Explicitly set by default javax.net.ssl.trustStore for Jenkins/Gerrit
By default OpenJDK-8 Java (in Jenkins container) uses non-system
cacerts file, which leads to rejecting self-signed SSL certs.
Java-1.8-openjdk uses system cacerts (/etc/ssl/certs/java/cacerts) (in
Gerrit container), but also set explicitly to system cacerts path.
Change-Id: Icb76c1404224fc6b80ae020916abd0a5b23602f4
Related-Prod: PROD-23454
Related-Prod: PROD-31879
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 14325a5..ed90acf 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -51,7 +51,7 @@
GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
CANLOADINIFRAME: "true"
- JAVA_OPTIONS: ${_param:gerrit_extra_opts}
+ JAVA_OPTIONS: "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts ${_param:gerrit_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: ${_param:docker_no_proxy}
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 921f111..6ec6afb 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -17,7 +17,7 @@
master:
environment:
JENKINS_HOME: ${_param:jenkins_home_dir_path}
- JAVA_OPTS: " -server -XX:+AlwaysPreTouch -Xloggc:${_param:jenkins_home_dir_path}/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UseCGroupMemoryLimitForHeap -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -Dhudson.footerURL=https://www.mirantis.com ${_param:jenkins_master_extra_opts}"
+ JAVA_OPTS: " -server -XX:+AlwaysPreTouch -Xloggc:${_param:jenkins_home_dir_path}/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UseCGroupMemoryLimitForHeap -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -Dhudson.footerURL=https://www.mirantis.com -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts ${_param:jenkins_master_extra_opts}"
JENKINS_NUM_EXECUTORS: ${_param:jenkins_master_executors_num}
JENKINS_OPTS: " --handlerCountMax=${_param:jenkins_master_max_concurent_requests}"
https_proxy: ${_param:docker_https_proxy}