diff options
author | Zuul <zuul@review.opendev.org> | 2020-09-07 18:45:21 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2020-09-07 18:45:21 +0000 |
commit | fc2247246b8d6543a862ca5de65b90bba3b6a77d (patch) | |
tree | 312c3c7f377c673a351403fff30f955d71c24940 /doc/source/admin | |
parent | 30a9d3357770eee5642034325c0fdb6c83c87997 (diff) | |
parent | 6ee91fc3a63212123b8c6010eab97bd0fa4797b8 (diff) | |
download | ironic-fc2247246b8d6543a862ca5de65b90bba3b6a77d.tar.gz |
Merge "Adds few of the security dashboard parameters to capabilities"
Diffstat (limited to 'doc/source/admin')
-rw-r--r-- | doc/source/admin/drivers/ilo.rst | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/source/admin/drivers/ilo.rst b/doc/source/admin/drivers/ilo.rst index 9d98bdbeb..919a5064f 100644 --- a/doc/source/admin/drivers/ilo.rst +++ b/doc/source/admin/drivers/ilo.rst @@ -923,6 +923,27 @@ Inspection can also discover the following extra capabilities for iLO driver: of the raid levels among 0, 1, 2, 5, 6, 10, 50 and 60 are configured on the system. +* ``overall_security_status``: ``Ok`` or ``Risk`` or ``Ignored`` as returned by iLO + security dashboard. iLO computes the overall security status by evaluating + the security status for each of the security parameters. Admin needs to fix + the actual parameters and then re-inspect so that iLO can recompute the + overall security status. If the all security params, whose ``security_status`` is + ``Risk``, have the ``Ignore`` field set to ``True``, then iLO sets + the overall security status value as ``Ignored``. All the security params must have + the ``security_status`` as ``Ok`` for the ``overall_security_status`` + to have the value as ``Ok``. + +* ``last_firmware_scan_status``: ``Ok`` or ``Risk`` as returned by iLO security dashboard. + This denotes security status of the last firmware scan done on the system. If it is + ``Risk``, the recommendation is to run clean_step ``update_firmware_sum`` without any + specific firmware components so that firmware is updated for all the components using + latest SPP (Service Provider Pack) ISO and then re-inspect to get the security status + again. + +* ``security_override_switch``: ``Ok`` or ``Risk`` as returned by iLO security dashboard. + This is disable/enable login to the iLO using credentials. This can be toggled only + by physical visit to the bare metal. + .. note:: * The capability ``nic_capacity`` can only be discovered if ipmitool @@ -941,6 +962,10 @@ Inspection can also discover the following extra capabilities for iLO driver: (active and otherwise) NICs for Gen8 and Gen9 servers and ironic ports are created for all of them. Inspection logs a warning if the node under inspection is Gen8 or Gen9. + * The security dashboard capabilities are applicable only for Gen10 ProLiant HPE + servers and above. To fix the security dashboard parameters value from + ``Risk`` to ``Ok``, user need to fix the parameters separately and re-inspect + to see the security status of the parameters. The operator can specify these capabilities in nova flavor for node to be selected for scheduling:: |