Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: e81ddeb)
Introduce common CAs to be mounted to the containers
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Thu, 13 Apr 2017 13:51:46 +0000 (13:51 +0000)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Tue, 18 Apr 2017 08:20:06 +0000 (11:20 +0300)
When TLS is enabled, the containers need to trust the CAs that the
host trusts.

Change-Id: I0434b0ac10290970857cad3d1a89d00f5b054196

docker/services/containers-common.yaml patch | blob | history

diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index a357ceb..d3561f6 100644 (file)
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -9,3 +9,8 @@ outputs:
     value:
       - /etc/hosts:/etc/hosts:ro
       - /etc/localtime:/etc/localtime:ro
+      # OpenSSL trusted CAs
+      - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
+      - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
+      - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
+      - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro