Add possibility to provide custom CA certificate

With this commit, if custom_ca_crt variable is set in tenant_builds for the tenant, the certificate will be mounted inside the service container, so the --insecure parameter will be not needed. Change-Id: If6e28ecf9b5fcf178d1ab2f974cc574ef0866e37
2022-06-03 14:03:49 +02:00
parent 767f9ae43d
commit 9f5fe86cb8
7 changed files with 27 additions and 2 deletions
--- a/ansible/roles/logscraper/defaults/main.yml
+++ b/ansible/roles/logscraper/defaults/main.yml
@@ -29,4 +29,5 @@ container_images:
 #     max_skipped: 100
 #     debug: true
 #     logscraper_wait_time: 120
+#     custom_ca_crt: ""
 tenant_builds: []
--- a/ansible/roles/logscraper/templates/logscraper.sh.j2
+++ b/ansible/roles/logscraper/templates/logscraper.sh.j2
@@ -8,6 +8,9 @@
    --uidmap 1000:{{ logscraper_uid }}:1 \
    --name logscraper-{{ item.tenant }} \
    --volume {{ item.logscraper_dir | default(logscraper_dir) }}:{{ logscraper_dir }}:z \
+    {% if 'custom_ca_crt' in item %}
+    --volume {{ custom_ca_crt }}:{{ custom_ca_crt}}:z \
+    {% endif %}
    {% if 'download_dir' in item %}
    --volume {{ item.download_dir }}:{{ item.download_dir }}:z \
    {% endif %}
@@ -48,4 +51,7 @@
    {% if 'logscraper_wait_time' in item %}
    --wait-time {{ item['logscraper_wait_time'] }} \
    {% endif %}
+    {% if 'custom_ca_crt' in item %}
+    --ca-file {{ custom_ca_crt }} \
+    {% endif %}
    --follow
--- a/ansible/roles/logsender/defaults/main.yml
+++ b/ansible/roles/logsender/defaults/main.yml
@@ -26,4 +26,5 @@ container_images:
 #     keep: true
 #     ignore_es_status: false
 #     logsender_wait_time: 60
+#     custom_ca_crt: ""
 tenant_builds: []
--- a/ansible/roles/logsender/templates/logsender.sh.j2
+++ b/ansible/roles/logsender/templates/logsender.sh.j2
@@ -9,6 +9,9 @@
    --name logsender-{{ item.tenant }} \
    --volume {{ item.download_dir }}:{{ item.download_dir }}:z \
    --volume {{ item.logscraper_dir | default(logscraper_dir) }}:{{ logscraper_dir }}:z \
+    {% if 'custom_ca_crt' in item %}
+    --volume {{ custom_ca_crt }}:{{ custom_ca_crt}}:z \
+    {% endif %}
    {{ container_images['logsender'] }} \
    /usr/local/bin/logsender \
    --config {{ logscraper_dir }}/config.yaml \
@@ -54,4 +57,7 @@
    {% if 'logsender_wait_time' in item %}
    --wait-time {{ item['logsender_wait_time'] }} \
    {% endif %}
+    {% if 'custom_ca_crt' in item %}
+    --ca-file {{ custom_ca_crt }} \
+    {% endif %}
    --follow