Description of problem: There is no way in the GUI to register a node and pass "insecure" to the bmh object creation. On the CLI you would add spec.bmc.disableCertificateVerification: true How reproducible: 100% Steps to Reproduce: 1. From the baremetal hosts page, click on Add host 2. The dialog lets you add the bmc address and credentials, but there is no option to set disableCertificateVerification: true Actual results: redfish://192.168.123.1:8000/redfish/v1/Systems/a83f321e-7684-4a22-9f02-a14cb40e5cee true Failed to get power state for node a7539458-bbe8-466d-8b00-45b29d6fc240. Error: Redfish connection failed for node a7539458-bbe8-466d-8b00-45b29d6fc240: Unable to connect to https://192.168.123.1:8000/redfish/v1/. Error: HTTPSConnectionPool(host='192.168.123.1', port=8000): Max retries exceeded with url: /redfish/v1/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) Additional info: In the QE's libvirt environments we use sushy tools to simulate redfish, and it runs over https with self-signed certificates.
According to discussion with Dmitry, the option disables the certificates validation which imposes a security concern. Doing this should be avoided in production environments. We'll need to properly communicate this to the user when exposing the option via UI.
Created attachment 1697728 [details] Disable Certificate Verification Now on create baremetal hosts from dialog page https://console-openshift-console.apps.titan57-0.qe.lab.redhat.com/k8s/ns/openshift-machine-api/metal3.io~v1alpha1~BareMetalHost/~new/form, there is an option 'Disable Certificate Verification', after it is checked, BMH created will have spec.disableCertificateVerification set to True spec: bmc: address: test credentialsName: testbmworker-bmc-secret disableCertificateVerification: true Verified on 4.5.0-0.nightly-2020-06-11-183238
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409