diff --git a/etc/ironic/ironic.conf.sample b/etc/ironic/ironic.conf.sample index ab0d663541..cb4ec914dc 100644 --- a/etc/ironic/ironic.conf.sample +++ b/etc/ironic/ironic.conf.sample @@ -712,7 +712,8 @@ #heartbeat_interval = 10 # URL of Ironic API service. If not set ironic can get the -# current value from the keystone service catalog. (string +# current value from the keystone service catalog. If set, the +# value must start with either http:// or https://. (string # value) #api_url = @@ -2300,6 +2301,11 @@ # Minimum value: 5 #default_notify_timeout = 30 +# The duration to schedule a purge of idle sender links. +# Detach link after expiry. (integer value) +# Minimum value: 1 +#default_sender_link_timeout = 600 + # Indicates the addressing mode used by the driver. # Permitted values: # 'legacy' - use legacy non-routable addressing diff --git a/ironic/conf/conductor.py b/ironic/conf/conductor.py index 9ccad33e39..5eeee0f1e9 100644 --- a/ironic/conf/conductor.py +++ b/ironic/conf/conductor.py @@ -29,9 +29,11 @@ opts = [ default=10, help=_('Seconds between conductor heart beats.')), cfg.StrOpt('api_url', + regex='^http(s?):\/\/.+', help=_('URL of Ironic API service. If not set ironic can ' 'get the current value from the keystone service ' - 'catalog.')), + 'catalog. If set, the value must start with either ' + 'http:// or https://.')), cfg.IntOpt('heartbeat_timeout', default=60, help=_('Maximum time (in seconds) since the last check-in ' diff --git a/ironic/tests/unit/drivers/modules/test_deploy_utils.py b/ironic/tests/unit/drivers/modules/test_deploy_utils.py index bc50db6a79..f3c5a4abdb 100644 --- a/ironic/tests/unit/drivers/modules/test_deploy_utils.py +++ b/ironic/tests/unit/drivers/modules/test_deploy_utils.py @@ -1588,19 +1588,19 @@ class AgentMethodsTestCase(db_base.DbTestCase): self._test_tear_down_inband_cleaning(manage_boot=False) def test_build_agent_options_conf(self): - self.config(api_url='api-url', group='conductor') + self.config(api_url='https://api-url', group='conductor') options = utils.build_agent_options(self.node) - self.assertEqual('api-url', options['ipa-api-url']) + self.assertEqual('https://api-url', options['ipa-api-url']) self.assertEqual(0, options['coreos.configdrive']) @mock.patch.object(utils, '_get_ironic_session') def test_build_agent_options_keystone(self, session_mock): self.config(api_url=None, group='conductor') sess = mock.Mock() - sess.get_endpoint.return_value = 'api-url' + sess.get_endpoint.return_value = 'https://api-url' session_mock.return_value = sess options = utils.build_agent_options(self.node) - self.assertEqual('api-url', options['ipa-api-url']) + self.assertEqual('https://api-url', options['ipa-api-url']) self.assertEqual(0, options['coreos.configdrive']) diff --git a/releasenotes/notes/check_protocol_for_ironic_api-32f35c93a140d3ae.yaml b/releasenotes/notes/check_protocol_for_ironic_api-32f35c93a140d3ae.yaml new file mode 100644 index 0000000000..4c9f6e4c7d --- /dev/null +++ b/releasenotes/notes/check_protocol_for_ironic_api-32f35c93a140d3ae.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - Accepting ``[conductor]/api_url`` value specified in the configuration + file that does not start with either ``https://`` or ``http://``. + Such value leads to deployment failure on ironic-python-agent side. + This misconfiguration will be detected during ironic-conductor + and ironic-api start. An exception will be raised and an error about + the invalid value will be logged.