openstack/ironic
Code Issues Proposed changes

Merge "Documentation fixes for iLO SSL Certificate feature"

Browse Source
This commit is contained in:
Jenkins
2016-08-10 00:16:22 +00:00
committed by Gerrit Code Review
parent a6ca676fee ce19e504dd
commit bb4933922e
1 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
doc/source/drivers/ilo.rst
View File

@@ -289,7 +289,7 @@ Nodes configured for iLO driver should have the ``driver`` property set to
- ``ilo_username``: Username for the iLO with administrator privileges.
- ``ilo_password``: Password for the above iLO user.
- ``ilo_deploy_iso``: The glance UUID of the deploy ramdisk ISO image.
- ``ilo_ca_file``: (optional) CA certificate file to validate iLO.
- ``ca_file``: (optional) CA certificate file to validate iLO.
- ``client_port``: (optional) Port to be used for iLO operations if you are
using a custom port on the iLO. Default port used is 443.
- ``client_timeout``: (optional) Timeout for iLO operations. Default timeout
@@ -297,6 +297,14 @@ Nodes configured for iLO driver should have the ``driver`` property set to
- ``console_port``: (optional) Node's UDP port for console access. Any unused
port on the ironic conductor node may be used.
.. note::
To update SSL certificates into iLO, you can refer to `HPE Integrated
Lights-Out Security Technology Brief <http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=c04530504>`_.
You can use iLO hostname or IP address as a 'Common Name (CN)' while
generating Certificate Signing Request (CSR). Use the same value as
`ilo_address` while enrolling node to Bare Metal service to avoid SSL
certificate validation errors related to hostname mismatch.
For example, you could run a similar command like below to enroll the ProLiant
node::
@@ -427,7 +435,7 @@ Nodes configured for iLO driver should have the ``driver`` property set to
- ``ilo_username``: Username for the iLO with administrator privileges.
- ``ilo_password``: Password for the above iLO user.
- ``ilo_deploy_iso``: The glance UUID of the deploy ramdisk ISO image.
- ``ilo_ca_file``: (optional) CA certificate file to validate iLO.
- ``ca_file``: (optional) CA certificate file to validate iLO.
- ``client_port``: (optional) Port to be used for iLO operations if you are
using a custom port on the iLO. Default port used is 443.
- ``client_timeout``: (optional) Timeout for iLO operations. Default timeout
@@ -435,6 +443,14 @@ Nodes configured for iLO driver should have the ``driver`` property set to
- ``console_port``: (optional) Node's UDP port for console access. Any unused
port on the ironic conductor node may be used.
.. note::
To update SSL certificates into iLO, you can refer to `HPE Integrated
Lights-Out Security Technology Brief <http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=c04530504>`_.
You can use iLO hostname or IP address as a 'Common Name (CN)' while
generating Certificate Signing Request (CSR). Use the same value as
`ilo_address` while enrolling node to Bare Metal service to avoid SSL
certificate validation errors related to hostname mismatch.
For example, you could run a similar command like below to enroll the ProLiant
node::
@@ -547,7 +563,7 @@ Nodes configured for iLO driver should have the ``driver`` property set to
- ``ilo_password``: Password for the above iLO user.
- ``deploy_kernel``: The glance UUID of the deployment kernel.
- ``deploy_ramdisk``: The glance UUID of the deployment ramdisk.
- ``ilo_ca_file``: (optional) CA certificate file to validate iLO.
- ``ca_file``: (optional) CA certificate file to validate iLO.
- ``client_port``: (optional) Port to be used for iLO operations if you are
using a custom port on the iLO. Default port used is 443.
- ``client_timeout``: (optional) Timeout for iLO operations. Default timeout
@@ -555,6 +571,14 @@ Nodes configured for iLO driver should have the ``driver`` property set to
- ``console_port``: (optional) Node's UDP port for console access. Any unused
port on the ironic conductor node may be used.
.. note::
To update SSL certificates into iLO, you can refer to `HPE Integrated
Lights-Out Security Technology Brief <http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=c04530504>`_.
You can use iLO hostname or IP address as a 'Common Name (CN)' while
generating Certificate Signing Request (CSR). Use the same value as
`ilo_address` while enrolling node to Bare Metal service to avoid SSL
certificate validation errors related to hostname mismatch.
For example, you could run a similar command like below to enroll the ProLiant
node::