2024-10-21 14:18:05 +02:00
|
|
|
#!/usr/bin/bash
|
|
|
|
|
|
|
|
# shellcheck disable=SC1091
|
|
|
|
. /bin/tls-common.sh
|
|
|
|
. /bin/ironic-common.sh
|
|
|
|
. /bin/auth-common.sh
|
|
|
|
|
|
|
|
export HTTP_PORT=${HTTP_PORT:-80}
|
|
|
|
export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
|
|
|
|
|
|
|
|
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
|
|
|
|
|
|
|
# In Metal3 context they are called node images in Ironic context they are
|
|
|
|
# called user images.
|
|
|
|
export HTTPD_SERVE_NODE_IMAGES="${HTTPD_SERVE_NODE_IMAGES:-true}"
|
|
|
|
|
|
|
|
# Whether to enable fast_track provisioning or not
|
|
|
|
IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
|
|
|
|
|
|
|
|
# Whether to activate the EnableSendfile apache directive for httpd
|
|
|
|
HTTPD_ENABLE_SENDFILE="${HTTPD_ENABLE_SENDFILE:-false}"
|
|
|
|
|
|
|
|
# Set of collectors that should be used with IPA inspection
|
|
|
|
export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
|
|
|
|
|
|
|
|
wait_for_interface_or_ip
|
|
|
|
|
|
|
|
mkdir -p /shared/html
|
|
|
|
chmod 0777 /shared/html
|
|
|
|
|
|
|
|
IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}"
|
|
|
|
|
2024-11-12 19:44:52 +01:00
|
|
|
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
|
2024-10-21 14:18:05 +02:00
|
|
|
|
|
|
|
if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then
|
|
|
|
INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}"
|
|
|
|
fi
|
|
|
|
export INSPECTOR_EXTRA_ARGS
|
|
|
|
|
|
|
|
# Copy files to shared mount
|
|
|
|
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
|
|
|
|
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
|
|
|
|
|
|
|
|
# Render the core httpd config
|
|
|
|
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf
|
|
|
|
|
|
|
|
if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
|
|
|
|
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
|
|
|
render_j2_config /tmp/httpd-ironic-api.conf.j2 /etc/httpd/conf.d/ironic.conf
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
export IRONIC_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
|
|
|
|
fi
|
|
|
|
|
|
|
|
write_htpasswd_files
|
|
|
|
|
|
|
|
# Render httpd TLS configuration for /shared/html/<redifsh;ilo>
|
|
|
|
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
|
|
|
|
render_j2_config /etc/httpd-vmedia.conf.j2 /etc/httpd/conf.d/vmedia.conf
|
|
|
|
fi
|
|
|
|
|
2024-11-12 19:44:52 +01:00
|
|
|
# Render httpd TLS configuration for /shared/html
|
|
|
|
if [[ "$IPXE_TLS_SETUP" == "true" ]]; then
|
|
|
|
mkdir -p /shared/html/custom-ipxe
|
|
|
|
chmod 0777 /shared/html/custom-ipxe
|
|
|
|
render_j2_config "/etc/httpd-ipxe.conf.j2" "/etc/httpd/conf.d/ipxe.conf"
|
|
|
|
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
|
|
|
|
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
|
|
|
|
"/shared/html/custom-ipxe"
|
2024-10-21 14:18:05 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Set up inotify to kill the container (restart) whenever cert files for ironic api change
|
|
|
|
if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
|
|
|
|
# shellcheck disable=SC2034
|
|
|
|
inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
|
|
|
|
kill -WINCH $(pgrep httpd)
|
|
|
|
done &
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Set up inotify to kill the container (restart) whenever cert of httpd for /shared/html/<redifsh;ilo> path change
|
|
|
|
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
|
|
|
|
# shellcheck disable=SC2034
|
|
|
|
inotifywait -m -e delete_self "${IRONIC_VMEDIA_CERT_FILE}" | while read -r file event; do
|
|
|
|
kill -WINCH $(pgrep httpd)
|
|
|
|
done &
|
|
|
|
fi
|
|
|
|
|
|
|
|
exec /usr/sbin/httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
|