From 870cee5ed8b742ce2bc9b4d662d6d64ed5d1ca94 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 9 May 2025 09:11:58 -0400
Subject: [PATCH] Add public TLS certificates to identitiy images

Some profiles may want to have a fixed boot image,
and site specific content limited to the identity payload, or at
least the TLS so it could fetch the rest over https.
---
 confluent_server/confluent/plugins/deployment/identimage.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/confluent_server/confluent/plugins/deployment/identimage.py b/confluent_server/confluent/plugins/deployment/identimage.py
index 4959a63e..4f57f2b6 100644
--- a/confluent_server/confluent/plugins/deployment/identimage.py
+++ b/confluent_server/confluent/plugins/deployment/identimage.py
@@ -59,6 +59,7 @@ def create_ident_image(node, configmanager):
         yaml.safe_dump(ident, yamlout, default_flow_style=False)
     with open(os.path.join(tmpd, 'cnflnt.jsn'), 'w') as jsonout:
         json.dump(ident, jsonout)
+    shutil.copytree('/var/lib/confluent/public/site/tls', os.path.join(tmpd, 'tls'))
     mkdirp('/var/lib/confluent/private/identity_images/')
     imgname = '/var/lib/confluent/private/identity_images/{0}.img'.format(node)
     if os.path.exists(imgname):