Merge "Add support auth protocols for iRMC" into bugfix/21.0

author: Zuul <zuul@review.opendev.org> 2022-11-14 23:31:25 +0000
committer: Gerrit Code Review <review@openstack.org> 2022-11-14 23:31:25 +0000
commit: fe64d5e1ecd3bdeab25232d4ab06ef984753547f (patch)
tree: 6a264b3c656c44a7a48606eca069c610b5e4e6cf
parent: 4de58fa80763df74672a8b6d0b73483b1e8ed3e3 (diff)
parent: 66b91b1a140d16e77544240cd312c153eacf6516 (diff)
download: ironic-fe64d5e1ecd3bdeab25232d4ab06ef984753547f.tar.gz
6 files changed, 39 insertions, 11 deletions
diff --git a/doc/source/admin/drivers/irmc.rst b/doc/source/admin/drivers/irmc.rst
index 17b8d8644..521d464cb 100644
--- a/doc/source/admin/drivers/irmc.rst
+++ b/doc/source/admin/drivers/irmc.rst
@@ -229,9 +229,10 @@ Configuration via ``ironic.conf``
     and ``v2c``. The default value is ``public``. Optional.
   - ``snmp_security``: SNMP security name required for version ``v3``.
     Optional.
-  - ``snmp_auth_proto``: The SNMPv3 auth protocol. The valid value and the
-    default value are both ``sha``. We will add more supported valid values
-    in the future. Optional.
+  - ``snmp_auth_proto``: The SNMPv3 auth protocol. If using iRMC S4 or S5, the
+    valid value of this option is only ``sha``. If using iRMC S6, the valid
+    values are ``sha256``, ``sha384`` and ``sha512``. The default value is
+    ``sha``. Optional.
   - ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and
     the default value are both ``aes``. We will add more supported valid values
     in the future. Optional.
diff --git a/ironic/conf/irmc.py b/ironic/conf/irmc.py
index 7c319e2d8..68ee43b3a 100644
--- a/ironic/conf/irmc.py
+++ b/ironic/conf/irmc.py
@@ -81,9 +81,20 @@ opts = [
                help='SNMP polling interval in seconds'),
     cfg.StrOpt('snmp_auth_proto',
                default='sha',
-               choices=[('sha', _('Secure Hash Algorithm 1'))],
+               choices=[('sha', _('Secure Hash Algorithm 1, supported in iRMC '
+                         'S4 and S5.')),
+                        ('sha256', ('Secure Hash Algorithm 2 with 256 bits '
+                                    'digest, only supported in iRMC S6.')),
+                        ('sha384', ('Secure Hash Algorithm 2 with 384 bits '
+                                    'digest, only supported in iRMC S6.')),
+                        ('sha512', ('Secure Hash Algorithm 2 with 512 bits '
+                                    'digest, only supported in iRMC S6.'))],
                help=_("SNMPv3 message authentication protocol ID. "
-                      "Required for version 'v3'. 'sha' is supported.")),
+                      "Required for version 'v3'. The valid options are "
+                      "'sha', 'sha256', 'sha384' and 'sha512', while 'sha' is "
+                      "the only supported protocol in iRMC S4 and S5, and "
+                      "from iRMC S6, 'sha256', 'sha384' and 'sha512' are "
+                      "supported, but 'sha' is not supported any more.")),
     cfg.StrOpt('snmp_priv_proto',
                default='aes',
                choices=[('aes', _('Advanced Encryption Standard'))],
diff --git a/ironic/drivers/modules/irmc/common.py b/ironic/drivers/modules/irmc/common.py
index 7a8fc0f1d..2df85eeb6 100644
--- a/ironic/drivers/modules/irmc/common.py
+++ b/ironic/drivers/modules/irmc/common.py
@@ -83,7 +83,9 @@ SNMP_V3_REQUIRED_PROPERTIES = {
 SNMP_V3_OPTIONAL_PROPERTIES = {
     'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. "
                               "Required for version 'v3'. "
-                              "'sha' is supported."),
+                              "If using iRMC S4/S5, only 'sha' is supported."
+                              "If using iRMC S6, the valid options are "
+                              "'sha256', 'sha384', 'sha512'."),
     'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol "
                               "ID. Required for version 'v3'. "
                               "'aes' is supported."),
@@ -243,7 +245,8 @@ def _parse_snmp_driver_info(node, info):
 def _parse_snmp_v3_info(node, info):
     snmp_info = {}
     missing_info = []
-    valid_values = {'irmc_snmp_auth_proto': ['sha'],
+    valid_values = {'irmc_snmp_auth_proto': ['sha', 'sha256', 'sha384',
+                                             'sha512'],
                     'irmc_snmp_priv_proto': ['aes']}
     valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols,
                        'irmc_snmp_priv_proto': snmp.snmp_priv_protocols}
diff --git a/ironic/drivers/modules/irmc/inspect.py b/ironic/drivers/modules/irmc/inspect.py
index 9b6bff5bc..4b250cdfd 100644
--- a/ironic/drivers/modules/irmc/inspect.py
+++ b/ironic/drivers/modules/irmc/inspect.py
@@ -191,9 +191,14 @@ def _inspect_hardware(node, existing_traits=None, **kwargs):
     except (scci.SCCIInvalidInputError,
             scci.SCCIClientError,
             exception.SNMPFailure) as e:
+        advice = ""
+        if ("SNMP operation" in str(e)):
+            advice = ("The SNMP related parameters' value may be different "
+                      "with the server, please check if you have set them "
+                      "correctly.")
         error = (_("Inspection failed for node %(node_id)s "
-                   "with the following error: %(error)s") %
-                 {'node_id': node.uuid, 'error': e})
+                   "with the following error: %(error)s. (advice)s") %
+                 {'node_id': node.uuid, 'error': e, 'advice': advice})
         raise exception.HardwareInspectionFailure(error=error)
 
     return props, macs, new_traits
diff --git a/ironic/drivers/modules/irmc/power.py b/ironic/drivers/modules/irmc/power.py
index 28041d835..7cde9cdac 100644
--- a/ironic/drivers/modules/irmc/power.py
+++ b/ironic/drivers/modules/irmc/power.py
@@ -203,9 +203,12 @@ def _set_power_state(task, target_state, timeout=None):
             _wait_power_state(task, states.SOFT_REBOOT, timeout=timeout)
 
     except exception.SNMPFailure as snmp_exception:
+        advice = ("The SNMP related parameters' value may be different with "
+                  "the server, please check if you have set them correctly.")
         LOG.error("iRMC failed to acknowledge the target state "
-                  "for node %(node_id)s. Error: %(error)s",
-                  {'node_id': node.uuid, 'error': snmp_exception})
+                  "for node %(node_id)s. Error: %(error)s. %(advice)s",
+                  {'node_id': node.uuid, 'error': snmp_exception,
+                   'advice': advice})
         raise exception.IRMCOperationError(operation=target_state,
                                            error=snmp_exception)
 
diff --git a/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml
new file mode 100644
index 000000000..4d0c6bff2
--- /dev/null
+++ b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Adds ``sha256``, ``sha384`` and ``sha512`` as supported SNMPv3
+    authentication protocols to iRMC driver.
author	Zuul <zuul@review.opendev.org>	2022-11-14 23:31:25 +0000
committer	Gerrit Code Review <review@openstack.org>	2022-11-14 23:31:25 +0000
commit	fe64d5e1ecd3bdeab25232d4ab06ef984753547f (patch)
tree	6a264b3c656c44a7a48606eca069c610b5e4e6cf
parent	4de58fa80763df74672a8b6d0b73483b1e8ed3e3 (diff)
parent	66b91b1a140d16e77544240cd312c153eacf6516 (diff)
download	ironic-fe64d5e1ecd3bdeab25232d4ab06ef984753547f.tar.gz