Add support auth protocols for iRMC

This patch adds new SNMPv3 auth protocols to iRMC which are supported from iRMC S6. Conflicts: ironic/conf/irmc.py ironic/drivers/modules/irmc/common.py Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1 Story: 2010309 Task: 46353 (cherry picked from commit 233c6408389be5f3e271b46154943bc744e0290e) (cherry picked from commit be0e687538c60b5273bc5a24829c137ad36b1661)
author: Shukun Song <song.shukun@jp.fujitsu.com> 2022-09-12 16:47:36 +0900
committer: Shukun Song <song.shukun@jp.fujitsu.com> 2022-11-29 16:40:52 +0900
commit: 6aaf4e69ec78e5a67d95b8d22450ae30ce857c1c (patch)
tree: 5b4bfd946edb6ea86b9366adaa40d0cb4a4d5837
parent: ef0e33edf2b0420dc7fe851e41128ff86dc8ffed (diff)
download: ironic-6aaf4e69ec78e5a67d95b8d22450ae30ce857c1c.tar.gz
6 files changed, 40 insertions, 12 deletions
diff --git a/doc/source/admin/drivers/irmc.rst b/doc/source/admin/drivers/irmc.rst
index 0a9c3a1ea..259059222 100644
--- a/doc/source/admin/drivers/irmc.rst
+++ b/doc/source/admin/drivers/irmc.rst
@@ -239,9 +239,10 @@ Configuration via ``ironic.conf``
     and ``v2c``. The default value is ``public``. Optional.
   - ``snmp_security``: SNMP security name required for version ``v3``.
     Optional.
-  - ``snmp_auth_proto``: The SNMPv3 auth protocol. The valid value and the
-    default value are both ``sha``. We will add more supported valid values
-    in the future. Optional.
+  - ``snmp_auth_proto``: The SNMPv3 auth protocol. If using iRMC S4 or S5, the
+    valid value of this option is only ``sha``. If using iRMC S6, the valid
+    values are ``sha256``, ``sha384`` and ``sha512``. The default value is
+    ``sha``. Optional.
   - ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and
     the default value are both ``aes``. We will add more supported valid values
     in the future. Optional.
diff --git a/ironic/conf/irmc.py b/ironic/conf/irmc.py
index f417ae2db..11c9d3a0e 100644
--- a/ironic/conf/irmc.py
+++ b/ironic/conf/irmc.py
@@ -80,11 +80,22 @@ opts = [
                help='SNMP polling interval in seconds'),
     cfg.StrOpt('snmp_auth_proto',
                default='sha',
-               choices=[('sha', _('Secure Hash Algorithm 1'))],
+               choices=[('sha', _('Secure Hash Algorithm 1, supported in iRMC '
+                         'S4 and S5.')),
+                        ('sha256', ('Secure Hash Algorithm 2 with 256 bits '
+                                    'digest, only supported in iRMC S6.')),
+                        ('sha384', ('Secure Hash Algorithm 2 with 384 bits '
+                                    'digest, only supported in iRMC S6.')),
+                        ('sha512', ('Secure Hash Algorithm 2 with 512 bits '
+                                    'digest, only supported in iRMC S6.'))],
                help=_("SNMPv3 message authentication protocol ID. "
                       "Required for version 'v3'. Will be ignored if the "
-                      "version of python-scciclient is before 0.11.3. 'sha' "
-                      "is supported.")),
+                      "version of python-scciclient is before 0.11.3. The "
+                      "valid options are 'sha', 'sha256', 'sha384' and "
+                      "'sha512', while 'sha' is the only supported protocol "
+                      "in iRMC S4 and S5, and from iRMC S6, 'sha256', "
+                      "'sha384' and 'sha512' are supported, but 'sha' is not "
+                      "supported any more.")),
     cfg.StrOpt('snmp_priv_proto',
                default='aes',
                choices=[('aes', _('Advanced Encryption Standard'))],
diff --git a/ironic/drivers/modules/irmc/common.py b/ironic/drivers/modules/irmc/common.py
index 85a038692..c437f62e2 100644
--- a/ironic/drivers/modules/irmc/common.py
+++ b/ironic/drivers/modules/irmc/common.py
@@ -93,7 +93,9 @@ SNMP_V3_OPTIONAL_PROPERTIES = {
     'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. "
                               "Required for version 'v3'. Will be ignored if "
                               "the version of python-scciclient is before "
-                              "0.11.3. 'sha' is supported."),
+                              "0.11.3. If using iRMC S4/S5, only 'sha' is "
+                              "supported. If using iRMC S6, the valid "
+                              "options are 'sha256', 'sha384', 'sha512'."),
     'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol "
                               "ID. Required for version 'v3'. Will be ignored "
                               "if the version of python-scciclient is before "
@@ -309,7 +311,8 @@ def _parse_snmp_driver_info(node, info):
 
 def _parse_snmp_v3_crypto_info(info):
     snmp_info = {}
-    valid_values = {'irmc_snmp_auth_proto': ['sha'],
+    valid_values = {'irmc_snmp_auth_proto': ['sha', 'sha256', 'sha384',
+                                             'sha512'],
                     'irmc_snmp_priv_proto': ['aes']}
     valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols,
                        'irmc_snmp_priv_proto': snmp.snmp_priv_protocols}
diff --git a/ironic/drivers/modules/irmc/inspect.py b/ironic/drivers/modules/irmc/inspect.py
index d31143ee3..0b9e2a3b2 100644
--- a/ironic/drivers/modules/irmc/inspect.py
+++ b/ironic/drivers/modules/irmc/inspect.py
@@ -191,9 +191,14 @@ def _inspect_hardware(node, existing_traits=None, **kwargs):
     except (scci.SCCIInvalidInputError,
             scci.SCCIClientError,
             exception.SNMPFailure) as e:
+        advice = ""
+        if ("SNMP operation" in str(e)):
+            advice = ("The SNMP related parameters' value may be different "
+                      "with the server, please check if you have set them "
+                      "correctly.")
         error = (_("Inspection failed for node %(node_id)s "
-                   "with the following error: %(error)s") %
-                 {'node_id': node.uuid, 'error': e})
+                   "with the following error: %(error)s. (advice)s") %
+                 {'node_id': node.uuid, 'error': e, 'advice': advice})
         raise exception.HardwareInspectionFailure(error=error)
 
     return props, macs, new_traits
diff --git a/ironic/drivers/modules/irmc/power.py b/ironic/drivers/modules/irmc/power.py
index 28041d835..7cde9cdac 100644
--- a/ironic/drivers/modules/irmc/power.py
+++ b/ironic/drivers/modules/irmc/power.py
@@ -203,9 +203,12 @@ def _set_power_state(task, target_state, timeout=None):
             _wait_power_state(task, states.SOFT_REBOOT, timeout=timeout)
 
     except exception.SNMPFailure as snmp_exception:
+        advice = ("The SNMP related parameters' value may be different with "
+                  "the server, please check if you have set them correctly.")
         LOG.error("iRMC failed to acknowledge the target state "
-                  "for node %(node_id)s. Error: %(error)s",
-                  {'node_id': node.uuid, 'error': snmp_exception})
+                  "for node %(node_id)s. Error: %(error)s. %(advice)s",
+                  {'node_id': node.uuid, 'error': snmp_exception,
+                   'advice': advice})
         raise exception.IRMCOperationError(operation=target_state,
                                            error=snmp_exception)
 
diff --git a/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml
new file mode 100644
index 000000000..4d0c6bff2
--- /dev/null
+++ b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Adds ``sha256``, ``sha384`` and ``sha512`` as supported SNMPv3
+    authentication protocols to iRMC driver.
author	Shukun Song <song.shukun@jp.fujitsu.com>	2022-09-12 16:47:36 +0900
committer	Shukun Song <song.shukun@jp.fujitsu.com>	2022-11-29 16:40:52 +0900
commit	6aaf4e69ec78e5a67d95b8d22450ae30ce857c1c (patch)
tree	5b4bfd946edb6ea86b9366adaa40d0cb4a4d5837
parent	ef0e33edf2b0420dc7fe851e41128ff86dc8ffed (diff)
download	ironic-6aaf4e69ec78e5a67d95b8d22450ae30ce857c1c.tar.gz