You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2018/05/04 07:07:33 UTC
[cloudstack] 03/08: systemvmtemplate: Fixes #2541 adds Letsencrypt
CA cert
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch 4.11
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit ddc8d131c080c363d82eadd75c811faaad81e9f9
Author: Rohit Yadav <ro...@shapeblue.com>
AuthorDate: Tue May 1 15:01:11 2018 +0530
systemvmtemplate: Fixes #2541 adds Letsencrypt CA cert
On patching, the global cacerts keystore is imported in 'cloud' service
specific local keystore. This fixes #2541.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
---
systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh | 2 ++
.../systemvmtemplate/scripts/configure_systemvm_services.sh | 13 ++++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh
index ba5e2d8..c0d6d81 100755
--- a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh
@@ -37,6 +37,8 @@ patch_systemvm() {
echo "Restored keystore file and certs using backup" >> $logfile
fi
rm -fr $backupfolder
+ # Import global cacerts into 'cloud' service's keystore
+ keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass changeit -deststorepass vmops.com -noprompt || true
return 0
}
diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
index 3544806..7af9212 100644
--- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
+++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@@ -19,7 +19,7 @@
set -e
set -x
-CLOUDSTACK_RELEASE=4.11.0
+CLOUDSTACK_RELEASE=4.11.1
function configure_apache2() {
# Enable ssl, rewrite and auth
@@ -31,6 +31,16 @@ function configure_apache2() {
sed -i 's/SSLProtocol .*$/SSLProtocol TLSv1.2/g' /etc/apache2/mods-available/ssl.conf
}
+function configure_cacerts() {
+ CDIR=$(pwd)
+ cd /tmp
+ # Add LetsEncrypt ca-cert
+ wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
+ keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3cross -file lets-encrypt-x3-cross-signed.der
+ rm -f lets-encrypt-x3-cross-signed.der
+ cd $CDIR
+}
+
function install_cloud_scripts() {
# ./cloud_scripts/ has been put there by ../../cloud_scripts_shar_archive.sh
rsync -av ./cloud_scripts/ /
@@ -102,6 +112,7 @@ function configure_services() {
configure_apache2
configure_strongswan
configure_issue
+ configure_cacerts
}
return 2>/dev/null || configure_services
--
To stop receiving notification emails like this one, please contact
rohit@apache.org.