Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add keystore.xml to overrides not defaults #474

Open
wants to merge 1 commit into
base: vNext
Choose a base branch
from
Open

Add keystore.xml to overrides not defaults #474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 15 additions & 5 deletions releases/24.0.0.1/full/helpers/runtime/docker-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ function importKeyCert() {

# Import the private key and certificate into new keystore
if [ -f "${CERT_FOLDER}/${KEY_FILE}" ] && [ -f "${CERT_FOLDER}/${CRT_FILE}" ]; then
# Mounted certificates found. Assume the user wants to overwrite any existing keystore
# and add these certificates
echo "Found mounted TLS certificates, generating keystore"
setPasswords PASSWORD TRUSTSTORE_PASSWORD
mkdir -p /output/resources/security
Expand All @@ -44,7 +46,14 @@ function importKeyCert() {
fi

# Since we are creating new keystore, always write new password to a file
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathOverride
# If configure.sh was run at container build time, there will be a keystore.xml in configDropins/defaults
# This will cause a conflict and a warning on server startup, so we should try to delete it
if [ -e "$keystorePathDefault" ];
then
echo "Attempting to remove a previous keystore.xml"
rm "$keystorePathDefault"
fi

# Add mounted CA to the truststore
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
Expand All @@ -70,10 +79,10 @@ function importKeyCert() {
rm -rf /tmp/certs
fi

# Add the keystore password to server configuration
if [ ! -e $keystorePath ]; then
# If no keystore has been created, add a keystore password to server configuration
if [ ! -e "$keystorePathDefault" ] && [ ! -e "$keystorePathOverride" ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathDefault
fi
if [ -e $TRUSTSTORE_FILE ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
Expand All @@ -89,7 +98,8 @@ SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults
SNIPPETS_TARGET_OVERRIDES=/config/configDropins/overrides

keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathDefault="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml"

if [ "$SSL" = "true" ] || [ "$TLS" = "true" ]; then
cp $SNIPPETS_SOURCE/tls.xml $SNIPPETS_TARGET_OVERRIDES/tls.xml
Expand Down
20 changes: 15 additions & 5 deletions releases/24.0.0.1/kernel-slim/helpers/runtime/docker-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ function importKeyCert() {

# Import the private key and certificate into new keystore
if [ -f "${CERT_FOLDER}/${KEY_FILE}" ] && [ -f "${CERT_FOLDER}/${CRT_FILE}" ]; then
# Mounted certificates found. Assume the user wants to overwrite any existing keystore
# and add these certificates
echo "Found mounted TLS certificates, generating keystore"
setPasswords PASSWORD TRUSTSTORE_PASSWORD
mkdir -p /output/resources/security
Expand All @@ -44,7 +46,14 @@ function importKeyCert() {
fi

# Since we are creating new keystore, always write new password to a file
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathOverride
# If configure.sh was run at container build time, there will be a keystore.xml in configDropins/defaults
# This will cause a conflict and a warning on server startup, so we should try to delete it
if [ -e "$keystorePathDefault" ];
then
echo "Attempting to remove a previous keystore.xml"
rm "$keystorePathDefault"
fi

# Add mounted CA to the truststore
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
Expand All @@ -70,10 +79,10 @@ function importKeyCert() {
rm -rf /tmp/certs
fi

# Add the keystore password to server configuration
if [ ! -e $keystorePath ]; then
# If no keystore has been created, add a keystore password to server configuration
if [ ! -e "$keystorePathDefault" ] && [ ! -e "$keystorePathOverride" ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathDefault
fi
if [ -e $TRUSTSTORE_FILE ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
Expand All @@ -89,7 +98,8 @@ SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults
SNIPPETS_TARGET_OVERRIDES=/config/configDropins/overrides

keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathDefault="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml"

if [ "$SSL" = "true" ] || [ "$TLS" = "true" ]; then
cp $SNIPPETS_SOURCE/tls.xml $SNIPPETS_TARGET_OVERRIDES/tls.xml
Expand Down
20 changes: 15 additions & 5 deletions releases/latest/beta/helpers/runtime/docker-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ function importKeyCert() {

# Import the private key and certificate into new keystore
if [ -f "${CERT_FOLDER}/${KEY_FILE}" ] && [ -f "${CERT_FOLDER}/${CRT_FILE}" ]; then
# Mounted certificates found. Assume the user wants to overwrite any existing keystore
# and add these certificates
echo "Found mounted TLS certificates, generating keystore"
setPasswords PASSWORD TRUSTSTORE_PASSWORD
mkdir -p /output/resources/security
Expand All @@ -44,7 +46,14 @@ function importKeyCert() {
fi

# Since we are creating new keystore, always write new password to a file
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathOverride
# If configure.sh was run at container build time, there will be a keystore.xml in configDropins/defaults
# This will cause a conflict and a warning on server startup, so we should try to delete it
if [ -e "$keystorePathDefault" ];
then
echo "Attempting to remove a previous keystore.xml"
rm "$keystorePathDefault"
fi

# Add mounted CA to the truststore
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
Expand All @@ -70,10 +79,10 @@ function importKeyCert() {
rm -rf /tmp/certs
fi

# Add the keystore password to server configuration
if [ ! -e $keystorePath ]; then
# If no keystore has been created, add a keystore password to server configuration
if [ ! -e "$keystorePathDefault" ] && [ ! -e "$keystorePathOverride" ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathDefault
fi
if [ -e $TRUSTSTORE_FILE ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
Expand All @@ -89,7 +98,8 @@ SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults
SNIPPETS_TARGET_OVERRIDES=/config/configDropins/overrides

keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathDefault="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml"

if [ "$SSL" = "true" ] || [ "$TLS" = "true" ]; then
cp $SNIPPETS_SOURCE/tls.xml $SNIPPETS_TARGET_OVERRIDES/tls.xml
Expand Down
20 changes: 15 additions & 5 deletions releases/latest/full/helpers/runtime/docker-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ function importKeyCert() {

# Import the private key and certificate into new keystore
if [ -f "${CERT_FOLDER}/${KEY_FILE}" ] && [ -f "${CERT_FOLDER}/${CRT_FILE}" ]; then
# Mounted certificates found. Assume the user wants to overwrite any existing keystore
# and add these certificates
echo "Found mounted TLS certificates, generating keystore"
setPasswords PASSWORD TRUSTSTORE_PASSWORD
mkdir -p /output/resources/security
Expand All @@ -44,7 +46,14 @@ function importKeyCert() {
fi

# Since we are creating new keystore, always write new password to a file
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathOverride
# If configure.sh was run at container build time, there will be a keystore.xml in configDropins/defaults
# This will cause a conflict and a warning on server startup, so we should try to delete it
if [ -e "$keystorePathDefault" ];
then
echo "Attempting to remove a previous keystore.xml"
rm "$keystorePathDefault"
fi

# Add mounted CA to the truststore
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
Expand All @@ -70,10 +79,10 @@ function importKeyCert() {
rm -rf /tmp/certs
fi

# Add the keystore password to server configuration
if [ ! -e $keystorePath ]; then
# If no keystore has been created, add a keystore password to server configuration
if [ ! -e "$keystorePathDefault" ] && [ ! -e "$keystorePathOverride" ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathDefault
fi
if [ -e $TRUSTSTORE_FILE ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
Expand All @@ -89,7 +98,8 @@ SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults
SNIPPETS_TARGET_OVERRIDES=/config/configDropins/overrides

keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathDefault="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml"

if [ "$SSL" = "true" ] || [ "$TLS" = "true" ]; then
cp $SNIPPETS_SOURCE/tls.xml $SNIPPETS_TARGET_OVERRIDES/tls.xml
Expand Down
20 changes: 15 additions & 5 deletions releases/latest/kernel-slim/helpers/runtime/docker-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ function importKeyCert() {

# Import the private key and certificate into new keystore
if [ -f "${CERT_FOLDER}/${KEY_FILE}" ] && [ -f "${CERT_FOLDER}/${CRT_FILE}" ]; then
# Mounted certificates found. Assume the user wants to overwrite any existing keystore
# and add these certificates
echo "Found mounted TLS certificates, generating keystore"
setPasswords PASSWORD TRUSTSTORE_PASSWORD
mkdir -p /output/resources/security
Expand All @@ -44,7 +46,14 @@ function importKeyCert() {
fi

# Since we are creating new keystore, always write new password to a file
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathOverride
# If configure.sh was run at container build time, there will be a keystore.xml in configDropins/defaults
# This will cause a conflict and a warning on server startup, so we should try to delete it
if [ -e "$keystorePathDefault" ];
then
echo "Attempting to remove a previous keystore.xml"
rm "$keystorePathDefault"
fi

# Add mounted CA to the truststore
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
Expand All @@ -70,10 +79,10 @@ function importKeyCert() {
rm -rf /tmp/certs
fi

# Add the keystore password to server configuration
if [ ! -e $keystorePath ]; then
# If no keystore has been created, add a keystore password to server configuration
if [ ! -e "$keystorePathDefault" ] && [ ! -e "$keystorePathOverride" ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathDefault
fi
if [ -e $TRUSTSTORE_FILE ]; then
setPasswords PASSWORD TRUSTSTORE_PASSWORD
Expand All @@ -89,7 +98,8 @@ SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults
SNIPPETS_TARGET_OVERRIDES=/config/configDropins/overrides

keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathDefault="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml"

if [ "$SSL" = "true" ] || [ "$TLS" = "true" ]; then
cp $SNIPPETS_SOURCE/tls.xml $SNIPPETS_TARGET_OVERRIDES/tls.xml
Expand Down