Bug 1801228 - [IPI baremetal]: MAO Add an option to disable CA verification for Redfish
Summary: [IPI baremetal]: MAO Add an option to disable CA verification for Redfish
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.4.0
Assignee: Steven Hardy
QA Contact: Amit Ugol
Depends On: 1799219
Blocks: 1799255 1799927
TreeView+ depends on / blocked
Reported: 2020-02-10 13:27 UTC by Steven Hardy
Modified: 2020-05-15 16:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1799219
Last Closed: 2020-05-15 16:07:38 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift machine-api-operator pull 489 0 None closed Bug 1801228: Update BareMetalHost CRD 2020-05-15 14:35:31 UTC

Description Steven Hardy 2020-02-10 13:27:05 UTC
+++ This bug was initially created as a clone of Bug #1799219 +++

When provisioning baremetal IPI using Redfish with virtual media or PXE, the default is for Ironic to verify the CA certificates, however it is typical for the CA certs to be self-signed. We should expose the option for disabling certificate verification so in lab or other environments where they have not replaced BMC certs with trusted ones, they can still test Redfish deployments.

This is to track updating the MAO copy of the BMH CRD to match https://github.com/openshift/baremetal-operator/pull/51


Without this fix deployment of workers with baremetal IPI and Redfish will not work.

Note You need to log in before you can comment on or make changes to this bug.