diff options
| author | Zuul <zuul@review.opendev.org> | 2020-12-19 22:14:12 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2020-12-19 22:14:12 +0000 |
| commit | 6c9e28dd505a19d405b5ab75500cde555b4aca8d (patch) | |
| tree | 61638fbbe50830325de067405497139a319a6079 /devstack | |
| parent | f11f330d00ff5dbd64bbfc74b0fe60b947241fb1 (diff) | |
| parent | 628109f9601cd8e6e8f3e0185d3f0bedf2cf9200 (diff) | |
| download | ironic-6c9e28dd505a19d405b5ab75500cde555b4aca8d.tar.gz | |
Merge "Inject TLS certificate when using virtual media"16.1.0
Diffstat (limited to 'devstack')
| -rw-r--r-- | devstack/lib/ironic | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/devstack/lib/ironic b/devstack/lib/ironic index a53cc6824..d1c98f597 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -1703,12 +1703,14 @@ function configure_ironic_conductor { local kernel_append_params="nofb nomodeset console=${IRONIC_TTY_DEV}" kernel_append_params+=" systemd.journald.forward_to_console=yes" - if is_service_enabled tls-proxy; then - kernel_append_params+=" ipa-insecure=1" - fi - if [[ -n "kernel_append_params" ]]; then - iniset $IRONIC_CONF_FILE redfish kernel_append_params "$kernel_append_params" + # NOTE(dtantsur): avoid setting ipa-insecure for redfish, we have a way to + # pass the TLS certificate. + iniset $IRONIC_CONF_FILE redfish kernel_append_params "$kernel_append_params" + + if is_service_enabled tls-proxy; then + deploy_int_CA "$IRONIC_STATE_PATH/ironic-ca.pem" + iniset $IRONIC_CONF_FILE agent api_ca_file "$IRONIC_STATE_PATH/ironic-ca.pem" fi # Set these options for scenarios in which the agent fetches the image |