starlingx/metal
Code Issues Proposed changes

MTCE: reading BMC passwords from Barbican secret storage.

Browse Source 
Use Openstack Barbican API to retrieve BMC passwords stored by SysInv.
See SysInv commit for details on how to write password to Barbican.
MTCE is going to find corresponding secret by host uuid and retrieve
secret payload associated with it. mtcSecretApi_get is used to find
secret reference, based on a hostname. mtcSecretApi_read is used to
read a password using the reference found on a prevoius step.
Also, did a little cleanup and removed old unused token handling code.

Depends-On: I7102a9662f3757c062ab310737f4ba08379d0100
Change-Id: I66011dc95bb69ff536bd5888c08e3987bd666082
Story: 2003108
Task: 27700
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
This commit is contained in:
Alex Kozyrev
2019-01-21 11:52:51 -05:00
parent b01f8ea964
commit 506ef3fd7f
36 changed files with 899 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
mtce/src/hwmon/hwmonClass.cpp
View File

@@ -7,6 +7,7 @@
#include "nodeBase.h"
#include "tokenUtil.h"
#include "secretUtil.h"
#include "hwmonClass.h"
#include "hwmonUtil.h"
#include "hwmonIpmi.h"
@@ -128,6 +129,7 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::addHost( string hostname )
ptr->ping_info.timer_handler = &hwmonTimer_handler ;
mtcTimer_init ( ptr->hostTimer, ptr->hostname, "host timer" );
mtcTimer_init ( ptr->addTimer, ptr->hostname, "add timer" );
mtcTimer_init ( ptr->secretTimer, ptr->hostname, "secret timer" );
mtcTimer_init ( ptr->relearnTimer, ptr->hostname, "relearn timer" );
mtcTimer_init ( ptr->ping_info.timer, ptr->hostname, "ping monitor timer" );
@@ -144,6 +146,11 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::addHost( string hostname )
ptr->event.req = NULL ;
ptr->event.buf = NULL ;
ptr->secretEvent.base= NULL ;
ptr->secretEvent.conn= NULL ;
ptr->secretEvent.req = NULL ;
ptr->secretEvent.buf = NULL ;
/* If the host list is empty add it to the head */
if( hwmon_head == NULL )
{
@@ -180,6 +187,7 @@ void hwmonHostClass::free_host_timers ( struct hwmon_host * ptr )
{
mtcTimer_fini ( ptr->hostTimer );
mtcTimer_fini ( ptr->addTimer );
mtcTimer_fini ( ptr->secretTimer );
mtcTimer_fini ( ptr->relearnTimer );
mtcTimer_fini ( ptr->ping_info.timer );
@@ -195,7 +203,7 @@ int hwmonHostClass::remHost( string hostname )
if ( hwmon_head == NULL )
return -ENXIO ;
struct hwmon_host * ptr = hwmonHostClass::getHost ( hostname );
if ( ptr == NULL )
@@ -263,15 +271,15 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::getHost ( string hostname )
}
/*
* Allocates memory for a new host and stores its the address in host_ptrs
* Allocates memory for a new host and stores its the address in host_ptrs
*
* @param void
* @return pointer to the newly allocted host memory
*/
*/
struct hwmonHostClass::hwmon_host * hwmonHostClass::newHost ( void )
{
struct hwmonHostClass::hwmon_host * temp_host_ptr = NULL ;
if ( memory_allocs == 0 )
{
memset ( host_ptrs, 0 , sizeof(struct hwmon_host *)*MAX_HOSTS);
@@ -428,7 +436,7 @@ void hwmonHostClass::degrade_state_audit ( struct hwmonHostClass::hwmon_host * h
}
/* Frees the memory of a pre-allocated host and removes
* it from the host_ptrs list
* it from the host_ptrs list
* @param host * pointer to the host memory address to be freed
* @return int return code { PASS or -EINVAL }
*/
@@ -451,14 +459,14 @@ int hwmonHostClass::delHost ( struct hwmonHostClass::hwmon_host * host_ptr )
}
else
elog ( "Error: Free memory called when there is no memory to free\n" );
return -EINVAL ;
}
void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * host_ptr )
{
/* Loop over all sensors and groups
* - clear any outstanding alarms
* - clear any outstanding alarms
* - clear degrade of host
* ... while we deprovision the BMC */
for ( int i = 0 ; i < host_ptr->sensors ; i++ )
@@ -475,9 +483,9 @@ void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * h
{
hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORGROUP, host_ptr->group[g].group_name, REASON_DEPROVISIONED );
}
/* send the degrade anyway , just to be safe */
hwmon_send_event ( host_ptr->hostname, MTC_DEGRADE_CLEAR , "sensors" );
hwmon_send_event ( host_ptr->hostname, MTC_DEGRADE_CLEAR , "sensors" );
/* Bug Fix: This was outside the if bm_provisioned clause causing it
* to be called even if the bmc was not already provisioned
@@ -485,9 +493,6 @@ void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * h
hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORCFG, "sensors", REASON_DEPROVISIONED );
}
int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr, bool state )
{
int rc = FAIL_HOSTNAME_LOOKUP ;
@@ -510,7 +515,18 @@ int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr,
host_ptr->ping_info.ip = host_ptr->bm_ip ;
host_ptr->ping_info.hostname = host_ptr->hostname ;
ipmi_bmc_data_init ( host_ptr );
host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = get_bm_password (hostBase.get_uuid(host_ptr->hostname).data());
string host_uuid = hostBase.get_uuid( host_ptr->hostname );
barbicanSecret_type * secret = secretUtil_find_secret( host_uuid );
if ( secret )
{
secret->reference.clear() ;
secret->payload.clear() ;
secret->stage = MTC_SECRET__START ;
}
mtcTimer_start( host_ptr->secretTimer, hwmonTimer_handler, SECRET_START_DELAY );
host_ptr->thread_extra_info.bm_pw.clear() ;
host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ;
host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ;
}
@@ -709,6 +725,7 @@ int hwmonHostClass::add_host ( node_inv_type & inv )
host_ptr->sensor_query_count = 0 ;
/* Sensor Monitoring Thread 'Extra Request Information' */
host_ptr->empty_secret_log_throttle = 0 ;
host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ;
host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ;
host_ptr->thread_extra_info.bm_pw.clear() ;
@@ -779,7 +796,7 @@ int hwmonHostClass::rem_host ( string hostname )
hwmonHostClass::remHost ( hostname );
slog ("potential memory leak !\n");
}
/* Now remove the service specific component */
hostlist.remove ( hostname );
}
@@ -814,7 +831,7 @@ int hwmonHostClass::del_host ( string hostname )
{
int rc = FAIL_DEL_UNKNOWN ;
hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname );
if ( hwmon_host_ptr )
if ( hwmon_host_ptr )
{
rc = rem_host ( hostname );
if ( rc == PASS )
@@ -838,7 +855,7 @@ int hwmonHostClass::mon_host ( string hostname, bool monitor )
{
int rc = FAIL_UNKNOWN_HOSTNAME ;
hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname );
if ( hwmon_host_ptr )
if ( hwmon_host_ptr )
{
bool change = false ;
string want_state = "" ;
@@ -1013,6 +1030,10 @@ struct hwmonHostClass::hwmon_host * hwmonHostClass::getHost_timer ( timer_t tid
{
return host_ptr ;
}
if ( host_ptr->secretTimer.tid == tid )
{
return host_ptr ;
}
if ( host_ptr->ping_info.timer.tid == tid )
{
return host_ptr ;
@@ -1166,7 +1187,7 @@ int hwmonHostClass::add_sensor ( string hostname, sensor_type & sensor )
if ( rc )
{
elog ("%s '%s' sensor add failed\n", hostname.c_str() ,
elog ("%s '%s' sensor add failed\n", hostname.c_str(),
sensor.sensorname.c_str());
}
return (rc);
@@ -1197,8 +1218,8 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_sensorgroup ( string hostna
{
if ( !host_ptr->group[g].sensor_ptr[s]->sensorname.compare(entity_path) )
{
blog ("%s '%s' sensor found in '%s' group\n",
hostname.c_str(),
blog ("%s '%s' sensor found in '%s' group\n",
hostname.c_str(),
host_ptr->group[g].sensor_ptr[s]->sensorname.c_str(),
host_ptr->group[g].group_name.c_str());
@@ -1229,7 +1250,7 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_sensorgroup ( string hostna
*
* Name : hwmon_get_group
*
* Description : Returns a pointer to the sensor group that matches the supplied
* Description : Returns a pointer to the sensor group that matches the supplied
* group name.
*
**********************************************************************************/
@@ -1247,8 +1268,8 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_group ( string hostname, st
{
if ( !group_name.compare(host_ptr->group[i].group_name))
{
blog ("%s '%s' sensor group found\n",
hostname.c_str(),
blog ("%s '%s' sensor group found\n",
hostname.c_str(),
host_ptr->group[i].group_name.c_str());
return (&host_ptr->group[i]) ;
@@ -1306,7 +1327,7 @@ int hwmonHostClass::hwmon_add_group ( string hostname, struct sensor_group_type
host_ptr->group[i].hostname = hostname ;
host_ptr->interval_changed = true ;
host_ptr->group[i].group_interval = group.group_interval ;
host_ptr->group[i].sensortype = group.sensortype ;
@@ -1349,7 +1370,7 @@ int hwmonHostClass::hwmon_add_group ( string hostname, struct sensor_group_type
if ( rc )
{
elog ("%s '%s' sensor group add failed\n", hostname.c_str() ,
elog ("%s '%s' sensor group add failed\n", hostname.c_str(),
group.group_name.c_str());
}
return (rc);
@@ -1377,8 +1398,8 @@ int hwmonHostClass::add_group_uuid ( string & hostname, string & group_name, st
{
if ( !group_name.compare(host_ptr->group[i].group_name))
{
blog1 ("%s '%s' sensor group found\n",
hostname.c_str(),
blog1 ("%s '%s' sensor group found\n",
hostname.c_str(),
host_ptr->group[i].group_name.c_str());
host_ptr->group[i].group_uuid = uuid ;
@@ -1418,8 +1439,8 @@ int hwmonHostClass::add_sensor_uuid ( string & hostname, string & sensorname, s
{
if ( !sensorname.compare(host_ptr->sensor[i].sensorname))
{
blog1 ("%s '%s' sensor found\n",
hostname.c_str(),
blog1 ("%s '%s' sensor found\n",
hostname.c_str(),
host_ptr->sensor[i].sensorname.c_str());
host_ptr->sensor[i].uuid = uuid ;
@@ -2352,7 +2373,6 @@ void hwmonHostClass::mem_log_groups ( struct hwmonHostClass::hwmon_host * host_p
done = true ;
}
if ((( x % 8 == 0 ) & ( x != 0 )) || ( done == true ))
// if ( done == true )
{
if ( first == true )
{

27
mtce/src/hwmon/hwmonClass.h
View File

@@ -49,6 +49,10 @@ class hwmonHostClass
bool bm_provisioned ;
int empty_secret_log_throttle ;
libEvent secretEvent ;
/** set true once a connection is estabished and
* set false when error recovery is performed on the connection
**/
@@ -91,12 +95,13 @@ class hwmonHostClass
/** Pointer to the previous host in the list */
struct hwmon_host * prev;
/** Pointer to the next host in the list */
struct hwmon_host * next;
struct mtc_timer hostTimer ;
struct mtc_timer addTimer ;
struct mtc_timer secretTimer ;
bool monitor ; /* true if host's sensors are to be monitored */
@@ -232,9 +237,9 @@ class hwmonHostClass
int memory_allocs ;
/** A memory used counter
*
*
* A variable storing the accumulated host memory
*/
*/
int memory_used ;
struct hwmon_host * hwmon_head ; /**< Host Linked List Head pointer */
@@ -458,7 +463,7 @@ class hwmonHostClass
void timer_handler ( int sig, siginfo_t *si, void *uc);
/** This is a list of host names. */
/** This is a list of host names. */
std::list<string> hostlist ;
std::list<string>::iterator hostlist_iter_ptr ;
@@ -476,7 +481,7 @@ class hwmonHostClass
int hosts ;
/* This bool is set in the daemon_configure case to inform the
* FSM that there has been a configuration reload.
* FSM that there has been a configuration reload.
* The initial purpose if this bool is to trigger a full sensor
* dump of all hosts on demand */
bool config_reload ;
@@ -506,7 +511,7 @@ class hwmonHostClass
* Name: get_sensor
*
* Description: Returns a pointer to the host sensor
* that matches the supplied sensor name.
* that matches the supplied sensor name.
*
****************************************************************************/
sensor_type * get_sensor ( string hostname, string sensorname );
@@ -515,7 +520,7 @@ class hwmonHostClass
*
* Name: add_sensor
*
* Description: If the return code is PASS then the supplied sensor is
* Description: If the return code is PASS then the supplied sensor is
* provisioned against this host. If the sensor already exists
* then it is updated with all the new information. Otherwise
* (normally) a new sensor is added.
@@ -532,13 +537,13 @@ class hwmonHostClass
*
****************************************************************************/
int add_sensor_uuid ( string & hostname, string & name, string & uuid );
/****************************************************************************
*
* Name: hwmon_get_group
*
* Description: Returns a pointer to the host sensor group
* that matches the supplied sensor group name.
* that matches the supplied sensor group name.
****************************************************************************/
struct sensor_group_type * hwmon_get_group ( string hostname, string group_name );
@@ -547,7 +552,7 @@ class hwmonHostClass
* Name: hwmon_get_sensorgroup
*
* Description: Returns a pointer to the host sensor group
* that matches the supplied sensor name.
* that matches the supplied sensor name.
****************************************************************************/
struct sensor_group_type * hwmon_get_sensorgroup ( string hostname, string sensorname );
@@ -555,7 +560,7 @@ class hwmonHostClass
*
* Name: hwmon_add_group
*
* Description: If the return code is PASS then the supplied sensor group is
* Description: If the return code is PASS then the supplied sensor group is
* provisioned against this host. If the group already exists
* then it is updated with all the new information. Otherwise
* (normally) a new group is added to the hwmon class struct.

18
mtce/src/hwmon/hwmonFsm.cpp
View File

@@ -16,7 +16,7 @@
#include "hwmonHttp.h"
#include "hwmonSensor.h"
#include "hwmonThreads.h" /* for ... ipmitool_thread */
#include "secretUtil.h"
/**************************************************************************
@@ -155,9 +155,19 @@ void hwmonHostClass::hwmon_fsm ( void )
#endif
if (( host_ptr->thread_extra_info.bm_pw.empty ()) && ( host_ptr->ping_info.ok == true ))
{
wlog ( "%s bm password is empty ; learning and forcing reconnect\n", host_ptr->hostname.c_str());
host_ptr->ping_info.ok = false ;
host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = get_bm_password (hostBase.get_uuid(host_ptr->hostname).data());
string host_uuid = hostBase.get_uuid(host_ptr->hostname);
wlog_throttled ( host_ptr->empty_secret_log_throttle, 20,
"%s bm password is empty ; learning and forcing reconnect\n",
host_ptr->hostname.c_str());
barbicanSecret_type * secret = secretUtil_manage_secret( host_ptr->secretEvent,
host_uuid,
host_ptr->secretTimer,
hwmonTimer_handler );
if ( secret->stage == MTC_SECRET__GET_PWD_RECV )
{
host_ptr->ping_info.ok = false ;
host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = secret->payload ;
}
}
else if ( host_ptr->accessible )
{

6
mtce/src/hwmon/hwmonHdlr.cpp
View File

@@ -236,6 +236,12 @@ void hwmonHostClass::timer_handler ( int sig, siginfo_t *si, void *uc)
hwmon_host_ptr->relearn = false ;
return ;
}
else if (( *tid_ptr == hwmon_host_ptr->secretTimer.tid ) )
{
mtcTimer_stop_int_safe ( hwmon_host_ptr->secretTimer );
hwmon_host_ptr->secretTimer.ring = true ;
return ;
}
}
}
mtcTimer_stop_tid_int_safe (tid_ptr);

6
mtce/src/hwmon/hwmonInit.cpp
View File

@@ -151,6 +151,12 @@ int daemon_configure ( void )
return (FAIL_LOAD_INI);
}
if (ini_parse(SECRET_CFG_FILE, barbican_config_handler, &hwmon_config) < 0)
{
elog ("Can't load '%s'\n", SECRET_CFG_FILE );
return (FAIL_LOAD_INI);
}
/* tell the host service that there has been a config reload */
obj_ptr->config_reload = true ;