diff options
| author | Nisha Agarwal <nisha.agarwal@hpe.com> | 2020-08-16 18:59:31 +0000 |
|---|---|---|
| committer | Nisha Agarwal <agarwalnisha1980@gmail.com> | 2020-09-07 07:44:11 +0000 |
| commit | 6ee91fc3a63212123b8c6010eab97bd0fa4797b8 (patch) | |
| tree | 6f2ad14588513454aa1b946703335ae9e642f1d1 /doc | |
| parent | 3709cce11f696f324f501090d050273a1fcb4a70 (diff) | |
| download | ironic-6ee91fc3a63212123b8c6010eab97bd0fa4797b8.tar.gz | |
Adds few of the security dashboard parameters to capabilities
This patch adds few of the security dashboard parameters
to iLO capabilities. It adds :
- overall_security_status
- last_firmware_scan_result
- security_override_switch
Story: 2008024
Task: 40678
Change-Id: I7ef2ce1a20fbc1b258fce0f8ebd53661b24e66ff
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/admin/drivers/ilo.rst | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/source/admin/drivers/ilo.rst b/doc/source/admin/drivers/ilo.rst index 9d98bdbeb..919a5064f 100644 --- a/doc/source/admin/drivers/ilo.rst +++ b/doc/source/admin/drivers/ilo.rst @@ -923,6 +923,27 @@ Inspection can also discover the following extra capabilities for iLO driver: of the raid levels among 0, 1, 2, 5, 6, 10, 50 and 60 are configured on the system. +* ``overall_security_status``: ``Ok`` or ``Risk`` or ``Ignored`` as returned by iLO + security dashboard. iLO computes the overall security status by evaluating + the security status for each of the security parameters. Admin needs to fix + the actual parameters and then re-inspect so that iLO can recompute the + overall security status. If the all security params, whose ``security_status`` is + ``Risk``, have the ``Ignore`` field set to ``True``, then iLO sets + the overall security status value as ``Ignored``. All the security params must have + the ``security_status`` as ``Ok`` for the ``overall_security_status`` + to have the value as ``Ok``. + +* ``last_firmware_scan_status``: ``Ok`` or ``Risk`` as returned by iLO security dashboard. + This denotes security status of the last firmware scan done on the system. If it is + ``Risk``, the recommendation is to run clean_step ``update_firmware_sum`` without any + specific firmware components so that firmware is updated for all the components using + latest SPP (Service Provider Pack) ISO and then re-inspect to get the security status + again. + +* ``security_override_switch``: ``Ok`` or ``Risk`` as returned by iLO security dashboard. + This is disable/enable login to the iLO using credentials. This can be toggled only + by physical visit to the bare metal. + .. note:: * The capability ``nic_capacity`` can only be discovered if ipmitool @@ -941,6 +962,10 @@ Inspection can also discover the following extra capabilities for iLO driver: (active and otherwise) NICs for Gen8 and Gen9 servers and ironic ports are created for all of them. Inspection logs a warning if the node under inspection is Gen8 or Gen9. + * The security dashboard capabilities are applicable only for Gen10 ProLiant HPE + servers and above. To fix the security dashboard parameters value from + ``Risk`` to ``Ok``, user need to fix the parameters separately and re-inspect + to see the security status of the parameters. The operator can specify these capabilities in nova flavor for node to be selected for scheduling:: |