Support no_check_certificate=True subcloud install option
The install value no_check_certificate tranlates into boot argument inst.noverifyssl=True from subcloud_install.py This commit ensures that when we see this boot argument we apply the tls-permissive config value to the repo remote. Test Plan: PASS: - Install on system controller with https_enabled=True - Without no_check_certificate=True: - Install fails with 'Unacceptable TLS certificate' error during ostree pull - With no_check_certificate=True: - Install is successful - ostree pull is using https url - Install on system controller with https_enabled=False - ostree pull is using http url (no SSL) - Install is successful Story: 2010118 Task: 46180 Change-Id: I162904e52cc63c1a9e4e9f68c6c9921c8c4d8f3a Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
This commit is contained in:
parent
646192989d
commit
e72f234b74
|
@ -1523,6 +1523,13 @@ if [ "${controller}" = true ] ; then
|
|||
ilog "Using ostree remote: ${instbr} ${insturl}"
|
||||
ostree --repo=${repo} remote add ${instbr} ${insturl}
|
||||
fi
|
||||
# Check for noverifyssl in boot arguments.
|
||||
# Note: even if noverifyssl is not set, we still don't have proper support
|
||||
# for SSL certificates (which would require configuring cert paths here).
|
||||
if grep -q noverifyssl /proc/cmdline 2>/dev/null; then
|
||||
ilog "Configuring ostree for unverified SSL"
|
||||
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
|
||||
fi
|
||||
|
||||
ilog "ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
|
||||
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
|
||||
|
|
Loading…
Reference in New Issue