feat: added score to enable snmp_server on brocade switch and a working example

brocade/src/fast_iron.rs

@@ -1,7 +1,8 @@
 use super::BrocadeClient;
 use crate::{
     BrocadeInfo, Error, ExecutionMode, InterSwitchLink, InterfaceInfo, MacAddressEntry,
-    PortChannelId, PortOperatingMode, parse_brocade_mac_address, shell::BrocadeShell,
+    PortChannelId, PortOperatingMode, SecurityLevel, parse_brocade_mac_address,
+    shell::BrocadeShell,
 };
 
 use async_trait::async_trait;
@@ -209,4 +210,20 @@ impl BrocadeClient for FastIronClient {
         info!("[Brocade] Port-channel '{channel_name}' cleared.");
         Ok(())
     }
+
+    async fn enable_snmp(&self, user_name: &str, auth: &str, des: &str) -> Result<(), Error> {
+        let commands = vec![
+            "configure terminal".into(),
+            "snmp-server view ALL 1 included".into(),
+            "snmp-server group public v3 priv read ALL".into(),
+            format!(
+                "snmp-server user {user_name} groupname public auth md5 auth-password {auth} priv des priv-password {des}"
+            ),
+            "exit".into(),
+        ];
+        self.shell
+            .run_commands(commands, ExecutionMode::Regular)
+            .await?;
+        Ok(())
+    }
 }

brocade/src/lib.rs

@@ -237,6 +237,15 @@ pub trait BrocadeClient: std::fmt::Debug {
         ports: &[PortLocation],
     ) -> Result<(), Error>;
 
+    /// Enables Simple Network Management Protocol (SNMP) server for switch
+    ///
+    /// # Parameters
+    ///
+    ///  * `user_name`: The user name for the snmp server
+    ///  * `auth`: The password for authentication process for verifying the identity of a device
+    ///  * `des`: The Data Encryption Standard algorithm key
+    async fn enable_snmp(&self, user_name: &str, auth: &str, des: &str) -> Result<(), Error>;
+
     /// Removes all configuration associated with the specified Port-Channel name.
     ///
     /// This operation should be idempotent; attempting to clear a non-existent
@@ -300,6 +309,11 @@ fn parse_brocade_mac_address(value: &str) -> Result<MacAddress, String> {
     Ok(MacAddress(bytes))
 }
 
+#[derive(Debug)]
+pub enum SecurityLevel {
+    AuthPriv(String),
+}
+
 #[derive(Debug)]
 pub enum Error {
     NetworkError(String),

brocade/src/network_operating_system.rs

@@ -8,7 +8,7 @@ use regex::Regex;
 use crate::{
     BrocadeClient, BrocadeInfo, Error, ExecutionMode, InterSwitchLink, InterfaceInfo,
     InterfaceStatus, InterfaceType, MacAddressEntry, PortChannelId, PortOperatingMode,
-    parse_brocade_mac_address, shell::BrocadeShell,
+    SecurityLevel, parse_brocade_mac_address, shell::BrocadeShell,
 };
 
 #[derive(Debug)]
@@ -330,4 +330,20 @@ impl BrocadeClient for NetworkOperatingSystemClient {
         info!("[Brocade] Port-channel '{channel_name}' cleared.");
         Ok(())
     }
+
+    async fn enable_snmp(&self, user_name: &str, auth: &str, des: &str) -> Result<(), Error> {
+        let commands = vec![
+            "configure terminal".into(),
+            "snmp-server view ALL 1 included".into(),
+            "snmp-server group public v3 priv read ALL".into(),
+            format!(
+                "snmp-server user {user_name} groupname public auth md5 auth-password {auth} priv des priv-password {des}"
+            ),
+            "exit".into(),
+        ];
+        self.shell
+            .run_commands(commands, ExecutionMode::Regular)
+            .await?;
+        Ok(())
+    }
 }

examples/brocade_snmp_server/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "brocade-snmp-server"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+harmony = { path = "../../harmony" }
+brocade = { path = "../../brocade" }
+harmony_secret = { path = "../../harmony_secret" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+harmony_macros = { path = "../../harmony_macros" }
+tokio = { workspace = true }
+log = { workspace = true }
+env_logger = { workspace = true }
+url = { workspace = true }
+base64.workspace = true
+serde.workspace = true

examples/brocade_snmp_server/src/main.rs

@@ -0,0 +1,22 @@
+use std::net::{IpAddr, Ipv4Addr};
+
+use harmony::{
+    inventory::Inventory, modules::brocade::BrocadeEnableSnmpScore, topology::K8sAnywhereTopology,
+};
+
+#[tokio::main]
+async fn main() {
+    let brocade_snmp_server = BrocadeEnableSnmpScore {
+        server_ips: vec![IpAddr::V4(Ipv4Addr::new(192, 168, 1, 111))],
+        dry_run: true,
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(brocade_snmp_server)],
+        None,
+    )
+    .await
+    .unwrap();
+}

harmony/src/infra/brocade.rs

@@ -121,7 +121,7 @@ mod tests {
     use async_trait::async_trait;
     use brocade::{
         BrocadeClient, BrocadeInfo, Error, InterSwitchLink, InterfaceInfo, InterfaceStatus,
-        InterfaceType, MacAddressEntry, PortChannelId, PortOperatingMode,
+        InterfaceType, MacAddressEntry, PortChannelId, PortOperatingMode, SecurityLevel,
     };
     use harmony_types::switch::PortLocation;
 
@@ -279,6 +279,10 @@ mod tests {
         async fn clear_port_channel(&self, _channel_name: &str) -> Result<(), Error> {
             todo!()
         }
+
+        async fn enable_snmp(&self, user_name: &str, auth: &str, des: &str) -> Result<(), Error> {
+            todo!()
+        }
     }
 
     impl FakeBrocadeClient {

harmony/src/infra/network_manager.rs

@@ -135,6 +135,8 @@ impl OpenShiftNmStateNetworkManager {
                 description: Some(format!("Member of bond {bond_name}")),
                 r#type: nmstate::InterfaceType::Ethernet,
                 state: "up".to_string(),
+                mtu: Some(switch_port.interface.mtu),
+                mac_address: Some(switch_port.interface.mac_address.to_string()),
                 ipv4: Some(nmstate::IpStackSpec {
                     enabled: Some(false),
                     ..Default::default()
@@ -160,7 +162,7 @@ impl OpenShiftNmStateNetworkManager {
 
         interfaces.push(nmstate::Interface {
             name: bond_name.to_string(),
-            description: Some(format!("HARMONY - Network bond for host {host}")),
+            description: Some(format!("Network bond for host {host}")),
             r#type: nmstate::InterfaceType::Bond,
             state: "up".to_string(),
             copy_mac_from,

harmony/src/modules/brocade.rs

@@ -0,0 +1,117 @@
+use std::net::{IpAddr, Ipv4Addr};
+
+use async_trait::async_trait;
+use brocade::BrocadeOptions;
+use harmony_secret::{Secret, SecretManager};
+use harmony_types::id::Id;
+use serde::{Deserialize, Serialize};
+
+use crate::{
+    data::Version,
+    interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
+    inventory::Inventory,
+    score::Score,
+    topology::Topology,
+};
+
+#[derive(Debug, Clone, Serialize)]
+pub struct BrocadeEnableSnmpScore {
+    pub server_ips: Vec<IpAddr>,
+    pub dry_run: bool,
+}
+
+impl<T: Topology> Score<T> for BrocadeEnableSnmpScore {
+    fn name(&self) -> String {
+        "BrocadeEnableSnmpScore".to_string()
+    }
+
+    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
+        Box::new(BrocadeEnableSnmpInterpret {
+            score: self.clone(),
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize)]
+pub struct BrocadeEnableSnmpInterpret {
+    score: BrocadeEnableSnmpScore,
+}
+
+#[derive(Secret, Clone, Debug, Serialize, Deserialize)]
+struct BrocadeSwitchAuth {
+    username: String,
+    password: String,
+}
+
+#[derive(Secret, Clone, Debug, Serialize, Deserialize)]
+struct BrocadeSnmpAuth {
+    username: String,
+    auth_password: String,
+    des_password: String,
+}
+
+#[async_trait]
+impl<T: Topology> Interpret<T> for BrocadeEnableSnmpInterpret {
+    async fn execute(
+        &self,
+        _inventory: &Inventory,
+        _topology: &T,
+    ) -> Result<Outcome, InterpretError> {
+        let switch_addresses = &self.score.server_ips;
+
+        let snmp_auth = SecretManager::get_or_prompt::<BrocadeSnmpAuth>()
+            .await
+            .unwrap();
+
+        let config = SecretManager::get_or_prompt::<BrocadeSwitchAuth>()
+            .await
+            .unwrap();
+
+        let brocade = brocade::init(
+            &switch_addresses,
+            22,
+            &config.username,
+            &config.password,
+            Some(BrocadeOptions {
+                dry_run: self.score.dry_run,
+                ..Default::default()
+            }),
+        )
+        .await
+        .expect("Brocade client failed to connect");
+
+        brocade
+            .enable_snmp(
+                &snmp_auth.username,
+                &snmp_auth.auth_password,
+                &snmp_auth.des_password,
+            )
+            .await
+            .map_err(|e| InterpretError::new(e.to_string()))?;
+
+        Ok(Outcome::success(format!(
+            "Activated snmp server for Brocade at {}",
+            switch_addresses
+                .iter()
+                .map(|s| s.to_string())
+                .collect::<Vec<_>>()
+                .join(", ")
+        )))
+    }
+
+    fn get_name(&self) -> InterpretName {
+        InterpretName::Custom("BrocadeEnableSnmpInterpret")
+    }
+
+    fn get_version(&self) -> Version {
+        todo!()
+    }
+
+    fn get_status(&self) -> InterpretStatus {
+        todo!()
+    }
+
+    fn get_children(&self) -> Vec<Id> {
+        todo!()
+    }
+}

harmony/src/modules/mod.rs

@@ -1,4 +1,5 @@
 pub mod application;
+pub mod brocade;
 pub mod cert_manager;
 pub mod dhcp;
 pub mod dns;

harmony/src/modules/okd/bootstrap_04_workers.rs

@@ -1,21 +1,15 @@
 use async_trait::async_trait;
 use derive_new::new;
 use harmony_types::id::Id;
-use log::{debug, info};
+use log::info;
 use serde::Serialize;
 
 use crate::{
     data::Version,
-    hardware::PhysicalHost,
-    infra::inventory::InventoryRepositoryFactory,
     interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
-    inventory::{HostRole, Inventory},
-    modules::{
-        dhcp::DhcpHostBindingScore, http::IPxeMacBootFileScore,
-        inventory::DiscoverHostForRoleScore, okd::templates::BootstrapIpxeTpl,
-    },
+    inventory::Inventory,
     score::Score,
-    topology::{HAClusterTopology, HostBinding},
+    topology::HAClusterTopology,
 };
 
 // -------------------------------------------------------------------------------------------------
@@ -58,159 +52,6 @@ impl OKDSetup04WorkersInterpret {
         info!("[Workers] Rendering per-MAC PXE for workers and rebooting");
         Ok(())
     }
-
-    /// Ensures that three physical hosts are discovered and available for the ControlPlane role.
-    /// It will trigger discovery if not enough hosts are found.
-    async fn get_nodes(
-        &self,
-        inventory: &Inventory,
-        topology: &HAClusterTopology,
-    ) -> Result<Vec<PhysicalHost>, InterpretError> {
-        const REQUIRED_HOSTS: usize = 2;
-        let repo = InventoryRepositoryFactory::build().await?;
-        let mut control_plane_hosts = repo.get_host_for_role(&HostRole::Worker).await?;
-
-        while control_plane_hosts.len() < REQUIRED_HOSTS {
-            info!(
-                "Discovery of {} control plane hosts in progress, current number {}",
-                REQUIRED_HOSTS,
-                control_plane_hosts.len()
-            );
-            // This score triggers the discovery agent for a specific role.
-            DiscoverHostForRoleScore {
-                role: HostRole::Worker,
-            }
-            .interpret(inventory, topology)
-            .await?;
-            control_plane_hosts = repo.get_host_for_role(&HostRole::Worker).await?;
-        }
-
-        if control_plane_hosts.len() < REQUIRED_HOSTS {
-            Err(InterpretError::new(format!(
-                "OKD Requires at least {} control plane hosts, but only found {}. Cannot proceed.",
-                REQUIRED_HOSTS,
-                control_plane_hosts.len()
-            )))
-        } else {
-            // Take exactly the number of required hosts to ensure consistency.
-            Ok(control_plane_hosts
-                .into_iter()
-                .take(REQUIRED_HOSTS)
-                .collect())
-        }
-    }
-
-    /// Configures DHCP host bindings for all control plane nodes.
-    async fn configure_host_binding(
-        &self,
-        inventory: &Inventory,
-        topology: &HAClusterTopology,
-        nodes: &Vec<PhysicalHost>,
-    ) -> Result<(), InterpretError> {
-        info!("[Worker] Configuring host bindings for worker nodes.");
-
-        // Ensure the topology definition matches the number of physical nodes found.
-        if topology.control_plane.len() != nodes.len() {
-            return Err(InterpretError::new(format!(
-                "Mismatch between logical control plane hosts defined in topology ({}) and physical nodes found ({}).",
-                topology.control_plane.len(),
-                nodes.len()
-            )));
-        }
-
-        // Create a binding for each physical host to its corresponding logical host.
-        let bindings: Vec<HostBinding> = topology
-            .control_plane
-            .iter()
-            .zip(nodes.iter())
-            .map(|(logical_host, physical_host)| {
-                info!(
-                    "Creating binding: Logical Host '{}' -> Physical Host ID '{}'",
-                    logical_host.name, physical_host.id
-                );
-                HostBinding {
-                    logical_host: logical_host.clone(),
-                    physical_host: physical_host.clone(),
-                }
-            })
-            .collect();
-
-        DhcpHostBindingScore {
-            host_binding: bindings,
-            domain: Some(topology.domain_name.clone()),
-        }
-        .interpret(inventory, topology)
-        .await?;
-
-        Ok(())
-    }
-
-    /// Renders and deploys a per-MAC iPXE boot file for each control plane node.
-    async fn configure_ipxe(
-        &self,
-        inventory: &Inventory,
-        topology: &HAClusterTopology,
-        nodes: &Vec<PhysicalHost>,
-    ) -> Result<(), InterpretError> {
-        info!("[Worker] Rendering per-MAC iPXE configurations.");
-
-        // The iPXE script content is the same for all control plane nodes,
-        // pointing to the 'master.ign' ignition file.
-        let content = BootstrapIpxeTpl {
-            http_ip: &topology.http_server.get_ip().to_string(),
-            scos_path: "scos",
-            ignition_http_path: "okd_ignition_files",
-            installation_device: "/dev/sda", // This might need to be configurable per-host in the future
-            ignition_file_name: "worker.ign", // Worker nodes use the worker ignition file
-        }
-        .to_string();
-
-        debug!("[Worker] iPXE content template:\n{content}");
-
-        // Create and apply an iPXE boot file for each node.
-        for node in nodes {
-            let mac_address = node.get_mac_address();
-            if mac_address.is_empty() {
-                return Err(InterpretError::new(format!(
-                    "Physical host with ID '{}' has no MAC addresses defined.",
-                    node.id
-                )));
-            }
-            info!(
-                "[Worker] Applying iPXE config for node ID '{}' with MACs: {:?}",
-                node.id, mac_address
-            );
-
-            IPxeMacBootFileScore {
-                mac_address,
-                content: content.clone(),
-            }
-            .interpret(inventory, topology)
-            .await?;
-        }
-
-        Ok(())
-    }
-
-    /// Prompts the user to reboot the target control plane nodes.
-    async fn reboot_targets(&self, nodes: &Vec<PhysicalHost>) -> Result<(), InterpretError> {
-        let node_ids: Vec<String> = nodes.iter().map(|n| n.id.to_string()).collect();
-        info!("[Worker] Requesting reboot for control plane nodes: {node_ids:?}",);
-
-        let confirmation = inquire::Confirm::new(
-                &format!("Please reboot the {} worker nodes ({}) to apply their PXE configuration. Press enter when ready.", nodes.len(), node_ids.join(", ")),
-        )
-        .prompt()
-        .map_err(|e| InterpretError::new(format!("User prompt failed: {e}")))?;
-
-        if !confirmation {
-            return Err(InterpretError::new(
-                "User aborted the operation.".to_string(),
-            ));
-        }
-
-        Ok(())
-    }
 }
 
 #[async_trait]
@@ -233,23 +74,10 @@ impl Interpret<HAClusterTopology> for OKDSetup04WorkersInterpret {
 
     async fn execute(
         &self,
-        inventory: &Inventory,
-        topology: &HAClusterTopology,
+        _inventory: &Inventory,
+        _topology: &HAClusterTopology,
     ) -> Result<Outcome, InterpretError> {
         self.render_and_reboot().await?;
-        // 1. Ensure we have 2 physical hosts for the worker nodes.
-        let nodes = self.get_nodes(inventory, topology).await?;
-
-        // 2. Create DHCP reservations for the worker nodes.
-        self.configure_host_binding(inventory, topology, &nodes)
-            .await?;
-
-        // 3. Create iPXE files for each worker node to boot from the worker ignition.
-        self.configure_ipxe(inventory, topology, &nodes).await?;
-
-        // 4. Reboot the nodes to start the OS installation.
-        self.reboot_targets(&nodes).await?;
-
         Ok(Outcome::success("Workers provisioned".into()))
     }
 }

harmony/src/modules/okd/crd/nmstate.rs

@@ -417,7 +417,6 @@ pub struct EthernetSpec {
 #[serde(rename_all = "kebab-case")]
 pub struct BondSpec {
     pub mode: String,
-    #[serde(alias = "port")]
     pub ports: Vec<String>,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub options: Option<BTreeMap<String, Value>>,

harmony_types/src/net.rs

@@ -1,6 +1,6 @@
 use serde::{Deserialize, Serialize};
 
-#[derive(Copy, Clone, PartialEq, Eq, Hash, Serialize, Deserialize, PartialOrd, Ord)]
+#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize, PartialOrd, Ord)]
 pub struct MacAddress(pub [u8; 6]);
 
 impl MacAddress {
@@ -19,14 +19,6 @@ impl From<&MacAddress> for String {
     }
 }
 
-impl std::fmt::Debug for MacAddress {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.debug_tuple("MacAddress")
-            .field(&String::from(self))
-            .finish()
-    }
-}
-
 impl std::fmt::Display for MacAddress {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.write_str(&String::from(self))