maas-devel team mailing list archive

Thread
Date

system update in commissioning or enlistment

To: maas-devel@xxxxxxxxxxxxxxxxxxx
From: Scott Moser <smoser@xxxxxxxxxx>
Date: Tue, 7 Aug 2012 14:32:13 -0400 (EDT)
Sender: Scott Moser <ssmoser2@xxxxxxxxx>
User-agent: Alpine 2.02 (DEB 1266 2009-07-14)

Hi,
   Andres was asked to look at getting a system to update its ipmi data.
   It was decided that making changes to an IPMI card during enlistment
was not acceptable as it was possibly destructive.  So, instead we would
make the changes in the commissioning environment.   The enlistment will
do its best to collect all MAC addresses it can, and even identify which
is an IPMI card.  It will send that data back to maas, but will not change
anything.
   Then, during commissioning, there are 2 cases:
a.) where maas manages the network of the ipmi card with dhcp
b.) where maas does not manage the ipmi card's network.

   In the case of 'a', it would be sufficient for maas to send down
instructions to the commissioning environment saying "set the ipmi card up
with user 'foobar' and password 'wark' and whatever other configuration
would be done.  the commissioning code then can just post status updates
of "OK" or "ERROR" to the metadata api the way it currently does.  There
it could identify that it failed to setup correctly.

   However, in 'b', we potentially need to read information from the card
and update maas with that information.  Ie, if during enlistment, the card
did not have an IP address or was not configured for dhcp, we would do
that in commissioning.  However, we would then have to tell maas what the
IP address of that IPMI card was after dhcp was done to get it or we read
the existing value.

   The key here is that, we have to update the node's information from the
commissioning environment.  Currently, we cannot do that.  All we have in
the commissioning environment is metadata credentials (to get user-data
and meta-data for the node).  Those are not capable of making changes to
the node, or even listing information for *that* node.

   If there is a real need for 'b' above (and Andres thinks there is),
then we need to update the node from the node itself.  So the
commissioning environment would need access to credentials that can
perform an update to the system.  There is good reason that these cannot
do that right now, as they're the same credentials that a user using the
system would have access to.

   I see then 2 solutions to my problem (quite possibly there are others)
1.) existing commissioning credentials could update the system for their
own system, but only durring commissioning.
2.) a different set of credentials that can make updates needs to be made
available to the commissioning environment.

   '1' seems reasonable to me.  But maybe I've failed to convince you.
   Thoughts?

Follow ups

Re: system update in commissioning or enlistment
From: Gavin Panella, 2012-08-09
Re: system update in commissioning or enlistment
From: Julian Edwards, 2012-08-09