Copy Keystore to PE for TLS Support

Added copy of drools keystore to config/pe so that container has
a copy of the self-signed cert to enable TLS encrpytion with automatic
install process. Added copy to do-start.sh to install keystore in final
destination in pap container.

Issue-ID: POLICY-520
Change-Id: Ie6394b5b79ec98cfa6231c46b21a0b4bfb20869a
Signed-off-by: Temoc Rodriguez <cr056n@att.com>

diff --git a/config/pe/policy-keystore b/config/pe/policy-keystore
new file mode 100644 (file)
index 0000000..ab25c3a
Binary files /dev/null and b/config/pe/policy-keystore differ

diff --git a/policy-pe/do-start.sh b/policy-pe/do-start.sh
index ab8e5a1..614ad1e 100644 (file)
--- a/policy-pe/do-start.sh
+++ b/policy-pe/do-start.sh
@@ -28,7 +28,7 @@ if [[ -f /opt/app/policy/etc/build.info ]]; then
        echo "Found existing installation, will not reinstall"
        . /opt/app/policy/etc/profile.d/env.sh
 
-else 
+else
        if [[ -d config ]]; then
                cp config/*.conf .
        fi
@@ -44,10 +44,10 @@ else
 
        . /opt/app/policy/etc/profile.d/env.sh
 
-       # install keystore
-       #changed to use http instead of http, so keystore no longer needed
-       #cp config/policy-keystore.jks $POLICY_HOME/etc/ssl/policy-keystore
-       
+       # install policy keystore
+       mkdir -p $POLICY_HOME/etc/ssl
+       cp config/policy-keystore $POLICY_HOME/etc/ssl
+
        if [[ -f config/$container-tweaks.sh ]] ; then
                # file may not be executable; running it as an
                # argument to bash avoids needing execute perms.