WIP: Apache webserver handles TLS on Ironic and Ironic-inspector sides by namnx228 · Pull Request #562 · metal3-io/metal3-dev-env

namnx228 · 2020-11-23T12:07:25Z

This PR adds an option to let Apache web server handle TLS on Ironic and Ironic-inspector side.
Related PRs:
metal3-io/ironic-image#230
metal3-io/baremetal-operator#728
metal3-io/ironic-inspector-image#70

namnx228 · 2020-12-01T11:50:48Z

/assign @maelk
/cc @dtantsur
/cc @derekhiggins
/cc @fmuyassarov
/cc @furkatgofurov7
/cc @zaneb

fmuyassarov

/lgtm

fmuyassarov · 2020-12-01T14:45:58Z

 export IRONIC_DATA_DIR="$WORKING_DIR/ironic"
 export IRONIC_IMAGE_DIR="$IRONIC_DATA_DIR/html/images"
 export IRONIC_KEEPALIVED_IMAGE=${IRONIC_KEEPALIVED_IMAGE:-"quay.io/metal3-io/keepalived"}
+#TODO: Update vars.md


nit:

Suggested change

#TODO: Update vars.md

metal3-io-bot · 2020-12-16T16:16:39Z

New changes are detected. LGTM label has been removed.

metal3-io-bot · 2021-01-13T13:13:28Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: namnx228
To complete the pull request process, please assign maelk
You can assign the PR to them by writing /assign @maelk in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

namnx228 · 2021-03-10T12:03:31Z

/test-integration
/test-centos-integration

smoshiur1237

Lets pass the CI. Otherwise Looks good to me.

furkatgofurov7

Question(s) inline:

furkatgofurov7 · 2021-03-10T13:03:23Z

 export IRONIC_IMAGE_DIR="$IRONIC_DATA_DIR/html/images"
 export IRONIC_KEEPALIVED_IMAGE=${IRONIC_KEEPALIVED_IMAGE:-"quay.io/metal3-io/keepalived"}
+# Option to use reverse proxy on ironic-inspector
+export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-"false"}


I might be missing the bits, but are not we supposed to have this option enabled by default? AFAIK, IRONIC_TLS_SETUP is used by default.
Also, vars.md needs to be updated with new var.

I was not fully clear in prev. comment, maybe. Is it the case that we will have 2 options depending on IRONIC_TLS_SETUP?:

IRONIC_TLS_SETUP=false ==> INSPECTOR_REVERSE_PROXY_SETUP=false;

IRONIC_TLS_SETUP=true ==> INSPECTOR_REVERSE_PROXY_SETUP=false/true;

The reason for INSPECTOR_REVERSE_PROXY_SETUP to be false is to pass the CI. Otherwise, this PR needs the PR metal3-io/baremetal-operator#728 to go in before it can pass the CI.
Thanks for reminding me about the vars. Will do now

fmuyassarov

LGTM, squashing the commits would be good I think.

fmuyassarov · 2021-03-10T13:13:02Z

Sorry I forgot to mention, you probably need to add the image for upgrade tests as well

metal3-dev-env/scripts/feature_tests/upgrade/combined_tests/1cp_1w_bootDiskImageANDK8sControllers_clusterLevel_upgrade.sh

Line 93 in a081567

for container in ironic ironic-dnsmasq ironic-httpd mariadb; do

namnx228 · 2021-03-15T08:16:48Z

/hold

Add option to let Apache webserver handle TLS on Ironic and Ironic-inspector Remove the option to choose whether to use WSGI or not Remove the option to use reverse proxy for inspector Option to use reverse proxy on ironic inspector Add http_reverse_proxy to the container cleaning list Allow `make clean` to delete httpd-reverse-proxy Add new variable to vars.md Use the ironic-inspector reverse proxy <=> when ironic tls is used Revert "Add new variable to vars.md" This reverts commit 39e10ba9079700c835d381f556247c81c6d1738c.

namnx228 · 2021-03-23T17:11:55Z

/test-centos-integration
/test-integration

kashifest · 2021-05-10T10:16:34Z

@namnx228 Whats the update with this PR?

namnx228 · 2021-05-10T12:06:59Z

I think we can close this PR. It is not needed anymore.

metal3-io-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Nov 23, 2020

namnx228 changed the title ~~WIP: Apache reverse proxy nam~~ WIP: Apache reverse proxy Nov 23, 2020

This was referenced Nov 23, 2020

Apache reverse proxy metal3-io/ironic-inspector-image#70

Merged

Apache webserver handles TLS on Ironic metal3-io/baremetal-operator#728

Merged

namnx228 mentioned this pull request Dec 1, 2020

Run ironic-api as WSGI when standalone with TLS capability metal3-io/ironic-image#230

Merged

namnx228 force-pushed the apache-reverse-proxy-nam branch from 1d80410 to fe7117e Compare December 1, 2020 11:16

namnx228 changed the title ~~WIP: Apache reverse proxy~~ Apache webserver handles TLS on Ironic and Ironic-inspector side Dec 1, 2020

metal3-io-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 1, 2020

namnx228 changed the title ~~Apache webserver handles TLS on Ironic and Ironic-inspector side~~ Apache webserver handles TLS on Ironic and Ironic-inspector sides Dec 1, 2020

metal3-io-bot assigned maelk Dec 1, 2020

metal3-io-bot requested review from derekhiggins, dtantsur, fmuyassarov, furkatgofurov7 and zaneb December 1, 2020 11:50

namnx228 force-pushed the apache-reverse-proxy-nam branch from fe7117e to 2d35eff Compare December 1, 2020 14:38

fmuyassarov reviewed Dec 1, 2020

View reviewed changes

metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Dec 1, 2020

namnx228 force-pushed the apache-reverse-proxy-nam branch from 2d35eff to 20e249b Compare December 16, 2020 16:16

metal3-io-bot removed the lgtm Indicates that a PR is ready to be merged. label Dec 16, 2020

namnx228 changed the title ~~Apache webserver handles TLS on Ironic and Ironic-inspector sides~~ WIP: Apache webserver handles TLS on Ironic and Ironic-inspector sides Dec 16, 2020

metal3-io-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 16, 2020

namnx228 force-pushed the apache-reverse-proxy-nam branch 2 times, most recently from 73ae4ea to 2d19311 Compare January 13, 2021 13:13

metal3-io-bot removed the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 13, 2021

namnx228 changed the title ~~WIP: Apache webserver handles TLS on Ironic and Ironic-inspector sides~~ Apache webserver handles TLS on Ironic and Ironic-inspector sides Jan 13, 2021

metal3-io-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 13, 2021

namnx228 force-pushed the apache-reverse-proxy-nam branch 2 times, most recently from 022098a to f7a0f57 Compare January 22, 2021 09:27

metal3-io-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 22, 2021

namnx228 force-pushed the apache-reverse-proxy-nam branch from 4662481 to f22b468 Compare January 28, 2021 09:36

namnx228 force-pushed the apache-reverse-proxy-nam branch from f22b468 to c174f9e Compare March 9, 2021 14:34

smoshiur1237 reviewed Mar 10, 2021

View reviewed changes

furkatgofurov7 reviewed Mar 10, 2021

View reviewed changes

fmuyassarov reviewed Mar 10, 2021

View reviewed changes

namnx228 force-pushed the apache-reverse-proxy-nam branch from c174f9e to 4e24e33 Compare March 11, 2021 12:42

metal3-io-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 15, 2021

namnx228 changed the title ~~Apache webserver handles TLS on Ironic and Ironic-inspector sides~~ WIP: Apache webserver handles TLS on Ironic and Ironic-inspector sides Mar 15, 2021

metal3-io-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 15, 2021

namnx228 force-pushed the apache-reverse-proxy-nam branch 2 times, most recently from 8874f50 to e7de388 Compare March 22, 2021 13:22

namnx228 force-pushed the apache-reverse-proxy-nam branch from e7de388 to 91131c8 Compare March 23, 2021 16:53

metal3-io-bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 23, 2021

namnx228 closed this May 10, 2021

namnx228 deleted the apache-reverse-proxy-nam branch September 29, 2021 07:35

Conversation

namnx228 commented Nov 23, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

namnx228 commented Dec 1, 2020

Uh oh!

fmuyassarov left a comment

Choose a reason for hiding this comment

Uh oh!

fmuyassarov Dec 1, 2020

Choose a reason for hiding this comment

Uh oh!

metal3-io-bot commented Dec 16, 2020

Uh oh!

metal3-io-bot commented Jan 13, 2021

Uh oh!

namnx228 commented Mar 10, 2021

Uh oh!

smoshiur1237 left a comment

Choose a reason for hiding this comment

Uh oh!

furkatgofurov7 left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

furkatgofurov7 Mar 10, 2021

Choose a reason for hiding this comment

Uh oh!

furkatgofurov7 Mar 10, 2021

Choose a reason for hiding this comment

Uh oh!

namnx228 Mar 10, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

fmuyassarov left a comment

Choose a reason for hiding this comment

Uh oh!

fmuyassarov commented Mar 10, 2021

Uh oh!

namnx228 commented Mar 15, 2021

Uh oh!

namnx228 commented Mar 23, 2021

Uh oh!

kashifest commented May 10, 2021

Uh oh!

namnx228 commented May 10, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

namnx228 commented Nov 23, 2020 •

edited

Loading

furkatgofurov7 left a comment •

edited

Loading

namnx228 Mar 10, 2021 •

edited

Loading