This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch 4.11 in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit ddc8d131c080c363d82eadd75c811faaad81e9f9 Author: Rohit Yadav <rohit.ya...@shapeblue.com> AuthorDate: Tue May 1 15:01:11 2018 +0530 systemvmtemplate: Fixes #2541 adds Letsencrypt CA cert On patching, the global cacerts keystore is imported in 'cloud' service specific local keystore. This fixes #2541. Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> --- systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh | 2 ++ .../systemvmtemplate/scripts/configure_systemvm_services.sh | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh index ba5e2d8..c0d6d81 100755 --- a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh +++ b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh @@ -37,6 +37,8 @@ patch_systemvm() { echo "Restored keystore file and certs using backup" >> $logfile fi rm -fr $backupfolder + # Import global cacerts into 'cloud' service's keystore + keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass changeit -deststorepass vmops.com -noprompt || true return 0 } diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh index 3544806..7af9212 100644 --- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh +++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh @@ -19,7 +19,7 @@ set -e set -x -CLOUDSTACK_RELEASE=4.11.0 +CLOUDSTACK_RELEASE=4.11.1 function configure_apache2() { # Enable ssl, rewrite and auth @@ -31,6 +31,16 @@ function configure_apache2() { sed -i 's/SSLProtocol .*$/SSLProtocol TLSv1.2/g' /etc/apache2/mods-available/ssl.conf } +function configure_cacerts() { + CDIR=$(pwd) + cd /tmp + # Add LetsEncrypt ca-cert + wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der + keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3cross -file lets-encrypt-x3-cross-signed.der + rm -f lets-encrypt-x3-cross-signed.der + cd $CDIR +} + function install_cloud_scripts() { # ./cloud_scripts/ has been put there by ../../cloud_scripts_shar_archive.sh rsync -av ./cloud_scripts/ / @@ -102,6 +112,7 @@ function configure_services() { configure_apache2 configure_strongswan configure_issue + configure_cacerts } return 2>/dev/null || configure_services -- To stop receiving notification emails like this one, please contact ro...@apache.org.