systemvmtemplate: add Letsencrypt CA cert

Fixes #2541
On patching, the global cacerts keystore is imported in 'cloud' service
specific local keystore.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Author: yadvr

systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh

@@ -37,6 +37,8 @@ patch_systemvm() {
       echo "Restored keystore file and certs using backup" >> $logfile
    fi
    rm -fr $backupfolder
+   # Import global cacerts into 'cloud' service's keystore
+   keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass changeit -deststorepass vmops.com -noprompt || true
    return 0
 }
 

tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh

@@ -19,7 +19,7 @@
 set -e
 set -x
 
-CLOUDSTACK_RELEASE=4.11.0
+CLOUDSTACK_RELEASE=4.11.1
 
 function configure_apache2() {
    # Enable ssl, rewrite and auth
@@ -31,6 +31,16 @@ function configure_apache2() {
    sed -i 's/SSLProtocol .*$/SSLProtocol TLSv1.2/g' /etc/apache2/mods-available/ssl.conf
 }
 
+function configure_cacerts() {
+  CDIR=$(pwd)
+  cd /tmp
+  # Add LetsEncrypt ca-cert
+  wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
+  keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3cross -file lets-encrypt-x3-cross-signed.der || true
+  rm -f lets-encrypt-x3-cross-signed.der
+  cd $CDIR
+}
+
 function install_cloud_scripts() {
   # ./cloud_scripts/ has been put there by ../../cloud_scripts_shar_archive.sh
   rsync -av ./cloud_scripts/ /
@@ -102,6 +112,7 @@ function configure_services() {
   configure_apache2
   configure_strongswan
   configure_issue
+  configure_cacerts
 }
 
 return 2>/dev/null || configure_services