diff --git a/docs/source/guides/admin-guides/references/man1/bmcdiscover.1.rst b/docs/source/guides/admin-guides/references/man1/bmcdiscover.1.rst index dd303e369..7b6c748b1 100644 --- a/docs/source/guides/admin-guides/references/man1/bmcdiscover.1.rst +++ b/docs/source/guides/admin-guides/references/man1/bmcdiscover.1.rst @@ -23,7 +23,7 @@ SYNOPSIS \ **bmcdiscover**\ [\ **-v | -**\ **-version**\ ] -\ **bmcdiscover**\ \ **-**\ **-range**\ \ *ip_ranges*\ [\ **-**\ **-sn**\ \ *SN_nodename*\ ] [\ **-s**\ \ *scan_method*\ ] [\ **-u**\ \ *bmc_user*\ ] [\ **-p**\ \ *bmc_passwd*\ ] [\ **-z**\ ] [\ **-w**\ ] +\ **bmcdiscover**\ \ **-**\ **-range**\ \ *ip_ranges*\ [\ **-**\ **-sn**\ \ *SN_nodename*\ ] [\ **-s**\ \ *scan_method*\ ] [\ **-u**\ \ *bmc_user*\ ] [\ **-p**\ \ *bmc_passwd*\ ] [\ **-n**\ \ *new_bmc_passwd*\ ] [\ **-z**\ ] [\ **-w**\ ] *********** @@ -37,7 +37,7 @@ The command uses \ **nmap**\ to scan active nodes over a specified IP range. T \ **Note:**\ The scan method currently supported is \ **nmap**\ . -\ **Note:**\ Starting on January 1, 2020, some newly shipped systems will require the default BMC password to be changed before they can be managed by xCAT. \ **bmcdiscover**\ will not be able to discover such systems. Run \ */opt/xcat/share/xcat/scripts/BMC_change_password.sh*\ script to change the default password for BMCs in specified range, then rerun \ **bmcdiscover**\ with \ **-p "new bmc password"**\ flag to discover systems with the changed password. +\ **Note:**\ Starting on January 1, 2020, some newly shipped systems will require the default BMC password to be changed before they can be managed by xCAT. Use \ **bmcdiscover**\ with \ **-n**\ option to specify new BMC password. ******* @@ -88,6 +88,12 @@ OPTIONS +\ **-n|-**\ **-newbmcpw**\ + + New BMC user password. + + + \ **-h|-**\ **-help**\ Display usage message @@ -165,6 +171,14 @@ Output is similar to: bmcdiscover -s nmap --range "10.4.22-23.100-254" -w -z +5. Discover the BMC with the specified IP address, change its default BMC password and display in xCAT stanza format: + + +.. code-block:: perl + + bmcdiscover --range "10.4.22-23.100" -u root -p 0penBmc -n 0penBmc123 -z + + ******** SEE ALSO diff --git a/xCAT-client/pods/man1/bmcdiscover.1.pod b/xCAT-client/pods/man1/bmcdiscover.1.pod index 6523a77ab..b28e98a8f 100644 --- a/xCAT-client/pods/man1/bmcdiscover.1.pod +++ b/xCAT-client/pods/man1/bmcdiscover.1.pod @@ -8,7 +8,7 @@ B [B<-?>|B<-h>|B<--help>] B [B<-v>|B<--version>] -B B<--range> I [B<--sn> I] [B<-s> I] [B<-u> I] [B<-p> I] [B<-z>] [B<-w>] +B B<--range> I [B<--sn> I] [B<-s> I] [B<-u> I] [B<-p> I] [B<-n> I] [B<-z>] [B<-w>] =head1 DESCRIPTION @@ -20,7 +20,7 @@ The command uses B to scan active nodes over a specified IP range. The IP B The scan method currently supported is B. -B Starting on January 1, 2020, some newly shipped systems will require the default BMC password to be changed before they can be managed by xCAT. B will not be able to discover such systems. Run I script to change the default password for BMCs in specified range, then rerun B with B<-p "new bmc password"> flag to discover systems with the changed password. +B Starting on January 1, 2020, some newly shipped systems will require the default BMC password to be changed before they can be managed by xCAT. Use B with B<-n> option to specify new BMC password. =head1 OPTIONS @@ -54,6 +54,10 @@ BMC user name. BMC user password. +=item B<-n|--newbmcpw> + +New BMC user password. + =item B<-h|--help> Display usage message @@ -102,6 +106,10 @@ Output is similar to: bmcdiscover -s nmap --range "10.4.22-23.100-254" -w -z +5. Discover the BMC with the specified IP address, change its default BMC password and display in xCAT stanza format: + + bmcdiscover --range "10.4.22-23.100" -u root -p 0penBmc -n 0penBmc123 -z + =head1 SEE ALSO L diff --git a/xCAT-server/lib/xcat/plugins/bmcdiscover.pm b/xCAT-server/lib/xcat/plugins/bmcdiscover.pm index e69b42ad1..090e287c8 100644 --- a/xCAT-server/lib/xcat/plugins/bmcdiscover.pm +++ b/xCAT-server/lib/xcat/plugins/bmcdiscover.pm @@ -49,14 +49,14 @@ my $bmc_pass; my $openbmc_user; my $openbmc_pass; my $done_num = 0; -$::P9_WITHERSPOON_MFG_ID = "42817"; -$::P9_WITHERSPOON_PRODUCT_ID = "16975"; -$::P9_MIHAWK_MFG_ID = "42817"; -$::P9_MIHAWK_PRODUCT_ID = "1"; +$::P9_AC922_MFG_ID = "42817"; #Witherspoon +$::P9_AC922_PRODUCT_ID = "16975"; +$::P9_IC922_MFG_ID = "42817"; #Mihawk +$::P9_IC922_PRODUCT_ID = "1"; $::CHANGE_PW_REQUIRED="The password provided for this account must be changed before access is granted"; $::NO_SESSION="Unable to establish IPMI v2 / RMCP"; -$::CHANGE_PW_INSTRUCTIONS_1="Run script '/opt/xcat/share/xcat/scripts/BMC_change_password.sh' to change default password"; -$::CHANGE_PW_INSTRUCTIONS_2="Rerun 'bmcdiscover' command with '-p new_bmc_password' flag"; +$::CHANGE_PW_INSTRUCTIONS_1="Rerun 'bmcdiscover' command with '-p default_bmc_password -n new_bmc_password' flag"; +$::PW_PAM_VALIDATION="password value failed PAM validation checks"; $::NO_MFG_OR_PRODUCT_ID="Zeros returned for Manufacturer id and Product id"; %::VPDHASH = (); my %node_in_list = (); @@ -203,7 +203,7 @@ sub bmcdiscovery_usage { push @{ $rsp->{data} }, "Usage:"; push @{ $rsp->{data} }, "\tbmcdiscover [-?|-h|--help]"; push @{ $rsp->{data} }, "\tbmcdiscover [-v|--version]"; - push @{ $rsp->{data} }, "\tbmcdiscover --range ip_range [--sn ] [-s ] [-u ] [-p ] [-z] [-w]\n"; + push @{ $rsp->{data} }, "\tbmcdiscover --range ip_range [--sn ] [-s ] [-u ] [-p ] [-n ] [-z] [-w]\n"; xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); return 0; @@ -248,6 +248,7 @@ sub bmcdiscovery_processargs { 'check' => \$::opt_C, 'bmcuser|u=s' => \$::opt_U, 'bmcpasswd|p=s' => \$::opt_P, + 'newbmcpw|n=s' => \$::opt_N, 'ipsource' => \$::opt_S, 'version|v' => \$::opt_v, 't' => \$::opt_T, @@ -749,6 +750,7 @@ sub scan_process { # Set child process default, if not the function runcmd may return error $SIG{CHLD} = 'DEFAULT'; +TRY_TO_DISCOVER: my $bmcusername; my $bmcpassword; $bmcusername = "-U $bmc_user" if ($bmc_user); @@ -767,8 +769,8 @@ sub scan_process { } if ($mc_info =~ /Manufacturer ID\s*:\s*(\d+)\s*Manufacturer Name.+\s*Product ID\s*:\s*(\d+)/) { xCAT::MsgUtils->trace(0, "D", "$log_label Found ${$live_ip}[$i] Manufacturer ID: $1 Product ID: $2"); - if (($1 eq $::P9_WITHERSPOON_MFG_ID and $2 eq $::P9_WITHERSPOON_PRODUCT_ID) or - ($1 eq $::P9_MIHAWK_MFG_ID and $2 eq $::P9_MIHAWK_PRODUCT_ID)) { + if (($1 eq $::P9_AC922_MFG_ID and $2 eq $::P9_AC922_PRODUCT_ID) or + ($1 eq $::P9_IC922_MFG_ID and $2 eq $::P9_IC922_PRODUCT_ID)) { bmcdiscovery_openbmc(${$live_ip}[$i], $opz, $opw, $request_command,$parent_fd,$2); $is_openbmc = 1; $is_ipmi = 0; @@ -781,8 +783,8 @@ sub scan_process { } else { # System replied to mc info but not with either - # $::P9_WITHERSPOON_MFG_ID and $::P9_WITHERSPOON_PRODUCT_ID, or - # $::P9_MIHAWK_MFG_ID and $::P9_MIHAWK_PRODUCT_ID, + # $::P9_AC922_MFG_ID and $::P9_AC922_PRODUCT_ID, or + # $::P9_IC922_MFG_ID and $::P9_IC922_PRODUCT_ID, # assume IPMI $is_openbmc = 0; $is_ipmi = 1; @@ -804,10 +806,32 @@ sub scan_process { my $redfish_session_cmd = "curl -sD - --data '{\"UserName\":\"$openbmc_user\",\"Password\":\"$openbmc_pass\"}' -k -X POST https://${$live_ip}[$i]/redfish/v1/SessionService/Sessions"; my $redfish_session_info = xCAT::Utils->runcmd($redfish_session_cmd, -1); if ($redfish_session_info =~ /$::CHANGE_PW_REQUIRED/) { - # RedFish session replied that password change is needed. Print instructions and exit + # RedFish session replied that password change is needed. xCAT::MsgUtils->message("I", { data => ["${$live_ip}[$i]: $::CHANGE_PW_REQUIRED"] }, $::CALLBACK); - xCAT::MsgUtils->message("I", { data => ["$::CHANGE_PW_INSTRUCTIONS_1"] }, $::CALLBACK); - xCAT::MsgUtils->message("I", { data => ["$::CHANGE_PW_INSTRUCTIONS_2"] }, $::CALLBACK); + if ($::opt_N) { + # New password was passed in, use it to change the default (AC922 or IC922) + my $password_change_cmd = "curl -s -u $openbmc_user:$openbmc_pass --data '{\"Password\":\"$::opt_N\"}' -k -X PATCH https://${$live_ip}[$i]/redfish/v1/AccountService/Accounts/$openbmc_user"; + my $password_changed = xCAT::Utils->runcmd($password_change_cmd, -1); + if (! $password_changed) { + # No output from change password command, assume success + xCAT::MsgUtils->message("I", { data => ["${$live_ip}[$i]: Password changed."] }, $::CALLBACK); + $openbmc_pass = $::opt_N; # Set new password + $bmc_pass = $::opt_N; # Set new password + goto TRY_TO_DISCOVER; # Attempt discover with changed password + } + elsif ($password_changed =~ /$::PW_PAM_VALIDATION/) { + # Output from change password command indicates pw validation error + xCAT::MsgUtils->message("I", { data => ["Can not change password - $::PW_PAM_VALIDATION"] }, $::CALLBACK); + } + else { + # Some unexpected output changing the password - report error and show output + xCAT::MsgUtils->message("I", { data => ["Unable to change password - $password_changed"] }, $::CALLBACK); + } + } + else { + # New password was not passed in, print instruction message and exit + xCAT::MsgUtils->message("I", { data => ["$::CHANGE_PW_INSTRUCTIONS_1"] }, $::CALLBACK); + } } } } @@ -1357,7 +1381,11 @@ sub bmcdiscovery_openbmc{ $node_data .= ",$serial"; if ($::opt_P) { if ($::opt_U) { - $node_data .= ",$::opt_U,$::opt_P"; + if ($::opt_N) { + $node_data .= ",$::opt_U,$::opt_N"; # Display the new changed password + } else { + $node_data .= ",$::opt_U,$::opt_P"; + } } else { $node_data .= ",,$::opt_P"; } diff --git a/xCAT-server/share/xcat/scripts/BMC_change_password.sh b/xCAT-server/share/xcat/scripts/BMC_change_password.sh index 54f01c855..ed9c18cd5 100755 --- a/xCAT-server/share/xcat/scripts/BMC_change_password.sh +++ b/xCAT-server/share/xcat/scripts/BMC_change_password.sh @@ -22,6 +22,9 @@ if [ $# -le 3 ]; then Change the default root or ADMIN password of the BMC to the one specified by '-n' flag. Use the same password when discovering new BMCs, by passing it with '[-p|--bmcpasswd]' option to 'bmcdiscover' command. + +Note: Starting with xCAT 2.16, the changing of default BMC passwords +can also be done with '-n' option for 'bmcdiscover' command. " echo "Usage:" echo " $0 -r -n " @@ -63,8 +66,8 @@ UNAUTHORIZED="Unauthorized" for name in `cat /tmp/$$.ip.list` do - ## Look for Witherspoon first - SYSTEM_TYPE="Witherspoon" + ## Look for OpenBMC (Witherspoon or Mihawk) first + SYSTEM_TYPE="OpenBMC" PasswordChangeNeeded=`curl -sD - --data '{"UserName":"'"$WITHERSPOON_DEFAULT_USER"'","Password":"'"$WITHERSPOON_DEFAULT_PW"'"}' -k -X POST https://$name/redfish/v1/SessionService/Sessions` if [[ "$PasswordChangeNeeded" =~ "$CHANGE_PW_REQUIRED" ]]; then @@ -74,7 +77,7 @@ do echo "$name: Can not change password for $SYSTEM_TYPE system - $PW_PAM_VALIDATION" elif [[ -z "$PasswordChanged" ]]; then # If no output, password change was successful - echo "$name: Password for $SYSTEM_TYPE system changed. It might take up to 5 minutes for the BMC to update." + echo "$name: Password for $SYSTEM_TYPE system changed." else # Some unexpected output changing the password - report error and show output echo "$name: Unable to change password for $SYSTEM_TYPE system - $PasswordChanged" @@ -83,8 +86,8 @@ do continue fi - ## Look for Boston next - SYSTEM_TYPE="Boston" + ## Look for IPMI managed (Boston) next + SYSTEM_TYPE="IPMI" PasswordChangeNeeded=`curl -sD - --data '{"UserName":"'"$BOSTON_DEFAULT_USER"'","Password":"'"$BOSTON_DEFAULT_PW"'"}' -k -X POST https://$name/redfish/v1/SessionService/Sessions` if [[ "$PasswordChangeNeeded" =~ "$CHANGE_PW_REQUIRED" ]]; then echo "$name: Password change needed for $SYSTEM_TYPE system"