From a036728fb4ca7acfe19e14f2a1f89c19ef30fe98 Mon Sep 17 00:00:00 2001 From: Iury Gregory Melo Ferreira Date: Tue, 30 Mar 2021 02:20:16 +0200 Subject: [PATCH] Follow-up Automaticaly set cipher suite This commit is a follow-up to I6788585a83268e20ff6447e570995871bc9c25d5 Change-Id: I658b6b4eca7978473b08244c349ea5ac8bf37f76 --- doc/source/admin/drivers/ipmitool.rst | 14 +++++++++----- ironic/drivers/modules/ipmitool.py | 18 +++++++++--------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/doc/source/admin/drivers/ipmitool.rst b/doc/source/admin/drivers/ipmitool.rst index f8ea5ca66d..e5f025561d 100644 --- a/doc/source/admin/drivers/ipmitool.rst +++ b/doc/source/admin/drivers/ipmitool.rst @@ -190,16 +190,20 @@ negotiation. In both cases you can specify the required suite yourself, e.g.:: baremetal node set --driver-info ipmi_cipher_suite=3 -In scenarios where the operator can't specify the `ipmi_cipher_suite` for -each node, the configuration `[ipmi]/cipher_suite_versions` can be set to -a list of cipher suites that will be used, Ironic will attempt to find a value -that can be used from the list provided (from last to first).:: +In scenarios where the operator can't specify the ``ipmi_cipher_suite`` for +each node, the configuration parameter ``[ipmi]/cipher_suite_versions`` can be +set to a list of cipher suites that will be used, Ironic will attempt to find +a value that can be used from the list provided (from last to first): + +.. code-block:: ini [ipmi] cipher_suite_versions = ['1','2','3','6','7','8','11','12'] To find the suitable values for this configuration, you can check the field -`RMCP+ Cipher Suites` after running an `ipmitool` command, e.g:: +`RMCP+ Cipher Suites` after running an ``ipmitool`` command, e.g: + +.. code-block:: console $ ipmitool -I lanplus -H $HOST -U $USER -v -R 12 -N 5 lan print # output diff --git a/ironic/drivers/modules/ipmitool.py b/ironic/drivers/modules/ipmitool.py index 6c17b77928..b1c20c968f 100644 --- a/ironic/drivers/modules/ipmitool.py +++ b/ironic/drivers/modules/ipmitool.py @@ -515,7 +515,7 @@ def _ipmitool_timing_args(): ] -def choose_cipher_suite(actual_ciper_suite): +def choose_cipher_suite(actual_cipher_suite): """Gives the possible next avaible cipher suite version. Based on CONF.ipmi.cipher_suite_versions and the last cipher suite version @@ -523,7 +523,7 @@ def choose_cipher_suite(actual_ciper_suite): cipher_suite set. Starts using the last element of the list and decreasing the index. - :param actual_ciper_suite: latest cipher suite used in the + :param actual_cipher_suite: latest cipher suite used in the ipmi call. :returns: the next possible cipher suite or None in case of empty @@ -533,11 +533,11 @@ def choose_cipher_suite(actual_ciper_suite): if not available_cs_versions: return None - if actual_ciper_suite is None: + if actual_cipher_suite is None: return available_cs_versions[-1] else: try: - cs_index = available_cs_versions.index(actual_ciper_suite) + cs_index = available_cs_versions.index(actual_cipher_suite) except ValueError: return available_cs_versions[-1] @@ -569,9 +569,10 @@ def update_cipher_suite_cmd(actual_cs, args): :param actual_cs: a string that represents the cipher suite that was used in the command. - :param args: a list that contains the ipmitool command that was executed. + :param args: a list that contains the ipmitool command that was executed, + it will be modified in-place. - :returns: a tuple with the new values (actual_cs, args) + :returns: the next actual_cs """ actual_cs = choose_cipher_suite(actual_cs) if '-C' in args: @@ -581,7 +582,7 @@ def update_cipher_suite_cmd(actual_cs, args): args.append('-C') args.append(actual_cs) - return (actual_cs, args) + return actual_cs def _exec_ipmitool(driver_info, command, check_exit_code=None, @@ -644,8 +645,7 @@ def _exec_ipmitool(driver_info, command, check_exit_code=None, return out, err except processutils.ProcessExecutionError as e: if change_cs and check_cipher_suite_errors(e.stderr): - actual_cs, args = update_cipher_suite_cmd( - actual_cs, args) + actual_cs = update_cipher_suite_cmd(actual_cs, args) else: change_cs = False with excutils.save_and_reraise_exception() as ctxt: