Skip to content

Commit

Permalink
add iPXE TLS support to local ironic deployment
Browse files Browse the repository at this point in the history 
This change will introduce the configuration options necessary
to run locally deployed (local container no K8s) Ironic with
customized TLS enabled iPXE.

Currently the custom iPXE firmware is being produced in the
metal3-dev-env when this feature is enabled.

Signed-off-by: Adam Rozman <adam.rozman@est.tech>
  • Loading branch information
@Rozzii
Rozzii committed Jan 11, 2024
1 parent 58a68c9 commit 57d5b7f
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions tools/run_local_ironic.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ MARIADB_CACERT_FILE="${MARIADB_CACERT_FILE:-}"
MARIADB_CERT_FILE="${MARIADB_CERT_FILE:-}"
MARIADB_KEY_FILE="${MARIADB_KEY_FILE:-}"

IPXE_CACERT_FILE="${IPXE_CACERT_FILE:-}"
IPXE_CERT_FILE="${IPXE_CERT_FILE:-}"
IPXE_KEY_FILE="${IPXE_KEY_FILE:-}"

# Variables used to configure IPA handling
IPA_DOWNLOAD_ENABLED="${IPA_DOWNLOAD_ENABLED:-true}"
USE_LOCAL_IPA="${USE_LOCAL_IPA:-false}"
Expand Down Expand Up @@ -179,6 +183,16 @@ if [ -n "$MARIADB_KEY_FILE" ]; then
CERTS_MOUNTS="${CERTS_MOUNTS} -v ${MARIADB_KEY_FILE}:/certs/mariadb/tls.key "
fi

if [[ -n "$IPXE_CACERT_FILE" ]]; then
CERTS_MOUNTS="${CERTS_MOUNTS} -v ${IPXE_CACERT_FILE}:/certs/ca/ipxe/tls.crt "
fi
if [[ -n "$IPXE_CERT_FILE" ]]; then
CERTS_MOUNTS="${CERTS_MOUNTS} -v ${IPXE_CERT_FILE}:/certs/ipxe/tls.crt "
fi
if [[ -n "$IPXE_KEY_FILE" ]]; then
CERTS_MOUNTS="${CERTS_MOUNTS} -v ${IPXE_KEY_FILE}:/certs/ipxe/tls.key "
fi

BASIC_AUTH_MOUNTS=""
IRONIC_HTPASSWD=""
if [ -n "$IRONIC_USERNAME" ]; then
Expand Down Expand Up @@ -244,13 +258,13 @@ if ${IPA_DOWNLOAD_ENABLED}; then
sudo "${CONTAINER_RUNTIME}" wait ipa-downloader
fi

# Start dnsmasq, http, mariadb, and ironic containers using same image
# Start dnsmasq, http, maria-db, and ironic containers using same image

# See this file for env vars you can set, like IP, DHCP_RANGE, INTERFACE
# https://github.com/metal3-io/ironic-image/blob/main/scripts/rundnsmasq
# shellcheck disable=SC2086
sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name dnsmasq \
${POD} --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \
${POD} ${CERTS_MOUNTS} --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \
-v "$IRONIC_DATA_DIR:/shared" --entrypoint /bin/rundnsmasq "${IRONIC_IMAGE}"

# See this file for env vars you can set, like IP, DHCP_RANGE, INTERFACE
Expand Down

0 comments on commit 57d5b7f

Please sign in to comment.