Untested autoimage HTTPS server/client cert support by copying into the image.
This commit is contained in:
Ian Gulliver
@@ -28,6 +28,18 @@ parser.add_argument(
|
||||
dest='device',
|
||||
action='store',
|
||||
required=True)
|
||||
parser.add_argument(
|
||||
'--https-ca-cert',
|
||||
dest='https_ca_cert',
|
||||
action='store')
|
||||
parser.add_argument(
|
||||
'--https-client-cert',
|
||||
dest='https_client_cert',
|
||||
action='store')
|
||||
parser.add_argument(
|
||||
'--https-client-key',
|
||||
dest='https_client_key',
|
||||
action='store')
|
||||
parser.add_argument(
|
||||
'--persistent-percent',
|
||||
dest='persistent_percent',
|
||||
@@ -64,6 +76,32 @@ def main():
|
||||
FLAGS.ca_cert,
|
||||
os.path.join(FLAGS.chroot_path, 'autoimage', 'config', 'ca.cert.pem'))
|
||||
|
||||
image_flags = []
|
||||
|
||||
if FLAGS.https_ca_cert:
|
||||
https_ca_cert_path = os.path.join('autoimage', 'config', 'https-ca.cert.pem')
|
||||
shutil.copyfile(
|
||||
FLAGS.https_ca_cert,
|
||||
os.path.join(FLAGS.chroot_path, https_ca_cert_path))
|
||||
image_flags.extend([
|
||||
'--https-ca-cert', os.path.join('/', https_ca_cert_path),
|
||||
])
|
||||
|
||||
if FLAGS.https_client_cert and FLAGS.https_client_key:
|
||||
https_client_cert_path = os.path.join('autoimage', 'config', 'https-client.cert.pem')
|
||||
shutil.copyfile(
|
||||
FLAGS.https_client_cert,
|
||||
os.path.join(FLAGS.chroot_path, https_client_cert_path))
|
||||
https_client_key_path = os.path.join('autoimage', 'config', 'https-client.key.pem')
|
||||
shutil.copyfile(
|
||||
FLAGS.https_client_key,
|
||||
os.path.join(FLAGS.chroot_path, https_client_key_path))
|
||||
os.chmod(os.path.join(FLAGS.chroot_path, https_client_key_path), 0o400)
|
||||
image_flags.extend([
|
||||
'--https-client-cert', os.path.join('/', https_client_cert_path),
|
||||
'--https-client-key', os.path.join('/', https_client_key_path),
|
||||
])
|
||||
|
||||
parsed = parse.urlparse(FLAGS.base_url)
|
||||
|
||||
init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'autoimage.conf')
|
||||
@@ -79,7 +117,7 @@ script
|
||||
chvt 7
|
||||
/autoimage/client/wait_for_service.py --host=%(host)s --service=%(service)s </dev/tty7 >/dev/tty7 2>&1
|
||||
chvt 7
|
||||
/autoimage/imager/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/autoimage/config/ca.cert.pem --base-url=%(base_url)s </dev/tty7 >/dev/tty7 2>&1
|
||||
/autoimage/imager/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/autoimage/config/ca.cert.pem --base-url=%(base_url)s %(image_flags)s </dev/tty7 >/dev/tty7 2>&1
|
||||
chvt 7
|
||||
|
||||
echo >/dev/tty7
|
||||
@@ -95,6 +133,7 @@ end script
|
||||
'device': FLAGS.device,
|
||||
'persistent_percent': FLAGS.persistent_percent,
|
||||
'base_url': FLAGS.base_url,
|
||||
'image_flags': ' '.join(image_flags),
|
||||
})
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user