 31f0e17a13
			
		
	
	31f0e17a13
	
	
	
		
			
			This commit:
  - fixes a few nits that were pointed out after the feature
    was merged
  - doesn't affect the functionality of the feature
Closes-Bug: #2021947
Change-Id: I1dd024b9994df2b367f61cea75eb71fabe57abfd
		
	
		
			
				
	
	
	
		
			2.3 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	HTTP(s) Authentication strategy for user image servers
How to enable the feature via global configuration options
There are 3 variables that could be used to manage image server
authentication strategy. The 3 variables are structured such a way that
1 of them image_server_auth_strategy (string) provides the
option to specify the desired authentication strategy. Currently the
only supported authentication strategy is http_basic that
represents the HTTP(S) Basic Authentication also known as the
RFC 7616 internet standard.
The other two variables image_server_password and
image_server_user provide username and password credentials
for any authentication strategy that requires username and credentials
to enable the authentication during image download processes.
image_server_auth_strategy not just enables the feature but
enforces checks on the values of the 2 related credentials. Currently
only the http_basic strategy is utilizing the
image_server_password and image_server_user
variables.
When a authentication strategy is selected against the user image
server an exception will be raised in case any of the credentials are
None or an empty string. The variables belong to the deploy
configuration group and could be configured via the global Ironic
configuration file.
The authentication strategy configuration affects the download process for images downloaded by the conductor or the ironic-python-agent.
Example
Example of activating the http-basic strategy via
/etc/ironic/ironic.conf:
[deploy]
...
image_server_auth_strategy = http_basic
image_server_user = username
image_server_password = password
...Known limitations
This implementation of the authentication strategy for user image handling is implemented via the global Ironic configuration thus it doesn't provide node specific customization options.
When image_server_auth_strategy is set to any valid
value all image sources will be treated with the same authentication
strategy and Ironic will use the same credentials against all
sources.