refs #2026 add template for stunnel config

chroot-tasks.py

@@ -108,6 +108,22 @@ def updateCaCertificates():
     print ('Updating CA trust Store', file=sys.stderr)
     utils.run (['update-ca-certificates'])
 
+def configure_stunnel():
+    with open ('/etc/stunnel/menu.conf', 'w') as fd:
+        fd.write ('setuid = stunnel4\n')
+        fd.write ('setgid = stunnel4\n')
+        fd.write ('pid = /var/run/stunnel4/menu.pid\n')
+        fd.write ('\n')
+        fd.write ('[menu]\n')
+        fd.write ('client = yes\n')
+        fd.write ('accept = 127.0.0.1:81\n')
+        fd.write ('connect = __OGCORE_IP__:__OGCORE_PORT__\n')
+        fd.write ('cert = /opt/opengnsys/etc/ogagent.crt\n')
+        fd.write ('key = /opt/opengnsys/etc/ogagent.key\n')
+        fd.write ('CAfile = /opt/opengnsys/etc/ca.crt\n')
+        fd.write ('requireCert = yes\n')
+        fd.write ('verifyChain = yes\n')
+
 def boottoolsPythonModules():
     utils.run (['pip3', 'install', 'pyblkid', '--break-system-packages'])
 
@@ -158,6 +174,7 @@ if __name__ == '__main__':
     debconf_settings = config['General'].get ('debconf_settings')
 
     updateCaCertificates()
+    configure_stunnel()
     setup_resolvconf()
     boottoolsSoftwareInstall (args.osarch, args.osrelease)
     boottoolsSoftwareCompile()