&& curl -Ss https://cloudify.co/spec/cloudify/3.4/types.yaml > /opt/manager/resources/spec/cloudify/3.4/types.yaml\
&& chown -R cfyuser:cfyuser /opt/manager/resources/spec/cloudify/3.4\
&& chmod +x scripts/*.sh\
+ && /scripts/configure-tls.sh\
&& echo "/scripts/setup-secret.sh" >> /etc/rc.d/rc.local\
&& echo "/scripts/set-resolver-rules.sh" >> /etc/rc.d/rc.local\
&& chmod +x /etc/rc.d/rc.local
# Create mount point for CM config file
RUN mkdir -p /opt/onap && chown cfyuser:cfyuser /opt/onap
-# For HEAT environment, install software needed to use Cloudify CLI 4.2 to install plugins & deploy blueprints locally
-# Install python development-related packages
-RUN yum install -y gcc python-devel python-virtualenv python-pip
-
# Install jq (used for cleanup--parsing output of CM API call)
RUN curl -Ss -L "https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64" > /bin/jq \
&& chmod +x /bin/jq
-# Set up virtualenv and install Cloudify CLI 4.2
-RUN pip install --upgrade pip==9.0.3 \
- && virtualenv cfy42 \
- && source cfy42/bin/activate \
- && pip install cloudify==4.2
-
CMD ["/scripts/start-persistent.sh"]
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# Set up configuration files so that CM uses TLS on its external API
+
+# Change the nginx configuration -- this is what actually makes it work
+SSLCONFPATTERN="^include \"/etc/nginx/conf.d/http-external-rest-server.cloudify\""
+SSLCONFREPLACE="include \"/etc/nginx/conf.d/https-external-rest-server.cloudify\""
+sed -i -e "s#${SSLCONFPATTERN}#${SSLCONFREPLACE}#" /etc/nginx/conf.d/cloudify.conf
+
+# Set certificate and key locations
+sed -i -e "s# ssl_certificate .*;# ssl_certificate /opt/onap/certs/cert.pem;#" /etc/nginx/conf.d/https-external-rest-server.cloudify
+sed -i -e "s# ssl_certificate_key .*;# ssl_certificate_key /opt/onap/certs/key.pem;#" /etc/nginx/conf.d/https-external-rest-server.cloudify
+
+# Change the cloudify config file, just to be safe
+# Someone might run cfy_manager configure on the CM container for some reason
+# and we don't want them to overwrite the TLS configuration
+# (Running cfy_manager configure is a bad idea, though, because it often fails.)
+sed -i -e "s#^ ssl_enabled: false# ssl_enabled: true#" /etc/cloudify/config.yaml
+
+# The Cloudify command line tool ('cfy') needs to be configured for TLS as well
+# (The readiness check script uses 'cfy status')
+sed -i -e "s#^rest_port: 80#rest_port: 443#" /root/.cloudify/profiles/localhost/context
+sed -i -e "s/^rest_protocol: http$/rest_protocol: https/" /root/.cloudify/profiles/localhost/context
+sed -i -e "s#^rest_certificate: !!python/unicode '/etc/cloudify/ssl/cloudify_external_cert.pem'#rest_certificate: !!python/unicode '/opt/onap/certs/cacert.pem'#" /root/.cloudify/profiles/localhost/context
+sed -i -e "s#^manager_ip: !!python/unicode 'localhost'#manager_ip: !!python/unicode 'dcae-cloudify-manager'#" /root/.cloudify/profiles/localhost/context