From 8056725eb5d1b1099797828d074bfea0f646f494 Mon Sep 17 00:00:00 2001
From: Michal Ptacek <m.ptacek@partner.samsung.com>
Date: Tue, 29 Jan 2019 17:17:12 +0000
Subject: [PATCH] Extract certificate to cloudify-manager

DCAE bootstraping require that bootstrap/cloudify-manager pods has
to trust our certificate. We are mounting path to this certificate
to respective pod.

Change-Id: Ie2ea796851e6def52d4ec556c9d5b19633e8a743
Issue-ID: OOM-1618
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
---
 patches/casablanca_3.0.0.patch                    | 29 +++++++++++++++++++++++
 patches/onap-casablanca-patch-role/tasks/main.yml | 10 ++++++++
 2 files changed, 39 insertions(+)

diff --git a/patches/casablanca_3.0.0.patch b/patches/casablanca_3.0.0.patch
index 9a3bcabb..1426e915 100644
--- a/patches/casablanca_3.0.0.patch
+++ b/patches/casablanca_3.0.0.patch
@@ -35,3 +35,32 @@
            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
            ports:
+--- kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml  2019-01-24 09:55:30.000000000 +0100
++++ kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml  2019-01-29 18:07:59.057804519 +0100
+@@ -70,6 +70,8 @@
+           - mountPath: /etc/localtime
+             name: localtime
+             readOnly: true
++          - mountPath: /etc/pki/ca-trust/source/anchors
++            name: root-ca
+           securityContext:
+             privileged: True
+           lifecycle:
+@@ -82,6 +84,8 @@
+                   set -ex
+                   mkdir -p /var/run/secrets/kubernetes.io/
+                   ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
++                  echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
++                  update-ca-trust extract
+       volumes:
+         - name: {{ include "common.fullname" . }}-config
+           configMap:
+@@ -95,5 +99,8 @@
+         - name: localtime
+           hostPath:
+             path: /etc/localtime
++        - name: root-ca
++          hostPath:
++            path: /etc/pki/ca-trust/source/anchors
+       imagePullSecrets:
+       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/patches/onap-casablanca-patch-role/tasks/main.yml b/patches/onap-casablanca-patch-role/tasks/main.yml
index a7064b16..d3b92e5b 100644
--- a/patches/onap-casablanca-patch-role/tasks/main.yml
+++ b/patches/onap-casablanca-patch-role/tasks/main.yml
@@ -22,3 +22,13 @@
   with_items:
     - common/dgbuilder/templates/deployment.yaml
     - sdnc/charts/sdnc-portal/templates/deployment.yaml
+
+- name: Patch OOM - set cert path for cloudify
+  lineinfile:
+    path: "{{ app_helm_charts_infra_directory }}/{{ item }}"
+    regexp: '^(.*)CERT_PATH'
+    line: '\g<1>/etc/pki/ca-trust/source/anchors'
+    backrefs: yes
+    state: present
+  with_items:
+    - dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
-- 
2.16.6