starlingx/stx-puppet
Code Issues Proposed changes

debian: Fix certificates when using ostree

Browse Source 
This work affects only Debian. This fixes a bootstrap issue.
Enhance https://review.opendev.org/c/starlingx/stx-puppet/+/829125

Contents of a CA certificate is generated at runtime.
Ostree doesn't allow changes in /usr, instead use /etc/ssl/certs.

Tests on AIO-SX:
PASS: build-pkgs, build-image, install
PASS: bootstrap without ostree unlock goes past the issue
PASS: could download images from private secured docker registry
PASS: system certificate-install/uninstall

Story: 2009101
Task: 44484
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Ic7c87ae85b9ec2a1371ea52fddf32c87b4b1483b
This commit is contained in:
Dan Voiculeasa
2022-06-03 14:30:58 +03:00
parent 6a4dd3427f
commit 260bc1d27e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
puppet-manifests/src/modules/platform/manifests/config.pp
View File

@@ -279,8 +279,8 @@ class platform::config::certs::ssl_ca
$ca_update_cmd = 'update-ca-trust'
}
default: {
$ssl_ca_file = '/usr/local/share/ca-certificates/ca-cert.crt'
$ca_update_cmd = 'update-ca-certificates'
$ssl_ca_file = '/etc/ssl/certs/ca-cert.crt'
$ca_update_cmd = 'c_rehash'
}
}