summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorShukun Song <song.shukun@jp.fujitsu.com>2022-09-12 16:47:36 +0900
committerShukun Song <song.shukun@jp.fujitsu.com>2022-11-15 12:15:11 +0900
commit1f4fabf88a72a9c489c45962592fbc04a50b07d0 (patch)
tree05029ade618b15937df382f27896e027b18ff65d
parent934b222711f99c846baeaed12239df4c97f81568 (diff)
downloadironic-1f4fabf88a72a9c489c45962592fbc04a50b07d0.tar.gz
Add support auth protocols for iRMC
This patch adds new SNMPv3 auth protocols to iRMC which are supported from iRMC S6. Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1 Story: 2010309 Task: 46353 (cherry picked from commit 233c6408389be5f3e271b46154943bc744e0290e) (cherry picked from commit be0e687538c60b5273bc5a24829c137ad36b1661)
-rw-r--r--doc/source/admin/drivers/irmc.rst7
-rw-r--r--ironic/conf/irmc.py17
-rw-r--r--ironic/drivers/modules/irmc/common.py7
-rw-r--r--ironic/drivers/modules/irmc/inspect.py9
-rw-r--r--ironic/drivers/modules/irmc/power.py7
-rw-r--r--releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml5
6 files changed, 40 insertions, 12 deletions
diff --git a/doc/source/admin/drivers/irmc.rst b/doc/source/admin/drivers/irmc.rst
index 3bd650479..a839e3d91 100644
--- a/doc/source/admin/drivers/irmc.rst
+++ b/doc/source/admin/drivers/irmc.rst
@@ -239,9 +239,10 @@ Configuration via ``ironic.conf``
and ``v2c``. The default value is ``public``. Optional.
- ``snmp_security``: SNMP security name required for version ``v3``.
Optional.
- - ``snmp_auth_proto``: The SNMPv3 auth protocol. The valid value and the
- default value are both ``sha``. We will add more supported valid values
- in the future. Optional.
+ - ``snmp_auth_proto``: The SNMPv3 auth protocol. If using iRMC S4 or S5, the
+ valid value of this option is only ``sha``. If using iRMC S6, the valid
+ values are ``sha256``, ``sha384`` and ``sha512``. The default value is
+ ``sha``. Optional.
- ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and
the default value are both ``aes``. We will add more supported valid values
in the future. Optional.
diff --git a/ironic/conf/irmc.py b/ironic/conf/irmc.py
index c52050913..2db8bb341 100644
--- a/ironic/conf/irmc.py
+++ b/ironic/conf/irmc.py
@@ -80,11 +80,22 @@ opts = [
help='SNMP polling interval in seconds'),
cfg.StrOpt('snmp_auth_proto',
default='sha',
- choices=[('sha', _('Secure Hash Algorithm 1'))],
+ choices=[('sha', _('Secure Hash Algorithm 1, supported in iRMC '
+ 'S4 and S5.')),
+ ('sha256', ('Secure Hash Algorithm 2 with 256 bits '
+ 'digest, only supported in iRMC S6.')),
+ ('sha384', ('Secure Hash Algorithm 2 with 384 bits '
+ 'digest, only supported in iRMC S6.')),
+ ('sha512', ('Secure Hash Algorithm 2 with 512 bits '
+ 'digest, only supported in iRMC S6.'))],
help=_("SNMPv3 message authentication protocol ID. "
"Required for version 'v3'. Will be ignored if the "
- "version of python-scciclient is before 0.12.2. 'sha' "
- "is supported.")),
+ "version of python-scciclient is before 0.12.2. The "
+ "valid options are 'sha', 'sha256', 'sha384' and "
+ "'sha512', while 'sha' is the only supported protocol "
+ "in iRMC S4 and S5, and from iRMC S6, 'sha256', "
+ "'sha384' and 'sha512' are supported, but 'sha' is not "
+ "supported any more.")),
cfg.StrOpt('snmp_priv_proto',
default='aes',
choices=[('aes', _('Advanced Encryption Standard'))],
diff --git a/ironic/drivers/modules/irmc/common.py b/ironic/drivers/modules/irmc/common.py
index 6bacb2266..3f0be587e 100644
--- a/ironic/drivers/modules/irmc/common.py
+++ b/ironic/drivers/modules/irmc/common.py
@@ -93,7 +93,9 @@ SNMP_V3_OPTIONAL_PROPERTIES = {
'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. "
"Required for version 'v3'. Will be ignored if "
"the version of python-scciclient is before "
- "0.12.2. 'sha' is supported."),
+ "0.12.2. If using iRMC S4/S5, only 'sha' is "
+ "supported. If using iRMC S6, the valid "
+ "options are 'sha256', 'sha384', 'sha512'."),
'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol "
"ID. Required for version 'v3'. Will be ignored "
"if the version of python-scciclient is before "
@@ -309,7 +311,8 @@ def _parse_snmp_driver_info(node, info):
def _parse_snmp_v3_crypto_info(info):
snmp_info = {}
- valid_values = {'irmc_snmp_auth_proto': ['sha'],
+ valid_values = {'irmc_snmp_auth_proto': ['sha', 'sha256', 'sha384',
+ 'sha512'],
'irmc_snmp_priv_proto': ['aes']}
valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols,
'irmc_snmp_priv_proto': snmp.snmp_priv_protocols}
diff --git a/ironic/drivers/modules/irmc/inspect.py b/ironic/drivers/modules/irmc/inspect.py
index d31143ee3..0b9e2a3b2 100644
--- a/ironic/drivers/modules/irmc/inspect.py
+++ b/ironic/drivers/modules/irmc/inspect.py
@@ -191,9 +191,14 @@ def _inspect_hardware(node, existing_traits=None, **kwargs):
except (scci.SCCIInvalidInputError,
scci.SCCIClientError,
exception.SNMPFailure) as e:
+ advice = ""
+ if ("SNMP operation" in str(e)):
+ advice = ("The SNMP related parameters' value may be different "
+ "with the server, please check if you have set them "
+ "correctly.")
error = (_("Inspection failed for node %(node_id)s "
- "with the following error: %(error)s") %
- {'node_id': node.uuid, 'error': e})
+ "with the following error: %(error)s. (advice)s") %
+ {'node_id': node.uuid, 'error': e, 'advice': advice})
raise exception.HardwareInspectionFailure(error=error)
return props, macs, new_traits
diff --git a/ironic/drivers/modules/irmc/power.py b/ironic/drivers/modules/irmc/power.py
index 28041d835..7cde9cdac 100644
--- a/ironic/drivers/modules/irmc/power.py
+++ b/ironic/drivers/modules/irmc/power.py
@@ -203,9 +203,12 @@ def _set_power_state(task, target_state, timeout=None):
_wait_power_state(task, states.SOFT_REBOOT, timeout=timeout)
except exception.SNMPFailure as snmp_exception:
+ advice = ("The SNMP related parameters' value may be different with "
+ "the server, please check if you have set them correctly.")
LOG.error("iRMC failed to acknowledge the target state "
- "for node %(node_id)s. Error: %(error)s",
- {'node_id': node.uuid, 'error': snmp_exception})
+ "for node %(node_id)s. Error: %(error)s. %(advice)s",
+ {'node_id': node.uuid, 'error': snmp_exception,
+ 'advice': advice})
raise exception.IRMCOperationError(operation=target_state,
error=snmp_exception)
diff --git a/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml
new file mode 100644
index 000000000..4d0c6bff2
--- /dev/null
+++ b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ Adds ``sha256``, ``sha384`` and ``sha512`` as supported SNMPv3
+ authentication protocols to iRMC driver.