inteligr8/SearchServices
1
0
Fork 0
mirror of https://github.com/Alfresco/SearchServices.git synced 2025-09-10 14:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEARCH-1915: Hide Java Environment values from external process like 'ps'

Browse Source 
When using the JAVA_TOOL_OPTIONS environment variable, values are not passed as arguments to the Java Process
This commit is contained in:
Angel Borroy
2020-06-18 12:43:52 +02:00
parent 2947621460
commit da6566b4a8
8 changed files with 42 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
e2e-test/generator-alfresco-docker-compose/generators/app/index.js
View File

@@ -295,7 +295,8 @@ module.exports = class extends Generator {
// Add resources for SSL configuration
if (this.props.httpMode == 'https') {
var subfolder = this.props.acsVersion == 'latest' ? '7.x' : '6.x'
// Currently Community 'latest' only supports OLD keystores and trustores format
var subfolder = (this.props.acsVersion == 'latest' && this.props.alfrescoVersion == 'enterprise') ? '7.x' : '6.x'
this.fs.copy(
this.templatePath('keystores/' + subfolder + '/alfresco'),
this.destinationPath('keystores/alfresco')

2
e2e-test/generator-alfresco-docker-compose/generators/app/templates/images/search/Dockerfile
View File

@@ -41,8 +41,10 @@ RUN if [ "$ALFRESCO_COMMS" == "https" ] ; then \
if [ "$PASSWORDS_AS_ENV_VARS" == "true" ]; then \
sed -i '/^bash.*/i \
sed -i "'"s/alfresco.encryption.ssl.keystore.location=.*/alfresco.encryption.ssl.keystore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-repo-client.keystore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
sed -i "'"s/alfresco.encryption.ssl.keystore.passwordFileLocation=.*/alfresco.encryption.ssl.keystore.passwordFileLocation=/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
sed -i "'"s/alfresco.encryption.ssl.keystore.type=.*/alfresco.encryption.ssl.keystore.type=${KEYSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
sed -i "'"s/alfresco.encryption.ssl.truststore.location=.*/alfresco.encryption.ssl.truststore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-repo-client.truststore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
sed -i "'"s/alfresco.encryption.ssl.truststore.passwordFileLocation=.*/alfresco.encryption.ssl.truststore.passwordFileLocation=/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
sed -i "'"s/alfresco.encryption.ssl.truststore.type=.*/alfresco.encryption.ssl.truststore.type=${TRUSTSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties' \
${DIST_DIR}/solr/bin/search_config_setup.sh; \
else \

BIN
e2e-test/generator-alfresco-docker-compose/generators/app/templates/keystores/7.x/zeppelin/ssl-repo-client.keystore Normal file
View File

Binary file not shown.

BIN
e2e-test/generator-alfresco-docker-compose/generators/app/templates/keystores/7.x/zeppelin/ssl-repo-client.truststore Normal file
View File

Binary file not shown.

BIN
e2e-test/generator-alfresco-docker-compose/generators/app/templates/keystores/7.x/zeppelin/ssl.repo.client.keystore
View File

Binary file not shown.

BIN
e2e-test/generator-alfresco-docker-compose/generators/app/templates/keystores/7.x/zeppelin/ssl.repo.client.truststore
View File

Binary file not shown.

2
e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/.env
View File

@@ -1,4 +1,4 @@
ALFRESCO_TAG=latest
ALFRESCO_TAG=6.3.0-A10
ALFRESCO_CE_TAG=latest
SHARE_TAG=latest
POSTGRES_TAG=11.4

67
e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/docker-compose-ee.yml
View File

@@ -15,6 +15,24 @@ services:
COMPRESS_CONTENT: "<%=gzip%>"
mem_limit: 1800m
environment:
JAVA_TOOL_OPTIONS: "
-Dmetadata-keystore.password=mp6yc0UD9e
-Dmetadata-keystore.aliases=metadata
-Dmetadata-keystore.metadata.password=mp6yc0UD9e
-Dmetadata-keystore.metadata.algorithm=AES
<% if (httpMode == 'https') { %>
-Dencryption.keystore.type=pkcs12
-Dencryption.cipherAlgorithm=AES/CBC/PKCS5Padding
-Dencryption.keyAlgorithm=AES
-Dssl-keystore.password=kT9X6oe68t
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo
-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-keystore.ssl-repo.password=kT9X6oe68t
-Dssl-truststore.password=kT9X6oe68t
-Dssl-truststore.aliases=alfresco-ca,ssl-repo-client
-Dssl-truststore.alfresco-ca.password=kT9X6oe68t
-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t <% } %>
"
JAVA_OPTS: "
-Ddb.driver=org.postgresql.Driver
-Ddb.username=alfresco
@@ -31,14 +49,6 @@ services:
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-Ddeployment.method=DOCKER_COMPOSE
-Dmetadata-keystore.password=mp6yc0UD9e
-Dmetadata-keystore.aliases=metadata
-Dmetadata-keystore.metadata.password=mp6yc0UD9e
-Dmetadata-keystore.metadata.algorithm=AES <% if (httpMode == 'https') { %>
-Dencryption.keystore.type=pkcs12
-Dencryption.cipherAlgorithm=AES/CBC/PKCS5Padding
-Dencryption.keyAlgorithm=AES <% } %>
-Dtransform.service.enabled=true
-Dtransform.service.url=http://transform-router:8095
-Dsfs.url=http://shared-file-store:8099/
@@ -52,15 +62,6 @@ services:
-Dcsrf.filter.enabled=false
-Dalfresco.restApi.basicAuthScheme=true
-Xms1500m -Xmx1500m
<% if (httpMode == 'https') { %>
-Dssl-keystore.password=kT9X6oe68t
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo
-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-keystore.ssl-repo.password=kT9X6oe68t
-Dssl-truststore.password=kT9X6oe68t
-Dssl-truststore.aliases=alfresco-ca,ssl-repo-client
-Dssl-truststore.alfresco-ca.password=kT9X6oe68t
-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t <% } %>
" <% if (httpMode == 'https') { %>
ports:
- 8443:8443
@@ -115,9 +116,7 @@ services:
SOLR_SSL_CLIENT_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_CLIENT_TRUST_STORE_TYPE: "JCEKS" <% } %>
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
JAVA_TOOL_OPTIONS: "
-Dssl-keystore.password=kT9X6oe68t
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
@@ -127,6 +126,10 @@ services:
-Dssl-truststore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-truststore.ssl-repo.password=kT9X6oe68t
-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t
"
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
" <% } %>
ports:
- 8083:8983 <% if (httpMode == 'https') { %>
@@ -183,9 +186,7 @@ services:
SOLR_SSL_CLIENT_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_CLIENT_TRUST_STORE_TYPE: "JCEKS" <% } %>
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
JAVA_TOOL_OPTIONS: "
-Dssl-keystore.password=kT9X6oe68t
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
@@ -194,7 +195,11 @@ services:
-Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client
-Dssl-truststore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-truststore.ssl-repo.password=kT9X6oe68t
-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t
-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t
"
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
" <% } %>
ports:
- 8084:8983 <% if (httpMode == 'https') { %>
@@ -214,15 +219,17 @@ services:
REPO_PROTOCOL: "https" <% } %>
REPO_HOST: "alfresco"
REPO_PORT: "<%=alfrescoPort%>" <% if (httpMode == 'https') { %>
JAVA_TOOL_OPTIONS: "
-Djavax.net.ssl.keyStore=/zeppelin/keystore/ssl-repo-client.keystore
-Djavax.net.ssl.keyStorePassword=kT9X6oe68t
-Djavax.net.ssl.keyStoreType=JCEKS
-Djavax.net.ssl.trustStore=/zeppelin/keystore/ssl-repo-client.truststore
-Djavax.net.ssl.trustStorePassword=kT9X6oe68t
-Djavax.net.ssl.trustStoreType=JCEKS
"
JAVA_OPTS: "
-Dalfresco.enable.ssl=true
-Dsolr.ssl.checkPeerName=false
-Djavax.net.ssl.keyStore=/zeppelin/keystore/ssl.repo.client.keystore
-Djavax.net.ssl.keyStorePassword=kT9X6oe68t
-Djavax.net.ssl.keyStoreType=JCEKS
-Djavax.net.ssl.trustStore=/zeppelin/keystore/ssl.repo.client.truststore
-Djavax.net.ssl.trustStorePassword=kT9X6oe68t
-Djavax.net.ssl.trustStoreType=JCEKS
" <% } %>
ports:
- 9090:9090 <% if (httpMode == 'https') { %>