HTTP(s) Authentication strategy for user image servers¶
How to enable the feature via global configuration options¶
There are 3 variables that could be used to manage image server
authentication strategy. The 3 variables are structured such a way that 1 of
image_server_auth_strategy (string) provides the option to specify
the desired authentication strategy. Currently the only supported
authentication strategy is
http_basic that represents the HTTP(S) Basic
Authentication also known as the
RFC 7616 internet standard.
The other two variables
provide username and password credentials for any authentication strategy
that requires username and credentials to enable the authentication during
image download processes.
image_server_auth_strategy not just enables the
feature but enforces checks on the values of the 2 related credentials.
Currently only the
http_basic strategy is utilizing the
When a authentication strategy is selected against the user image server an
exception will be raised in case any of the credentials are None or an empty
string. The variables belong to the
deploy configuration group and could be
configured via the global Ironic configuration file.
The authentication strategy configuration affects the download process for images downloaded by the conductor or the ironic-python-agent.
Example of activating the
http-basic strategy via
image_server_auth_strategy = http_basic
image_server_user = username
image_server_password = password
This implementation of the authentication strategy for user image handling is implemented via the global Ironic configuration thus it doesn’t provide node specific customization options.
image_server_auth_strategy is set to any valid value all image
sources will be treated with the same authentication strategy and Ironic will
use the same credentials against all sources.