[FEATURE]: force firmware overwrite in idrac_firmware module

[stmps]

Describe the solution you'd like

Hi folks,

When using idrac_firmware, there are no firmware changes in the event that the device is already at the latest version.

We would like to be able to force the firmware to be overwritten.

I believe that this is possible when booting from an ISO and using the Server Update Utility (e.g. when no update is required for a given component, the "check box" is un-checked. But you can manually check the box for each component in order to force that firmware to be installed.)

This comes from a security requirement in our organisation where all devices must have their factory firmware overwritten with a "known good" firmware.

Describe alternatives you've considered

Our alternatives are:

• use the SUU GUI and check all the un-checked boxes (requires lots of clicking and manual tasks in an iDRAC virtual console)
• force a downgrade to a previous firmware version, then upgrade it back again to the desired version (takes a long time!)

Additional context

Possible implementation:

dellemc.openmanage.idrac_firmware:
  force: true  # will make the task non-idempotent, defaults to false

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[anupamaloke]

@stmps, thank you for submitting this feature request. I have added it to the backlog.

[rajshekarp87]

@stmps, Force firmware overwrite feature cannot be added to idrac_firmware module due to the limitation on API.

The other way to achieve this is to roll back the firmware (redfish_firmware_rollback) to the previously installed version and then apply the required version. Find the sample playbook below for your reference. Note: Rollback can be done only if the component has any previous installed version available as in below screen shot.

---
- name: Force firmware update
  hosts: localhost
  gather_facts: false

  vars:
    baseuri: x.x.x.x
    username: username
    password: password
    component_name: "Backplane 1"
    idrac_ip: x.x.x.x
    idrac_user: username
    idrac_password: password
    firmware_repository: "https://downloads.dell.com"

  tasks:
    - name: Check if the firmware rollback is available
      dellemc.openmanage.redfish_firmware_rollback:
        baseuri: "{{ baseuri }}"
        username: "{{ username }}"
        password: "{{ password }}"
        validate_certs: false
        name: "{{ component_name }}"
      check_mode: true
      register: rollback_check_result

    - name: Rollback the firmware
      dellemc.openmanage.redfish_firmware_rollback:
        baseuri: "{{ baseuri }}"
        username: "{{ username }}"
        password: "{{ password }}"
        validate_certs: false
        name: "{{ component_name }}"
      register: rollback_result
      when:
        - rollback_check_result.changed
        - rollback_check_result.msg == "Changes found to be applied."

    - name: Update firmware from the repository
      dellemc.openmanage.idrac_firmware:
        idrac_ip: "{{ idrac_ip }}"
        idrac_user: "{{ idrac_user }}"
        idrac_password: "{{ idrac_password }}"
        validate_certs: false
        share_name: "{{ firmware_repository }}"
        reboot: true
        job_wait: true
        apply_update: true
      when:
        - rollback_result.changed
        - rollback_result.msg == "Successfully completed the job for firmware rollback."