diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index d38274584..e78330e65 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -20,11 +20,18 @@ ci_testing: false network_interface: "virbr0" ans_network_interface: "{{ network_interface | replace('-', '_') }}" +# Normally this would setting would be http in a bifrost installation +# without TLS. This setting allows a user to override the setting in case +# the local webserver has been updated to support HTTPS. +# Note: Users wishing to leverage HTTPS should reference the iPXE +# documentation at http://ipxe.org/crypto +ipa_file_protocol: "http" + ipa_kernel: "{{http_boot_folder}}/ipa.vmlinuz" ipa_ramdisk: "{{http_boot_folder}}/ipa.initramfs" -ipa_kernel_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" +ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" ipa_kernel_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz -ipa_ramdisk_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" +ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" ipa_ramdisk_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz deploy_image_filename: "deployment_image.qcow2" deploy_image: "{{http_boot_folder}}/{{deploy_image_filename}}" diff --git a/playbooks/roles/ironic-enroll-dynamic/README.md b/playbooks/roles/ironic-enroll-dynamic/README.md index d95fbaf95..a9570f442 100644 --- a/playbooks/roles/ironic-enroll-dynamic/README.md +++ b/playbooks/roles/ironic-enroll-dynamic/README.md @@ -26,6 +26,13 @@ ipa_ramdisk: The ramdisk url, image id, or file representing the ramdisk image to utilize to deploy this node. This should be the ramdisk used for the Ironic Python Agent. +ipa_file_protocol: The protocol to utilize to access IPA files. The default is + to utilize HTTP in generated HTTP URLs for bifrost, however + this setting allows a user to change that default if they + they have a modified local webserver configuration. + Do note, that a user wishing to utilize HTTPS may wish to + review the iPXE documentation: http://ipxe.org/crypto + This role expects a data structure similar to the one below, however it should be understood that the individual entries under power can vary based on power driver required. diff --git a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml index fdaa3a983..445f7c90a 100644 --- a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml +++ b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml @@ -6,5 +6,12 @@ nginx_port: 8080 network_interface: "virbr0" ans_network_interface: "{{ network_interface | replace('-', '_') }}" -ipa_kernel_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" -ipa_ramdisk_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" +# Normally this would setting would be http in a bifrost installation +# without TLS. This setting allows a user to override the setting in case +# the local webserver has been updated to support HTTPS. +# Note: Users wishing to leverage HTTPS should reference the iPXE +# documentation at http://ipxe.org/crypto +ipa_file_protocol: "http" + +ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" +ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" diff --git a/releasenotes/notes/generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml b/releasenotes/notes/generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml new file mode 100644 index 000000000..7925479aa --- /dev/null +++ b/releasenotes/notes/generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml @@ -0,0 +1,8 @@ +--- +features: + - Bifrost traditionally utilized a generated HTTP URL to + point ironic to the location of IPA, which is utilized + for the boot sequence of machines. A user may now override + that default and explicitly choose https if their + environment has been pre-configured such that HTTPS + support is in place.