When provisioning baremetal IPI using Redfish with virtual media or PXE, the default is for Ironic to verify the CA certificates, however it is typical for the CA certs to be self-signed. We should expose the option for disabling certificate verification so in lab or other environments where they have not replaced BMC certs with trusted ones, they can still test Redfish deployments.
Upstream PR: https://github.com/metal3-io/baremetal-operator/pull/396 Once merged, we need to cherry-pick it to openshift/baremetal-operator
Note this will also require changes to the installer to update the vendored BMO https://github.com/openshift/installer/pull/3072 And to the MAO which includes a copy of the BMH CRD https://github.com/openshift/machine-api-operator/blob/master/install/0000_30_machine-api-operator_08_baremetalhost.crd.yaml
Moving back to assigned as we still need the MAO part for worker deployment I think
Ok my mistake https://bugzilla.redhat.com/show_bug.cgi?id=1799927 tracks the installer change and we need another bz for the MAO fix