Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Solve Issue #63: Add Support for Token Authentication and User/Pass Authentication in BMC Firmware Update #89

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Solve Issue #63: Add Support for Token Authentication and User/Pass Authentication in BMC Firmware Update #89

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ebc046b
fix: support-token-user/pass
invalid-email-address Jul 2, 2024
61dbf13
linters fix
abhashsolanki18 Jul 11, 2024
e5fb951
fix(bmc_fw_update): resolve YAML linting issues
abhashsolanki18 Jul 12, 2024
56967c1
Merge branch 'opiproject:main' into main
abhashsolanki18 Jul 15, 2024
caf19dd
fix(bmc_fw_update): resolve workflow permission errors
abhashsolanki18 Jul 15, 2024
91dee45
fix(bmc_fw_update): resolve workflow permission errors
abhashsolanki18 Jul 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions .github/workflows/ansible.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,13 +104,14 @@ jobs:
strategy:
fail-fast: false
matrix:
python-version: ["3.9", "3.10", "3.11"]
ansible-version: [stable-2.17, stable-2.15, stable-2.16]
exclude:
# Ansible-core 2.16 is supported only from Python 3.10 onwards
- python-version: "3.9"
ansible-version: stable-2.16

python-version: ["3.9", "3.10", "3.11"]
ansible-version: [stable-2.15, stable-2.16, stable-2.17]
exclude:
# Ansible-core 2.16 and 2.17 are supported only from Python 3.10 onwards
- python-version: "3.9"
ansible-version: stable-2.16
- python-version: "3.9"
ansible-version: stable-2.17
steps:
# Important: This sets up your GITHUB_WORKSPACE environment variable
- name: Checkout the source code
Expand Down
179 changes: 119 additions & 60 deletions roles/bmc_fw_update/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
ansible.builtin.fail:
msg: "{{ bmc_fw_update_mutual_exclusive_msg }}"
when:
- ((dpu_bmc_username is defined or dpu_bmc_password is defined) and dpu_bmc_token is defined)
- (dpu_bmc_username is defined or dpu_bmc_password is defined) and (dpu_bmc_token is defined)

- name: Get Firmware Inventory
ansible.builtin.include_role:
Expand Down Expand Up @@ -43,61 +43,119 @@
delegate_to: "{{ bmc_fw_update_delegate }}"
when: not bmc_fw_update_local_file_check.stat.exists

# Consider replace with 'GetFirmwareUpdateCapabilities' when available
- name: Check multipart support
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}/redfish/v1/UpdateService"
method: GET
return_content: true
status_code: 200
body_format: json
url_username: "{{ dpu_bmc_username }}"
url_password: "{{ dpu_bmc_password }}"
force_basic_auth: true
validate_certs: false
delegate_to: "{{ bmc_fw_update_delegate }}"
register: bmc_fw_update_multipart_check

# Deprecated method
- name: Update BMC firmware of DPU using deprecated HttpPushUri
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is not defined
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}{{ bmc_fw_update_multipart_check.json.HttpPushUri }}"
method: POST
status_code: [200, 202]
src: "{{ bmc_fw_update_image_file }}"
headers:
Content-Type: application/octet-stream
url_username: "{{ dpu_bmc_username }}"
url_password: "{{ dpu_bmc_password }}"
force_basic_auth: true
validate_certs: false
delegate_to: "{{ bmc_fw_update_delegate }}"
register: bmc_fw_update_depecated_http_push

- name: Extract task id from update task
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is not defined
ansible.builtin.set_fact:
bmc_firmware_update_taskid: '{{ bmc_fw_update_depecated_http_push.location | urlsplit("path") }}'

- name: Update BMC firmware of DPU
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is defined
community.general.redfish_command:
category: Update
command: MultipartHTTPPushUpdate
baseuri: "{{ inventory_hostname }}"
username: "{{ dpu_bmc_username }}"
password: "{{ dpu_bmc_password }}"
# auth_token: "{{ dpu_bmc_token }}"
timeout: 600
update_image_file: "{{ bmc_fw_update_image_file }}"
register: result_update_task
delegate_to: "{{ bmc_fw_update_delegate }}"

- name: Extract task id from update task
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is defined
ansible.builtin.set_fact:
bmc_firmware_update_taskid: "{{ result_update_task.return_values.update_status.handle }}"
# Check multipart support with user/pass authentication
- block:

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.15)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.15)

name[missing] 

All tasks should be named.

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.16)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.16)

name[missing] 

All tasks should be named.

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.15)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.15)

name[missing] 

All tasks should be named.

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.17)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.17)

name[missing] 

All tasks should be named.

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.16)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.16)

name[missing] 

All tasks should be named.

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.17)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.17)

name[missing] 

All tasks should be named.

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.9, stable-2.15)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 47 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.9, stable-2.15)

name[missing] 

All tasks should be named.
- name: Check multipart support using user/pass
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}/redfish/v1/UpdateService"
method: GET
return_content: true
status_code: 200
body_format: json
url_username: "{{ dpu_bmc_username }}"
url_password: "{{ dpu_bmc_password }}"
force_basic_auth: true
validate_certs: false
delegate_to: "{{ bmc_fw_update_delegate }}"
register: bmc_fw_update_multipart_check

# Deprecated method with user/pass
- name: Update BMC firmware of DPU using deprecated HttpPushUri with user/pass
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is not defined
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}{{ bmc_fw_update_multipart_check.json.HttpPushUri }}"
method: POST
status_code: [200, 202]
src: "{{ bmc_fw_update_image_file }}"
headers:
Content-Type: application/octet-stream
url_username: "{{ dpu_bmc_username }}"
url_password: "{{ dpu_bmc_password }}"
force_basic_auth: true
validate_certs: false
delegate_to: "{{ bmc_fw_update_delegate }}"
register: bmc_fw_update_depecated_http_push

- name: Extract task id from update task with user/pass
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is not defined
ansible.builtin.set_fact:
bmc_firmware_update_taskid: '{{ bmc_fw_update_depecated_http_push.location | urlsplit("path") }}'

# Update BMC firmware with user/pass
- name: Update BMC firmware of DPU with user/pass
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is defined
community.general.redfish_command:
category: Update
command: MultipartHTTPPushUpdate
baseuri: "{{ inventory_hostname }}"
username: "{{ dpu_bmc_username }}"
password: "{{ dpu_bmc_password }}"
timeout: 600
update_image_file: "{{ bmc_fw_update_image_file }}"
register: result_update_task
delegate_to: "{{ bmc_fw_update_delegate }}"

- name: Extract task id from update task with user/pass
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is defined
ansible.builtin.set_fact:
bmc_firmware_update_taskid: "{{ result_update_task.return_values.update_status.handle }}"

when: dpu_bmc_username is defined and dpu_bmc_password is defined

# Check multipart support with token authentication
- block:

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.15)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.15)

name[missing] 

All tasks should be named.

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.16)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.16)

name[missing] 

All tasks should be named.

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.15)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.15)

name[missing] 

All tasks should be named.

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.17)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.17)

name[missing] 

All tasks should be named.

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.16)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.16)

name[missing] 

All tasks should be named.

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.17)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.17)

name[missing] 

All tasks should be named.

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.9, stable-2.15)

key-order[task] 

You can improve the task key order to: when, block

Check failure on line 106 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.9, stable-2.15)

name[missing] 

All tasks should be named.
- name: Check multipart support using token
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}/redfish/v1/UpdateService"
method: GET
return_content: true
status_code: 200
body_format: json
headers:
X-Auth-Token: "{{ dpu_bmc_token }}"
validate_certs: false
delegate_to: "{{ bmc_fw_update_delegate }}"
register: bmc_fw_update_multipart_check

# Deprecated method with token
- name: Update BMC firmware of DPU using deprecated HttpPushUri with token
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is not defined
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}{{ bmc_fw_update_multipart_check.json.HttpPushUri }}"
method: POST
status_code: [200, 202]
src: "{{ bmc_fw_update_image_file }}"
headers:
Content-Type: application/octet-stream
X-Auth-Token: "{{ dpu_bmc_token }}"
validate_certs: false
delegate_to: "{{ bmc_fw_update_delegate }}"
register: bmc_fw_update_depecated_http_push

- name: Extract task id from update task with token
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is not defined
ansible.builtin.set_fact:
bmc_firmware_update_taskid: '{{ bmc_fw_update_depecated_http_push.location | urlsplit("path") }}'

# Update BMC firmware with token
- name: Update BMC firmware of DPU with token
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is defined
community.general.redfish_command:
category: Update
command: MultipartHTTPPushUpdate
baseuri: "{{ inventory_hostname }}"
auth_token: "{{ dpu_bmc_token }}"
timeout: 600
update_image_file: "{{ bmc_fw_update_image_file }}"
register: result_update_task
delegate_to: "{{ bmc_fw_update_delegate }}"

- name: Extract task id from update task with token
when: bmc_fw_update_multipart_check.json.MultipartHttpPushUri is defined
ansible.builtin.set_fact:
bmc_firmware_update_taskid: "{{ result_update_task.return_values.update_status.handle }}"

when: dpu_bmc_token is defined

- name: Print TASK id for tracking
ansible.builtin.debug:
Expand All @@ -113,9 +171,9 @@
category: Update
command: GetUpdateStatus
baseuri: "{{ inventory_hostname }}"
username: "{{ dpu_bmc_username }}"
password: "{{ dpu_bmc_password }}"
# auth_token: "{{ dpu_bmc_token }}"
username: "{{ dpu_bmc_username | default(omit) }}"
password: "{{ dpu_bmc_password | default(omit) }}"
auth_token: "{{ dpu_bmc_token | default(omit) }}"
update_handle: "{{ bmc_firmware_update_taskid }}"
register: update_progress
until: update_progress.redfish_facts.update_status.status != 'Running'
Expand Down Expand Up @@ -154,4 +212,5 @@
msg: "{{ bmc_fw_update_version_failure }}"
when:
- bmc_fw_update_reboot is true
- not bmc_fw_update_image_file is search(bmc_fw_update_got_fw_version | regex_search('[0-9-.]+'))
- not bmc_fw_update_image_file is search(bmc_fw_update_got_fw_version | regex_search('[0-9-.]+'))"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

last " is typo?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, fixed it


Check failure on line 216 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.15)

yaml[empty-lines] 

Too many blank lines (1 > 0)

Check failure on line 216 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.16)

yaml[empty-lines] 

Too many blank lines (1 > 0)

Check failure on line 216 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.15)

yaml[empty-lines] 

Too many blank lines (1 > 0)

Check failure on line 216 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.11, stable-2.17)

yaml[empty-lines] 

Too many blank lines (1 > 0)

Check failure on line 216 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.16)

yaml[empty-lines] 

Too many blank lines (1 > 0)

Check failure on line 216 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.10, stable-2.17)

yaml[empty-lines] 

Too many blank lines (1 > 0)

Check failure on line 216 in roles/bmc_fw_update/tasks/main.yml

View workflow job for this annotation

GitHub Actions / Ansible lint (3.9, stable-2.15)

yaml[empty-lines] 

Too many blank lines (1 > 0)
Loading