Support to add certificate in ironic-agent
This commits provides support to add certificate while building the image using ironic-agent element. The certificate can be CA certificate or self-signed certificate. The certificate is set to the environment variable 'DIB_IPA_CERT' which in turn is used by the ironic-agent element while building the image. Change-Id: I648f7934d4787dcc3030885cfca771b642a9595e
This commit is contained in:
parent
81633f69c8
commit
cd66aebf40
@ -15,6 +15,9 @@ Beyond installing the ironic-python-agent, this element does the following:
|
||||
* When installing from source, ``python-dev`` and ``gcc`` are also installed
|
||||
in order to support source based installation of ironic-python-agent and its
|
||||
dependencies.
|
||||
* Install the certificate if any, which is set to the environment variable
|
||||
``DIB_IPA_CERT`` for validating the authenticity by ironic-python-agent. The
|
||||
certificate can be self-signed certificate or CA certificate.
|
||||
|
||||
This element outputs three files:
|
||||
|
||||
|
12
elements/ironic-agent/extra-data.d/15-ssl-ca-copy
Executable file
12
elements/ironic-agent/extra-data.d/15-ssl-ca-copy
Executable file
@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
if [ -n "${DIB_IPA_CERT:=}" ]; then
|
||||
cp $DIB_IPA_CERT $TMP_HOOKS_PATH/server.pem
|
||||
fi
|
@ -36,3 +36,8 @@ case "$DIB_INIT_SYSTEM" in
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# Copying the self signed certificate for request library
|
||||
if [ -f /tmp/in_target.d/server.pem ]; then
|
||||
cat /tmp/in_target.d/server.pem >> $($IPADIR/venv/bin/python -c "import requests; print requests.certs.where()")
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user