Support adding a trusted CA certificate in ansible
Some parts of the ansible playbook may require installing a trusted CA cert on the system. For example specifying a docker registry using a self signed cert. This change will allow the ansible playbook to call the system certificate-install command during initial config. Change-Id: Ic094837388b0fb644d647e693314dd3abaab1266 Signed-off-by: David Sullivan <david.sullivan@windriver.com> Partial-Bug: 1831946
This commit is contained in:
parent
dd7ff62936
commit
023c011063
|
@ -251,6 +251,13 @@ class platform::config::certs::ssl_ca
|
||||||
inherits ::platform::config::certs::params {
|
inherits ::platform::config::certs::params {
|
||||||
|
|
||||||
$ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca-cert.pem'
|
$ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca-cert.pem'
|
||||||
|
if str2bool($::is_initial_config) {
|
||||||
|
$docker_restart_cmd = 'systemctl restart docker'
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$docker_restart_cmd = 'pmon-restart dockerd'
|
||||||
|
}
|
||||||
|
|
||||||
if ! empty($ssl_ca_cert) {
|
if ! empty($ssl_ca_cert) {
|
||||||
file { 'create-ssl-ca-cert':
|
file { 'create-ssl-ca-cert':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
@ -273,10 +280,19 @@ class platform::config::certs::ssl_ca
|
||||||
refreshonly => true
|
refreshonly => true
|
||||||
}
|
}
|
||||||
-> exec { 'restart docker':
|
-> exec { 'restart docker':
|
||||||
command => 'pmon-restart dockerd',
|
command => $docker_restart_cmd,
|
||||||
subscribe => File[$ssl_ca_file],
|
subscribe => File[$ssl_ca_file],
|
||||||
refreshonly => true
|
refreshonly => true
|
||||||
}
|
}
|
||||||
|
if str2bool($::is_controller_active) {
|
||||||
|
Exec['restart docker']
|
||||||
|
-> file { '/etc/platform/.ssl_ca_complete':
|
||||||
|
ensure => present,
|
||||||
|
owner => root,
|
||||||
|
group => root,
|
||||||
|
mode => '0644',
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -10309,7 +10309,8 @@ class ConductorManager(service.PeriodicService):
|
||||||
}
|
}
|
||||||
self._config_apply_runtime_manifest(context,
|
self._config_apply_runtime_manifest(context,
|
||||||
config_uuid,
|
config_uuid,
|
||||||
config_dict)
|
config_dict,
|
||||||
|
force=True)
|
||||||
elif mode == constants.CERT_MODE_DOCKER_REGISTRY:
|
elif mode == constants.CERT_MODE_DOCKER_REGISTRY:
|
||||||
LOG.info("Docker registry certificate install")
|
LOG.info("Docker registry certificate install")
|
||||||
# docker registry requires a PKCS1 key for the token server
|
# docker registry requires a PKCS1 key for the token server
|
||||||
|
|
Loading…
Reference in New Issue