search

opiproject / ansible-opi-dpu

Ansible Modules for DPUs
Apache License 2.0
6 stars 8 forks source link

Solve Issue #63: Add Support for Token Authentication and User/Pass Authentication in BMC Firmware Update #89

Open abhashsolanki18 opened 4 months ago

abhashsolanki18 commented 4 months ago

Issue Addressed: Resolves #63 Changes Made:

  1. Added support for token-based authentication alongside existing user/password authentication in the BMC firmware update process.
  2. Introduced two distinct blocks in roles/bmc_fw_update/tasks/main.yml: User/Password Authentication Block: For handling authentication using username and password. Token Authentication Block: For handling authentication using tokens.

Details: Updated the community.general.redfish_info task to support both authentication methods. Ensured compatibility with existing configurations and backward compatibility.

@glimchb Please review these changes. Your feedback is appreciated!

glimchb commented 4 months ago

@abhashsolanki18 thanks for fixing this Please see commitlint failure. Otherwise looks good. If you rebase, those ansible ci failures should be resolved

abhashsolanki18 commented 4 months ago

@glimchb i have rebased the commits now it should pass the ci.

abhashsolanki18 commented 4 months ago

@glimchb the linters should also exclude ansible 2.17 with python 3.9, fixed that in the latest commit also fixed the bug you highlighted earlier.

abhashsolanki18 commented 4 months ago

Invalid workflow file: .github/workflows/docker-publish.yml#L13 The workflow is not valid. .github/workflows/docker-publish.yml (Line: 13, Col: 3): Error calling workflow 'opiproject/actions/.github/workflows/docker-publish.yml@main'. The nested job 'build' is requesting 'id-token: write', but is only allowed 'id-token: none'.

@glimchb what is the error about? failing while executing docker workflow as well as openSSF workflow

glimchb commented 4 months ago

@glimchb what is the error about? failing while executing docker workflow as well as openSSF workflow

will check it

glimchb commented 4 months ago

@abhashsolanki18 I tested your changes and they fail, please fix

I used for user/pass flow:

docker run --rm -it --entrypoint ansible-playbook -v $(pwd):/opt -w /opt/roles ghcr.io/opiproject/ansible-opi-dpu:main ../playbooks/firmware.yml -vvv -i "172.22.4.2," -e dpu_bmc_username='root' -e dpu_bmc_password='123456' -e bmc_fw_update_inventory_name='6d53cf4d_bmc_firmware' -e bmc_fw_update_image_file='/tmp/bf2-bmc-ota-24.04-5-opn.tar'

I hit errors, so I had to make those changes:

diff --git a/roles/bmc_fw_update/defaults/main.yml b/roles/bmc_fw_update/defaults/main.yml
index ba5ffaf..ba8a611 100644
--- a/roles/bmc_fw_update/defaults/main.yml
+++ b/roles/bmc_fw_update/defaults/main.yml
@@ -8,5 +8,5 @@ bmc_fw_update_reboot: true
 bmc_fw_update_job_wait: true
 bmc_fw_update_inventory_name: bmc_firmware
 bmc_fw_update_image_file: /tmp/bf3-bmc-24.04-5_opn.fwpkg
-bmc_fw_update_image_url: https://content.mellanox.com/BlueField/BMC/24.04-5-Apr-2024/{{ bmc_fw_update_image_file | basename }}
+bmc_fw_update_image_url: https://www.mellanox.com/downloads/BlueField/BMC/24.04-5-Apr-2024/{{ bmc_fw_update_image_file | basename }}
 https_port: 443
diff --git a/roles/bmc_fw_update/tasks/main.yml b/roles/bmc_fw_update/tasks/main.yml
index e37647c..93b8d05 100644
--- a/roles/bmc_fw_update/tasks/main.yml
+++ b/roles/bmc_fw_update/tasks/main.yml
@@ -23,11 +23,11 @@

 - name: Store current fw version
   ansible.builtin.set_fact:
-    bmc_fw_update_cur_fw_version: "{{ get_bmc_facts_before.get_bmc_facts_all_fw_versions[bmc_fw_update_inventory_name] }}"
+    bmc_fw_update_cur_fw_version: "{{ vars.get_bmc_facts_all_fw_versions[bmc_fw_update_inventory_name] }}"

 - name: Print BMC Version
   ansible.builtin.debug:
-    msg: "{{ get_bmc_facts_before.get_bmc_facts_all_fw_versions }}"
+    msg: "{{ get_bmc_facts_all_fw_versions }}"

 - name: Check if firmware image exists locally {{ bmc_fw_update_image_file }}
   ansible.builtin.stat:

once fixed, I can test the same with token:

curl -k -H "Content-Type: application/json" -X POST https://172.22.4.2/login -d '{"username" : "root", "password" : "123456"}'
docker run --rm -it --entrypoint ansible-playbook -v $(pwd):/opt -w /opt/roles ghcr.io/opiproject/ansible-opi-dpu:main ../playbooks/firmware.yml -vvv -i "172.22.4.2," -e dpu_bmc_token='123456' -e bmc_fw_update_inventory_name='6d53cf4d_bmc_firmware' -e bmc_fw_update_image_file='/tmp/bf2-bmc-ota-24.04-5-opn.tar'
abhashsolanki18 commented 4 months ago

@abhashsolanki18 I tested your changes and they fail, please fix

I used for user/pass flow:

docker run --rm -it --entrypoint ansible-playbook -v $(pwd):/opt -w /opt/roles ghcr.io/opiproject/ansible-opi-dpu:main ../playbooks/firmware.yml -vvv -i "172.22.4.2," -e dpu_bmc_username='root' -e dpu_bmc_password='123456' -e bmc_fw_update_inventory_name='6d53cf4d_bmc_firmware' -e bmc_fw_update_image_file='/tmp/bf2-bmc-ota-24.04-5-opn.tar'

I hit errors, so I had to make those changes:

diff --git a/roles/bmc_fw_update/defaults/main.yml b/roles/bmc_fw_update/defaults/main.yml
index ba5ffaf..ba8a611 100644
--- a/roles/bmc_fw_update/defaults/main.yml
+++ b/roles/bmc_fw_update/defaults/main.yml
@@ -8,5 +8,5 @@ bmc_fw_update_reboot: true
 bmc_fw_update_job_wait: true
 bmc_fw_update_inventory_name: bmc_firmware
 bmc_fw_update_image_file: /tmp/bf3-bmc-24.04-5_opn.fwpkg
-bmc_fw_update_image_url: https://content.mellanox.com/BlueField/BMC/24.04-5-Apr-2024/{{ bmc_fw_update_image_file | basename }}
+bmc_fw_update_image_url: https://www.mellanox.com/downloads/BlueField/BMC/24.04-5-Apr-2024/{{ bmc_fw_update_image_file | basename }}
 https_port: 443
diff --git a/roles/bmc_fw_update/tasks/main.yml b/roles/bmc_fw_update/tasks/main.yml
index e37647c..93b8d05 100644
--- a/roles/bmc_fw_update/tasks/main.yml
+++ b/roles/bmc_fw_update/tasks/main.yml
@@ -23,11 +23,11 @@

 - name: Store current fw version
   ansible.builtin.set_fact:
-    bmc_fw_update_cur_fw_version: "{{ get_bmc_facts_before.get_bmc_facts_all_fw_versions[bmc_fw_update_inventory_name] }}"
+    bmc_fw_update_cur_fw_version: "{{ vars.get_bmc_facts_all_fw_versions[bmc_fw_update_inventory_name] }}"

 - name: Print BMC Version
   ansible.builtin.debug:
-    msg: "{{ get_bmc_facts_before.get_bmc_facts_all_fw_versions }}"
+    msg: "{{ get_bmc_facts_all_fw_versions }}"

 - name: Check if firmware image exists locally {{ bmc_fw_update_image_file }}
   ansible.builtin.stat:

once fixed, I can test the same with token:

curl -k -H "Content-Type: application/json" -X POST https://172.22.4.2/login -d '{"username" : "root", "password" : "123456"}'
docker run --rm -it --entrypoint ansible-playbook -v $(pwd):/opt -w /opt/roles ghcr.io/opiproject/ansible-opi-dpu:main ../playbooks/firmware.yml -vvv -i "172.22.4.2," -e dpu_bmc_token='123456' -e bmc_fw_update_inventory_name='6d53cf4d_bmc_firmware' -e bmc_fw_update_image_file='/tmp/bf2-bmc-ota-24.04-5-opn.tar'

will find out whats going wrong