Before this change, Ironic was required to send
`ipa-advertise-protocol=https` with pxe parameters to make this
code work.
Instead, ensure we *always* advertise https, via static ramdisk
configuration, when TLS is enabled.
Change-Id: I1c0bc85aefe592a2a614f60112a8982e0f03fcf7
Without this spelled properly, DIB does not run the pre
finalization script, rendering the feature nonfunctional.
Change-Id: Ided93ad85f6a71c2b7679a329404a575b9d90d61
agent.cacert.pem is copied into /etc/ironic-python-agent.d, not
/etc/ironic-python-agent
Change to using a variable for that path, so it can't happen again
Change-Id: I530a97bab0883f875fd5103846ebc4dd356d5c5b
- Fixed a syntax error, and an ordering issue in DIB TLS element
- Removed unneeded deps, since openssl runs on build machine now
Change-Id: Idcdaefdb3aa80fd651ca6de35d18d3581ffe5116
First, this change preconfigures IPA to use a configdir. This will
permit deployers to add or modify IPA configuration in elements.
This change was a prerequisite to adding additional DIB elements
which require configuration.
Additionally, this adds a DIB element to configure TLS support for
IPA's API. If added to a ramdisk build with no configuration, it
will create a self-signed certificate and configure IPA to use it.
It also exposes various environment variables to allow deployers
to use preexisting certificates or CA files.
Change-Id: Ibf88937766fa32f72b90ca81f9e8fba3515b6e33