openstack/ironic-python-agent-builder
Code Issues Proposed changes

Fix cacert path for TLS element

Browse Source 
agent.cacert.pem is copied into /etc/ironic-python-agent.d, not
/etc/ironic-python-agent

Change to using a variable for that path, so it can't happen again

Change-Id: I530a97bab0883f875fd5103846ebc4dd356d5c5b
This commit is contained in:
Jay Faulkner 2020-09-11 09:07:51 -07:00
parent da78fa099f
commit 841ef669e1
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
dib/ironic-python-agent-tls/pre-finalize.d/10-configure-ipa-tls
View File

@ -1,7 +1,12 @@
#!/bin/bash #!/bin/bash
# /etc/ironic-python-agent.d/ is created by the ironic-python-agent-ramdisk element # This is the path inside the ramdisk, referenced in config files
KEYDIR=$TMP_BUILD_DIR/mnt/etc/ironic-python-agent.d INSIDEDIR=/etc/ironic-python-agent.d/
# but when copying files from outside the ramdisk, we have to use the mounted
# DIB filesystems
KEYDIR=$TMP_BUILD_DIR/mnt/$INSIDEDIR
CONFFILE=$KEYDIR/10-configure-tls.conf CONFFILE=$KEYDIR/10-configure-tls.conf
CACONFFILE=$KEYDIR/11-configure-client-cert-ca.conf CACONFFILE=$KEYDIR/11-configure-client-cert-ca.conf
@ -18,8 +23,8 @@ cat <<EOF | sudo tee $CONFFILE
listen_tls = True listen_tls = True
[ssl] [ssl]
cert_file = /etc/ironic-python-agent.d/agent.crt cert_file = $INSIDEDIR/agent.crt
key_file = /etc/ironic-python-agent.d/agent.key key_file = $INSIDEDIR/agent.key
EOF EOF
if [[ -n $DIB_IPA_CA_FILE ]]; then if [[ -n $DIB_IPA_CA_FILE ]]; then
@ -27,6 +32,6 @@ if [[ -n $DIB_IPA_CA_FILE ]]; then
sudo cp $DIB_IPA_CA_FILE $KEYDIR/agent.cacert.pem sudo cp $DIB_IPA_CA_FILE $KEYDIR/agent.cacert.pem
cat <<EOF | sudo tee $CACONFFILE cat <<EOF | sudo tee $CACONFFILE
[ssl] [ssl]
ca_file = /etc/ironic-python-agent/agent.cacert.pem ca_file = $INSIDEDIR/agent.cacert.pem
EOF EOF
fi fi