vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix handling of custom LDAP cert

Browse source 
This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs

Fixes #1846
This commit is contained in:
Joseph Schorr 2016-09-19 17:55:08 -04:00
parent 8ab60640fe
commit c7beea2032
5 changed files with 18 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Dockerfile
View file

@ -89,7 +89,8 @@ RUN rm -rf grunt
ADD conf/init/copy_config_files.sh /etc/my_init.d/ ADD conf/init/copy_config_files.sh /etc/my_init.d/
ADD conf/init/doupdatelimits.sh /etc/my_init.d/ ADD conf/init/doupdatelimits.sh /etc/my_init.d/
ADD conf/init/copy_syslog_config.sh /etc/my_init.d/ ADD conf/init/copy_syslog_config.sh /etc/my_init.d/
ADD conf/init/create_certs.sh /etc/my_init.d/ ADD conf/init/certs_create.sh /etc/my_init.d/
ADD conf/init/certs_install.sh /etc/my_init.d/
ADD conf/init/runmigration.sh /etc/my_init.d/ ADD conf/init/runmigration.sh /etc/my_init.d/
ADD conf/init/syslog-ng.conf /etc/syslog-ng/ ADD conf/init/syslog-ng.conf /etc/syslog-ng/
ADD conf/init/zz_boot.sh /etc/my_init.d/ ADD conf/init/zz_boot.sh /etc/my_init.d/

7
conf/init/create_certs.sh → conf/init/certs_create.sh
View file

@ -6,10 +6,3 @@ echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - |
cp mitm-key.pem /conf/mitm.key cp mitm-key.pem /conf/mitm.key
cp mitm.pem /conf/mitm.cert cp mitm.pem /conf/mitm.cert
cp mitm.pem /usr/local/share/ca-certificates/mitm.crt cp mitm.pem /usr/local/share/ca-certificates/mitm.crt
# Add extra trusted certificates
if [ -d /conf/stack/extra_ca_certs ]; then
cp /conf/stack/extra_ca_certs/* /usr/local/share/ca-certificates/
fi
update-ca-certificates

15
conf/init/certs_install.sh Executable file
View file

@ -0,0 +1,15 @@
#! /bin/bash
set -e
# Add the custom LDAP certificate
if [ -e /conf/stack/ldap.crt ]
then
cp /conf/stack/ldap.crt /usr/local/share/ca-certificates/ldap.crt
fi
# Add extra trusted certificates
if [ -d /conf/stack/extra_ca_certs ]; then
cp /conf/stack/extra_ca_certs/* /usr/local/share/ca-certificates/
fi
update-ca-certificates

8
conf/init/install_custom_certs.sh
View file

@ -1,8 +0,0 @@
#! /bin/bash
set -e
if [ -e /conf/stack/ldap.crt ]
then
cp /conf/stack/ldap.crt /usr/local/share/ca-certificates/ldap.crt
/usr/sbin/update-ca-certificates
fi

2
util/config/validator.py
View file

@ -312,7 +312,7 @@ def _validate_ldap(config, password):
# If there is a custom LDAP certificate, then reinstall the certificates for the container. # If there is a custom LDAP certificate, then reinstall the certificates for the container.
if config_provider.volume_file_exists(LDAP_CERT_FILENAME): if config_provider.volume_file_exists(LDAP_CERT_FILENAME):
subprocess.check_call(['/conf/init/install_custom_certs.sh']) subprocess.check_call(['/conf/init/certs_install.sh'])
# Note: raises ldap.INVALID_CREDENTIALS on failure # Note: raises ldap.INVALID_CREDENTIALS on failure
admin_dn = config.get('LDAP_ADMIN_DN') admin_dn = config.get('LDAP_ADMIN_DN')