2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-25 19:10:10 +00:00

Add remote authentication configuration

While our security guidelines preclude allowing host to know the password,
it is considered acceptable to do the out-of-band authentication configuration.

Have configbmc request a unicast remote configuration. This should handle authentication
as well as ensuring ongoing consistency between out of band and in-band configuration
methods.
This commit is contained in:
Jarrod Johnson 2020-10-20 15:51:46 -04:00
parent d36712d014
commit ed41d93de5
5 changed files with 67 additions and 1 deletions

View File

@ -165,6 +165,14 @@ def set_port(s, port, vendor, model):
return 1
def get_remote_config_mod(vendor, model):
if vendor in ('IBM', 'Lenovo'):
if _is_tsm(model):
return 'tsm'
else:
return 'xcc'
return None
def set_port_tsm(s, port, model):
oport = port
sys.stdout.write('Setting TSM port to "{}"...'.format(oport))
@ -407,7 +415,16 @@ def main():
dotwait()
sys.stdout.write('done\n')
sys.stdout.flush()
#await_config(s, bmccfg, channel)
cfgmod = get_remote_config_mod(vendor, model)
if cfgmod:
with open('configbmc.configmod', 'w+') as cm:
cm.write('configmod: {0}\n'.format(cfgmod))
sys.stdout.write('Requesting remote configuration of authentication...')
sys.stdout.flush()
bmccfgsrc = subprocess.check_output(
[sys.executable, apiclient, '/confluent-api/self/remoteconfigbmc', 'configbmc.configmod'])
sys.stdout.write('done\n')
sys.stdout.flush()
if __name__ == '__main__':

View File

@ -229,6 +229,19 @@ class NodeHandler(generic.NodeHandler):
rsp, status = wc.grab_json_response_with_status('/api/session', method='DELETE')
def remote_nodecfg(nodename, cfm):
cfg = cfm.get_node_attributes(
nodename, 'hardwaremanagement.manager')
ipaddr = cfg.get(nodename, {}).get('hardwaremanagement.manager', {}).get(
'value', None)
ipaddr = getaddrinfo(ipaddr, 0)[0][-1]
if not ipaddr:
raise Excecption('Cannot remote configure a system without known '
'address')
info = {'addresses': [ipaddr]}
nh = NodeHandler(info, cfm)
nh.config(nodename)
if __name__ == '__main__':
import confluent.config.configmanager as cfm
c = cfm.ConfigManager(None)

View File

@ -431,3 +431,16 @@ class NodeHandler(immhandler.NodeHandler):
if em:
self.configmanager.set_node_attributes(
{em: {'id.uuid': enclosureuuid}})
def remote_nodecfg(nodename, cfm):
cfg = cfm.get_node_attributes(
nodename, 'hardwaremanagement.manager')
ipaddr = cfg.get(nodename, {}).get('hardwaremanagement.manager', {}).get(
'value', None)
ipaddr = getaddrinfo(ipaddr, 0)[0][-1]
if not ipaddr:
raise Excecption('Cannot remote configure a system without known '
'address')
info = {'addresses': [ipaddr]}
nh = NodeHandler(info, cfm)
nh.config(nodename)

View File

@ -360,6 +360,9 @@ def _add_attributes(parsed):
return
def unicast_scan(address):
pass
def query_srvtypes(target):
"""Query the srvtypes advertised by the target

View File

@ -5,6 +5,8 @@ import confluent.sshutil as sshutil
import confluent.util as util
import eventlet.green.socket as socket
import eventlet.green.subprocess as subprocess
import confluent.discovery.handlers.xcc as xcc
import confluent.discovery.handlers.tsm as tsm
import crypt
import json
import time
@ -207,6 +209,24 @@ def handle_request(env, start_response):
else:
start_response('200 OK', (('Content-Type', retype),))
yield dumper(sorted(nodes))
elif env['PATH_INFO'] == '/self/remoteconfigbmc':
if reqbody:
try:
reqbody = yaml.safe_load(reqbody)
except Exception:
reqbody = None
if not reqbody:
start_response('400 bad request', ())
cfgmod = reqbody.get('configmod', 'unspecified')
if cfgmod == 'xcc':
xcc.remote_nodecfg(nodename, cfg)
elif cfgmod == 'tsm':
tsm.remote_nodecfg(nodename, cfg)
else:
start_response('500 unsupported configmod', ())
yield 'Unsupported configmod "{}"'.format(cfgmod)
start_response('200 Ok', ())
yield 'complete'
elif env['PATH_INFO'] == '/self/updatestatus':
update = yaml.safe_load(reqbody)
if update['status'] == 'staged':