blob: d6fec336d0b648853b66d10b0ab92f9c67eb2c72 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
#!/bin/ash
# $FUTURE_ROOT - root dir of final stage 4 (config.tgz extracted to here)
# $CONFIG - current path to /opt/openslx/config (changes to this end up in stage 4)
# dracut compat
FUTURE_ROOT="$NEWROOT"
# the slx configuration file is already copied to the newroot in an early hook, so:
CONFIG="${NEWROOT}/opt/openslx/config"
# systemd context, so need to explicitely source the config for SLX_REMOTE_SSL
. "$CONFIG"
# end dracut compat
# Set up SSL communication with server
if [ -d "${FUTURE_ROOT}/opt/openslx/ssl" ] && [ -n "$(ls -A "${FUTURE_ROOT}/opt/openslx/ssl")" ]; then
# Copy certs and symlinks to CA path
cp -a "${FUTURE_ROOT}"/opt/openslx/ssl/* "${FUTURE_ROOT}/etc/ssl/certs/"
# Append to combined ca bundle
find "${FUTURE_ROOT}/opt/openslx/ssl" -type f -exec cat {} \; \
>> "${FUTURE_ROOT}/etc/ssl/certs/ca-certificates.crt"
# Move certs (without symlinks), so they will be re-included if we run update-ca-certificates later
mkdir -p "${FUTURE_ROOT}/usr/local/share/ca-certificates"
find "${FUTURE_ROOT}/opt/openslx/ssl" -type f \
-exec mv {} "${FUTURE_ROOT}/usr/local/share/ca-certificates/" \;
# Delete symlinks
find "${FUTURE_ROOT}/opt/openslx/ssl" -type l -delete
# Add entry to /etc/hosts for boot server (satellite server)
# Change all the URLs in config to use SSL
if [ -n "$SLX_REMOTE_SSL" ] && ! grep -qF 'satellite.bwlehrpool' "/etc/hosts"; then
echo "$SLX_REMOTE_SSL satellite.bwlehrpool" >> "/etc/hosts"
sed -i "s,http://${SLX_REMOTE_SSL}/,https://satellite.bwlehrpool/," "${CONFIG}"
fi
fi
true
|