Retries int
}
-var CertFiles = []string{"/etc/arvados/ca-certificates.crt"}
+var CertFiles = []string{
+ "/etc/arvados/ca-certificates.crt",
+ "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
+ "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL
+}
// MakeTLSConfig sets up TLS configuration for communicating with Arvados and Keep services.
func MakeTLSConfig(insecure bool) *tls.Config {
if err == nil {
success := certs.AppendCertsFromPEM(data)
if !success {
- fmt.Errorf("Did not load any certificates from %v", file)
+ fmt.Printf("Unable to load any certificates from %v", file)
} else {
tlsconfig.RootCAs = certs
break
}
}
}
- // Will use system default CA roots if /etc/arvados/ca-certificates.crt not found.
+ // Will use system default CA roots instead.
}
return &tlsconfig
cgroupRoot := flag.String("cgroup-root", "/sys/fs/cgroup", "path to sysfs cgroup tree")
cgroupParent := flag.String("cgroup-parent", "docker", "name of container's parent cgroup (ignored if -cgroup-parent-subsystem is used)")
cgroupParentSubsystem := flag.String("cgroup-parent-subsystem", "", "use current cgroup for given subsystem as parent cgroup for container")
+ caCertsPath := flag.String("ca-certs", "/etc/arvados/ca-certificates.crt", "Path to TLS root certificates")
flag.Parse()
containerId := flag.Arg(0)
+ arvadosclient.CertFiles = []string{*caCertsPath}
+
api, err := arvadosclient.MakeArvadosClient()
if err != nil {
log.Fatalf("%s: %v", containerId, err)