Fix TLS certs for el8 diskless

Properly place and process the TLS certs for a site.
2024-11-22 01:22:00 +00:00 · 2021-06-25 13:06:35 -04:00 · 2021-06-25 13:06:35 -04:00 · f2eba22b9b
commit f2eba22b9b
parent 1fcab688dd
1 changed files with 2 additions and 2 deletions
--- a/confluent_osdeploy/el8-diskless/profiles/default/scripts/imageboot.sh
+++ b/confluent_osdeploy/el8-diskless/profiles/default/scripts/imageboot.sh
@ -73,8 +73,8 @@ curl -sf -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/con
 cp /sysroot/etc/ssh/shosts.equiv /sysroot/root/.shosts
 chmod 640 /sysroot/etc/ssh/*_key
 chroot /sysroot chgrp ssh_keys /etc/ssh/*_key
-mkdir -p /sysroot/etc/pki/tls/certs/
-cat /sysroot/etc/confluent/ca.pem >> /sysroot/etc/pki/tls/certs/ca-bundle.crt
+cp /tls/*.pem /sysroot/etc/pki/ca-trust/source/anchors/
+chroot /sysroot/ update-ca-trust
 curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.service > /sysroot/etc/systemd/system/onboot.service
 mkdir -p /sysroot/opt/confluent/bin
 curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.sh > /sysroot/opt/confluent/bin/onboot.sh