Commit 990bb494 authored by Tomáš Sapák's avatar Tomáš Sapák
Browse files

Merge branch '152-fix-certificate-failed-in-sandbox-agenda' into 'master'

Resolve "Fix certificate failed in sandbox agenda"

Closes #152

See merge request muni-kypo-crp/devops/kypo-crp-deployment!156
parents ab69b1ae 6a118c66
......@@ -64,3 +64,16 @@
keystore_type: JKS
notify:
- kypo_crp_restart
- name: ensure folder for implicitly trusted certificates exists
file:
path: /usr/local/share/ca-certificates
state: directory
- name: copy certificate
copy:
content: '{{ kypo_crp_cert | b64decode }}'
dest: '/usr/local/share/ca-certificates/{{ kypo_crp_cert_name }}'
- name: update CA certificates
command: update-ca-certificates
......@@ -119,7 +119,7 @@ application_configuration:
# A path to directory of CA certificates or file of CA certificates, i.e. CA bundle.
# Use in case of self-signed certificates in related services.
ssl_ca_certificate_verify: /etc/ssl/certs
ssl_ca_certificate_verify: /etc/ssl/certs/ca-certificates.crt
sandbox_configuration:
# The name or ID of network in OpenStack where all sandboxes will be deployed.
......
......@@ -20,8 +20,8 @@ services:
- ./configuration/sandbox-service/kypo-sandbox-service-config.yml:/app/config.yml:ro
- ./configuration/sandbox-service/supervisord.conf:/etc/supervisord.conf
- ./runtime-data/{{ kypo_crp_git.server }}:/root/.ssh/{{ kypo_crp_git.server }}:ro
- ./runtime-data/{{ kypo_crp_cert_name }}:/etc/ssl/certs/{{ kypo_crp_cert_hash }}.0
- ./runtime-data/{{ kypo_crp_proxy_key_name }}:/root/.ssh/{{ kypo_crp_proxy_key_name }}:ro
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
- /var/opt/kypo/kypo-ansible-runner-volumes:/var/opt/kypo/kypo-ansible-runner-volumes
- /var/run/docker.sock:/var/run/docker.sock:ro
- db_data_sandbox_service:/var/lib/postgresql/data/
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment