> What is the use case for needing this value on a node level override?
Passing the CA through a configuration option is actually the only usable way to do it: passing it through the Node requires somehow knowing local paths on the conductor and being able to upload files there.
> How is the user expected to get the certificate onto the conductor securely?
A *user* neither can nor should (see above). CA certificates are deployment-wide, I would not expect a sane operator to use different local CA's for different bare-metal machines. So the literal answer to the question is: via container options, puppet, ansible or whatever way is used to install Ironic.
I'm somewhat surprised by the concerns here.
> What is the use case for needing this value on a node level override?
Passing the CA through a configuration option is actually the only usable way to do it: passing it through the Node requires somehow knowing local paths on the conductor and being able to upload files there.
> How is the user expected to get the certificate onto the conductor securely?
A *user* neither can nor should (see above). CA certificates are deployment-wide, I would not expect a sane operator to use different local CA's for different bare-metal machines. So the literal answer to the question is: via container options, puppet, ansible or whatever way is used to install Ironic.