How about HPE iLO, does anyone know a way to disable access from the OS?
From: Tyler Bishop [mailto:tyler.bis...@beyondhosting.net] Sent: Sunday, January 28, 2018 2:01 AM To: Guo James Cc: openstack Subject: Re: [Openstack] [ironic] how to prevent ironic user to controle ipmi through OS? On dell DRAC you can disable IPMI/RAC control at the the device for OS configuration. With Supermicro IPMI you just need to create a random user and random password that is not "admin". _____________________________________________ Tyler Bishop Founder EST 2007 Obrázek byl odebrán odesílatelem. O: 513-299-7108 x10 M: 513-646-5809 http://BeyondHosting.net This email is intended only for the recipient(s) above and/or otherwise authorized personnel. The information contained herein and attached is confidential and the property of Beyond Hosting. Any unauthorized copying, forwarding, printing, and/or disclosing any information related to this email is prohibited. If you received this message in error, please contact the sender and destroy all copies of this email and any attachment(s). _____ From: "Guo James" <guoyongxh...@outlook.com> To: xief...@sina.com, "openstack" <openstack@lists.openstack.org> Sent: Wednesday, January 10, 2018 10:16:34 PM Subject: Re: [Openstack] [ironic] how to prevent ironic user to controle ipmi through OS? Ironic user can change ipmi address so that OpenStack ironic lose control of bare mental. I think that is unacceptable. It seems that we should make ironic image without root privilege From: xief...@sina.com [mailto:xief...@sina.com] Sent: Thursday, January 11, 2018 9:12 AM To: Guo James; openstack Subject: 回复:[Openstack] [ironic] how to prevent ironic user to controle ipmi through OS? If you can not get the usename and password of the OS, you can not modify ipmi configuration through you got the ironic user info. ----- 原始邮件 ----- 发件人:Guo James <guoyongxh...@outlook.com> 收件人:"openstack@lists.openstack.org" <openstack@lists.openstack.org> 主题:[Openstack] [ironic] how to prevent ironic user to controle ipmi through OS? 日期:2018年01月10日 17点21分 I notice that after an ironic user get a bare mental successfully, he can access ipmi through ipmi device although he can't access ipmi through LAN How to prevent the situation? If he modify ipmi configuration, that will be mess. _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack