#!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html # Lenovo (c) 2016 # # Raw commands to set BMCs to defaults # dx320 # 0x2e 0x10 0x4d 0x4f 0x00 0xff # # dx340 # 0x30 0x13 0xff 0x00 0x00 0x00 # # dx360/x3450 # 0x30 0x02 0x43 0x4c 0x52 0xaa # 0x08 0x00 0x49 0x4e 0x54 0x45 0x4c # 0x08 0x04 # log_label="xcat.genesis.bmcsetup" TIMEOUT=15 # # Function: cold_reset_bmc # # Cold reset the BMC for certain servers # Product ID: 309 - x3755 M4 (8722) # Product ID: 43707 and Manufacturer ID: 0 - IBM Power S822LC and S812LC # # Otherwise the BMC will not respond to ping after running the ipmitool commands in this script # It is found that Dell PowerEdge M605 server have the same product ID '43707', but its 'Manufacturer ID' is '674' function cold_reset_bmc() { if [ -z $XPROD ]; then logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}" rm -f /tmp/ipmicfg.xml exit 1 fi if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then return fi if [ "$XPROD" = "309" -o "$XPROD" = "43707" ] ; then if [ "$XPROD" = "43707" ]; then # OpenPOWER SPECIFIC, the OpenPOWER machines with AMI BMC should NOT need a # reset after applying ipmitool commands. However, it seems there is a problem with # the BMC where after 15 seconds, it stops responding. To work around, sleep 30 # seconds before issuing the reset of the BMC. snooze else logger -s -t $log_label -p local4.info "Resetting BMC ..." ipmitool mc reset cold logger -s -t $log_label -p local4.info "Waiting for the BMC to appear ..." fi if [ "$XPROD" = "43707" ]; then # OpenPOWER SPECIFIC, check the BMC with the following raw command to # make sure that the bmc is really in a "ready" state before continuing SLEEP_INTERVAL=3 MAX_ITERATION=100 tries=0 while [ $tries -lt ${MAX_ITERATION} ] ; do sleep ${SLEEP_INTERVAL} ret=`ipmitool raw 0x3a 0x0a 2> /dev/null` if [ "$ret" == " 00" ]; then return fi tries=$(($tries+1)) done TOTAL_SEC=$((${SLEEP_INTERVAL} * ${MAX_ITERATION})) logger -s -t $log_label -p local4.error "ERROR, After waiting ${TOTAL_SEC} seconds, the BMC is not in a ready state." else # for Non OpenPOWER servers, just sleep for some set time. sleep 15 TRIES=0 # Get the LAN information while ! ipmitool lan print $LANCHAN > /dev/null; do sleep 3 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done fi fi } # # Function snooze() # # The purpose of this is to work around the issue with OpenPOWER BMCs after # making a change to network configuration, sleep 30 to be sure the changes apply. # function snooze() { if [ -z $XPROD ]; then logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}" rm -f /tmp/ipmicfg.xml exit 1 fi if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then return fi if [ "$XPROD" = "43707" ]; then # For OpenPOWER Machines logger -s -t $log_label -p local4.debug "OpenPOWER, snooze for 30 seconds..." sleep 30 else sleep 1 fi } if ! ipmitool -V 2>/dev/null| grep "version"; then echo "No ipmitool find, please install it first"; exit 1; fi # Add ipmi_devintf module to allow the ipmitool operation in-band if grep -q "^ppc64" <<< "$(uname -m)"; then modprobe ipmi_powernv else modprobe ipmi_si fi modprobe ipmi_devintf for parm in `cat /proc/cmdline`; do key=`echo $parm|awk -F= '{print $1}'` if [ "$key" = "xcatd" ]; then XCATMASTER=`echo $parm|awk -F= '{print $2}'|awk -F: '{print $1}'` fi done allowcred.awk & CREDPID=$! sleep 5 IPCFGMETHOD=static while [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; do while ! getipmi do logger -s -t $log_label -p local4.info "Retrying retrieval of IPMI settings from server" done BMCIP=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` BMCVLAN=`grep taggedvlan /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` if [ -z "$BMCVLAN" ]; then BMCVLAN=off; fi BMCGW=`grep gateway /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` BMCNM=`grep netmask /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` BMCUS=`grep username /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` BMCPW=`grep password /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` IPCFGMETHOD=`grep ipcfgmethod /tmp/ipmicfg.xml|awk -F\> '{print $2}'|awk -F\< '{print $1}'` if [ -z "$IPCFGMETHOD" ]; then IPCFGMETHOD="static" fi if [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; then logger -s -t $log_label -p local4.err "FAILED TO RETRIEVE SETTINGS, RETRYING in 15 seconds" sleep 15 fi done kill $CREDPID NUMBMCS=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'|wc -l` logger -s -t $log_label -p local4.debug "BMC Information obtained from xCAT" logger -s -t $log_label -p local4.debug "NUMBMCS=$NUMBMCS ==> BMC IP=$BMCIP/$BMCNM, GW=$BMCGW, VLAN=$BMCVLAN" # # Get the BMC Version and Manufacturer ID # MC_INFO=/tmp/xcat.ipmitool.mcinfo ipmitool mc info > ${MC_INFO} IPMIVER=`cat ${MC_INFO} |grep ^IPMI|awk '{print $4}'` IPMIMFG=`cat ${MC_INFO} |grep "^Manufacturer ID"|awk '{print $4}'` # Get the BMC Product ID XPROD=`cat ${MC_INFO} |grep "^Product ID"|awk '{print $4}'` logger -s -t $log_label -p local4.info "IPMIVER=$IPMIVER, IPMIMFG=$IPMIMFG, XPROD=$XPROD" # # IPMIMFG=2 = IBM # IPMIMFG=0 = OpenPOWER # IPMIMFG=42817 and XPROD=16975 = OpenBMC (AC922) # IPMIMFG=42817 and XPROD=1 = OpenBMC (IC922) # if [ "$IPMIMFG" == 2 ]; then #IBM if [ "$XPROD" == "220" ]; then LOCKEDUSERS=1 BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT" if [ ! -z "$BMCPORT" ]; then let idev=0 IFS=',' for p in $BMCPORT; do # Set the LAN Configuration Parameters (OEM) ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null # Set the PEF Configuration Parameters (Platform Event Filtering) ipmitool -d $idev raw 0x04 0x12 0x09 0x01 0x18 0x${p}1 0x00 > /dev/null CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'` logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT" while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do sleep 1 # Get the LAN Configuration Parameters (OEM) CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'` done let idev=idev+1 done unset IFS fi elif [ "$XPROD" == "291" ]; then LOCKEDUSERS=1 else # Get a ID for the server IBMFAM=`ipmitool raw 0x3a 0x50 |head -n 1| awk '{print $1 $2 $3 $4}'` logger -s -t $log_label -p local4.info "IBMFAM is $IBMFAM" if [ "$IBMFAM" == "59554f4f" ]; then BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` if [ ! -z "$BMCPORT" ]; then let idev=0 IFS=',' for p in $BMCPORT; do ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'` logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT" while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do sleep 1 CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'` done let idev=idev+1 done unset IFS fi fi fi elif [ "$IPMIMFG" == 19046 -a "$XPROD" == 13616 ] ; then LOCKEDUSERS=1 elif [ "$IPMIMFG" == 20301 -o "$IPMIMFG" == 19046 ] ; then IBMVPDV=`ipmitool raw 0x3a 0xb 2 0 16 1` logger -s -t $log_label -p local4.info "XPROD is $XPROD, IBMVPDV is $IBMVPDV" if [ $IBMVPDV -eq 2 ]; then ISITE=1; fi LOCKEDUSERS=1 BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT" if [ ! -z "$BMCPORT" ]; then let idev=0 IFS=',' for p in $BMCPORT; do unset IFS ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null IFS=',' # after this change, we need to watch and wait to see that it # actually takes effect. On port change, the service processor # does not migrate the network configuration over # so we might be halfway through setting up when the net config # reverts to dhcp then static, which setting a static ip for is # considered invalid CHECKBMCPORT=$(echo $p|awk '{print $1}') CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'` logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT" while [ -z "$CURBMCPORT" -o 0"$CURBMCPORT" -ne 0"$CHECKBMCPORT" ]; do sleep 1 CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'` done let idev=idev+1 done unset IFS fi elif [ "$IPMIMFG" == "47488" ]; then LOCKEDUSERS=1 elif [ "$IPMIMFG" == "674" ]; then # DELL BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT" if [ "$BMCPORT" == "0" ]; then # shared # https://github.com/ipmitool/ipmitool/issues/18 # ipmitool raw 0x30 0x28 0xAA 0xBB, with: # AA: 01 = dedicated, 02...05 = shared with lom1...4 # BB: 00 = no failover, 02...05 = failover on lom1...4, , 06 = failover on all loms ipmitool raw 0x30 0x28 0x02 0x06 elif [ "$BMCPORT" == "1" ]; then # dedicated ipmitool raw 0x30 0x28 0x01 0x00 fi elif [ "$IPMIMFG" == "10876" ]; then # Supermicro BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'` logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT" # https://www.supermicro.com/support/faqs/faq.cfm?faq=17953 if [ "$BMCPORT" == "0" ]; then # shared ipmitool raw 0x30 0x70 0x0c 1 1 elif [ "$BMCPORT" == "1" ]; then # dedicated ipmitool raw 0x30 0x70 0x0c 1 0 fi elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "16975" ]; then # IBM OpenPOWER servers with OpenBMC (AC922) ISOPENBMC=1 elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "1" ]; then # IBM OpenPOWER servers with OpenBMC (IC922) ISOPENBMC=1 fi LAN_MED_TYPE="802.3" if [ ! -z "$ISOPENBMC" ]; then # For OpenBMC, the value of "Channel Medium Type" attribute could be "Other LAN" for FW drivers prior to OP940.01 # and "802.3" for FW drivers OP940.01 and later LAN_MED_TYPE="802.3|Other LAN" fi # Loop through channels and pick the one to communicate on while [ -z "$LANCHAN" ]; do logger -s -t $log_label -p local4.info "Auto detecting LAN channel..." for TLANCHAN in {1..16}; do # Try to get the channel information; then get the MAC which is used for the channel if ipmitool channel info $TLANCHAN 2> /dev/null | grep -E "$LAN_MED_TYPE" > /dev/null 2>&1 && ipmitool raw 0xc 2 $TLANCHAN 5 0 0 > /dev/null 2>&1; then LANCHAN=$TLANCHAN break; fi; echo -n "." done if [ -z "$LANCHAN" ]; then logger -s -t $log_label -p local4.info "Unable to detect lan channel, retrying in 10 seconds" sleep 10 fi done logger -s -t $log_label -p local4.info "Detected LAN channel $LANCHAN" let idev=NUMBMCS if [ $IPCFGMETHOD="static" ]; then while [ $idev -gt 0 ]; do let idev=idev-1 TRIES=0 # Set the channel to use STATIC IP address while ! ipmitool -d $idev lan set $LANCHAN ipsrc static; do snooze let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done done let idev=0 for b in $BMCIP; do TRIES=0 # Set the IP for the current channel while ! ipmitool -d $idev lan set $LANCHAN ipaddr $b; do snooze let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done let idev=idev+1 done let idev=0 for m in $BMCNM; do TRIES=0 # Set the NETMASK for the current channel while ! ipmitool -d $idev lan set $LANCHAN netmask $m; do snooze let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done let idev=idev+1 done if [ ! -z "$BMCGW" ]; then let idev=0 for g in $BMCGW; do TRIES=0 # Set the GATEWAY for the current channel while ! ipmitool -d $idev lan set $LANCHAN defgw ipaddr $g; do snooze let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done let idev=idev+1 done fi else if [ -z "$ISOPENBMC" ];then let idev=NUMBMCS else let idev=0 fi while [ $idev -gt 0 ]; do let idev=idev-1 TRIES=0 # Set the method to get IP for the current channel, if required. while ! ipmitool -d $idev lan set $LANCHAN ipsrc $IPCFGMETHOD; do snooze let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done done fi if [ "$BMCVLAN" = off ]; then TRIES=0 while ! ipmitool raw 0xc 1 $LANCHAN 0x14 0 0; do snooze let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done else let idev=0 for b in $BMCVLAN; do TRIES=0 # Set VLAN for the current channel while ! ipmitool -d $idev lan set $LANCHAN vlan id $b; do snooze let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done let idev=idev+1 done fi # update the node status to 'bmcready' for openbmc, no more configuration is needed. if [ ! -z "$ISOPENBMC" ]; then # To enable network configuration for openbmc # # For OpenBMC, FW team still suggest running the raw command instead of access on, use raw for now # # ipmitool -d 0 lan set $LANCHAN access on ipmitool -d 0 raw 0x06 0x40 $LANCHAN 0x42 0x44 # update the node status to 'bmcready' if [ ! -z "$XCATMASTER" ]; then # Wait for some time for the new network setting is ready snooze if ipmitool lan print 1 | grep $BMCIP >/dev/null; then updateflag.awk $XCATMASTER 3002 "installstatus bmcready" else updateflag.awk $XCATMASTER 3002 "installstatus failed" fi fi rm -f /tmp/ipmicfg.xml exit $bmc_config_rc fi # After network commands are issued, pause to allow the BMC to apply (OpenPOWER) snooze let idev=NUMBMCS-1 for user in $BMCUS; do if [ "$user" = "" ]; then continue fi DISABLEUSERS=$(ipmitool user list $LANCHAN|awk '{print $1}'|grep -v ID) # Get the User Slots USERSLOT=`ipmitool -d $idev user list $LANCHAN |grep -v ^ID|awk '{print $1 " " $2}'|grep -w "$BMCUS"|awk '{print $1}'` if [ -z "$USERSLOT" ]; then USERSLOT=$((`ipmitool raw 6 0x44 1 1|awk '{print $3}'` + 1)) fi if [ "$USERSLOT" == 0 ]; then # automatically find first unlocked user slot for slot in {1..16}; do USERLOCKED=`ipmitool channel getaccess $LANCHAN $slot | grep Fixed | awk '{print $4}'` if [ "$USERLOCKED" == "No" ]; then USERSLOT=$slot break fi done fi # fall back to userslot 2 as a last resort if [ "$USERSLOT" == 0 ]; then $USERSLOT = 2; fi if [ "$ISITE" = 1 ]; then allowcred.awk & CREDPID=$! while ! remoteimmsetup do logger -s -t $log_label -p local4.info "Waiting for xCAT remote configuration of service processor via CMM.." done kill $CREDPID fi # Get the specified user CURRENTUSER=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $2}'` DISABLEUSERS=`echo $DISABLEUSERS|sed -e s/$USERSLOT//` logger -s -t $log_label -p local4.info "CURRENTUSER=$CURRENTUSER, DISABLEUSERS=$DISABLEUSERS" for userid in $DISABLEUSERS; do TRIES=0 # Disable the non-specified user while ! ipmitool -d $idev user disable $userid; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done done TRIES=0 # Enable the specified user while ! ipmitool -d $idev user enable $USERSLOT; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done ipmitool raw 6 0x43 $(($LANCHAN|176)) $USERSLOT 4 TRIES=0 if [ "$CURRENTUSER" != "$user" ]; then # Change the user name, if necessary while ! ipmitool -d $idev user set name $USERSLOT "$user"; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done fi TRIES=0 # Last param in ipmitool user priv is the channel to set it on. # Penguin boxes are all channel 2 # # Get privilege for the specified user # CURRPRIV=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $6}'` logger -s -t $log_label -p local4.info "CURRPRIV=$CURRPRIV" if [ "$CURRPRIV" != "ADMINISTRATOR" ]; then # Set the ADMIN privilege for the specified user while ! ipmitool -d $idev user priv $USERSLOT 4 $LANCHAN; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done fi TRIES=0 # Enable the channel link for the specified user if [ "$IPMIMFG" == 343 -a "$XPROD" == 124 ]; then # For Intel S2600BP system boards cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on ipmi=on" else cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on" fi while ! eval $cmd; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done let idev=idev-1 done let idev=NUMBMCS-1 for bmcp in $BMCPW; do if [ "$bmcp" = "" ]; then continue; fi TRIES=0 # Set the password for the specified user while ! ipmitool -d $idev user set password $USERSLOT "$bmcp"; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done logger -s -t $log_label -p local4.info "Set up following user table: " TRIES=0 # Display the user list ipmitool -d $idev user list $LANCHAN let idev=idev-1 done let idev=NUMBMCS while [ $idev -gt 0 ]; do let idev=idev-1 MSG="Enabling the non-volatile channel access ($LANCHAN)" logger -s -t $log_label -p local4.info "$MSG" TRIES=0 # Set the non-volatile channel access: enable and privilege while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x42 0x44 > /dev/null; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi MSG="Enabling the volatile channel access ($LANCHAN)" logger -s -t $log_label -p local4.info "$MSG" TRIES=0 # Set the volatile channel access: enable and privilege while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x82 0x84 > /dev/null; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi MSG="Enabling ARP responses" logger -s -t $log_label -p local4.info "$MSG" TRIES=0 # enable the ARP response on the channel while ! ipmitool -d $idev lan set $LANCHAN arp respond on > /dev/null; do sleep 1 let TRIES=TRIES+1 echo -n . if [ $TRIES -gt $TIMEOUT ]; then break; fi done if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi MSG="Enabling IPMI MD5 LAN access" logger -s -t $log_label -p local4.info "$MSG" TRIES=0 # Set the auth level to md5 for the channel while ! ipmitool -d $idev lan set $LANCHAN auth admin md5 > /dev/null; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi if [ ! "$IPMIVER" == "1.5" ]; then MSG="Enabling IPMI v 2.0 LAN access" logger -s -t $log_label -p local4.info "$MSG" # the following goals: # - disable cipher suite 0 (if present, avoid password bypass) # - disable cipher suite 1 (if present, to avoid weaking Kg if used) # - enable cipher suite 2 (scenarios without perl Rijndael) # - enable cipher suite 3 # - ignore the rest # # Read the LAN info # ZEROIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '%0$'|sed -e 's/:.*//') ONEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^1$'|sed -e 's/:.*//') TWOIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^2$'|sed -e 's/:.*//') THREEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^3$'|sed -e 's/:.*//') ACCESS=$(ipmitool lan print $LANCHAN|grep 'Cipher Suite Priv Max'|cut -d: -f 2|sed -e 's/ //g' -e 's/\(.\)/\1\n/g'|grep -v '^$') # logger -s -t $log_label -p local4.info "ZEROIDX is $ZEROIDX, ONEIDX is $ONEIDX, TWOIDX is $TWOIDX, THREEIDX is $THREEIDX, ACCESS is $ACCESS" NEWACCESS="" i=1 for elem in $ACCESS; do if [ $i = "$ZEROIDX" -o $i = "$ONEIDX" ]; then NEWACCESS="$NEWACCESS"X elif [ $i = "$TWOIDX" -o $i = "$THREEIDX" ]; then #do not *downgrade* from OEM priv if [ "$elem" != "O" ]; then NEWACCESS="$NEWACCESS"a; else NEWACCESS="$NEWACCESS"$elem; fi else NEWACCESS="$NEWACCESS"$elem fi i=$((i+1)) done # logger -s -t $log_label -p local4.info "ACCESS=$NEWACCESS" MSG="Set the cipher_privileges for the channel" logger -s -t $log_label -p local4.info "$MSG" # Set the cipher_privileges for the channel if ipmitool lan set $LANCHAN cipher_privs $NEWACCESS > /dev/null; then logger -s -t $log_label -p local4.info "$MSG: OK" else logger -s -t $log_label -p local4.info "$MSG: ERROR" fi MSG="Enabling SOL for channel $LANCHAN" logger -s -t $log_label -p local4.info "$MSG" TRIES=0 # Enable the SOL for the channel while ! ipmitool -d $idev raw 0xc 0x21 $LANCHAN 0x1 0x1 > /dev/null; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi MSG="Enabling SOL for $BMCUS" logger -s -t $log_label -p local4.info "$MSG" TRIES=0 # Enable the SOL for the USER and set the payload 1 while ! ipmitool -d $idev raw 6 0x4c $LANCHAN $USERSLOT 2 0 0 0 > /dev/null; do sleep 1 let TRIES=TRIES+1 if [ $TRIES -gt $TIMEOUT ]; then break; fi done if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi fi # Cold reset the BMC cold_reset_bmc # update the node status to 'bmcready' if [ ! -z "$XCATMASTER" ]; then updateflag.awk $XCATMASTER 3002 "installstatus bmcready" fi logger -s -t $log_label -p local4.info "Lighting Identify Light" if [ "$XPROD" = "43707" -a "$IPMIMFG" = '0' ]; then ISOPENPOWER=1 elif [ "$IPMIMFG" = "10876" ];then # Handle Supermicro Servers (MFG=10876) # Boston (PROD=2437), Briggs/Stratton (PROD=2355) if [ "$XPROD" = "2437" -o "$XPROD" = "2355" ]; then ISOPENPOWER=1 fi fi if [ "$ISOPENPOWER" = '1' ]; then # OpenPOWER BMC specific, turn on the LED beacon light. # - default interval, # ipmitool chassis identify # Chassis identify interval: default (15 seconds) # - 275 is too large, # ipmitool chassis identify 275 # Given interval is too big. ipmitool chassis identify 250 else # All other BMCs while : # Identify the server by turning on the LED light do ipmitool -d $idev raw 0 4 10 > /dev/null sleep 7 done & fi done # remove the bmc configuration information before exit rm -f /tmp/ipmicfg.xml