From fe984d0d7675ded8ef3e5c24461fc9ddb97b27b1 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Thu, 23 Sep 2021 15:57:21 +0200 Subject: [PATCH] Enable authentication in sushy-tools Change-Id: Iacfae6b27bcf4c410040d452c31f2e9e1aafe53c --- .../tasks/prepare_libvirt.yml | 14 ++++++++++++-- .../templates/redfish-emulator.conf.j2 | 1 + .../roles/bifrost-pip-install/defaults/main.yml | 1 - .../notes/sushy-tools-auth-38411a6bfd3ead2e.yaml | 4 ++++ 4 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/sushy-tools-auth-38411a6bfd3ead2e.yaml diff --git a/playbooks/roles/bifrost-create-vm-nodes/tasks/prepare_libvirt.yml b/playbooks/roles/bifrost-create-vm-nodes/tasks/prepare_libvirt.yml index 291678692..25802d6f8 100644 --- a/playbooks/roles/bifrost-create-vm-nodes/tasks/prepare_libvirt.yml +++ b/playbooks/roles/bifrost-create-vm-nodes/tasks/prepare_libvirt.yml @@ -215,7 +215,7 @@ include_role: name: bifrost-pip-install vars: - package: sushy-tools + package: sushy-tools>=0.18.2 - name: create Redfish Emulator state directory file: @@ -263,6 +263,16 @@ with_first_found: "{{ efi_nvram_locations }}" when: default_boot_mode == 'uefi' +- name: write Redfish Emulator password file + htpasswd: + path: /etc/redfish-emulator.htpasswd + crypt_scheme: bcrypt + name: "admin" + password: "password" + owner: root + group: root + mode: 0600 + - name: write Redfish Emulator configuration file template: src: redfish-emulator.conf.j2 @@ -296,5 +306,5 @@ systemd: name: redfish-emulator enabled: yes - state: "{{ 'restarted' if redfish_emulator_config_file.changed else 'started' }}" + state: restarted become: true diff --git a/playbooks/roles/bifrost-create-vm-nodes/templates/redfish-emulator.conf.j2 b/playbooks/roles/bifrost-create-vm-nodes/templates/redfish-emulator.conf.j2 index 32cd4195f..514d1410d 100644 --- a/playbooks/roles/bifrost-create-vm-nodes/templates/redfish-emulator.conf.j2 +++ b/playbooks/roles/bifrost-create-vm-nodes/templates/redfish-emulator.conf.j2 @@ -9,6 +9,7 @@ SUSHY_EMULATOR_BOOT_LOADER_MAP = { } } +SUSHY_EMULATOR_AUTH_FILE = '/etc/redfish-emulator.htpasswd' SUSHY_EMULATOR_LISTEN_IP = '{{ redfish_emulator_host }}' SUSHY_EMULATOR_LISTEN_PORT = {{ redfish_emulator_port }} SUSHY_EMULATOR_STATE_DIR = '{{ redfish_emulator_state_dir }}' diff --git a/playbooks/roles/bifrost-pip-install/defaults/main.yml b/playbooks/roles/bifrost-pip-install/defaults/main.yml index f8e3b7657..2c69be298 100644 --- a/playbooks/roles/bifrost-pip-install/defaults/main.yml +++ b/playbooks/roles/bifrost-pip-install/defaults/main.yml @@ -18,7 +18,6 @@ pip_install_retries: 5 pip_install_delay: 10 reqs_git_folder: /opt/stack/requirements state: present -version: upper_constraints_file: >- {{ lookup('env', 'UPPER_CONSTRAINTS_FILE') | default(lookup('env', 'TOX_CONSTRAINTS_FILE'), True) diff --git a/releasenotes/notes/sushy-tools-auth-38411a6bfd3ead2e.yaml b/releasenotes/notes/sushy-tools-auth-38411a6bfd3ead2e.yaml new file mode 100644 index 000000000..b578065ec --- /dev/null +++ b/releasenotes/notes/sushy-tools-auth-38411a6bfd3ead2e.yaml @@ -0,0 +1,4 @@ +--- +other: + - | + The redfish emulator now has authentication enabled by default.