Skip to content

Commit

Permalink
Fix jfrog#67 Set password used to generate internal certs in Mission-…
Browse files Browse the repository at this point in the history 
…Control (jfrog#88)
  • Loading branch information
@amithins @eldada
amithins authored and eldada committed Oct 16, 2018
1 parent 5407953 commit 967898d
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 23 deletions.
3 changes: 3 additions & 0 deletions stable/mission-control/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
# JFrog Mission-Control Chart Changelog
All changes to this chart will be documented in this file.

## [0.5.1] - Oct 16, 2018
* Fix #67 Set password used to generate internal certs in Mission-Control

## [0.5.0] - Oct 14, 2018
* Upgrade MongoDB version (chart 4.3.10, app 3.6.8-debian-9)

Expand Down
2 changes: 1 addition & 1 deletion stable/mission-control/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: mission-control
description: A Helm chart for JFrog Mission Control
version: 0.5.0
version: 0.5.1
appVersion: 3.1.2
home: https://jfrog.com/mission-control/
icon: https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png
Expand Down
1 change: 1 addition & 0 deletions stable/mission-control/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ arrangeFiles() {
mv -f ${tmpDir}/insight.crt ${insightSecurity}
cat ${jfmcSecurity}/jfmc-truststore.jks | base64 > ${jfmcSecurity}/jfmc-truststore.jks-b64
cat ${jfmcSecurity}/jfmc-keystore.jks | base64 > ${jfmcSecurity}/jfmc-keystore.jks-b64
echo "${storePassword}" | base64 > ${jfmcSecurity}/jfmc-store-passwd-b64
}

summary() {
Expand Down
4 changes: 3 additions & 1 deletion stable/mission-control/ci/test-values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,4 +169,6 @@ jfmcTruststore: |
j6ijaWNvAnD3ueJodebGC/DKSi0EvPe13Unr3Y/DyNSoNEqCTgt2dumr/sXE5WT4
FnbvhQrLzB05CeCLAgtrYBO2HgVvWC7ecv9uT1q7/Sj02YyEmGfsx+A8ic/0QUu7
4ci08xUjLq9zcCuLh5rW8eK+sH2k1zbUqrmdMknpfUSVe+u3aMiixUWQQe3t33Zb
c4e6ekZju53Q39bQ4H9OgJU=
c4e6ekZju53Q39bQ4H9OgJU=
jfmcStorePasswd : MThmODVjMzMxZjVlM2NkNAo=
2 changes: 2 additions & 0 deletions stable/mission-control/templates/mission-control-certs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,6 @@ data:
jfmc-keystore.jks-b64: {{ required "A valid .Values.jfmcKeystore entry required!" .Values.jfmcKeystore | b64enc | quote }}

jfmc-truststore.jks-b64: {{ required "A valid .Values.jfmcTruststore entry required!" .Values.jfmcTruststore | b64enc | quote }}

jfmc-store-passwd-b64: {{ required "A valid .Values.jfmcStorePasswd entry required!" .Values.jfmcStorePasswd | b64enc | quote }}
{{- end }}
59 changes: 38 additions & 21 deletions stable/mission-control/templates/mission-control-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,44 @@ spec:
nc -z -w 2 {{ .Release.Name }}-elasticsearch 9200 && echo elasticsearch ok;
do sleep 2;
done
- name: set-password
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
until [ -f /tmp/jfmc-keystore.jks-b64 ] && [ -f /tmp/jfmc-truststore.jks-b64 ]; do sleep 1; done;
mkdir -p {{ .Values.missionControl.persistence.mountPath }}/etc/security {{ .Values.missionControl.persistence.mountPath }}/logs {{ .Values.missionControl.persistence.mountPath }}/data/security;
base64 -d /tmp/jfmc-keystore.jks-b64 > {{ .Values.missionControl.persistence.mountPath }}/etc/security/jfmc-keystore.jks;
base64 -d /tmp/jfmc-truststore.jks-b64 > {{ .Values.missionControl.persistence.mountPath }}/etc/security/jfmc-truststore.jks;
if [ -f /tmp/jfmc-store-passwd-b64 ]; then \
propertyName=server.internal.ssl.trust-store-password; \
propertiesPath={{ .Values.missionControl.persistence.mountPath }}/etc/mission-control.properties; \
propertyValue=$(base64 -d /tmp/jfmc-store-passwd-b64); \
\
grep "^${propertyName}\s*=.*$" ${propertiesPath} > /dev/null 2>&1; \
[ $? -ne 0 ] && echo "${propertyName}=${propertyValue}" >> ${propertiesPath}; \
sed -i -e "s|^${propertyName}\s*=.*$|${propertyName}=${propertyValue}|g;" ${propertiesPath}; \
\
propertyName=server.internal.ssl.key-store-password; \
grep "^${propertyName}\s*=.*$" ${propertiesPath} > /dev/null 2>&1; \
[ $? -ne 0 ] && echo "${propertyName}=${propertyValue}" >> ${propertiesPath}; \
sed -i -e "s|^${propertyName}\s*=.*$|${propertyName}=${propertyValue}|g;" ${propertiesPath}; \
fi;
chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.missionControl.persistence.mountPath }};
volumeMounts:
- name: mission-control-data
mountPath: {{ .Values.missionControl.persistence.mountPath | quote }}
- name: mission-control-certs
mountPath: /tmp/jfmc-keystore.jks-b64
subPath: jfmc-keystore.jks-b64
- name: mission-control-certs
mountPath: /tmp/jfmc-truststore.jks-b64
subPath: jfmc-truststore.jks-b64
- name: mission-control-certs
mountPath: /tmp/jfmc-store-passwd-b64
subPath: jfmc-store-passwd-b64
containers:
- name: {{ .Values.missionControl.name }}
image: {{ .Values.missionControl.image }}:{{ default .Chart.AppVersion .Values.missionControl.version }}
Expand All @@ -60,10 +98,6 @@ spec:
value: "https://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpsPort }}"
- name: POD_RESTART_TIME
value: "{{ .Values.podRestartTime }}"
- name: SERVER_INTERNAL_SSL_KEY_STORE_PASSWORD
value: "18f85c331f5e3cd4"
- name: SERVER_INTERNAL_SSL_TRUST_STORE_PASSWORD
value: "18f85c331f5e3cd4"
- name: ARTIFACTORY_CLIENT_CONNECTIONTIMEOUT
value: '20'
- name: XRAY_CLIENT_CONNECTIONTIMEOUT
Expand Down Expand Up @@ -94,23 +128,6 @@ spec:
volumeMounts:
- name: mission-control-data
mountPath: {{ .Values.missionControl.persistence.mountPath | quote }}
- name: mission-control-certs
mountPath: /tmp/jfmc-keystore.jks-b64
subPath: jfmc-keystore.jks-b64
- name: mission-control-certs
mountPath: /tmp/jfmc-truststore.jks-b64
subPath: jfmc-truststore.jks-b64
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
until [ -f /tmp/jfmc-keystore.jks-b64 ] && [ -f /tmp/jfmc-truststore.jks-b64 ]; do sleep 1; done;
mkdir -p /var/opt/jfrog/mission-control/etc/security;
base64 -d /tmp/jfmc-keystore.jks-b64 > /var/opt/jfrog/mission-control/etc/security/jfmc-keystore.jks;
base64 -d /tmp/jfmc-truststore.jks-b64 > /var/opt/jfrog/mission-control/etc/security/jfmc-truststore.jks
resources:
{{ toYaml .Values.missionControl.resources | indent 10 }}
livenessProbe:
Expand Down
3 changes: 3 additions & 0 deletions stable/mission-control/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
initContainerImage: "alpine:3.6"
imagePullPolicy: IfNotPresent

uid: 1050

imagePullSecrets:

## Role Based Access Control
Expand Down Expand Up @@ -125,6 +127,7 @@ insightCrt:
jfmcCrt:
jfmcKeystore:
jfmcTruststore:
jfmcStorePasswd:

missionControl:
replicaCount: 1
Expand Down

0 comments on commit 967898d

Please sign in to comment.