-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set webserver_verify_ca to bool or certificate path #258
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IRONIC_CA_PATH
is a CA that ironic services use, it does not necessarily match the CA that the images use (and it's not the case in OpenShift). We need a new option, and we need it to have a higher priority than IRONIC_INSECURE (which is always True for OpenShift).
IRONIC_CA_PATH is a new option, unfortunately the name is bit too similar to the existing one - IRONIC_CACERT_FILE. I'll change the name to make it clearer and move the check before INSECURE |
77a718d
to
f01dc64
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
f01dc64
to
a9370eb
Compare
/test-integration |
/test-integration I'm not sure how to re-run travis, maybe you can rebase? |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bfournie, dtantsur The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
@bfournie as Dmitry said you'll have to rebase this :/ |
Set the ironic conf setting `webserver_verify_ca` to a new WEBSERVER_CACERT_FILE env if defined, or set it the value of IRONIC_INSECURE if the cert is not defined. By default it will be set to True.
a9370eb
to
9f04f3d
Compare
/test-integration |
/lgtm |
Set the ironic conf setting
webserver_verify_ca
to Falseif IRONIC_INSECURE is True (to disable TLS validation) or set
it to path to CA_BUNDLE file if new IRONIC_CA_PATH env
variable is set.
By default it will be set to True.