From 8c48f30f51e692179d14ccc499753f518618f686 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur <dtantsur@protonmail.com>
Date: Wed, 22 Nov 2023 14:24:08 +0100
Subject: [PATCH] Allow customizing conductor hostname

In a distributed setup, conductor hostnames will be used for RPC.
Currently, the IP address is used which may make TLS configuration
much harder. With this change, certain tricks are possible, e.g. using
pod DNS names (`<ip>.<namespace>.pod.cluster.local`) combined with
a wildcard certificate (`*.<namespace>.pod.cluster.local`).

See also https://github.com/dtantsur/ironic-operator/issues/3

Signed-off-by: Dmitry Tantsur <dtantsur@protonmail.com>
---
 README.md                    | 2 ++
 ironic-config/ironic.conf.j2 | 2 +-
 scripts/configure-ironic.sh  | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5d47a8abc..e244bb566 100644
--- a/README.md
+++ b/README.md
@@ -77,6 +77,8 @@ functionality:
    inspection. (default `default,logs`)
 - `HTTPD_ENABLE_SENDFILE` - Whether to activate the EnableSendfile apache
    directive for httpd `(default, false)`
+- `IRONIC_CONDUCTOR_HOST` - Host name of the current conductor (only makes
+   sense to change for a multinode setup)
 
 The ironic configuration can be overridden by various environment variables.
 The following can serve as an example:
diff --git a/ironic-config/ironic.conf.j2 b/ironic-config/ironic.conf.j2
index f4d75dceb..664b7de52 100644
--- a/ironic-config/ironic.conf.j2
+++ b/ironic-config/ironic.conf.j2
@@ -31,7 +31,7 @@ my_ip = {{ env.IRONIC_IP }}
 # If we run both API and conductor in the same pod, use localhost
 host = localhost
 {% else %}
-host = {{ env.IRONIC_URL_HOST }}
+host = {{ env.IRONIC_CONDUCTOR_HOST }}
 {% endif %}
 
 # If a path to a certificate is defined, use that first for webserver
diff --git a/scripts/configure-ironic.sh b/scripts/configure-ironic.sh
index ed6bea2c7..1358b2011 100755
--- a/scripts/configure-ironic.sh
+++ b/scripts/configure-ironic.sh
@@ -54,6 +54,9 @@ export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
 
 wait_for_interface_or_ip
 
+# Hostname to use for the current conductor instance.
+export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
+
 export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
 export IRONIC_INSPECTOR_BASE_URL=${IRONIC_INSPECTOR_BASE_URL:-"${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_ACCESS_PORT}"}