Hi, Andres was asked to look at getting a system to update its ipmi data. It was decided that making changes to an IPMI card during enlistment was not acceptable as it was possibly destructive. So, instead we would make the changes in the commissioning environment. The enlistment will do its best to collect all MAC addresses it can, and even identify which is an IPMI card. It will send that data back to maas, but will not change anything. Then, during commissioning, there are 2 cases: a.) where maas manages the network of the ipmi card with dhcp b.) where maas does not manage the ipmi card's network.
In the case of 'a', it would be sufficient for maas to send down instructions to the commissioning environment saying "set the ipmi card up with user 'foobar' and password 'wark' and whatever other configuration would be done. the commissioning code then can just post status updates of "OK" or "ERROR" to the metadata api the way it currently does. There it could identify that it failed to setup correctly. However, in 'b', we potentially need to read information from the card and update maas with that information. Ie, if during enlistment, the card did not have an IP address or was not configured for dhcp, we would do that in commissioning. However, we would then have to tell maas what the IP address of that IPMI card was after dhcp was done to get it or we read the existing value. The key here is that, we have to update the node's information from the commissioning environment. Currently, we cannot do that. All we have in the commissioning environment is metadata credentials (to get user-data and meta-data for the node). Those are not capable of making changes to the node, or even listing information for *that* node. If there is a real need for 'b' above (and Andres thinks there is), then we need to update the node from the node itself. So the commissioning environment would need access to credentials that can perform an update to the system. There is good reason that these cannot do that right now, as they're the same credentials that a user using the system would have access to. I see then 2 solutions to my problem (quite possibly there are others) 1.) existing commissioning credentials could update the system for their own system, but only durring commissioning. 2.) a different set of credentials that can make updates needs to be made available to the commissioning environment. '1' seems reasonable to me. But maybe I've failed to convince you. Thoughts? -- Mailing list: https://launchpad.net/~maas-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~maas-devel More help : https://help.launchpad.net/ListHelp
