openstack/trove
Code Issues Proposed changes

Merge "Configure guestagent on Ubuntu guest images to use CA certificates"

Browse Source
This commit is contained in:
Zuul 2017-12-03 18:29:20 +00:00 committed by Gerrit Code Review
commit ccb6752f69
3 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
integration/scripts/files/elements/fedora-guest/install.d/21-use-fedora-certificates Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# CONTEXT: GUEST during CONSTRUCTION as ROOT
# PURPOSE: configure trove-guest service to use system store of trusted certificates
GUEST_UNIT_DROPINS="/etc/systemd/system/trove-guest.service.d"
mkdir -v -p ${GUEST_UNIT_DROPINS}
echo -e '[Service]\nEnvironment=REQUESTS_CA_BUNDLE=/etc/pki/tls/certs' > ${GUEST_UNIT_DROPINS}/30-use-system-certificates.conf

11
integration/scripts/files/elements/ubuntu-xenial-guest/install.d/21-use-ubuntu-certificates Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# CONTEXT: GUEST during CONSTRUCTION as ROOT
# PURPOSE: configure trove-guest service to use system store of trusted certificates
GUEST_UNIT_DROPINS="/etc/systemd/system/trove-guest.service.d"
mkdir -v -p ${GUEST_UNIT_DROPINS}
echo -e '[Service]\nEnvironment=REQUESTS_CA_BUNDLE=/etc/ssl/certs' > ${GUEST_UNIT_DROPINS}/30-use-system-certificates.conf

4
integration/scripts/files/trove-guest.upstart.conf
View File

@ -36,5 +36,7 @@ script
fi
exec su -c "/home/GUEST_USERNAME/trove/contrib/trove-guestagent $TROVE_CONFIG" GUEST_USERNAME
# Requests: CA directories not supported in older Pythons, a custom bundle file is needed
cat /usr/local/share/ca-certificates/*.crt > /usr/local/share/ca-certificates/custom.bundle
exec su -c "REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/custom.bundle /home/GUEST_USERNAME/trove/contrib/trove-guestagent $TROVE_CONFIG" GUEST_USERNAME
end script