diff options
Diffstat (limited to 'ansible-server')
-rw-r--r-- | ansible-server/pom.xml | 20 | ||||
-rw-r--r-- | ansible-server/src/main/Dockerfile | 25 | ||||
-rw-r--r-- | ansible-server/src/main/resources/README-custom-certs.md | 3 |
3 files changed, 43 insertions, 5 deletions
diff --git a/ansible-server/pom.xml b/ansible-server/pom.xml index 15faf5ae..1a56fee6 100644 --- a/ansible-server/pom.xml +++ b/ansible-server/pom.xml @@ -71,6 +71,26 @@ </resources> </configuration> </execution> + <execution> + <id>copy-certificates</id> + <goals> + <goal>copy-resources</goal> + </goals><!-- here the phase you need --> + <phase>validate</phase> + <configuration> + <outputDirectory>${basedir}/target/docker-stage</outputDirectory> + <resources> + <resource> + <directory>src/main/resources</directory> + <includes> + <include>*.pem</include> + <include>*.md</include> + </includes> + <filtering>false</filtering> + </resource> + </resources> + </configuration> + </execution> </executions> </plugin> <plugin> diff --git a/ansible-server/src/main/Dockerfile b/ansible-server/src/main/Dockerfile index 1aeb186f..984333da 100644 --- a/ansible-server/src/main/Dockerfile +++ b/ansible-server/src/main/Dockerfile @@ -2,10 +2,17 @@ FROM onap/integration-python:8.0.0 LABEL maintainer="SDN-C Team (sdnc@lists.openecomp.org)" USER root -ENV http_proxy ${http_proxy} -ENV https_proxy ${https_proxy} +ARG http_proxy +ARG https_proxy +ARG no_proxy +ARG CURL_CA_BUNDLE + +ENV http_proxy $http_proxy +ENV https_proxy $https_proxy +ENV no_proxy $no_proxy ENV PIP_EXTRA_OPTS ${https_proxy:+"--trusted-host pypi.org --trusted-host files.pythonhosted.org --proxy=${https_proxy}"} ENV PIP_EXTRA_OPTS ${PIP_EXTRA_OPTS:-""} +ENV CURL_CA_BUNDLE=$CURL_CA_BUNDLE ARG PIP_TAG=18.0 @@ -13,12 +20,20 @@ RUN addgroup -S ansible && adduser -S ansible -G ansible COPY --chown=ansible:ansible ansible-server /opt/ansible-server COPY --chown=ansible:ansible configuration/ansible.cfg /etc/ansible/ansible.cfg +# Copy any certs +COPY *.md *.pem /etc/ssl/certs/ + +# Install certs +RUN update-ca-certificates + +RUN echo $CURL_CA_BUNDLE && ls -l $CURL_CA_BUNDLE + RUN apk add --no-cache curl iputils bash openssh-client \ - && curl https://sh.rustup.rs -sSf | sh -s -- -y \ + && curl -k https://sh.rustup.rs -sSf | sh -s -- -y \ && source $HOME/.cargo/env \ && apk add --no-cache --virtual .build-deps build-base libffi-dev openssl-dev python3-dev \ - && pip3 install --no-cache-dir --upgrade pip ${PIP_EXTRA_OPTS} \ - && pip3 install --no-cache-dir -r /opt/ansible-server/requirements.txt ${PIP_EXTRA_OPTS} \ + && pip3 install --no-cache-dir --trusted-host pypi.org --trusted-host files.pythonhosted.org --upgrade pip ${PIP_EXTRA_OPTS} \ + && pip3 install --no-cache-dir --trusted-host pypi.org --trusted-host files.pythonhosted.org -r /opt/ansible-server/requirements.txt ${PIP_EXTRA_OPTS} \ && apk del .build-deps \ && mkdir -p /opt/onap \ && touch /var/log/ansible-server.log \ diff --git a/ansible-server/src/main/resources/README-custom-certs.md b/ansible-server/src/main/resources/README-custom-certs.md new file mode 100644 index 00000000..ac414c11 --- /dev/null +++ b/ansible-server/src/main/resources/README-custom-certs.md @@ -0,0 +1,3 @@ +Any .pem files in this directory will be copied to /etc/ssl/certs on the +docker container and installed prior to running apk. This might be needed, +for example, for docker builds to work properly behind a corporate firewall. |