Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-39404

Installer: enable virtual media TLS by default

XMLWordPrintable

    • Moderate
    • None
    • 2
    • Metal Platform 262
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      In the bootstrap phase of the install process, TLS between Metal3's httpd server and the nodes' BMCs is now enabled by default from OCP 4.18 onwards. The httpd server listens on port 6183 instead of 6180 when TLS is enabled. This makes it consistent with how CBO deploys metal3 (with TLS enabled). The user can disable this TLS setting by adding 'disableVirtualMediaTLS: true' to the Provisioning CR file created on disk by the installer. This file is created as a result of the 'openshift-install ... create manifests' command.
      Show
      In the bootstrap phase of the install process, TLS between Metal3's httpd server and the nodes' BMCs is now enabled by default from OCP 4.18 onwards. The httpd server listens on port 6183 instead of 6180 when TLS is enabled. This makes it consistent with how CBO deploys metal3 (with TLS enabled). The user can disable this TLS setting by adding 'disableVirtualMediaTLS: true' to the Provisioning CR file created on disk by the installer. This file is created as a result of the 'openshift-install ... create manifests' command.

      OCPBUGS-36283 introduced the ability to switch on TLS between the BMC and the Metal3's httpd server. It is currently off by default to make the change backportable without a high risk of regressions. We need to turn it on for 4.18+ for consistency with CBO-deployed Metal3.

            rh-ee-masghar Mahnoor Asghar
            rhn-engineering-dtantsur Dmitry Tantsur
            Jad Haj Yahya Jad Haj Yahya
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: