Advanced Cloudbreak Configuration
Also available as:
PDF

Configure an SSL certificate for an external Cloudbreak database

Perform these steps to configure Cloudbreak with an existing external database that uses SSL.

Prerequisites

Configure an existing external database for Cloudbreak as described in Configure external Cloudbreak database. Once done, perform the following steps.

Steps

  1. Obtain your database’s SSL certificate:
  2. Access your Cloudbreak VM via SSH.
  3. Download or copy the certificate to the certs directory in your Cloudbreak deployment directory. Ny default, this is /var/lib/cloudbreak-deployment/certs.
  4. Set the following variables in your Profile file:
    Variable Description
    PERISCOPE_DB_ENV_SSL Default false. Set to true to enable SSL.
    PERISCOPE_DB_ENV_CERT_FILE Default empty. Set this to the location of your certificate relative to your certs directory within the Cloudbreak deployment directory. For example if your certificate is in /var/lib/cloudbreak-deployment/certs/root.crt set this variable to root.crt.
    CB_DB_ENV_SSL Default false. Set to true to enable SSL.
    CB_DB_ENV_CERT_FILE Default empty. Set this to the location of your certificate relative to your certs directory within the Cloudbreak deployment directory. For example if your certificate is in /var/lib/cloudbreak-deployment/certs/root.crt set this variable to root.crt.

    This example assumes that root.crt is the name of the certificate file:

    export PERISCOPE_DB_ENV_SSL=true
    export PERISCOPE_DB_ENV_CERT_FILE-=root.crt
    export CB_DB_ENV_SSL=true
    export CB_DB_ENV_CERT_FILE=root.crt
  5. Next, you should make changes in the uaa.yml file located in the Cloudbreak deployment directory. To make changes in the uaa.yml file, you should create a new file called uaa-changes.yml; This file will be used to regenerate your database settings in the uaa.yml file. The steps are:
    1. Open your uaa.yml file and copy the entire “database” entry (which should include values such as driverClassName, maxactive, password, url, and username).
    2. In the Cloudbreak deployment directory, create a new file called uaa-changes.yml.
    3. Paste the copied content to the uaa-changes.yml file.
    4. Update the value of the “url” by adding the following (replacing root.crt with the actual name of your certificate file):
      ?ssl=true&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=file:///certs/root.crt
    5. Save the uaa-changes.yml file.

    After the update your uaa-changes.yml file should look similar to:

    database:
      driverClassName: org.postgresql.Driver
      maxactive: 200
      password: ${IDENTITY_DB_PASS}
      url: jdbc:postgresql://${IDENTITY_DB_URL}/${IDENTITY_DB_NAME}?ssl=true&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=file:///certs/root.crt
      username: ${IDENTITY_DB_USER}
  6. Run the following to stop cbd:
    cbd kill
  7. Run the following to regenerate the uaa.yml file with the SSL information provided earlier:
    cbd regenerate
  8. Run the following to start Cloudbreak:
    cbd start
    Cloudbreak may take a few minutes to start.