From ce19e504ddc0c836fcb1d4431e8216eabf393c1f Mon Sep 17 00:00:00 2001 From: Shivanand Tendulker Date: Wed, 6 Jul 2016 21:26:33 -0700 Subject: [PATCH] Documentation fixes for iLO SSL Certificate feature This commit updates documentation related to validation of iLO SSL certificate by iLO drivers. Change-Id: Ia06aae7a288451577b14629a8ada9223d3f681a5 Closes-Bug: #1599710 --- doc/source/drivers/ilo.rst | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/doc/source/drivers/ilo.rst b/doc/source/drivers/ilo.rst index bf410642c3..2d77a53a23 100644 --- a/doc/source/drivers/ilo.rst +++ b/doc/source/drivers/ilo.rst @@ -289,7 +289,7 @@ Nodes configured for iLO driver should have the ``driver`` property set to - ``ilo_username``: Username for the iLO with administrator privileges. - ``ilo_password``: Password for the above iLO user. - ``ilo_deploy_iso``: The glance UUID of the deploy ramdisk ISO image. -- ``ilo_ca_file``: (optional) CA certificate file to validate iLO. +- ``ca_file``: (optional) CA certificate file to validate iLO. - ``client_port``: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. - ``client_timeout``: (optional) Timeout for iLO operations. Default timeout @@ -297,6 +297,14 @@ Nodes configured for iLO driver should have the ``driver`` property set to - ``console_port``: (optional) Node's UDP port for console access. Any unused port on the ironic conductor node may be used. +.. note:: + To update SSL certificates into iLO, you can refer to `HPE Integrated + Lights-Out Security Technology Brief `_. + You can use iLO hostname or IP address as a 'Common Name (CN)' while + generating Certificate Signing Request (CSR). Use the same value as + `ilo_address` while enrolling node to Bare Metal service to avoid SSL + certificate validation errors related to hostname mismatch. + For example, you could run a similar command like below to enroll the ProLiant node:: @@ -427,7 +435,7 @@ Nodes configured for iLO driver should have the ``driver`` property set to - ``ilo_username``: Username for the iLO with administrator privileges. - ``ilo_password``: Password for the above iLO user. - ``ilo_deploy_iso``: The glance UUID of the deploy ramdisk ISO image. -- ``ilo_ca_file``: (optional) CA certificate file to validate iLO. +- ``ca_file``: (optional) CA certificate file to validate iLO. - ``client_port``: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. - ``client_timeout``: (optional) Timeout for iLO operations. Default timeout @@ -435,6 +443,14 @@ Nodes configured for iLO driver should have the ``driver`` property set to - ``console_port``: (optional) Node's UDP port for console access. Any unused port on the ironic conductor node may be used. +.. note:: + To update SSL certificates into iLO, you can refer to `HPE Integrated + Lights-Out Security Technology Brief `_. + You can use iLO hostname or IP address as a 'Common Name (CN)' while + generating Certificate Signing Request (CSR). Use the same value as + `ilo_address` while enrolling node to Bare Metal service to avoid SSL + certificate validation errors related to hostname mismatch. + For example, you could run a similar command like below to enroll the ProLiant node:: @@ -547,7 +563,7 @@ Nodes configured for iLO driver should have the ``driver`` property set to - ``ilo_password``: Password for the above iLO user. - ``deploy_kernel``: The glance UUID of the deployment kernel. - ``deploy_ramdisk``: The glance UUID of the deployment ramdisk. -- ``ilo_ca_file``: (optional) CA certificate file to validate iLO. +- ``ca_file``: (optional) CA certificate file to validate iLO. - ``client_port``: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. - ``client_timeout``: (optional) Timeout for iLO operations. Default timeout @@ -555,6 +571,14 @@ Nodes configured for iLO driver should have the ``driver`` property set to - ``console_port``: (optional) Node's UDP port for console access. Any unused port on the ironic conductor node may be used. +.. note:: + To update SSL certificates into iLO, you can refer to `HPE Integrated + Lights-Out Security Technology Brief `_. + You can use iLO hostname or IP address as a 'Common Name (CN)' while + generating Certificate Signing Request (CSR). Use the same value as + `ilo_address` while enrolling node to Bare Metal service to avoid SSL + certificate validation errors related to hostname mismatch. + For example, you could run a similar command like below to enroll the ProLiant node::