diff --git a/doc/source/admin/drivers/irmc.rst b/doc/source/admin/drivers/irmc.rst index 17b8d86449..521d464cb5 100644 --- a/doc/source/admin/drivers/irmc.rst +++ b/doc/source/admin/drivers/irmc.rst @@ -229,9 +229,10 @@ Configuration via ``ironic.conf`` and ``v2c``. The default value is ``public``. Optional. - ``snmp_security``: SNMP security name required for version ``v3``. Optional. - - ``snmp_auth_proto``: The SNMPv3 auth protocol. The valid value and the - default value are both ``sha``. We will add more supported valid values - in the future. Optional. + - ``snmp_auth_proto``: The SNMPv3 auth protocol. If using iRMC S4 or S5, the + valid value of this option is only ``sha``. If using iRMC S6, the valid + values are ``sha256``, ``sha384`` and ``sha512``. The default value is + ``sha``. Optional. - ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and the default value are both ``aes``. We will add more supported valid values in the future. Optional. diff --git a/ironic/conf/irmc.py b/ironic/conf/irmc.py index 7c319e2d8d..68ee43b3a3 100644 --- a/ironic/conf/irmc.py +++ b/ironic/conf/irmc.py @@ -81,9 +81,20 @@ opts = [ help='SNMP polling interval in seconds'), cfg.StrOpt('snmp_auth_proto', default='sha', - choices=[('sha', _('Secure Hash Algorithm 1'))], + choices=[('sha', _('Secure Hash Algorithm 1, supported in iRMC ' + 'S4 and S5.')), + ('sha256', ('Secure Hash Algorithm 2 with 256 bits ' + 'digest, only supported in iRMC S6.')), + ('sha384', ('Secure Hash Algorithm 2 with 384 bits ' + 'digest, only supported in iRMC S6.')), + ('sha512', ('Secure Hash Algorithm 2 with 512 bits ' + 'digest, only supported in iRMC S6.'))], help=_("SNMPv3 message authentication protocol ID. " - "Required for version 'v3'. 'sha' is supported.")), + "Required for version 'v3'. The valid options are " + "'sha', 'sha256', 'sha384' and 'sha512', while 'sha' is " + "the only supported protocol in iRMC S4 and S5, and " + "from iRMC S6, 'sha256', 'sha384' and 'sha512' are " + "supported, but 'sha' is not supported any more.")), cfg.StrOpt('snmp_priv_proto', default='aes', choices=[('aes', _('Advanced Encryption Standard'))], diff --git a/ironic/drivers/modules/irmc/common.py b/ironic/drivers/modules/irmc/common.py index 7a8fc0f1d8..2df85eeb65 100644 --- a/ironic/drivers/modules/irmc/common.py +++ b/ironic/drivers/modules/irmc/common.py @@ -83,7 +83,9 @@ SNMP_V3_REQUIRED_PROPERTIES = { SNMP_V3_OPTIONAL_PROPERTIES = { 'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. " "Required for version 'v3'. " - "'sha' is supported."), + "If using iRMC S4/S5, only 'sha' is supported." + "If using iRMC S6, the valid options are " + "'sha256', 'sha384', 'sha512'."), 'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol " "ID. Required for version 'v3'. " "'aes' is supported."), @@ -243,7 +245,8 @@ def _parse_snmp_driver_info(node, info): def _parse_snmp_v3_info(node, info): snmp_info = {} missing_info = [] - valid_values = {'irmc_snmp_auth_proto': ['sha'], + valid_values = {'irmc_snmp_auth_proto': ['sha', 'sha256', 'sha384', + 'sha512'], 'irmc_snmp_priv_proto': ['aes']} valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols, 'irmc_snmp_priv_proto': snmp.snmp_priv_protocols} diff --git a/ironic/drivers/modules/irmc/inspect.py b/ironic/drivers/modules/irmc/inspect.py index 9b6bff5bc8..4b250cdfde 100644 --- a/ironic/drivers/modules/irmc/inspect.py +++ b/ironic/drivers/modules/irmc/inspect.py @@ -191,9 +191,14 @@ def _inspect_hardware(node, existing_traits=None, **kwargs): except (scci.SCCIInvalidInputError, scci.SCCIClientError, exception.SNMPFailure) as e: + advice = "" + if ("SNMP operation" in str(e)): + advice = ("The SNMP related parameters' value may be different " + "with the server, please check if you have set them " + "correctly.") error = (_("Inspection failed for node %(node_id)s " - "with the following error: %(error)s") % - {'node_id': node.uuid, 'error': e}) + "with the following error: %(error)s. (advice)s") % + {'node_id': node.uuid, 'error': e, 'advice': advice}) raise exception.HardwareInspectionFailure(error=error) return props, macs, new_traits diff --git a/ironic/drivers/modules/irmc/power.py b/ironic/drivers/modules/irmc/power.py index 28041d8350..7cde9cdac2 100644 --- a/ironic/drivers/modules/irmc/power.py +++ b/ironic/drivers/modules/irmc/power.py @@ -203,9 +203,12 @@ def _set_power_state(task, target_state, timeout=None): _wait_power_state(task, states.SOFT_REBOOT, timeout=timeout) except exception.SNMPFailure as snmp_exception: + advice = ("The SNMP related parameters' value may be different with " + "the server, please check if you have set them correctly.") LOG.error("iRMC failed to acknowledge the target state " - "for node %(node_id)s. Error: %(error)s", - {'node_id': node.uuid, 'error': snmp_exception}) + "for node %(node_id)s. Error: %(error)s. %(advice)s", + {'node_id': node.uuid, 'error': snmp_exception, + 'advice': advice}) raise exception.IRMCOperationError(operation=target_state, error=snmp_exception) diff --git a/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml new file mode 100644 index 0000000000..4d0c6bff2f --- /dev/null +++ b/releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Adds ``sha256``, ``sha384`` and ``sha512`` as supported SNMPv3 + authentication protocols to iRMC driver.