OCPEDGE-1891: Add redfish_verify_ca support #1757
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Hi @slintes. Thanks for your PR. I'm waiting for a openshift-metal3 member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
openshift-ci
bot
added
the
needs-ok-to-test
slintes
force-pushed
the
ssl
branch
2 times, most recently
from
8625810 to
eb5b2bf
Compare
|
rebased on top of #1751 for easier testing |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
With the updated version of metal3-dev-env, the redfish endpoint will be TLS secured, with a self signed certificate. This will be indicated by the https protocol in the redfish address, and a redfish_verify_ca field set to False. We need to configure BMHs with disableCertificateVerification = true in this case. Signed-off-by: Marc Sluiter <[email protected]>
|
Rebased on master and ready for review. Tested successfully with a TNF cluster with fence_redfish setup 🙂 |
|
/ok-to-test |
openshift-ci
bot
added
ok-to-test
|
/retest |
slintes
changed the title
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dtantsur The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest |
openshift-merge-bot
bot
merged commit 657f2f5
into
openshift-metal3:master
This is required after merging openshift-metal3/dev-scripts#1757
This is required after merging openshift-metal3/dev-scripts#1757
This is required after merging openshift-metal3/dev-scripts#1757
…6230) * Gather BareMetalHost and InfraEnv on both error and success * Use disableCertificateVerification: true in BareMetalHost This is required after merging openshift-metal3/dev-scripts#1757 * Catch SIGTERM properly
|
Note that this line https://github.com/openshift-metal3/dev-scripts/pull/1757/files#diff-c5e795042845913905126f98aa1813bf9b03fab8f94b38a39ea52b91be930000R84 has broken the agent-based installer when using BMC configuration, i.e. when It causes the generated install-config.yaml to have improper formatting |
PR openshift-metal3#1757 introduced a formatting problem when using the agent-based installer with BMC configuration.
PR #1757 introduced a formatting problem when using the agent-based installer with BMC configuration.
…enshift#66230) * Gather BareMetalHost and InfraEnv on both error and success * Use disableCertificateVerification: true in BareMetalHost This is required after merging openshift-metal3/dev-scripts#1757 * Catch SIGTERM properly
This is a follow up to metal3-io/metal3-dev-env#1528
For TNF we need to have a SSL secured redfish endpoint. The PR mentioned above adds support for creation of private key and certificate, configuration of sushy, and configuration of ironic's redfish driver.
This PR adds setting certificate verification for the BMH, based on the redfish_verify_ca option in ironic nodes json.