Commit Graph

5 Commits

Author SHA1 Message Date
Jay Faulkner
0cc5ba8d72 Advertise HTTPS in IPA ramdisk without Ironic assist
Before this change, Ironic was required to send
`ipa-advertise-protocol=https` with pxe parameters to make this
code work.

Instead, ensure we *always* advertise https, via static ramdisk
configuration, when TLS is enabled.

Change-Id: I1c0bc85aefe592a2a614f60112a8982e0f03fcf7
2020-09-18 09:36:56 -07:00
Jay Faulkner
69e41ff761 Fix typo in spelling of "finalise", breaking build
Without this spelled properly, DIB does not run the pre
finalization script, rendering the feature nonfunctional.

Change-Id: Ided93ad85f6a71c2b7679a329404a575b9d90d61
2020-09-16 11:34:34 -07:00
Jay Faulkner
841ef669e1 Fix cacert path for TLS element
agent.cacert.pem is copied into /etc/ironic-python-agent.d, not
/etc/ironic-python-agent

Change to using a variable for that path, so it can't happen again

Change-Id: I530a97bab0883f875fd5103846ebc4dd356d5c5b
2020-09-11 09:13:09 -07:00
Jay Faulkner
da78fa099f Followups for TLS support
- Fixed a syntax error, and an ordering issue in DIB TLS element
- Removed unneeded deps, since openssl runs on build machine now

Change-Id: Idcdaefdb3aa80fd651ca6de35d18d3581ffe5116
2020-09-09 15:55:02 -07:00
Jay Faulkner
79715dd750 Add element to configure IPA with TLS, use configdir
First, this change preconfigures IPA to use a configdir. This will
permit deployers to add or modify IPA configuration in elements.
This change was a prerequisite to adding additional DIB elements
which require configuration.

Additionally, this adds a DIB element to configure TLS support for
IPA's API. If added to a ramdisk build with no configuration, it
will create a self-signed certificate and configure IPA to use it.
It also exposes various environment variables to allow deployers
to use preexisting certificates or CA files.

Change-Id: Ibf88937766fa32f72b90ca81f9e8fba3515b6e33
2020-09-08 20:40:19 +00:00