Description of problem:
There is no way in the GUI to register a node and pass "insecure" to the bmh object creation. On the CLI you would add spec.bmc.disableCertificateVerification: true
Steps to Reproduce:
1. From the baremetal hosts page, click on Add host
2. The dialog lets you add the bmc address and credentials, but there is no option to set disableCertificateVerification: true
redfish://192.168.123.1:8000/redfish/v1/Systems/a83f321e-7684-4a22-9f02-a14cb40e5cee true Failed to get power state for node a7539458-bbe8-466d-8b00-45b29d6fc240. Error: Redfish connection failed for node a7539458-bbe8-466d-8b00-45b29d6fc240: Unable to connect to https://192.168.123.1:8000/redfish/v1/. Error: HTTPSConnectionPool(host='192.168.123.1', port=8000): Max retries exceeded with url: /redfish/v1/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
In the QE's libvirt environments we use sushy tools to simulate redfish, and it runs over https with self-signed certificates.
According to discussion with Dmitry, the option disables the certificates validation which imposes a security concern. Doing this should be avoided in production environments. We'll need to properly communicate this to the user when exposing the option via UI.
Created attachment 1697728 [details]
Disable Certificate Verification
Now on create baremetal hosts from dialog page https://console-openshift-console.apps.titan57-0.qe.lab.redhat.com/k8s/ns/openshift-machine-api/metal3.io~v1alpha1~BareMetalHost/~new/form, there is an option 'Disable Certificate Verification', after it is checked, BMH created will have spec.disableCertificateVerification set to True
Verified on 4.5.0-0.nightly-2020-06-11-183238
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.