feat: enable access to vault certificate
Build / build (pull_request) Successful in 1m52s

- puppet now automatically trusts vault certs for some clients
- ensure build job can access vault certs, or use client.* in .config/incus
This commit is contained in:
2025-10-17 17:17:42 +11:00
parent cd9b965016
commit 5e090e9de5
3 changed files with 12 additions and 4 deletions
+10 -2
View File
@@ -21,8 +21,16 @@ define vault_env
mkdir -p $$INCUS_CONFIG_DIR/servercerts && \
printf '%s\n' "$$INCUS_CONF_INCUSIMAGES_CERT" > $$INCUS_CONFIG_DIR/servercerts/incus-images.crt && \
printf '%s\n' "$$INCUS_CONF_CONFIG_YAML" > $$INCUS_CONFIG_DIR/config.yaml && \
printf '%s\n' "$$INCUS_CLIENT_CRT" > $$INCUS_CONFIG_DIR/client.crt && \
printf '%s\n' "$$INCUS_CLIENT_KEY" > $$INCUS_CONFIG_DIR/client.key
if [ -f /etc/pki/tls/vault/certificate.crt ] && [ -f /etc/pki/tls/vault/private.key ]; then \
cp /etc/pki/tls/vault/certificate.crt $$INCUS_CONFIG_DIR/client.crt && \
cp /etc/pki/tls/vault/private.key $$INCUS_CONFIG_DIR/client.key; \
elif [ -f $$HOME/.config/incus/client.crt ] && [ -f $$HOME/.config/incus/client.key ]; then \
cp $$HOME/.config/incus/client.crt $$INCUS_CONFIG_DIR/client.crt && \
cp $$HOME/.config/incus/client.key $$INCUS_CONFIG_DIR/client.key; \
else \
printf '%s\n' "$$INCUS_CLIENT_CRT" > $$INCUS_CONFIG_DIR/client.crt && \
printf '%s\n' "$$INCUS_CLIENT_KEY" > $$INCUS_CONFIG_DIR/client.key; \
fi
endef
clean: