MAAS 3.2.6 - How to invoke BMC password inside commissioning script

Hi all,

First post! So excited to be part of this community. MAAS is an amazing product that is changing the way we think about bare metal in awesome ways.

We are designing our commissioning scripts for various hardware platforms using commissioning scripts. Certain in-band actions, on some hardware platforms, require that a BMC username and password is passed to the script.

Since MAAS saves a BMC user/pass for every machine, is it possible to invoke the MAAS-created BMC user and password from within a commissioning script?

We’re trying to find a way to perform these steps that require authentication to the BMC (even when performed in-band via the ephemeral environment) with, ideally, not much external infrastructure such as a secrets management service.

Also, we see that Hashicorp Vault support is coming to MAAS 3.3 but it is unclear if this would allow us to invoke secrets stored in Vault from within commissioning scripts in any way that is different from simply having the Vault tokens saved into a commissioning script and then use them to authenticate with a Vault instance.

Any help would be greatly appreciated, even if it is confirmation that what we’re looking for is not possible :slight_smile:

Thanks, all!

1 Like

HI @tfable, thanks for your post!

Unfortunately it’s not currently possible to access the BMC credentials stored in MAAS from commissioning scripts. MAAS generates them during commissioning to be able to manage power on the node, but they’re specifically meant for MAAS only.

I’m not sure about your exact use case, but what you could perhaps do is add a custom commissioning script that creates a separate BMC user/pass for the nodes, but those secrets would need to be handled and passed outside of MAAs control.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.