - pip install 'pycurl==7.44.1' && \ + pip install 'pycurl==7.44.1' && \ set -ex && \ gem update --system --no-document && \ gem install --no-update-sources public_suffix:4.0.7 multipart-post:2.2.0 etc:1.3.0 bundler:2.3.26 chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 webrick --no-document && \ diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb index 3aabb0a10e..5de3453bf0 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/1_create_consumer_and_user.rb @@ -3,6 +3,16 @@ if node['disableHttp'] protocol = "https" https_flag = "--https" be_port = node['BE']['https_port'] + if node['BE-init']['tls_cert'] && node['BE-init']['tls_key'] + tls_key = "--tls_key " + node['BE-init']['tls_key'] + tls_cert = "--tls_cert " + node['BE-init']['tls_cert'] + if node['BE-init']['tls_password'] + tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password'] + end + end + if node['BE-init']['ca_cert'] + ca_cert = "--ca_cert " + node['BE-init']['ca_cert'] + end else protocol = "http" https_flag = "" @@ -29,10 +39,10 @@ if node['basic_auth'] end execute "executing-create_users" do - command "sdcuserinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{user_conf_dir} #{https_flag}" + command "sdcuserinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{user_conf_dir} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}" action :run end execute "executing-create_consumers" do - command "sdcconsumerinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag}" + command "sdcconsumerinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}" action :run end diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb index 2e479e0848..72686111f5 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/2_check_Backend.rb @@ -3,6 +3,16 @@ if node['disableHttp'] protocol = "https" https_flag = "--https" be_port = node['BE']['https_port'] + if node['BE-init']['tls_cert'] && node['BE-init']['tls_key'] + tls_key = "--tls_key " + node['BE-init']['tls_key'] + tls_cert = "--tls_cert " + node['BE-init']['tls_cert'] + if node['BE-init']['tls_password'] + tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password'] + end + end + if node['BE-init']['ca_cert'] + ca_cert = "--ca_cert " + node['BE-init']['ca_cert'] + end else protocol = "http" https_flag = "" @@ -22,6 +32,6 @@ if node['basic_auth'] end execute "executing-check_backend_health" do - command "sdccheckbackend -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag}" + command "sdccheckbackend -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}" action :run -end \ No newline at end of file +end diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb index be32e98f2b..cb36ffdc3d 100644 --- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb +++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb @@ -5,6 +5,16 @@ if node['disableHttp'] protocol = "https" be_port = node['BE']['https_port'] param="-i #{be_ip} -p #{be_port} --https" + if node['BE-init']['tls_cert'] && node['BE-init']['tls_key'] + tls_key = "--tls_key " + node['BE-init']['tls_key'] + tls_cert = "--tls_cert " + node['BE-init']['tls_cert'] + if node['BE-init']['tls_password'] + tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password'] + end + end + if node['BE-init']['ca_cert'] + ca_cert = "--ca_cert " + node['BE-init']['ca_cert'] + end else protocol = "http" be_port = node['BE']['http_port'] @@ -27,7 +37,7 @@ cookbook_file "/var/tmp/normatives.tar.gz" do end execute "create-jetty-modules" do - command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} > #{ENV['ONAP_LOG']}/init.log" + command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert} > #{ENV['ONAP_LOG']}/init.log" cwd "/var/tmp/" action :run end -- cgit 1.2.3-korg