suse-edge/Factory
SHA256
17
0
Fork 17
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

metal3: Introduce TLS variables for ironic vmedia server #281

Merged
nbelouin merged 1 commits from nbelouin/Factory:ironic-tls-cipher into main 2025-10-14 15:04:33 +02:00
Conversation 4 Commits 1 Files Changed 9 +40 -17
nbelouin commented 2025-10-03 09:37:07 +02:00
Owner
Copy Link

port of https://github.com/metal3-io/ironic-image/pull/759

Expose it in chart with a new ironic.ironicExtraEnv value that allows
passing arbitrary extra environment variables to allow for advanced
configuration we may not want to keep as not for the faint of heart.

Also quick bonus fix issue with media subchart

port of https://github.com/metal3-io/ironic-image/pull/759 Expose it in chart with a new `ironic.ironicExtraEnv` value that allows passing arbitrary extra environment variables to allow for advanced configuration we may not want to keep as not for the faint of heart. Also quick bonus fix issue with media subchart
nbelouin added 1 commit 2025-10-03 09:37:08 +02:00
metal3: Introduce TLS variables for ironic vmedia server
Some checks failed
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in -1s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Failing after 1m39s
Details
98974a10a6 
port of https://github.com/metal3-io/ironic-image/pull/759

Expose it in chart with a new `ironic.ironicExtraEnv` value that allows
passing arbitrary extra environment variables to allow for advanced
configuration we may not want to keep as not for the faint of heart.

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
nbelouin added 2 commits 2025-10-03 09:53:46 +02:00
metal3: Introduce TLS variables for ironic vmedia server
Some checks failed
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in -1s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Failing after 1m39s
Details
98974a10a6 
port of https://github.com/metal3-io/ironic-image/pull/759

Expose it in chart with a new `ironic.ironicExtraEnv` value that allows
passing arbitrary extra environment variables to allow for advanced
configuration we may not want to keep as not for the faint of heart.

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
metal3: Introduce TLS variables for ironic vmedia server
Some checks failed
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in 8s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Failing after 3h10m30s
Details
67d2a5bdef 
port of https://github.com/metal3-io/ironic-image/pull/759

Expose it in chart with a new `ironic.ironicExtraEnv` value that allows
passing arbitrary extra environment variables to allow for advanced
configuration we may not want to keep as not for the faint of heart.

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
nbelouin added 2 commits 2025-10-03 10:04:56 +02:00
metal3: Introduce TLS variables for ironic vmedia server
Some checks failed
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in 8s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Failing after 3h10m30s
Details
67d2a5bdef 
port of https://github.com/metal3-io/ironic-image/pull/759

Expose it in chart with a new `ironic.ironicExtraEnv` value that allows
passing arbitrary extra environment variables to allow for advanced
configuration we may not want to keep as not for the faint of heart.

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
metal3: Introduce TLS variables for ironic vmedia server
All checks were successful
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in -13s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in -19s
Details
f60348562e 
port of https://github.com/metal3-io/ironic-image/pull/759

Expose it in chart with a new `ironic.ironicExtraEnv` value that allows
passing arbitrary extra environment variables to allow for advanced
configuration we may not want to keep as not for the faint of heart.

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
nbelouin changed title from WIP: metal3: Introduce TLS variables for ironic vmedia server to metal3: Introduce TLS variables for ironic vmedia server 2025-10-03 10:47:01 +02:00
nbelouin requested review from mchiappero 2025-10-03 10:47:23 +02:00
nbelouin requested review from steven.hardy 2025-10-03 10:47:23 +02:00
mchiappero approved these changes 2025-10-03 14:54:11 +02:00
mchiappero left a comment
Owner
Copy Link

I guess we need to remember to create some product documentation as well, similarly to the upstream README.

I guess we need to remember to create some product documentation as well, similarly to the upstream README.
steven.hardy reviewed 2025-10-06 10:25:33 +02:00
ironic-image/ironic-config/apache2-vmedia.conf.j2
@@ -14,0 +20,4 @@
{% if "IRONIC_VMEDIA_CURVES" in env and env.IRONIC_VMEDIA_CURVES %}
SSLOpenSSLConfCmd Curves {{ env.IRONIC_VMEDIA_CURVES }}
{% endif %}
{% if env.IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER | lower == "true" %}
steven.hardy commented 2025-10-06 10:25:33 +02:00
Owner
Copy Link

If this will be defined via ironicExtraEnv without any default for IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER I think we need to add if "IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER" in env similar to the previous conditionals?

If this will be defined via `ironicExtraEnv` without any default for `IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER` I think we need to add `if "IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER" in env` similar to the previous conditionals?
nbelouin commented 2025-10-14 14:17:57 +02:00
Author
Owner
Copy Link

I'd like to keep following upstream here, and it doesn't look like it is needed for this construction.

I'd like to keep following upstream here, and it doesn't look like it is needed for this construction.
steven.hardy commented 2025-10-14 14:19:33 +02:00
Owner
Copy Link

Ok no problem, lets resolve this thread if you're confident we won't have any issue due to the potentially undefined key.

Ok no problem, lets resolve this thread if you're confident we won't have any issue due to the potentially undefined key.
steven.hardy marked this conversation as resolved
steven.hardy requested changes 2025-10-06 10:25:49 +02:00
Dismissed
steven.hardy left a comment
Owner
Copy Link

lgtm but one question/comment

lgtm but one question/comment
steven.hardy requested review from steven.hardy 2025-10-14 14:19:42 +02:00
steven.hardy approved these changes 2025-10-14 14:19:48 +02:00
nbelouin merged commit 69db0a0b16 into main 2025-10-14 15:04:33 +02:00
nbelouin deleted branch ironic-tls-cipher 2025-10-14 15:04:33 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
mchiappero
steven.hardy
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
amorgante antaloala atanasdinov atrendafilov dbekhit dprodanov eminguez fdegirmenci geoagriogiannis ipetrov117 jarndt jtomasek kzhelyazkov mchiappero mkrutov nbelouin roxenham steven.hardy
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: suse-edge/Factory#281
Delete Branch "nbelouin/Factory:ironic-tls-cipher"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?