Fix handling of custom LDAP cert

This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846
2016-09-19 17:55:08 -04:00 · 2016-09-19 17:55:08 -04:00 · c7beea2032
commit c7beea2032
parent 8ab60640fe
5 changed files with 18 additions and 17 deletions
--- a/3
+++ b/3
@ -89,7 +89,8 @@ RUN rm -rf grunt
 ADD conf/init/copy_config_files.sh /etc/my_init.d/
 ADD conf/init/doupdatelimits.sh /etc/my_init.d/
 ADD conf/init/copy_syslog_config.sh /etc/my_init.d/
-ADD conf/init/create_certs.sh /etc/my_init.d/
+ADD conf/init/certs_create.sh /etc/my_init.d/
+ADD conf/init/certs_install.sh /etc/my_init.d/
 ADD conf/init/runmigration.sh /etc/my_init.d/
 ADD conf/init/syslog-ng.conf /etc/syslog-ng/
 ADD conf/init/zz_boot.sh /etc/my_init.d/
--- a/conf/init/certs_create.sh
+++ b/conf/init/certs_create.sh
@ -6,10 +6,3 @@ echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - |
 cp mitm-key.pem /conf/mitm.key
 cp mitm.pem /conf/mitm.cert
 cp mitm.pem /usr/local/share/ca-certificates/mitm.crt
-
-# Add extra trusted certificates
-if [ -d /conf/stack/extra_ca_certs ]; then
-	cp /conf/stack/extra_ca_certs/* /usr/local/share/ca-certificates/
-fi
-
-update-ca-certificates
--- a/conf/init/certs_install.sh
+++ b/conf/init/certs_install.sh
@ -0,0 +1,15 @@
+#! /bin/bash
+set -e
+
+# Add the custom LDAP certificate
+if [ -e /conf/stack/ldap.crt ]
+then
+  cp /conf/stack/ldap.crt /usr/local/share/ca-certificates/ldap.crt
+fi
+
+# Add extra trusted certificates
+if [ -d /conf/stack/extra_ca_certs ]; then
+    cp /conf/stack/extra_ca_certs/* /usr/local/share/ca-certificates/
+fi
+
+update-ca-certificates
--- a/conf/init/install_custom_certs.sh
+++ b/conf/init/install_custom_certs.sh
@ -1,8 +0,0 @@
-#! /bin/bash
-set -e
-
-if [ -e /conf/stack/ldap.crt ]
-then
-  cp /conf/stack/ldap.crt /usr/local/share/ca-certificates/ldap.crt
-  /usr/sbin/update-ca-certificates
-fi
--- a/util/config/validator.py
+++ b/util/config/validator.py
@ -312,7 +312,7 @@ def _validate_ldap(config, password):

  # If there is a custom LDAP certificate, then reinstall the certificates for the container.
  if config_provider.volume_file_exists(LDAP_CERT_FILENAME):
-    subprocess.check_call(['/conf/init/install_custom_certs.sh'])
+    subprocess.check_call(['/conf/init/certs_install.sh'])

  # Note: raises ldap.INVALID_CREDENTIALS on failure
  admin_dn = config.get('LDAP_ADMIN_DN')