openstack/ironic
Code Issues Proposed changes

Kg key for IPMIv2 authentication

Browse Source 
Support for the -y option of ipmitool

Quote from docs:
-y <hex key>
Use supplied Kg key for IPMIv2 authentication. The key is expected
in hexadecimal format and can be used to specify keys with non-printable
characters. E.g. '-k PASSWORD' and '-y 50415353574F5244' are equivalent.
The default is not to use any Kg key.

Change-Id: Ie6a9fc1a41d924e30eff526b3eae929ce6e085c6
Story: #2005158
Task: #29876
This commit is contained in:
Nikolay Fedotov 2019-03-05 14:50:57 +03:00 committed by Julia Kreger
parent 2eceb3c8ab
commit 82704e6d8d
4 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ironic/drivers/modules/ipmitool.py
View File

@ -72,6 +72,9 @@ REQUIRED_PROPERTIES = {
}
OPTIONAL_PROPERTIES = {
'ipmi_password': _("password. Optional."),
'ipmi_hex_kg_key': _('Kg key for IPMIv2 authentication. '
'The key is expected in hexadecimal format. '
'Optional.'),
'ipmi_port': _("remote IPMI RMCP port. Optional."),
'ipmi_priv_level': _("privilege level; default is ADMINISTRATOR. One of "
"%s. Optional.") % ', '.join(VALID_PRIV_LEVELS),
@ -282,6 +285,7 @@ def _parse_driver_info(node):
address = info.get('ipmi_address')
username = info.get('ipmi_username')
password = six.text_type(info.get('ipmi_password', ''))
hex_kg_key = info.get('ipmi_hex_kg_key')
dest_port = info.get('ipmi_port')
port = info.get('ipmi_terminal_port')
priv_level = info.get('ipmi_priv_level', 'ADMINISTRATOR')
@ -361,11 +365,16 @@ def _parse_driver_info(node):
" can be one of %(valid_levels)s") %
{'priv_level': priv_level, 'valid_levels': valid_priv_lvls})
if hex_kg_key and len(hex_kg_key) % 2 != 0:
raise exception.InvalidParameterValue(_(
"Number of ipmi_hex_kg_key characters is not even"))
return {
'address': address,
'dest_port': dest_port,
'username': username,
'password': password,
'hex_kg_key': hex_kg_key,
'port': port,
'uuid': node.uuid,
'priv_level': priv_level,
@ -423,6 +432,10 @@ def _get_ipmitool_args(driver_info, pw_file=None):
args.append('-U')
args.append(driver_info['username'])
if driver_info['hex_kg_key']:
args.append('-y')
args.append(driver_info['hex_kg_key'])
for name, option in BRIDGING_OPTIONS:
if driver_info[name] is not None:
args.append(option)

2
ironic/tests/unit/conductor/test_manager.py
View File

@ -7165,7 +7165,7 @@ class ManagerTestProperties(mgr_utils.ServiceSetUpMixin, db_base.DbTestCase):
'force_persistent_boot_device', 'ipmi_protocol_version',
'ipmi_force_boot_device', 'deploy_forces_oob_reboot',
'rescue_kernel', 'rescue_ramdisk',
'ipmi_disable_boot_timeout']
'ipmi_disable_boot_timeout', 'ipmi_hex_kg_key']
self._check_driver_properties("ipmi", expected)
def test_driver_properties_snmp(self):

14
ironic/tests/unit/drivers/modules/test_ipmitool.py
View File

@ -779,6 +779,20 @@ class IPMIToolPrivateMethodTestCase(Base):
self.assertRaises(exception.InvalidParameterValue,
ipmi._parse_driver_info, node)
def test__parse_driver_info_ipmi_hex_kg_key(self):
info = dict(INFO_DICT)
info['ipmi_hex_kg_key'] = 'A115023E08E23F7F8DC4BB443A1A75F160763A43'
node = obj_utils.get_test_node(self.context, driver_info=info)
ret = ipmi._parse_driver_info(node)
self.assertEqual(info['ipmi_hex_kg_key'], ret['hex_kg_key'])
def test__parse_driver_info_ipmi_hex_kg_key_odd_chars(self):
info = dict(INFO_DICT)
info['ipmi_hex_kg_key'] = 'A115023E08E23F7F8DC4BB443A1A75F160763A4'
node = obj_utils.get_test_node(self.context, driver_info=info)
self.assertRaises(exception.InvalidParameterValue,
ipmi._parse_driver_info, node)
def test__parse_driver_info_ipmi_port_valid(self):
info = dict(INFO_DICT)
info['ipmi_port'] = '623'

7
releasenotes/notes/ipmi_hex_kg_key-8f6caabe5b7d7a9b.yaml Normal file
View File

@ -0,0 +1,7 @@
---
features:
- |
New property ``ipmi_hex_kg_key`` for the ipmi based interfaces.
The property enables user to set the Kg key for IPMIv2 authentication in
hexadecimal format. This value is provided to ``ipmitool`` as
the -y argument.