Skip to content

Commit fdf06f1

Browse files
dtantsurdtantsur
committed
Re-apply "Enable TLS validation for Redfish emulator"
Reverts the partial revert that disabled the validation in the CI. Now that we've crossed the release boundary, it should be safe to do. Starting with version 4.22 instead of 4.21 to be extra safe. This reverts commit df885c4.
1 parent 1ef91bf commit fdf06f1

File tree

2 files changed

+14
-8
lines changed

2 files changed

+14
-8
lines changed

ocp_install_env.sh

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -422,7 +422,7 @@ $(node_map_to_install_config_hosts $NUM_MASTERS 0 master)
422422
EOF
423423
fi
424424

425-
if ! is_lower_version "$(openshift_version $OCP_DIR)" "4.21"; then
425+
if ! is_lower_version "$(openshift_version $OCP_DIR)" "4.22"; then
426426
cat >> "${outdir}/install-config.yaml" << EOF
427427
bmcVerifyCA: |
428428
$(sudo sed 's/^/ /' "${WORKING_DIR}/virtualbmc/sushy-tools/cert.pem")
@@ -472,8 +472,12 @@ function generate_ocp_host_manifest() {
472472

473473
encoded_username=$(echo -n "$username" | base64)
474474
encoded_password=$(echo -n "$password" | base64)
475-
# Heads up, "verify_ca" in ironic driver config, and "disableCertificateVerification" in BMH have opposite meaning
476-
disableCertificateVerification=$([ "$verify_ca" = "False" ] && echo "true" || echo "false")
475+
if is_lower_version "$(openshift_version $OCP_DIR)" "4.22"; then
476+
# Heads up, "verify_ca" in ironic driver config, and "disableCertificateVerification" in BMH have opposite meaning
477+
disableCertificateVerification=$([ "$verify_ca" = "False" ] && echo "true" || echo "false")
478+
else
479+
disableCertificateVerification=false
480+
fi
477481

478482
secret="---
479483
apiVersion: v1

utils.sh

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -268,13 +268,15 @@ function node_map_to_install_config_hosts() {
268268
EOF
269269

270270
if [[ "$driver_prefix" == "redfish" ]]; then
271-
# Set disableCertificateVerification
272-
# Heads up, "verify ca" in ironic driver config, and "disableCertificateVerification" in BMH have opposite meaning
273-
verify_ca=$(node_val ${idx} "driver_info.redfish_verify_ca")
274-
disable_certificate_verification=$([ "$verify_ca" = "False" ] && echo "true" || echo "false")
275-
cat << EOF
271+
# Set disableCertificateVerification on older versions
272+
if is_lower_version "$(openshift_version $OCP_DIR)" "4.22"; then
273+
# Heads up, "verify ca" in ironic driver config, and "disableCertificateVerification" in BMH have opposite meaning
274+
verify_ca=$(node_val ${idx} "driver_info.redfish_verify_ca")
275+
disable_certificate_verification=$([ "$verify_ca" = "False" ] && echo "true" || echo "false")
276+
cat << EOF
276277
disableCertificateVerification: ${disable_certificate_verification}
277278
EOF
279+
fi
278280
fi
279281

280282

0 commit comments

Comments
 (0)