94948bb194
via Redfish Manager This patch adds two new capabilities to the Redfish management interface in Ironic for setting the BMC clock: 1. A manual cleaning step (`set_bmc_clock`) that allows operators to set the BMC clock explicitly by providing datetime and timezone offset. 2. An automated verify step (`verify_bmc_clock`) that, if enabled via configuration, sets the BMC clock during node verification using the current UTC time. These steps aim to prevent certificate validation failures caused by incorrect BMC time, particularly when dealing with TLS certificates. A new configuration option `redfish.enable_verify_bmc_clock` has been added to control the automated verify behavior. The minimum version of `sushy` has also been updated to is 5.7.0 to support these features. Related patches: - https://review.opendev.org/c/openstack/sushy/+/950539 (Add support for Manager DateTime fields in sushy) - https://review.opendev.org/c/openstack/sushy-tools/+/950925 (Fix Manager DateTime field handling in sushy-tools) Partial-Bug: #2041904 Change-Id: I75cbd39a60f8470224dc5a2fe0a4f17c22acd1cd Signed-off-by: Queensly Kyerewaa Acheampongmaa <qacheampong@gmail.com>
148 lines
7.2 KiB
Python
148 lines
7.2 KiB
Python
# Copyright 2017 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_config import cfg
|
|
|
|
from ironic.common.i18n import _
|
|
|
|
opts = [
|
|
cfg.IntOpt('connection_attempts',
|
|
min=1,
|
|
default=5,
|
|
help=_('Maximum number of attempts to try to connect '
|
|
'to Redfish')),
|
|
cfg.IntOpt('connection_retry_interval',
|
|
min=1,
|
|
default=4,
|
|
help=_('Number of seconds to wait between attempts to '
|
|
'connect to Redfish')),
|
|
cfg.IntOpt('connection_cache_size',
|
|
min=0,
|
|
default=1000,
|
|
help=_('Maximum Redfish client connection cache size. '
|
|
'Redfish driver would strive to reuse authenticated '
|
|
'BMC connections (obtained through Redfish Session '
|
|
'Service). This option caps the maximum number of '
|
|
'connections to maintain. The value of `0` disables '
|
|
'client connection caching completely.')),
|
|
cfg.StrOpt('auth_type',
|
|
choices=[('basic', _('Use HTTP basic authentication')),
|
|
('session', _('Use HTTP session authentication')),
|
|
('auto', _('Try HTTP session authentication first, '
|
|
'fall back to basic HTTP authentication'))],
|
|
default='auto',
|
|
help=_('Redfish HTTP client authentication method.')),
|
|
cfg.BoolOpt('use_swift',
|
|
default=False,
|
|
mutable=True,
|
|
help=_('Upload generated ISO images for virtual media boot to '
|
|
'Swift, then pass temporary URL to BMC for booting the '
|
|
'node. If set to false, images are placed on the '
|
|
'ironic-conductor node and served over its '
|
|
'local HTTP server.')),
|
|
cfg.StrOpt('swift_container',
|
|
default='ironic_redfish_container',
|
|
mutable=True,
|
|
help=_('The Swift container to store Redfish driver data. '
|
|
'Applies only when `use_swift` is enabled.')),
|
|
cfg.IntOpt('swift_object_expiry_timeout',
|
|
default=900,
|
|
mutable=True,
|
|
help=_('Amount of time in seconds for Swift objects to '
|
|
'auto-expire. Applies only when `use_swift` is '
|
|
'enabled.')),
|
|
cfg.StrOpt('kernel_append_params',
|
|
default='nofb vga=normal',
|
|
mutable=True,
|
|
help=_('Additional kernel parameters to pass down to the '
|
|
'instance kernel. These parameters can be consumed by '
|
|
'the kernel or by the applications by reading '
|
|
'/proc/cmdline. Mind severe cmdline size limit! Can be '
|
|
'overridden by `instance_info/kernel_append_params` '
|
|
'property.')),
|
|
cfg.IntOpt('file_permission',
|
|
default=0o644,
|
|
help=_('File permission for swift-less image hosting with the '
|
|
'octal permission representation of file access '
|
|
'permissions. This setting defaults to ``644``, '
|
|
'or as the octal number ``0o644`` in Python. '
|
|
'This setting must be set to the octal number '
|
|
'representation, meaning starting with ``0o``.')),
|
|
cfg.IntOpt('firmware_update_status_interval',
|
|
min=0,
|
|
default=60,
|
|
help=_('Number of seconds to wait between checking for '
|
|
'completed firmware update tasks')),
|
|
cfg.IntOpt('firmware_update_fail_interval',
|
|
min=0,
|
|
default=60,
|
|
help=_('Number of seconds to wait between checking for '
|
|
'failed firmware update tasks')),
|
|
cfg.IntOpt('firmware_update_wait_unresponsive_bmc',
|
|
min=0,
|
|
default=300,
|
|
help=_('Number of seconds to wait before proceeding with the '
|
|
'reboot to finish the BMC firmware update step')),
|
|
cfg.StrOpt('firmware_source',
|
|
choices=[('http', _('If firmware source URL is also HTTP, then '
|
|
'serve from original location, otherwise '
|
|
'copy to ironic\'s HTTP server. Default.')),
|
|
('local', _('Download from original location and '
|
|
'server from ironic\'s HTTP server.')),
|
|
('swift', _('If firmware source URL is also Swift, '
|
|
'serve from original location, otherwise '
|
|
'copy to ironic\'s Swift server.'))],
|
|
default='http',
|
|
mutable=True,
|
|
help=_('Specifies how firmware image should be served. Whether '
|
|
'from its original location using the firmware source '
|
|
'URL directly, or should serve it from ironic\'s Swift '
|
|
'or HTTP server.')),
|
|
cfg.IntOpt('raid_config_status_interval',
|
|
min=0,
|
|
default=60,
|
|
help=_('Number of seconds to wait between checking for '
|
|
'completed raid config tasks')),
|
|
cfg.IntOpt('raid_config_fail_interval',
|
|
min=0,
|
|
default=60,
|
|
help=_('Number of seconds to wait between checking for '
|
|
'failed raid config tasks')),
|
|
cfg.IntOpt('boot_mode_config_timeout',
|
|
min=0,
|
|
default=900,
|
|
help=_('Number of seconds to wait for boot mode or secure '
|
|
'boot status change to take effect after a reboot. '
|
|
'Set to 0 to disable waiting.')),
|
|
cfg.StrOpt('verify_ca',
|
|
help=_('The default verify_ca path when redfish_verify_ca '
|
|
'in driver_info is missing or set to True.')),
|
|
cfg.BoolOpt('enable_verify_bmc_clock',
|
|
default=False,
|
|
help=_('Whether to enable the automated verify step '
|
|
'that checks and sets the BMC clock. '
|
|
'When enabled, Ironic will automatically attempt '
|
|
'to set the BMC\'s clock during node registration '
|
|
'(in the verify phase) using Redfish\'s '
|
|
'DateTime fields. '
|
|
'This helps avoid TLS certificate issues '
|
|
'caused by incorrect BMC time.')),
|
|
|
|
]
|
|
|
|
|
|
def register_opts(conf):
|
|
conf.register_opts(opts, group='redfish')
|