Set Infinispan truststore to use OpenShift Service CA by default

kabicin · kabicin · commit 7f1da6542f14 · 2025-03-12T16:55:45.000-04:00
diff --git a/releases/24.0.0.12/full/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml b/releases/24.0.0.12/full/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml
@@ -11,6 +11,7 @@
     <properties infinispan.client.hotrod.auth_realm="default"/>
     <properties infinispan.client.hotrod.sasl_mechanism="DIGEST-MD5"/>
     <properties infinispan.client.hotrod.auth_server_name="infinispan"/>
+    <properties infinispan.client.hotrod.trust_store_path="${INFINISPAN_TRUST_STORE_PATH}"/>
   </httpSessionCache>
   <library id="InfinispanLib">
     <fileset dir="${shared.resource.dir}/infinispan" includes="*.jar"/>
diff --git a/releases/24.0.0.12/full/helpers/runtime/docker-server.sh b/releases/24.0.0.12/full/helpers/runtime/docker-server.sh
@@ -126,6 +126,11 @@ if [[ -n "$INFINISPAN_SERVICE_NAME" ]]; then
   export INFINISPAN_PASS=$(cat ${LIBERTY_INFINISPAN_SECRET_DIR:=/platform/bindings/infinispan/secret}/identities.yaml | grep -m 1 password | sed 's/password://' | sed 's/[[:space:]]*//g')
  fi
  echo "INFINISPAN_PASS: ${INFINISPAN_PASS}"
+
+ if [[ -z "$INFINISPAN_TRUST_STORE_PATH" ]]; then
+  export INFINISPAN_TRUST_STORE_PATH="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+ fi
+ echo "INFINISPAN_TRUST_STORE_PATH: ${INFINISPAN_TRUST_STORE_PATH}"
 fi
 
 
diff --git a/releases/24.0.0.12/kernel-slim/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml b/releases/24.0.0.12/kernel-slim/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml
@@ -8,6 +8,7 @@
     <properties infinispan.client.hotrod.auth_realm="default"/>
     <properties infinispan.client.hotrod.sasl_mechanism="DIGEST-MD5"/>
     <properties infinispan.client.hotrod.auth_server_name="infinispan"/>
+    <properties infinispan.client.hotrod.trust_store_path="${INFINISPAN_TRUST_STORE_PATH}"/>
   </httpSessionCache>
   <library id="InfinispanLib">
     <fileset dir="${shared.resource.dir}/infinispan" includes="*.jar"/>
diff --git a/releases/24.0.0.12/kernel-slim/helpers/runtime/docker-server.sh b/releases/24.0.0.12/kernel-slim/helpers/runtime/docker-server.sh
@@ -126,6 +126,11 @@ if [[ -n "$INFINISPAN_SERVICE_NAME" ]]; then
   export INFINISPAN_PASS=$(cat ${LIBERTY_INFINISPAN_SECRET_DIR:=/platform/bindings/infinispan/secret}/identities.yaml | grep -m 1 password | sed 's/password://' | sed 's/[[:space:]]*//g')
  fi
  echo "INFINISPAN_PASS: ${INFINISPAN_PASS}"
+
+ if [[ -z "$INFINISPAN_TRUST_STORE_PATH" ]]; then
+  export INFINISPAN_TRUST_STORE_PATH="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+ fi
+ echo "INFINISPAN_TRUST_STORE_PATH: ${INFINISPAN_TRUST_STORE_PATH}"
 fi
 
 
diff --git a/releases/latest/full/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml b/releases/latest/full/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml
@@ -11,6 +11,7 @@
     <properties infinispan.client.hotrod.auth_realm="default"/>
     <properties infinispan.client.hotrod.sasl_mechanism="DIGEST-MD5"/>
     <properties infinispan.client.hotrod.auth_server_name="infinispan"/>
+    <properties infinispan.client.hotrod.trust_store_path="${INFINISPAN_TRUST_STORE_PATH}"/>
   </httpSessionCache>
   <library id="InfinispanLib">
     <fileset dir="${shared.resource.dir}/infinispan" includes="*.jar"/>
diff --git a/releases/latest/full/helpers/runtime/docker-server.sh b/releases/latest/full/helpers/runtime/docker-server.sh
@@ -126,6 +126,11 @@ if [[ -n "$INFINISPAN_SERVICE_NAME" ]]; then
   export INFINISPAN_PASS=$(cat ${LIBERTY_INFINISPAN_SECRET_DIR:=/platform/bindings/infinispan/secret}/identities.yaml | grep -m 1 password | sed 's/password://' | sed 's/[[:space:]]*//g')
  fi
  echo "INFINISPAN_PASS: ${INFINISPAN_PASS}"
+
+ if [[ -z "$INFINISPAN_TRUST_STORE_PATH" ]]; then
+   export INFINISPAN_TRUST_STORE_PATH="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+ fi
+ echo "INFINISPAN_TRUST_STORE_PATH: ${INFINISPAN_TRUST_STORE_PATH}"
 fi
 
 
diff --git a/releases/latest/kernel-slim/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml b/releases/latest/kernel-slim/helpers/build/configuration_snippets/infinispan-client-sessioncache.xml
@@ -11,6 +11,7 @@
     <properties infinispan.client.hotrod.auth_realm="default"/>
     <properties infinispan.client.hotrod.sasl_mechanism="DIGEST-MD5"/>
     <properties infinispan.client.hotrod.auth_server_name="infinispan"/>
+    <properties infinispan.client.hotrod.trust_store_path="${INFINISPAN_TRUST_STORE_PATH}"/>
   </httpSessionCache>
   <library id="InfinispanLib">
     <fileset dir="${shared.resource.dir}/infinispan" includes="*.jar"/>
diff --git a/releases/latest/kernel-slim/helpers/runtime/docker-server.sh b/releases/latest/kernel-slim/helpers/runtime/docker-server.sh
@@ -126,6 +126,11 @@ if [[ -n "$INFINISPAN_SERVICE_NAME" ]]; then
   export INFINISPAN_PASS=$(cat ${LIBERTY_INFINISPAN_SECRET_DIR:=/platform/bindings/infinispan/secret}/identities.yaml | grep -m 1 password | sed 's/password://' | sed 's/[[:space:]]*//g')
  fi
  echo "INFINISPAN_PASS: ${INFINISPAN_PASS}"
+
+ if [[ -z "$INFINISPAN_TRUST_STORE_PATH" ]]; then
+  export INFINISPAN_TRUST_STORE_PATH="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+ fi
+ echo "INFINISPAN_TRUST_STORE_PATH: ${INFINISPAN_TRUST_STORE_PATH}"
 fi
 
 
