From da49cf69deb68aac49467d4054f56855c201f5db Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Thu, 18 Jun 2020 10:48:23 +1200 Subject: [PATCH] ironic-standalone, use http basic auth for json-rpc This change achieves functional test coverage for using http_basic auth for json-rpc requests. Since json-rpc is aimed at standalone environments, using http_basic instead of keystone auth for internal requests is a more realistic test scenario. For now, ironic-standalone-redfish is left with the inherited keystone auth strategy. Change-Id: I993741684eaa8f237ffb20535da7167bc589e72c Story: 2007656 Task: 39827 --- devstack/lib/ironic | 14 +++++++++++++- zuul.d/ironic-jobs.yaml | 1 + 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/devstack/lib/ironic b/devstack/lib/ironic index 1eddc680c6..8553dc43aa 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -353,6 +353,11 @@ IRONIC_HTTP_PORT=${IRONIC_HTTP_PORT:-3928} IRONIC_RPC_TRANSPORT=${IRONIC_RPC_TRANSPORT:-oslo} IRONIC_JSON_RPC_PORT=${IRONIC_JSON_RPC_PORT:-8089} +# The authentication strategy used by json-rpc. Valid values are: +# keystone, http_basic, noauth, or no value to inherit from ironic-api +# auth strategy. +IRONIC_JSON_RPC_AUTH_STRATEGY=${IRONIC_JSON_RPC_AUTH_STRATEGY:-} + # The first port in the range to bind the Virtual BMCs. The number of # ports that will be used depends on $IRONIC_VM_COUNT variable, e.g if # $IRONIC_VM_COUNT=3 the ports 6230, 6231 and 6232 will be used for the @@ -387,7 +392,7 @@ LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"} LIBVIRT_STORAGE_POOL_PATH=${LIBVIRT_STORAGE_POOL_PATH:-/var/lib/libvirt/images} # The authentication strategy used by ironic-api. Valid values are: -# keystone and noauth. +# keystone, http_basic, noauth. IRONIC_AUTH_STRATEGY=${IRONIC_AUTH_STRATEGY:-keystone} # By default, terminal SSL certificate is disabled. @@ -1399,6 +1404,13 @@ function configure_ironic { # Configure JSON RPC backend iniset $IRONIC_CONF_FILE DEFAULT rpc_transport $IRONIC_RPC_TRANSPORT iniset $IRONIC_CONF_FILE json_rpc port $IRONIC_JSON_RPC_PORT + if [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" != "" ]]; then + iniset $IRONIC_CONF_FILE json_rpc auth_strategy $IRONIC_JSON_RPC_AUTH_STRATEGY + fi + iniset $IRONIC_CONF_FILE json_rpc http_basic_username myName + iniset $IRONIC_CONF_FILE json_rpc http_basic_password myPassword + # json-rpc auth file with bcrypt hash of myPassword + echo 'myName:$2y$05$lE3eGtyj41jZwrzS87KTqe6.JETVCWBkc32C63UP2aYrGoYOEpbJm' > /etc/ironic/htpasswd-json-rpc # Set fast track options iniset $IRONIC_CONF_FILE deploy fast_track $IRONIC_DEPLOY_FAST_TRACK diff --git a/zuul.d/ironic-jobs.yaml b/zuul.d/ironic-jobs.yaml index 60a3e83758..27f6c53201 100644 --- a/zuul.d/ironic-jobs.yaml +++ b/zuul.d/ironic-jobs.yaml @@ -116,6 +116,7 @@ IRONIC_DEFAULT_RESCUE_INTERFACE: agent IRONIC_ENABLED_DEPLOY_INTERFACES: "iscsi,direct" IRONIC_ENABLED_RESCUE_INTERFACES: "fake,agent,no-rescue" + IRONIC_JSON_RPC_AUTH_STRATEGY: 'http_basic' IRONIC_RAMDISK_TYPE: tinyipa IRONIC_RPC_TRANSPORT: json-rpc IRONIC_VM_SPECS_RAM: 384