openstack/ironic-python-agent-builder
Code Issues Proposed changes

Merge "Fix cacert path for TLS element"

Browse Source
This commit is contained in:
Zuul 2020-09-12 08:35:53 +00:00 committed by Gerrit Code Review
commit de5381dee5
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
dib/ironic-python-agent-tls/pre-finalize.d/10-configure-ipa-tls
View File

@ -1,7 +1,12 @@
#!/bin/bash #!/bin/bash
# /etc/ironic-python-agent.d/ is created by the ironic-python-agent-ramdisk element # This is the path inside the ramdisk, referenced in config files
KEYDIR=$TMP_BUILD_DIR/mnt/etc/ironic-python-agent.d INSIDEDIR=/etc/ironic-python-agent.d/
# but when copying files from outside the ramdisk, we have to use the mounted
# DIB filesystems
KEYDIR=$TMP_BUILD_DIR/mnt/$INSIDEDIR
CONFFILE=$KEYDIR/10-configure-tls.conf CONFFILE=$KEYDIR/10-configure-tls.conf
CACONFFILE=$KEYDIR/11-configure-client-cert-ca.conf CACONFFILE=$KEYDIR/11-configure-client-cert-ca.conf
@ -18,8 +23,8 @@ cat <<EOF | sudo tee $CONFFILE
listen_tls = True listen_tls = True
[ssl] [ssl]
cert_file = /etc/ironic-python-agent.d/agent.crt cert_file = $INSIDEDIR/agent.crt
key_file = /etc/ironic-python-agent.d/agent.key key_file = $INSIDEDIR/agent.key
EOF EOF
if [[ -n $DIB_IPA_CA_FILE ]]; then if [[ -n $DIB_IPA_CA_FILE ]]; then
@ -27,6 +32,6 @@ if [[ -n $DIB_IPA_CA_FILE ]]; then
sudo cp $DIB_IPA_CA_FILE $KEYDIR/agent.cacert.pem sudo cp $DIB_IPA_CA_FILE $KEYDIR/agent.cacert.pem
cat <<EOF | sudo tee $CACONFFILE cat <<EOF | sudo tee $CACONFFILE
[ssl] [ssl]
ca_file = /etc/ironic-python-agent/agent.cacert.pem ca_file = $INSIDEDIR/agent.cacert.pem
EOF EOF
fi fi