Use template for MQSC commands for TLS config
This commit is contained in:
Riccardo Biraghi
@@ -117,20 +117,24 @@ func configureTLS(qmName string, inputFile string, passPhrase string) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770)
|
var sslCipherSpec string
|
||||||
|
if os.Getenv("MQ_DEV") == "true" {
|
||||||
|
sslCipherSpec = "TLS_RSA_WITH_AES_128_CBC_SHA256"
|
||||||
|
} else {
|
||||||
|
sslCipherSpec = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
|
||||||
|
const mqscTemplate string = mqsc + ".tpl"
|
||||||
|
|
||||||
|
err = processTemplateFile(mqsc+".tpl", mqsc, map[string]string{
|
||||||
|
"SSLKeyR": filepath.Join(dir, "key"),
|
||||||
|
"CertificateLabel": newLabel,
|
||||||
|
"SSLCipherSpec": sslCipherSpec,
|
||||||
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer f.Close()
|
|
||||||
// Change the Queue Manager's Key Repository to point at the new TLS key store
|
|
||||||
fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key"))
|
|
||||||
fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel)
|
|
||||||
|
|
||||||
if os.Getenv("MQ_DEV") == "true" {
|
|
||||||
// Alter the DEV channels to use TLS
|
|
||||||
fmt.Fprintln(f, "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
|
||||||
fmt.Fprintln(f, "ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
|
||||||
}
|
|
||||||
|
|
||||||
err = configureWebTLS(cms)
|
err = configureWebTLS(cms)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
4
incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
Normal file
4
incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
|
||||||
|
ALTER QMGR CERTLABL('{{ .CertificateLabel }}}}')
|
||||||
|
ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
|
||||||
|
ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
|
||||||
@@ -51,6 +51,8 @@ COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqserver /u
|
|||||||
COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/
|
COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/
|
||||||
# Copy template MQSC for default developer configuration
|
# Copy template MQSC for default developer configuration
|
||||||
COPY incubating/mqadvanced-server-dev/10-dev.mqsc.tpl /etc/mqm/
|
COPY incubating/mqadvanced-server-dev/10-dev.mqsc.tpl /etc/mqm/
|
||||||
|
# Copy template MQSC for default developer TLS configuration
|
||||||
|
COPY incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl /etc/mqm/
|
||||||
# Copy template JSON for default web console configuration
|
# Copy template JSON for default web console configuration
|
||||||
COPY incubating/mqadvanced-server-dev/admin.json.tpl /etc/mqm/
|
COPY incubating/mqadvanced-server-dev/admin.json.tpl /etc/mqm/
|
||||||
# Copy web XML files for default developer configuration
|
# Copy web XML files for default developer configuration
|
||||||
|
|||||||
Reference in New Issue
Block a user