Merge "Support to add certificate in ironic-agent"

elements/ironic-agent/README.rst

@@ -15,6 +15,9 @@ Beyond installing the ironic-python-agent, this element does the following:
 * When installing from source, ``python-dev`` and ``gcc`` are also installed
   in order to support source based installation of ironic-python-agent and its
   dependencies.
+* Install the certificate if any, which is set to the environment variable
+  ``DIB_IPA_CERT`` for validating the authenticity by ironic-python-agent. The
+  certificate can be self-signed certificate or CA certificate.
 
 This element outputs three files:
 

elements/ironic-agent/extra-data.d/15-ssl-ca-copy

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+
+set -eu
+set -o pipefail
+
+if [ -n "${DIB_IPA_CERT:=}" ]; then
+    cp $DIB_IPA_CERT $TMP_HOOKS_PATH/server.pem
+fi

elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install

@@ -36,3 +36,8 @@ case "$DIB_INIT_SYSTEM" in
         exit 1
         ;;
 esac
+
+# Copying the self signed certificate for request library
+if [ -f /tmp/in_target.d/server.pem ]; then
+    cat /tmp/in_target.d/server.pem >> $($IPADIR/venv/bin/python -c "import requests; print requests.certs.where()")
+fi