diff --git a/ironic-image/inspector-apache.conf.j2 b/ironic-image/inspector-apache.conf.j2 deleted file mode 100644 index b0a9d7f..0000000 --- a/ironic-image/inspector-apache.conf.j2 +++ /dev/null @@ -1,57 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if env.LISTEN_ALL_INTERFACES | lower == "true" %} -Listen {{ env.IRONIC_INSPECTOR_LISTEN_PORT }} - -{% else %} -Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }} - -{% endif %} - {% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %} - ProxyPass "/" "unix:/shared/inspector.sock|http://127.0.0.1/" - ProxyPassReverse "/" "unix:/shared/inspector.sock|http://127.0.0.1/" - {% else %} - ProxyPass "/" "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/" - ProxyPassReverse "/" "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/" - {% endif %} - - SetEnv APACHE_RUN_USER ironic-suse - SetEnv APACHE_RUN_GROUP ironic-suse - - ErrorLog /dev/stdout - LogLevel debug - CustomLog /dev/stdout combined - - SSLEngine On - SSLProtocol {{ env.IRONIC_SSL_PROTOCOL }} - SSLCertificateFile {{ env.IRONIC_INSPECTOR_CERT_FILE }} - SSLCertificateKeyFile {{ env.IRONIC_INSPECTOR_KEY_FILE }} - - {% if "INSPECTOR_HTPASSWD" in env and env.INSPECTOR_HTPASSWD | length %} - - AuthType Basic - AuthName "Restricted area" - AuthUserFile "/etc/ironic-inspector/htpasswd" - Require valid-user - - - - Require all granted - - - - Require all granted - - {% endif %} - diff --git a/ironic-image/ironic-inspector.conf.j2 b/ironic-image/ironic-inspector.conf.j2 deleted file mode 100644 index 9932980..0000000 --- a/ironic-image/ironic-inspector.conf.j2 +++ /dev/null @@ -1,68 +0,0 @@ -[DEFAULT] -auth_strategy = noauth -debug = true -transport_url = fake:// -use_stderr = true -{% if env.INSPECTOR_REVERSE_PROXY_SETUP == "true" %} -{% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %} -listen_unix_socket = /shared/inspector.sock -# NOTE(dtantsur): this is not ideal, but since the socket is accessed from -# another container, we need to make it world-writeable. -listen_unix_socket_mode = 0666 -{% else %} -listen_port = {{ env.IRONIC_INSPECTOR_PRIVATE_PORT }} -listen_address = 127.0.0.1 -{% endif %} -{% elif env.LISTEN_ALL_INTERFACES | lower == "true" %} -listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }} -listen_address = :: -{% else %} -listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }} -listen_address = {{ env.IRONIC_IP }} -{% endif %} -host = {{ env.IRONIC_IP }} -{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %} -use_ssl = true -{% endif %} - -[database] -connection = sqlite:////var/lib/ironic-inspector/ironic-inspector.db - -{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %} -[discovery] -enroll_node_driver = ipmi -{% endif %} - -[ironic] -auth_type = none -endpoint_override = {{ env.IRONIC_BASE_URL }} -{% if env.IRONIC_TLS_SETUP == "true" %} -cafile = {{ env.IRONIC_CACERT_FILE }} -insecure = {{ env.IRONIC_INSECURE }} -{% endif %} - -[processing] -add_ports = all -always_store_ramdisk_logs = true -keep_ports = present -{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %} -node_not_found_hook = enroll -{% endif %} -permit_active_introspection = true -power_off = false -processing_hooks = $default_processing_hooks,lldp_basic -ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk -store_data = database - -[pxe_filter] -driver = noop - -[service_catalog] -auth_type = none -endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }} - -{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %} -[ssl] -cert_file = {{ env.IRONIC_INSPECTOR_CERT_FILE }} -key_file = {{ env.IRONIC_INSPECTOR_KEY_FILE }} -{% endif %} diff --git a/ironic-image/runironic-api b/ironic-image/runironic-api deleted file mode 100644 index 9deb9ac..0000000 --- a/ironic-image/runironic-api +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/bash - -export IRONIC_DEPLOYMENT="API" - -# shellcheck disable=SC1091 -. /bin/configure-ironic.sh - -export IRONIC_REVERSE_PROXY_SETUP=false - -python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < /tmp/httpd-ironic-api.conf.j2 > /etc/httpd/conf.d/ironic.conf - -# shellcheck disable=SC1091 -. /bin/runhttpd diff --git a/ironic-image/runironic-conductor b/ironic-image/runironic-conductor deleted file mode 100644 index 64b2c82..0000000 --- a/ironic-image/runironic-conductor +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/bash - -export IRONIC_DEPLOYMENT="Conductor" - -# shellcheck disable=SC1091 -. /bin/configure-ironic.sh - -# Ramdisk logs -mkdir -p /shared/log/ironic/deploy - -run_ironic_dbsync - -if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then - # shellcheck disable=SC2034 - inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do - kill $(pgrep ironic) - done & -fi - -exec /usr/bin/ironic-conductor diff --git a/ironic-image/runironic-inspector b/ironic-image/runironic-inspector deleted file mode 100644 index c43782d..0000000 --- a/ironic-image/runironic-inspector +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/bash - -set -euxo pipefail - -CONFIG=/etc/ironic-inspector/ironic-inspector.conf - -export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false} -export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false} - -# shellcheck disable=SC1091 -. /bin/tls-common.sh -# shellcheck disable=SC1091 -. /bin/ironic-common.sh -# shellcheck disable=SC1091 -. /bin/auth-common.sh - -if [[ "$USE_IRONIC_INSPECTOR" == "false" ]]; then - echo "FATAL: ironic-inspector is disabled via USE_IRONIC_INSPECTOR" - exit 1 -fi - -wait_for_interface_or_ip - -IRONIC_INSPECTOR_PORT=${IRONIC_INSPECTOR_ACCESS_PORT} -if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then - if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]] && [[ "${IRONIC_INSPECTOR_PRIVATE_PORT}" != "unix" ]]; then - IRONIC_INSPECTOR_PORT=$IRONIC_INSPECTOR_PRIVATE_PORT - fi -else - export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy -fi - -export IRONIC_INSPECTOR_BASE_URL="${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_PORT}" -export IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}" - -build_j2_config() -{ - local CONFIG_FILE="$1" - python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$CONFIG_FILE.j2" -} - -# Merge with the original configuration file from the package. -build_j2_config "$CONFIG" | crudini --merge "$CONFIG" - -configure_inspector_auth - -configure_client_basic_auth ironic "${CONFIG}" - -ironic-inspector-dbsync --config-file "${CONFIG}" upgrade - -if [[ "$INSPECTOR_REVERSE_PROXY_SETUP" == "false" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then - # shellcheck disable=SC2034 - inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do - kill $(pgrep ironic) - done & -fi - -# Make sure ironic traffic bypasses any proxies -export NO_PROXY="${NO_PROXY:-},$IRONIC_IP" - -# shellcheck disable=SC2086 -exec /usr/bin/ironic-inspector