osmclient

Add support for CACERT and APIPROXY

Bug #1858789 reported by David
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
osmclient
Fix Committed
High
Adam Israel

Bug Description

The overlay needs to include these parameters:

lcm-k8s: vca_cacert, vca_apiproxy
mon-k8s: vca_cacert

Currently, mon does not use the apiproxy, but we could consider adding the parameter, in case it's used in the future.

The result (osmclient.overlay) should look like this:

```
applications:
  lcm-k8s:
    options:
      vca_user: admin
      vca_password: 92507b6491fb3d2789fcf8d1b489d1b4
      vca_host: 10.65.78.14
      vca_port: 17070
      vca_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHVk4FGo2jnbKTjvViZdSeOdwB+LOJsSOhSraNR+f15b0EFeJP4U/V0DuZXC7iQ2+BLDZRlHSi633FOiYlRde6/JoAlePF9dST0M1maoagXaAGrNf9u6lHcWw5ITw/GsABgVuC9rwyDWUdjkLsc8b9+lsixLsY6j7+b3ZTa5BvMjQincqCgvCm5OMZs8LvVbsj7Z5yPu0TWJ33YVNMUwnXa1h1E4lGEEs06e1YozR1boBfVKLY91KuY4X07F4zV6o2ojDd3kgcZwlWEhhCzRl0H11IPJrycp0OWCzOmhVCdCIIHlL/E62JeCydDmd9oV4RWXQ0Av3jIqPDx5bTnpI7 juju-client-key"
      vca_apiproxy: 10.28.55.41
      vca_cacert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVyRENDQXhTZ0F3SUJBZ0lVT0JjdG96RzV0MWdMb0Ivcmp6eHJlNGRaejJ3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2JqRU5NQXNHQTFVRUNoTUVhblZxZFRFdU1Dd0dBMVVFQXd3bGFuVnFkUzFuWlc1bGNtRjBaV1FnUTBFZwpabTl5SUcxdlpHVnNJQ0pxZFdwMUxXTmhJakV0TUNzR0ExVUVCUk1rT1dZMU1UVTBaR1F0T0RJMFppMDBPVGs0CkxUaGxZVGd0WVRFeFpUWXhPR1ZrTVRaa01CNFhEVEU1TVRFeU5qRXpNRGd6T0ZvWERUSTVNVEl3TXpFek1EZ3oKT0Zvd2JqRU5NQXNHQTFVRUNoTUVhblZxZFRFdU1Dd0dBMVVFQXd3bGFuVnFkUzFuWlc1bGNtRjBaV1FnUTBFZwpabTl5SUcxdlpHVnNJQ0pxZFdwMUxXTmhJakV0TUNzR0ExVUVCUk1rT1dZMU1UVTBaR1F0T0RJMFppMDBPVGs0CkxUaGxZVGd0WVRFeFpUWXhPR1ZrTVRaa01JSUJvakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBWThBTUlJQmlnS0MKQVlFQXlQUUQ2T3VTUTgzUVVMNjFEUEVIQ09FRDJlekxmM3g2UEQ1ZVRDbEF4SVZoODg2Y1RNZVhHaDk1YnFKcwpPTnZ3NWlweE1xRHJ3N0ptRWNuaW1qRndWejVHcnUzYmkwV1FYRENrVVFIeWRUMmJBNW1vQWVobllQcnBLYjkrCkNmZjV2b1VSbEVPNkZnaWpkNDhPUS9kV0JpOWpwUDlsek90ZTEyOVNJNEkxK3Rhd1p5VExRaGJLNWZrUDl3NngKUUR2c2labm8xRW84bnZYMHFpRzNYQXNoRGZOSlhOaHFnZklIRkFBREt0LzZ3cUQ2WTlaYkZDTTVvcEp2MnhUNQpaU0RkeW1WYkhQMmZOOVo2TXBFRXBOUWpOeS9KaitOUXdheUszMDZKcmhqMVBvNFgvbm9OODJld2syOC8wamJNClVzWXVDUitOY25DL1pHcGQvYWtUbWFhWXhGQ3ppbG5DR0svWFZrQXN4aW96ZGMzNEhXcEdML2ZsTEkxYjJUZi8KdHdRNzBkbW5JWDMrZXZhb0tTZzJRMFlTcUluVW1qRG4xS3ZiOVlDL2cveit5SzJhTDVReU5XM1IrcjZrTkMvQwp0QmRBQzVCY3VaNk9zYldXOTNkNHpwS0dVVDIyd1AyeW9iaTltclFrTjNBeEE1SGZDS2hkSEUrQnk0MlRKL1VyCk16OXZBZ01CQUFHalFqQkFNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEcKQTFVZERnUVdCQlFzNWRraVZzZEhLaXE1RXlJL2l1eXp4T0JtWGpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVlFQQpFOHVKZitmL3RTeGtWMTYrcG9ZV0ZXMU4yNGNXczZwSlZSZ1dtNTlCMmJWK1NwL2dSOXJ2b2xwOTM5Mng3YWtXCm9iQWVzaExrZU5IaHFVWFZZcGJEU0haMFplOGZPQTFSdUFEL0xtZjlDbDZiUUVlTjNnS2VKTmFFUHgxbTJKeXEKclhPMzY2NVZOQSt1aGdIWlUrdVBCYmllMzVTZWk3Q3VsM3JLQlFDZXhqa002cU1yeUpVaWlLMU1WKzBTL01QVwpNK0R6d2R5Y1J2WHh4STF0VHlRMmhWV0JJaDg0WVJ1WTQ4eXlTczM1Y2dxZ29DL3Q1UW1Lc2haK1NwNUIwNDl4CjVCUytQTWtta2IvYjdVU0FVQ3M5Vk9ERjRRai82RksxMmVBYVQyZ2FXb2QyWUxCRUVHRWcvVnN4dkVNZkJvUXQKT1U5QTVKMlJCMWdXRVljVUlxYjV0K2pBNTdtNVRTcFF3ZHowRDIxempTdE5rdS9XT01QREhDZGJmMERiQ1NqNApDRTcxVWVHWEd3WHhOSlNCUTRObGFza0U3OFdHVWZBSEN1a3ZiUEl1am5Ja1BKOFBMNzRndXlQY3dQNGlMUlAwCitaMlhVRXZFRmNJNWJESmpNcHdtRzBiS3k4eVNMOFMxc3lRTU1Ydk1rc3l5aWorSVRnYXJkS2ordWtNbmdDUkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoK"
  mon-k8s:
    options:
      vca_user: admin
      vca_password: 92507b6491fb3d2789fcf8d1b489d1b4
      vca_host: 10.65.78.14
      vca_cacert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVyRENDQXhTZ0F3SUJBZ0lVT0JjdG96RzV0MWdMb0Ivcmp6eHJlNGRaejJ3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2JqRU5NQXNHQTFVRUNoTUVhblZxZFRFdU1Dd0dBMVVFQXd3bGFuVnFkUzFuWlc1bGNtRjBaV1FnUTBFZwpabTl5SUcxdlpHVnNJQ0pxZFdwMUxXTmhJakV0TUNzR0ExVUVCUk1rT1dZMU1UVTBaR1F0T0RJMFppMDBPVGs0CkxUaGxZVGd0WVRFeFpUWXhPR1ZrTVRaa01CNFhEVEU1TVRFeU5qRXpNRGd6T0ZvWERUSTVNVEl3TXpFek1EZ3oKT0Zvd2JqRU5NQXNHQTFVRUNoTUVhblZxZFRFdU1Dd0dBMVVFQXd3bGFuVnFkUzFuWlc1bGNtRjBaV1FnUTBFZwpabTl5SUcxdlpHVnNJQ0pxZFdwMUxXTmhJakV0TUNzR0ExVUVCUk1rT1dZMU1UVTBaR1F0T0RJMFppMDBPVGs0CkxUaGxZVGd0WVRFeFpUWXhPR1ZrTVRaa01JSUJvakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBWThBTUlJQmlnS0MKQVlFQXlQUUQ2T3VTUTgzUVVMNjFEUEVIQ09FRDJlekxmM3g2UEQ1ZVRDbEF4SVZoODg2Y1RNZVhHaDk1YnFKcwpPTnZ3NWlweE1xRHJ3N0ptRWNuaW1qRndWejVHcnUzYmkwV1FYRENrVVFIeWRUMmJBNW1vQWVobllQcnBLYjkrCkNmZjV2b1VSbEVPNkZnaWpkNDhPUS9kV0JpOWpwUDlsek90ZTEyOVNJNEkxK3Rhd1p5VExRaGJLNWZrUDl3NngKUUR2c2labm8xRW84bnZYMHFpRzNYQXNoRGZOSlhOaHFnZklIRkFBREt0LzZ3cUQ2WTlaYkZDTTVvcEp2MnhUNQpaU0RkeW1WYkhQMmZOOVo2TXBFRXBOUWpOeS9KaitOUXdheUszMDZKcmhqMVBvNFgvbm9OODJld2syOC8wamJNClVzWXVDUitOY25DL1pHcGQvYWtUbWFhWXhGQ3ppbG5DR0svWFZrQXN4aW96ZGMzNEhXcEdML2ZsTEkxYjJUZi8KdHdRNzBkbW5JWDMrZXZhb0tTZzJRMFlTcUluVW1qRG4xS3ZiOVlDL2cveit5SzJhTDVReU5XM1IrcjZrTkMvQwp0QmRBQzVCY3VaNk9zYldXOTNkNHpwS0dVVDIyd1AyeW9iaTltclFrTjNBeEE1SGZDS2hkSEUrQnk0MlRKL1VyCk16OXZBZ01CQUFHalFqQkFNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEcKQTFVZERnUVdCQlFzNWRraVZzZEhLaXE1RXlJL2l1eXp4T0JtWGpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVlFQQpFOHVKZitmL3RTeGtWMTYrcG9ZV0ZXMU4yNGNXczZwSlZSZ1dtNTlCMmJWK1NwL2dSOXJ2b2xwOTM5Mng3YWtXCm9iQWVzaExrZU5IaHFVWFZZcGJEU0haMFplOGZPQTFSdUFEL0xtZjlDbDZiUUVlTjNnS2VKTmFFUHgxbTJKeXEKclhPMzY2NVZOQSt1aGdIWlUrdVBCYmllMzVTZWk3Q3VsM3JLQlFDZXhqa002cU1yeUpVaWlLMU1WKzBTL01QVwpNK0R6d2R5Y1J2WHh4STF0VHlRMmhWV0JJaDg0WVJ1WTQ4eXlTczM1Y2dxZ29DL3Q1UW1Lc2haK1NwNUIwNDl4CjVCUytQTWtta2IvYjdVU0FVQ3M5Vk9ERjRRai82RksxMmVBYVQyZ2FXb2QyWUxCRUVHRWcvVnN4dkVNZkJvUXQKT1U5QTVKMlJCMWdXRVljVUlxYjV0K2pBNTdtNVRTcFF3ZHowRDIxempTdE5rdS9XT01QREhDZGJmMERiQ1NqNApDRTcxVWVHWEd3WHhOSlNCUTRObGFza0U3OFdHVWZBSEN1a3ZiUEl1am5Ja1BKOFBMNzRndXlQY3dQNGlMUlAwCitaMlhVRXZFRmNJNWJESmpNcHdtRzBiS3k4eVNMOFMxc3lRTU1Ydk1rc3l5aWorSVRnYXJkS2ordWtNbmdDUkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoK"
```

vca_cacert is the result from the command `juju controllers --format json | jq -r '.controllers["osm-lxd"]["ca-cert"]' | base64 | tr -d \\n`

vca_apiproxy is the DEFAULT_IP:
```
DEFAULT_IF=`route -n |awk '$1~/^0.0.0.0/ {print $8}'`
DEFAULT_IP=`ip -o -4 a |grep ${DEFAULT_IF}|awk '{split($4,a,"/"); print a[1]}'`
```

See original description
David (davigar15)
description: updated
description: updated
Adam Israel (aisrael)
Changed in osmclient:
importance: Undecided → High
assignee: nobody → Adam Israel (aisrael)
status: New → In Progress
Adam Israel (aisrael)
Changed in osmclient:
status: In Progress → Fix Committed
Revision history for this message
David (davigar15) wrote :

$ osmclient.overlay
/snap/osmclient/40/bin/overlay.sh: line 22: /snap/bin/juju: Permission denied
12:25:14 main [ERRO] asked to process document index 0 but there are only 0 document(s)
/snap/osmclient/40/bin/overlay.sh: line 25: /sbin/route: Permission denied
/snap/osmclient/40/bin/overlay.sh: line 26: /sbin/ip: Permission denied
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.