OCPEDGE-1891: Add redfish_verify_ca support #1757
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Hi @slintes. Thanks for your PR. I'm waiting for a openshift-metal3 member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
openshift-ci
bot
added
the
needs-ok-to-test
slintes
force-pushed
the
ssl
branch
2 times, most recently
from
8625810 to
eb5b2bf
Compare
|
rebased on top of #1751 for easier testing |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
With the updated version of metal3-dev-env, the redfish endpoint will be TLS secured, with a self signed certificate. This will be indicated by the https protocol in the redfish address, and a redfish_verify_ca field set to False. We need to configure BMHs with disableCertificateVerification = true in this case. Signed-off-by: Marc Sluiter <[email protected]>
|
Rebased on master and ready for review. Tested successfully with a TNF cluster with fence_redfish setup 🙂 |
|
/ok-to-test |
openshift-ci
bot
added
ok-to-test
|
/retest |
slintes
changed the title
This is a follow up to metal3-io/metal3-dev-env#1528
For TNF we need to have a SSL secured redfish endpoint. The PR mentioned above adds support for creation of private key and certificate, configuration of sushy, and configuration of ironic's redfish driver.
This PR adds setting certificate verification for the BMH, based on the redfish_verify_ca option in ironic nodes json.