Closed synackd closed 1 month ago
One of our needs at LBL is support for tools like a power control service and remote console access. These tools (at least the console service) will require the BMC passwords.
I've only used magellan with a manually supplied password, is there some automated functionality there that these tools could use?
If not, would it be possible to have an insecure and secure version of the endpoint?
The actual credentials on a production system should be stored separately and rotated frequently. Vault seems well suited for this. Would it be reasonable to store a url from which the credentials can be retrieved instead of the credentials themselves? I think that would remove the need for secure vs insecure endpoints as well.
Yes, that makes sense. I feel like ideally these system management tools could be as state-light as possible, relying almost entirely on smd for node discovery and configuration.
Mapping the configuration node => vault endpoint might be a bit tricky, but probably worth the effort for not having to have all this information in multiple places.
store a url from which the credentials can be retrieved instead of the credentials themselves? I think that would remove the need for secure vs insecure endpoints as well.
Is that the way we should start going for this? Do we need to think about having instructions in OpenCHAMI on pointing to credentials via URL?
There have been recent additions to SMD (https://github.com/OpenCHAMI/smd/pull/34, https://github.com/OpenCHAMI/smd/pull/35) and Magellan (https://github.com/OpenCHAMI/magellan/pull/62) that allow BMC information (e.g. MAC and IP addresses) to be stored in Components/EthernetInterfaces. This eliminates my need to query RedfishEndpoints for this info, which was my impetus of this issue.
Do we still want to keep this issue open to discuss credential management or open a new one for it?
Let's open a new issue for securely and simply managing BMC credentials.
Description Currently, the
/Inventory/RedfishEndpoints
endpoint requires a token for GET requests because BMC passwords are stored there. It is my understanding that this information was originally needed for SMD to do discovery; however, since that functionality has been moved to Magellan, it doesn't seem that there is a need to keep this information in SMD.Also, other tools like the Configurator and DHCP service need to be able to read information from RedfishEndpoints to generate config files and serve DHCP leases (respectively), and needing to present a token makes workflows using these tools more complex and presents the temptation to store tokens insecurely.
Unless there is a reason to keep BMC passwords in SMD, this issue is focused on two tasks:
/Inventory/RedfishEndpoints
Definition of Done Users/Tools are able to GET
/Inventory/RedfishEndpoints
without having to present a token, but are still required to present a token for POST/PUT/PATCH/DELETE to this endpoint. Results from a GET request to this endpoint do not include sensitive BMC information, especially the BMC password.Additional context N/A