Permit user to define protocol to access IPA
If a user has configured HTTPS in their environment, we should allow them to have the capacity to choose with the generated URLs, if they have not already overriden the values via the inventory. Change-Id: I3bfd233c20fe37519916a2ffb6bb5f49a6e7e62e
This commit is contained in:
parent
1d2076891f
commit
b2c9d301a2
@ -20,11 +20,18 @@ ci_testing: false
|
|||||||
network_interface: "virbr0"
|
network_interface: "virbr0"
|
||||||
ans_network_interface: "{{ network_interface | replace('-', '_') }}"
|
ans_network_interface: "{{ network_interface | replace('-', '_') }}"
|
||||||
|
|
||||||
|
# Normally this would setting would be http in a bifrost installation
|
||||||
|
# without TLS. This setting allows a user to override the setting in case
|
||||||
|
# the local webserver has been updated to support HTTPS.
|
||||||
|
# Note: Users wishing to leverage HTTPS should reference the iPXE
|
||||||
|
# documentation at http://ipxe.org/crypto
|
||||||
|
ipa_file_protocol: "http"
|
||||||
|
|
||||||
ipa_kernel: "{{http_boot_folder}}/ipa.vmlinuz"
|
ipa_kernel: "{{http_boot_folder}}/ipa.vmlinuz"
|
||||||
ipa_ramdisk: "{{http_boot_folder}}/ipa.initramfs"
|
ipa_ramdisk: "{{http_boot_folder}}/ipa.initramfs"
|
||||||
ipa_kernel_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz"
|
ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz"
|
||||||
ipa_kernel_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz
|
ipa_kernel_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz
|
||||||
ipa_ramdisk_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs"
|
ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs"
|
||||||
ipa_ramdisk_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz
|
ipa_ramdisk_upstream_url: http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz
|
||||||
deploy_image_filename: "deployment_image.qcow2"
|
deploy_image_filename: "deployment_image.qcow2"
|
||||||
deploy_image: "{{http_boot_folder}}/{{deploy_image_filename}}"
|
deploy_image: "{{http_boot_folder}}/{{deploy_image_filename}}"
|
||||||
|
@ -26,6 +26,13 @@ ipa_ramdisk: The ramdisk url, image id, or file representing the ramdisk
|
|||||||
image to utilize to deploy this node. This should be the ramdisk
|
image to utilize to deploy this node. This should be the ramdisk
|
||||||
used for the Ironic Python Agent.
|
used for the Ironic Python Agent.
|
||||||
|
|
||||||
|
ipa_file_protocol: The protocol to utilize to access IPA files. The default is
|
||||||
|
to utilize HTTP in generated HTTP URLs for bifrost, however
|
||||||
|
this setting allows a user to change that default if they
|
||||||
|
they have a modified local webserver configuration.
|
||||||
|
Do note, that a user wishing to utilize HTTPS may wish to
|
||||||
|
review the iPXE documentation: http://ipxe.org/crypto
|
||||||
|
|
||||||
This role expects a data structure similar to the one below, however it should
|
This role expects a data structure similar to the one below, however it should
|
||||||
be understood that the individual entries under power can vary based on power
|
be understood that the individual entries under power can vary based on power
|
||||||
driver required.
|
driver required.
|
||||||
|
@ -6,5 +6,12 @@ nginx_port: 8080
|
|||||||
network_interface: "virbr0"
|
network_interface: "virbr0"
|
||||||
ans_network_interface: "{{ network_interface | replace('-', '_') }}"
|
ans_network_interface: "{{ network_interface | replace('-', '_') }}"
|
||||||
|
|
||||||
ipa_kernel_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz"
|
# Normally this would setting would be http in a bifrost installation
|
||||||
ipa_ramdisk_url: "http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs"
|
# without TLS. This setting allows a user to override the setting in case
|
||||||
|
# the local webserver has been updated to support HTTPS.
|
||||||
|
# Note: Users wishing to leverage HTTPS should reference the iPXE
|
||||||
|
# documentation at http://ipxe.org/crypto
|
||||||
|
ipa_file_protocol: "http"
|
||||||
|
|
||||||
|
ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz"
|
||||||
|
ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs"
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Bifrost traditionally utilized a generated HTTP URL to
|
||||||
|
point ironic to the location of IPA, which is utilized
|
||||||
|
for the boot sequence of machines. A user may now override
|
||||||
|
that default and explicitly choose https if their
|
||||||
|
environment has been pre-configured such that HTTPS
|
||||||
|
support is in place.
|
Loading…
Reference in New Issue
Block a user