Skip to content

Commit

Permalink
fix(certs): auto-install ca retrieved from rancher
Browse files Browse the repository at this point in the history 
Signed-off-by: Zespre Chang <[email protected]>
  • Loading branch information
@starbops
starbops committed Oct 12, 2023
1 parent f70e187 commit e3d7fac
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
24 changes: 24 additions & 0 deletions pkg/cacerts/cacerts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"time"

"github.com/rancher/rancherd/pkg/tpm"
"github.com/rancher/system-agent/pkg/applyinator"
"github.com/rancher/wrangler/pkg/randomtoken"
)

Expand Down Expand Up @@ -161,6 +162,29 @@ func CACerts(server, token string, clusterToken bool) ([]byte, string, error) {
return data, hashHex(data), nil
}

func ToUpdateCACertificatesInstruction() (*applyinator.Instruction, error) {
cmd := "update-ca-certificates"

return &applyinator.Instruction{
Name: "update-ca-certificates",
SaveOutput: true,
Command: cmd,
}, nil
}

func ToFile(server, token string) (*applyinator.File, error) {
cacert, _, err := CACerts(server, token, true)
if err != nil {
return nil, err
}

return &applyinator.File{
Content: base64.StdEncoding.EncodeToString(cacert),
Path: "/etc/pki/trust/anchors/additional-ca.pem",
Permissions: "0644",
}, nil
}

func hashHex(token []byte) string {
hash := sha256.Sum256(token)
return hex.EncodeToString(hash[:])
Expand Down
8 changes: 8 additions & 0 deletions pkg/plan/bootstrap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (

"github.com/rancher/system-agent/pkg/applyinator"

"github.com/rancher/rancherd/pkg/cacerts"
"github.com/rancher/rancherd/pkg/config"
"github.com/rancher/rancherd/pkg/discovery"
"github.com/rancher/rancherd/pkg/join"
Expand Down Expand Up @@ -50,9 +51,15 @@ func toJoinPlan(cfg *config.Config, dataDir string) (*applyinator.Plan, error) {
}

plan := plan{}
if err := plan.addFile(cacerts.ToFile(cfg.Server, cfg.Token)); err != nil {
return nil, err
}
if err := plan.addFile(join.ToScriptFile(cfg, dataDir)); err != nil {
return nil, err
}
if err := plan.addInstruction(cacerts.ToUpdateCACertificatesInstruction()); err != nil {
return nil, err
}
if err := plan.addInstruction(join.ToInstruction(cfg, dataDir)); err != nil {
return nil, err
}
Expand Down Expand Up @@ -202,6 +209,7 @@ func (p *plan) addFiles(cfg *config.Config, dataDir string) error {

// rancher values.yaml
return p.addFile(rancher.ToFile(cfg, dataDir))

}

func (p *plan) addFile(file *applyinator.File, err error) error {
Expand Down

0 comments on commit e3d7fac

Please sign in to comment.