[RFE] Allow IPA to skip SSL certs validation
Bug #1642515 reported by
Pavlo Shchelokovskyy
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ironic-python-agent |
Fix Released
|
Wishlist
|
Pavlo Shchelokovskyy |
Bug Description
We've faced a problem in our CI environments where OpenStack is deployed with self-signed SSL certs on public API, as IPA can not connect to those, both for lookup/heartbeat and for image download (pre-built upstream tinyipa deploy image was used).
It is proposed to add handling of an extra 'ipa-insecure' kernel boot parameter (defaults to '0' or smth like that). Then test CI deployments similar to what described above can add 'ipa-insecure=1' to their 'pxe_append_params' in ironic.conf on conductor hosts.
Alternatively we could just reuse current 'ipa-debug' flag but that would disallow a closer-
Fix proposed to branch: master /review. openstack. org/398992
Review: https:/