Browse Source

Merge "Always update the local certmonger ca cert"

changes/04/785404/1
Zuul 1 year ago committed by Gerrit Code Review
parent
commit
12ef7e9632
  1. 8
      deployment/haproxy/haproxy-public-tls-certmonger.yaml

8
deployment/haproxy/haproxy-public-tls-certmonger.yaml

@ -95,11 +95,9 @@ outputs:
shell: |
set -e
ca_pem='/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
if ! { test -e ${ca_pem} && openssl x509 -checkend 0 -noout -in ${ca_pem}; }; then
openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_pem} -nokeys -nodes -passin pass:''
chmod 0644 ${ca_pem}
update-ca-trust extract
fi
openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_pem} -nokeys -nodes -passin pass:''
chmod 0644 ${ca_pem}
update-ca-trust extract
test -e ${ca_pem} && openssl x509 -checkend 0 -noout -in ${ca_pem}
retries: 5
delay: 1

Loading…
Cancel
Save