From 3d65a160d93558a33c36b74deb4e92ec4a6d94bb Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 6 Jul 2022 15:06:16 +0100 Subject: [PATCH] inspector: Prevent use of noauth in multi-region setup In a multi-region environment without a local keystone, we should still use authentication. Change-Id: I9df0ddf6e0d56f0817256b07ae0a0a7021209663 --- ansible/roles/ironic/templates/ironic-inspector.conf.j2 | 2 +- .../notes/fix-inspector-noauth-34fd5a2019591ce7.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/fix-inspector-noauth-34fd5a2019591ce7.yaml diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index fa88d71396..7675784efa 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -2,7 +2,7 @@ debug = {{ ironic_logging_debug }} log_dir = /var/log/kolla/ironic-inspector -{% if not enable_keystone | bool %} +{% if not ironic_enable_keystone_integration | bool %} auth_strategy = noauth {% endif %} listen_address = {{ api_interface_address }} diff --git a/releasenotes/notes/fix-inspector-noauth-34fd5a2019591ce7.yaml b/releasenotes/notes/fix-inspector-noauth-34fd5a2019591ce7.yaml new file mode 100644 index 0000000000..bf12094cb0 --- /dev/null +++ b/releasenotes/notes/fix-inspector-noauth-34fd5a2019591ce7.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue where Ironic Inspector could be configured without + authentication in a multi-region environment in a region without a local + Keystone service.