-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update the inspector endpoint to port 5049 when using the reverse proxy #277
Update the inspector endpoint to port 5049 when using the reverse proxy #277
Conversation
/assign @dtantsur |
/test-centos-integration |
I think we don't need, as reverse proxy(5050) will communicate with ironic-inspector(5049), in that case when metal3 or bmo call ironic-inspector the communication goes via reverse proxy(5050). |
@kashifest Moshiur is right, we don't need to change anywhere else. |
/lgtm |
Will this work if reverse proxy is not used? |
Good question. Now it doesn't work if the reverse proxy is not used. I will update the PR to make it work. |
@dtantsur I plan to open another PR to make it works with the reverse proxy soon since there is a couple of things needed to be done there. This PR is more like a bug fix because now the ironic-inspector and the reverse proxy are trying to open the same port 5050, so occasionally ironic-inspector crashes and the CI test fails. How do you think? |
I mean, you're pretty much breaking the non-proxied case, no? We cannot fix bugs by introducing more bugs. Maybe we're ready to drop the non-proxied case - then we should do it explicitly. |
/test-integration |
c6bcfa9
to
43f098b
Compare
43f098b
to
108e608
Compare
/test-integration |
I think we should support the non-proxy case since someone may not want to use it. I have pushed another commit to this PR to solve the problem with non-proxy case. Since there are two different problems solved by this PR, I guess we should have two commits. I will update the description of the Pr. Please take a look again. Thanks. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dtantsur The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
Bug 2088319: Backport weak eTag handling fix to OpenShift 4.9
When using httpd as the reverse proxy for ironic inspector, the httpd server will listen at 5050, and forward the traffic to port 5049. For that reason, we need to set the ironic inspector endpoint to this port. Otherwise, the traffic between ironic inspector and other components are not encrypted.
Also, this PR solves a problem with non-proxy case. Currently, if TLS is enabled, but we don't use the reverse proxy, it can cause problem. This PR solves that.