US-568873-Changes for certs manager to support custom keystore name #205
Conversation
Saurabh-16
changed the title
scripts/docker-entrypoint.sh
Outdated
| echo "TLS certificate for tomcat exists" | ||
| cat ${tomcat_keystore_file} | xargs printf '%b\n' | base64 --decode > "${tomcat_cert_root}/tlskeystore.jks" | ||
| export TOMCAT_KEYSTORE_DIR="${tomcat_cert_root}/tlskeystore.jks" | ||
| else | ||
| export TOMCAT_KEYSTORE_CONTENT=$tomcat_keystore_file |
There was a problem hiding this comment.
Do we need this export statement here in else block?
There was a problem hiding this comment.
Yeah , we need this in else block as well. The reason is at the helm side , we have server.xml.tmpl where we are using this env variable always.
So whether this file exists or not , this variable should always be set to properly templatize the server.xml.
Also I want to keep this export in this block only , so put this condition in both if and else block.
https://github.com/pegasystems/pega-helm-charts/pull/688/files#diff-97c08b9274a6eb80565f293dbd88c227f1dbc0c53eae7c06401ce22baa8aaaa2R85
There was a problem hiding this comment.
The condition {{ if or (exists .Env.TOMCAT_KEYSTORE_CONTENT) (exists "/opt/pega/tomcatcertsmount/TOMCAT_CERTIFICATE_FILE") }} Would it not return false if env is not set? I could not understand the reason to export the env always.
There was a problem hiding this comment.
If the environment variable is not set , then there are issues while detemplatizing server.xml in the containers.
I felt it is probably safe here to export this variable to avoid these XML parsing issue.
Saurabh-16
changed the title
Saurabh-16
changed the title
As part of testing , I have tested the changes with CMC deployments. I have ensured we are able to mount custom keystore name and custom keystore password.
As part of impact testing, I've tested Cloudk Deployments with 3.14, 3.15 and 3.16 CloudK versions and verified there are no regressions because of this.