mount /etc/ssl to enable pickup of infra CA certs

2017-12-15 11:45:59 +01:00 · 2017-12-15 11:45:59 +01:00 · b3bbedc4ca
commit b3bbedc4ca
parent f52eee8371
3 changed files with 7 additions and 5 deletions
--- a/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/application.properties
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/application.properties
@ -6,9 +6,10 @@ server.context-path=/eidas-ps

 # Service port connector settings
 server.port=8443
-server.ssl.key-store=classpath:server-tls.jks
-server.ssl.key-store-password=secret
-server.ssl.key-password=secret
+#server.ssl.key-store=${proxy-service.path.prefix}/keystore/sslSnakeOil.p12
+#server.ssl.key-store-type=PKCS12
+#server.ssl.key-store-password=secret
+#server.ssl.key-password=secret

 tomcat.ajp.port=8009
 tomcat.ajp.remoteauthentication=false
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -46,7 +46,7 @@ r1.komreg.net:
   sunet_iaas_cloud:
   autoupdate:
   eidas_proxy:
-      version: 1.0.3
+      version: 1.0.4
   sunet::frontend::register_sites:
     sites:
       'xy.proxy.qa.sveidas.se':
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@ -238,7 +238,8 @@ class eidas_proxy($version='1.0.0') {
      imagetag => $_version,
      ports    => ['443:8443'],
      volumes  => ['/var/log/eidas-proxy:/var/log/eidas-proxy',
-                   '/etc/eidas-proxy:/etc/eidas-proxy'],
+                   '/etc/eidas-proxy:/etc/eidas-proxy',
+                   '/etc/ssl:/etc/ssl'],
      env      => ["PROXY_SERVICE_PATH_PREFIX=/etc/eidas-proxy/$country",
                   "PROXY_SERVICE_DOMAIN_PREFIX=https://$hostname/eidas-ps",
                   "SPRING_PROFILES_ACTIVE=se",