From ad828e609d5c986656d4826145e1984fb6ded45c Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 10 May 2019 14:34:39 -0400
Subject: [PATCH] Reduce  bad default login tries

For an SD530 XCC, we would incur 4 attempts at default:
-To pre-config enable SMM, we try once
-Due to pyghmi auto-degrade, try again as oper
-Then during the actual config phase, try again
-Again, try again as oper

Now with pyghmi opt-out, we will force to try only as admin, eliminating the second try.

The SD530 code will now mark that the default creds failed so that
the config phase will know to skip that.
---
 .../confluent/discovery/handlers/bmc.py           | 15 +++++++++++++--
 .../confluent/discovery/handlers/xcc.py           |  2 ++
 .../confluent/plugins/hardwaremanagement/ipmi.py  |  1 +
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/confluent_server/confluent/discovery/handlers/bmc.py b/confluent_server/confluent/discovery/handlers/bmc.py
index 389b429a..dc783f8b 100644
--- a/confluent_server/confluent/discovery/handlers/bmc.py
+++ b/confluent_server/confluent/discovery/handlers/bmc.py
@@ -32,10 +32,21 @@ DEFAULT_PASS = 'PASSW0RD'
 
 class NodeHandler(generic.NodeHandler):
 
-    def _get_ipmicmd(self, user=DEFAULT_USER, password=DEFAULT_PASS):
-        return ipmicommand.Command(self.ipaddr, user, password)
+    def _get_ipmicmd(self, user=None, password=None):
+        priv = None
+        if user is None or password is None:
+            if self.trieddefault:
+                raise pygexc.IpmiException()
+            priv = 4  # manually indicate priv to avoid double-attempt
+        if user is None:
+            user = DEFAULT_USER
+        if password is None:
+            password = DEFAULT_PASS
+        return ipmicommand.Command(self.ipaddr, user, password,
+                                   privlevel=priv, keepalive=False)
 
     def __init__(self, info, configmanager):
+        self.trieddefault = None
         super(NodeHandler, self).__init__(info, configmanager)
 
     def probe(self):
diff --git a/confluent_server/confluent/discovery/handlers/xcc.py b/confluent_server/confluent/discovery/handlers/xcc.py
index 1c7280e6..1e222627 100644
--- a/confluent_server/confluent/discovery/handlers/xcc.py
+++ b/confluent_server/confluent/discovery/handlers/xcc.py
@@ -33,6 +33,7 @@ class NodeHandler(immhandler.NodeHandler):
         ff = self.info.get('attributes', {}).get('enclosure-form-factor', '')
         if ff not in ('dense-computing', [u'dense-computing']):
             return
+        self.trieddefault = None  # Reset state on a preconfig attempt
         # attempt to enable SMM
         #it's normal to get a 'not supported' (193) for systems without an SMM
         ipmicmd = None
@@ -44,6 +45,7 @@ class NodeHandler(immhandler.NodeHandler):
                     'Incorrect password' not in str(e)):
                 # raise an issue if anything other than to be expected
                 raise
+            self.trieddefault = True
         #TODO: decide how to clean out if important
         #as it stands, this can step on itself
         #if ipmicmd:
diff --git a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
index 8d0e610d..3e7533a6 100644
--- a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
+++ b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
@@ -171,6 +171,7 @@ class IpmiCommandWrapper(ipmicommand.Command):
         self.node = node
         self._inhealth = False
         self._lasthealth = None
+        kwargs['keepalive'] = False
         self._attribwatcher = cfm.watch_attributes(
             (node,), ('secret.hardwaremanagementuser', 'collective.manager',
                       'secret.hardwaremanagementpassword', 'secret.ipmikg',