Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set webserver_verify_ca to bool or certificate path #258

Merged
merged 1 commit into from
May 18, 2021
Merged

Set webserver_verify_ca to bool or certificate path #258

merged 1 commit into from
May 18, 2021

Conversation

bfournie
Copy link
Member

Set the ironic conf setting webserver_verify_ca to False
if IRONIC_INSECURE is True (to disable TLS validation) or set
it to path to CA_BUNDLE file if new IRONIC_CA_PATH env
variable is set.

By default it will be set to True.

dtantsur
dtantsur requested changes Apr 29, 2021
View reviewed changes
Copy link
Member

@dtantsur dtantsur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IRONIC_CA_PATH is a CA that ironic services use, it does not necessarily match the CA that the images use (and it's not the case in OpenShift). We need a new option, and we need it to have a higher priority than IRONIC_INSECURE (which is always True for OpenShift).

@bfournie
Copy link
Member Author

IRONIC_CA_PATH is a CA that ironic services use, it does not necessarily match the CA that the images use (and it's not the case in OpenShift). We need a new option, and we need it to have a higher priority than IRONIC_INSECURE (which is always True for OpenShift).

IRONIC_CA_PATH is a new option, unfortunately the name is bit too similar to the existing one - IRONIC_CACERT_FILE. I'll change the name to make it clearer and move the check before INSECURE

dtantsur
dtantsur approved these changes Apr 29, 2021
View reviewed changes
Copy link
Member

@dtantsur dtantsur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

ironic-config/ironic.conf.j2 Outdated Show resolved Hide resolved
@bfournie
Copy link
Member Author

bfournie commented May 4, 2021

/test-integration

@dtantsur
Copy link
Member

dtantsur commented May 5, 2021

/test-integration

I'm not sure how to re-run travis, maybe you can rebase?

@metal3-io-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bfournie, dtantsur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 5, 2021
@elfosardo
Copy link
Member

/retest

@elfosardo
Copy link
Member

@bfournie as Dmitry said you'll have to rebase this :/

@bfournie
Set webserver_verify_ca to bool or certificate path
9f04f3d 
Set the ironic conf setting `webserver_verify_ca` to a
new WEBSERVER_CACERT_FILE env if defined, or set it
the value of IRONIC_INSECURE if the cert is not defined.

By default it will be set to True.
@metal3-io-bot metal3-io-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 11, 2021
@dtantsur
Copy link
Member

/test-integration

@elfosardo
Copy link
Member

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label May 18, 2021
@metal3-io-bot metal3-io-bot merged commit 7af7bc2 into metal3-io:master May 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dtantsur dtantsur dtantsur approved these changes

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bfournie @dtantsur @metal3-io-bot @elfosardo