Foreman » Smart Proxy

My organization would like an API method that scans a range of IP addresses and returns a list of IP addresses that respond to IPMI pings. We believe this feature would be useful to begin the onboarding process of many unknown servers, all of which have just IPMI LAN in common.

We also have a segmented network, and a Smart Proxy which reaches into that network can do the scanning.

Since this proposed functionality is closely associated with IPMI, and IPMI is provided by Smart Proxy's "bmc" module, I think it makes sense to have BMC/IPMI scanning as part of the "bmc" module rather than as a separate plugin maybe called "bmcscanner".

Proposed API methods:

• GET /bmc/scan ― Shows available resources /scan/range and /scan/cidr

• GET /bmc/scan/range ― Shows usage on specifying a beginning IP address and an ending IP address for making a scan request

• GET /bmc/scan/cidr ― Shows usage on specifying an IP address and its netmask in dot decimal format or prefixlen format for making a scan request

• GET /bmc/scan/range/:address_first/:address_last ― Performs an IPMI ping scan from :address_first to :address_last and returns the result in key result of a JSON hash

• GET /bmc/scan/cidr/:address/:netmask ― Performs an IPMI ping scan in the CIDR range of :address/:netmask, where :netmask is in decimal format (e.g. "255.255.255.0") or in prefixlen format (e.g. "24")

Proposed classes that would provide the functionality for the proposed API methods:

• Proxy::BMC::BaseScanner ― The interface for IP range scanning

• Proxy::BMC::IPMIScanner ― An IP range scanner for IPMI. Implements Proxy::BMC::BaseScanner. Loosely based on ipmiutil_discover
  This class is used when the bmc_provider or bmc_default_provider is set to "freeipmi" or "ipmitool" because those imply IPMI BMC.

Since a scan would take up UDP sockets (file descriptors) and IP address space is so vast, there should be safeguards to prevent a scan that is too large or too fast. Scanning should also be allowed to be turned off if the administrator does not wish to have the feature available.

Proposed configuration options:

• :bmc_scanner_max_range_size ― The largest number of IP addresses that may be scanned in one request. Set this value to 0 to turn off the scanner. Defaults to 65536, which covers a CIDR prefixlen of /16.

• :bmc_scanner_max_threads_per_request ― The maximum number of IP addresses to scan at the same time, per request. Defaults to 500. Before increasing this number, you should increase the system limit on the maximum number of open files for the Smart Proxy process.

• :bmc_scanner_socket_timeout_seconds ― How many seconds to wait for each scanned IP address to respond before timing out. Defaults to 1.