forked from suse-edge/Factory
Marco Chiappero
da9f8f9c2c
Drop all the config and script files into their respective directory from the upstream release v30.0.0. Any required customization will follow in subsequent commits, which could potentially be reused for future realignments. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
83 lines
2.9 KiB
Bash
83 lines
2.9 KiB
Bash
#!/usr/bin/bash
|
|
|
|
# shellcheck disable=SC1091
|
|
. /bin/tls-common.sh
|
|
. /bin/ironic-common.sh
|
|
. /bin/auth-common.sh
|
|
|
|
export HTTP_PORT=${HTTP_PORT:-80}
|
|
export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
|
|
|
|
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
|
|
|
# In Metal3 context they are called node images in Ironic context they are
|
|
# called user images.
|
|
export HTTPD_SERVE_NODE_IMAGES="${HTTPD_SERVE_NODE_IMAGES:-true}"
|
|
|
|
# Whether to enable fast_track provisioning or not
|
|
IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
|
|
|
|
# Whether to activate the EnableSendfile apache directive for httpd
|
|
HTTPD_ENABLE_SENDFILE="${HTTPD_ENABLE_SENDFILE:-false}"
|
|
|
|
# Set of collectors that should be used with IPA inspection
|
|
export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
|
|
|
|
wait_for_interface_or_ip
|
|
|
|
mkdir -p /shared/html
|
|
chmod 0777 /shared/html
|
|
|
|
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}/v1/continue_inspection"
|
|
|
|
if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then
|
|
INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}"
|
|
fi
|
|
export INSPECTOR_EXTRA_ARGS
|
|
|
|
# Copy files to shared mount
|
|
render_j2_config /templates/inspector.ipxe.j2 /shared/html/inspector.ipxe
|
|
# cp -r /etc/httpd/* "${HTTPD_DIR}"
|
|
if [[ -f "${HTTPD_CONF_DIR}/httpd.conf" ]]; then
|
|
mv "${HTTPD_CONF_DIR}/httpd.conf" "${HTTPD_CONF_DIR}/httpd.conf.example"
|
|
fi
|
|
|
|
# Render the core httpd config
|
|
render_j2_config "/etc/httpd/conf/httpd.conf.j2" \
|
|
"${HTTPD_CONF_DIR}/httpd.conf"
|
|
|
|
if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
|
|
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
|
render_j2_config "/templates/httpd-ironic-api.conf.j2" \
|
|
"${HTTPD_CONF_DIR_D}/ironic.conf"
|
|
fi
|
|
else
|
|
export IRONIC_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
|
|
fi
|
|
|
|
write_htpasswd_files
|
|
|
|
# Render httpd TLS configuration for /shared/html/<redifsh;ilo>
|
|
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
|
|
render_j2_config "/templates/httpd-vmedia.conf.j2" \
|
|
"${HTTPD_CONF_DIR_D}/vmedia.conf"
|
|
fi
|
|
|
|
# Render httpd TLS configuration for /shared/html
|
|
if [[ "$IPXE_TLS_SETUP" == "true" ]]; then
|
|
mkdir -p /shared/html/custom-ipxe
|
|
chmod 0777 /shared/html/custom-ipxe
|
|
render_j2_config "/templates/httpd-ipxe.conf.j2" "${HTTPD_CONF_DIR_D}/ipxe.conf"
|
|
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
|
|
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
|
|
"/shared/html/custom-ipxe"
|
|
fi
|
|
|
|
# Set up inotify to kill the container (restart) whenever cert files for ironic api change
|
|
configure_restart_on_certificate_update "${IRONIC_TLS_SETUP}" httpd "${IRONIC_CERT_FILE}"
|
|
|
|
# Set up inotify to kill the container (restart) whenever cert of httpd for /shared/html/<redifsh;ilo> path change
|
|
configure_restart_on_certificate_update "${IRONIC_VMEDIA_TLS_SETUP}" httpd "${IRONIC_VMEDIA_CERT_FILE}"
|
|
|
|
exec /usr/sbin/httpd -DFOREGROUND -f "${HTTPD_CONF_DIR}/httpd.conf"
|