opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-26 04:46:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12861 from aklajnert/recursively_copy_certs

Browse Source 
ignition: recursively copy cert files
This commit is contained in:
OpenShift Merge Robot
2022-01-15 15:55:16 +01:00
committed by GitHub
parent a50d0837b6 420303b943
commit fff9e8755c
1 changed files with 46 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
pkg/machine/ignition.go
View File

@ -1,3 +1,4 @@
//go:build amd64 || arm64
// +build amd64 arm64 // +build amd64 arm64
package machine package machine
@ -423,61 +424,67 @@ func getCerts(certsDir string, isDir bool) []File {
files []File files []File
) )
certs, err := ioutil.ReadDir(certsDir)
if isDir { if isDir {
if err == nil { err := filepath.Walk(certsDir, func(path string, info os.FileInfo, err error) error {
for _, cert := range certs { if err == nil && !info.IsDir() {
b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name())) certPath, err := filepath.Rel(certsDir, path)
if err != nil { if err != nil {
logrus.Warnf("Unable to read cert file %s", err.Error()) logrus.Warnf("%s", err)
continue return nil
}
file, err := prepareCertFile(filepath.Join(certsDir, certPath), certPath)
if err == nil {
files = append(files, file)
} }
files = append(files, File{
Node: Node{
Group: getNodeGrp("root"),
Path: filepath.Join("/etc/containers/certs.d/", cert.Name()),
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(string(b)),
},
Mode: intToPtr(0644),
},
})
} }
} else {
return nil
})
if err != nil {
if !os.IsNotExist(err) { if !os.IsNotExist(err) {
logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error()) logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error())
} }
} }
} else { } else {
fileName := filepath.Base(certsDir) fileName := filepath.Base(certsDir)
b, err := ioutil.ReadFile(certsDir) file, err := prepareCertFile(certsDir, fileName)
if err != nil { if err == nil {
logrus.Warnf("Unable to read cert file %s", err.Error()) files = append(files, file)
return files
} }
files = append(files, File{
Node: Node{
Group: getNodeGrp("root"),
Path: filepath.Join("/etc/containers/certs.d/", fileName),
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(string(b)),
},
Mode: intToPtr(0644),
},
})
} }
return files return files
} }
func prepareCertFile(path string, name string) (File, error) {
b, err := ioutil.ReadFile(path)
if err != nil {
logrus.Warnf("Unable to read cert file %s", err.Error())
return File{}, err
}
targetPath := filepath.Join("/etc/containers/certs.d", name)
logrus.Debugf("Copying cert file from '%s' to '%s'.", path, targetPath)
file := File{
Node: Node{
Group: getNodeGrp("root"),
Path: targetPath,
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(string(b)),
},
Mode: intToPtr(0644),
},
}
return file, nil
}
func getProxyVariables() string { func getProxyVariables() string {
proxyOpts := "" proxyOpts := ""
for _, variable := range config.ProxyEnv { for _, variable := range config.ProxyEnv {