diff --git a/ironic-image/ironic-config/ironic.conf.j2 b/ironic-image/ironic-config/ironic.conf.j2 index 7333c37..3c7ea0e 100644 --- a/ironic-image/ironic-config/ironic.conf.j2 +++ b/ironic-image/ironic-config/ironic.conf.j2 @@ -91,7 +91,11 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }} # Power state is checked every 60 seconds and BMC activity should # be avoided more often than once every sixty seconds. send_sensor_data_interval = 160 +{% if env.VMEDIA_TLS_PORT %} +bootloader = {{ env.IRONIC_HTTPS_VMEDIA_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img +{% else %} bootloader = {{ env.IRONIC_HTTP_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img +{% endif %} verify_step_priority_override = management.clear_job_queue:90 # We don't use this feature, and it creates an additional load on the database node_history = False @@ -123,15 +127,15 @@ default_boot_option = local erase_devices_metadata_priority = 10 erase_devices_priority = 0 http_root = /shared/html/ -http_url = {{ env.IRONIC_HTTP_URL }} +http_url = {% if env.VMEDIA_TLS_PORT %}{{ env.IRONIC_HTTPS_VMEDIA_URL }}{% else %}{{ env.IRONIC_HTTP_URL }}{% endif %} fast_track = {{ env.IRONIC_FAST_TRACK }} {% if env.IRONIC_BOOT_ISO_SOURCE %} ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }} {% endif %} {% if env.IRONIC_EXTERNAL_HTTP_URL %} external_http_url = {{ env.IRONIC_EXTERNAL_HTTP_URL }} -{% elif env.IRONIC_VMEDIA_TLS_SETUP == "true" %} -external_http_url = https://{{ env.IRONIC_URL_HOST }}:{{ env.VMEDIA_TLS_PORT }} +{% elif env.VMEDIA_TLS_PORT %} +external_http_url = {{ env.IRONIC_HTTPS_VMEDIA_URL }} {% endif %} {% if env.IRONIC_EXTERNAL_CALLBACK_URL %} external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }} diff --git a/ironic-image/scripts/configure-ironic.sh b/ironic-image/scripts/configure-ironic.sh index 7b0d00b..149812f 100755 --- a/ironic-image/scripts/configure-ironic.sh +++ b/ironic-image/scripts/configure-ironic.sh @@ -3,6 +3,7 @@ set -euxo pipefail IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}" +export VMEDIA_TLS_PORT="${VMEDIA_TLS_PORT:-}" # Define the VLAN interfaces to be included in introspection report, e.g. # all - all VLANs on all interfaces using LLDP information @@ -59,6 +60,10 @@ else export IRONIC_HOST_IP="$IRONIC_IP" fi +if [[ "${VMEDIA_TLS_PORT}" ]]; then + export IRONIC_HTTPS_VMEDIA_URL="https://${IRONIC_URL_HOST}:${VMEDIA_TLS_PORT}" +fi + # Hostname to use for the current conductor instance. export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}} diff --git a/ironic-image/scripts/ironic-common.sh b/ironic-image/scripts/ironic-common.sh index 4b9e653..d2c3215 100644 --- a/ironic-image/scripts/ironic-common.sh +++ b/ironic-image/scripts/ironic-common.sh @@ -5,7 +5,7 @@ set -euxo pipefail # Export IRONIC_IP to avoid needing to lean on IRONIC_URL_HOST for consumption in # e.g. dnsmasq configuration export IRONIC_IP="${IRONIC_IP:-}" -export IRONIC_IPV6="${IRONIC_IPV6:-}" +IRONIC_IPV6="${IRONIC_IPV6:-}" PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}" PROVISIONING_IP="${PROVISIONING_IP:-}" PROVISIONING_MACS="${PROVISIONING_MACS:-}" @@ -160,6 +160,7 @@ wait_for_interface_or_ip() # If the IP contains a colon, then it's an IPv6 address if [[ "$PROVISIONING_IP" =~ .*:.* ]]; then export IRONIC_IPV6="$PROVISIONING_IP" + export IRONIC_IP="" else export IRONIC_IP="$PROVISIONING_IP" fi diff --git a/metal3-chart/charts/ironic/templates/_helpers.tpl b/metal3-chart/charts/ironic/templates/_helpers.tpl index e5d022f..4ddd909 100644 --- a/metal3-chart/charts/ironic/templates/_helpers.tpl +++ b/metal3-chart/charts/ironic/templates/_helpers.tpl @@ -85,16 +85,20 @@ Get ironic CA volumeMounts {{- end }} {{/* -Get the formatted "External" hostname or IP address +Get the formatted "External" hostname or IP based URL */}} -{{- define "ironic.externalHttpHost" }} -{{- with .Values.global }} -{{- if regexMatch ".*:.*" .externalHttpHost }} -{{- print "[" .externalHttpHost "]" }} -{{- else }} -{{- .externalHttpHost }} +{{- define "ironic.externalHttpUrl" }} +{{- $host := ternary (include "metal3.provisioningIP" .) .Values.global.externalHttpHost (empty .Values.global.externalHttpHost) }} +{{- if regexMatch ".*:.*" $host }} +{{- $host = print "[" $host "]" }} {{- end }} +{{- $protocol := "http" }} +{{- $port := "6180" }} +{{- if .Values.global.enable_vmedia_tls }} +{{- $protocol = "https" }} +{{- $port = .Values.global.vmediaTLSPort | default "6185" }} {{- end }} +{{- print $protocol "://" $host ":" $port }} {{- end }} {{/* diff --git a/metal3-chart/charts/ironic/templates/configmap.yaml b/metal3-chart/charts/ironic/templates/configmap.yaml index 260e4c0..05f690a 100644 --- a/metal3-chart/charts/ironic/templates/configmap.yaml +++ b/metal3-chart/charts/ironic/templates/configmap.yaml @@ -5,9 +5,6 @@ metadata: labels: {{- include "ironic.labels" . | nindent 4 }} data: - {{- $enableTLS := .Values.global.enable_tls }} - {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }} - {{- $protocol := ternary "https" "http" $enableTLS }} {{- $deployArch := .Values.global.deployArchitecture }} {{- if ( .Values.global.enable_dnsmasq ) }} @@ -20,15 +17,7 @@ data: {{- end }} HTTP_PORT: "6180" PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}" - # Switch VMedia to HTTP if enable_vmedia_tls is false - {{- if and $enableTLS $enableVMediaTLS }} - {{- $protocol = "https" }} - {{- else }} - {{- $protocol = "http" }} - {{- end }} - {{- if .Values.global.externalHttpHost }} - IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ include "ironic.externalHttpHost" . }}:6385 - {{- end }} + IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }} DEPLOY_ARCHITECTURE: {{ $deployArch }} ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}" {{- if .Values.global.provisioningInterface }}