Scan pdus#107
Conversation
…dfish Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
|
A couple of notes:
magellan scan --include=bmcs,pdus --subnet 172.16.0.0/24 --insecure
# ...or...
magellan scan --bmcs --pdus --subnet 172.16.0.0/24 --insecure
# write JSON to standard output like mentioned in PR
magellan scan --subnet 172.16.0.0/24 -F json
# write JSON to file specified with `-o`
magellan scan --subnet 172.16.0.0/24 -F json -o assets.jsonThe |
|
Thanks for the comments.
|
Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
|
Alright, implemented that first part basing off what is done in the collect command: And then writing to a file like this also works: ./magellan-linux scan --subnet 10.254.1.0/17 --insecure -F json -o assets.json And then the includes: Probably good for me to look at this again on Monday when we get back, since I put this together last minute before a long weekend, I wouldn't be surprised if it isn't perfect... |
|
I think it's looking good so far. Is it mandatory to specify |
|
Whoops, sorry, missed this comment. Yeah, I don't think you need to put that, I just ran again and confirmed, I was just showing that in the example. Edit: here is some output showing it's working without that "" I had |
| } | ||
| switch format { | ||
| case "json", "yaml": | ||
| if len(foundAssets) == 0 { |
There was a problem hiding this comment.
This can be moved outside above of the switch statement to check for all cases.
| if len(foundAssets) > 0 && debug { | ||
| log.Info().Any("assets", foundAssets).Msgf("found assets from scan") | ||
| } |
There was a problem hiding this comment.
This can be removed if we moved the check above the switch.
davidallendj
left a comment
There was a problem hiding this comment.
One small change to move the found assets check.
Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
| // make the cache directory path if needed | ||
| err := os.MkdirAll(path.Dir(cachePath), 0755) | ||
| if len(foundAssets) == 0 { | ||
| log.Info().Msg("Scan complete. No responsive assets were found.") |
There was a problem hiding this comment.
Can you change this to a log.Warn() instead? That way it's not included whenever I redo the logging to use a --log-level flag.
davidallendj
left a comment
There was a problem hiding this comment.
The scan isn't working for me. For some reason, it's not returning anything.
[allend@re-head magellan-testing]$ ./magellan scan --subnet 172.16.0.0/24
{"level":"info","time":"2025-07-08T12:57:43-06:00","message":"Scan complete. No responsive assets were found."}
[allend@re-head magellan-testing]$ ./magellan list
{"level":"error","error":"no file found","time":"2025-07-08T12:59:22-06:00","message":"failed to get scanned assets"}
Hosts
[allend@re-head magellan-testing]$ cat /etc/hosts
...
# Compute node BMCs
172.16.0.101 bmc-nid001 bmc-re001
172.16.0.102 bmc-nid002 bmc-re002
172.16.0.103 bmc-nid003 bmc-re003
172.16.0.104 bmc-nid004 bmc-re004
172.16.0.105 bmc-nid005 bmc-re005
172.16.0.199 bmc-nid099 bmc-re099It is working for the current main though.
[allend@re-head magellan]$ ./magellan scan --subnet 172.16.0.0/24
[allend@re-head magellan]$ ./magellan list
https://172.16.0.101:443 (tcp) @Tue Jul 8 12:59:57 -0600 2025
https://172.16.0.102:443 (tcp) @Tue Jul 8 12:59:57 -0600 2025
https://172.16.0.103:443 (tcp) @Tue Jul 8 12:59:57 -0600 2025
https://172.16.0.104:443 (tcp) @Tue Jul 8 12:59:57 -0600 2025
https://172.16.0.105:443 (tcp) @Tue Jul 8 12:59:57 -0600 2025
https://172.16.0.199:443 (tcp) @Tue Jul 8 12:59:57 -0600 2025|
Interesting... looking into it. |
|
Can you try it again? I think the issue was the addition of the tls validation: but I switched the default to retain the old behavior. Edit: in other words, I think if you used the |
Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
Signed-off-by: Ben McDonald <ben.mcdonald@hpe.com>
|
Just tried again, and it looks like that fixed it. ./magellan scan --subnet 172.16.0.0/24
[allend@re-head magellan-testing]$ ./magellan list
https://172.16.0.101:443 (tcp) @Thu Jul 10 11:14:49 -0600 2025
https://172.16.0.102:443 (tcp) @Thu Jul 10 11:14:49 -0600 2025
https://172.16.0.103:443 (tcp) @Thu Jul 10 11:14:49 -0600 2025
https://172.16.0.104:443 (tcp) @Thu Jul 10 11:14:49 -0600 2025
https://172.16.0.105:443 (tcp) @Thu Jul 10 11:14:49 -0600 2025
https://172.16.0.199:443 (tcp) @Thu Jul 10 11:14:49 -0600 2025
[allend@re-head magellan-testing]$ ./magellan scan --subnet 172.16.0.0/24 -F json
[
{
"host": "https://172.16.0.199",
"port": 443,
"protocol": "tcp",
"state": true,
"timestamp": "2025-07-10T11:16:20.827313696-06:00",
"service_type": "Redfish"
},
{
"host": "https://172.16.0.105",
"port": 443,
"protocol": "tcp",
"state": true,
"timestamp": "2025-07-10T11:16:20.827320306-06:00",
"service_type": "Redfish"
},
{
"host": "https://172.16.0.101",
"port": 443,
"protocol": "tcp",
"state": true,
"timestamp": "2025-07-10T11:16:20.827185044-06:00",
"service_type": "Redfish"
},
{
"host": "https://172.16.0.102",
"port": 443,
"protocol": "tcp",
"state": true,
"timestamp": "2025-07-10T11:16:20.827215305-06:00",
"service_type": "Redfish"
},
{
"host": "https://172.16.0.103",
"port": 443,
"protocol": "tcp",
"state": true,
"timestamp": "2025-07-10T11:16:20.827247775-06:00",
"service_type": "Redfish"
},
{
"host": "https://172.16.0.104",
"port": 443,
"protocol": "tcp",
"state": true,
"timestamp": "2025-07-10T11:16:20.827281146-06:00",
"service_type": "Redfish"
}
]Looks like it's working like expected so I'll go ahead and approve. |
This PR adds support for scanning JAWS endpoints to the scan command. This allows the tool to discover both Redfish-based BMCs and JAWS-based PDUs in a single run. To help with development against test hardware, I also included the
--insecureflag to handle self-signed certs.While I was testing this internally, I ran into a couple of weird issues with the scanner that I've also fixed here. The first thing I noticed was that the scan would sometimes stop unexpectedly and not finish if it hit a machine that was offline (which was happening on this machine because of an upgrade happening at the same time). It turns out a single connection error was killing the entire worker thread. I changed it so it just logs the error and continues on with the rest of its list.
I also saw that things would slow down when running a lot of scans and I think this is because we weren't always closing the HTTP connections, especially on responses that weren't a 200 OK. This was causing a resource leak. I added a fix to make sure we always close the connection body no matter what the response is, which I think solves this problem.
Here is the way that I was testing this: