Introduce new build option to pass CA cert

Conflicts: bareon/drivers/deploy/nailgun.py Change-Id: I994bc6918a1c84d120eb77b37f1b63b59dd85ed5 Closes-Bug: #1539437
2016-01-29 11:08:04 +03:00 · 2016-01-29 11:08:04 +03:00 · 9ae93ece26
commit 9ae93ece26
parent 78c9d6afb0
4 changed files with 21 additions and 9 deletions
--- a/bareon/drivers/deploy/nailgun.py
+++ b/bareon/drivers/deploy/nailgun.py
@ -467,15 +467,14 @@ class Manager(BaseDeployDriver):
                      ' '.join(packages))
            # disable hosts/resolv files
            bu.propagate_host_resolv_conf(chroot)
-            # for case when https proxy is used we need to upload cert file
-            # into chroot and update certificates
-            if hasattr(bs_scheme, 'extra_files') and bs_scheme.extra_files:
-                for extra in bs_scheme.extra_files:
-                    bu.rsync_inject(extra, chroot)
-                bu.update_certs(chroot)
+            if hasattr(bs_scheme, 'certs') and bs_scheme.certs:
+                bu.copy_update_certs(bs_scheme.certs, chroot)
            bu.run_apt_get(chroot, packages=packages,
                           attempts=CONF.fetch_packages_attempts)
            LOG.debug('Post-install OS configuration')
+            if hasattr(bs_scheme, 'extra_files') and bs_scheme.extra_files:
+                for extra in bs_scheme.extra_files:
+                    bu.rsync_inject(extra, chroot)
            if (hasattr(bs_scheme, 'root_ssh_authorized_file') and
                    bs_scheme.root_ssh_authorized_file):
                LOG.debug('Put ssh auth file %s',
--- a/bareon/utils/build.py
+++ b/bareon/utils/build.py
@ -816,8 +816,10 @@ def rsync_inject(src, dst):
                  dst + '/', logged=True)


-def update_certs(chroot):
-    """Try to update CA certificates in chroot"""
+def copy_update_certs(certs, chroot):
+    """Try to copy and update CA certificates in chroot"""
+    for cert in certs:
+        rsync_inject(cert, chroot)
    utils.execute('chroot', chroot, 'update-ca-certificates',
                  check_exit_code=False, logged=True)

--- a/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/commands/build.py
+++ b/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/commands/build.py
@ -181,6 +181,14 @@ class BuildCommand(command.Command):
                 " images are not supported by fuel-bootstrap.",
            action='store_true'
        )
+        parser.add_argument(
+            '--load-cert',
+            dest='certs',
+            metavar='FULL_PATH',
+            help="Load CA certificate for https connections. Work as extra"
+                 " files",
+            action='append'
+        )
        return parser

    def take_action(self, parsed_args):
--- a/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/utils/data.py
+++ b/contrib/fuel_bootstrap/fuel_bootstrap_cli/fuel_bootstrap/utils/data.py
@ -70,6 +70,8 @@ class BootstrapDataBuilder(object):
            file_name = "{0}.{1}".format(self.uuid, self.container_format)
            self.output = os.path.join(self.output, file_name)

+        self.certs = data.get('certs')
+
    def build(self):
        return {
            'bootstrap': {
@ -83,7 +85,8 @@ class BootstrapDataBuilder(object):
                    'meta_file': consts.METADATA_FILE,
                    'format': self.container_format
                },
-                'label': self.label
+                'label': self.label,
+                'certs': self.certs
            },
            'repos': self._get_repos(),
            'proxies': self._get_proxy_settings(),