#!/usr/bin/bash # shellcheck disable=SC1091 . /bin/tls-common.sh . /bin/ironic-common.sh . /bin/auth-common.sh export HTTP_PORT=${HTTP_PORT:-80} export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083} export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false} # In Metal3 context they are called node images in Ironic context they are # called user images. export HTTPD_SERVE_NODE_IMAGES="${HTTPD_SERVE_NODE_IMAGES:-true}" # Whether to enable fast_track provisioning or not IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true} # Whether to activate the EnableSendfile apache directive for httpd HTTPD_ENABLE_SENDFILE="${HTTPD_ENABLE_SENDFILE:-false}" # Set of collectors that should be used with IPA inspection export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs} wait_for_interface_or_ip mkdir -p /shared/html chmod 0777 /shared/html INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}/v1/continue_inspection" if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}" fi export INSPECTOR_EXTRA_ARGS # Copy files to shared mount render_j2_config /templates/inspector.ipxe.j2 /shared/html/inspector.ipxe # cp -r /etc/httpd/* "${HTTPD_DIR}" if [[ -f "${HTTPD_CONF_DIR}/httpd.conf" ]]; then mv "${HTTPD_CONF_DIR}/httpd.conf" "${HTTPD_CONF_DIR}/httpd.conf.example" fi # Render the core httpd config render_j2_config "/etc/httpd/conf/httpd.conf.j2" \ "${HTTPD_CONF_DIR}/httpd.conf" if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then render_j2_config "/templates/httpd-ironic-api.conf.j2" \ "${HTTPD_CONF_DIR_D}/ironic.conf" fi else export IRONIC_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy fi write_htpasswd_files # Render httpd TLS configuration for /shared/html/ if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then render_j2_config "/templates/httpd-vmedia.conf.j2" \ "${HTTPD_CONF_DIR_D}/vmedia.conf" fi # Render httpd TLS configuration for /shared/html if [[ "$IPXE_TLS_SETUP" == "true" ]]; then mkdir -p /shared/html/custom-ipxe chmod 0777 /shared/html/custom-ipxe render_j2_config "/templates/httpd-ipxe.conf.j2" "${HTTPD_CONF_DIR_D}/ipxe.conf" cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \ "${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \ "/shared/html/custom-ipxe" fi # Set up inotify to kill the container (restart) whenever cert files for ironic api change configure_restart_on_certificate_update "${IRONIC_TLS_SETUP}" httpd "${IRONIC_CERT_FILE}" # Set up inotify to kill the container (restart) whenever cert of httpd for /shared/html/ path change configure_restart_on_certificate_update "${IRONIC_VMEDIA_TLS_SETUP}" httpd "${IRONIC_VMEDIA_CERT_FILE}" exec /usr/sbin/httpd -DFOREGROUND -f "${HTTPD_CONF_DIR}/httpd.conf"