From: Ubuntu Date: Mon, 9 Mar 2020 14:11:52 +0000 (+0000) Subject: Remove baked in certs and use downloaded certs X-Git-Tag: 2.0.4~1 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;ds=sidebyside;h=6725f93b143b262249635130e44ff8cc7fccdc30;p=dmaap%2Fbuscontroller.git Remove baked in certs and use downloaded certs Issue-ID: DMAAP-1401 Signed-off-by: Ubuntu Change-Id: I4da88a80a79711d2173fb7814adb9f86e7af8739 --- diff --git a/dmaap-bc/misc/dmaapbc b/dmaap-bc/misc/dmaapbc index 51aa93a..15f2fd2 100644 --- a/dmaap-bc/misc/dmaapbc +++ b/dmaap-bc/misc/dmaapbc @@ -76,7 +76,7 @@ config() { echo "WARNING: Expected env file $CONTAINER_CONFIG not found. Default behaviors in effect" find $CONTAINER_ROOT -type f else - source $CONTAINER_CONFIG + . $CONTAINER_CONFIG fi if [ "$DMAAPBC_WAIT_TO_EXIT" != "Y" ] @@ -87,8 +87,24 @@ config() { echo "Not creating $APP_ROOT/ok_to_exit" fi - . misc/havecert.tmpl > etc/havecert - chmod +x etc/havecert + #. misc/havecert.tmpl > etc/havecert + #chmod +x etc/havecert + echo Check for certificate + TZ=GMT0 + cd /opt/app/dmaapbc; + KEYSTORE=${DMAAPBC_KSTOREFILE:-etc/keystore} + echo "KEYSTORE=$KEYSTORE" + d=`dirname $KEYSTORE` + ls -l $d + if [ -f ${KEYSTORE} ] + then + echo "Goodness: Found ${KEYSTORE}" + else + EMSG="`date '+%F %T,000'` WARN Certificate file $KEYSTORE is missing" + echo $EMSG + echo $EMSG >>${DMAAPBC_LOGS:-logs}/dmaapbc.log + fi + # These files might be better provided in kubernetes configmaps # so if they are there, use them @@ -113,7 +129,7 @@ start() { cd $APP_ROOT pwd - if etc/havecert + if [ -f "$KEYSTORE" ] then echo >/dev/null else diff --git a/dmaap-bc/misc/doaction b/dmaap-bc/misc/doaction deleted file mode 100644 index 7fee592..0000000 --- a/dmaap-bc/misc/doaction +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -# -# ============LICENSE_START========================================== -# org.onap.dmaap -# =================================================================== -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# =================================================================== -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# -# - -cd /opt/app/dmaapbc/etc -for action in "$@" -do -case "$action" in -'backup') - cp log4j.properties log4j.properties.save 2>/dev/null - cp dmaapbc.properties dmaapbc.properties.save 2>/dev/null - cp havecert havecert.save 2>/dev/null - ;; -'stop') - /opt/app/platform/init.d/dmaapbc stop - ;; -'start') - /opt/app/platform/init.d/dmaapbc start || exit 1 - ;; -'config') - /bin/bash log4j.properties.tmpl >log4j.properties - /bin/bash dmaapbc.properties.tmpl >dmaapbc.properties - /bin/bash havecert.tmpl >havecert - /bin/bash PolicyEngineApi.properties.tmpl > ../config/PolicyEngineApi.properties - chmod +x havecert - rm -f /opt/app/platform/rc.d/K90dmaapbc /opt/app/platform/rc.d/S10dmaapbc - ln -s ../init.d/dmaapbc /opt/app/platform/rc.d/K90dmaapbc - ln -s ../init.d/dmaapbc /opt/app/platform/rc.d/S10dmaapbc - ;; -'restore') - cp log4j.properties.save log4j.properties 2>/dev/null - cp dmaapbc.properties.save dmaapbc.properties 2>/dev/null - cp havecert.save havecert 2>/dev/null - ;; -'clean') - rm -f log4j.properties dmaapbc.properties havecert log4j.properties.save dmaapbc.properties.save havecert.save SHUTDOWN redirections.dat VERSION.dmaapbc - rm -f /opt/app/platform/rc.d/K90dmaapbc /opt/app/platform/rc.d/S10dmaapbc - ;; -*) - exit 1 - ;; -esac -done -exit 0 diff --git a/dmaap-bc/misc/havecert.tmpl b/dmaap-bc/misc/havecert.tmpl index a3a5ff8..3d23c7b 100644 --- a/dmaap-bc/misc/havecert.tmpl +++ b/dmaap-bc/misc/havecert.tmpl @@ -21,12 +21,20 @@ # # cat <>${DMAAPBC_LOGS:-logs}/dmaapbc.log +EMSG="`date '+%F %T,000'` WARN Certificate file $KEYSTORE is missing" +echo $EMSG +echo $EMSG >>${DMAAPBC_LOGS:-logs}/dmaapbc.log exit 1 !EOF diff --git a/dmaap-bc/pom.xml b/dmaap-bc/pom.xml index 175f300..6881541 100644 --- a/dmaap-bc/pom.xml +++ b/dmaap-bc/pom.xml @@ -175,21 +175,6 @@ Dockerfile - - - ${basedir}/target/docker-stage/opt/app/dmaapbc/etc - ${multiproject.basedir}/certs - - org.onap.dmaap-bc.cred.props - org.onap.dmaap-bc.crontab.sh - org.onap.dmaap-bc.jks - org.onap.dmaap-bc.keyfile - org.onap.dmaap-bc.location.props - org.onap.dmaap-bc.p12 - org.onap.dmaap-bc.props - org.onap.dmaap-bc.showpass - org.onap.dmaap-bc.trust.jks - ${basedir}/target/docker-stage/opt/app/dmaapbc/misc @@ -228,7 +213,6 @@ ${basedir}/misc dmaapbc - doaction @@ -428,7 +412,7 @@ org.onap.dmaap.dbcapi dbcapi - 2.0.1 + 2.0.2 @@ -466,7 +450,7 @@ 9.4.24.v20191120 1.0.0 1.5.19 - 2.0.3-SNAPSHOT + 2.0.4-SNAPSHOT ${maven.build.timestamp} yyyy-MM-dd HH:mm diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile index 64bd689..fef7fae 100644 --- a/dmaap-bc/src/main/resources/Dockerfile +++ b/dmaap-bc/src/main/resources/Dockerfile @@ -44,13 +44,9 @@ RUN update-ca-certificates #prepare certificate location for cadi -RUN mkdir -p /opt/app/osaaf && \ - ln -s /opt/app/dmaapbc/etc /opt/app/osaaf/local +RUN mkdir -p /opt/app/osaaf -RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \ - chmod 600 etc/keystore && \ - chmod 600 etc/org.onap.dmaap-bc.trust.jks && \ - chmod +x bin/* && \ +RUN chmod +x bin/* && \ mkdir logs && \ mkdir www && \ mkdir doc && \ diff --git a/version.properties b/version.properties index d71c466..0a7d7d9 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=2 minor=0 -patch=3 +patch=4 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins