Hardware Observer
- Canonical BootStack Charmers
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 84 | 02 Jul 2024 | |
latest/stable | 13 | 01 Nov 2023 | |
latest/candidate | 113 | 15 Oct 2024 | |
latest/candidate | 112 | 15 Oct 2024 | |
latest/candidate | 13 | 30 Oct 2023 | |
latest/edge | 125 | 19 Nov 2024 | |
latest/edge | 124 | 19 Nov 2024 | |
latest/edge | 119 | 11 Nov 2024 | |
latest/edge | 118 | 11 Nov 2024 | |
latest/edge | 15 | 03 Nov 2023 |
juju deploy hardware-observer
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
Cryptography
Resource checksums
This charm can make use of for some additional vendor-specific binary tooling to enhance its functionality. Since those tools are available after agreeing to an EULA, they are not redistributed directly by the charm and must be sideloaded via juju resources.
In order to protect users from mistakenly deploying malicious variants of the expected tools, all resources are validated against a hardcoded list of known-good SHA256 checksums.
The checksums are maintained in file checksum.py
Sources verification
Whenever HPE hardware is detected, this charm deploys the ssacli
binary. SSACLI is retrieved from the mcp repository, which is owned by HPE and is located at http://downloads.linux.hpe.com/SDR/repo/mcp.
Validation of this additional source follows the standard protocol used for all apt sources, using keys stored in file keys.py
. These GPG keys were imported from https://downloads.linux.hpe.com/SDR/keys.html and are now held as static files in the hardware-exporter repository.
Use of TLS
This charm leverages TLS in one area:
- the presence of Redfish support (used to determine whether to enable the relative collector) is detected by querying the Redfish API of the local BMC over https.
Both connections are performed via the requests
library.
Passwords
This charm handles credentials for the Redfish collector included in hardware-exporter. The credentials are specified in the charm config and are rendered in an on-disk, plain-text configuration file only readable by the root user.