fix: update ENC script CA certificate path (#62)
- Mount vault-ca-cert secret at /opt/vault-ca-cert.crt in both deployments - Update cobbler-enc script to use correct CA certificate path - Resolves OSError about missing TLS CA certificate bundle Reviewed-on: #62
This commit was merged in pull request #62.
This commit is contained in:
@@ -96,6 +96,9 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
- mountPath: /opt/bin/
|
- mountPath: /opt/bin/
|
||||||
name: puppet-shared-bins
|
name: puppet-shared-bins
|
||||||
|
- mountPath: /opt/vault-ca-cert.crt
|
||||||
|
name: vault-ca-cert
|
||||||
|
subPath: ca.crt
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: copy-configmaps
|
- name: copy-configmaps
|
||||||
image: busybox:1.35
|
image: busybox:1.35
|
||||||
@@ -229,5 +232,8 @@ spec:
|
|||||||
- name: puppet-shared-bins
|
- name: puppet-shared-bins
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: puppet-shared-bins
|
claimName: puppet-shared-bins
|
||||||
|
- name: vault-ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: vault-ca-cert
|
||||||
strategy:
|
strategy:
|
||||||
type: RollingUpdate
|
type: RollingUpdate
|
||||||
|
|||||||
@@ -95,6 +95,9 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
- mountPath: /opt/bin/
|
- mountPath: /opt/bin/
|
||||||
name: puppet-shared-bins
|
name: puppet-shared-bins
|
||||||
|
- mountPath: /opt/vault-ca-cert.crt
|
||||||
|
name: vault-ca-cert
|
||||||
|
subPath: ca.crt
|
||||||
initContainers:
|
initContainers:
|
||||||
- args:
|
- args:
|
||||||
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys;
|
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys;
|
||||||
@@ -168,3 +171,6 @@ spec:
|
|||||||
- name: puppet-shared-bins
|
- name: puppet-shared-bins
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: puppet-shared-bins
|
claimName: puppet-shared-bins
|
||||||
|
- name: vault-ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: vault-ca-cert
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ def fetch_enc_data(cobbler_url: str, hostname: str) -> str:
|
|||||||
"""
|
"""
|
||||||
url = f"{cobbler_url}/cblr/svc/op/puppet/hostname/{hostname}"
|
url = f"{cobbler_url}/cblr/svc/op/puppet/hostname/{hostname}"
|
||||||
try:
|
try:
|
||||||
response = requests.get(url, verify='/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem')
|
response = requests.get(url, verify='/opt/vault-ca-cert.crt')
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except requests.RequestException as e:
|
except requests.RequestException as e:
|
||||||
sys.exit(f"Request failed: {e}")
|
sys.exit(f"Request failed: {e}")
|
||||||
|
|||||||
Reference in New Issue
Block a user