diff options
| author | Aditya Rajan <arajan@redhat.com> | 2021-12-27 15:42:25 +0530 |
|---|---|---|
| committer | Aditya Rajan <arajan@redhat.com> | 2021-12-27 16:09:02 +0530 |
| commit | f21744939cbb69110488c427f0778643d5217170 (patch) | |
| tree | 0672baf20547e5979562b56e54ee5a613e0e5609 /pkg/machine/ignition.go | |
| parent | e06631d6c22f4d5b7a62f70ccdf623379a9d5fe7 (diff) | |
| download | podman-f21744939cbb69110488c427f0778643d5217170.tar.gz podman-f21744939cbb69110488c427f0778643d5217170.tar.bz2 podman-f21744939cbb69110488c427f0778643d5217170.zip | |
ignition: add certs from current user into the machine while init
Following PR ensures that certs from `~/.config/containers/certs.d` or `~/.config/docker/certs.d`
are copied into the remote machine at `/etc/containers/certs.d/`
As a result on platforms like `macOS` where podman works with a remote
machine setup. User's local certs must be transferd to VM without any
plumbing needed by user.
[NO-NEW-TESTS-NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'pkg/machine/ignition.go')
| -rw-r--r-- | pkg/machine/ignition.go | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index 139318977..84d3be296 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -7,7 +7,10 @@ import ( "fmt" "io/ioutil" "net/url" + "os" "path/filepath" + + "github.com/sirupsen/logrus" ) /* @@ -355,6 +358,56 @@ machine_enabled=true }, }) + // get certs for current user + userHome, err := os.UserHomeDir() + if err != nil { + logrus.Warnf("Unable to copy certs via ignition %s", err.Error()) + return files + } + + certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d")) + files = append(files, certFiles...) + + certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d")) + files = append(files, certFiles...) + + return files +} + +func getCerts(certsDir string) []File { + var ( + files []File + ) + + certs, err := ioutil.ReadDir(certsDir) + if err == nil { + for _, cert := range certs { + b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name())) + if err != nil { + logrus.Warnf("Unable to read cert file %s", err.Error()) + continue + } + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: filepath.Join("/etc/containers/certs.d/", cert.Name()), + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(string(b)), + }, + Mode: intToPtr(0644), + }, + }) + } + } else { + if !os.IsNotExist(err) { + logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error()) + } + } + return files } |