diff options
author | Shukun Song <song.shukun@jp.fujitsu.com> | 2022-09-12 16:47:36 +0900 |
---|---|---|
committer | Shukun Song <song.shukun@jp.fujitsu.com> | 2022-11-15 12:15:11 +0900 |
commit | 1f4fabf88a72a9c489c45962592fbc04a50b07d0 (patch) | |
tree | 05029ade618b15937df382f27896e027b18ff65d | |
parent | 934b222711f99c846baeaed12239df4c97f81568 (diff) | |
download | ironic-1f4fabf88a72a9c489c45962592fbc04a50b07d0.tar.gz |
Add support auth protocols for iRMC
This patch adds new SNMPv3 auth protocols to iRMC which are supported
from iRMC S6.
Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1
Story: 2010309
Task: 46353
(cherry picked from commit 233c6408389be5f3e271b46154943bc744e0290e)
(cherry picked from commit be0e687538c60b5273bc5a24829c137ad36b1661)
-rw-r--r-- | doc/source/admin/drivers/irmc.rst | 7 | ||||
-rw-r--r-- | ironic/conf/irmc.py | 17 | ||||
-rw-r--r-- | ironic/drivers/modules/irmc/common.py | 7 | ||||
-rw-r--r-- | ironic/drivers/modules/irmc/inspect.py | 9 | ||||
-rw-r--r-- | ironic/drivers/modules/irmc/power.py | 7 | ||||
-rw-r--r-- | releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml | 5 |
6 files changed, 40 insertions, 12 deletions
diff --git a/doc/source/admin/drivers/irmc.rst b/doc/source/admin/drivers/irmc.rst index 3bd650479..a839e3d91 100644 --- a/doc/source/admin/drivers/irmc.rst +++ b/doc/source/admin/drivers/irmc.rst @@ -239,9 +239,10 @@ Configuration via ``ironic.conf`` and ``v2c``. The default value is ``public``. Optional. - ``snmp_security``: SNMP security name required for version ``v3``. Optional. - - ``snmp_auth_proto``: The SNMPv3 auth protocol. The valid value and the - default value are both ``sha``. We will add more supported valid values - in the future. Optional. + - ``snmp_auth_proto``: The SNMPv3 auth protocol. If using iRMC S4 or S5, the + valid value of this option is only ``sha``. If using iRMC S6, the valid + values are ``sha256``, ``sha384`` and ``sha512``. The default value is + ``sha``. Optional. - ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and the default value are both ``aes``. We will add more supported valid values in the future. Optional. diff --git a/ironic/conf/irmc.py b/ironic/conf/irmc.py index c52050913..2db8bb341 100644 --- a/ironic/conf/irmc.py +++ b/ironic/conf/irmc.py @@ -80,11 +80,22 @@ opts = [ help='SNMP polling interval in seconds'), cfg.StrOpt('snmp_auth_proto', default='sha', - choices=[('sha', _('Secure Hash Algorithm 1'))], + choices=[('sha', _('Secure Hash Algorithm 1, supported in iRMC ' + 'S4 and S5.')), + ('sha256', ('Secure Hash Algorithm 2 with 256 bits ' + 'digest, only supported in iRMC S6.')), + ('sha384', ('Secure Hash Algorithm 2 with 384 bits ' + 'digest, only supported in iRMC S6.')), + ('sha512', ('Secure Hash Algorithm 2 with 512 bits ' + 'digest, only supported in iRMC S6.'))], help=_("SNMPv3 message authentication protocol ID. " "Required for version 'v3'. Will be ignored if the " - "version of python-scciclient is before 0.12.2. 'sha' " - "is supported.")), + "version of python-scciclient is before 0.12.2. The " + "valid options are 'sha', 'sha256', 'sha384' and " + "'sha512', while 'sha' is the only supported protocol " + "in iRMC S4 and S5, and from iRMC S6, 'sha256', " + "'sha384' and 'sha512' are supported, but 'sha' is not " + "supported any more.")), cfg.StrOpt('snmp_priv_proto', default='aes', choices=[('aes', _('Advanced Encryption Standard'))], diff --git a/ironic/drivers/modules/irmc/common.py b/ironic/drivers/modules/irmc/common.py index 6bacb2266..3f0be587e 100644 --- a/ironic/drivers/modules/irmc/common.py +++ b/ironic/drivers/modules/irmc/common.py @@ -93,7 +93,9 @@ SNMP_V3_OPTIONAL_PROPERTIES = { 'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. " "Required for version 'v3'. Will be ignored if " "the version of python-scciclient is before " - "0.12.2. 'sha' is supported."), + "0.12.2. If using iRMC S4/S5, only 'sha' is " + "supported. If using iRMC S6, the valid " + "options are 'sha256', 'sha384', 'sha512'."), 'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol " "ID. Required for version 'v3'. Will be ignored " "if the version of python-scciclient is before " @@ -309,7 +311,8 @@ def _parse_snmp_driver_info(node, info): def _parse_snmp_v3_crypto_info(info): snmp_info = {} - valid_values = {'irmc_snmp_auth_proto': ['sha'], + valid_values = {'irmc_snmp_auth_proto': ['sha', 'sha256', 'sha384', + 'sha512'], 'irmc_snmp_priv_proto': ['aes']} valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols, 'irmc_snmp_priv_proto': snmp.snmp_priv_protocols} diff --git a/ironic/drivers/modules/irmc/inspect.py b/ironic/drivers/modules/irmc/inspect.py index d31143ee3..0b9e2a3b2 100644 --- a/ironic/drivers/modules/irmc/inspect.py +++ b/ironic/drivers/modules/irmc/inspect.py @@ -191,9 +191,14 @@ def _inspect_hardware(node, existing_traits=None, **kwargs): except (scci.SCCIInvalidInputError, scci.SCCIClientError, exception.SNMPFailure) as e: + advice = "" + if ("SNMP operation" in str(e)): + advice = ("The SNMP related parameters' value may be different " + "with the server, please check if you have set them " + "correctly.") error = (_("Inspection failed for node %(node_id)s " - "with the following error: %(error)s") % - {'node_id': node.uuid, 'error': e}) + "with the following error: %(error)s. (advice)s") % + {'node_id': node.uuid, 'error': e, 'advice': advice}) raise exception.HardwareInspectionFailure(error=error) return props, macs, new_traits diff --git a/ironic/drivers/modules/irmc/power.py b/ironic/drivers/modules/irmc/power.py index 28041d835..7cde9cdac 100644 --- a/ironic/drivers/modules/irmc/power.py +++ b/ironic/drivers/modules/irmc/power.py @@ -203,9 +203,12 @@ def _set_power_state(task, target_state, timeout=None): _wait_power_state(task, states.SOFT_REBOOT, timeout=timeout) except exception.SNMPFailure as snmp_exception: + advice = ("The SNMP related parameters' value may be different with " + "the server, please check if you have set them correctly.") LOG.error("iRMC failed to acknowledge the target state " - "for node %(node_id)s. Error: %(error)s", - {'node_id': node.uuid, 'error': snmp_exception}) + "for node %(node_id)s. Error: %(error)s. %(advice)s", + {'node_id': node.uuid, 'error': snmp_exception, + 'advice': advice}) raise exception.IRMCOperationError(operation=target_state, error=snmp_exception) diff --git a/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml new file mode 100644 index 000000000..4d0c6bff2 --- /dev/null +++ b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Adds ``sha256``, ``sha384`` and ``sha512`` as supported SNMPv3 + authentication protocols to iRMC driver. |