suse-edge/Factory
SHA256
14
0
Fork 15
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: suse-edge:419e8a0814f1f1e90cf50d22c61842744b165616b77de772c6f3344a21dba420
Branches Tags
suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
...
compare: suse-edge:44a6a19b563c3db8f046757d6cd749a2733fda735bd8ea0e5d9e0dbbc7555f3d
Branches Tags
suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

4 Commits
419e8a0814 ... 44a6a19b56

Author SHA256 Message Date
Marco Chiappero
44a6a19b56 Update the URL for the BMO to connect to Ironic
All checks were successful
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in -10s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 2m16s
Details 
The BMO should now connect via the provisioningHostname if set or an IP
address. Add a helper that returns the ironic hostname or correctly
formatted IP to define the ironicApiHost variable in the BMO configmap.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 18:28:47 +00:00
Marco Chiappero
0abc65b0b3 Include the hostname for SAN in Certificates 
Recently provisioningHostname has been introduced as an alternative way
to configure the IPs to bind and respond to. This however requires that
the Certificates for HTTPS also include a dnsNames section whenver such
value is present.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 18:28:47 +00:00
Marco Chiappero
82b1d2effd Introduce metal3.provisioningIP template and deprecate ironicIP 
So far ironicIP has been part of values.yaml under the global section,
however this is very misleading: this variable is internal to the Ironic
startup scripts and should not be set, moreover it conflicts with
provisioningIP, which is instead a public configuration variable for the
purpose.

This commits thus introduces the following changes:
- removes the creation of IRONIC_IP in the Ironic configmap
- does not yet remove ironicIP from values.yaml to avoid breaking
  forward compatibility
- introduces a utility function to perform input validation while still
  prioritizing ironicIP if present

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 18:28:45 +00:00
Marco Chiappero
e8397cec19 Allow to change the LISTEN_ALL_INTERFACE variable for Ironic 
It should be possible to enable or disable the environment variable
LISTEN_ALL_INTERFACE in the Ironic configmap, as it allows to the way
Ironic binds to socket, especially in combination with the changes
introduced in v29.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 18:28:05 +00:00
7 changed files with 61 additions and 18 deletions
Expand all files Collapse all files

16
metal3-chart/charts/baremetal-operator/templates/_helpers.tpl
View File

@@ -61,3 +61,19 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
*/}}
{{- define "baremetal-operator.ironicHttpHost" -}}
{{- $ironicIP := include "metal3.provisioningIP" . -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
{{- .provisioningHostname }}
{{- else if regexMatch ".*:.*" $ironicIP}}
{{- print "[" $ironicIP "]" }}
{{- else }}
{{- $ironicIP }}
{{- end }}
{{- end }}
{{- end }}

12
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -1,10 +1,10 @@
{{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
{{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
{{- $ironicApiHost := print $ironicHost ":6385" }}
{{- $ironicBootHost := print $ironicHost ":6180" }}
{{- $ironicCacheHost := print $ironicHost ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1
@@ -12,8 +12,8 @@ data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
{{- else }}

16
metal3-chart/charts/ironic/templates/_helpers.tpl
View File

@@ -96,3 +96,19 @@ Get the formatted "External" hostname or IP address
{{- end }}
{{- end }}
{{- end }}
{{/*
Create the subjectAltNames section to be set on the Certificate
*/}}
{{- define "ironic.subjectAltNames" -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
dnsNames:
- {{ .provisioningHostname }}
{{- end -}}
{{- if or .ironicIP .provisioningIP }}
ipAddresses:
- {{ coalesce .ironicIP .provisioningIP }}
{{- end }}
{{- end }}
{{- end }}

9
metal3-chart/charts/ironic/templates/certificates.yaml
View File

@@ -6,8 +6,7 @@ metadata:
spec:
commonName: ironic-ca
isCA: true
ipAddresses:
- {{ .Values.global.ironicIP }}
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: selfsigned-issuer
@@ -19,8 +18,7 @@ metadata:
name: ironic-cert
spec:
commonName: ironic-cert
ipAddresses:
- {{ .Values.global.ironicIP }}
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: ca-issuer
@@ -33,8 +31,7 @@ metadata:
name: ironic-vmedia-cert
spec:
commonName: ironic-vmedia-cert
ipAddresses:
- {{ .Values.global.ironicIP }}
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: ca-issuer

9
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -34,16 +34,13 @@ data:
{{- if .Values.global.provisioningInterface }}
PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
{{- end }}
{{- if .Values.global.provisioningIP }}
PROVISIONING_IP: {{ .Values.global.provisioningIP }}
{{- if or .Values.global.ironicIP .Values.global.provisioningIP }}
PROVISIONING_IP: {{ include "metal3.provisioningIP" . }}
{{- else if .Values.global.provisioningHostname }}
IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
{{- end }}
IRONIC_FAST_TRACK: "true"
LISTEN_ALL_INTERFACES: "true"
{{- if .Values.global.ironicIP }}
IRONIC_IP: {{ .Values.global.ironicIP }}
{{- end }}
LISTEN_ALL_INTERFACES: {{ .Values.global.listenOnAll }}
{{- if ( .Values.global.enable_tls ) }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true

2
metal3-chart/charts/ironic/values.yaml
View File

@@ -58,6 +58,8 @@ global:
replicaCount: 1
listenOnAll: "true"
images:
ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic

15
metal3-chart/templates/_helpers.tpl
View File

@@ -60,3 +60,18 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Produce the correct IP or hostname for Ironic provisioning
*/}}
{{- define "metal3.provisioningIP" -}}
{{- with .Values.global }}
{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
{{ fail "Please provide either provisioningHostname or provisioningIP (note: ironic IP is deprecated)" }}
{{- end }}
{{- if and .provisioningIP .ironicIP }}
{{ fail "Please provide either ironicIP or provisioningIP (note: ironicIP is deprecated)" }}
{{- end }}
{{- coalesce .ironicIP .provisioningIP }}
{{- end }}
{{- end }}