Kg key for IPMIv2 authentication

Support for the -y option of ipmitool

Quote from docs:
-y <hex key>
Use supplied Kg key for IPMIv2 authentication. The key is expected
in hexadecimal format and can be used to specify keys with non-printable
characters. E.g. '-k PASSWORD' and '-y 50415353574F5244' are equivalent.
The default is not to use any Kg key.

Change-Id: Ie6a9fc1a41d924e30eff526b3eae929ce6e085c6
Story: #2005158
Task: #29876
This commit is contained in:
Nikolay Fedotov 2019-03-05 14:50:57 +03:00 committed by Julia Kreger
parent 2eceb3c8ab
commit 82704e6d8d
4 changed files with 35 additions and 1 deletions

View File

@ -72,6 +72,9 @@ REQUIRED_PROPERTIES = {
} }
OPTIONAL_PROPERTIES = { OPTIONAL_PROPERTIES = {
'ipmi_password': _("password. Optional."), 'ipmi_password': _("password. Optional."),
'ipmi_hex_kg_key': _('Kg key for IPMIv2 authentication. '
'The key is expected in hexadecimal format. '
'Optional.'),
'ipmi_port': _("remote IPMI RMCP port. Optional."), 'ipmi_port': _("remote IPMI RMCP port. Optional."),
'ipmi_priv_level': _("privilege level; default is ADMINISTRATOR. One of " 'ipmi_priv_level': _("privilege level; default is ADMINISTRATOR. One of "
"%s. Optional.") % ', '.join(VALID_PRIV_LEVELS), "%s. Optional.") % ', '.join(VALID_PRIV_LEVELS),
@ -282,6 +285,7 @@ def _parse_driver_info(node):
address = info.get('ipmi_address') address = info.get('ipmi_address')
username = info.get('ipmi_username') username = info.get('ipmi_username')
password = six.text_type(info.get('ipmi_password', '')) password = six.text_type(info.get('ipmi_password', ''))
hex_kg_key = info.get('ipmi_hex_kg_key')
dest_port = info.get('ipmi_port') dest_port = info.get('ipmi_port')
port = info.get('ipmi_terminal_port') port = info.get('ipmi_terminal_port')
priv_level = info.get('ipmi_priv_level', 'ADMINISTRATOR') priv_level = info.get('ipmi_priv_level', 'ADMINISTRATOR')
@ -361,11 +365,16 @@ def _parse_driver_info(node):
" can be one of %(valid_levels)s") % " can be one of %(valid_levels)s") %
{'priv_level': priv_level, 'valid_levels': valid_priv_lvls}) {'priv_level': priv_level, 'valid_levels': valid_priv_lvls})
if hex_kg_key and len(hex_kg_key) % 2 != 0:
raise exception.InvalidParameterValue(_(
"Number of ipmi_hex_kg_key characters is not even"))
return { return {
'address': address, 'address': address,
'dest_port': dest_port, 'dest_port': dest_port,
'username': username, 'username': username,
'password': password, 'password': password,
'hex_kg_key': hex_kg_key,
'port': port, 'port': port,
'uuid': node.uuid, 'uuid': node.uuid,
'priv_level': priv_level, 'priv_level': priv_level,
@ -423,6 +432,10 @@ def _get_ipmitool_args(driver_info, pw_file=None):
args.append('-U') args.append('-U')
args.append(driver_info['username']) args.append(driver_info['username'])
if driver_info['hex_kg_key']:
args.append('-y')
args.append(driver_info['hex_kg_key'])
for name, option in BRIDGING_OPTIONS: for name, option in BRIDGING_OPTIONS:
if driver_info[name] is not None: if driver_info[name] is not None:
args.append(option) args.append(option)

View File

@ -7165,7 +7165,7 @@ class ManagerTestProperties(mgr_utils.ServiceSetUpMixin, db_base.DbTestCase):
'force_persistent_boot_device', 'ipmi_protocol_version', 'force_persistent_boot_device', 'ipmi_protocol_version',
'ipmi_force_boot_device', 'deploy_forces_oob_reboot', 'ipmi_force_boot_device', 'deploy_forces_oob_reboot',
'rescue_kernel', 'rescue_ramdisk', 'rescue_kernel', 'rescue_ramdisk',
'ipmi_disable_boot_timeout'] 'ipmi_disable_boot_timeout', 'ipmi_hex_kg_key']
self._check_driver_properties("ipmi", expected) self._check_driver_properties("ipmi", expected)
def test_driver_properties_snmp(self): def test_driver_properties_snmp(self):

View File

@ -779,6 +779,20 @@ class IPMIToolPrivateMethodTestCase(Base):
self.assertRaises(exception.InvalidParameterValue, self.assertRaises(exception.InvalidParameterValue,
ipmi._parse_driver_info, node) ipmi._parse_driver_info, node)
def test__parse_driver_info_ipmi_hex_kg_key(self):
info = dict(INFO_DICT)
info['ipmi_hex_kg_key'] = 'A115023E08E23F7F8DC4BB443A1A75F160763A43'
node = obj_utils.get_test_node(self.context, driver_info=info)
ret = ipmi._parse_driver_info(node)
self.assertEqual(info['ipmi_hex_kg_key'], ret['hex_kg_key'])
def test__parse_driver_info_ipmi_hex_kg_key_odd_chars(self):
info = dict(INFO_DICT)
info['ipmi_hex_kg_key'] = 'A115023E08E23F7F8DC4BB443A1A75F160763A4'
node = obj_utils.get_test_node(self.context, driver_info=info)
self.assertRaises(exception.InvalidParameterValue,
ipmi._parse_driver_info, node)
def test__parse_driver_info_ipmi_port_valid(self): def test__parse_driver_info_ipmi_port_valid(self):
info = dict(INFO_DICT) info = dict(INFO_DICT)
info['ipmi_port'] = '623' info['ipmi_port'] = '623'

View File

@ -0,0 +1,7 @@
---
features:
- |
New property ``ipmi_hex_kg_key`` for the ipmi based interfaces.
The property enables user to set the Kg key for IPMIv2 authentication in
hexadecimal format. This value is provided to ``ipmitool`` as
the -y argument.