Add support auth protocols for iRMC
This patch adds new SNMPv3 auth protocols to iRMC which are supported from iRMC S6. Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1 Story: 2010309 Task: 46353 (cherry picked from commit233c640838) (cherry picked from commitbe0e687538)
This commit is contained in:
Shukun Song
@@ -239,9 +239,10 @@ Configuration via ``ironic.conf``
|
|||||||
and ``v2c``. The default value is ``public``. Optional.
|
and ``v2c``. The default value is ``public``. Optional.
|
||||||
- ``snmp_security``: SNMP security name required for version ``v3``.
|
- ``snmp_security``: SNMP security name required for version ``v3``.
|
||||||
Optional.
|
Optional.
|
||||||
- ``snmp_auth_proto``: The SNMPv3 auth protocol. The valid value and the
|
- ``snmp_auth_proto``: The SNMPv3 auth protocol. If using iRMC S4 or S5, the
|
||||||
default value are both ``sha``. We will add more supported valid values
|
valid value of this option is only ``sha``. If using iRMC S6, the valid
|
||||||
in the future. Optional.
|
values are ``sha256``, ``sha384`` and ``sha512``. The default value is
|
||||||
|
``sha``. Optional.
|
||||||
- ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and
|
- ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and
|
||||||
the default value are both ``aes``. We will add more supported valid values
|
the default value are both ``aes``. We will add more supported valid values
|
||||||
in the future. Optional.
|
in the future. Optional.
|
||||||
|
|||||||
@@ -80,11 +80,22 @@ opts = [
|
|||||||
help='SNMP polling interval in seconds'),
|
help='SNMP polling interval in seconds'),
|
||||||
cfg.StrOpt('snmp_auth_proto',
|
cfg.StrOpt('snmp_auth_proto',
|
||||||
default='sha',
|
default='sha',
|
||||||
choices=[('sha', _('Secure Hash Algorithm 1'))],
|
choices=[('sha', _('Secure Hash Algorithm 1, supported in iRMC '
|
||||||
|
'S4 and S5.')),
|
||||||
|
('sha256', ('Secure Hash Algorithm 2 with 256 bits '
|
||||||
|
'digest, only supported in iRMC S6.')),
|
||||||
|
('sha384', ('Secure Hash Algorithm 2 with 384 bits '
|
||||||
|
'digest, only supported in iRMC S6.')),
|
||||||
|
('sha512', ('Secure Hash Algorithm 2 with 512 bits '
|
||||||
|
'digest, only supported in iRMC S6.'))],
|
||||||
help=_("SNMPv3 message authentication protocol ID. "
|
help=_("SNMPv3 message authentication protocol ID. "
|
||||||
"Required for version 'v3'. Will be ignored if the "
|
"Required for version 'v3'. Will be ignored if the "
|
||||||
"version of python-scciclient is before 0.12.2. 'sha' "
|
"version of python-scciclient is before 0.12.2. The "
|
||||||
"is supported.")),
|
"valid options are 'sha', 'sha256', 'sha384' and "
|
||||||
|
"'sha512', while 'sha' is the only supported protocol "
|
||||||
|
"in iRMC S4 and S5, and from iRMC S6, 'sha256', "
|
||||||
|
"'sha384' and 'sha512' are supported, but 'sha' is not "
|
||||||
|
"supported any more.")),
|
||||||
cfg.StrOpt('snmp_priv_proto',
|
cfg.StrOpt('snmp_priv_proto',
|
||||||
default='aes',
|
default='aes',
|
||||||
choices=[('aes', _('Advanced Encryption Standard'))],
|
choices=[('aes', _('Advanced Encryption Standard'))],
|
||||||
|
|||||||
@@ -93,7 +93,9 @@ SNMP_V3_OPTIONAL_PROPERTIES = {
|
|||||||
'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. "
|
'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. "
|
||||||
"Required for version 'v3'. Will be ignored if "
|
"Required for version 'v3'. Will be ignored if "
|
||||||
"the version of python-scciclient is before "
|
"the version of python-scciclient is before "
|
||||||
"0.12.2. 'sha' is supported."),
|
"0.12.2. If using iRMC S4/S5, only 'sha' is "
|
||||||
|
"supported. If using iRMC S6, the valid "
|
||||||
|
"options are 'sha256', 'sha384', 'sha512'."),
|
||||||
'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol "
|
'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol "
|
||||||
"ID. Required for version 'v3'. Will be ignored "
|
"ID. Required for version 'v3'. Will be ignored "
|
||||||
"if the version of python-scciclient is before "
|
"if the version of python-scciclient is before "
|
||||||
@@ -309,7 +311,8 @@ def _parse_snmp_driver_info(node, info):
|
|||||||
|
|
||||||
def _parse_snmp_v3_crypto_info(info):
|
def _parse_snmp_v3_crypto_info(info):
|
||||||
snmp_info = {}
|
snmp_info = {}
|
||||||
valid_values = {'irmc_snmp_auth_proto': ['sha'],
|
valid_values = {'irmc_snmp_auth_proto': ['sha', 'sha256', 'sha384',
|
||||||
|
'sha512'],
|
||||||
'irmc_snmp_priv_proto': ['aes']}
|
'irmc_snmp_priv_proto': ['aes']}
|
||||||
valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols,
|
valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols,
|
||||||
'irmc_snmp_priv_proto': snmp.snmp_priv_protocols}
|
'irmc_snmp_priv_proto': snmp.snmp_priv_protocols}
|
||||||
|
|||||||
@@ -191,9 +191,14 @@ def _inspect_hardware(node, existing_traits=None, **kwargs):
|
|||||||
except (scci.SCCIInvalidInputError,
|
except (scci.SCCIInvalidInputError,
|
||||||
scci.SCCIClientError,
|
scci.SCCIClientError,
|
||||||
exception.SNMPFailure) as e:
|
exception.SNMPFailure) as e:
|
||||||
|
advice = ""
|
||||||
|
if ("SNMP operation" in str(e)):
|
||||||
|
advice = ("The SNMP related parameters' value may be different "
|
||||||
|
"with the server, please check if you have set them "
|
||||||
|
"correctly.")
|
||||||
error = (_("Inspection failed for node %(node_id)s "
|
error = (_("Inspection failed for node %(node_id)s "
|
||||||
"with the following error: %(error)s") %
|
"with the following error: %(error)s. (advice)s") %
|
||||||
{'node_id': node.uuid, 'error': e})
|
{'node_id': node.uuid, 'error': e, 'advice': advice})
|
||||||
raise exception.HardwareInspectionFailure(error=error)
|
raise exception.HardwareInspectionFailure(error=error)
|
||||||
|
|
||||||
return props, macs, new_traits
|
return props, macs, new_traits
|
||||||
|
|||||||
@@ -203,9 +203,12 @@ def _set_power_state(task, target_state, timeout=None):
|
|||||||
_wait_power_state(task, states.SOFT_REBOOT, timeout=timeout)
|
_wait_power_state(task, states.SOFT_REBOOT, timeout=timeout)
|
||||||
|
|
||||||
except exception.SNMPFailure as snmp_exception:
|
except exception.SNMPFailure as snmp_exception:
|
||||||
|
advice = ("The SNMP related parameters' value may be different with "
|
||||||
|
"the server, please check if you have set them correctly.")
|
||||||
LOG.error("iRMC failed to acknowledge the target state "
|
LOG.error("iRMC failed to acknowledge the target state "
|
||||||
"for node %(node_id)s. Error: %(error)s",
|
"for node %(node_id)s. Error: %(error)s. %(advice)s",
|
||||||
{'node_id': node.uuid, 'error': snmp_exception})
|
{'node_id': node.uuid, 'error': snmp_exception,
|
||||||
|
'advice': advice})
|
||||||
raise exception.IRMCOperationError(operation=target_state,
|
raise exception.IRMCOperationError(operation=target_state,
|
||||||
error=snmp_exception)
|
error=snmp_exception)
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
Adds ``sha256``, ``sha384`` and ``sha512`` as supported SNMPv3
|
||||||
|
authentication protocols to iRMC driver.
|
||||||
Reference in New Issue
Block a user