[devstack] block iPXE boot from HTTPS TempURLs
While generally supported by iPXE, in DevStack we do not have any facilities in place to boot iPXE from a HTTPS URL when the server is using a custom certificate. This is moslty concerning ability to boot iPXE directly from Swift's TempURL when SSL is enabled on Swift in DevStack. Just die with proper message when IRONIC_IPXE_USE_SWIFT and tls-proxy are both enabled. Change-Id: Ie0e01828f05b2706d310d8110e6e8dd8c4a03e4e
This commit is contained in:
Pavlo Shchelokovskyy
parent
486a6f961c
commit
3edeb4c4f3
@ -485,6 +485,12 @@ if [ $IRONIC_DEFAULT_BOOT_OPTION != 'netboot' ] && [ $IRONIC_DEFAULT_BOOT_OPTION
|
||||
die $LINENO "Supported values for IRONIC_DEFAULT_BOOT_OPTION are 'netboot' and 'local' only."
|
||||
fi
|
||||
|
||||
# TODO(pas-ha) find a way to (cross-)sign the custom CA bundle used by tls-proxy
|
||||
# with default iPXE cert - for reference see http://ipxe.org/crypto
|
||||
if [ $IRONIC_IPXE_USE_SWIFT == 'True' && is_service_enabled tls-proxy ]; then
|
||||
die $LINENO "Ironic in DevStack does not yet support booting iPXE from HTTPS URLs"
|
||||
fi
|
||||
|
||||
# Timeout for "manage" action. 2 minutes is more than enough.
|
||||
IRONIC_MANAGE_TIMEOUT=${IRONIC_MANAGE_TIMEOUT:-120}
|
||||
# Timeout for "provide" action. This involves cleaning. Generally, 15 minutes
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user