Revert the change that translated ironicIP into provisioningIP, as well
as the messages on deprecation. This is to allow for the use with Metal
LB in SV.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Commit 03d7a39 introduced the possibility to externally configure
IRONIC_EXTERNAL_HTTP_URL, while removing also the value when the host
was not user provided.
Revert this last behaviour, by always adding the variable in the ironic
ConfigMap even if the host is not set in values, leveraging either
ironicIP or provisioningIP. This is required to fix the use of VMedia
TLS.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Make sure that only IRONIC_IPV6 is set with a valid value when
PROVISIONING_IP is an IPv6 address by also clearing IRONIC_IP
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Unfortuantely, likely due to some conflicts in the Apache, access cannot
be granted to /images/ only, so allow anyone for now.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
The checks on the upstream project have reported some warnings to the
code accepted in PR #213, fix them in this commit.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Make sure that the services are created with both IPv4 and IPv6
addresses when the cluster has been created with both IPv4 and IPv6
ranges. They will behave as single stack otherwise.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
The BMO should now connect via the provisioningHostname if set or an IP
address. Add a helper that returns the ironic hostname or correctly
formatted IP to define the ironicApiHost variable in the BMO configmap.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Recently provisioningHostname has been introduced as an alternative way
to configure the IPs to bind and respond to. This however requires that
the Certificates for HTTPS also include a dnsNames section whenver such
value is present.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
So far ironicIP has been part of values.yaml under the global section,
however this is very misleading: this variable is internal to the Ironic
startup scripts and should not be set, moreover it conflicts with
provisioningIP, which is instead a public configuration variable for the
purpose.
This commits thus introduces the following changes:
- removes the creation of IRONIC_IP in the Ironic configmap
- does not yet remove ironicIP from values.yaml to avoid breaking
forward compatibility
- introduces a utility function to perform input validation while still
prioritizing ironicIP if present
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
It should be possible to enable or disable the environment variable
LISTEN_ALL_INTERFACE in the Ironic configmap, as it allows to the way
Ironic binds to socket, especially in combination with the changes
introduced in v29.
However, if listenOnAll is false, Ironic will bind to a specific IPv4
and/or IPv6 address and the 127.0.0.1 address used for the liveness
and readiness probe will not be accepted. Also add a named template
that, when it is set to false, picks a different host IP or address,
according to the following priority:
- ironicIP (deprecated)
- provisioningIP
- provisioningHostname
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Create a new provisioningHostname value in values.yaml in order to set
the new IRONIC_URL_HOSTNAME, that allows to set the address(es) Ironic
will bind to.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Since currently we can only define the provisioning network and the
external HTTP host, remove some clutter generating unused variables.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
The purpose of this commit is to:
- avoid providing IRONIC_EXTERNAL_HTTP_URL by default, as the Ironic
startup scripts will be able to derive the value from other variables
- define a new global value under the top values.yaml to generate
IRONIC_EXTERNAL_HTTP_URL when actually needed
- make sure that the input, which can either be a hostname or an IP
address, is correctly formatted in case of an IPv6.
This change also allows subsequent cleanups of the whole Configmap
template for Ironic.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Enable the use of two separate sockets for IPv4 and IPv6 when
LISTEN_ALL_INTERFACES is set to true. While desirable, on Linux Apache uses
IPv4-mapped IPv6 addresses by default, thus leveraging a single IPv6 socket
for IPv4 connections as well.
This behaviour is far from being desirable and can be disabled at compile
time via the "--disable-v4-mapped" flag, so make sure both an ANY address
Listen directive is present for both IPv4 and IPv6. When Apache is compiled
with "--enable-v4-mapped", the IPv4 socket will be simply ignored.
Please see https://httpd.apache.org/docs/2.4/bind.html for more
information.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Enable the use of individual IPv4 and IPv6 sockets when the respective
IP is detected and LISTEN_ALL_INTERFACES is not set to true. This allows
to correctly bind to both the IPv4 and IPv6 addresses found and not just
one of them.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
When LISTEN_ALL_INTERFACES is not set, Apache should make Ironic API
avaiable on either or both IPv4 and IPv6 sockets, depending on the
addresses requested or found on the system.
Make sure to set the "Listen" directive according to ENABLE_IPV4 and
ENABLE_IPV4, and the VirtualHost when IRONIC_URL_HOSTNAME is present.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
Prioritize IPv6 over IPv4 when available to set host_ip in ironic.conf
when LISTEN_ALL_INTERFACES is not set to true.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
As per the Ironic documentation:
"This field [my_ip] does accept an IPv6 address as an override for templates
and URLs, however it is recommended that [DEFAULT]my_ipv6 is used along with
DNS names for service URLs for dual-stack environments."
Fill my_ipv6 when an IPv6 address has been found for binding.
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
