# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
# Lenovo (c) 2016
#
# Raw commands to set BMCs to defaults
#   dx320
#     0x2e 0x10 0x4d 0x4f 0x00 0xff
#
#   dx340
#     0x30 0x13 0xff 0x00 0x00 0x00
#
#   dx360/x3450
#     0x30 0x02 0x43 0x4c 0x52 0xaa
#     0x08 0x00 0x49 0x4e 0x54 0x45 0x4c
#     0x08 0x04
#
log_label="xcat.genesis.bmcsetup"

TIMEOUT=15

#
# Function: cold_reset_bmc
#
# Cold reset the BMC for certain servers
#    Product ID: 309                          - x3755 M4 (8722)
#    Product ID: 43707 and Manufacturer ID: 0 - IBM Power S822LC and S812LC
#
# Otherwise the BMC will not respond to ping after running the ipmitool commands in this script
# It is found that Dell PowerEdge M605 server have the same product ID '43707', but its 'Manufacturer ID' is '674'
function cold_reset_bmc() {
    if [ -z $XPROD ]; then
        logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}"
        rm -f /tmp/ipmicfg.xml
        exit 1
    fi
    if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then
        return
    fi
    if [ "$XPROD" = "309" -o "$XPROD" = "43707" ] ; then
        if [ "$XPROD" = "43707" ]; then
            # OpenPOWER SPECIFIC, the OpenPOWER machines with AMI BMC should NOT need a
            # reset after applying ipmitool commands.  However, it seems there is a problem with
            # the BMC where after 15 seconds, it stops responding.  To work around, sleep 30
            # seconds before issuing the reset of the BMC.
            snooze
        else
            logger -s -t $log_label -p local4.info "Resetting BMC ..."
            ipmitool mc reset cold
            logger -s -t $log_label -p local4.info "Waiting for the BMC to appear ..."
        fi

        if [ "$XPROD" = "43707" ]; then
            # OpenPOWER SPECIFIC, check the BMC with the following raw command to
            # make sure that the bmc is really in a "ready" state before continuing
            SLEEP_INTERVAL=3
            MAX_ITERATION=100
            tries=0
            while [ $tries -lt ${MAX_ITERATION} ] ; do
                sleep ${SLEEP_INTERVAL}
                ret=`ipmitool raw 0x3a 0x0a 2> /dev/null`
                if [ "$ret" == " 00" ]; then
                    return
                fi
                tries=$(($tries+1))
            done
            TOTAL_SEC=$((${SLEEP_INTERVAL} * ${MAX_ITERATION}))
            logger -s -t $log_label -p local4.error "ERROR, After waiting ${TOTAL_SEC} seconds, the BMC is not in a ready state."
        else
            # for Non OpenPOWER servers, just sleep for some set time.
            sleep 15

            TRIES=0
            # Get the LAN information
            while ! ipmitool lan print $LANCHAN > /dev/null; do
                sleep 3
                let TRIES=TRIES+1
                if [ $TRIES -gt $TIMEOUT ]; then break; fi
            done
        fi
    fi
}

#
# Function snooze()
#
# The purpose of this is to work around the issue with OpenPOWER BMCs after
# making a change to network configuration, sleep 30 to be sure the changes apply.
#
function snooze() {
    if [ -z $XPROD ]; then
        logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}"
        rm -f /tmp/ipmicfg.xml
        exit 1
    fi
    if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then
        return
    fi
    if [ "$XPROD" = "43707" ]; then
        # For OpenPOWER Machines
        logger -s -t $log_label -p local4.debug "OpenPOWER, snooze for 30 seconds..."
        sleep 30
    else
        sleep 1
    fi
}

if ! ipmitool -V 2>/dev/null| grep "version"; then
    echo "No ipmitool find, please install it first";
    exit 1;
fi

# Add ipmi_devintf module to allow the ipmitool operation in-band
modprobe ipmi_devintf

for parm in `cat /proc/cmdline`; do
    key=`echo $parm|awk -F= '{print $1}'`
    if [ "$key" = "xcatd" ]; then
        XCATMASTER=`echo $parm|awk -F= '{print $2}'|awk -F: '{print $1}'`
    fi
done

allowcred.awk &
CREDPID=$!
sleep 5
IPCFGMETHOD=static
while [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; do
    while ! getipmi
    do
        logger -s -t $log_label -p local4.info "Retrying retrieval of IPMI settings from server"
    done
    BMCIP=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCVLAN=`grep taggedvlan /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    if [ -z "$BMCVLAN" ]; then
        BMCVLAN=off;
    fi
    BMCGW=`grep gateway /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCNM=`grep netmask /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCUS=`grep username /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCPW=`grep password /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    IPCFGMETHOD=`grep ipcfgmethod /tmp/ipmicfg.xml|awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    if [ -z "$IPCFGMETHOD" ]; then
        IPCFGMETHOD="static"
    fi
    if [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; then
        logger -s -t $log_label -p local4.err "FAILED TO RETRIEVE SETTINGS, RETRYING in 15 seconds"
        sleep 15
    fi
done
kill $CREDPID
NUMBMCS=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'|wc -l`
logger -s -t $log_label -p local4.debug "BMC Information obtained from xCAT"
logger -s -t $log_label -p local4.debug "NUMBMCS=$NUMBMCS ==> BMC IP=$BMCIP/$BMCNM, GW=$BMCGW, VLAN=$BMCVLAN"

#
# Get the BMC Version and Manufacturer ID
#
MC_INFO=/tmp/xcat.ipmitool.mcinfo

ipmitool mc info > ${MC_INFO}
IPMIVER=`cat ${MC_INFO} |grep ^IPMI|awk  '{print $4}'`
IPMIMFG=`cat ${MC_INFO} |grep "^Manufacturer ID"|awk  '{print $4}'`

# Get the BMC Product ID
XPROD=`cat ${MC_INFO} |grep "^Product ID"|awk '{print $4}'`

logger -s -t $log_label -p local4.info "IPMIVER=$IPMIVER, IPMIMFG=$IPMIMFG, XPROD=$XPROD"

#
# IPMIMFG=2 = IBM
# IPMIMFG=0 = OpenPOWER
# IPMIMFG=42817 and XPROD=16975 = OpenBMC (AC922)
# IPMIMFG=42817 and XPROD=1 = OpenBMC (IC922)
#
if [ "$IPMIMFG" == 2 ]; then #IBM
    if [ "$XPROD" == "220" ]; then
        LOCKEDUSERS=1
        BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
        logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
        if [ ! -z "$BMCPORT" ]; then
            let idev=0
            IFS=','
            for p in $BMCPORT; do
                # Set the LAN Configuration Parameters (OEM)
                ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
                # Set the PEF Configuration Parameters (Platform Event Filtering)
                ipmitool -d $idev raw 0x04 0x12 0x09 0x01 0x18 0x${p}1 0x00 > /dev/null
                CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
                logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
                while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do
                    sleep 1
                    # Get the LAN Configuration Parameters (OEM)
                    CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
                done
                let idev=idev+1
            done
            unset IFS
        fi
    elif [ "$XPROD" == "291" ]; then
        LOCKEDUSERS=1
    else
        # Get a ID for the server
        IBMFAM=`ipmitool raw 0x3a 0x50 |head -n 1| awk '{print $1 $2 $3 $4}'`
        logger -s -t $log_label -p local4.info "IBMFAM is $IBMFAM"
        if [ "$IBMFAM" == "59554f4f" ]; then
            BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
            if [ ! -z "$BMCPORT" ]; then
                let idev=0
                IFS=','
                for p in $BMCPORT; do
                    ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
                    CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
                    logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
                    while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do
                        sleep 1
                        CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
                    done
                    let idev=idev+1
                done
                unset IFS
            fi
        fi
    fi
elif [ "$IPMIMFG" == 19046 -a "$XPROD" == 13616 ] ; then
   LOCKEDUSERS=1
elif [ "$IPMIMFG" == 20301 -o "$IPMIMFG" == 19046 ] ; then
    IBMVPDV=`ipmitool raw 0x3a 0xb 2 0 16 1`
    logger -s -t $log_label -p local4.info "XPROD is $XPROD, IBMVPDV is $IBMVPDV"
    if [ $IBMVPDV -eq 2 ]; then
        ISITE=1;
    fi
        LOCKEDUSERS=1
        BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
        logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
        if [ ! -z "$BMCPORT" ]; then
            let idev=0
            IFS=','
            for p in $BMCPORT; do
                unset IFS
                ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
                IFS=','
                # after this change, we need to watch and wait to see that it
                # actually takes effect.  On port change, the service processor
                # does not migrate the network configuration over
                # so we might be halfway through setting up when the net config
                # reverts to dhcp then static, which setting a static ip for is
                # considered invalid
                CHECKBMCPORT=$(echo $p|awk '{print $1}')
                CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
                logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
                while [ -z "$CURBMCPORT" -o 0"$CURBMCPORT" -ne 0"$CHECKBMCPORT" ]; do
                    sleep 1
                    CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
                done
                let idev=idev+1
            done
            unset IFS
        fi
elif [ "$IPMIMFG" == "47488" ]; then
    LOCKEDUSERS=1
elif [ "$IPMIMFG" == "674" ]; then # DELL
    BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
    if [ "$BMCPORT" == "0" ]; then # dedicated
        ipmitool delloem lan set dedicated &>/dev/null
    elif [ "$BMCPORT" == "1" -o "$BMCPORT" == "2" -o "$BMCPORT" == "3" -o "$BMCPORT" == "4" ]; then # shared
        ipmitool delloem lan set shared &>/dev/null
        ipmitool delloem lan set shared with lom$BMCPORT &>/dev/null
        ipmitool delloem lan set shared with failover all loms &>/dev/null
    fi
elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "16975" ]; then # IBM OpenPOWER servers with OpenBMC (AC922)
    ISOPENBMC=1
elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "1" ]; then # IBM OpenPOWER servers with OpenBMC (IC922)
    ISOPENBMC=1
fi

LAN_MED_TYPE="802.3"
if [ ! -z "$ISOPENBMC" ]; then
    # For OpenBMC, the value of "Channel Medium Type" attribute could be "Other LAN" for FW drivers prior to OP940.01
    # and "802.3" for FW drivers OP940.01 and later
    LAN_MED_TYPE="802.3|Other LAN"
fi
# Loop through channels and pick the one to communicate on
while [ -z "$LANCHAN" ]; do
    logger -s -t $log_label -p local4.info "Auto detecting LAN channel..."
    for TLANCHAN in {1..16}; do
        # Try to get the channel information; then get the MAC which is used for the channel
        if ipmitool channel info $TLANCHAN 2> /dev/null | grep -E "$LAN_MED_TYPE" > /dev/null 2>&1 && ipmitool raw 0xc 2 $TLANCHAN 5 0 0 > /dev/null 2>&1; then
            LANCHAN=$TLANCHAN
            break;
        fi;
        echo -n "."
    done
    if [ -z "$LANCHAN" ]; then
        logger -s -t $log_label -p local4.info "Unable to detect lan channel, retrying in 10 seconds"
        sleep 10
    fi
done
logger -s -t $log_label -p local4.info "Detected LAN channel $LANCHAN"

let idev=NUMBMCS
if [ $IPCFGMETHOD="static" ]; then
    while [ $idev -gt 0 ]; do
        let idev=idev-1
        TRIES=0
        # Set the channel to use STATIC IP address
        while ! ipmitool -d $idev lan set $LANCHAN ipsrc static; do
            snooze
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then
                break;
            fi
        done
    done
    let idev=0
    for b in $BMCIP; do
        TRIES=0
        # Set the IP for the current channel
        while ! ipmitool -d $idev lan set $LANCHAN ipaddr $b; do
            snooze
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then
                break;
            fi
        done
        let idev=idev+1
    done
    let idev=0
    for m in $BMCNM; do
        TRIES=0
        # Set the NETMASK for the current channel
        while ! ipmitool -d $idev lan set $LANCHAN netmask $m; do
            snooze
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then
                break;
            fi
        done
        let idev=idev+1
    done

    if [ ! -z "$BMCGW" ]; then
        let idev=0
        for g in $BMCGW; do
            TRIES=0
            # Set the GATEWAY for the current channel
            while ! ipmitool -d $idev lan set $LANCHAN defgw ipaddr $g; do
                snooze
                let TRIES=TRIES+1
                if [ $TRIES -gt $TIMEOUT ]; then
                    break;
                fi
            done
            let idev=idev+1
        done
    fi
else
    if [ -z "$ISOPENBMC" ];then
        let idev=NUMBMCS
    else
        let idev=0
    fi
    while [ $idev -gt 0 ]; do
        let idev=idev-1
        TRIES=0
        # Set the method to get IP for the current channel, if required.
        while ! ipmitool -d $idev lan set $LANCHAN ipsrc $IPCFGMETHOD; do
            snooze
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then
                break;
            fi
        done
    done
fi

if [ "$BMCVLAN" = off ]; then
    TRIES=0
    while ! ipmitool raw 0xc 1 $LANCHAN 0x14 0 0; do
        snooze
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then
            break;
        fi
    done
else
    let idev=0
    for b in $BMCVLAN; do
        TRIES=0
        # Set VLAN for the current channel
        while ! ipmitool -d $idev lan set $LANCHAN vlan id $b; do
            snooze
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then
                break;
            fi
        done
        let idev=idev+1
    done
fi


# update the node status to 'bmcready' for openbmc, no more configuration is needed.
if [ ! -z "$ISOPENBMC" ]; then
    # To enable network configuration for openbmc
    #
    # For OpenBMC, FW team still suggest running the raw command instead of access on, use raw for now
    #
    # ipmitool -d 0 lan set $LANCHAN access on
    ipmitool -d 0 raw 0x06 0x40 $LANCHAN 0x42 0x44
    # update the node status to 'bmcready'
    if [ ! -z "$XCATMASTER" ]; then
        # Wait for some time for the new network setting is ready
        snooze
        if ipmitool lan print 1 | grep $BMCIP >/dev/null; then
            updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
        else
            updateflag.awk $XCATMASTER 3002 "installstatus failed"
        fi
    fi
    rm -f /tmp/ipmicfg.xml
    exit $bmc_config_rc
fi
# After network commands are issued, pause to allow the BMC to apply (OpenPOWER)
snooze

let idev=NUMBMCS-1
for user in $BMCUS; do
    if [ "$user" = "" ]; then
        continue
    fi
    DISABLEUSERS=$(ipmitool user list $LANCHAN|awk '{print $1}'|grep -v ID)
    # Get the User Slots
    USERSLOT=`ipmitool -d $idev user list $LANCHAN |grep -v ^ID|awk '{print $1 " " $2}'|grep -w "$BMCUS"|awk '{print $1}'`
    if [ -z "$USERSLOT" ]; then
        USERSLOT=$((`ipmitool raw 6 0x44 1 1|awk '{print $3}'` + 1))
    fi
    if [ "$USERSLOT" == 0 ]; then
        # automatically find first unlocked user slot
        for slot in {1..16}; do
            USERLOCKED=`ipmitool channel getaccess $LANCHAN $slot | grep Fixed | awk '{print $4}'`
            if [ "$USERLOCKED" == "No" ]; then
                USERSLOT=$slot
                break
            fi
        done
    fi
    # fall back to userslot 2 as a last resort
    if [ "$USERSLOT" == 0 ]; then $USERSLOT = 2; fi
    if [ "$ISITE" = 1 ]; then
        allowcred.awk &
        CREDPID=$!
        while ! remoteimmsetup
        do
            logger -s -t $log_label -p local4.info "Waiting for xCAT remote configuration of service processor via CMM.."
        done
        kill $CREDPID
    fi

    # Get the specified user
    CURRENTUSER=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $2}'`
    DISABLEUSERS=`echo $DISABLEUSERS|sed -e s/$USERSLOT//`
    logger -s -t $log_label -p local4.info "CURRENTUSER=$CURRENTUSER, DISABLEUSERS=$DISABLEUSERS"
    for userid in $DISABLEUSERS; do
        TRIES=0
        # Disable the non-specified user
        while ! ipmitool -d $idev user disable $userid; do
            sleep 1
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then break; fi
        done
    done

    TRIES=0
    # Enable the specified user
    while ! ipmitool -d $idev user enable $USERSLOT; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    ipmitool raw 6 0x43 $(($LANCHAN|176))  $USERSLOT 4

    TRIES=0
    if [ "$CURRENTUSER" != "$user" ]; then
        # Change the user name, if necessary
        while ! ipmitool -d $idev user set name $USERSLOT "$user"; do
            sleep 1
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then break; fi
        done
    fi

    TRIES=0
    # Last param in ipmitool user priv is the channel to set it on.
    # Penguin boxes are all channel 2
    #
    # Get privilege for the specified user
    #
    CURRPRIV=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $6}'`
    logger -s -t $log_label -p local4.info "CURRPRIV=$CURRPRIV"
    if [ "$CURRPRIV" != "ADMINISTRATOR" ]; then
        # Set the ADMIN privilege for the specified user
        while ! ipmitool -d $idev user priv $USERSLOT 4 $LANCHAN; do
            sleep 1
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then break; fi
        done
    fi

    TRIES=0
    # Enable the channel link for the specified user
    if [ "$IPMIMFG" == 343 -a "$XPROD" == 124 ]; then # For Intel S2600BP system boards
        cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on ipmi=on"
    else
        cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on"
    fi
    while ! eval $cmd; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done

    let idev=idev-1
done

let idev=NUMBMCS-1
for bmcp in $BMCPW; do
    if [ "$bmcp" = "" ]; then continue; fi

    TRIES=0
    # Set the password for the specified user
    while ! ipmitool -d $idev user set password $USERSLOT "$bmcp"; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done

    logger -s -t $log_label -p local4.info "Set up following user table: "
    TRIES=0
    # Display the user list
    ipmitool -d $idev user list $LANCHAN
    let idev=idev-1
done

let idev=NUMBMCS
while [ $idev -gt 0 ]; do
    let idev=idev-1

    MSG="Enabling the non-volatile channel access ($LANCHAN)"
    logger -s -t $log_label -p local4.info "$MSG"
    TRIES=0
    # Set the non-volatile channel access: enable and privilege
    while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x42 0x44 > /dev/null; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi

    MSG="Enabling the volatile channel access ($LANCHAN)"
    logger -s -t $log_label -p local4.info "$MSG"
    TRIES=0
    # Set the volatile channel access: enable and privilege
    while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x82 0x84 > /dev/null; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi

    MSG="Enabling ARP responses"
    logger -s -t $log_label -p local4.info "$MSG"
    TRIES=0
    # enable the ARP response on the channel
    while ! ipmitool -d $idev lan set $LANCHAN arp respond on > /dev/null; do
        sleep 1
        let TRIES=TRIES+1
        echo -n .
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi

    MSG="Enabling IPMI MD5 LAN access"
    logger -s -t $log_label -p local4.info "$MSG"
    TRIES=0
    # Set the auth level to md5 for the channel
    while ! ipmitool -d $idev lan set $LANCHAN auth admin md5 > /dev/null; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi

    if [ ! "$IPMIVER" == "1.5"  ]; then
        MSG="Enabling IPMI v 2.0 LAN access"
        logger -s -t $log_label -p local4.info "$MSG"
        # the following goals:
        #   - disable cipher suite 0 (if present, avoid password bypass)
        #   - disable cipher suite 1 (if present, to avoid weaking Kg if used)
        #   - enable cipher suite 2 (scenarios without perl Rijndael)
        #   - enable cipher suite 3
        #   - ignore the rest
        #
        # Read the LAN info
        #
        ZEROIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '%0$'|sed -e 's/:.*//')
        ONEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^1$'|sed -e 's/:.*//')
        TWOIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^2$'|sed -e 's/:.*//')
        THREEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^3$'|sed -e 's/:.*//')
        ACCESS=$(ipmitool lan print $LANCHAN|grep 'Cipher Suite Priv Max'|cut -d: -f 2|sed -e 's/ //g' -e 's/\(.\)/\1\n/g'|grep -v '^$')
        # logger -s -t $log_label -p local4.info "ZEROIDX is $ZEROIDX, ONEIDX is $ONEIDX, TWOIDX is $TWOIDX, THREEIDX is $THREEIDX, ACCESS is $ACCESS"
        NEWACCESS=""
        i=1
        for elem in $ACCESS; do
            if [ $i = "$ZEROIDX" -o $i = "$ONEIDX" ]; then
                NEWACCESS="$NEWACCESS"X
            elif [ $i = "$TWOIDX" -o $i = "$THREEIDX" ]; then
                #do not *downgrade* from OEM priv
                if [ "$elem" != "O" ]; then NEWACCESS="$NEWACCESS"a; else NEWACCESS="$NEWACCESS"$elem; fi
            else
                NEWACCESS="$NEWACCESS"$elem
            fi
            i=$((i+1))
        done

        # logger -s -t $log_label -p local4.info "ACCESS=$NEWACCESS"

        MSG="Set the cipher_privileges for the channel"
        logger -s -t $log_label -p local4.info "$MSG"
        # Set the cipher_privileges for the channel
        if ipmitool lan set $LANCHAN cipher_privs $NEWACCESS > /dev/null; then
            logger -s -t $log_label -p local4.info "$MSG: OK"
        else
            logger -s -t $log_label -p local4.info "$MSG: ERROR"
        fi

        MSG="Enabling SOL for channel $LANCHAN"
        logger -s -t $log_label -p local4.info "$MSG"
        TRIES=0
        # Enable the SOL for the channel
        while ! ipmitool -d $idev raw 0xc 0x21 $LANCHAN 0x1 0x1 > /dev/null; do
            sleep 1
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then break; fi
        done
        if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi

        MSG="Enabling SOL for $BMCUS"
        logger -s -t $log_label -p local4.info "$MSG"
        TRIES=0
        # Enable the SOL for the USER and set the payload 1
        while ! ipmitool -d $idev raw 6 0x4c $LANCHAN $USERSLOT 2 0 0 0 > /dev/null; do
            sleep 1
            let TRIES=TRIES+1
            if [ $TRIES -gt $TIMEOUT ]; then break; fi
        done
        if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
    fi

    # Cold reset the BMC
    cold_reset_bmc

    # update the node status to 'bmcready'
    if [ ! -z "$XCATMASTER" ]; then
        updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
    fi

    logger -s -t $log_label -p local4.info "Lighting Identify Light"
    if [ "$XPROD" = "43707" -a "$IPMIMFG" = '0' ]; then
        ISOPENPOWER=1
    elif [ "$IPMIMFG" = "10876" ];then
        # Handle Supermicro Servers (MFG=10876)
        # Boston (PROD=2437), Briggs/Stratton (PROD=2355)
        if [ "$XPROD" = "2437" -o "$XPROD" = "2355" ]; then
            ISOPENPOWER=1
        fi
    fi


    if [ "$ISOPENPOWER" = '1' ]; then
        # OpenPOWER BMC specific, turn on the LED beacon light.
        #   - default interval, # ipmitool chassis identify
        #                         Chassis identify interval: default (15 seconds)
        #   - 275 is too large, # ipmitool chassis identify 275
        #                         Given interval is too big.
        ipmitool chassis identify 250
    else
        # All other BMCs
        while :
            # Identify the server by turning on the LED light
            do ipmitool -d $idev raw 0 4 10 > /dev/null
            sleep 7
        done &
    fi
done

# remove the bmc configuration information before exit
rm -f /tmp/ipmicfg.xml