79f82c0262
Currently when using SNMPv3, iRMC driver does not use SNMPv3 authentication parameters so the SNMPv3 authentication will always fail. And iRMC cannot recognize FIPS mode, so when FIPS mode is enabled, iRMC driver could still use non-FIPS-compliant algorithms. This commit changes iRMC driver to require and use SNMPv3 authentication parameters when 'irmc_snmp_version' is set to v3 and also makes iRMC driver to force 'irmc_snmp_version' to v3, 'irmc_snmp_auth_proto' to SHA and 'irmc_snmp_priv_proto' to AES when FIPS mode is enabled, because currently among the algorithms supported by iRMC, only SHA and AES are FIPS compliant. Change-Id: Id6f8996e4d103f849325f54fe0619b4acb43453a Story: 2010085 Task: 45590
31 lines
938 B
YAML
31 lines
938 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds SNMPv3 message authentication and encryption features to iRMC driver.
|
|
To enable these features, the following parameters should be used in the
|
|
node's ``driver_info``:
|
|
|
|
* ``irmc_snmp_user``
|
|
* ``irmc_snmp_auth_password``
|
|
* ``irmc_snmp_priv_password``
|
|
* ``irmc_snmp_auth_proto`` (Optional, defaults to ``sha``)
|
|
* ``irmc_snmp_priv_proto`` (Optional, defaults to ``aes``)
|
|
|
|
``irmc_snmp_auth_proto`` and ``irmc_snmp_priv_proto`` can also be set
|
|
through the following options in the ``[irmc]`` section of
|
|
``/etc/ironic/ironic.conf``:
|
|
|
|
* ``snmp_auth_proto``
|
|
* ``snmp_priv_proto``
|
|
|
|
deprecations:
|
|
- |
|
|
Deprecates the ``irmc_snmp_security`` field in ``driver_info`` for iRMC
|
|
driver, it will be removed in the future. Please use ``irmc_snmp_user``
|
|
field instead.
|
|
|
|
other:
|
|
- |
|
|
Updates the minimum version of ``python-scciclient`` library to
|
|
``0.12.1``.
|