Knowledge Base (Posts about cloud)https://bgstack15.ddns.net/blog/enContents © 2022 <a href="mailto:bgstack15@gmail.com">bgstack15</a> <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/"> <img alt="Creative Commons License BY-SA" style="border-width:0; margin-bottom:12px;" src="https://bgstack15.ddns.net/.images/l_by-sa_4.0_88x31.png"></a>Sun, 27 Feb 2022 04:05:12 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rssInsert your own ca root certificates in RancherOShttps://bgstack15.ddns.net/blog/posts/2019/02/06/insert-your-own-ca-root-certificates-in-rancheros/bgstack15<p>Cloud-init is pretty great. It has a <a href="https://cloudinit.readthedocs.io/en/latest/topics/modules.html#ca-certs">module</a> for installing CA certificates, which RancherOS does <a href="https://github.com/rancher/os/issues/1795">not yet support</a>. So the solution for now, as shared by <a href="https://forums.rancher.com/t/rancheros-cloud-config-yml-root-ca/8076/3">Gizmotronic</a> at the rancherOS forums, is as follows.</p> <pre class="code literal-block"><span></span><code><span class="n">write_files</span><span class="p">:</span> <span class="o">-</span> <span class="n">content</span><span class="p">:</span> <span class="p">|</span><span class="o">+</span> <span class="o">#</span><span class="err">!</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">sh</span> <span class="n">cat</span> <span class="o">&lt;&lt;</span> <span class="n">_EOF_</span> <span class="o">&gt;&gt;</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ssl</span><span class="o">/</span><span class="n">certs</span><span class="o">/</span><span class="n">ca</span><span class="o">-</span><span class="n">certificates</span><span class="p">.</span><span class="n">crt</span> <span class="o">#</span> <span class="n">subject</span><span class="o">=/</span><span class="n">DC</span><span class="o">=</span><span class="n">com</span><span class="o">/</span><span class="n">DC</span><span class="o">=</span><span class="n">example</span><span class="o">/</span><span class="n">DC</span><span class="o">=</span><span class="n">ad</span><span class="o">/</span><span class="n">CN</span><span class="o">=</span><span class="n">CA2</span> <span class="o">-----</span><span class="kr">BEGIN</span> <span class="n">CERTIFICATE</span><span class="o">-----</span> <span class="n">certificate</span> <span class="n">contents</span> <span class="n">belong</span> <span class="n">here</span> <span class="o">-----</span><span class="kr">END</span> <span class="n">CERTIFICATE</span><span class="o">-----</span> <span class="n">_EOF_</span> <span class="n">owner</span><span class="p">:</span> <span class="n">root</span><span class="p">:</span><span class="n">root</span> <span class="n">path</span><span class="p">:</span> <span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">rancher</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">start</span><span class="p">.</span><span class="n">sh</span> <span class="n">permissions</span><span class="p">:</span> <span class="s">"0755"</span> </code></pre>certificatescloudcloud-initcontainersrancherosyamlhttps://bgstack15.ddns.net/blog/posts/2019/02/06/insert-your-own-ca-root-certificates-in-rancheros/Wed, 06 Feb 2019 13:43:37 GMT