summaryrefslogtreecommitdiffstats
path: root/k8s-bootstrap-container/bootstrap.sh
diff options
context:
space:
mode:
authorJack Lucas <jflucas@research.att.com>2019-06-04 12:47:56 -0400
committerJack Lucas <jflucas@research.att.com>2019-06-04 12:47:56 -0400
commitd0395f7de8dea655f0e4ea214462311e23f45a78 (patch)
tree2a487e334feccdd1912ec80a50935ac389f0ab14 /k8s-bootstrap-container/bootstrap.sh
parent058958bf64d14c00e77fd8c695fec49942be6f70 (diff)
Update bootstrap to support TLS for CM
Change-Id: Ie44a55eb7e209bbad1970530f9d723ac9540b156 Issue-ID: DCAEGEN2-1586 Signed-off-by: Jack Lucas <jflucas@research.att.com>
Diffstat (limited to 'k8s-bootstrap-container/bootstrap.sh')
-rwxr-xr-xk8s-bootstrap-container/bootstrap.sh24
1 files changed, 22 insertions, 2 deletions
diff --git a/k8s-bootstrap-container/bootstrap.sh b/k8s-bootstrap-container/bootstrap.sh
index 838e1e0..82df4b4 100755
--- a/k8s-bootstrap-container/bootstrap.sh
+++ b/k8s-bootstrap-container/bootstrap.sh
@@ -27,6 +27,26 @@
# Input files for components to be installed in /inputs
# Configuration JSON files that need to be loaded into Consul in /dcae-configs
# Consul is installed in /opt/consul/bin/consul, with base config in /opt/consul/config/00consul.json
+# Optionally, allows:
+# CM protocol in CMPROTO environment variable (defaults to HTTP)
+# CM port in CMPORT environment variable (defaults to 80)
+# If CMPROTO is set to "https", bootstrap will use HTTPS to communicate with CM. Otherwise,
+# it will use HTTP.
+# If CMPROTO is set to "https", the script assumes the CA cert needed to verify the cert
+# presented by CM is mounted at /certs/cacert.pem.
+
+# Set defaults for CM protocol and port
+CMPROTO=${CMPROTO:-http}
+CMPORT=${CMPORT:-80}
+
+# Set up additional parameters for using HTTPS
+CFYTLS=""
+CURLTLS=""
+if [ $CMPROTO = "https" ]
+then
+ CFYTLS="--rest-certificate /certs/cacert.pem --ssl"
+ CURLTLS="--cacert /certs/cacert.pem"
+fi
### FUNCTION DEFINITIONS ###
@@ -45,7 +65,7 @@ function cm_hasany {
# We use _include=id to limit the amount of data the CM sends back
# We rely on the "metadata.pagination.total" field in the response
# for the total number of matching entities
- COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} "${CMADDR}/api/v3.1/$1&_include=id" \
+ COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} ${CURLTLS} "${CMPROTO}://${CMADDR}:${CMPORT}/api/v3.1/$1&_include=id" \
| /bin/jq .metadata.pagination.total)
if (( $COUNT > 0 ))
then
@@ -133,7 +153,7 @@ fi
PH_REG="${PH_REG}\"}"
# Set up profile to access Cloudify Manager
-cfy profiles use -u admin -t default_tenant -p "${CMPASS}" "${CMADDR}"
+cfy profiles use -u admin -t default_tenant -p "${CMPASS}" ${CFYTLS} "${CMADDR}"
# Output status, for debugging purposes
cfy status