diff --git a/README.md b/README.md index a66372787..1009617d8 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,10 @@ This section describes the optional build variables that can be enabled via the * XML Snippet Location: [keystore.xml](ga/latest/kernel/helpers/build/configuration_snippets/keystore.xml). * `VERBOSE` * Description: When set to `true` it outputs the commands and results to stdout from `configure.sh`. Otherwise, default setting is `false` and `configure.sh` is silenced. +* `GENERATE_LTPA_KEYS_PASSWORD` (26.0.0.5+) + * Description: Automatically generates a secure random password for LTPA keys and exports it as the `ltpa_keys_password` environment variable. This prevents the LTPA service from failing with error `CWWKS4118E` when no LTPA keys password is configured. + * Default: `"true"`. + * Note: If `ltpa_keys_password` is already set, automatic generation is skipped. Set to `"false"` to disable. ### Deprecated Build Variables diff --git a/ga/26.0.0.5/kernel/helpers/runtime/docker-server.sh b/ga/26.0.0.5/kernel/helpers/runtime/docker-server.sh index 3452ff7f5..1c1903aa2 100755 --- a/ga/26.0.0.5/kernel/helpers/runtime/docker-server.sh +++ b/ga/26.0.0.5/kernel/helpers/runtime/docker-server.sh @@ -114,6 +114,12 @@ keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml" importKeyCert + +if [ "${GENERATE_LTPA_KEYS_PASSWORD:-true}" = "true" ] && [ -z "$ltpa_keys_password" ]; then + export ltpa_keys_password=$(openssl rand -base64 32 2>/dev/null) + echo "Generated ltpa_keys_password for LTPA configuration" +fi + # Infinispan Session Caching if [[ -n "$INFINISPAN_SERVICE_NAME" ]]; then echo "INFINISPAN_SERVICE_NAME(original): ${INFINISPAN_SERVICE_NAME}" diff --git a/ga/latest/kernel/helpers/runtime/docker-server.sh b/ga/latest/kernel/helpers/runtime/docker-server.sh index 3452ff7f5..1c1903aa2 100755 --- a/ga/latest/kernel/helpers/runtime/docker-server.sh +++ b/ga/latest/kernel/helpers/runtime/docker-server.sh @@ -114,6 +114,12 @@ keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml" importKeyCert + +if [ "${GENERATE_LTPA_KEYS_PASSWORD:-true}" = "true" ] && [ -z "$ltpa_keys_password" ]; then + export ltpa_keys_password=$(openssl rand -base64 32 2>/dev/null) + echo "Generated ltpa_keys_password for LTPA configuration" +fi + # Infinispan Session Caching if [[ -n "$INFINISPAN_SERVICE_NAME" ]]; then echo "INFINISPAN_SERVICE_NAME(original): ${INFINISPAN_SERVICE_NAME}"