Add ca-certificates into debian base image during debootstrap.

debootstrap uses http for it's apt config so can function without the certificates from ca-certificates being installed. The debian bookworm cloud image defaults to using https for the apt repo urls, so unless the ca-certificates package is present no more apt operations can be done once the apt configuration is synchronised from the host to the container image. Installing ca-certificates during the initial debootstrap avoids the issue of not being able to install ca-certificates due to failed SSL verification. Change-Id: Ia78429eaf4bd71a8f3509c4e484f7dd02574c6b1
2023-09-11 17:03:34 +01:00 · 2023-09-11 17:03:34 +01:00 · f1b02d0989
parent f435f144aa
commit f1b02d0989
1 changed files with 5 additions and 1 deletions
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -14,7 +14,11 @@
 # limitations under the License.

 _lxc_hosts_container_build_command: >-
-  debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} {{ lxc_apt_mirror }}
+  debootstrap --variant minbase
+  --include ca-certificates
+  {{ ansible_facts['distribution_release'] }}
+  /var/lib/machines/{{ lxc_container_base_name }}
+  {{ lxc_apt_mirror }}

 _lxc_cache_map:
  distro: "{{ ansible_facts['distribution'] | lower }}"