Bug 1801228 - [IPI baremetal]: MAO Add an option to disable CA verification for Redfish
Summary: [IPI baremetal]: MAO Add an option to disable CA verification for Redfish
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.4.0
Assignee: Steven Hardy
QA Contact: Amit Ugol
URL:
Whiteboard:
Depends On: 1799219
Blocks: 1799255 1799927
TreeView+ depends on / blocked
 
Reported: 2020-02-10 13:27 UTC by Steven Hardy
Modified: 2020-05-15 16:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1799219
Environment:
Last Closed: 2020-05-15 16:07:38 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift machine-api-operator pull 489 None closed Bug 1801228: Update BareMetalHost CRD 2020-05-15 14:35:31 UTC

Description Steven Hardy 2020-02-10 13:27:05 UTC
+++ This bug was initially created as a clone of Bug #1799219 +++

When provisioning baremetal IPI using Redfish with virtual media or PXE, the default is for Ironic to verify the CA certificates, however it is typical for the CA certs to be self-signed. We should expose the option for disabling certificate verification so in lab or other environments where they have not replaced BMC certs with trusted ones, they can still test Redfish deployments.

This is to track updating the MAO copy of the BMH CRD to match https://github.com/openshift/baremetal-operator/pull/51

https://github.com/openshift/machine-api-operator/blob/master/install/0000_30_machine-api-operator_08_baremetalhost.crd.yaml

Without this fix deployment of workers with baremetal IPI and Redfish will not work.


Note You need to log in before you can comment on or make changes to this bug.