Compass: add cacert file to enable SSL verification

Now only Openstack https is supported by OSA repo LXC in compass
deployment, so certification file is required to enable SSL
verification.
After [1] is merged, the cacert file os_cacert will be provided
in the container compass-tasks.

[1]: https://gerrit.opnfv.org/gerrit/#/c/37451/

Change-Id: Id747cef1955733a1c93feb20a26d503a5de1fb93
Signed-off-by: Linda Wang <wangwulin@huawei.com>

diff --git a/jjb/functest/set-functest-env.sh b/jjb/functest/set-functest-env.sh
index 5f936f5..72a9e1e 100755 (executable)
--- a/jjb/functest/set-functest-env.sh
+++ b/jjb/functest/set-functest-env.sh
@@ -9,6 +9,10 @@ set +o pipefail
 # Prepare OpenStack credentials volume
 if [[ ${INSTALLER_TYPE} == 'joid' ]]; then
     rc_file_vol="-v $LAB_CONFIG/admin-openrc:/home/opnfv/functest/conf/openstack.creds"
+elif [[ ${INSTALLER_TYPE} == 'compass' && ${BRANCH} == 'master' ]]; then
+    cacert_file_vol="-v ${HOME}/os_cacert:/home/opnfv/functest/conf/os_cacert"
+    echo "export OS_CACERT=/home/opnfv/functest/conf/os_cacert" >> ${HOME}/opnfv-openrc.sh
+    rc_file_vol="-v ${HOME}/opnfv-openrc.sh:/home/opnfv/functest/conf/openstack.creds"
 else
     rc_file_vol="-v ${HOME}/opnfv-openrc.sh:/home/opnfv/functest/conf/openstack.creds"
 fi
@@ -54,7 +58,7 @@ if [[ ${INSTALLER_TYPE} == 'compass' && ${DEPLOY_SCENARIO} == *'os-nosdn-openo-h
 fi
 
 if [ "$BRANCH" != 'stable/danube' ]; then
-  volumes="${images_vol} ${results_vol} ${sshkey_vol} ${stackrc_vol} ${rc_file_vol}"
+  volumes="${images_vol} ${results_vol} ${sshkey_vol} ${stackrc_vol} ${rc_file_vol} ${cacert_file_vol}"
 else
   volumes="${results_vol} ${sshkey_vol} ${stackrc_vol} ${rc_file_vol}"
 fi

diff --git a/utils/fetch_os_creds.sh b/utils/fetch_os_creds.sh
index 285f838..1ee8b84 100755 (executable)
--- a/utils/fetch_os_creds.sh
+++ b/utils/fetch_os_creds.sh
@@ -12,7 +12,7 @@ set -o nounset
 set -o pipefail
 
 usage() {
-    echo "usage: $0 [-v] -d <destination> -i <installer_type> -a <installer_ip> [-s <ssh_key>]" >&2
+    echo "usage: $0 [-v] -d <destination> -i <installer_type> -a <installer_ip> [-o <os_cacert>] [-s <ssh_key>]" >&2
     echo "[-v] Virtualized deployment" >&2
     echo "[-s <ssh_key>] Path to ssh key. For MCP deployments only" >&2
 }
@@ -54,12 +54,13 @@ swap_to_public() {
 : ${DEPLOY_TYPE:=''}
 
 #Get options
-while getopts ":d:i:a:h:s:v" optchar; do
+while getopts ":d:i:a:h:s:o:v" optchar; do
     case "${optchar}" in
         d) dest_path=${OPTARG} ;;
         i) installer_type=${OPTARG} ;;
         a) installer_ip=${OPTARG} ;;
         s) ssh_key=${OPTARG} ;;
+        o) os_cacert=${OPTARG} ;;
         v) DEPLOY_TYPE="virt" ;;
         *) echo "Non-option argument: '-${OPTARG}'" >&2
            usage
@@ -70,6 +71,7 @@ done
 
 # set vars from env if not provided by user as options
 dest_path=${dest_path:-$HOME/opnfv-openrc.sh}
+os_cacert=${os_cacert:-$HOME/os_cacert}
 installer_type=${installer_type:-$INSTALLER_TYPE}
 installer_ip=${installer_ip:-$INSTALLER_IP}
 if [ "${installer_type}" == "fuel" ] && [ "${BRANCH}" == "master" ]; then
@@ -155,6 +157,7 @@ elif [ "$installer_type" == "apex" ]; then
 elif [ "$installer_type" == "compass" ]; then
     if [ "${BRANCH}" == "master" ]; then
         sudo docker cp compass-tasks:/opt/openrc $dest_path &> /dev/null
+        sudo docker cp compass-tasks:/opt/os_cacert $os_cacert &> /dev/null
         sudo chown $(whoami):$(whoami) $dest_path
     else
         verify_connectivity $installer_ip