Fix cacert

Change baseimage to permit chmod keystore to allow adding onap cacert

Issue-ID: DCAEGEN2-2330
Change-Id: Ida2b70466d306afdd686d3b321e952169ee1b229
Signed-off-by: Schmalzried, Terry (ts862m) <ts862m@att.com>

diff --git a/pom.xml b/pom.xml
index 9f218fc..155cf42 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -220,13 +220,16 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
                         <imageTag>${project.version}</imageTag>
                         <imageTag>latest</imageTag>
                     </imageTags>
-                    <baseImage>onap/integration-java11:7.0.0</baseImage>
+                    <baseImage>openjdk:11.0.6-jre-slim</baseImage>
                     <runs>
+                        <run>chmod 666 /usr/local/openjdk-11/lib/security/cacerts</run>
+                        <run>groupadd -r sch</run>
+                        <run>useradd -ms /bin/bash sch -g sch</run>
                     </runs>
-                    <user>onap</user>
+                    <user>sch</user>
                     <!-- NOTE: Couldn't figure out how to package the jar to be named: ${project.build.finalName}. This might be
                             because of the clojure maven plugin -->
-                    <entryPoint>["/bin/sh", "-c", "/opt/sch.sh"]</entryPoint>
+                    <entryPoint>["/opt/sch.sh"]</entryPoint>
                     <!-- copy the service's jar file from target into the root directory of the image -->
                     <resources>
                         <resource>

diff --git a/resources/sch.sh b/resources/sch.sh
index c4e4dab..52fb8d6 100755 (executable)
--- a/resources/sch.sh
+++ b/resources/sch.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,8 +40,7 @@ fi
 # Add the cacert to validate inventory's cert to support TLS.  This command is
 # allowed to fail when there is no need for https.
 # NOTE: This user must have permission to write to /usr/local/openjdk-11/lib/security/cacerts
-keytool -importcert -file $PATH_TO_CACERT -keystore /usr/local/openjdk-11/lib/security/cacerts -alias "inventory" -noprompt -storepass changeit
+keytool -importcert -file $PATH_TO_CACERT -cacerts -alias "inventory" -noprompt -storepass changeit
 
 # Now launch SCH
 java -jar /opt/servicechange-handler.jar $SCH_ARGS
-

diff --git a/startSCH.sh b/startSCH.sh
index 3e74b3c..951b1eb 100644 (file)
--- a/startSCH.sh
+++ b/startSCH.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 
-grep "^nameserver" /opt/onap/etc/resolv.conf >> /etc/resolv.conf
+grep "^nameserver" /opt/sch/etc/resolv.conf >> /etc/resolv.conf
 
 service sendmail start
 
-java -Dlogback.configurationFile=logback.xml -jar /opt/onap/target/dcae-service-change-handler.jar prod http://consul:8500/v1/kv/service-change-handler?raw=true
+java -Dlogback.configurationFile=logback.xml -jar /opt/sch/target/dcae-service-change-handler.jar prod http://consul:8500/v1/kv/service-change-handler?raw=true