From b2c9d301a2fac0100ca59ec215aebe11313822fc Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Mon, 28 Dec 2015 08:56:07 -0500 Subject: [PATCH] Permit user to define protocol to access IPA If a user has configured HTTPS in their environment, we should allow them to have the capacity to choose with the generated URLs, if they have not already overriden the values via the inventory. Change-Id: I3bfd233c20fe37519916a2ffb6bb5f49a6e7e62e --- .../roles/bifrost-ironic-install/defaults/main.yml | 11 +++++++++-- playbooks/roles/ironic-enroll-dynamic/README.md | 7 +++++++ .../roles/ironic-enroll-dynamic/defaults/main.yml | 11 +++++++++-- .../generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml | 8 ++++++++ 4 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index d38274584..e78330e65 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -20,11 +20,18 @@ ci_testing: false network_interface: "virbr0" ans_network_interface: "{{ network_interface | replace('-', '_') }}" +# Normally this would setting would be http in a bifrost installation +# without TLS. This setting allows a user to override the setting in case +# the local webserver has been updated to support HTTPS. +# Note: Users wishing to leverage HTTPS should reference the iPXE +# documentation at http://ipxe.org/crypto +ipa_file_protocol: "http" + ipa_kernel: "{{http_boot_folder}}/ipa.vmlinuz" ipa_ramdisk: "{{http_boot_folder}}/ipa.initramfs" -ipa_kernel_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" +ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" ipa_kernel_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz -ipa_ramdisk_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" +ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" ipa_ramdisk_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz deploy_image_filename: "deployment_image.qcow2" deploy_image: "{{http_boot_folder}}/{{deploy_image_filename}}" diff --git a/playbooks/roles/ironic-enroll-dynamic/README.md b/playbooks/roles/ironic-enroll-dynamic/README.md index d95fbaf95..a9570f442 100644 --- a/playbooks/roles/ironic-enroll-dynamic/README.md +++ b/playbooks/roles/ironic-enroll-dynamic/README.md @@ -26,6 +26,13 @@ ipa_ramdisk: The ramdisk url, image id, or file representing the ramdisk image to utilize to deploy this node. This should be the ramdisk used for the Ironic Python Agent. +ipa_file_protocol: The protocol to utilize to access IPA files. The default is + to utilize HTTP in generated HTTP URLs for bifrost, however + this setting allows a user to change that default if they + they have a modified local webserver configuration. + Do note, that a user wishing to utilize HTTPS may wish to + review the iPXE documentation: http://ipxe.org/crypto + This role expects a data structure similar to the one below, however it should be understood that the individual entries under power can vary based on power driver required. diff --git a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml index fdaa3a983..445f7c90a 100644 --- a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml +++ b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml @@ -6,5 +6,12 @@ nginx_port: 8080 network_interface: "virbr0" ans_network_interface: "{{ network_interface | replace('-', '_') }}" -ipa_kernel_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" -ipa_ramdisk_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" +# Normally this would setting would be http in a bifrost installation +# without TLS. This setting allows a user to override the setting in case +# the local webserver has been updated to support HTTPS. +# Note: Users wishing to leverage HTTPS should reference the iPXE +# documentation at http://ipxe.org/crypto +ipa_file_protocol: "http" + +ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" +ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" diff --git a/releasenotes/notes/generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml b/releasenotes/notes/generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml new file mode 100644 index 000000000..7925479aa --- /dev/null +++ b/releasenotes/notes/generated-ipa-url-protocol-1a5a2bfc8e20db9b.yaml @@ -0,0 +1,8 @@ +--- +features: + - Bifrost traditionally utilized a generated HTTP URL to + point ironic to the location of IPA, which is utilized + for the boot sequence of machines. A user may now override + that default and explicitly choose https if their + environment has been pre-configured such that HTTPS + support is in place.