From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Thu, 13 Apr 2017 13:51:46 +0000 (+0000)
Subject: Introduce common CAs to be mounted to the containers
X-Git-Tag: opnfv-6.0.0~762^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=f8f295be3ec1e1bced79aa37845edcbafa90577f;p=apex-tripleo-heat-templates.git

Introduce common CAs to be mounted to the containers

When TLS is enabled, the containers need to trust the CAs that the
host trusts.

Change-Id: I0434b0ac10290970857cad3d1a89d00f5b054196
---

diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index a357ceb6..d3561f6b 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -9,3 +9,8 @@ outputs:
     value:
       - /etc/hosts:/etc/hosts:ro
       - /etc/localtime:/etc/localtime:ro
+      # OpenSSL trusted CAs
+      - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
+      - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
+      - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
+      - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro