From 39f63c5efa2dd2eef139ac7719ded18f7fd8b94c Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Tue, 11 Apr 2017 11:43:06 +0000 Subject: docker/all: Bind-mount OpenSSL CA bundle The containers also need to trust the CA's that the overcloud node trusts, else we'll get SSL verification failures. bp tls-via-certmonger-containers Change-Id: I7d3412a6273777712db2c90522e365c413567c49 --- docker/docker-puppet.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docker') diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index c364d039..5c68b08d 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -202,6 +202,12 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', + # OpenSSL trusted CA injection + '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', + '--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', + # script injection '--volume', '%s:%s:rw' % (sh_script, sh_script) ] for volume in volumes: -- cgit 1.2.3-korg