Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap docker image: provide script to replace references to ENV variables for keystore configuration #2609

Closed
gunterze opened this issue Jun 1, 2020 · 0 comments
Closed

ldap docker image: provide script to replace references to ENV variables for keystore configuration #2609

gunterze opened this issue Jun 1, 2020 · 0 comments
Assignees
@gunterze
Labels
enhancement New feature or request
Milestone
5.22.3

Comments

@gunterze
Copy link
Member

gunterze commented Jun 1, 2020

The default configuration of used TLS key and trust stores for the archive device:

dn: dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dcmKeyStoreURL: file://${env.KEYSTORE}
dcmKeyStoreType: ${env.KEYSTORE_TYPE}
dcmKeyStorePin: ${env.KEYSTORE_PASSWORD}
dcmKeyStoreKeyPin: ${env.KEY_PASSWORD}
dcmTrustStoreURL: file://${env.TRUSTSTORE}
dcmTrustStorePin: ${env.TRUSTSTORE_PASSWORD}

relies on environment variables resolvable by the archive. By running the docker image of the archive, these environment variables are initialized to sensible defaults:

ENV variable default value
KEYSTORE /opt/keycloak/standalone/configuration/keystore/key.jks
KEYSTORE_TYPE JKS
KEYSTORE_PASSWORD secret
KEY_PASSWORD secret
TRUSTSTORE /opt/keycloak/standalone/configuration/keystore/cacerts.jks
TRUSTSTORE_PASSWORD secret

If you install Wildfly and deploy the archive yourself, not using the provided docker image for the archive, but using the docker image for ldap, you will have to

  • either take care to set these envirionment variables yourself with appropriate values
  • or replace the references to ENV variables for keystore configuration in the LDAP configuration for the archive device.

To facilitate the second, a script rmenv is provided in the ldap docker image to apply:

version: 1

dn: dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
changetype: modify
replace: dcmTrustStoreURL
dcmTrustStoreURL: ${jboss.server.config.url}/keystores/cacerts.jks
-
replace: dcmTrustStorePin
dcmTrustStorePin: secret
-
replace: dcmKeyStoreURL
dcmKeyStoreURL: ${jboss.server.config.url}/keystores/key.jks
-
replace: dcmKeyStoreType
dcmKeyStoreType: JKS
-
replace: dcmKeyStorePin
dcmKeyStorePin: secret
-
replace: dcmKeyStoreKeyPin
dcmKeyStoreKeyPin: secret

Usage

$ docker exec <ldap-container-name> rmenv
modifying entry "dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gunterze gunterze

Labels
enhancement New feature or request
Projects
None yet
Milestone
5.22.3
Development

No branches or pull requests
1 participant
@gunterze