openstack
/
ironic
Code Issues Proposed changes

[devstack] block iPXE boot from HTTPS TempURLs 

While generally supported by iPXE, in DevStack we do not have any
facilities in place to boot iPXE from a HTTPS URL when the server is
using a custom certificate.
This is moslty concerning ability to boot iPXE directly from Swift's
TempURL when SSL is enabled on Swift in DevStack.

Just die with proper message when IRONIC_IPXE_USE_SWIFT and tls-proxy
are both enabled.

Change-Id: Ie0e01828f05b2706d310d8110e6e8dd8c4a03e4e
This commit is contained in:
Pavlo Shchelokovskyy 2018-02-23 18:13:54 +02:00
parent 486a6f961c
commit 3edeb4c4f3
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
devstack/lib/ironic
View File

@ -485,6 +485,12 @@ if [ $IRONIC_DEFAULT_BOOT_OPTION != 'netboot' ] && [ $IRONIC_DEFAULT_BOOT_OPTION
die $LINENO "Supported values for IRONIC_DEFAULT_BOOT_OPTION are 'netboot' and 'local' only."
fi
# TODO(pas-ha) find a way to (cross-)sign the custom CA bundle used by tls-proxy
# with default iPXE cert - for reference see http://ipxe.org/crypto
if [ $IRONIC_IPXE_USE_SWIFT == 'True' && is_service_enabled tls-proxy ]; then
die $LINENO "Ironic in DevStack does not yet support booting iPXE from HTTPS URLs"
fi
# Timeout for "manage" action. 2 minutes is more than enough.
IRONIC_MANAGE_TIMEOUT=${IRONIC_MANAGE_TIMEOUT:-120}
# Timeout for "provide" action. This involves cleaning. Generally, 15 minutes