diff --git a/ironic-deployment/default/ironic_bmo_configmap.env b/ironic-deployment/default/ironic_bmo_configmap.env index 09884370f6..0849ea4a5f 100644 --- a/ironic-deployment/default/ironic_bmo_configmap.env +++ b/ironic-deployment/default/ironic_bmo_configmap.env @@ -8,3 +8,4 @@ IRONIC_INSPECTOR_ENDPOINT=http://172.22.0.2:5050/v1/ CACHEURL=http://172.22.0.1/images IRONIC_FAST_TRACK=true IRONIC_KERNEL_PARAMS=console=ttyS0 +INSPECTOR_REVERSE_PROXY_SETUP=false diff --git a/ironic-deployment/ironic/ironic.yaml b/ironic-deployment/ironic/ironic.yaml index 1043186b56..db8c223b8a 100644 --- a/ironic-deployment/ironic/ironic.yaml +++ b/ironic-deployment/ironic/ironic.yaml @@ -42,20 +42,6 @@ spec: secretKeyRef: name: mariadb-password key: password - - name: ironic-httpd - image: quay.io/metal3-io/ironic - imagePullPolicy: Always - securityContext: - capabilities: - add: ["NET_ADMIN"] - command: - - /bin/runhttpd - volumeMounts: - - mountPath: /shared - name: ironic-data-volume - envFrom: - - configMapRef: - name: ironic-bmo-configmap - name: ironic-api image: quay.io/metal3-io/ironic imagePullPolicy: Always @@ -104,6 +90,14 @@ spec: envFrom: - configMapRef: name: ironic-bmo-configmap + - name: httpd-reverse-proxy + image: quay.io/metal3-io/ironic-inspector + imagePullPolicy: Always + envFrom: + - configMapRef: + name: ironic-bmo-configmap + command: + - /bin/runhttpd - name: ironic-inspector-log-watch image: quay.io/metal3-io/ironic-inspector imagePullPolicy: Always @@ -126,4 +120,4 @@ spec: name: ironic-data-volume volumes: - name: ironic-data-volume - emptyDir: {} \ No newline at end of file + emptyDir: {} diff --git a/tools/deploy.sh b/tools/deploy.sh index 47f9907906..bcb7be8286 100755 --- a/tools/deploy.sh +++ b/tools/deploy.sh @@ -18,7 +18,6 @@ DEPLOY_IRONIC="${2,,}" DEPLOY_TLS="${3,,}" DEPLOY_BASIC_AUTH="${4,,}" DEPLOY_KEEPALIVED="${5,,}" - IRONIC_HOST="${IRONIC_HOST}" IRONIC_HOST_IP="${IRONIC_HOST_IP}" MARIADB_HOST="${MARIADB_HOST:-"mariaDB"}" diff --git a/tools/remove_local_ironic.sh b/tools/remove_local_ironic.sh index 587fb6cbf5..b20ebed362 100755 --- a/tools/remove_local_ironic.sh +++ b/tools/remove_local_ironic.sh @@ -6,9 +6,9 @@ set -xe # It requires ${CONTAINER_RUNTIME} variable to be defined first for name in ironic ironic-api ironic-conductor ironic-inspector dnsmasq httpd mariadb ipa-downloader \ - ironic-endpoint-keepalived ironic-log-watch ironic-inspector-log-watch; do + ironic-endpoint-keepalived ironic-log-watch ironic-inspector-log-watch httpd-reverse-proxy ; do sudo "${CONTAINER_RUNTIME}" ps | grep -w "$name$" && sudo "${CONTAINER_RUNTIME}" kill "$name" sudo "${CONTAINER_RUNTIME}" ps --all | grep -w "$name$" && sudo "${CONTAINER_RUNTIME}" rm "$name" -f done -set +xe \ No newline at end of file +set +xe diff --git a/tools/run_local_ironic.sh b/tools/run_local_ironic.sh index da9ea3859d..cad3742306 100755 --- a/tools/run_local_ironic.sh +++ b/tools/run_local_ironic.sh @@ -17,9 +17,11 @@ PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-"ironicendpoint"}" CLUSTER_DHCP_RANGE="${CLUSTER_DHCP_RANGE:-"172.22.0.10,172.22.0.100"}" IRONIC_KERNEL_PARAMS="${IRONIC_KERNEL_PARAMS:-"console=ttyS0"}" + IRONIC_CACERT_FILE="${IRONIC_CACERT_FILE:-}" IRONIC_CERT_FILE="${IRONIC_CERT_FILE:-}" IRONIC_KEY_FILE="${IRONIC_KEY_FILE:-}" +IRONIC_TLS_SETUP=${IRONIC_TLS_SETUP:-"true"} IRONIC_INSPECTOR_CACERT_FILE="${IRONIC_INSPECTOR_CACERT_FILE:-}" IRONIC_INSPECTOR_CERT_FILE="${IRONIC_INSPECTOR_CERT_FILE:-}" @@ -50,6 +52,11 @@ IRONIC_ENDPOINT="${IRONIC_ENDPOINT:-"${IRONIC_BASE_URL}:6385/v1/"}" IRONIC_INSPECTOR_ENDPOINT="${IRONIC_INSPECTOR_ENDPOINT:-"${IRONIC_BASE_URL}:5050/v1/"}" CACHEURL="${CACHEURL:-"http://${PROVISIONING_IP}/images"}" IRONIC_FAST_TRACK="${IRONIC_FAST_TRACK:-"true"}" +INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-"true"} +if [[ $IRONIC_TLS_SETUP == *false* ]] +then + INSPECTOR_REVERSE_PROXY_SETUP="false" # No Revese proxy for Ironic inspector if TLS is not used +fi sudo mkdir -p "${IRONIC_DATA_DIR}" sudo mkdir -p "${IRONIC_DATA_DIR}/auth" @@ -66,6 +73,7 @@ IRONIC_INSPECTOR_ENDPOINT=${IRONIC_INSPECTOR_ENDPOINT} CACHEURL=${CACHEURL} IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK} IRONIC_KERNEL_PARAMS=${IRONIC_KERNEL_PARAMS} +INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP} EOF sudo "${CONTAINER_RUNTIME}" pull "$IRONIC_IMAGE" @@ -166,13 +174,6 @@ sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name dnsmasq \ ${POD} --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \ -v "$IRONIC_DATA_DIR:/shared" --entrypoint /bin/rundnsmasq "${IRONIC_IMAGE}" -# For available env vars, see: -# https://github.com/metal3-io/ironic/blob/master/runhttpd.sh -# shellcheck disable=SC2086 -sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name httpd \ - ${POD} --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \ - -v "$IRONIC_DATA_DIR:/shared" --entrypoint /bin/runhttpd "${IRONIC_IMAGE}" - # https://github.com/metal3-io/ironic/blob/master/runmariadb.sh # shellcheck disable=SC2086 sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name mariadb \ @@ -219,6 +220,17 @@ sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name ironic-inspect --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \ -v "$IRONIC_DATA_DIR:/shared" "${IRONIC_INSPECTOR_IMAGE}" +# Start httpd reverse proxy for Ironic Inspector +# shellcheck disable=SC2086 +if [[ $INSPECTOR_REVERSE_PROXY_SETUP == "true" ]] +then + sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name httpd-reverse-proxy \ + ${POD} ${CERTS_MOUNTS} ${BASIC_AUTH_MOUNTS} ${IRONIC_INSPECTOR_HTPASSWD} \ + --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \ + --entrypoint /bin/runhttpd \ + -v "$IRONIC_DATA_DIR:/shared" "${IRONIC_INSPECTOR_IMAGE}" +fi + # Start ironic-inspector-log-watch # shellcheck disable=SC2086 sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name ironic-inspector-log-watch \