From 9ae93ece267a8a7978bc1645f57afc03bbb212ca Mon Sep 17 00:00:00 2001
From: Artur Svechnikov <asvechnikov@mirantis.com>
Date: Fri, 29 Jan 2016 11:08:04 +0300
Subject: [PATCH] Introduce new build option to pass CA cert

Conflicts:

	bareon/drivers/deploy/nailgun.py

Change-Id: I994bc6918a1c84d120eb77b37f1b63b59dd85ed5
Closes-Bug: #1539437
---
 bareon/drivers/deploy/nailgun.py                      | 11 +++++------
 bareon/utils/build.py                                 |  6 ++++--
 .../fuel_bootstrap/commands/build.py                  |  8 ++++++++
 .../fuel_bootstrap_cli/fuel_bootstrap/utils/data.py   |  5 ++++-
 4 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/bareon/drivers/deploy/nailgun.py b/bareon/drivers/deploy/nailgun.py
index 10f41d6..80d344f 100644
--- a/bareon/drivers/deploy/nailgun.py
+++ b/bareon/drivers/deploy/nailgun.py
@@ -467,15 +467,14 @@ class Manager(BaseDeployDriver):
                       ' '.join(packages))
             # disable hosts/resolv files
             bu.propagate_host_resolv_conf(chroot)
-            # for case when https proxy is used we need to upload cert file
-            # into chroot and update certificates
-            if hasattr(bs_scheme, 'extra_files') and bs_scheme.extra_files:
-                for extra in bs_scheme.extra_files:
-                    bu.rsync_inject(extra, chroot)
-                bu.update_certs(chroot)
+            if hasattr(bs_scheme, 'certs') and bs_scheme.certs:
+                bu.copy_update_certs(bs_scheme.certs, chroot)
             bu.run_apt_get(chroot, packages=packages,
                            attempts=CONF.fetch_packages_attempts)
             LOG.debug('Post-install OS configuration')
+            if hasattr(bs_scheme, 'extra_files') and bs_scheme.extra_files:
+                for extra in bs_scheme.extra_files:
+                    bu.rsync_inject(extra, chroot)
             if (hasattr(bs_scheme, 'root_ssh_authorized_file') and
                     bs_scheme.root_ssh_authorized_file):
                 LOG.debug('Put ssh auth file %s',
diff --git a/bareon/utils/build.py b/bareon/utils/build.py
index 0f7133c..3ac015a 100644
--- a/bareon/utils/build.py
+++ b/bareon/utils/build.py
@@ -816,8 +816,10 @@ def rsync_inject(src, dst):
                   dst + '/', logged=True)
 
 
-def update_certs(chroot):
-    """Try to update CA certificates in chroot"""
+def copy_update_certs(certs, chroot):
+    """Try to copy and update CA certificates in chroot"""
+    for cert in certs:
+        rsync_inject(cert, chroot)
     utils.execute('chroot', chroot, 'update-ca-certificates',
                   check_exit_code=False, logged=True)
 
diff --git a/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/commands/build.py b/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/commands/build.py
index e4accc6..2320b2b 100644
--- a/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/commands/build.py
+++ b/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/commands/build.py
@@ -181,6 +181,14 @@ class BuildCommand(command.Command):
                  " images are not supported by fuel-bootstrap.",
             action='store_true'
         )
+        parser.add_argument(
+            '--load-cert',
+            dest='certs',
+            metavar='FULL_PATH',
+            help="Load CA certificate for https connections. Work as extra"
+                 " files",
+            action='append'
+        )
         return parser
 
     def take_action(self, parsed_args):
diff --git a/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/utils/data.py b/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/utils/data.py
index 172b56b..774e1a9 100644
--- a/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/utils/data.py
+++ b/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/utils/data.py
@@ -70,6 +70,8 @@ class BootstrapDataBuilder(object):
             file_name = "{0}.{1}".format(self.uuid, self.container_format)
             self.output = os.path.join(self.output, file_name)
 
+        self.certs = data.get('certs')
+
     def build(self):
         return {
             'bootstrap': {
@@ -83,7 +85,8 @@ class BootstrapDataBuilder(object):
                     'meta_file': consts.METADATA_FILE,
                     'format': self.container_format
                 },
-                'label': self.label
+                'label': self.label,
+                'certs': self.certs
             },
             'repos': self._get_repos(),
             'proxies': self._get_proxy_settings(),