xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-05-30 09:36:41 +00:00
Code Issues Releases Wiki Activity

Merge pull request #6425 from gurevichmark/op940_authentication

Browse Source 
Openbmc hardware control with OP940 firmware
This commit is contained in:
besawn 2019-09-19 16:56:11 -04:00 committed by GitHub
commit 6e70980b25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 80 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
xCAT-server/lib/perl/xCAT/OPENBMC.pm
View File

@ -25,6 +25,8 @@ use xCAT::TableUtils;
my $PYTHON_AGENT_FILE = "/opt/xcat/lib/python/agent/agent.py";
my $header = HTTP::Headers->new('Content-Type' => 'application/json');
# Currently not used, example of header to use for authorization
#my $header = HTTP::Headers->new('X-Auth-Token' => 'xfMHrrxdMgbiITnX0TlN');
sub new {
my $async = shift;
@ -44,8 +46,16 @@ sub send_request {
my $method = shift;
my $url = shift;
my $content = shift;
my $username = shift;
my $password = shift;
my $request = HTTP::Request->new( $method, $url, $header, $content );
if (defined $username and defined $password) {
# If username and password were passed in use authorization_basic()
# This is required to connect to BMC with OP940 level, ignored for
# lower OP levels
$request->authorization_basic($username, $password);
}
my $id = $async->add_with_opts($request, {});
return $id;
}

79
xCAT-server/lib/xcat/plugins/openbmc.pm
View File

@ -2452,7 +2452,7 @@ sub gen_send_request {
}
process_debug_info($node, $debug_info);
}
my $handle_id = xCAT::OPENBMC->send_request($async, $method, $request_url, $content);
my $handle_id = xCAT::OPENBMC->send_request($async, $method, $request_url, $content, $node_info{$node}{username}, $node_info{$node}{password});
$handle_id_node{$handle_id} = $node;
$node_info{$node}{cur_status} = $next_status{ $node_info{$node}{cur_status} };
@ -2621,6 +2621,66 @@ sub deal_with_response {
#-------------------------------------------------------
=head3 mask_password2
return a string with masked password
This function is usefull when password is easily known
and can be passed into this function
Input:
$string: string containing password the needs masking
$password: password to mask
=cut
#-------------------------------------------------------
sub mask_password2 {
my $string = shift;
my $password = shift;
# Replace all occurences of password string with "xxxxxx"
$string =~ s/$password/xxxxxx/g;
return $string;
}
#-------------------------------------------------------
=head3 mask_password
return a string with masked password
This function is usefull when password is not easily known
and is only expected to be part of URL like "https://<user>:<pw>@...."
Input:
$string: string containing password the needs masking
=cut
#-------------------------------------------------------
sub mask_password {
my $string = shift;
# Replace password string with "xxxxxx", if part of URL
# Password is between ":" and "@" found in the string after "https://"
#
my $url_start = index($string,"https://");
if ($url_start > 0) {
my $colon_index = index($string, ":", $url_start+length("https://"));
if ($colon_index > 0) {
my $at_index = index($string, "@", $colon_index);
if ($at_index > 0) {
# Replace string beteen ":" and "@" with "xxxxxx" to mask password
substr($string, $colon_index+1, $at_index-$colon_index-1) = "xxxxxx";
}
}
}
return $string;
}
#-------------------------------------------------------
=head3 process_debug_info
print debug info and add to log
@ -2639,6 +2699,7 @@ sub process_debug_info {
$debug_msg = "";
}
$debug_msg = mask_password($debug_msg);
xCAT::SvrUtils::sendmsg("$flag_debug $debug_msg", $callback, $ts_node);
xCAT::MsgUtils->trace(0, "D", "$flag_debug $node $debug_msg");
}
@ -4212,7 +4273,7 @@ sub rspconfig_dump_response {
sub dump_download_process {
my $node = shift;
my $request_url = "$http_protocol://" . $node_info{$node}{bmc};
my $request_url = "$http_protocol://" . $node_info{$node}{username} . ":" . $node_info{$node}{password} . "@" . $node_info{$node}{bmc};
my $content_login = '{ "data": [ "' . $node_info{$node}{username} .'", "' . $node_info{$node}{password} . '" ] }';
my $content_logout = '{ "data": [ ] }';
my $cjar_id = "/tmp/_xcat_cjar.$node";
@ -4235,12 +4296,12 @@ sub dump_download_process {
my $curl_login_result = `$curl_login_cmd -s`;
my $h;
if (!$curl_login_result) {
xCAT::SvrUtils::sendmsg([1, "Did not receive response from OpenBMC after running command '$curl_login_cmd'"], $callback, $node);
xCAT::SvrUtils::sendmsg([1, "Did not receive response from OpenBMC after running command '" . mask_password2($curl_login_cmd, $node_info{$node}{password}) . "'"], $callback, $node);
return 1;
}
eval { $h = from_json($curl_login_result) };
if ($@) {
xCAT::SvrUtils::sendmsg([1, "Received wrong format response for command '$curl_login_cmd': $curl_login_result)"], $callback, $node);
xCAT::SvrUtils::sendmsg([1, "Received wrong format response for command '" . mask_password2($curl_login_cmd, $node_info{$node}{password}) . "': $curl_login_result)"], $callback, $node);
return 1;
}
if ($h->{message} eq $::RESPONSE_OK) {
@ -4876,7 +4937,7 @@ sub rflash_response {
sub rflash_upload {
my ($node, $callback) = @_;
my $request_url = "$http_protocol://" . $node_info{$node}{bmc};
my $request_url = "$http_protocol://" . $node_info{$node}{username} . ":" . $node_info{$node}{password} . "@" . $node_info{$node}{bmc};
my $content_login = '{ "data": [ "' . $node_info{$node}{username} .'", "' . $node_info{$node}{password} . '" ] }';
my $content_logout = '{ "data": [ ] }';
my $cjar_id = "/tmp/_xcat_cjar.$node";
@ -4900,7 +4961,7 @@ sub rflash_upload {
my $curl_login_result = `$curl_login_cmd -s`;
my $h;
if (!$curl_login_result) {
my $curl_error = "$::FAILED_UPLOAD_MSG. Did not receive response from OpenBMC after running command '$curl_login_cmd'";
my $curl_error = "$::FAILED_UPLOAD_MSG. Did not receive response from OpenBMC after running command '" . mask_password2($curl_login_cmd, $node_info{$node}{password}) . "'";
xCAT::SvrUtils::sendmsg([1, "$curl_error"], $callback, $node);
print RFLASH_LOG_FILE_HANDLE "$curl_error\n";
$node_info{$node}{rst} = "$curl_error";
@ -4908,7 +4969,7 @@ sub rflash_upload {
}
eval { $h = from_json($curl_login_result) }; # convert command output to hash
if ($@) {
my $curl_error = "$::FAILED_UPLOAD_MSG. Received wrong format response for command '$curl_login_cmd': $curl_login_result";
my $curl_error = "$::FAILED_UPLOAD_MSG. Received wrong format response for command '" . mask_password2($curl_login_cmd, $node_info{$node}{password}) . "': $curl_login_result";
xCAT::SvrUtils::sendmsg([1, "$curl_error"], $callback, $node);
# Before writing error to log, make it a single line
$curl_error =~ tr{\n}{ };
@ -4944,7 +5005,7 @@ sub rflash_upload {
}
my $curl_upload_result = `$upload_cmd`;
if (!$curl_upload_result) {
my $curl_error = "$::FAILED_UPLOAD_MSG. Did not receive response from OpenBMC after running command '$upload_cmd'";
my $curl_error = "$::FAILED_UPLOAD_MSG. Did not receive response from OpenBMC after running command '" . mask_password($upload_cmd) . "'";
xCAT::SvrUtils::sendmsg([1, "$curl_error"], $callback, $node);
print RFLASH_LOG_FILE_HANDLE "$curl_error\n";
$node_info{$node}{rst} = "$curl_error";
@ -4952,7 +5013,7 @@ sub rflash_upload {
}
eval { $h = from_json($curl_upload_result) }; # convert command output to hash
if ($@) {
my $curl_error = "$::FAILED_UPLOAD_MSG. Received wrong format response from command '$upload_cmd': $curl_upload_result";
my $curl_error = "$::FAILED_UPLOAD_MSG. Received wrong format response from command '" . mask_password($upload_cmd) ."': $curl_upload_result";
xCAT::SvrUtils::sendmsg([1, "$curl_error"], $callback, $node);
# Before writing error to log, make it a single line
$curl_error =~ tr{\n}{ };