METAL-855: baremetal: remove ironic-inspector

The inspection functionality is now provided by ironic proper.

Also fixes a few minor quirks in the baremetal config, such as:
- Passing htpasswd variables to BMO (it cannot use them)
- Creating auth-config files (only required for cross-service calls).

data/data/bootstrap/baremetal/files/etc/containers/systemd/image-customization.container

@@ -19,7 +19,6 @@ Volume=/opt/openshift:/opt/openshift:z,ro
 Environment="DEPLOY_ISO=/shared/html/images/ironic-python-agent.iso"
 Environment="DEPLOY_INITRD=/shared/html/images/ironic-python-agent.initramfs"
 Environment="IRONIC_BASE_URL=${IRONIC_BASE_URL}"
-Environment="IRONIC_INSPECTOR_BASE_URL=${IRONIC_BASE_URL}"
 Environment="IRONIC_RAMDISK_SSH_KEY=${IRONIC_RAMDISK_SSH_KEY}"
 Environment="IRONIC_AGENT_IMAGE=${IRONIC_AGENT_IMAGE}"
 Environment="IP_OPTIONS=${EXTERNAL_IP_OPTIONS}"

data/data/bootstrap/baremetal/files/etc/containers/systemd/ironic-httpd.container

@@ -20,6 +20,7 @@ Volume=ironic.volume:/shared:z
 Environment="IRONIC_RAMDISK_SSH_KEY=${IRONIC_RAMDISK_SSH_KEY}"
 Environment="PROVISIONING_INTERFACE=${PROVISIONING_INTERFACE}"
 Environment="HTTP_PORT=${HTTP_PORT}"
+Environment="USE_IRONIC_INSPECTOR=false"
 
 [Service]
 EnvironmentFile=/etc/ironic.env

data/data/bootstrap/baremetal/files/etc/containers/systemd/ironic-inspector.container

@@ -1,29 +0,0 @@
-[Unit]
-Description=Ironic Inspector
-BindsTo=ironic-volume.service ironic.service
-Requires=build-ironic-env.service wait-iptables-init.service
-Wants=network-online.target
-After=network-online.target ironic-volume.service build-ironic-env.service provisioning-interface.service wait-iptables-init.service ironic.service
-
-[Container]
-ContainerName=ironic-inspector
-Image=$IRONIC_IMAGE
-Exec=/bin/runironic-inspector
-Network=host
-Volume=${AUTH_DIR}:/auth:z,ro
-Volume=ironic.volume:/shared:z
-Environment="PROVISIONING_INTERFACE=${PROVISIONING_INTERFACE}"
-Environment="IRONIC_HTPASSWD=${IRONIC_HTPASSWD}"
-Environment="INSPECTOR_HTPASSWD=${IRONIC_HTPASSWD}"
-Environment="IRONIC_KERNEL_PARAMS=${IRONIC_KERNEL_PARAMS}"
-Environment="HTTP_PORT=${HTTP_PORT}"
-
-[Service]
-EnvironmentFile=/etc/ironic.env
-# Add firewall rules to ensure the IPA ramdisk can reach ironic-inspector
-ExecStartPre=/usr/local/bin/prov-iptables.sh --enable-port 5050
-ExecStopPost=/usr/local/bin/prov-iptables.sh --disable-port 5050
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target

data/data/bootstrap/baremetal/files/etc/containers/systemd/ironic.container.template

@@ -8,7 +8,7 @@ Requires=provisioning-interface.service
 {{ if .PlatformData.BareMetal.ProvisioningDNSMasq }}
 Wants=ironic-dnsmasq.service
 {{ end }}
-Wants=network-online.target ironic-httpd.service ironic-inspector.service ironic-ramdisk-logs.service
+Wants=network-online.target ironic-httpd.service ironic-ramdisk-logs.service
 After=network-online.target ironic-volume.service build-ironic-env.service wait-iptables-init.service provisioning-interface.service ironic-dnsmasq.service image-customization.service
 
 [Container]
@@ -22,10 +22,10 @@ Environment="IRONIC_RAMDISK_SSH_KEY=${IRONIC_RAMDISK_SSH_KEY}"
 Environment="PROVISIONING_INTERFACE=${PROVISIONING_INTERFACE}"
 Environment="OS_CONDUCTOR__HEARTBEAT_TIMEOUT=120"
 Environment="IRONIC_HTPASSWD=${IRONIC_HTPASSWD}"
-Environment="INSPECTOR_HTPASSWD=${IRONIC_HTPASSWD}"
 Environment="IRONIC_KERNEL_PARAMS=${IRONIC_KERNEL_PARAMS}"
 Environment="HTTP_PORT=${HTTP_PORT}"
 Environment="OS_DEFAULT__FORCE_RAW_IMAGES=False"
+Environment="USE_IRONIC_INSPECTOR=false"
 
 [Service]
 EnvironmentFile=/etc/ironic.env

data/data/bootstrap/baremetal/files/etc/containers/systemd/metal3-baremetal-operator.container

@@ -15,8 +15,6 @@ Volume=/opt/openshift:/opt/openshift:z,ro
 Environment="XDG_RUNTIME_DIR=/run/user/${UID}"
 Environment="KUBECONFIG=/opt/openshift/auth/kubeconfig-loopback"
 Environment="DEPLOY_KERNEL_URL=file:///shared/html/images/ironic-python-agent.kernel"
-Environment="IRONIC_HTPASSWD=${IRONIC_HTPASSWD}"
-Environment="INSPECTOR_HTPASSWD=${IRONIC_HTPASSWD}"
 Environment="IRONIC_KERNEL_PARAMS=${IRONIC_KERNEL_PARAMS}"
 Environment="HTTP_PORT=${HTTP_PORT}"
 Environment="IRONIC_ENDPOINT=${IRONIC_ENDPOINT}"

data/data/bootstrap/baremetal/files/opt/metal3/auth/ironic-inspector/auth-config.template

@@ -1,4 +0,0 @@
-[inspector]
-auth_type = http_basic
-username = {{.PlatformData.BareMetal.IronicUsername}}
-password = {{.PlatformData.BareMetal.IronicPassword}}

data/data/bootstrap/baremetal/files/opt/metal3/auth/ironic-rpc/auth-config.template

@@ -1,6 +0,0 @@
-[json_rpc]
-auth_type = http_basic
-username = {{.PlatformData.BareMetal.IronicUsername}}
-password = {{.PlatformData.BareMetal.IronicPassword}}
-http_basic_username = {{.PlatformData.BareMetal.IronicUsername}}
-http_basic_password = {{.PlatformData.BareMetal.IronicPassword}}

data/data/bootstrap/baremetal/files/opt/metal3/auth/ironic/auth-config.template

@@ -1,4 +0,0 @@
-[ironic]
-auth_type = http_basic
-username = {{.PlatformData.BareMetal.IronicUsername}}
-password = {{.PlatformData.BareMetal.IronicPassword}}

docs/user/metal/install_ipi.md

@@ -315,7 +315,6 @@ may also view the logs of the individual containers:
   - `podman logs dnsmasq`
   - `podman logs image-customization`
   - `podman logs ironic`
-  - `podman logs ironic-inspector`
   - `podman logs ironic-ramdisk-logs`
   - `podman logs httpd`