Bare machine authentication method and device, equipment and medium

An authentication method and bare-metal technology, applied in the computer field, can solve problems such as failure of bare-metal inspection and reduction of authentication success rate

Pending Publication Date: 2021-03-02
北京浪潮数据技术有限公司
0 Cites 2 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0003] In the process of Ironic service managing the bare metal, it is necessary to obtain hardware information such as the BMC (Baseboard Management Controller, Baseboard Management Controller) address of the bare metal by checking the image in the pre-boot execution environment, and register the obtained BMC address with the bare metal When comparing the BMC address entered by the user to verify the bare metal, but due to the hardware capabilities of the bare metal and the degree of adaptation between the...
View more

Abstract

The invention discloses a bare computer authentication method and device, equipment and a medium, and the method comprises the steps: obtaining a first machine serial number of a target bare computerbased on target IPMI information stored in a database, and storing the first machine serial number at a position, corresponding to the target IPMI information, in the database; when the target bare computer is started from the pre-starting execution environment, obtaining hardware information of the target bare computer through a bare metal service terminal agent in a preset inspection mirror image, storing the hardware information in preset dictionary data, and the hardware information comprises a second machine serial number of the target bare computer; and comparing the second machine serial number in the dictionary data with the first machine serial number in the database, and when the second machine serial number is consistent with the first machine serial number, updating the hardware information to a position, corresponding to the target IPMI information, in the database. Therefore, the bare computer information collection success rate can be improved, and the authentication success rate is improved.

Application Domain

Digital data authentication

Technology Topic

Bare metalBare machine +8

Image

  • Bare machine authentication method and device, equipment and medium
  • Bare machine authentication method and device, equipment and medium
  • Bare machine authentication method and device, equipment and medium

Examples

  • Experimental program(1)

Example Embodiment

[0042]The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
[0043]At present, in the process of managing bare metal by the Ironic service, it is necessary to obtain the hardware information such as the BMC (Baseboard Management Controller) address of the bare metal by checking the mirror in the pre-start execution environment, and the obtained BMC address and The BMC address entered by the user during bare metal registration is compared to verify the bare metal, but it is limited by the hardware capabilities of the bare metal and the degree of adaptation of the bare metal hardware to the inspection image and operating system kernel is different. In some cases, the inspection image is obtained. The data reported to the Ironic-inspector service cannot be identified as any bare metal data without the BMC address of the bare metal where it is located. Ironic-inspector is an inspection service provided by OpenStack for bare metal, which is used to collect the hardware information of the registered bare metal, leading to bare metal inspection. Failure, reducing the authentication success rate. In view of this, this application proposes a bare-metal authentication method, which can increase the success rate of collecting bare-metal information, thereby increasing the authentication success rate.
[0044]Seefigure 1 As shown, the embodiment of the present application discloses a bare metal authentication method, which includes:
[0045]Step S11: Obtain the first machine serial number of the target bare machine based on the target IPMI information stored in the database, and store the first machine serial number in the database at a location corresponding to the target IPMI information, wherein the The target IPMI information is the IPMI information obtained when the target bare metal is registered.
[0046]When the bare metal is registered to Ironic, that is, when the target bare metal is registered, you need to enter the IPMI (Industrial Standard Protocol for Out-of-band Management of Electronic Information Equipment) information corresponding to the target bare metal, including IPMI address, user name, password, etc. The IPMI information registration indicates that the bare metal is mapped to the Ironic node, and the IPMI information is stored in the database. Specifically, the IPMI information is stored in a nodes table in a database, where the nodes table in the database is used to store relevant information of each bare metal mapping object.
[0047]That is, the registration information of the target bare metal needs to be acquired, where the registration information includes the target IPMI information of the target bare metal; the registration information is used to register the bare metal mapping object for the target bare metal, and the target IPMI Information is stored in the database.
[0048]Therefore, when the bare metal is transferred from registration to management, the first machine serial number of the target bare metal needs to be acquired based on the IPMI information in the database, that is, the machine serial number of the target bare metal is acquired out-of-band.
[0049]Specifically, the IPMI power state of the target bare metal may be acquired first based on the target IPMI information stored in the database; if the IPMI power state is successfully acquired, the target may be acquired based on the target IPMI information and a preset serial number acquisition command The first machine serial number of the bare metal.
[0050]That is, first obtain the IPMI power status of the target bare metal based on the target IPMI information. If the acquisition is successful, it means that the IPMI address in the IPMI information is correct, so it can be based on the IPMI information and the preset serial number. The obtaining command obtains the first machine serial number of the target bare machine.
[0051]Wherein, the obtaining the first machine serial number of the target bare metal based on the target IPMI information and a preset serial number obtaining command includes: obtaining the target based on the target IPMI information and a preset serial number obtaining command The product information of the bare metal; the product serial number in the product information is intercepted to obtain the first machine serial number of the target bare metal. That is, in addition to the first machine serial number obtained by the preset serial number acquisition command processing, some other information can also be obtained, so the first machine serial number in the obtained information needs to be truncated. Wherein, the serial number acquisition command may be ipmitool-I lanplus-H-U-P fru list, H represents the IPMI address, U represents the user name, and P represents the password.
[0052]After obtaining the serial number of the first machine, the state of the target bare machine can be changed to a manageable state.
[0053]Seefigure 2 As shown, it is the flow chart of obtaining the management of bare metal transfer. First obtain the bare metal power status, that is, the aforementioned IPMI power status of the target bare metal is obtained based on the target IPMI information stored in the database. If the acquisition is not successful, it will end directly. If the acquisition is successful, use the IPMI tool command to obtain the serial number of the bare metal. That is, the aforementioned first machine serial number of the target bare machine is acquired. Turn the bare metal into a manageable state.
[0054]Step S12: When the target bare metal is started from the pre-boot execution environment, obtain the hardware information of the target bare metal through the bare metal service terminal agent in the preset inspection image, and store the hardware information in a preset dictionary In the data, the hardware information includes the second machine serial number of the target bare machine.
[0055]In addition, after the bare metal is converted to the manageable state, a bare metal inspection is required. When the target bare metal is started from the pre-boot execution environment, the hardware information of the target bare metal is obtained through the bare metal service terminal agent in the preset inspection image. , And store the hardware information in preset dictionary data, where the hardware information includes the second machine serial number of the target bare metal.
[0056]Specifically, it includes: modifying the boot device in the target bare metal to a pre-boot execution environment, and driving the target bare metal to boot from the pre-boot execution environment through a startup command; pull a preset inspection image, and pass all The bare metal service terminal agent in the inspection image obtains the hardware information of the target bare machine.
[0057]In combination with the Ironic, the IPMI command is called by Ironic to modify the boot device of the bare metal to be a pre-boot execution environment (Preboot eXecution Environment, PXE), and a startup command (power off & poweron command) is issued to start the bare metal from the pre-boot execution environment , Pull and check the image, the bare metal service terminal agent Ironic-python-agent (hereinafter referred to as IPA) in the image collects hardware information, including the second machine serial number and MAC address (Media Access Control Address) of the bare metal. Access control address, also called physical address), BMC address, CPU, memory, local disk size and other information are stored in the dictionary data data.
[0058]You can use dmidecode to obtain the second machine serial number, where the addition of using dmidecode to collect the second machine serial number involves the following code improvements: add the "product-info" field to the default collection configuration; extend one for HardwareManager "Get_product_info" method, this method uses dmidecode to obtain the hardware information of the bare metal, and intercept the output "Manufacturer", "ProductName" and "Serial Number" as the second machine serial number of the bare metal, which is stored in the dictionary data [' product-info'] field. After IPA is collected, it will report the field data to the Ironic-inspector service to process the data.
[0059]Step S13: Compare the second machine serial number in the dictionary data with the first machine serial number in the database, and when the second machine serial number is consistent with the first machine serial number, compare The hardware information is updated to the position corresponding to the target IPMI information in the database.
[0060]After obtaining the second machine serial number, it is also necessary to compare the second machine serial number in the dictionary data with the first machine serial number in the database. If the serial numbers of the first machines are consistent, it means that the bare metal authentication is successful, and the hardware information is updated to the position corresponding to the target IPMI information in the database.
[0061]It can be seen that this application first obtains the first machine serial number of the target bare metal based on the target IPMI information stored in the database, and stores the first machine serial number in the database at a location corresponding to the target IPMI information, where: The target IPMI information is the IPMI information obtained when the target bare metal is registered, and then when the target bare metal is started from the pre-boot execution environment, the target bare metal is obtained through the bare metal service terminal agent in the preset inspection image And store the hardware information in preset dictionary data, where the hardware information includes the second machine serial number of the target bare metal, and the second machine serial number in the dictionary data The serial number of the machine is compared with the serial number of the first machine in the database, and when the serial number of the second machine is consistent with the serial number of the first machine, the hardware information is updated to the database and the target The location corresponding to the IPMI information. It can be seen that this application first obtains the machine serial number out-of-band based on the target IPMI information obtained during the registration of the target bare metal, and then when the target bare metal is started from the pre-boot execution environment, the machine serial number is obtained by checking the image Obtain in-band, and then compare the machine serial number obtained out-of-band with the machine serial number obtained in-band. If they are the same, the authentication is successful. Use the hardware information of the target bare-metal obtained in-band to update the target bare-metal registration. Because the in-band acquisition of the machine serial number requires a lower matching degree between the bare-metal hardware and the inspection image and the operating system kernel than the in-band acquisition of the BMC address, the success rate of the bare-metal information acquisition is improved, thereby increasing Bare-metal authentication success rate, and the combination of the machine serial number obtained in-band and the machine serial number obtained out-of-band for bare-metal authentication improves reliability.
[0062]Seeimage 3 As shown, the embodiment of the present application discloses a specific bare metal authentication method, which includes:
[0063]Step S21: Obtain the first machine serial number of the target bare machine based on the target IPMI information stored in the database, and store the first machine serial number in the database at a location corresponding to the target IPMI information, wherein the The target IPMI information is the IPMI information obtained when the target bare metal is registered.
[0064]Step S22: When the target bare metal is started from the pre-boot execution environment, obtain the hardware information of the target bare metal through the bare metal service terminal agent in the preset inspection image, and store the hardware information in a preset dictionary In the data, the hardware information includes the second machine serial number of the target bare machine.
[0065]Step S23: Compare the second machine serial number in the dictionary data with the first machine serial number in the database.
[0066]Step S24: If the second machine serial number is consistent with the first machine serial number, update the hardware information to the position in the database corresponding to the target IPMI information.
[0067]For the specific implementation of step S21 to step S22, reference may be made to the content disclosed in the foregoing embodiment, and details are not described here.
[0068]Step S25: If the second machine serial number is inconsistent with the first machine serial number, compare the BMC address in the dictionary data with the BMC address to be verified in the database.
[0069]Step S26: If the BMC address in the dictionary data is consistent with the BMC address to be verified in the database, update the hardware information to the position in the database corresponding to the target IPMI information.
[0070]Step S27: If the BMC address in the dictionary data is inconsistent with the BMC address to be verified in the database, compare the MAC address in the dictionary data with the MAC address to be verified in the database Correct.
[0071]Step S28: If the MAC address in the dictionary data is consistent with the MAC address to be verified in the database, update the hardware information to the position in the database corresponding to the target IPMI information.
[0072]Specifically, when the first machine serial number is inconsistent with the second machine serial number, it cannot be directly determined that the target bare metal authentication has failed, and the BMC address obtained in the hardware information needs to be compared with the database. The BMC address to be verified in the hardware information is compared. If the BMC address in the hardware information is consistent with the BMC address to be verified in the database, it can also indicate that the target bare metal authentication is successful, and the hardware information is updated to the The location in the database corresponding to the target IPMI information. Wherein, the BMC address to be verified in the database is also the IPMI address.
[0073]If the BMC information in the hardware information is inconsistent with the BMC address to be verified in the database, and the database includes the MAC address to be verified corresponding to the IPMI information, the information obtained in the hardware information may also be The MCA address is compared with the MAC address to be verified. When the MCA address obtained in the hardware information is consistent with the MAC address to be verified, it can also be considered that the target bare metal authentication is successful, and in the hardware information When the obtained MCA address is inconsistent with the MAC address to be verified, it indicates that the authentication has failed. If the database does not include the MAC address to be verified corresponding to the IPMI information, it means that the bare metal authentication has failed. Wherein, the MAC address to be verified is the MAC address input by the user when the target bare metal is registered.
[0074]After the authentication of the first machine serial number and the prime number second machine serial number fails, the BMC address and the MAC address can also be used for authentication, which further improves the bare metal authentication success rate.
[0075]SeeFigure 4 As shown, the embodiment of the present application discloses a bare metal authentication device, including:
[0076]The out-of-band serial number acquisition module 11 is configured to acquire the first machine serial number of the target bare metal based on the target IPMI information stored in the database, and store the first machine serial number in the database corresponding to the target IPMI information , Where the target IPMI information is the IPMI information obtained when the target bare metal is registered;
[0077]The in-band serial number obtaining module 12 is used to obtain the hardware information of the target bare metal through the bare metal service terminal agent in the preset inspection mirror when the target bare metal is started from the pre-boot execution environment, and The information is stored in preset dictionary data, where the hardware information includes the second machine serial number of the target bare metal;
[0078]The comparison module 13 is used to compare the second machine serial number in the dictionary data with the first machine serial number in the database, and compare the second machine serial number with the first machine serial number When they are consistent, the hardware information is updated to the position corresponding to the target IPMI information in the database.
[0079]It can be seen that this application first obtains the first machine serial number of the target bare metal based on the target IPMI information stored in the database, and stores the first machine serial number in the database at a location corresponding to the target IPMI information, where: The target IPMI information is the IPMI information obtained when the target bare metal is registered, and then when the target bare metal is started from the pre-boot execution environment, the target bare metal is obtained through the bare metal service terminal agent in the preset inspection image And store the hardware information in preset dictionary data, where the hardware information includes the second machine serial number of the target bare metal, and the second machine serial number in the dictionary data The serial number of the machine is compared with the serial number of the first machine in the database, and when the serial number of the second machine is consistent with the serial number of the first machine, the hardware information is updated to the database and the target The location corresponding to the IPMI information. It can be seen that this application first obtains the machine serial number out-of-band based on the target IPMI information obtained during the registration of the target bare metal, and then when the target bare metal is started from the pre-boot execution environment, the machine serial number is obtained by checking the image Obtain in-band, and then compare the machine serial number obtained out-of-band with the machine serial number obtained in-band. If they are the same, the authentication is successful. Use the hardware information of the target bare-metal obtained in-band to update the target bare-metal registration. Because the in-band acquisition of the machine serial number requires a lower matching degree between the bare-metal hardware and the inspection image and the operating system kernel than the in-band acquisition of the BMC address, the success rate of the bare-metal information acquisition is improved, thereby increasing Bare-metal authentication success rate, and the combination of the machine serial number obtained in-band and the machine serial number obtained out-of-band for bare-metal authentication improves reliability.
[0080]SeeFigure 5As shown, this is a schematic structural diagram of an electronic device 20 provided in an embodiment of this application. The electronic device 20 can specifically implement the steps of the bare metal authentication method disclosed in the foregoing embodiments.
[0081]Generally, the electronic device 20 in this embodiment includes a processor 21 and a memory 22.
[0082]The processor 21 may include one or more processing cores, such as a quad-core processor, an eight-core processor, and so on. The processor 21 can be implemented by using at least one of DSP (digital signal processing, digital signal processing), FPGA (field-programmable gate array, field-programmable gate array), and PLA (programmable logic array, programmable logic array). . The processor 21 may also include a main processor and a coprocessor. The main processor is a processor used to process data in an awake state, also called a CPU (central processing unit, central processing unit); the coprocessor is A low-power processor used to process data in the standby state. In some embodiments, the processor 21 may be integrated with a GPU (graphics processing unit, image processor), and the GPU is used for rendering and drawing images that need to be displayed on the display screen. In some embodiments, the processor 31 may include an AI (artificial intelligence) processor, which is used to process computing operations related to machine learning.
[0083]The memory 22 may include one or more computer-readable storage media, and the computer-readable storage media may be non-transitory. The memory 22 may also include high-speed random access memory and non-volatile memory, such as one or more magnetic disk storage devices and flash memory storage devices. In this embodiment, the memory 22 is used to store at least the following computer program 221, where the computer program is loaded and executed by the processor 21 to implement the steps of the bare metal authentication method disclosed in any of the foregoing embodiments.
[0084]In some embodiments, the electronic device 20 may further include a display screen 23, an input/output interface 24, a communication interface 25, a sensor 26, a power supply 27, and a communication bus 28.
[0085]Those skilled in the art can understand,Figure 5The structure shown in does not constitute a limitation on the electronic device 20, and may include more or fewer components than shown.
[0086]Further, an embodiment of the present application also discloses a computer-readable storage medium for storing a computer program, wherein the computer program is executed by a processor to implement the bare metal authentication method disclosed in any of the foregoing embodiments.
[0087]For the specific process of the foregoing bare metal authentication method, reference may be made to the corresponding content disclosed in the foregoing embodiment, and details are not described herein again.
[0088]The various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same or similar parts between the various embodiments can be referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant part can refer to the description of the method part.
[0089]The steps of the method or algorithm described in the embodiments disclosed in this document can be directly implemented by hardware, a software module executed by a processor, or a combination of the two. The software module can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-ROMs, or all areas in the technical field. Any other known storage media.
[0090]Finally, it should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities or operations. There is any such actual relationship or sequence between operations. Moreover, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a series of processes, methods, articles or equipment containing other elements not only include those elements, but also include those that are not explicitly listed. Other elements listed, or also include elements inherent to this process, method, article, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, article, or equipment that includes the element.
[0091]The above provides a detailed introduction to a bare metal authentication method, device, device, and medium provided by this application. Specific examples are used in this article to explain the principles and implementations of this application. The description of the above embodiments is only used to help understanding The method of this application and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of ​​this application, there will be changes in the specific implementation and scope of application. In summary, the content of this specification should not It is understood as a limitation of this application.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products