Generate admin_url to enable https for admin endpoints

This commit updated platform services' sysinv puppet plugins to generate proper admin_url hiera data to enable https for these endpoints during controller unlock. This commit also updated controller_config to copy and install dc admin endpoint CA cert and haproxy cert for the second controller. Change-Id: I21345a96f8a0ffb416069ff28dbcfa51b9e12359 Story: 2007347 Task: 39314 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-04-06 10:47:09 -04:00
parent f2dd994914
commit e169d1caea
13 changed files with 78 additions and 11 deletions
--- a/controllerconfig/controllerconfig/scripts/controller_config
+++ b/controllerconfig/controllerconfig/scripts/controller_config
@@ -319,6 +319,30 @@ start()
        fi
    fi

+    if [ -e $CONFIG_DIR/admin-ep-cert.pem ]
+    then
+        cp $CONFIG_DIR/admin-ep-cert.pem /etc/ssl/private/
+        if [ $? -ne 0 ]
+        then
+            fatal_error "Unable to copy $CONFIG_DIR/admin-ep-cert.pem to certificates dir"
+        fi
+    fi
+
+    if [ -e $CONFIG_DIR/dc-adminep-root-ca.crt ]
+    then
+        cp $CONFIG_DIR/dc-adminep-root-ca.crt /etc/pki/ca-trust/source/anchors/
+        if [ $? -ne 0 ]
+        then
+            fatal_error "Unable to copy $CONFIG_DIR/dc-adminep-root-ca.crt to certificates dir"
+        fi
+        # Update system trusted CA cert list with the new CA cert.
+        update-ca-trust extract
+        if [ $? -ne 0 ]
+        then
+            fatal_error "Unable to update system trusted CA certificate list"
+        fi
+    fi
+
    if [ -e $CONFIG_DIR/openstack ]
    then
        if [ ! -e /etc/ssl/private/openstack ]