Merge pull request #453 from rackerlabs/enroll-old-password-option

cardoe · web-flow · commit cb83c135d1e7 · 2024-11-08T15:26:33.000Z
feat: Allow caller to specify current BMC password of baremetal node to enroll
diff --git a/python/understack-workflows/understack_workflows/bmc_credentials.py b/python/understack-workflows/understack_workflows/bmc_credentials.py
@@ -10,41 +10,44 @@
 logger = setup_logger(__name__)
 
 
-def set_bmc_password(ip_address, required_password, username="root"):
-    """Access BMC via redfish and change password from factory default if needed.
+def set_bmc_password(ip_address, new_password, username="root", old_password=None):
+    """Access BMC via redfish and change password from old password if needed.
 
-    Check that we can log in using the standard password.
+    Old password, if not specified, is the maufacturer's factory default.
 
-    If that doesn't work, try the factory default password, if that succeeds
-    then we change the BMC password to our standard one.
+    Check that we can log in using the standard password.
 
-    Once the password has been changed then we check that it works by logging in
-    again.
+    If that doesn't work, try the old password, if that succeeds then we change
+    the BMC password to our standard one.
 
-    Raises an Exception if the password is not confirmed working.
+    Once the password has been changed, we check that it works by logging in
+    again, otherwise raise an Exception.
     """
-    token, session = _verify_auth(ip_address, username, required_password)
+    if not old_password:
+        old_password = FACTORY_PASSWORD
+
+    token, session = _verify_auth(ip_address, username, new_password)
     if token:
         logger.info("Production BMC credentials are working on this BMC.")
         close_session(ip_address, token, session)
         return
 
     logger.info(
         "Production BMC credentials don't work on this BMC. "
-        "Trying factory default credentials."
+        "Trying old / factory default credentials."
     )
-    token, session = _verify_auth(ip_address, username, FACTORY_PASSWORD)
+    token, session = _verify_auth(ip_address, username, old_password)
     if not token:
         raise Exception(
             f"Unable to log in to BMC {ip_address} with any known password!"
         )
 
     logger.info("Changing BMC password to standard")
-    _set_bmc_creds(ip_address, token, username, required_password)
+    _set_bmc_creds(ip_address, token, username, new_password)
     logger.info("BMC password has been set.")
     close_session(ip_address, token, session)
 
-    token = _verify_auth(ip_address, username, required_password)
+    token = _verify_auth(ip_address, username, new_password)
     if token:
         logger.info("Production BMC credentials are working on this BMC.")
         close_session(ip_address, token, session)
diff --git a/python/understack-workflows/understack_workflows/main/enroll_server.py b/python/understack-workflows/understack_workflows/main/enroll_server.py
@@ -41,7 +41,8 @@ def main():
 
     This script has the following order of operations:
 
-    - connect to the BMC, trying standard password then factory default
+    - connect to the BMC using standard password, if that fails then use
+      password supplied in --old-bmc-password option, or factory default
 
     - ensure standard BMC password is set
 
@@ -98,8 +99,12 @@ def main():
     token = args.nautobot_token or credential("nb-token", "token")
     nautobot = pynautobot.api(url, token=token)
 
-    bmc = bmc_for_ip_address(bmc_ip_address, password=args.bmc_password)
-    set_bmc_password(bmc.ip_address, bmc.password)
+    bmc = bmc_for_ip_address(bmc_ip_address)
+    set_bmc_password(
+        ip_address=bmc.ip_address,
+        new_password=bmc.password,
+        old_password=args.old_bmc_password,
+    )
 
     device_info = chassis_info(bmc)
     logger.info(f"Discovered {pformat(device_info)}")
@@ -133,12 +138,11 @@ def main():
 
 def argument_parser():
     parser = argparse.ArgumentParser(
-        prog=os.path.basename(__file__), description="Ingest Baremetal"
+        prog=os.path.basename(__file__), description="Ingest Baremetal Node"
     )
     parser.add_argument("--bmc-ip-address", type=str, required=True, help="BMC IP")
-    parser.add_argument("--bmc-password", type=str, required=False, help="BMC Pass")
     parser.add_argument(
-        "--bmc-mac-address", type=str, required=False, help="BMC MAC Addr"
+        "--old-bmc-password", type=str, required=False, help="Old Password"
     )
     parser = parser_nautobot_args(parser)
     return parser
