Auth was removed from ironic API in favour of doing it in httpd (as part of a switch to wsgi). The switch to wsgi hasn't happened so we need to restore auth here.
Fix was verified IPV4, OCP version 4.9.0-0.nightly-2021-08-16-154237 [kni@provisionhost-0-0 ~]$ curl -I https://172.22.0.3:6385/v1/nodes -X get --insecure HTTP/1.1 401 Unauthorized Www-Authenticate: Basic realm="Baremetal API" Content-Type: application/json Content-Length: 57 Date: Tue, 17 Aug 2021 12:10:19 GMT IPV6, OCP version 4.9.0-0.nightly-2021-08-16-082143 [kni@provisionhost-0-0 ~]$ curl https://[fd00:1101:0:1::3]:6385/v1/nodes -X get --insecure {"error":{"message":"Authorization required","code":401}}[kni@provisionhost-0-0 ~]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759