Update BMC password will fail if inital password wasn't set

Gal-Zaidman commented 3 months ago

In case we start with a brand new xPU with the inital password (for example after factory reset [1]) the role would fail and BMC password won't be set. The reason is because of the redfish collection module implementation, it crawls on the URL path. For example, if you try to PATCH https:///redfish/v1/AccountService/Accounts/root then it will first do GET for: https:///redfish/v1/AccountService/ https:///redfish/v1/AccountService/Accounts/ https:///redfish/v1/AccountService/Accounts/root

Because the inital password wasn't set then you won't be able to do GET for https://<DPU-BMC-IP>/redfish/v1/AccountService/ and the entire role would fail.

Suggested workaround:

For this role use CURL
Work with Ansible redfish collection to allow skipping the path validation, this is required for scalability as well (issue we talked about in the past)
Track the workaround removal

[1] https://docs.nvidia.com/networking/display/bluefieldbmcv2404/bmc+management#src-2821766407_BMCManagement-FactoryResetRedfishCommand https://docs.nvidia.com/networking/display/bluefieldbmcv2404/bmc+management#src-2821766407_BMCManagement-FactoryResetIPMICommand

glimchb commented 1 month ago

Good issue

reaching out to https://docs.ansible.com/ansible/latest/collections/community/general/redfish_command_module.html#examples for an opinion
instead of curl I prefer https://docs.ansible.com/ansible/latest/collections/ansible/builtin/uri_module.html#examples

glimchb commented 1 month ago

documenting what I get for the first time

$ curl -k -u "root:0penBmc"  https://172.22.4.2/redfish/v1/AccountService
{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The password provided for this account must be changed before access is granted.  PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process.",
      "MessageArgs": [
        "/redfish/v1/AccountService/Accounts/root"
      ],
      "MessageId": "Base.1.15.0.PasswordChangeRequired",
      "MessageSeverity": "Critical",
      "Resolution": "Change the password for this account using a PATCH to the Password property at the URI provided."
    }
  ]
}

got this after factory reset

$ curl -s -k -u "root:123456" -X POST -H "Content-Type: application/json" -d '{"ResetToDefaultsType": "ResetAll"}' https://172.22.4.2/redfish/v1/Managers/Bluefield_BMC/Actions/Manager.ResetToDefaults
{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The request completed successfully.",
      "MessageArgs": [],
      "MessageId": "Base.1.15.0.Success",
      "MessageSeverity": "OK",
      "Resolution": "None"
    }
  ]
}

glimchb commented 1 month ago

see https://github.com/ansible-collections/community.general/issues/8652 and https://github.com/ansible-collections/community.general/pull/8653

opiproject / ansible-opi-dpu

Update BMC password will fail if inital password wasn't set #85