Kg key for IPMIv2 authentication
Support for the -y option of ipmitool Quote from docs: -y <hex key> Use supplied Kg key for IPMIv2 authentication. The key is expected in hexadecimal format and can be used to specify keys with non-printable characters. E.g. '-k PASSWORD' and '-y 50415353574F5244' are equivalent. The default is not to use any Kg key. Change-Id: Ie6a9fc1a41d924e30eff526b3eae929ce6e085c6 Story: #2005158 Task: #29876
This commit is contained in:
parent
2eceb3c8ab
commit
82704e6d8d
@ -72,6 +72,9 @@ REQUIRED_PROPERTIES = {
|
|||||||
}
|
}
|
||||||
OPTIONAL_PROPERTIES = {
|
OPTIONAL_PROPERTIES = {
|
||||||
'ipmi_password': _("password. Optional."),
|
'ipmi_password': _("password. Optional."),
|
||||||
|
'ipmi_hex_kg_key': _('Kg key for IPMIv2 authentication. '
|
||||||
|
'The key is expected in hexadecimal format. '
|
||||||
|
'Optional.'),
|
||||||
'ipmi_port': _("remote IPMI RMCP port. Optional."),
|
'ipmi_port': _("remote IPMI RMCP port. Optional."),
|
||||||
'ipmi_priv_level': _("privilege level; default is ADMINISTRATOR. One of "
|
'ipmi_priv_level': _("privilege level; default is ADMINISTRATOR. One of "
|
||||||
"%s. Optional.") % ', '.join(VALID_PRIV_LEVELS),
|
"%s. Optional.") % ', '.join(VALID_PRIV_LEVELS),
|
||||||
@ -282,6 +285,7 @@ def _parse_driver_info(node):
|
|||||||
address = info.get('ipmi_address')
|
address = info.get('ipmi_address')
|
||||||
username = info.get('ipmi_username')
|
username = info.get('ipmi_username')
|
||||||
password = six.text_type(info.get('ipmi_password', ''))
|
password = six.text_type(info.get('ipmi_password', ''))
|
||||||
|
hex_kg_key = info.get('ipmi_hex_kg_key')
|
||||||
dest_port = info.get('ipmi_port')
|
dest_port = info.get('ipmi_port')
|
||||||
port = info.get('ipmi_terminal_port')
|
port = info.get('ipmi_terminal_port')
|
||||||
priv_level = info.get('ipmi_priv_level', 'ADMINISTRATOR')
|
priv_level = info.get('ipmi_priv_level', 'ADMINISTRATOR')
|
||||||
@ -361,11 +365,16 @@ def _parse_driver_info(node):
|
|||||||
" can be one of %(valid_levels)s") %
|
" can be one of %(valid_levels)s") %
|
||||||
{'priv_level': priv_level, 'valid_levels': valid_priv_lvls})
|
{'priv_level': priv_level, 'valid_levels': valid_priv_lvls})
|
||||||
|
|
||||||
|
if hex_kg_key and len(hex_kg_key) % 2 != 0:
|
||||||
|
raise exception.InvalidParameterValue(_(
|
||||||
|
"Number of ipmi_hex_kg_key characters is not even"))
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'address': address,
|
'address': address,
|
||||||
'dest_port': dest_port,
|
'dest_port': dest_port,
|
||||||
'username': username,
|
'username': username,
|
||||||
'password': password,
|
'password': password,
|
||||||
|
'hex_kg_key': hex_kg_key,
|
||||||
'port': port,
|
'port': port,
|
||||||
'uuid': node.uuid,
|
'uuid': node.uuid,
|
||||||
'priv_level': priv_level,
|
'priv_level': priv_level,
|
||||||
@ -423,6 +432,10 @@ def _get_ipmitool_args(driver_info, pw_file=None):
|
|||||||
args.append('-U')
|
args.append('-U')
|
||||||
args.append(driver_info['username'])
|
args.append(driver_info['username'])
|
||||||
|
|
||||||
|
if driver_info['hex_kg_key']:
|
||||||
|
args.append('-y')
|
||||||
|
args.append(driver_info['hex_kg_key'])
|
||||||
|
|
||||||
for name, option in BRIDGING_OPTIONS:
|
for name, option in BRIDGING_OPTIONS:
|
||||||
if driver_info[name] is not None:
|
if driver_info[name] is not None:
|
||||||
args.append(option)
|
args.append(option)
|
||||||
|
@ -7165,7 +7165,7 @@ class ManagerTestProperties(mgr_utils.ServiceSetUpMixin, db_base.DbTestCase):
|
|||||||
'force_persistent_boot_device', 'ipmi_protocol_version',
|
'force_persistent_boot_device', 'ipmi_protocol_version',
|
||||||
'ipmi_force_boot_device', 'deploy_forces_oob_reboot',
|
'ipmi_force_boot_device', 'deploy_forces_oob_reboot',
|
||||||
'rescue_kernel', 'rescue_ramdisk',
|
'rescue_kernel', 'rescue_ramdisk',
|
||||||
'ipmi_disable_boot_timeout']
|
'ipmi_disable_boot_timeout', 'ipmi_hex_kg_key']
|
||||||
self._check_driver_properties("ipmi", expected)
|
self._check_driver_properties("ipmi", expected)
|
||||||
|
|
||||||
def test_driver_properties_snmp(self):
|
def test_driver_properties_snmp(self):
|
||||||
|
@ -779,6 +779,20 @@ class IPMIToolPrivateMethodTestCase(Base):
|
|||||||
self.assertRaises(exception.InvalidParameterValue,
|
self.assertRaises(exception.InvalidParameterValue,
|
||||||
ipmi._parse_driver_info, node)
|
ipmi._parse_driver_info, node)
|
||||||
|
|
||||||
|
def test__parse_driver_info_ipmi_hex_kg_key(self):
|
||||||
|
info = dict(INFO_DICT)
|
||||||
|
info['ipmi_hex_kg_key'] = 'A115023E08E23F7F8DC4BB443A1A75F160763A43'
|
||||||
|
node = obj_utils.get_test_node(self.context, driver_info=info)
|
||||||
|
ret = ipmi._parse_driver_info(node)
|
||||||
|
self.assertEqual(info['ipmi_hex_kg_key'], ret['hex_kg_key'])
|
||||||
|
|
||||||
|
def test__parse_driver_info_ipmi_hex_kg_key_odd_chars(self):
|
||||||
|
info = dict(INFO_DICT)
|
||||||
|
info['ipmi_hex_kg_key'] = 'A115023E08E23F7F8DC4BB443A1A75F160763A4'
|
||||||
|
node = obj_utils.get_test_node(self.context, driver_info=info)
|
||||||
|
self.assertRaises(exception.InvalidParameterValue,
|
||||||
|
ipmi._parse_driver_info, node)
|
||||||
|
|
||||||
def test__parse_driver_info_ipmi_port_valid(self):
|
def test__parse_driver_info_ipmi_port_valid(self):
|
||||||
info = dict(INFO_DICT)
|
info = dict(INFO_DICT)
|
||||||
info['ipmi_port'] = '623'
|
info['ipmi_port'] = '623'
|
||||||
|
7
releasenotes/notes/ipmi_hex_kg_key-8f6caabe5b7d7a9b.yaml
Normal file
7
releasenotes/notes/ipmi_hex_kg_key-8f6caabe5b7d7a9b.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
New property ``ipmi_hex_kg_key`` for the ipmi based interfaces.
|
||||||
|
The property enables user to set the Kg key for IPMIv2 authentication in
|
||||||
|
hexadecimal format. This value is provided to ``ipmitool`` as
|
||||||
|
the -y argument.
|
Loading…
Reference in New Issue
Block a user