On Sun, Oct 18, 2020 at 08:52:20PM -0700, Dan Sneddon wrote:
Redfish requires user accounts. Is there a way to stretch this idea into a more general Redfish proxy? Ironic would have to create a temporary user account for Redfish in the BMC, and then provide the tenant an IP:port of a TCP proxy for the tenant to connect to.
We really want to have more control over the actions to which someone who has acquired a piece of hardware has access (so a simple TCP proxy probably isn't what we're after, although I would have to do a little more research into what sort of access limitations we can apply to Redfish users on something like an iDRAC). That said, we're not tied to IPMI if we find that things these days typically have good support for Redfish, and some sort of API proxy for Redfish would be a fine alternative to virtual IPMI instance. -- Lars Kellogg-Stedman <lars@redhat.com> | larsks @ {irc,twitter,github} http://blog.oddbit.com/ | N1LKS