Add option for additional CA in Metal3

[Kristian-ZH]

Add option for additional CA in Metal3

[hardys]

@Kristian-ZH I tried testing this with my WIP metal3-demo PR and perhaps I'm missing something but it doesn't seem to be working:

2024-06-07 09:33:13.467 1 DEBUG ironic.conductor.utils [None req-1942a248-9de3-40a3-a7a5-0f70edc1a313 - - - - - -] Node 7c3624a9-aa3b-4845-bc5f-2d6313253348 is not fast-track-able because it has an error: Deploy step deploy.write_image failed on node 7c3624a9-aa3b-4845-bc5f-2d6313253348. HTTPSConnectionPool(host='imagecache.local', port=8443): Max retries exceeded with url: /openSUSE-Leap-Micro.x86_64-5.5.0-Default-Build34.31.metal3.raw.sha256 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)'))) is_fast_track /usr/lib/python3.11/site-packages/ironic/conductor/utils.py:1178

Could you perhaps take a look and see if you can identify the problem please?

[Kristian-ZH]

This PR will wait firstly https://github.com/suse-edge/charts/pull/132 to be merged and then rebased on top of it

[hardys]

Perhaps I'm missing something but this is still not working for me - IPA TLS appears to be broken so the BMH gets stuck inspecting

 port=5050): Max retries exceeded with url: /v1/continue (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))

I'm testing with the WIP branch pushed under https://github.com/suse-edge/metal3-demo/pull/56

[hardys]

Agreed we should find somewhere to document this - for now please see https://github.com/suse-edge/metal3-demo/pull/56 which has a working example of usage