summaryrefslogtreecommitdiffstats
path: root/ansible-server
diff options
context:
space:
mode:
Diffstat (limited to 'ansible-server')
-rw-r--r--ansible-server/pom.xml20
-rw-r--r--ansible-server/src/main/Dockerfile25
-rw-r--r--ansible-server/src/main/resources/README-custom-certs.md3
3 files changed, 43 insertions, 5 deletions
diff --git a/ansible-server/pom.xml b/ansible-server/pom.xml
index 15faf5ae..1a56fee6 100644
--- a/ansible-server/pom.xml
+++ b/ansible-server/pom.xml
@@ -71,6 +71,26 @@
</resources>
</configuration>
</execution>
+ <execution>
+ <id>copy-certificates</id>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals><!-- here the phase you need -->
+ <phase>validate</phase>
+ <configuration>
+ <outputDirectory>${basedir}/target/docker-stage</outputDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/resources</directory>
+ <includes>
+ <include>*.pem</include>
+ <include>*.md</include>
+ </includes>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
</executions>
</plugin>
<plugin>
diff --git a/ansible-server/src/main/Dockerfile b/ansible-server/src/main/Dockerfile
index 1aeb186f..984333da 100644
--- a/ansible-server/src/main/Dockerfile
+++ b/ansible-server/src/main/Dockerfile
@@ -2,10 +2,17 @@ FROM onap/integration-python:8.0.0
LABEL maintainer="SDN-C Team (sdnc@lists.openecomp.org)"
USER root
-ENV http_proxy ${http_proxy}
-ENV https_proxy ${https_proxy}
+ARG http_proxy
+ARG https_proxy
+ARG no_proxy
+ARG CURL_CA_BUNDLE
+
+ENV http_proxy $http_proxy
+ENV https_proxy $https_proxy
+ENV no_proxy $no_proxy
ENV PIP_EXTRA_OPTS ${https_proxy:+"--trusted-host pypi.org --trusted-host files.pythonhosted.org --proxy=${https_proxy}"}
ENV PIP_EXTRA_OPTS ${PIP_EXTRA_OPTS:-""}
+ENV CURL_CA_BUNDLE=$CURL_CA_BUNDLE
ARG PIP_TAG=18.0
@@ -13,12 +20,20 @@ RUN addgroup -S ansible && adduser -S ansible -G ansible
COPY --chown=ansible:ansible ansible-server /opt/ansible-server
COPY --chown=ansible:ansible configuration/ansible.cfg /etc/ansible/ansible.cfg
+# Copy any certs
+COPY *.md *.pem /etc/ssl/certs/
+
+# Install certs
+RUN update-ca-certificates
+
+RUN echo $CURL_CA_BUNDLE && ls -l $CURL_CA_BUNDLE
+
RUN apk add --no-cache curl iputils bash openssh-client \
- && curl https://sh.rustup.rs -sSf | sh -s -- -y \
+ && curl -k https://sh.rustup.rs -sSf | sh -s -- -y \
&& source $HOME/.cargo/env \
&& apk add --no-cache --virtual .build-deps build-base libffi-dev openssl-dev python3-dev \
- && pip3 install --no-cache-dir --upgrade pip ${PIP_EXTRA_OPTS} \
- && pip3 install --no-cache-dir -r /opt/ansible-server/requirements.txt ${PIP_EXTRA_OPTS} \
+ && pip3 install --no-cache-dir --trusted-host pypi.org --trusted-host files.pythonhosted.org --upgrade pip ${PIP_EXTRA_OPTS} \
+ && pip3 install --no-cache-dir --trusted-host pypi.org --trusted-host files.pythonhosted.org -r /opt/ansible-server/requirements.txt ${PIP_EXTRA_OPTS} \
&& apk del .build-deps \
&& mkdir -p /opt/onap \
&& touch /var/log/ansible-server.log \
diff --git a/ansible-server/src/main/resources/README-custom-certs.md b/ansible-server/src/main/resources/README-custom-certs.md
new file mode 100644
index 00000000..ac414c11
--- /dev/null
+++ b/ansible-server/src/main/resources/README-custom-certs.md
@@ -0,0 +1,3 @@
+Any .pem files in this directory will be copied to /etc/ssl/certs on the
+docker container and installed prior to running apk. This might be needed,
+for example, for docker builds to work properly behind a corporate firewall.