4f2fd6df32
Virtual media images can potentially contain sensitive data, such as password hashes or private keys. This change adds TLS to this traffic. A new HTTP server is now started with Nginx, serving the same /httpboot directory as the old one. If vmedia_enable_tls is true, the /redfish and /ilo directories are only accessible through it. One of the redfish-vmedia CI jobs has been switched to using TLS. Change-Id: I024b81efdbebe08ddb5a20cd0d5e7ae61a180f1b
14 lines
446 B
YAML
14 lines
446 B
YAML
---
|
|
features:
|
|
- |
|
|
Virtual media images are now protected by TLS when TLS support is enabled.
|
|
upgrade:
|
|
- |
|
|
If ``enable_tls`` is ``true``, virtual media images for Redfish,
|
|
iDRAC-Redfish and iLO are now served via TLS using the Ironic's
|
|
TLS certificate. If this is not desired, set the new option
|
|
``vmedia_enable_tls`` to ``false``.
|
|
|
|
The new server's port can be configured via the new ``file_url_port_tls``
|
|
option.
|