rancher/os
1
0
Fork 1
mirror of https://github.com/rancher/os.git synced 2025-06-30 16:51:47 +00:00
Code Issues Releases Wiki Activity

Merge pull request #975 from imikushin/tls

Browse Source 
Disable docker server TLS cert auto-generation
This commit is contained in:
Darren Shepherd 2016-06-06 12:43:19 -07:00
commit f22c692529
6 changed files with 208 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
cmd/control/tlsconf.go
View File

@ -14,8 +14,16 @@ import (
) )
const ( const (
NAME string = "rancher" NAME string = "rancher"
BITS int = 2048 BITS int = 2048
ServerTlsPath string = "/etc/docker/tls"
ClientTlsPath string = "/home/rancher/.docker"
Cert string = "cert.pem"
Key string = "key.pem"
ServerCert string = "server-cert.pem"
ServerKey string = "server-key.pem"
CaCert string = "ca.pem"
CaKey string = "ca-key.pem"
) )
func tlsConfCommands() []cli.Command { func tlsConfCommands() []cli.Command {
@ -45,44 +53,34 @@ func tlsConfCommands() []cli.Command {
} }
} }
func writeCerts(generateServer bool, hostname []string, cfg *config.CloudConfig, certPath, keyPath, caCertPath, caKeyPath string) error { func writeCerts(generateServer bool, hostname []string, certPath, keyPath, caCertPath, caKeyPath string) error {
if !generateServer { if !generateServer {
return machineUtil.GenerateCert([]string{""}, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS) return machineUtil.GenerateCert([]string{""}, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)
} }
if cfg.Rancher.Docker.ServerKey == "" || cfg.Rancher.Docker.ServerCert == "" { if err := machineUtil.GenerateCert(hostname, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS); err != nil {
err := machineUtil.GenerateCert(hostname, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)
if err != nil {
return err
}
cert, err := ioutil.ReadFile(certPath)
if err != nil {
return err
}
key, err := ioutil.ReadFile(keyPath)
if err != nil {
return err
}
// certPath, keyPath are already written to by machineUtil.GenerateCert()
if err := config.Set("rancher.docker.server_cert", string(cert)); err != nil {
return err
}
if err := config.Set("rancher.docker.server_key", string(key)); err != nil {
return err
}
}
cfg = config.LoadConfig()
if err := util.WriteFileAtomic(certPath, []byte(cfg.Rancher.Docker.ServerCert), 0400); err != nil {
return err return err
} }
return util.WriteFileAtomic(keyPath, []byte(cfg.Rancher.Docker.ServerKey), 0400) cert, err := ioutil.ReadFile(certPath)
if err != nil {
return err
}
key, err := ioutil.ReadFile(keyPath)
if err != nil {
return err
}
// certPath, keyPath are already written to by machineUtil.GenerateCert()
if err := config.Set("rancher.docker.server_cert", string(cert)); err != nil {
return err
}
if err := config.Set("rancher.docker.server_key", string(key)); err != nil {
return err
}
return nil
} }
func writeCaCerts(cfg *config.CloudConfig, caCertPath, caKeyPath string) error { func writeCaCerts(cfg *config.CloudConfig, caCertPath, caKeyPath string) error {
@ -108,16 +106,16 @@ func writeCaCerts(cfg *config.CloudConfig, caCertPath, caKeyPath string) error {
if err := config.Set("rancher.docker.ca_key", string(caKey)); err != nil { if err := config.Set("rancher.docker.ca_key", string(caKey)); err != nil {
return err return err
} }
} } else {
cfg = config.LoadConfig()
cfg = config.LoadConfig() if err := util.WriteFileAtomic(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil {
return err
}
if err := util.WriteFileAtomic(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil { if err := util.WriteFileAtomic(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400); err != nil {
return err return err
} }
if err := util.WriteFileAtomic(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400); err != nil {
return err
} }
return nil return nil
@ -143,20 +141,20 @@ func generate(c *cli.Context) error {
func Generate(generateServer bool, outDir string, hostnames []string) error { func Generate(generateServer bool, outDir string, hostnames []string) error {
if outDir == "" { if outDir == "" {
if generateServer { if generateServer {
outDir = "/etc/docker/tls" outDir = ServerTlsPath
} else { } else {
outDir = "/home/rancher/.docker" outDir = ClientTlsPath
} }
log.Infof("Out directory (-d, --dir) not specified, using default: %s", outDir) log.Infof("Out directory (-d, --dir) not specified, using default: %s", outDir)
} }
caCertPath := filepath.Join(outDir, "ca.pem") caCertPath := filepath.Join(outDir, CaCert)
caKeyPath := filepath.Join(outDir, "ca-key.pem") caKeyPath := filepath.Join(outDir, CaKey)
certPath := filepath.Join(outDir, "cert.pem") certPath := filepath.Join(outDir, Cert)
keyPath := filepath.Join(outDir, "key.pem") keyPath := filepath.Join(outDir, Key)
if generateServer { if generateServer {
certPath = filepath.Join(outDir, "server-cert.pem") certPath = filepath.Join(outDir, ServerCert)
keyPath = filepath.Join(outDir, "server-key.pem") keyPath = filepath.Join(outDir, ServerKey)
} }
if _, err := os.Stat(outDir); os.IsNotExist(err) { if _, err := os.Stat(outDir); os.IsNotExist(err) {
@ -166,12 +164,10 @@ func Generate(generateServer bool, outDir string, hostnames []string) error {
} }
cfg := config.LoadConfig() cfg := config.LoadConfig()
if err := writeCaCerts(cfg, caCertPath, caKeyPath); err != nil {
err := writeCaCerts(cfg, caCertPath, caKeyPath)
if err != nil {
return err return err
} }
if err := writeCerts(generateServer, hostnames, cfg, certPath, keyPath, caCertPath, caKeyPath); err != nil { if err := writeCerts(generateServer, hostnames, certPath, keyPath, caCertPath, caKeyPath); err != nil {
return err return err
} }

35
cmd/userdocker/main.go
View File

@ -18,6 +18,8 @@ import (
"github.com/rancher/os/compose" "github.com/rancher/os/compose"
"github.com/rancher/os/config" "github.com/rancher/os/config"
rosDocker "github.com/rancher/os/docker" rosDocker "github.com/rancher/os/docker"
"github.com/rancher/os/util"
"path/filepath"
) )
const ( const (
@ -41,6 +43,36 @@ func Main() {
select {} select {}
} }
func writeCerts(cfg *config.CloudConfig) error {
outDir := control.ServerTlsPath
if err := os.MkdirAll(outDir, 0700); err != nil {
return err
}
caCertPath := filepath.Join(outDir, control.CaCert)
caKeyPath := filepath.Join(outDir, control.CaKey)
serverCertPath := filepath.Join(outDir, control.ServerCert)
serverKeyPath := filepath.Join(outDir, control.ServerKey)
if cfg.Rancher.Docker.CACert != "" {
if err := util.WriteFileAtomic(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil {
return err
}
if err := util.WriteFileAtomic(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400); err != nil {
return err
}
}
if cfg.Rancher.Docker.ServerCert != "" {
if err := util.WriteFileAtomic(serverCertPath, []byte(cfg.Rancher.Docker.ServerCert), 0400); err != nil {
return err
}
if err := util.WriteFileAtomic(serverKeyPath, []byte(cfg.Rancher.Docker.ServerKey), 0400); err != nil {
return err
}
}
return nil
}
func startDocker(cfg *config.CloudConfig) error { func startDocker(cfg *config.CloudConfig) error {
storageContext := cfg.Rancher.Docker.StorageContext storageContext := cfg.Rancher.Docker.StorageContext
if storageContext == "" { if storageContext == "" {
@ -77,8 +109,7 @@ func startDocker(cfg *config.CloudConfig) error {
log.Debugf("User Docker args: %v", args) log.Debugf("User Docker args: %v", args)
if dockerCfg.TLS { if dockerCfg.TLS {
log.Debug("Generating TLS certs if needed") if err := writeCerts(cfg); err != nil {
if err := control.Generate(true, "/etc/docker/tls", []string{"127.0.0.1", "*", "*.*", "*.*.*", "*.*.*.*"}); err != nil {
return err return err
} }
} }

1
tests/integration/assets/test_01/cloud-config.yml
View File

@ -15,6 +15,5 @@ rancher:
mtu: 1500 mtu: 1500
docker: docker:
args: [daemon, --log-opt, max-file=2, --log-opt, max-size=25m, -s, overlay, -G, docker, -H, 'unix:///var/run/docker.sock', --userland-proxy=false] args: [daemon, --log-opt, max-file=2, --log-opt, max-size=25m, -s, overlay, -G, docker, -H, 'unix:///var/run/docker.sock', --userland-proxy=false]
tls: true
ssh_authorized_keys: ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUlsWAL5Rf0Wis/A7k7Tlqx0fZS60VzCZrPZYbP/wkL95jv0XzCx8bd1rZHeybblHPDNpND3BLv4qPY5DxRyexF4seGuzcJI/pOvGUGjQondeMPgDTFEo5w939gSdeTZcfXzQ0wAVhzwDbgH4zPfMzbdoo8Aiu9jkKljXw8IFju0gh+t6iKkGZCIjKT9o7zza1vGfkodhvi2V3VzPdNO28gaxZaRNtmBYUoVnGyR6nXN1Q3CJaVuh5o6GPCOqrhHNbYOFZKBpDiHbxPhVpxHQD2+8yUSGTG7WW75FfZePja5y8d0c/O5L37ZYx4AZAd3KgQYDBT2XCEJGQNawNbfpt - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUlsWAL5Rf0Wis/A7k7Tlqx0fZS60VzCZrPZYbP/wkL95jv0XzCx8bd1rZHeybblHPDNpND3BLv4qPY5DxRyexF4seGuzcJI/pOvGUGjQondeMPgDTFEo5w939gSdeTZcfXzQ0wAVhzwDbgH4zPfMzbdoo8Aiu9jkKljXw8IFju0gh+t6iKkGZCIjKT9o7zza1vGfkodhvi2V3VzPdNO28gaxZaRNtmBYUoVnGyR6nXN1Q3CJaVuh5o6GPCOqrhHNbYOFZKBpDiHbxPhVpxHQD2+8yUSGTG7WW75FfZePja5y8d0c/O5L37ZYx4AZAd3KgQYDBT2XCEJGQNawNbfpt

102
tests/integration/assets/test_02/cloud-config.yml Normal file
View File

@ -0,0 +1,102 @@
#cloud-config
rancher:
docker:
tls: true
ca_cert: |+
-----BEGIN CERTIFICATE-----
MIIC0TCCAbmgAwIBAgIQEMQoBLQ2IMOqlCeG7l8+fzANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdyYW5jaGVyMB4XDTE2MDYwNjE2MTYwMFoXDTE5MDUyMjE2MTYw
MFowEjEQMA4GA1UEChMHcmFuY2hlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAND9PyJVU47CNsA5AjByvEv0KkD106JGHkQc+8lzVyTZw+TV6AvQm+Gt
jiYTgWzL+aGQXFDAK8EDSPzo0koNcFHJeQAJnCULZzm5irqwKZSMlDZSCRO0bJsm
CVpJpYlAc4wHb05nGtR3WB/XvudNWi9HuAZta7JAZ41LXCpC1VZ+K7EbSMsud1/w
86nkqEU4FeiEbObiKUWS1sQSEs9mmaVg1qaFvorQEREyfXHl+ngwA7tlbl8pF3NS
Ti1Uod746LUSoO2ZmNgmrONsOwl8GYjZNGz+q1YcqeiD9G78rd5gG9uPvEPM89Zm
pGM4iNE/NYMcWv2WcYx0qC9rLR1GwQ8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKs
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEmCbU+l9JilTEvF
L0bLFV3XXfN/YaC5tD3K5J2ReOGQcKuZodlpXJpYg/QbcdMbn+N58VuKtIiphU9l
oLbJx0a9mbN9PSuzOo4Ln24SVfEEAZI39BdgMH5LiTLE/7KXgqqPoCLk7dWOkiOn
QTNCJgP84PsMXcXnkZ2bcQjApvQ99kMqcl/TL9bBLCzGC0ZoG+G9dnzHjDd2WbKg
k/3gGJo6vWZD1WOYwxWAqtFEw2iWYRXmAQ1AqzJT83dLpUt1Dh3yP7/p7LAC/s1c
xW0SpP/lE1MjNc2eWAdpEgvBT6ry3WzLekaBgCRlVpkb/rCpWQp3Ocwyoj04qMdC
d59A+HI=
-----END CERTIFICATE-----
ca_key: |+
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA0P0/IlVTjsI2wDkCMHK8S/QqQPXTokYeRBz7yXNXJNnD5NXo
C9Cb4a2OJhOBbMv5oZBcUMArwQNI/OjSSg1wUcl5AAmcJQtnObmKurAplIyUNlIJ
E7RsmyYJWkmliUBzjAdvTmca1HdYH9e+501aL0e4Bm1rskBnjUtcKkLVVn4rsRtI
yy53X/DzqeSoRTgV6IRs5uIpRZLWxBISz2aZpWDWpoW+itARETJ9ceX6eDADu2Vu
XykXc1JOLVSh3vjotRKg7ZmY2Cas42w7CXwZiNk0bP6rVhyp6IP0bvyt3mAb24+8
Q8zz1makYziI0T81gxxa/ZZxjHSoL2stHUbBDwIDAQABAoIBAQCo+aobW3w0+CkG
oNF5VLuUefXUEi8sjJ8aGYknZ7+1BvHRy3ZUXzY6cXZ2qNzDl+Td0fgiPk7iP4K7
IpAs2dLP/iN8eUir1x1+WdumeJsWBdgsV4YJTZ9mjomPW+6hG+CQ/s3rSYgy88/n
5yvunudlRQqw/7XNKS/Q2XbKoMEXrXMF4yuMzhFfajw3c9boLJYpLArwau3b4UAq
Zx1tDDs5jSiCTdjySDfsbju59Fx68Pb6edeOUhKlNp22MlLRFwKPYEUI/6PCLA7h
sIoL1c3UEH4Tl64e4TgP9kIVlpB6s55cPkFnfm/XvJ14ipLnFhC3NUAWr5iNIxEi
vjP/vbgxAoGBAPnS1SYkgBsMy1BBPiglJu1OrSQsG8JVRtAfDbNGxpF5jcbjOAQV
RWqWrnVvpWt34B0cohKiM0F1YgjPUsy2fEgLr6YTk5ZCxBk4PnJqOfwpkygP7KGR
VHgJNdiX4SPTDjy1roZWnZvfxrHwKTRIhYY3VoCWMFGLYlzMEukWM++3AoGBANYn
99CWrpnxvhBuU6dKqoSwf43QOyCPDKU0uqtahw2n2BhrDO+gM0IFPh5Mi7rWhmWn
er2VXZrwXJTxUxLrCO/N68IzJp8uxEDr1mS+vTDiz5ix2+pr1BbolZOLHpUipi9x
atG1oIM8Sw6kvl8tyHvQQQNlmTHD0s51joat1AlpAoGBAOf36W0aVU1IqvxhKEr0
fFm7RS+iOUBQGImlW/5MSJLJ0GiNkPTRn3wiX+mxemL4k0PU03UD4R311cqiX5qw
E2R+XWGTKeZLJnTYcbuhgSfwnrCDYNCA9nLi8nmkRSwTjFO4y0333S7gMUoF2uyu
LjV66rpJOqJtDy9lWmXN9PmvAoGATqGINRdObom7To8jufYJXATuIKTHQPIlI3eT
3pyzn8jz6CtOKaG5kFEaeMeEOorP9/0hbQCtyNjeNXXSGc0gj+Qc30YmtSXXuzqc
kosSLiPpM1iCtbT3v52QZgcbqIh7WkobfXphwC3gJTVKDOpjhUp2xIeGUyZifZne
RgcHJpkCgYA4yfNbzKPKF4sGp7CNKPnpAsE6LmK0kWBfQQAGbe7IlD90DFLgH9vz
9erDf1oX4lrnkTtbNxbW1jrMSaAjXS6PyOr6/Qd6XoCgpcEv83Kf7/A0SUuaWTJk
yeXy5mu3kosqk+GKvaqSzVlmJG0O6awbG1BFK51xWq1LImmVSkwjjw==
-----END RSA PRIVATE KEY-----
server_cert: |+
-----BEGIN CERTIFICATE-----
MIIDDTCCAfWgAwIBAgIRAMiHeN7t0NKghK3RSflXZ5MwDQYJKoZIhvcNAQELBQAw
EjEQMA4GA1UEChMHcmFuY2hlcjAeFw0xNjA2MDYxNjE2MDBaFw0xOTA1MjIxNjE2
MDBaMBIxEDAOBgNVBAoTB3JhbmNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQD8iRzgcfhfUuurgEzefUIMeHJRu5OF1ILsekYpJKWesYhhvA47BC1+
Nm96BLbfmpp5A7F+ZNQvmO8tNBnnHXWPVbeBmDayLWRhzRkDbPWRx4q9ciIhUsNe
iAeF+iAVJ+S7XTFnRPY7NS+boisuaNG1ecA4XIH/dRmd50DfGfvv6Ntv22ffV1pA
2vmqIT0O19Bw60jIB7UJSUFofPmpo60TJH7wFusqwttCXjbHbOz/+iKP+eKLksMa
6oYdwd+hZyHqNMCDDEryQjsnUW9+1IoVattaa/2Y+/aWaczNzbcI2xcrG76lHnD7
Gqj8rthzv+0XP63cq5dG/KIyo11TcEXNAgMBAAGjXjBcMA4GA1UdDwEB/wQEAwID
qDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAd
BgNVHREEFjAUgglsb2NhbGhvc3SCASqHBH8AAAEwDQYJKoZIhvcNAQELBQADggEB
AHVIh+WjfMM71PJz+fEdAIhWaxKpv9x27ZcWkReIprxdO+2s7ltZgyFpZgAGn5Zo
TSMfKkuCbjni0j+dhgWzrExVDF0sbyyYmnpskykA1lC4CLuPvdrXt55Kje/ZUmPO
B7vfWjDeae+p3iZ9sXRcJTNhIO2GtA+gKE+9PkNRG1X9H2EOvVkZoDDaxaMZVU85
XteKadiTwSiKkopRyyM9uhOPVg1nFtUcC4M+p1NgdSqp2gccpf6fLYocnrJrvuaG
ci0e+nDcgYYXGj9Cl1OxDA0QIWuhWBKZPdS4RNwu8boONMqM+CGe8CibbFKBEt2R
ZiC3i7FAxsmSVLItyaRB8EI=
-----END CERTIFICATE-----
server_key: |+
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA/Ikc4HH4X1Lrq4BM3n1CDHhyUbuThdSC7HpGKSSlnrGIYbwO
OwQtfjZvegS235qaeQOxfmTUL5jvLTQZ5x11j1W3gZg2si1kYc0ZA2z1kceKvXIi
IVLDXogHhfogFSfku10xZ0T2OzUvm6IrLmjRtXnAOFyB/3UZnedA3xn77+jbb9tn
31daQNr5qiE9DtfQcOtIyAe1CUlBaHz5qaOtEyR+8BbrKsLbQl42x2zs//oij/ni
i5LDGuqGHcHfoWch6jTAgwxK8kI7J1FvftSKFWrbWmv9mPv2lmnMzc23CNsXKxu+
pR5w+xqo/K7Yc7/tFz+t3KuXRvyiMqNdU3BFzQIDAQABAoIBAQDUiMDY1JJoB214
ZP5MsbaIsEXmK6u4kmWtiCrMLZ+Fs3xIZPDFEnsHIeEoHBeckI05E7ap3UoG1PtW
W+cA73YlL8rFMsm1oyY8eVR34Ze7HOjTD99RlEoAoRNT2nJt26lRVtlhRFTG97gd
j5ov8N+tj84KoTB3QqJQlnOuUDwMZ41roFOLEooXSA00qDFENlpBQsEtW+3Ga5ut
INH0CQnynIqt05p24oGxaLjrnmqbEhhJtAyGNHgIJAGoEmPwtPkPcd56QDnoO1wk
4fBiHgdqUfj21rBFgsIuW3NGzHvtJXopS8kaR3NaIIBCfRxxytLgtNNNW77W54ig
MvuJZr0BAoGBAP3VnIGlVZrIBzsWgPKWyPZ2s9jVR5Ub19x+6wwaGqyH19mQaGxw
x1Wic/F4dF4qqoCwyRRkpyHmGPfChgYMEp0jff5MD2Q4JfxEtGP9agFOV0cJkJr6
pY3zSbsmft+K4NhEBVMAQfFgb5mb5eSEWl+SI/jn6ee0PyvcI2LzXZVxAoGBAP6w
qiy9wbXFtzA7RC2sBlGFyZekC81DTVSIv586kMDY8oqg34Z07s1JuQYvIlavJ9lw
e50vLW8h3O2r4dge7v6CKAlbeaRtaQfpXJRezH9YQJ9lTJoXY6W7LbnBAPcexFps
J/2rul4RSLUZPuLSpGAcYall77o3rwn9oOocL9gdAoGBAJh/Vhh5iRWFaPqxyWR0
/GU96Uyyzd+iK6x3v6S0piPTNPWrkWDc3JTxFXET6e2M+oR4MUYENnjiMUvgXP6T
EDfB0/cMIQ8XwJJvgGS2IZKJS1wNPggt33qJmFlMhlqsp+ql6wDznapzQnjptVL1
xQm31c67HcarfmxORCA1j5qxAoGAIeJBEajBL7y5LWqFHIppYMkq08jYZRuSGzAC
Rl3VSkLSqczTUCEYcClhu0fkCqJM6+nCGFxhcAqSSPB4IHelFikcyHnqCg0gTxQl
4/tku4BzQIGKmmmIMVFguPjLdxUZzGndPCtvpPopsSZFromVos/D0nSkWyLzX6Hl
mZ/cYaUCgYEA2xufKaPgEdYcuI1rYKHWvhb0DI6QRK/0EfPbo6jkSdpYPBXfJ61F
JkGZVxqZI7r/U55RMmdgCpRAZCISCOm0jepaR32v5Ckan88UTyu8EuXNhvMK2jWP
DJ+16tv9ZXGwkAVJNpVv0Ze6E4yiNZz3Nuq16nBR5QeQmQSGOwbMRRI=
-----END RSA PRIVATE KEY-----
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUlsWAL5Rf0Wis/A7k7Tlqx0fZS60VzCZrPZYbP/wkL95jv0XzCx8bd1rZHeybblHPDNpND3BLv4qPY5DxRyexF4seGuzcJI/pOvGUGjQondeMPgDTFEo5w939gSdeTZcfXzQ0wAVhzwDbgH4zPfMzbdoo8Aiu9jkKljXw8IFju0gh+t6iKkGZCIjKT9o7zza1vGfkodhvi2V3VzPdNO28gaxZaRNtmBYUoVnGyR6nXN1Q3CJaVuh5o6GPCOqrhHNbYOFZKBpDiHbxPhVpxHQD2+8yUSGTG7WW75FfZePja5y8d0c/O5L37ZYx4AZAd3KgQYDBT2XCEJGQNawNbfpt

3
tests/integration/rostest/test_01_cloud_config.py
View File

@ -72,7 +72,10 @@ def test_services_include(qemu, cloud_config):
def test_docker_tls_args(qemu, cloud_config): def test_docker_tls_args(qemu, cloud_config):
SSH(qemu, ssh_command).check_call(''' SSH(qemu, ssh_command).check_call('''
set -e -x set -e -x
sudo ros tls gen --server -H localhost
sudo ros tls gen sudo ros tls gen
sudo ros c set rancher.docker.tls true
sudo system-docker restart docker
sleep 5 sleep 5
docker --tlsverify version docker --tlsverify version
'''.strip()) '''.strip())

22
tests/integration/rostest/test_02_tls.py Normal file
View File

@ -0,0 +1,22 @@
import pytest
import rostest.util as u
from rostest.util import SSH
ssh_command = ['./scripts/ssh', '--qemu', '--key', './tests/integration/assets/test.key']
cloud_config_path = './tests/integration/assets/test_02/cloud-config.yml'
@pytest.fixture(scope="module")
def qemu(request):
q = u.run_qemu(request, ['--cloud-config', cloud_config_path])
u.flush_out(q.stdout)
return q
@pytest.mark.timeout(40)
def test_docker_tls_args(qemu):
SSH(qemu, ssh_command).check_call('''
set -e -x
sudo ros tls gen
docker --tlsverify version
'''.strip())