From cd66aebf4074f20dbe4ec57080595dbffaf2e015 Mon Sep 17 00:00:00 2001
From: Aparna <aparnavtce@gmail.com>
Date: Mon, 21 Mar 2016 06:45:27 +0000
Subject: [PATCH] Support to add certificate in ironic-agent

This commits provides support to add certificate while
building the image using ironic-agent element. The
certificate can be CA certificate or self-signed certificate.

The certificate is set to the environment variable
'DIB_IPA_CERT' which in turn is used by the ironic-agent
element while building the image.

Change-Id: I648f7934d4787dcc3030885cfca771b642a9595e
---
 elements/ironic-agent/README.rst                     |  3 +++
 elements/ironic-agent/extra-data.d/15-ssl-ca-copy    | 12 ++++++++++++
 .../60-ironic-agent-install                          |  5 +++++
 3 files changed, 20 insertions(+)
 create mode 100755 elements/ironic-agent/extra-data.d/15-ssl-ca-copy

diff --git a/elements/ironic-agent/README.rst b/elements/ironic-agent/README.rst
index f1fb42580..a6382a029 100644
--- a/elements/ironic-agent/README.rst
+++ b/elements/ironic-agent/README.rst
@@ -15,6 +15,9 @@ Beyond installing the ironic-python-agent, this element does the following:
 * When installing from source, ``python-dev`` and ``gcc`` are also installed
   in order to support source based installation of ironic-python-agent and its
   dependencies.
+* Install the certificate if any, which is set to the environment variable
+  ``DIB_IPA_CERT`` for validating the authenticity by ironic-python-agent. The
+  certificate can be self-signed certificate or CA certificate.
 
 This element outputs three files:
 
diff --git a/elements/ironic-agent/extra-data.d/15-ssl-ca-copy b/elements/ironic-agent/extra-data.d/15-ssl-ca-copy
new file mode 100755
index 000000000..1a3c1ad69
--- /dev/null
+++ b/elements/ironic-agent/extra-data.d/15-ssl-ca-copy
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+
+set -eu
+set -o pipefail
+
+if [ -n "${DIB_IPA_CERT:=}" ]; then
+    cp $DIB_IPA_CERT $TMP_HOOKS_PATH/server.pem
+fi
diff --git a/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install b/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install
index 17ac28316..3c93d70fc 100755
--- a/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install
+++ b/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install
@@ -36,3 +36,8 @@ case "$DIB_INIT_SYSTEM" in
         exit 1
         ;;
 esac
+
+# Copying the self signed certificate for request library
+if [ -f /tmp/in_target.d/server.pem ]; then
+    cat /tmp/in_target.d/server.pem >> $($IPADIR/venv/bin/python -c "import requests; print requests.certs.where()")
+fi