Need cert based auth for contiv/aci-gw container

[gaurav-dalvi]

We use username and password of APIC to start aci-gw image. Customer is using cert based auth and thats we need to provide that option in our installer for testing purpose.

Something like this

sudo /usr/bin/docker run -t --net=host \
    -e "APIC_URL=https://10.193.231.33:443" \
    -e "APIC_USERNAME=admin" \
    -e "APIC_CERT_DN=uni/userext/user-admin/usercert-admin-cert" \
    -e "APIC_LEAF_NODE=topology/pod-1/node-101,topology/pod-1/node-102" \
    -e "APIC_PHYS_DOMAIN=TEST-Phys-Dom" \
    -e "APIC_EPG_BRIDGE_DOMAIN=not_specified" \
    -e "APIC_CONTRACTS_UNRESTRICTED_MODE=no" \
    -v /home/admin/keys:/aciconfig \
    --name=contiv-aci-gw \
   contiv/aci-gw:someTag

[gaurav-dalvi]

I will work on this one. I dont have permission to add this to myself.

[neelimamukiri]

@gaurav-dalvi FYI, from the install side, for Kubernetes: On the installer side we pass APIC_CERT_DN as https://github.com/contiv/install/blob/master/install/k8s/install.sh#L267. ACI Cert DN is the -z param: https://github.com/contiv/install/blob/master/install/k8s/install.sh#L164 ACI Cert key is the -y param: https://github.com/contiv/install/blob/master/install/k8s/install.sh#L161

https://github.com/contiv/install/blob/master/install/k8s/k8s1.6/aci_gw.yaml#L52-L59 has the volume mounting aspects.

Not sure if this is a k8s or docker issue and if this is a place holder issue for the aci-gw part of the changes.

[gaurav-dalvi]

Thanks for pointers. I tried putting DN string in contiv_network role in ansible, but that did not work. Let me take close look again.