Add a self-signed root certificate to the Vera API Docker container

You'll need to repeat the following procedure with any containers that need to access any system using the the self-signed SSL certificate. For the default configuration, you need to update these containers:

  • vera.server

  • vera.api.jira.routeactions*

  • vera.api.qtest.routeactions*

  • vera.worker.qtest**

  • vera.worker.jira**

* You only need to add the root certificates here if you plan on setting these containers to use SSL. If SSL is handled by a gateway or load balancer, then the root certificate doesn’t need to be added to these containers.

** You only need to add the root certificates here if you are using qTest on premise or Jira that uses your self-signed certificates. SaaS qTest and Jira Cloud will not need these root certificates for Vera to talk with them.

Typically, the microservices are configured to communicate with each other over non-SSL HTTP traffic (on port 80). If you configure the docker-compose.yml file to use HTTPS for inter-module communications, then the steps below will need to be repeated for every container.

 

To add a self-signed root certificate to the Vera API Docker container, follow these steps:

  1. Stage a copy of the root certificate.

  2. Create a start-up script for the Vera API server.

  3. Update Vera's Docker compose file.

  4. Restart the Vera containers.

Stage a copy of the root certificate

To stage a copy of the root certificate, follow these steps:

  1. Create a new directory on the server hosting the Vera Docker containers.

    This can be in any location where Docker will have access permissions.

  2. Stage a copy of your self-signed root certificate into the folder created above.

    /path/to/my/cert/my-root-certificate.crt

The certificate must be in a CRT format.

Create a start-up script for the Vera API server

All scripts below must use Unix line endings (LR). If your file uses another type of line ending, such as CRLF or CR, docker will not be able to execute the scripts and start the Vera containers. To create a start-up script for the Vera API server, follow these steps:

  1. Create a new bash script named start.sh with the following contents:

    start.sh

    Copy 
    #!/bin/bash
    update-ca-certificates
    dotnet Vera.Server.dll
    #dotnet Vera.Api.QTest.RouteActions.dll
    #dotnet Vera.Api.Jira.RouteActions.dll
    #dotnet Vera.Worker.QTest.dll
    #dotnet Vera.Worker.Jira.dll

    Note that the final line must match the container being updated. We have provided three examples in the snippet code above. Please uncomment the appropriate container and remove the others from the actual script files. You will eventually have three or more script files.

     

    • startVeraServer.sh

    • startVeraQTestActions.sh

    • startVeraJiraActions.sh

    • startVeraqTestWorker.sh

    • startVeraJiraWorker.sh

  2. Stage the script files into the same directory as the self-signed root certificate (from Step 1).

     

    Copy 
    /path/to/my/cert/startVeraServer.sh
    /path/to/my/cert/startVeraQTestActions.sh
    /path/to/my/cert/startVeraJiraActions.sh
    /path/to/my/cert/startVeraqTestWorker.sh
    /path/to/my/cert/startVeraJiraWorker.sh

  3. Use chmod to apply executable permissions to the script file.

     

    Copy 
    chmod +x /path/to/my/cert/startVeraServer.sh
    chmod +x /path/to/my/cert/startVeraQTestActions.sh
    chmod +x /path/to/my/cert/startVeraJiraActions.sh
    chmod +x /path/to/my/cert/startVeraqTestWorker.sh
    chmod +x /path/to/my/cert/startVeraJiraWorker.sh

Update Vera's Docker compose file

To update Vera's Docker compose file, follow these steps:

  1. Navigate to Vera's installation directory.

  2. Open the docker-compose.yml file in a text editor.

  3. Add a volume binding for each affected container to bind the directory created in step 1 to /usr/local/share/ca-certificates.

    Reference line 8 below.

    Copy 
    vera.server:
        image: veraserver20190209075900.azurecr.io/tricentis/vera-server-legacy
        container_name: vera-server
        ports:
          - "8443:5001"
        volumes:
          - /var/lib/vera:/Data
          - /path/to/my/cert:/usr/local/share/ca-certificates

  4. Add a custom entry point to each affected container that points to the start-up script created in step 2. Note that the configuration will point to the container's internal path created through volume binding.

    Reference line 10 below.

    Copy 
    vera.server:
        image: veraserver20190209075900.azurecr.io/tricentis/vera-server-legacy
        container_name: vera-server
        ports:
          - "8443:5001"

        …

        restart: always
        entrypoint: ["/usr/local/share/ca-certificates/startVeraServer.sh"]

Use the appropriate script file in the “entrypoint” for that container.

Restart the Vera containers

To restrt the Vera containers, follow these steps:

  1. Run docker-compose up --build -d to restart the docker containers with the new configurations.

  2. If the containers do not start successfully, then running the above command without the -d option will provide output for debugging.