Commit 13436b75 authored by He Weiwei's avatar He Weiwei
Browse files

feat(certs): install internal tls ca from /etc/harbor/ssl dir



Closes #10222
Signed-off-by: default avatarHe Weiwei <hweiwei@vmware.com>
parent 2da29808
......@@ -2,30 +2,39 @@
set -e
if ! grep -q "Photon" /etc/lsb-release; then
echo "Current OS is not Photon, skip appending ca bundle"
exit 0
fi
if [ ! -f ~/ca-bundle.crt.original ]; then
cp /etc/pki/tls/certs/ca-bundle.crt ~/ca-bundle.crt.original
fi
cp ~/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
if [ "$(ls -A /harbor_cust_cert)" ]; then
if grep -q "Photon" /etc/lsb-release; then
echo "Appending trust CA to ca-bundle ..."
for z in /harbor_cust_cert/*; do
case ${z} in
*.crt | *.ca | *.ca-bundle | *.pem)
if [ -d "$z" ]; then
echo "$z is dirictory, skip it ..."
else
cat $z >> /etc/pki/tls/certs/ca-bundle.crt
echo " $z Appended ..."
fi
;;
*) echo "$z is Not ca file ..." ;;
esac
done
echo "CA appending is Done."
else
echo "Current OS is not Photon, skip appending ca bundle"
fi
# Install /etc/harbor/ssl/{component}/ca.crt to trust CA.
echo "Appending internal tls trust CA to ca-bundle ..."
for caFile in `find /etc/harbor/ssl -maxdepth 2 -name ca.crt`; do
cat $caFile >> /etc/pki/tls/certs/ca-bundle.crt
echo "Internal tls trust CA $caFile appended ..."
done
echo "Internal tls trust CA appending is Done."
if [[ -d /harbor_cust_cert && -n "$(ls -A /harbor_cust_cert)" ]]; then
echo "Appending trust CA to ca-bundle ..."
for z in /harbor_cust_cert/*; do
case ${z} in
*.crt | *.ca | *.ca-bundle | *.pem)
if [ -d "$z" ]; then
echo "$z is dirictory, skip it ..."
else
cat $z >> /etc/pki/tls/certs/ca-bundle.crt
echo " $z Appended ..."
fi
;;
*) echo "$z is Not ca file ..." ;;
esac
done
echo "CA appending is Done."
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment