Hardware Observer

  • Canonical BootStack Charmers
Channel Revision Published Runs on
latest/stable 84 02 Jul 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/stable 13 01 Nov 2023
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/candidate 113 15 Oct 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/candidate 112 15 Oct 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/candidate 13 30 Oct 2023
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 125 19 Nov 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 124 19 Nov 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 119 11 Nov 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 118 11 Nov 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 15 03 Nov 2023
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
juju deploy hardware-observer --channel edge
Show information

Platform:

Ubuntu
24.04 22.04 20.04 18.04

Cryptography

Resource checksums

This charm can make use of for some additional vendor-specific binary tooling to enhance its functionality. Since those tools are available after agreeing to an EULA, they are not redistributed directly by the charm and must be sideloaded via juju resources.

In order to protect users from mistakenly deploying malicious variants of the expected tools, all resources are validated against a hardcoded list of known-good SHA256 checksums.

The checksums are maintained in file checksum.py

Sources verification

Whenever HPE hardware is detected, this charm deploys the ssacli binary. SSACLI is retrieved from the mcp repository, which is owned by HPE and is located at http://downloads.linux.hpe.com/SDR/repo/mcp.

Validation of this additional source follows the standard protocol used for all apt sources, using keys stored in file keys.py. These GPG keys were imported from https://downloads.linux.hpe.com/SDR/keys.html and are now held as static files in the hardware-exporter repository.

Use of TLS

This charm leverages TLS in one area:

  • the presence of Redfish support (used to determine whether to enable the relative collector) is detected by querying the Redfish API of the local BMC over https.

Both connections are performed via the requests library.

Passwords

This charm handles credentials for the Redfish collector included in hardware-exporter. The credentials are specified in the charm config and are rendered in an on-disk, plain-text configuration file only readable by the root user.