diff options
author | Jack Lucas <jflucas@research.att.com> | 2019-06-04 12:47:56 -0400 |
---|---|---|
committer | Jack Lucas <jflucas@research.att.com> | 2019-06-04 12:47:56 -0400 |
commit | d0395f7de8dea655f0e4ea214462311e23f45a78 (patch) | |
tree | 2a487e334feccdd1912ec80a50935ac389f0ab14 /k8s-bootstrap-container/bootstrap.sh | |
parent | 058958bf64d14c00e77fd8c695fec49942be6f70 (diff) |
Update bootstrap to support TLS for CM
Change-Id: Ie44a55eb7e209bbad1970530f9d723ac9540b156
Issue-ID: DCAEGEN2-1586
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Diffstat (limited to 'k8s-bootstrap-container/bootstrap.sh')
-rwxr-xr-x | k8s-bootstrap-container/bootstrap.sh | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/k8s-bootstrap-container/bootstrap.sh b/k8s-bootstrap-container/bootstrap.sh index 838e1e0..82df4b4 100755 --- a/k8s-bootstrap-container/bootstrap.sh +++ b/k8s-bootstrap-container/bootstrap.sh @@ -27,6 +27,26 @@ # Input files for components to be installed in /inputs # Configuration JSON files that need to be loaded into Consul in /dcae-configs # Consul is installed in /opt/consul/bin/consul, with base config in /opt/consul/config/00consul.json +# Optionally, allows: +# CM protocol in CMPROTO environment variable (defaults to HTTP) +# CM port in CMPORT environment variable (defaults to 80) +# If CMPROTO is set to "https", bootstrap will use HTTPS to communicate with CM. Otherwise, +# it will use HTTP. +# If CMPROTO is set to "https", the script assumes the CA cert needed to verify the cert +# presented by CM is mounted at /certs/cacert.pem. + +# Set defaults for CM protocol and port +CMPROTO=${CMPROTO:-http} +CMPORT=${CMPORT:-80} + +# Set up additional parameters for using HTTPS +CFYTLS="" +CURLTLS="" +if [ $CMPROTO = "https" ] +then + CFYTLS="--rest-certificate /certs/cacert.pem --ssl" + CURLTLS="--cacert /certs/cacert.pem" +fi ### FUNCTION DEFINITIONS ### @@ -45,7 +65,7 @@ function cm_hasany { # We use _include=id to limit the amount of data the CM sends back # We rely on the "metadata.pagination.total" field in the response # for the total number of matching entities - COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} "${CMADDR}/api/v3.1/$1&_include=id" \ + COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} ${CURLTLS} "${CMPROTO}://${CMADDR}:${CMPORT}/api/v3.1/$1&_include=id" \ | /bin/jq .metadata.pagination.total) if (( $COUNT > 0 )) then @@ -133,7 +153,7 @@ fi PH_REG="${PH_REG}\"}" # Set up profile to access Cloudify Manager -cfy profiles use -u admin -t default_tenant -p "${CMPASS}" "${CMADDR}" +cfy profiles use -u admin -t default_tenant -p "${CMPASS}" ${CFYTLS} "${CMADDR}" # Output status, for debugging purposes cfy status |