ironic-image/inspector-apache.conf.j2

@@ -1,57 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-{% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
- <VirtualHost *:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
-{% else %}
-Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
- <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
-{% endif %}
-    {% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
-    ProxyPass "/"  "unix:/shared/inspector.sock|http://127.0.0.1/"
-    ProxyPassReverse "/"  "unix:/shared/inspector.sock|http://127.0.0.1/"
-    {% else %}
-    ProxyPass "/"  "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
-    ProxyPassReverse "/"  "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
-    {% endif %}
-
-    SetEnv APACHE_RUN_USER ironic-suse
-    SetEnv APACHE_RUN_GROUP ironic-suse
-
-    ErrorLog /dev/stdout
-    LogLevel debug
-    CustomLog /dev/stdout combined
-
-    SSLEngine On
-    SSLProtocol {{ env.IRONIC_SSL_PROTOCOL }}
-    SSLCertificateFile {{ env.IRONIC_INSPECTOR_CERT_FILE }} 
-    SSLCertificateKeyFile {{ env.IRONIC_INSPECTOR_KEY_FILE }}
-
-    {% if "INSPECTOR_HTPASSWD" in env and env.INSPECTOR_HTPASSWD | length %}
-    <Location / >
-        AuthType Basic
-        AuthName "Restricted area"
-        AuthUserFile "/etc/ironic-inspector/htpasswd"
-        Require valid-user
-    </Location>
-
-    <Location ~ "^/(v1/?)?$" >
-        Require all granted
-    </Location>
-
-    <Location /v1/continue >
-        Require all granted
-    </Location>
-    {% endif %}
-</VirtualHost>

ironic-image/ironic-inspector.conf.j2

@@ -1,68 +0,0 @@
-[DEFAULT]
-auth_strategy = noauth
-debug = true
-transport_url = fake://
-use_stderr = true
-{% if env.INSPECTOR_REVERSE_PROXY_SETUP == "true" %}
-{% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
-listen_unix_socket = /shared/inspector.sock
-# NOTE(dtantsur): this is not ideal, but since the socket is accessed from
-# another container, we need to make it world-writeable.
-listen_unix_socket_mode = 0666
-{% else %}
-listen_port = {{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}
-listen_address = 127.0.0.1
-{% endif %}
-{% elif env.LISTEN_ALL_INTERFACES | lower == "true" %}
-listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
-listen_address = ::
-{% else %}
-listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
-listen_address = {{ env.IRONIC_IP }}
-{% endif %}
-host = {{ env.IRONIC_IP }}
-{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
-use_ssl = true
-{% endif %}
-
-[database]
-connection = sqlite:////var/lib/ironic-inspector/ironic-inspector.db
-
-{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
-[discovery]
-enroll_node_driver = ipmi
-{% endif %}
-
-[ironic]
-auth_type = none
-endpoint_override = {{ env.IRONIC_BASE_URL }}
-{% if env.IRONIC_TLS_SETUP == "true" %}
-cafile = {{ env.IRONIC_CACERT_FILE }}
-insecure = {{ env.IRONIC_INSECURE }}
-{% endif %}
-
-[processing]
-add_ports = all
-always_store_ramdisk_logs = true
-keep_ports = present
-{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
-node_not_found_hook = enroll
-{% endif %}
-permit_active_introspection = true
-power_off = false
-processing_hooks = $default_processing_hooks,lldp_basic
-ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk
-store_data = database
-
-[pxe_filter]
-driver = noop
-
-[service_catalog]
-auth_type = none
-endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
-
-{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
-[ssl]
-cert_file = {{ env.IRONIC_INSPECTOR_CERT_FILE }}
-key_file = {{ env.IRONIC_INSPECTOR_KEY_FILE }}
-{% endif %}

ironic-image/runironic-api

@@ -1,13 +0,0 @@
-#!/usr/bin/bash
-
-export IRONIC_DEPLOYMENT="API"
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-export IRONIC_REVERSE_PROXY_SETUP=false
-
-python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < /tmp/httpd-ironic-api.conf.j2 > /etc/httpd/conf.d/ironic.conf
-
-# shellcheck disable=SC1091
-. /bin/runhttpd

ironic-image/runironic-conductor

@@ -1,20 +0,0 @@
-#!/usr/bin/bash
-
-export IRONIC_DEPLOYMENT="Conductor"
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-# Ramdisk logs
-mkdir -p /shared/log/ironic/deploy
-
-run_ironic_dbsync
-
-if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-    # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
-        kill $(pgrep ironic)
-    done &
-fi
-
-exec /usr/bin/ironic-conductor

ironic-image/runironic-inspector

@@ -1,62 +0,0 @@
-#!/usr/bin/bash
-
-set -euxo pipefail
-
-CONFIG=/etc/ironic-inspector/ironic-inspector.conf
-
-export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
-export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
-
-# shellcheck disable=SC1091
-. /bin/tls-common.sh
-# shellcheck disable=SC1091
-. /bin/ironic-common.sh
-# shellcheck disable=SC1091
-. /bin/auth-common.sh
-
-if [[ "$USE_IRONIC_INSPECTOR" == "false" ]]; then
-    echo "FATAL: ironic-inspector is disabled via USE_IRONIC_INSPECTOR"
-    exit 1
-fi
-
-wait_for_interface_or_ip
-
-IRONIC_INSPECTOR_PORT=${IRONIC_INSPECTOR_ACCESS_PORT}
-if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
-    if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]] && [[ "${IRONIC_INSPECTOR_PRIVATE_PORT}" != "unix" ]]; then
-        IRONIC_INSPECTOR_PORT=$IRONIC_INSPECTOR_PRIVATE_PORT
-    fi
-else
-    export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
-fi
-
-export IRONIC_INSPECTOR_BASE_URL="${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_PORT}"
-export IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"
-
-build_j2_config()
-{
-    local CONFIG_FILE="$1"
-    python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$CONFIG_FILE.j2"
-}
-
-# Merge with the original configuration file from the package.
-build_j2_config "$CONFIG" | crudini --merge "$CONFIG"
-
-configure_inspector_auth
-
-configure_client_basic_auth ironic "${CONFIG}"
-
-ironic-inspector-dbsync --config-file "${CONFIG}" upgrade
-
-if [[ "$INSPECTOR_REVERSE_PROXY_SETUP" == "false" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-    # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
-        kill $(pgrep ironic)
-    done &
-fi
-
-# Make sure ironic traffic bypasses any proxies
-export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
-
-# shellcheck disable=SC2086
-exec /usr/bin/ironic-inspector