[CE Sprint #16] [CLOUD-2398] Auto-generate the HTTPS, JGroups keystores, and truststore for the RH-SSO server upon request #221
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@rcernich PTAL |
rcernich
requested changes
Mar 28, 2018
iankko
force-pushed
the
CLOUD-2398
branch
2 times, most recently
from
b91c784
to
cbcad4d
Compare
rcernich
previously approved these changes
Apr 3, 2018
iankko
force-pushed
the
CLOUD-2398
branch
3 times, most recently
from
e70bd2d
to
cd97410
Compare
iankko
force-pushed
the
CLOUD-2398
branch
2 times, most recently
from
9814242
to
4a34425
Compare
7 tasks
|
@rcernich Added |
maschmid
reviewed
Apr 4, 2018
| # Propagate the trustore related variables to subsequent modules | ||
| SSO_TRUSTSTORE_PASSWORD="${PASSWORD}" | ||
| SSO_TRUSTSTORE_DIR="${KEYSTORES_STORAGE}" | ||
| SSO_TRUSTSTORE="${JKS_TRUSTSTORE_FILE}" |
There was a problem hiding this comment.
so the truststore will only contain the openshift certificates, and not any of the default list of trusted CAs, right? (which may be problematic, as it probably will break integration with other services that use https )
There was a problem hiding this comment.
Great catch, Marek, thanks! Should we fixed with most recent one.
… for OpenShift's serving x509 certificate secrets service were properly mounted Also auto-generate the truststore for the RH-SSO server if the X509 CA bundle was provided: * Define local readonly X509_CRT_DELIMITER variable rather than definining it in each separate template * Include known certificates from system's Java CA certificate bundle into the auto-generated RH-SSO truststore too Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[CLOUD-2398] Auto-generate the HTTPS and JGroups keystores if volumes for OpenShift's serving x509 certificate secrets service were properly mounted
Auto-generate the truststore for the RH-SSO server if the X509 CA bundle was provided and truststore doesn't exist yet
Signed-off-by: Jan Lieskovsky
Thanks for submitting your Pull Request!
Please make sure your PR meets following requirements:
[CLOUD-XYA] SubjectCONTRIBUTING.md)Signed-off-by: Your Name <yourname@redhat.com>- usegit commit -s