diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-04-11 11:43:06 +0000 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-04-12 09:45:13 +0000 |
commit | 39f63c5efa2dd2eef139ac7719ded18f7fd8b94c (patch) | |
tree | 94475cb6cf6245b0ba23421ddfc940366ce1e2d3 | |
parent | 87f41c6ec672cbbdc86c83fb13c35ab234ee618d (diff) |
docker/all: Bind-mount OpenSSL CA bundle
The containers also need to trust the CA's that the overcloud node
trusts, else we'll get SSL verification failures.
bp tls-via-certmonger-containers
Change-Id: I7d3412a6273777712db2c90522e365c413567c49
-rwxr-xr-x | docker/docker-puppet.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index c364d039..5c68b08d 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -202,6 +202,12 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', + # OpenSSL trusted CA injection + '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', + '--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', + # script injection '--volume', '%s:%s:rw' % (sh_script, sh_script) ] for volume in volumes: |