From 1409bc62d8e12a1b87b1361692f7bea796bd5347 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 27 Jul 2019 15:23:34 -0700 Subject: [PATCH] Remove download_protocol variable from Fedora CoreOS * For Fedora CoreOS, only HTTPS downloads are available. Any iPXE firmware must be compiled to support TLS fetching. * For Container Linux, using public kernel/initramfs images defaults to using HTTPS, but can be set to HTTP for iPXE firmware that hasn't been custom compiled to support TLS --- bare-metal/fedora-coreos/kubernetes/variables.tf | 6 ------ docs/fedora-coreos/bare-metal.md | 2 +- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/bare-metal/fedora-coreos/kubernetes/variables.tf b/bare-metal/fedora-coreos/kubernetes/variables.tf index 5cae2d30..30411c9e 100644 --- a/bare-metal/fedora-coreos/kubernetes/variables.tf +++ b/bare-metal/fedora-coreos/kubernetes/variables.tf @@ -120,12 +120,6 @@ variable "cluster_domain_suffix" { default = "cluster.local" } -variable "download_protocol" { - type = string - default = "https" - description = "Protocol iPXE should use to download the kernel and initrd. Defaults to https, which requires iPXE compiled with crypto support. Unused if cached_install is true." -} - variable "cached_install" { type = string default = "false" diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 816fec3b..5401130e 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -106,7 +106,7 @@ Read about the [many ways](https://coreos.com/matchbox/docs/latest/network-setup TFTP chainloading to modern boot firmware, like iPXE, avoids issues with old NICs and allows faster transfer protocols like HTTP to be used. !!! warning - Compile iPXE from [source](https://github.com/ipxe/ipxe) with support for [HTTPS downloads](https://ipxe.org/crypto). iPXE's pre-built firmware binaries do not enable this. If you cannot enable HTTPS downloads, set `download_protocol = "http"` (discouraged). + Compile iPXE from [source](https://github.com/ipxe/ipxe) with support for [HTTPS downloads](https://ipxe.org/crypto). iPXE's pre-built firmware binaries do not enable this. Fedora does not provide images over HTTP. ## Terraform Setup