Skip to content

feat: add openchami-cert-trust.service#23

Merged
alexlovelltroy merged 1 commit intomainfrom
synackd/add-cert-trust-service
Jun 23, 2025
Merged

feat: add openchami-cert-trust.service#23
alexlovelltroy merged 1 commit intomainfrom
synackd/add-cert-trust-service

Conversation

@synackd
Copy link
Copy Markdown
Contributor

@synackd synackd commented Jun 20, 2025

Add an intermediate oneshot service, openchami-cert-trust.service, that copies the step-ca root CA certificate from the container to the host anchors directory and trusts it. This happens before acme-register and acme-deploy so that the CA cert is trusted by the system bundle before mounting it into the container to retrieve the haproxy certificate.

This eliminates the need to start the step-ca service first, separately from openchami.target. Instead, one can simply start openchami.target, have everything come up, and automatically trust the step-ca CA certificate.

Relevant dependency chart attached.

Supercedes #9.
openchami-re-head

Add an intermediate oneshot service, openchami-cert-trust.service, that
copies the step-ca root CA certificate from the container to the host
anchors directory and trusts it. This happens _before_ acme-register and
acme-deploy so that the CA cert is trusted by the system bundle before
mounting it into the container to retrieve the haproxy certificate.

This eliminates the need to start the step-ca service first, separately
from openchami.target. Instead, one can simply start openchami.target,
have everything come up, and automatically trust the step-ca CA
certificate.

Signed-off-by: Devon Bautista <17506592+synackd@users.noreply.github.com>
Copy link
Copy Markdown
Member

@alexlovelltroy alexlovelltroy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexlovelltroy alexlovelltroy merged commit 11cb153 into main Jun 23, 2025
1 check passed
@synackd synackd deleted the synackd/add-cert-trust-service branch June 23, 2025 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants