[SO] Import various CAs in truststore
Per default, SO truststore has only one CA, the ONAP one.
But we also need MSB root CA. The process to onboard was broken and this
patch solves it
We also needs "common root CAs" in order to discuss with other
components such as the underneath OpenStack.
In this patch we also import all "known" root CA from truststoreONAPall.
Issue-ID: OOM-2606
Issue-ID: OOM-2607
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia67bd4aec7a0b122fb9fda11e1e48c4e6e55430c
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
index fa25ba5..ef3b076 100644
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -16,7 +16,11 @@
keytool -import -trustcacerts -alias msb_root -file \
/certificates/msb-ca.crt -keystore \
"{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -keypass $cadi_truststore_password -noprompt
+ -storepass $cadi_truststore_password -noprompt
+ keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+ -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+ -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -deststorepass $cadi_truststore_password -noprompt
volumeMounts:
{{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- name: {{ include "common.name" $dot }}-msb-certificate