Audit Framework¶

The DRP audit framework is a set of container workers implementing a batch worker pool that runs audit blueprints on behalf of machines. These blueprints use Redfish to validate hardware state — checking firmware versions, BIOS settings, BMC configuration, and hardware health — and record the results as machine parameters.

Redfish and BIOS Audit Capability¶

DRP's IPMI and Redfish content packs support inventory collection from BMC/BIOS interfaces. The ipmi-inventory and Redfish-based stages collect firmware versions, BIOS settings, and BMC configuration as machine parameters during the discovery or provisioning workflow. This creates a point-in-time audit record of the hardware configuration embedded in the machine's parameter history.

The audit framework schedules these Redfish-based blueprint runs through a batch worker pool, allowing large fleets of machines to be audited concurrently without overwhelming the DRP server. Each worker container connects to the machine's BMC via Redfish, runs the configured audit blueprint, and writes results back as structured machine parameters.

Tracked hardware attributes include:

• Firmware versions for BIOS, BMC, NICs, storage controllers, and drives
• BIOS configuration settings and boot order
• BMC network configuration and user accounts
• Overall hardware health status (fans, power supplies, temperatures)

When combined with the event-router plugin, changes to Redfish-derived parameters (for example, a firmware upgrade changing the recorded BIOS version) generate audit events that can be routed to external systems for change tracking.

To view BIOS/firmware audit history for a machine:

# Show IPMI-related parameter changes for a machine
drpcli extended list audit_entries | jq '[.[] | select(
    .Params["audit_entry/key"] == "<machine-uuid>" and
    (.Params["audit_entry/patch"] | tostring | contains("ipmi"))
)]'