mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-07-08 13:55:37 +00:00
Fix the formatting of this file, the indentations were incorrect
This commit is contained in:
Victor Hu
@ -300,222 +300,241 @@ done
|
||||
|
||||
let idev=NUMBMCS-1
|
||||
for bmcu in $BMCUS; do
|
||||
if [ "$bmcu" = "" ]; then continue; fi
|
||||
DISABLEUSERS="1 2 3 4"
|
||||
if [ ! -z "$LOCKEDUSERS" ]; then
|
||||
# Get the User Slots
|
||||
USERSLOT=`ipmitool -d $idev user list $LANCHAN |grep -v ^ID|awk '{print $1 " " $2}'|grep -w "$BMCUS"|awk '{print $1}'`
|
||||
if [ -z "$USERSLOT" ]; then
|
||||
USERSLOT=4
|
||||
if [ "$bmcu" = "" ]; then
|
||||
continue
|
||||
fi
|
||||
DISABLEUSERS="1 2 3 4"
|
||||
if [ ! -z "$LOCKEDUSERS" ]; then
|
||||
# Get the User Slots
|
||||
USERSLOT=`ipmitool -d $idev user list $LANCHAN |grep -v ^ID|awk '{print $1 " " $2}'|grep -w "$BMCUS"|awk '{print $1}'`
|
||||
if [ -z "$USERSLOT" ]; then
|
||||
USERSLOT=4
|
||||
fi
|
||||
else
|
||||
USERSLOT=2
|
||||
fi
|
||||
if [ "$ISITE" = 1 ]; then
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
while ! remoteimmsetup
|
||||
do
|
||||
logger -s -t $log_label -p local4.info "Waiting for xCAT remote configuration of service processor via CMM.."
|
||||
done
|
||||
kill $CREDPID
|
||||
fi
|
||||
else
|
||||
USERSLOT=2
|
||||
fi
|
||||
if [ "$ISITE" = 1 ]; then
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
while ! remoteimmsetup
|
||||
do
|
||||
logger -s -t $log_label -p local4.info "Waiting for xCAT remote configuration of service processor via CMM.."
|
||||
done
|
||||
kill $CREDPID
|
||||
fi
|
||||
|
||||
# Get the specified user
|
||||
CURRENTUSER=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $2}'`
|
||||
DISABLEUSERS=`echo 1 2 3 4|sed -e s/$USERSLOT//`
|
||||
logger -t $log_label -p local4.info "CURRENTUSER is $CURRENTUSER, DISABLEUSERS is $DISABLEUSERS"
|
||||
for user in $DISABLEUSERS; do
|
||||
# Disable the non-specified user
|
||||
while ! ipmitool -d $idev user disable $user; do
|
||||
# Get the specified user
|
||||
CURRENTUSER=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $2}'`
|
||||
DISABLEUSERS=`echo 1 2 3 4|sed -e s/$USERSLOT//`
|
||||
logger -t $log_label -p local4.info "CURRENTUSER=$CURRENTUSER, DISABLEUSERS=$DISABLEUSERS"
|
||||
for user in $DISABLEUSERS; do
|
||||
# Disable the non-specified user
|
||||
while ! ipmitool -d $idev user disable $user; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
TRIES=0
|
||||
done
|
||||
TRIES=0
|
||||
# Enable the specified user
|
||||
while ! ipmitool -d $idev user enable $USERSLOT; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
TRIES=0
|
||||
done
|
||||
TRIES=0
|
||||
# Enable the specified user
|
||||
while ! ipmitool -d $idev user enable $USERSLOT; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
TRIES=0
|
||||
# Last param in ipmitool user priv is the channel to set it on.
|
||||
# Penguin boxes are all channel 2
|
||||
#
|
||||
# Get privilege for the specified user
|
||||
#
|
||||
CURRPRIV=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $6}'`
|
||||
logger -t $log_label -p local4.info "CURRPRIV is $CURRPRIV"
|
||||
if [ "$CURRPRIV" != "ADMINISTRATOR" ]; then
|
||||
# Set the ADMIN privilege for the specified user
|
||||
while ! ipmitool -d $idev user priv $USERSLOT 4 $LANCHAN; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
# Last param in ipmitool user priv is the channel to set it on.
|
||||
# Penguin boxes are all channel 2
|
||||
#
|
||||
# Get privilege for the specified user
|
||||
#
|
||||
CURRPRIV=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $6}'`
|
||||
logger -t $log_label -p local4.info "CURRPRIV=$CURRPRIV"
|
||||
if [ "$CURRPRIV" != "ADMINISTRATOR" ]; then
|
||||
# Set the ADMIN privilege for the specified user
|
||||
while ! ipmitool -d $idev user priv $USERSLOT 4 $LANCHAN; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
fi
|
||||
TRIES=0
|
||||
fi
|
||||
TRIES=0
|
||||
# Enable the channel link for the specified user
|
||||
while ! ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
TRIES=0
|
||||
if [ "$CURRENTUSER" != "$bmcu" ]; then
|
||||
# Change the user name, if necessary
|
||||
while ! ipmitool -d $idev user set name $USERSLOT $bmcu; do
|
||||
# Enable the channel link for the specified user
|
||||
while ! ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
fi
|
||||
let idev=idev-1
|
||||
TRIES=0
|
||||
if [ "$CURRENTUSER" != "$bmcu" ]; then
|
||||
# Change the user name, if necessary
|
||||
while ! ipmitool -d $idev user set name $USERSLOT $bmcu; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
fi
|
||||
let idev=idev-1
|
||||
done
|
||||
|
||||
let idev=NUMBMCS-1
|
||||
for bmcp in $BMCPW; do
|
||||
if [ "$bmcp" = "" ]; then continue; fi
|
||||
TRIES=0
|
||||
# Set the password for the specified user
|
||||
while ! ipmitool -d $idev user set password $USERSLOT $bmcp; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
TRIES=0
|
||||
logger -s -t $log_label -p local4.info "Set up following user table: "
|
||||
# Display the user list
|
||||
ipmitool -d $idev user list $LANCHAN
|
||||
let idev=idev-1
|
||||
TRIES=0
|
||||
# Set the password for the specified user
|
||||
while ! ipmitool -d $idev user set password $USERSLOT $bmcp; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
TRIES=0
|
||||
logger -s -t $log_label -p local4.info "Set up following user table: "
|
||||
# Display the user list
|
||||
ipmitool -d $idev user list $LANCHAN
|
||||
let idev=idev-1
|
||||
done
|
||||
|
||||
let idev=NUMBMCS
|
||||
while [ $idev -gt 0 ]; do
|
||||
let idev=idev-1
|
||||
|
||||
logger -s -t $log_label -p local4.info "Enabling Channel $LANCHAN: "
|
||||
# Set the non-volatile channel access: enable and privilege
|
||||
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x42 0x44 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
TRIES=0
|
||||
# Set the volatile channel access: enable and privilege
|
||||
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x82 0x84 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "ERROR"; else logger -s -t $log_label -p local4.info "OK"; fi
|
||||
TRIES=0
|
||||
|
||||
logger -s -t $log_label -p local4.info "Enabling ARP responses: "
|
||||
# enable the ARP response on the channel
|
||||
while ! ipmitool -d $idev lan set $LANCHAN arp respond on > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
echo -n "."
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "ERROR"; else logger -s -t $log_label -p local4.info "OK"; fi
|
||||
TRIES=0
|
||||
|
||||
logger -s -t $log_label -p local4.info "Enabling IPMI v 1.5 MD5 LAN access:"
|
||||
# Set the auth level to md5 for the channel
|
||||
while ! ipmitool -d $idev lan set $LANCHAN auth admin md5 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "ERROR"; else logger -s -t $log_label -p local4.info "OK"; fi
|
||||
TRIES=0
|
||||
if [ ! "$IPMIVER" == "1.5" ]; then
|
||||
logger -s -t $log_label -p local4.info "Enabling IPMI v 2.0 LAN access: "
|
||||
#the following goals:
|
||||
#disable cipher suite 0 (if present, avoid password bypass)
|
||||
#disable cipher suite 1 (if present, to avoid weaking Kg if used)
|
||||
#enable cipher suite 2 (scenarios without perl Rijndael)
|
||||
#enable cipher suite 3
|
||||
#ignore the rest
|
||||
#
|
||||
# Read the LAN info
|
||||
#
|
||||
ZEROIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '%0$'|sed -e 's/:.*//')
|
||||
ONEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^1$'|sed -e 's/:.*//')
|
||||
TWOIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^2$'|sed -e 's/:.*//')
|
||||
THREEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^3$'|sed -e 's/:.*//')
|
||||
ACCESS=$(ipmitool lan print $LANCHAN|grep 'Cipher Suite Priv Max'|cut -d: -f 2|sed -e 's/ //g' -e 's/\(.\)/\1\n/g'|grep -v '^$')
|
||||
NEWACCESS=""
|
||||
logger -t $log_label -p local4.info "ZEROIDX is $ZEROIDX, ONEIDX is $ONEIDX, TWOIDX is $TWOIDX, THREEIDX is $THREEIDX, ACCESS is $ACCESS"
|
||||
i=1
|
||||
for elem in $ACCESS; do
|
||||
if [ $i = "$ZEROIDX" -o $i = "$ONEIDX" ]; then
|
||||
NEWACCESS="$NEWACCESS"X
|
||||
elif [ $i = "$TWOIDX" -o $i = "$THREEIDX" ]; then
|
||||
#do not *downgrade* from OEM priv
|
||||
if [ "$elem" != "O" ]; then NEWACCESS="$NEWACCESS"a; else NEWACCESS="$NEWACCESS"$elem; fi
|
||||
else
|
||||
NEWACCESS="$NEWACCESS"$elem
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
# Set the cipher_privileges for the channel
|
||||
if ipmitool lan set $LANCHAN cipher_privs $NEWACCESS > /dev/null; then
|
||||
logger -s -t $log_label -p local4.info "OK"
|
||||
else
|
||||
logger -s -t $log_label -p local4.err "ERROR"
|
||||
fi
|
||||
let idev=idev-1
|
||||
|
||||
logger -s -t $log_label -p local4.info "Enabling Channel $LANCHAN: "
|
||||
TRIES=0
|
||||
logger -s -t $log_label -p local4.info "Enabling SOL for channel $LANCHAN:"
|
||||
# Enable the SOL for the channel
|
||||
while ! ipmitool -d $idev raw 0xc 0x21 $LANCHAN 0x1 0x1 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "ERROR"; else logger -s -t $log_label -p local4.info "OK"; fi
|
||||
TRIES=0
|
||||
|
||||
logger -s -t $log_label -p local4.info "Enabling SOL for $BMCUS:"
|
||||
# Enable the SOL for the USER and set the payload 1
|
||||
while ! ipmitool -d $idev raw 6 0x4c $LANCHAN $USERSLOT 2 0 0 0 > /dev/null; do
|
||||
# Set the non-volatile channel access: enable and privilege
|
||||
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x42 0x44 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
|
||||
TRIES=0
|
||||
# Set the volatile channel access: enable and privilege
|
||||
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x82 0x84 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then
|
||||
logger -s -t $log_label -p local4.err "ERROR Tried $TIMEOUT times, could not enable SOL for $BMCUS"
|
||||
logger -s -t $log_label -p local4.err "ERROR - Setting the volatile channel access."
|
||||
else
|
||||
logger -s -t $log_label -p local4.info "OK"
|
||||
fi
|
||||
|
||||
logger -s -t $log_label -p local4.info "Enabling ARP responses: "
|
||||
TRIES=0
|
||||
# enable the ARP response on the channel
|
||||
while ! ipmitool -d $idev lan set $LANCHAN arp respond on > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
echo -n .
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then
|
||||
logger -s -t $log_label -p local4.err "ERROR - Enabling ARP Responses."
|
||||
else
|
||||
logger -s -t $log_label -p local4.info "OK"
|
||||
fi
|
||||
|
||||
logger -s -t $log_label -p local4.info "Enabling IPMI v 1.5 MD5 LAN access:"
|
||||
TRIES=0
|
||||
# Set the auth level to md5 for the channel
|
||||
while ! ipmitool -d $idev lan set $LANCHAN auth admin md5 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then
|
||||
logger -s -t $log_label -p local4.err "ERROR - Enabling MD5 for the channel."
|
||||
else
|
||||
logger -s -t $log_label -p local4.info "Enabling SOL for $BMCUS: OK"
|
||||
logger -s -t $log_label -p local4.info "OK"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cold reset the BMC
|
||||
cold_reset_bmc ${XPROD}
|
||||
if [ ! "$IPMIVER" == "1.5" ]; then
|
||||
logger -s -t $log_label -p local4.info "Enabling IPMI v 2.0 LAN access: "
|
||||
# the following goals:
|
||||
# - disable cipher suite 0 (if present, avoid password bypass)
|
||||
# - disable cipher suite 1 (if present, to avoid weaking Kg if used)
|
||||
# - enable cipher suite 2 (scenarios without perl Rijndael)
|
||||
# - enable cipher suite 3
|
||||
# - ignore the rest
|
||||
#
|
||||
# Read the LAN info
|
||||
#
|
||||
ZEROIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '%0$'|sed -e 's/:.*//')
|
||||
ONEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^1$'|sed -e 's/:.*//')
|
||||
TWOIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^2$'|sed -e 's/:.*//')
|
||||
THREEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^3$'|sed -e 's/:.*//')
|
||||
ACCESS=$(ipmitool lan print $LANCHAN|grep 'Cipher Suite Priv Max'|cut -d: -f 2|sed -e 's/ //g' -e 's/\(.\)/\1\n/g'|grep -v '^$')
|
||||
logger -t $log_label -p local4.info "ZEROIDX is $ZEROIDX, ONEIDX is $ONEIDX, TWOIDX is $TWOIDX, THREEIDX is $THREEIDX, ACCESS is $ACCESS"
|
||||
NEWACCESS=""
|
||||
i=1
|
||||
for elem in $ACCESS; do
|
||||
if [ $i = "$ZEROIDX" -o $i = "$ONEIDX" ]; then
|
||||
NEWACCESS="$NEWACCESS"X
|
||||
elif [ $i = "$TWOIDX" -o $i = "$THREEIDX" ]; then
|
||||
#do not *downgrade* from OEM priv
|
||||
if [ "$elem" != "O" ]; then NEWACCESS="$NEWACCESS"a; else NEWACCESS="$NEWACCESS"$elem; fi
|
||||
else
|
||||
NEWACCESS="$NEWACCESS"$elem
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
# Set the cipher_privileges for the channel
|
||||
if ipmitool lan set $LANCHAN cipher_privs $NEWACCESS > /dev/null; then
|
||||
logger -s -t $log_label -p local4.info "OK"
|
||||
else
|
||||
logger -s -t $log_label -p local4.info "ERROR - Setting cipher privileges for the channel."
|
||||
fi
|
||||
|
||||
# update the node status to 'bmcready'
|
||||
for parm in `cat /proc/cmdline`; do
|
||||
key=`echo $parm|awk -F= '{print $1}'`
|
||||
if [ "$key" = "xcatd" ]; then
|
||||
XCATMASTER=`echo $parm|awk -F= '{print $2}'|awk -F: '{print $1}'`
|
||||
logger -s -t $log_label -p local4.info "Enabling SOL for channel $LANCHAN:"
|
||||
TRIES=0
|
||||
# Enable the SOL for the channel
|
||||
while ! ipmitool -d $idev raw 0xc 0x21 $LANCHAN 0x1 0x1 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then
|
||||
logger -s -t $log_label -p local4.info "ERROR - Enabling SOL for the channel: $LANCHAN"
|
||||
else
|
||||
logger -s -t $log_label -p local4.info "OK"
|
||||
fi
|
||||
|
||||
TRIES=0
|
||||
logger -s -t $log_label -p local4.info "Enabling SOL for $BMCUS:"
|
||||
# Enable the SOL for the USER and set the payload 1
|
||||
while ! ipmitool -d $idev raw 6 0x4c $LANCHAN $USERSLOT 2 0 0 0 > /dev/null; do
|
||||
sleep 1
|
||||
let TRIES=TRIES+1
|
||||
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
||||
done
|
||||
if [ $TRIES -gt $TIMEOUT ]; then
|
||||
logger -s -t $log_label -p local4.info "ERROR - Enabling SOL for BMC User: $BMCUS"
|
||||
else
|
||||
echo "OK"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ ! -z "$XCATMASTER" ]; then
|
||||
updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
|
||||
fi
|
||||
|
||||
logger -s -t $log_label -p local4.info "Lighting Identify Light"
|
||||
while :
|
||||
# Identify the server by turning on the LED light
|
||||
do ipmitool -d $idev raw 0 4 10 > /dev/null
|
||||
sleep 7
|
||||
done &
|
||||
# Cold reset the BMC
|
||||
cold_reset_bmc ${XPROD}
|
||||
|
||||
# update the node status to 'bmcready'
|
||||
for parm in `cat /proc/cmdline`; do
|
||||
key=`echo $parm|awk -F= '{print $1}'`
|
||||
if [ "$key" = "xcatd" ]; then
|
||||
XCATMASTER=`echo $parm|awk -F= '{print $2}'|awk -F: '{print $1}'`
|
||||
fi
|
||||
done
|
||||
if [ ! -z "$XCATMASTER" ]; then
|
||||
updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
|
||||
fi
|
||||
|
||||
logger -s -t $log_label -p local4.info "Lighting Identify Light"
|
||||
while :
|
||||
# Identify the server by turning on the LED light
|
||||
do ipmitool -d $idev raw 0 4 10 > /dev/null
|
||||
sleep 7
|
||||
done &
|
||||
done
|
||||
|
||||
|
||||
Reference in New Issue
Block a user