commit a40a8dcd455df5a6df7cffae4a69e9c1edae3a2e
author Denis Egorenko <degorenko@mirantis.com> Thu Jul 11 16:22:59 2019 +0400
committer Denis Egorenko <degorenko@mirantis.com> Thu Jul 11 16:33:17 2019 +0400
tree 80c4b6a601028f6dc5b25ab3d8cbbc68d1bc4263
parent 6cabe355dd067d2ac23bcd784eab781dd4733229

Explicitly set by default javax.net.ssl.trustStore for Jenkins/Gerrit

By default OpenJDK-8 Java (in Jenkins container) uses non-system
cacerts file, which leads to rejecting self-signed SSL certs.
Java-1.8-openjdk uses system cacerts (/etc/ssl/certs/java/cacerts) (in
Gerrit container), but also set explicitly to system cacerts path.

Change-Id: Icb76c1404224fc6b80ae020916abd0a5b23602f4
Related-Prod: PROD-23454
Related-Prod: PROD-31879

docker/swarm/stack/gerrit.yml

diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 14325a5..ed90acf 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -51,7 +51,7 @@
                 GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
                 GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
                 CANLOADINIFRAME: "true"
-                JAVA_OPTIONS: ${_param:gerrit_extra_opts}
+                JAVA_OPTIONS: "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts ${_param:gerrit_extra_opts}"
                 https_proxy: ${_param:docker_https_proxy}
                 http_proxy: ${_param:docker_http_proxy}
                 no_proxy: ${_param:docker_no_proxy}