From 36ca6cacda3788715437130e9212a94f99a4facc Mon Sep 17 00:00:00 2001
From: Bob Fournier <bfournie@redhat.com>
Date: Mon, 17 Mar 2025 19:49:42 -0400
Subject: [PATCH] AGENT-537: Run agent installer command to create certificates

If the agent tls certificates have not been created yet, i.e.
when using the agent UI, use the installer command to create the
certs prior to running the assisted-service.
---
 data/data/agent/files/usr/local/bin/set-node-zero.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/data/data/agent/files/usr/local/bin/set-node-zero.sh b/data/data/agent/files/usr/local/bin/set-node-zero.sh
index f4e53d6d217..f91b9ff90e5 100644
--- a/data/data/agent/files/usr/local/bin/set-node-zero.sh
+++ b/data/data/agent/files/usr/local/bin/set-node-zero.sh
@@ -45,6 +45,16 @@ done
 if [ "${IS_NODE_ZERO}" = "true" ]; then
     echo "Node 0 IP ${NODE_ZERO_IP} found on this host" 1>&2
 
+    # Create tls certs, if they don't exist, via the installer command.
+    # This allows the certs to be created at run-time, e.g. when installed via the UI
+    AGENT_TLS_DIR=/opt/agent/tls
+    if [ -z $(ls -A "$AGENT_TLS_DIR") ]; then
+       . /usr/local/bin/release-image.sh
+       IMAGE=$(image_for installer)
+       /usr/bin/podman run --privileged -v /tmp:/assets --rm "${IMAGE}" agent create certificates --dir=/assets
+       cp /tmp/tls/* $AGENT_TLS_DIR
+    fi
+
     NODE0_PATH=/etc/assisted/node0
     mkdir -p "$(dirname "${NODE0_PATH}")"