WIP verify TLS for BMC

Signed-off-by: Dmitry Tantsur <[email protected]>

Author: dtantsur

ocp_install_env.sh

@@ -395,6 +395,8 @@ $(cluster_os_image)
 $(setVIPs apivips)
 $(setVIPs ingressvips)
 $(dnsvip)
+    bmcVerifyCA: |
+$(cat "${WORKING_DIR}/virtualbmc/sushy-tools/cert.pem" | sed 's/^/      /')
     hosts:
 EOF
 
@@ -455,8 +457,6 @@ function generate_ocp_host_manifest() {
 
         encoded_username=$(echo -n "$username" | base64)
         encoded_password=$(echo -n "$password" | base64)
-        # Heads up, "verify_ca" in ironic driver config, and "disableCertificateVerification" in BMH have opposite meaning
-        disableCertificateVerification=$([ "$verify_ca" = "False" ] && echo "true" || echo "false")
 
         secret="---
 apiVersion: v1
@@ -480,8 +480,7 @@ spec:
   bootMACAddress: $mac
   bmc:
     address: $address
-    credentialsName: ${name}-bmc-secret
-    disableCertificateVerification: ${disableCertificateVerification}"
+    credentialsName: ${name}-bmc-secret"
 
         echo "${secret}${bmh}" >> "${outdir}/${host_output}"
 

utils.sh

@@ -259,17 +259,6 @@ function node_map_to_install_config_hosts() {
           password: ${password}
 EOF
 
-      if [[ "$driver_prefix" == "redfish" ]]; then
-          # Set disableCertificateVerification
-          # Heads up, "verify ca" in ironic driver config, and "disableCertificateVerification" in BMH have opposite meaning
-          verify_ca=$(node_val ${idx} "driver_info.redfish_verify_ca")
-          disable_certificate_verification=$([ "$verify_ca" = "False" ] && echo "true" || echo "false")
-          cat << EOF
-          disableCertificateVerification: ${disable_certificate_verification}
-EOF
-      fi
-
-
         if [ -n "${NETWORK_CONFIG_FOLDER:-}" ]; then
             node_network_config="${NETWORK_CONFIG_FOLDER}/${name}.yaml"
             if [ -e "$node_network_config" ]; then