Extract certificate to cloudify-manager

author Michal Ptacek <m.ptacek@partner.samsung.com>

Tue, 29 Jan 2019 17:17:12 +0000 (17:17 +0000)

committer Michal Ptacek <m.ptacek@partner.samsung.com>

Wed, 6 Feb 2019 08:24:54 +0000 (08:24 +0000)
author Michal Ptacek <m.ptacek@partner.samsung.com>
Tue, 29 Jan 2019 17:17:12 +0000 (17:17 +0000)
committer Michal Ptacek <m.ptacek@partner.samsung.com>
Wed, 6 Feb 2019 08:24:54 +0000 (08:24 +0000)
diff --git a/patches/casablanca_3.0.0.patch b/patches/casablanca_3.0.0.patch

index 9a3bcab..1426e91 100644 (file)
--- a/patches/casablanca_3.0.0.patch
+++ b/patches/casablanca_3.0.0.patch
@@ -35,3 +35,32 @@
             image: "{{ include "common.repository" . }}/{{ .Values.image }}"
             imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
             ports:
+--- kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml  2019-01-24 09:55:30.000000000 +0100
++++ kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml  2019-01-29 18:07:59.057804519 +0100
+@@ -70,6 +70,8 @@
+           - mountPath: /etc/localtime
+             name: localtime
+             readOnly: true
++          - mountPath: /etc/pki/ca-trust/source/anchors
++            name: root-ca
+           securityContext:
+             privileged: True
+           lifecycle:
+@@ -82,6 +84,8 @@
+                   set -ex
+                   mkdir -p /var/run/secrets/kubernetes.io/
+                   ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
++                  echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
++                  update-ca-trust extract
+       volumes:
+         - name: {{ include "common.fullname" . }}-config
+           configMap:
+@@ -95,5 +99,8 @@
+         - name: localtime
+           hostPath:
+             path: /etc/localtime
++        - name: root-ca
++          hostPath:
++            path: /etc/pki/ca-trust/source/anchors
+       imagePullSecrets:
+       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/patches/onap-casablanca-patch-role/tasks/main.yml b/patches/onap-casablanca-patch-role/tasks/main.yml

index a7064b1..d3b92e5 100644 (file)
--- a/patches/onap-casablanca-patch-role/tasks/main.yml
+++ b/patches/onap-casablanca-patch-role/tasks/main.yml
@@ -22,3 +22,13 @@
    with_items:
      - common/dgbuilder/templates/deployment.yaml
      - sdnc/charts/sdnc-portal/templates/deployment.yaml
+
+- name: Patch OOM - set cert path for cloudify
+  lineinfile:
+    path: "{{ app_helm_charts_infra_directory }}/{{ item }}"
+    regexp: '^(.*)CERT_PATH'
+    line: '\g<1>/etc/pki/ca-trust/source/anchors'
+    backrefs: yes
+    state: present
+  with_items:
+    - dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
author	Michal Ptacek <m.ptacek@partner.samsung.com>
	Tue, 29 Jan 2019 17:17:12 +0000 (17:17 +0000)
committer	Michal Ptacek <m.ptacek@partner.samsung.com>
	Wed, 6 Feb 2019 08:24:54 +0000 (08:24 +0000)
patches/casablanca_3.0.0.patch		patch \| blob \| history
patches/onap-casablanca-patch-role/tasks/main.yml		patch \| blob \| history