Commit a0d96e0c authored by Brian Kroth's avatar Brian Kroth

Add support for different ipmitool privilege levels.

Also need to add support for separate ipmi encryption keys from user
passwords, but it turns out that the current db schema does actually
support that already and at least one script more or less does it
already (power_ipmi.pm), though another doesn't (power_ilo.pm), so we
can fix that separately there.

This is to allow support of additional read-only users for gathering
power data that don't have to also be given the admin password in form
form of the hex encoded Kg key.

Also add a field so that we don't need to assume that the privilege
level is necessarily ADMINISTRATOR.
parent ffd48a5c
......@@ -3527,6 +3527,9 @@ CREATE TABLE `outlets_remoteauth` (
`key_role` varchar(64) NOT NULL default '',
`key_uid` varchar(64) NOT NULL default '',
`mykey` text NOT NULL,
-- NOTE: These are mostly pulled from ipmitool. Other protocols may need
-- other values or not care at all, hence the addition of OTHER to the list.
`key_privlvl` enum('CALLBACK','USER','OPERATOR','ADMINISTRATOR','OTHER') NOT NULL DEFAULT 'ADMINISTRATOR',
PRIMARY KEY (`node_id`,`key_type`,`key_role`,`key_uid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
......
#
# IPMIv2 Separate (Kg) Encryption Key and Privileges Levels
#
# Actually, it turns out that the current schema's PRIMARY KEY already supports
# storing a separate Kg key from the user(s) passwords, so we just need to
# update the libs to pull all of the rows for that part.
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
DBQueryFatal(<<SQL
ALTER TABLE outlets_remoteauth
ADD COLUMN key_privlvl
ENUM ('CALLBACK', 'USER', 'OPERATOR', 'ADMINISTRATOR', 'OTHER')
NOT NULL DEFAULT 'ADMINISTRATOR'
SQL
);
return 0;
}
1;
# Local Variables:
# mode:perl
# End:
# vim: set ft=perl et sw=4 ts=4:
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment