Allow customizing conductor hostname

In a distributed setup, conductor hostnames will be used for RPC.
Currently, the IP address is used which may make TLS configuration
much harder. With this change, certain tricks are possible, e.g. using
pod DNS names (`<ip>.<namespace>.pod.cluster.local`) combined with
a wildcard certificate (`*.<namespace>.pod.cluster.local`).

See also metal3-io/ironic-standalone-operator#3

Signed-off-by: Dmitry Tantsur <[email protected]>

README.md

@@ -77,6 +77,8 @@ functionality:
    inspection. (default `default,logs`)
 - `HTTPD_ENABLE_SENDFILE` - Whether to activate the EnableSendfile apache
    directive for httpd `(default, false)`
+- `IRONIC_CONDUCTOR_HOST` - Host name of the current conductor (only makes
+   sense to change for a multinode setup)
 
 The ironic configuration can be overridden by various environment variables.
 The following can serve as an example:

ironic-config/ironic.conf.j2

@@ -31,7 +31,7 @@ my_ip = {{ env.IRONIC_IP }}
 # If we run both API and conductor in the same pod, use localhost
 host = localhost
 {% else %}
-host = {{ env.IRONIC_URL_HOST }}
+host = {{ env.IRONIC_CONDUCTOR_HOST }}
 {% endif %}
 
 # If a path to a certificate is defined, use that first for webserver

scripts/configure-ironic.sh

@@ -54,6 +54,9 @@ export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
 
 wait_for_interface_or_ip
 
+# Hostname to use for the current conductor instance.
+export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
+
 export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
 export IRONIC_INSPECTOR_BASE_URL=${IRONIC_INSPECTOR_BASE_URL:-"${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_ACCESS_PORT}"}