aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-04-11 11:43:06 +0000
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-04-12 09:45:13 +0000
commit39f63c5efa2dd2eef139ac7719ded18f7fd8b94c (patch)
tree94475cb6cf6245b0ba23421ddfc940366ce1e2d3 /docker
parent87f41c6ec672cbbdc86c83fb13c35ab234ee618d (diff)
docker/all: Bind-mount OpenSSL CA bundle
The containers also need to trust the CA's that the overcloud node trusts, else we'll get SSL verification failures. bp tls-via-certmonger-containers Change-Id: I7d3412a6273777712db2c90522e365c413567c49
Diffstat (limited to 'docker')
-rwxr-xr-xdocker/docker-puppet.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index c364d039..5c68b08d 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -202,6 +202,12 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
'--volume', '/var/lib/config-data/:/var/lib/config-data/:rw',
'--volume', 'tripleo_logs:/var/log/tripleo/',
+ # OpenSSL trusted CA injection
+ '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro',
+ '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro',
+ '--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro',
+ '--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro',
+ # script injection
'--volume', '%s:%s:rw' % (sh_script, sh_script) ]
for volume in volumes: