From e75626392b9d228d06e64ed1cfe37da9d2101838 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Wed, 17 Aug 2022 08:28:29 -0700 Subject: CI: anaconda: permit tls certificate validation bypass The stock anaconda template previously lacked any ability to indicate "don't validate the tls certificate". The capability for the installation to operate *without* requiring this to be the case is necessary for efficient and simple CI testing as injecting CA certificates is an overly complex interaction for CI testing. Also updates the overall anaconda documentation to indicate the constraint exists, but does not indicate explicitly how to disable the setting via ironic.conf. Change-Id: Ia8e4320cbedb205ab183af121da53562792a8faa --- doc/source/admin/anaconda-deploy-interface.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc') diff --git a/doc/source/admin/anaconda-deploy-interface.rst b/doc/source/admin/anaconda-deploy-interface.rst index 2c686506a..f48926668 100644 --- a/doc/source/admin/anaconda-deploy-interface.rst +++ b/doc/source/admin/anaconda-deploy-interface.rst @@ -277,5 +277,10 @@ Limitations This deploy interface has only been tested with Red Hat based operating systems that use anaconda. Other systems are not supported. +Runtime TLS certifiate injection into ramdisks is not supported. Assets such +as ``ramdisk`` or a ``stage2`` ramdisk image need to have trusted Certificate +Authority certificates present within the images *or* the Ironic API endpoint +utilized should utilize a known trusted Certificate Authority. + .. _`anaconda`: https://fedoraproject.org/wiki/Anaconda .. _`ks.cfg.template`: https://opendev.org/openstack/ironic/src/branch/master/ironic/drivers/modules/ks.cfg.template -- cgit v1.2.1