Debian: fix system registry image commands
On Debian system regirstry image commands such as system registry-image-list fails with traceback in sysinv log. The root cause is that the command is looking for system trusted CA bundle in a hardcoded path "/etc/ssl/certs/ca-bundle.crt". But on Debian the CA bundle is /etc/ssl/certs/ca-certificates.crt Fixed this by adding a generic function to find the CA bundle in a list that have the CA bundle path for Debian, CentOS, Suse and FreeBSD/OpenBSD. Test Plan for Debian and CentOS: PASS: package build, image build PASS: system bootstrap, controller unlock PASS: system registry-image-list succeed without error Closes-Bug: 1978320 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: I9fbf19ea6a78c1e4d93855815f239eb29b6f7551
This commit is contained in:
parent
4299d70aa4
commit
cf0161285e
|
@ -3666,3 +3666,17 @@ def replace_helmrepo_url_with_floating_address(dbapi, helmrepository_url):
|
|||
get_http_port(dbapi),
|
||||
parsed_helm_repo_url.path
|
||||
)
|
||||
|
||||
|
||||
def get_system_ca_file():
|
||||
"""Return path to system default CA file."""
|
||||
# Standard CA file locations for Debian/Ubuntu, RedHat/Fedora,
|
||||
# Suse, FreeBSD/OpenBSD
|
||||
ca_path = ['/etc/ssl/certs/ca-certificates.crt',
|
||||
'/etc/pki/tls/certs/ca-bundle.crt',
|
||||
'/etc/ssl/ca-bundle.pem',
|
||||
'/etc/ssl/cert.pem']
|
||||
for ca in ca_path:
|
||||
if os.path.exists(ca):
|
||||
return ca
|
||||
return None
|
||||
|
|
|
@ -10,9 +10,10 @@ import requests
|
|||
from oslo_serialization import base64
|
||||
from sysinv.common import constants
|
||||
from sysinv.common import exception
|
||||
from sysinv.common import utils as cutils
|
||||
|
||||
DOCKER_CERT_PATH = '/etc/ssl/private/registry-cert.crt'
|
||||
SYSTEM_CERT_PATH = '/etc/ssl/certs/ca-bundle.crt'
|
||||
SYSTEM_CERT_PATH = cutils.get_system_ca_file()
|
||||
KEYRING_SERVICE = 'CGCS'
|
||||
REGISTRY_USERNAME = 'admin'
|
||||
REGISTRY_BASEURL = 'https://%s/v2/' % constants.DOCKER_REGISTRY_SERVER
|
||||
|
|
Loading…
Reference in New Issue