[AAI] Simplify cert retrieval script
As retrieving values is now done via a generic script, let's clean a
little bit cert retrieval in order to be faster.
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I98dc2add27f39f615f34b319ea88edeeac987334
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 7dc79a7..d630647 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -122,9 +122,9 @@
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststoreAllPassword }}'
+ value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststoreAllPassword }}
+ value: {{ .Values.certInitializer.truststorePassword }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 37af7a7..b1d8a0a 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -137,21 +137,11 @@
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.aai-resources
aaf_add_config: |
- echo "*** retrieving password for keystore and trustore"
- export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- if [ -z "$cadi_keystore_password_p12" ]
- then
- echo " /!\ certificates retrieval wasn't good"
- exit 1
- else
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
- fi
- truststoreAllPassword: changeit
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-resources:1.8.2
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index 2362149..7e54f1d 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -137,7 +137,7 @@
/bin/bash /opt/app/aai-traversal/docker-entrypoint.sh
env:
- name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststoreAllPassword }}
+ value: {{ .Values.certInitializer.truststorePassword }}
- name: DISABLE_UPDATE_QUERY
value: {{ .Values.config.disableUpdateQuery | quote }}
- name: LOCAL_USER_ID
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 1e3a962..8a063c2 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -123,21 +123,11 @@
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.aai-traversal
aaf_add_config: |
- echo "*** retrieving password for keystore and trustore"
- export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- if [ -z "$cadi_keystore_password_p12" ]
- then
- echo " /!\ certificates retrieval wasn't good"
- exit 1
- else
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
- fi
- truststoreAllPassword: changeit
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-traversal:1.8.0
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 1e509bd..ed61778 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -291,10 +291,6 @@
cadi_latitude: "0.0"
credsPath: /opt/app/osaaf/local
aaf_add_config: |
- echo "*** retrieving passwords from AAF"
- /opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
- export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0)
echo "*** transform AAF certs into pem files"
mkdir -p {{ .Values.credsPath }}/certs
keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \