Add support auth protocols for iRMC

This patch adds new SNMPv3 auth protocols to iRMC which are supported
from iRMC S6.

Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1
Story: 2010309
Task: 46353

doc/source/admin/drivers/irmc.rst

@@ -229,9 +229,10 @@ Configuration via ``ironic.conf``
     and ``v2c``. The default value is ``public``. Optional.
   - ``snmp_security``: SNMP security name required for version ``v3``.
     Optional.
-  - ``snmp_auth_proto``: The SNMPv3 auth protocol. The valid value and the
+  - ``snmp_auth_proto``: The SNMPv3 auth protocol. If using iRMC S4 or S5, the
-    default value are both ``sha``. We will add more supported valid values
+    valid value of this option is only ``sha``. If using iRMC S6, the valid
-    in the future. Optional.
+    values are ``sha256``, ``sha384`` and ``sha512``. The default value is
+    ``sha``. Optional.
   - ``snmp_priv_proto``: The SNMPv3 privacy protocol. The valid value and
     the default value are both ``aes``. We will add more supported valid values
     in the future. Optional.

ironic/conf/irmc.py

@@ -81,9 +81,20 @@ opts = [
                help='SNMP polling interval in seconds'),
     cfg.StrOpt('snmp_auth_proto',
                default='sha',
-               choices=[('sha', _('Secure Hash Algorithm 1'))],
+               choices=[('sha', _('Secure Hash Algorithm 1, supported in iRMC '
+                         'S4 and S5.')),
+                        ('sha256', ('Secure Hash Algorithm 2 with 256 bits '
+                                    'digest, only supported in iRMC S6.')),
+                        ('sha384', ('Secure Hash Algorithm 2 with 384 bits '
+                                    'digest, only supported in iRMC S6.')),
+                        ('sha512', ('Secure Hash Algorithm 2 with 512 bits '
+                                    'digest, only supported in iRMC S6.'))],
                help=_("SNMPv3 message authentication protocol ID. "
-                      "Required for version 'v3'. 'sha' is supported.")),
+                      "Required for version 'v3'. The valid options are "
+                      "'sha', 'sha256', 'sha384' and 'sha512', while 'sha' is "
+                      "the only supported protocol in iRMC S4 and S5, and "
+                      "from iRMC S6, 'sha256', 'sha384' and 'sha512' are "
+                      "supported, but 'sha' is not supported any more.")),
     cfg.StrOpt('snmp_priv_proto',
                default='aes',
                choices=[('aes', _('Advanced Encryption Standard'))],

ironic/drivers/modules/irmc/common.py

@@ -83,7 +83,9 @@ SNMP_V3_REQUIRED_PROPERTIES = {
 SNMP_V3_OPTIONAL_PROPERTIES = {
     'irmc_snmp_auth_proto': _("SNMPv3 message authentication protocol ID. "
                               "Required for version 'v3'. "
-                              "'sha' is supported."),
+                              "If using iRMC S4/S5, only 'sha' is supported."
+                              "If using iRMC S6, the valid options are "
+                              "'sha256', 'sha384', 'sha512'."),
     'irmc_snmp_priv_proto': _("SNMPv3 message privacy (encryption) protocol "
                               "ID. Required for version 'v3'. "
                               "'aes' is supported."),
@@ -243,7 +245,8 @@ def _parse_snmp_driver_info(node, info):
 def _parse_snmp_v3_info(node, info):
     snmp_info = {}
     missing_info = []
-    valid_values = {'irmc_snmp_auth_proto': ['sha'],
+    valid_values = {'irmc_snmp_auth_proto': ['sha', 'sha256', 'sha384',
+                                             'sha512'],
                     'irmc_snmp_priv_proto': ['aes']}
     valid_protocols = {'irmc_snmp_auth_proto': snmp.snmp_auth_protocols,
                        'irmc_snmp_priv_proto': snmp.snmp_priv_protocols}

ironic/drivers/modules/irmc/inspect.py

@@ -191,9 +191,14 @@ def _inspect_hardware(node, existing_traits=None, **kwargs):
     except (scci.SCCIInvalidInputError,
             scci.SCCIClientError,
             exception.SNMPFailure) as e:
+        advice = ""
+        if ("SNMP operation" in str(e)):
+            advice = ("The SNMP related parameters' value may be different "
+                      "with the server, please check if you have set them "
+                      "correctly.")
         error = (_("Inspection failed for node %(node_id)s "
-                   "with the following error: %(error)s") %
+                   "with the following error: %(error)s. (advice)s") %
-                 {'node_id': node.uuid, 'error': e})
+                 {'node_id': node.uuid, 'error': e, 'advice': advice})
         raise exception.HardwareInspectionFailure(error=error)
 
     return props, macs, new_traits

ironic/drivers/modules/irmc/power.py

@@ -203,9 +203,12 @@ def _set_power_state(task, target_state, timeout=None):
             _wait_power_state(task, states.SOFT_REBOOT, timeout=timeout)
 
     except exception.SNMPFailure as snmp_exception:
+        advice = ("The SNMP related parameters' value may be different with "
+                  "the server, please check if you have set them correctly.")
         LOG.error("iRMC failed to acknowledge the target state "
-                  "for node %(node_id)s. Error: %(error)s",
+                  "for node %(node_id)s. Error: %(error)s. %(advice)s",
-                  {'node_id': node.uuid, 'error': snmp_exception})
+                  {'node_id': node.uuid, 'error': snmp_exception,
+                   'advice': advice})
         raise exception.IRMCOperationError(operation=target_state,
                                            error=snmp_exception)
 

releasenotes/notes/irmc-add-snmp-auth-protocols-3ff7597cea7ef9dd.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Adds ``sha256``, ``sha384`` and ``sha512`` as supported SNMPv3
+    authentication protocols to iRMC driver.