Have certs_install install all custom certs for requests as well

Also supports `extra_ca_certs` being a single file, which is useful for the Kubernetes configmap case

Fixes https://www.pivotaltracker.com/story/show/134302623
This commit is contained in:
Joseph Schorr 2016-11-30 14:04:26 -05:00
parent 244bf2a070
commit 009c1f7a5f

View file

@ -7,9 +7,19 @@ then
cp /conf/stack/ldap.crt /usr/local/share/ca-certificates/ldap.crt cp /conf/stack/ldap.crt /usr/local/share/ca-certificates/ldap.crt
fi fi
# Add extra trusted certificates # Add extra trusted certificates (as a directory)
if [ -d /conf/stack/extra_ca_certs ]; then if [ -d /conf/stack/extra_ca_certs ]; then
cp /conf/stack/extra_ca_certs/* /usr/local/share/ca-certificates/ echo "Installing extra certificates found in /conf/stack/extra_ca_certs directory"
cp /conf/stack/extra_ca_certs/* /usr/local/share/ca-certificates/
cat /conf/stack/extra_ca_certs/* >> /venv/lib/python2.7/site-packages/requests/cacert.pem
fi fi
# Add extra trusted certificates (as a file)
if [ -f /conf/stack/extra_ca_certs ]; then
echo "Installing extra certificates found in /conf/stack/extra_ca_certs file"
csplit -z -f /usr/local/share/ca-certificates/extra-ca- /conf/stack/extra_ca_certs '/-----BEGIN CERTIFICATE-----/' '{*}'
cat /conf/stack/extra_ca_certs >> /venv/lib/python2.7/site-packages/requests/cacert.pem
fi
# Update all CA certificates.
update-ca-certificates update-ca-certificates