Re: [onap-discuss] SDC Onboarding - Pre-Installation of Root Certificate in SDC [only needed for secure package]

Thu, 23 Apr 2020 05:44:13 -0700 

Hi,

Please open a Jira bug ticket, I'll take this with the team.

Thanks
Ofir

From: [email protected] <[email protected]> On Behalf Of 
Krzysztof Kuzmicki
Sent: Wednesday, April 22, 2020 5:50 PM
To: [email protected]
Subject: [onap-discuss] SDC Onboarding - Pre-Installation of Root Certificate 
in SDC [only needed for secure package]

Hi


According to  read the docs there should be possibility to pre install root 
certificate for package validation by copping it directly to pod to

/var/lib/jetty/cert in sdc-onboarding-be.
https://docs.onap.org/en/latest/guides/onap-user/design/resource-onboarding/index.html#doc-guide-user-des-res-onb-pre-install-root-certificate<https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.onap.org_en_latest_guides_onap-2Duser_design_resource-2Donboarding_index.html-23doc-2Dguide-2Duser-2Ddes-2Dres-2Donb-2Dpre-2Dinstall-2Droot-2Dcertificate&d=DwQFBA&c=LFYZ-o9_HUMeMTSQicvjIg&r=r9I4HaeTZWnzwEqiRY1_Hv-5a-5rlv9P2qxiDTBCt58&m=6B7bt-McDPIBE83vz2Ms4ljdVf1erlW_zBNt-Xe4_LU&s=VSzsgJuKMA0PJy9oXlmeAx0MX-SZetYVcyKHmd0ysmY&e=>
Currently when non root user has been introduced to sdc container it become 
impossible because cert folder is requires root privileges.
/var/lib/jetty $ ls -all
total 140
drwxr-xr-x    1 jetty    jetty         4096 Apr 22 14:42 .
drwxr-xr-x    1 root     root          4096 May 11  2019 ..
-rw-rw-r--    1 jetty    jetty        65753 Apr 21 15:57 VSPPackage.zip
drwxr-xr-x    2 root     root          4096 Apr 22 13:15 cert
drwxr-xr-x    1 jetty    jetty         4096 Apr 21 13:34 chef-solo
drwxr-xr-x    3 jetty    jetty         4096 Apr 21 13:34 config
drwxr-xr-x    2 jetty    jetty         4096 Apr 21 13:34 etc
-rw-r--r--    1 jetty    jetty         3579 Apr 21 13:34 jetty.start
drwxr-xr-x    1 jetty    jetty         4096 May 11  2019 lib
drwxr-xr-x    2 jetty    jetty         4096 Apr 22 00:00 logs
-rwxr-xr-x    1 jetty    jetty          289 Apr 21 13:34 ready-probe.sh
drwxr-xr-x    1 jetty    jetty         4096 May 11  2019 resources
drwxr-xr-x    1 jetty    jetty         4096 Apr 21 13:34 start.d
-rwxrwx---    1 jetty    jetty          614 Apr  1 12:56 startup.sh
drwxr-xr-x    2 jetty    jetty         4096 Apr 21 13:34 temp
-rw-r--r--    1 jetty    jetty           25 Apr 21 13:34 wait_logback.log
drwxr-xr-x    1 jetty    jetty         4096 Apr  1 13:07 webapps
/var/lib/jetty $

Any clue how to fix this ?
Maybe there is some API using with I can put there the certificate directly 
from ROBOT POD?

Best regards,
Krzysztof Kuźmicki
Verification Architect
Nokia MN BOAM RD Serviceability



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#20820): https://lists.onap.org/g/onap-discuss/message/20820
Mute This Topic: https://lists.onap.org/mt/73197322/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to