search

redhat-cop / rhel-edge-automation-arch

RHEL for Edge Automation Deployment Architecture
Apache License 2.0
45 stars 33 forks source link

Add ingress CA certificate to the image-builder VM #226

Closed jordigilh closed 2 years ago

jordigilh commented 2 years ago

When deploying in an environment with a self signed CA, the compose-cli command fails to compose when attempting to reach the ostree repository, hosted behind the route:

[rfe-oci-build-installer-image : build-installer-image-playbook] TASK [oci-build-installer-image : Compose Image] *******************************
[rfe-oci-build-installer-image : build-installer-image-playbook] Tuesday 11 January 2022  01:10:20 +0000 (0:00:02.759)       0:00:12.972 ******* 
[rfe-oci-build-installer-image : build-installer-image-playbook] fatal: [image-builder]: FAILED! => {"changed": true, "cmd": ["composer-cli", "-j", "compose", "start-ostree", "--ref", "rhel/8/x86_64/edge", "--url", "https://httpd-rfe.apps.mycluster.redhat.com/microshift/latest", "rfe-iso-blueprint", "rhel-edge-installer"], "delta": "0:00:00.119717", "end": "2022-01-10 20:10:20.722024", "msg": "non-zero return code", "rc": 1, "start": "2022-01-10 20:10:20.602307", "stderr": "", "stderr_lines": [], "stdout": "{\n    \"status\": false,\n    \"errors\": [\n        {\n            \"id\": \"OSTreeCommitError\",\n            \"msg\": \"Get \\\"https://httpd-rfe.apps.mycluster.redhat.com/microshift/latest/refs/heads/rhel/8/x86_64/edge\\\": x509: certificate signed by unknown authority\"\n        }\n    ]\n}", "stdout_lines": ["{", "    \"status\": false,", "    \"errors\": [", "        {", "            \"id\": \"OSTreeCommitError\",", "            \"msg\": \"Get \\\"https://httpd-rfe.apps.mycluster.redhat.com/microshift/latest/refs/heads/rhel/8/x86_64/edge\\\": x509: certificate signed by unknown authority\"", "        }", "    ]", "}"]}

to solve this, the ingress' CA certificate needs to be added to the image-builder VM truststore so that composer-cli can establish the connection.