Support no_check_certificate=True subcloud install option
The install value no_check_certificate tranlates into
boot argument inst.noverifyssl=True from subcloud_install.py
This commit ensures that when we see this boot argument
we apply the tls-permissive config value to the repo remote.
Test Plan:
PASS:
- Install on system controller with https_enabled=True
- Without no_check_certificate=True:
- Install fails with 'Unacceptable TLS certificate'
error during ostree pull
- With no_check_certificate=True:
- Install is successful
- ostree pull is using https url
- Install on system controller with https_enabled=False
- ostree pull is using http url (no SSL)
- Install is successful
Story: 2010118
Task: 46180
Change-Id: I162904e52cc63c1a9e4e9f68c6c9921c8c4d8f3a
Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
This commit is contained in:
Kyle MacLeod
parent
646192989d
commit
e72f234b74
|
|
@ -1523,6 +1523,13 @@ if [ "${controller}" = true ] ; then
|
|||
ilog "Using ostree remote: ${instbr} ${insturl}"
|
||||
ostree --repo=${repo} remote add ${instbr} ${insturl}
|
||||
fi
|
||||
# Check for noverifyssl in boot arguments.
|
||||
# Note: even if noverifyssl is not set, we still don't have proper support
|
||||
# for SSL certificates (which would require configuring cert paths here).
|
||||
if grep -q noverifyssl /proc/cmdline 2>/dev/null; then
|
||||
ilog "Configuring ostree for unverified SSL"
|
||||
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
|
||||
fi
|
||||
|
||||
ilog "ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
|
||||
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
|
||||
|
|
|
|||
Loading…
Reference in New Issue