openstack/ironic
Code Issues Proposed changes

Merge "ironic-standalone, use http basic auth for json-rpc"

Browse Source
This commit is contained in:
Zuul 2020-07-02 12:12:30 +00:00 committed by Gerrit Code Review
commit ab358e0b10
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
devstack/lib/ironic
View File

@ -353,6 +353,11 @@ IRONIC_HTTP_PORT=${IRONIC_HTTP_PORT:-3928}
IRONIC_RPC_TRANSPORT=${IRONIC_RPC_TRANSPORT:-oslo} IRONIC_RPC_TRANSPORT=${IRONIC_RPC_TRANSPORT:-oslo}
IRONIC_JSON_RPC_PORT=${IRONIC_JSON_RPC_PORT:-8089} IRONIC_JSON_RPC_PORT=${IRONIC_JSON_RPC_PORT:-8089}
# The authentication strategy used by json-rpc. Valid values are:
# keystone, http_basic, noauth, or no value to inherit from ironic-api
# auth strategy.
IRONIC_JSON_RPC_AUTH_STRATEGY=${IRONIC_JSON_RPC_AUTH_STRATEGY:-}
# The first port in the range to bind the Virtual BMCs. The number of # The first port in the range to bind the Virtual BMCs. The number of
# ports that will be used depends on $IRONIC_VM_COUNT variable, e.g if # ports that will be used depends on $IRONIC_VM_COUNT variable, e.g if
# $IRONIC_VM_COUNT=3 the ports 6230, 6231 and 6232 will be used for the # $IRONIC_VM_COUNT=3 the ports 6230, 6231 and 6232 will be used for the
@ -387,7 +392,7 @@ LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"}
LIBVIRT_STORAGE_POOL_PATH=${LIBVIRT_STORAGE_POOL_PATH:-/var/lib/libvirt/images} LIBVIRT_STORAGE_POOL_PATH=${LIBVIRT_STORAGE_POOL_PATH:-/var/lib/libvirt/images}
# The authentication strategy used by ironic-api. Valid values are: # The authentication strategy used by ironic-api. Valid values are:
# keystone and noauth. # keystone, http_basic, noauth.
IRONIC_AUTH_STRATEGY=${IRONIC_AUTH_STRATEGY:-keystone} IRONIC_AUTH_STRATEGY=${IRONIC_AUTH_STRATEGY:-keystone}
# By default, terminal SSL certificate is disabled. # By default, terminal SSL certificate is disabled.
@ -1397,6 +1402,13 @@ function configure_ironic {
# Configure JSON RPC backend # Configure JSON RPC backend
iniset $IRONIC_CONF_FILE DEFAULT rpc_transport $IRONIC_RPC_TRANSPORT iniset $IRONIC_CONF_FILE DEFAULT rpc_transport $IRONIC_RPC_TRANSPORT
iniset $IRONIC_CONF_FILE json_rpc port $IRONIC_JSON_RPC_PORT iniset $IRONIC_CONF_FILE json_rpc port $IRONIC_JSON_RPC_PORT
if [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" != "" ]]; then
iniset $IRONIC_CONF_FILE json_rpc auth_strategy $IRONIC_JSON_RPC_AUTH_STRATEGY
fi
iniset $IRONIC_CONF_FILE json_rpc http_basic_username myName
iniset $IRONIC_CONF_FILE json_rpc http_basic_password myPassword
# json-rpc auth file with bcrypt hash of myPassword
echo 'myName:$2y$05$lE3eGtyj41jZwrzS87KTqe6.JETVCWBkc32C63UP2aYrGoYOEpbJm' > /etc/ironic/htpasswd-json-rpc
# Set fast track options # Set fast track options
iniset $IRONIC_CONF_FILE deploy fast_track $IRONIC_DEPLOY_FAST_TRACK iniset $IRONIC_CONF_FILE deploy fast_track $IRONIC_DEPLOY_FAST_TRACK

1
zuul.d/ironic-jobs.yaml
View File

@ -117,6 +117,7 @@
IRONIC_DEFAULT_RESCUE_INTERFACE: agent IRONIC_DEFAULT_RESCUE_INTERFACE: agent
IRONIC_ENABLED_DEPLOY_INTERFACES: "iscsi,direct" IRONIC_ENABLED_DEPLOY_INTERFACES: "iscsi,direct"
IRONIC_ENABLED_RESCUE_INTERFACES: "fake,agent,no-rescue" IRONIC_ENABLED_RESCUE_INTERFACES: "fake,agent,no-rescue"
IRONIC_JSON_RPC_AUTH_STRATEGY: 'http_basic'
IRONIC_RAMDISK_TYPE: tinyipa IRONIC_RAMDISK_TYPE: tinyipa
IRONIC_RPC_TRANSPORT: json-rpc IRONIC_RPC_TRANSPORT: json-rpc
IRONIC_VM_SPECS_RAM: 384 IRONIC_VM_SPECS_RAM: 384