32a82ea039
* Switch from python-ironic-inspector-client to openstacksdk in ironic-inspector-rules. This allows us to use clouds.yaml to provide credentials. * Enable authentication in Bifrost. Passwords are auto-generated by Bifrost, and stored files in /root/.config/bifrost/. This change depends on a Kolla Ansible patch that ensures that these credentials are persisted between recreations of the bifrost container. * Copy clouds.yaml and (if present) a CA certificate from the Bifrost container to the seed host, under the Kayobe Ansible user (stack). This allows us to use the credentials to register introspection rules. * This patch is needed by a Kolla Ansible patch that enables TLS in Bifrost, since we need the CA certificate on the host to register introspection rules when TLS is enabled. Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/851837 Needed-By: https://review.opendev.org/c/openstack/kolla-ansible/+/851838 Story: 2010206 Task: 45930 Change-Id: I757f1bb72afb01a4f1689bed292f5b71b9048fa0
10 lines
314 B
YAML
10 lines
314 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds support for copying the Bifrost ``clouds.yaml`` file and optionally a
|
|
TLS CA certificate from the Bifrost container to the seed host. This makes
|
|
it possible to enable authentication and TLS for Bifrost services.
|
|
upgrade:
|
|
- |
|
|
Enables authentication by default in Bifrost.
|