Conductor Golden Config Plugin
conductor-goldenconfig-plugin
Plugin supporting basic operations related to Golden Config handling and config audit.
Golden Config validation
The purpose of validation is checking the compliance of normalized data from devices from different vendors (Dell, Intel, HP) with Golden Config schema. In case of unsuccessful verification, ValidationError is raised.
Validation Node Types
- windriver.nodes.gc.FileFromBlueprint
Validation Node Types
-
windriver.nodes.gc.FileFromBlueprint
Loads content of the file provided with blueprint on create.
-
properties:
- relative_path_in_blueprint - relative path to golden config file placed in the blueprint
-
runtime_properties:
- file_content - content of GC file, loaded into runtime property
-
-
windriver.nodes.gc.GoldenConfig
Runs validate process on create.
-
properties:
- content - content of the file that requires checking schema compliance
- schema_version - version of schema against which to validate
-
runtime_properties:
- content - content of the validated data
-
The validation process is also run as start and postupdate on windriver.nodes.gc.Normalizer node_type.
Data normalization to Golden Config format
Data normalization is used to convert data collected from devices into a format compliant with the defined Golden Config schema. It supports formating data fetched from Dell (IDRAC), Intel and HP devices.
Normalization Node Types
-
windriver.nodes.gc.Normalizer
Runs
normalizationprocess oncreateandupdate.Runs
validateprocess onstartandpostupdate.Runs
normalize_check_driftoncheck_drift.-
properties:
- schema_version - version of schema against which to validate
- protocol - protocol used by the device, whose data requires normalization
takes the following values: [
'iLo','redfish'] forDell(IDRAC)andIntelshould be set toredfishforHPshould be set toiLo - protocol_version - version of the redfish/iLo protocol
for
HPtakes the following values: [4,5] forDell(IDRAC)andIntelaccepts all of redfish versions
-
runtime_properties:
- result - data after normalization
- content - content of the validated data
-
Git integration (for Golden Config storage)
This integration based on dulwich library enables the usage of git repositories as storage for Golden Config.
With the plugin, file can be pushed to the repo or downloaded from it.
It supports both HTTP/HTTPS and SSH connections.
There is possibility to upload file provided with the blueprint, with the usage of windriver.nodes.gc.FileFromBlueprint node.
Git integration Data Types
-
windriver.types.gc.git.RepoAuth:
A dictionary of values to pass to authenticate with git.
- properties:
- repo_url - URL of git repo in format proper for HTTP/HTTPS or SSH connection
- ssh_key - SSH key needed for authentication (if ssh used)
- username - name of git user needed for authentication (if http/https used)
- password - password of git user needed for authentication (if http/https used)
- properties:
Git integration Node Types
-
windriver.nodes.gc.git.AddAndPushFile:
Runs
add_and_push_gc_file_to_gitoncreate.- properties:
- git_repo_auth - values needed to authenticate with git,
windriver.types.gc.git.RepoAuthdata type - file_name - name of the file, which will be created in the repo
- branch_name - name of the branch, on which the file will be created, default
master - file_content - content of the file, which will be created in the repo
- commit_message - message with which file will be commited to the repo
- git_repo_auth - values needed to authenticate with git,
- properties:
-
windriver.nodes.gc.git.FetchFile:
Runs
fetch_fileoncreate.- properties:
- git_repo_auth - values needed to authenticate with git,
windriver.types.gc.git.RepoAuthdata type - file_name - name of the file to download
- branch_name - name of the branch from which the file will be downloaded
- git_repo_auth - values needed to authenticate with git,
- runtime_properties:
- file_content - content of the file downloaded from the repo
- properties:
Config audit
Purpose of config audit is to compare discovered data with Golden Config and check if (described by Golden Config) requirements are met in given environment.
Node Types
-
windriver.nodes.gc.Audit:
Runs
auditprocess oncreate.- properties - described in
plugin.yaml - runtime_properties:
- result - result of audit (described below)
- properties - described in
Audit result format
{
"status": "failed",
"warnings": [
{
"message": "Value with path: /golden_config/system/some_property_2 has been manually excluded from audit",
"path": "/golden_config/system/some_property_2",
"current_value": 10,
"expected_value": 14,
"timestamp": 1661851749.243891
},
{
"message": "Value with path: /golden_config/system/some_property_4 has been manually excluded from audit",
"path": "/golden_config/system/some_property_4",
"current_value": "aaa",
"expected_value": "aaab",
"timestamp": 1661851749.331489
}
],
"errors":[
{
"message": "Simple typed value: 9 is different than expected: 12",
"path": "/golden_config/system/some_property_3",
"current_value": 9,
"expected_value": 12,
"timestamp": 1661851749.298285
}
]
}
status - possible values:
- succeed - 0 errors, 0 warnings,
- succeed_with_warnings - 0 errors, some warnings
- failed - some errors
Both errors and warnings have the same format for single item:
- message - human readable information about error / warning
- path - path pointing to item being compared for which error / warning has occurred;
subsequent keys in dictionary separated by
/; for list items path can contain item index in list (counted from 0) - current_value - current value described by
pathfor which error / warning has occurred; in some cases this value may be not set - expected_value - expected (golden config) value described by
pathfor which error / warning has occurred - timestamp - UNIX timestamp value for time when error / warning has occurred
Audit status, warnings and errors are additionally logged.
In case of silent_failure=false and audit errors NonRecoverableError is raised at the and
of audit process to fail an execution.