Skip to content

Commit

Permalink
Add tls certs to fakeIPA config
Browse files Browse the repository at this point in the history 
Signed-off-by: Mohammed Boukhalfa <[email protected]>
  • Loading branch information
@mboukhalfa @mquhuy
mboukhalfa authored and mquhuy committed Dec 12, 2024
1 parent 887b5b6 commit fd00fb6
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 15 deletions.
34 changes: 19 additions & 15 deletions 03_launch_mgmt_cluster.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -344,26 +344,30 @@ EOF
#
# Launch and configure fakeIPA
#
launch_fake_ipa()
{
# Create a folder to host fakeIPA config and certs
mkdir -p "${WORKING_DIR}/fake-ipa"
if [[ "${EPHEMERAL_CLUSTER}" = "kind" ]] && [[ "${IRONIC_TLS_SETUP}" = "true" ]]; then
cp "${IRONIC_CACERT_FILE}" "${WORKING_DIR}/fake-ipa/ironic-ca.crt"
elif [[ "${IRONIC_TLS_SETUP}" = "true" ]]; then
# wait for ironic to be running to ensure ironic-cert is created
kubectl -n baremetal-operator-system wait --for=condition=available deployment/baremetal-operator-ironic --timeout=900s
# Extract ironic-cert to be used inside fakeIPA for TLS
kubectl get secret -n baremetal-operator-system ironic-cert -o json -o=jsonpath="{.data.ca\.crt}" | base64 -d > "${WORKING_DIR}/fake-ipa/ironic-ca.crt"
fi

# Create fake IPA custom config
cat <<EOF > "${WORKING_DIR}/fake-ipa/config.py"
launch_fake_ipa() {
# Create a folder to host fakeIPA config and certs
mkdir -p "${WORKING_DIR}/fake-ipa"
if [[ "${EPHEMERAL_CLUSTER}" == "kind" ]] && [[ "${IRONIC_TLS_SETUP}" == "true" ]]; then
cp "${IRONIC_CACERT_FILE}" "${WORKING_DIR}/fake-ipa/ironic-ca.crt"
cp "${IRONIC_CERT_FILE}" "${WORKING_DIR}/fake-ipa/ironic-tls.crt"
cp "${IRONIC_KEY_FILE}" "${WORKING_DIR}/fake-ipa/ironic-tls.key"
elif [[ "${IRONIC_TLS_SETUP}" == "true" ]]; then
# wait for ironic to be running to ensure ironic-cert is created
kubectl -n baremetal-operator-system wait --for=condition=available deployment/baremetal-operator-ironic --timeout=900s
# Extract ironic-cert to be used inside fakeIPA for TLS
kubectl get secret -n baremetal-operator-system ironic-cert -o json -o=jsonpath="{.data.ca\.crt}" | base64 -d > "${WORKING_DIR}/fake-ipa/ironic-ca.crt"
kubectl get secret -n baremetal-operator-system ironic-cert -o json -o=jsonpath="{.data.tls\.crt}" | base64 -d > "${WORKING_DIR}/fake-ipa/ironic-tls.crt"
kubectl get secret -n baremetal-operator-system ironic-cert -o json -o=jsonpath="{.data.tls\.key}" | base64 -d > "${WORKING_DIR}/fake-ipa/ironic-tls.key"
fi
# Create fake IPA custom config
cat << EOF > "${WORKING_DIR}/fake-ipa/config.py"
FAKE_IPA_API_URL = "https://${CLUSTER_BARE_METAL_PROVISIONER_IP}:${IRONIC_API_PORT}"
FAKE_IPA_INSPECTION_CALLBACK_URL = "${IRONIC_URL}/continue_inspection"
FAKE_IPA_ADVERTISE_ADDRESS_IP = "${EXTERNAL_SUBNET_V4_HOST}"
FAKE_IPA_INSECURE = ${FAKE_IPA_INSECURE:-False}
FAKE_IPA_CAFILE = "${FAKE_IPA_CAFILE:-/root/cert/ironic-ca.crt}"
FAKE_IPA_CERTFILE = "${FAKE_IPA_CERTFILE:-/root/cert/ironic-tls.crt}"
FAKE_IPA_KEYFILE = "${FAKE_IPA_KEYFILE:-/root/cert/ironic-tls.key}"
FAKE_IPA_MIN_BOOT_TIME = ${FAKE_IPA_MIN_BOOT_TIME:-20}
FAKE_IPA_MAX_BOOT_TIME = ${FAKE_IPA_MAX_BOOT_TIME:-30}
EOF
Expand Down
1 change: 1 addition & 0 deletions vm-setup/roles/virtbmc/tasks/setup_tasks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@
SUSHY_EMULATOR_VMEDIA_VERIFY_SSL = {{ sushy_vmedia_verify_ssl }}
SUSHY_EMULATOR_AUTH_FILE = "/root/sushy/htpasswd"
SUSHY_EMULATOR_FAKE_DRIVER = True
EXTERNAL_NOTIFICATION_URL = "https://localhost:9999"
SUSHY_EMULATOR_FAKE_IPA = True
SUSHY_EMULATOR_FAKE_SYSTEMS = {{ lookup('ansible.builtin.file', fake_nodes_file ) }}
become: true
Expand Down

0 comments on commit fd00fb6

Please sign in to comment.