Setting IPMI credentials: the history

Auto-discovery of bare metal nodes is a peculiar thing: everyone wants it in theory, but very few end up using it after facing the harsh reality. The truth is, there is not so much information you can discover by powering a machine on and booting a special ramdisk on it. I mean, oh, sure, we can collect literally thousands of various facts and runtime characteristics, but a few critical ones keep evading us. Specifically, BMC credentials. The very few facts ironic needs to be able to manage the machine. Oops.

In all fairness to hardware vendors, it's not very sensible to allow any user, even one with root access, to learn these critical bits of a hardware infrastructure. Not in the cloud era.

Two ideas appeared from numerous heated (and not so much) discussions, one great and one abysmal:

  • Introspection rules as a way to encode the logic of setting the credentials post-discovery.

  • Setting IPMI credentials during discovery.

Today we're talking about the latter.

Read more …