mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-05-22 19:52:03 +00:00
996b05ce6a
Don't check $LOCKEDUSERS at all, instead fall back to userslot 2 as a last resort if the user doesn't already exist, and the automatic slot detection doesn't find an unlocked slot. This is essentially what was happening in the older version of the script before #6380 as $LOCKEDUSERS was only ever referenced here. Also move setting the username before setting privileges and access levels, as those steps fail if done before username is set for the slot.
697 lines
25 KiB
Plaintext
Executable File
697 lines
25 KiB
Plaintext
Executable File
# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
|
|
# Lenovo (c) 2016
|
|
#
|
|
# Raw commands to set BMCs to defaults
|
|
# dx320
|
|
# 0x2e 0x10 0x4d 0x4f 0x00 0xff
|
|
#
|
|
# dx340
|
|
# 0x30 0x13 0xff 0x00 0x00 0x00
|
|
#
|
|
# dx360/x3450
|
|
# 0x30 0x02 0x43 0x4c 0x52 0xaa
|
|
# 0x08 0x00 0x49 0x4e 0x54 0x45 0x4c
|
|
# 0x08 0x04
|
|
#
|
|
log_label="xcat.genesis.bmcsetup"
|
|
|
|
TIMEOUT=15
|
|
|
|
#
|
|
# Function: cold_reset_bmc
|
|
#
|
|
# Cold reset the BMC for certain servers
|
|
# Product ID: 309 - x3755 M4 (8722)
|
|
# Product ID: 43707 and Manufacturer ID: 0 - IBM Power S822LC and S812LC
|
|
#
|
|
# Otherwise the BMC will not respond to ping after running the ipmitool commands in this script
|
|
# It is found that Dell PowerEdge M605 server have the same product ID '43707', but its 'Manufacturer ID' is '674'
|
|
function cold_reset_bmc() {
|
|
if [ -z $XPROD ]; then
|
|
logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}"
|
|
rm -f /tmp/ipmicfg.xml
|
|
exit 1
|
|
fi
|
|
if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then
|
|
return
|
|
fi
|
|
if [ "$XPROD" = "309" -o "$XPROD" = "43707" ] ; then
|
|
if [ "$XPROD" = "43707" ]; then
|
|
# OpenPOWER SPECIFIC, the OpenPOWER machines with AMI BMC should NOT need a
|
|
# reset after applying ipmitool commands. However, it seems there is a problem with
|
|
# the BMC where after 15 seconds, it stops responding. To work around, sleep 30
|
|
# seconds before issuing the reset of the BMC.
|
|
snooze
|
|
else
|
|
logger -s -t $log_label -p local4.info "Resetting BMC ..."
|
|
ipmitool mc reset cold
|
|
logger -s -t $log_label -p local4.info "Waiting for the BMC to appear ..."
|
|
fi
|
|
|
|
if [ "$XPROD" = "43707" ]; then
|
|
# OpenPOWER SPECIFIC, check the BMC with the following raw command to
|
|
# make sure that the bmc is really in a "ready" state before continuing
|
|
SLEEP_INTERVAL=3
|
|
MAX_ITERATION=100
|
|
tries=0
|
|
while [ $tries -lt ${MAX_ITERATION} ] ; do
|
|
sleep ${SLEEP_INTERVAL}
|
|
ret=`ipmitool raw 0x3a 0x0a 2> /dev/null`
|
|
if [ "$ret" == " 00" ]; then
|
|
return
|
|
fi
|
|
tries=$(($tries+1))
|
|
done
|
|
TOTAL_SEC=$((${SLEEP_INTERVAL} * ${MAX_ITERATION}))
|
|
logger -s -t $log_label -p local4.error "ERROR, After waiting ${TOTAL_SEC} seconds, the BMC is not in a ready state."
|
|
else
|
|
# for Non OpenPOWER servers, just sleep for some set time.
|
|
sleep 15
|
|
|
|
TRIES=0
|
|
# Get the LAN information
|
|
while ! ipmitool lan print $LANCHAN > /dev/null; do
|
|
sleep 3
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
fi
|
|
fi
|
|
}
|
|
|
|
#
|
|
# Function snooze()
|
|
#
|
|
# The purpose of this is to work around the issue with OpenPOWER BMCs after
|
|
# making a change to network configuration, sleep 30 to be sure the changes apply.
|
|
#
|
|
function snooze() {
|
|
if [ -z $XPROD ]; then
|
|
logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}"
|
|
rm -f /tmp/ipmicfg.xml
|
|
exit 1
|
|
fi
|
|
if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then
|
|
return
|
|
fi
|
|
if [ "$XPROD" = "43707" ]; then
|
|
# For OpenPOWER Machines
|
|
logger -s -t $log_label -p local4.debug "OpenPOWER, snooze for 30 seconds..."
|
|
sleep 30
|
|
else
|
|
sleep 1
|
|
fi
|
|
}
|
|
|
|
if ! ipmitool -V 2>/dev/null| grep "version"; then
|
|
echo "No ipmitool find, please install it first";
|
|
exit 1;
|
|
fi
|
|
|
|
# Add ipmi_devintf module to allow the ipmitool operation in-band
|
|
modprobe ipmi_devintf
|
|
|
|
for parm in `cat /proc/cmdline`; do
|
|
key=`echo $parm|awk -F= '{print $1}'`
|
|
if [ "$key" = "xcatd" ]; then
|
|
XCATMASTER=`echo $parm|awk -F= '{print $2}'|awk -F: '{print $1}'`
|
|
fi
|
|
done
|
|
|
|
allowcred.awk &
|
|
CREDPID=$!
|
|
sleep 5
|
|
IPCFGMETHOD=static
|
|
while [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; do
|
|
while ! getipmi
|
|
do
|
|
logger -s -t $log_label -p local4.info "Retrying retrieval of IPMI settings from server"
|
|
done
|
|
BMCIP=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
BMCVLAN=`grep taggedvlan /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
if [ -z "$BMCVLAN" ]; then
|
|
BMCVLAN=off;
|
|
fi
|
|
BMCGW=`grep gateway /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
BMCNM=`grep netmask /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
BMCUS=`grep username /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
BMCPW=`grep password /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
IPCFGMETHOD=`grep ipcfgmethod /tmp/ipmicfg.xml|awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
if [ -z "$IPCFGMETHOD" ]; then
|
|
IPCFGMETHOD="static"
|
|
fi
|
|
if [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; then
|
|
logger -s -t $log_label -p local4.err "FAILED TO RETRIEVE SETTINGS, RETRYING in 15 seconds"
|
|
sleep 15
|
|
fi
|
|
done
|
|
kill $CREDPID
|
|
NUMBMCS=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'|wc -l`
|
|
logger -s -t $log_label -p local4.debug "BMC Information obtained from xCAT"
|
|
logger -s -t $log_label -p local4.debug "NUMBMCS=$NUMBMCS ==> BMC IP=$BMCIP/$BMCNM, GW=$BMCGW, VLAN=$BMCVLAN"
|
|
|
|
#
|
|
# Get the BMC Version and Manufacturer ID
|
|
#
|
|
MC_INFO=/tmp/xcat.ipmitool.mcinfo
|
|
|
|
ipmitool mc info > ${MC_INFO}
|
|
IPMIVER=`cat ${MC_INFO} |grep ^IPMI|awk '{print $4}'`
|
|
IPMIMFG=`cat ${MC_INFO} |grep "^Manufacturer ID"|awk '{print $4}'`
|
|
|
|
# Get the BMC Product ID
|
|
XPROD=`cat ${MC_INFO} |grep "^Product ID"|awk '{print $4}'`
|
|
|
|
logger -s -t $log_label -p local4.info "IPMIVER=$IPMIVER, IPMIMFG=$IPMIMFG, XPROD=$XPROD"
|
|
|
|
#
|
|
# IPMIMFG=2 = IBM
|
|
# IPMIMFG=0 = OpenPOWER
|
|
# IPMIMFG=42817 and XPROD=16975 = OpenBMC (AC922)
|
|
# IPMIMFG=42817 and XPROD=1 = OpenBMC (IC922)
|
|
#
|
|
if [ "$IPMIMFG" == 2 ]; then #IBM
|
|
if [ "$XPROD" == "220" ]; then
|
|
LOCKEDUSERS=1
|
|
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
|
|
if [ ! -z "$BMCPORT" ]; then
|
|
let idev=0
|
|
IFS=','
|
|
for p in $BMCPORT; do
|
|
# Set the LAN Configuration Parameters (OEM)
|
|
ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
|
|
# Set the PEF Configuration Parameters (Platform Event Filtering)
|
|
ipmitool -d $idev raw 0x04 0x12 0x09 0x01 0x18 0x${p}1 0x00 > /dev/null
|
|
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
|
|
logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
|
|
while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do
|
|
sleep 1
|
|
# Get the LAN Configuration Parameters (OEM)
|
|
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
|
|
done
|
|
let idev=idev+1
|
|
done
|
|
unset IFS
|
|
fi
|
|
elif [ "$XPROD" == "291" ]; then
|
|
LOCKEDUSERS=1
|
|
else
|
|
# Get a ID for the server
|
|
IBMFAM=`ipmitool raw 0x3a 0x50 |head -n 1| awk '{print $1 $2 $3 $4}'`
|
|
logger -s -t $log_label -p local4.info "IBMFAM is $IBMFAM"
|
|
if [ "$IBMFAM" == "59554f4f" ]; then
|
|
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
if [ ! -z "$BMCPORT" ]; then
|
|
let idev=0
|
|
IFS=','
|
|
for p in $BMCPORT; do
|
|
ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
|
|
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
|
|
logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
|
|
while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do
|
|
sleep 1
|
|
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
|
|
done
|
|
let idev=idev+1
|
|
done
|
|
unset IFS
|
|
fi
|
|
fi
|
|
fi
|
|
elif [ "$IPMIMFG" == 19046 -a "$XPROD" == 13616 ] ; then
|
|
LOCKEDUSERS=1
|
|
elif [ "$IPMIMFG" == 20301 -o "$IPMIMFG" == 19046 ] ; then
|
|
IBMVPDV=`ipmitool raw 0x3a 0xb 2 0 16 1`
|
|
logger -s -t $log_label -p local4.info "XPROD is $XPROD, IBMVPDV is $IBMVPDV"
|
|
if [ $IBMVPDV -eq 2 ]; then
|
|
ISITE=1;
|
|
fi
|
|
LOCKEDUSERS=1
|
|
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
|
|
if [ ! -z "$BMCPORT" ]; then
|
|
let idev=0
|
|
IFS=','
|
|
for p in $BMCPORT; do
|
|
unset IFS
|
|
ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
|
|
IFS=','
|
|
# after this change, we need to watch and wait to see that it
|
|
# actually takes effect. On port change, the service processor
|
|
# does not migrate the network configuration over
|
|
# so we might be halfway through setting up when the net config
|
|
# reverts to dhcp then static, which setting a static ip for is
|
|
# considered invalid
|
|
CHECKBMCPORT=$(echo $p|awk '{print $1}')
|
|
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
|
|
logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
|
|
while [ -z "$CURBMCPORT" -o 0"$CURBMCPORT" -ne 0"$CHECKBMCPORT" ]; do
|
|
sleep 1
|
|
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
|
|
done
|
|
let idev=idev+1
|
|
done
|
|
unset IFS
|
|
fi
|
|
elif [ "$IPMIMFG" == "47488" ]; then
|
|
LOCKEDUSERS=1
|
|
elif [ "$IPMIMFG" == "674" ]; then # DELL
|
|
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
|
|
logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
|
|
if [ "$BMCPORT" == "0" ]; then # dedicated
|
|
ipmitool delloem lan set dedicated &>/dev/null
|
|
elif [ "$BMCPORT" == "1" -o "$BMCPORT" == "2" -o "$BMCPORT" == "3" -o "$BMCPORT" == "4" ]; then # shared
|
|
ipmitool delloem lan set shared &>/dev/null
|
|
ipmitool delloem lan set shared with lom$BMCPORT &>/dev/null
|
|
ipmitool delloem lan set shared with failover all loms &>/dev/null
|
|
fi
|
|
elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "16975" ]; then # IBM OpenPOWER servers with OpenBMC (AC922)
|
|
ISOPENBMC=1
|
|
elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "1" ]; then # IBM OpenPOWER servers with OpenBMC (IC922)
|
|
ISOPENBMC=1
|
|
fi
|
|
|
|
LAN_MED_TYPE="802.3"
|
|
if [ ! -z "$ISOPENBMC" ]; then
|
|
# For OpenBMC, the value of "Channel Medium Type" attribute could be "Other LAN" for FW drivers prior to OP940.01
|
|
# and "802.3" for FW drivers OP940.01 and later
|
|
LAN_MED_TYPE="802.3|Other LAN"
|
|
fi
|
|
# Loop through channels and pick the one to communicate on
|
|
while [ -z "$LANCHAN" ]; do
|
|
logger -s -t $log_label -p local4.info "Auto detecting LAN channel..."
|
|
for TLANCHAN in {1..16}; do
|
|
# Try to get the channel information; then get the MAC which is used for the channel
|
|
if ipmitool channel info $TLANCHAN 2> /dev/null | grep -E "$LAN_MED_TYPE" > /dev/null 2>&1 && ipmitool raw 0xc 2 $TLANCHAN 5 0 0 > /dev/null 2>&1; then
|
|
LANCHAN=$TLANCHAN
|
|
break;
|
|
fi;
|
|
echo -n "."
|
|
done
|
|
if [ -z "$LANCHAN" ]; then
|
|
logger -s -t $log_label -p local4.info "Unable to detect lan channel, retrying in 10 seconds"
|
|
sleep 10
|
|
fi
|
|
done
|
|
logger -s -t $log_label -p local4.info "Detected LAN channel $LANCHAN"
|
|
|
|
let idev=NUMBMCS
|
|
if [ $IPCFGMETHOD="static" ]; then
|
|
while [ $idev -gt 0 ]; do
|
|
let idev=idev-1
|
|
TRIES=0
|
|
# Set the channel to use STATIC IP address
|
|
while ! ipmitool -d $idev lan set $LANCHAN ipsrc static; do
|
|
snooze
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then
|
|
break;
|
|
fi
|
|
done
|
|
done
|
|
let idev=0
|
|
for b in $BMCIP; do
|
|
TRIES=0
|
|
# Set the IP for the current channel
|
|
while ! ipmitool -d $idev lan set $LANCHAN ipaddr $b; do
|
|
snooze
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then
|
|
break;
|
|
fi
|
|
done
|
|
let idev=idev+1
|
|
done
|
|
let idev=0
|
|
for m in $BMCNM; do
|
|
TRIES=0
|
|
# Set the NETMASK for the current channel
|
|
while ! ipmitool -d $idev lan set $LANCHAN netmask $m; do
|
|
snooze
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then
|
|
break;
|
|
fi
|
|
done
|
|
let idev=idev+1
|
|
done
|
|
|
|
if [ ! -z "$BMCGW" ]; then
|
|
let idev=0
|
|
for g in $BMCGW; do
|
|
TRIES=0
|
|
# Set the GATEWAY for the current channel
|
|
while ! ipmitool -d $idev lan set $LANCHAN defgw ipaddr $g; do
|
|
snooze
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then
|
|
break;
|
|
fi
|
|
done
|
|
let idev=idev+1
|
|
done
|
|
fi
|
|
else
|
|
if [ -z "$ISOPENBMC" ];then
|
|
let idev=NUMBMCS
|
|
else
|
|
let idev=0
|
|
fi
|
|
while [ $idev -gt 0 ]; do
|
|
let idev=idev-1
|
|
TRIES=0
|
|
# Set the method to get IP for the current channel, if required.
|
|
while ! ipmitool -d $idev lan set $LANCHAN ipsrc $IPCFGMETHOD; do
|
|
snooze
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then
|
|
break;
|
|
fi
|
|
done
|
|
done
|
|
fi
|
|
|
|
if [ "$BMCVLAN" = off ]; then
|
|
TRIES=0
|
|
while ! ipmitool raw 0xc 1 $LANCHAN 0x14 0 0; do
|
|
snooze
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then
|
|
break;
|
|
fi
|
|
done
|
|
else
|
|
let idev=0
|
|
for b in $BMCVLAN; do
|
|
TRIES=0
|
|
# Set VLAN for the current channel
|
|
while ! ipmitool -d $idev lan set $LANCHAN vlan id $b; do
|
|
snooze
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then
|
|
break;
|
|
fi
|
|
done
|
|
let idev=idev+1
|
|
done
|
|
fi
|
|
|
|
|
|
# update the node status to 'bmcready' for openbmc, no more configuration is needed.
|
|
if [ ! -z "$ISOPENBMC" ]; then
|
|
# To enable network configuration for openbmc
|
|
#
|
|
# For OpenBMC, FW team still suggest running the raw command instead of access on, use raw for now
|
|
#
|
|
# ipmitool -d 0 lan set $LANCHAN access on
|
|
ipmitool -d 0 raw 0x06 0x40 $LANCHAN 0x42 0x44
|
|
# update the node status to 'bmcready'
|
|
if [ ! -z "$XCATMASTER" ]; then
|
|
# Wait for some time for the new network setting is ready
|
|
snooze
|
|
if ipmitool lan print 1 | grep $BMCIP >/dev/null; then
|
|
updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
|
|
else
|
|
updateflag.awk $XCATMASTER 3002 "installstatus failed"
|
|
fi
|
|
fi
|
|
rm -f /tmp/ipmicfg.xml
|
|
exit $bmc_config_rc
|
|
fi
|
|
# After network commands are issued, pause to allow the BMC to apply (OpenPOWER)
|
|
snooze
|
|
|
|
let idev=NUMBMCS-1
|
|
for user in $BMCUS; do
|
|
if [ "$user" = "" ]; then
|
|
continue
|
|
fi
|
|
DISABLEUSERS=$(ipmitool user list $LANCHAN|awk '{print $1}'|grep -v ID)
|
|
# Get the User Slots
|
|
USERSLOT=`ipmitool -d $idev user list $LANCHAN |grep -v ^ID|awk '{print $1 " " $2}'|grep -w "$BMCUS"|awk '{print $1}'`
|
|
if [ -z "$USERSLOT" ]; then
|
|
USERSLOT=$((`ipmitool raw 6 0x44 1 1|awk '{print $3}'` + 1))
|
|
fi
|
|
if [ "$USERSLOT" == 0 ]; then
|
|
# automatically find first unlocked user slot
|
|
for slot in {1..16}; do
|
|
USERLOCKED=`ipmitool channel getaccess $LANCHAN $slot | grep Fixed | awk '{print $4}'`
|
|
if [ "$USERLOCKED" == "No" ]; then
|
|
USERSLOT=$slot
|
|
break
|
|
fi
|
|
done
|
|
fi
|
|
# fall back to userslot 2 as a last resort
|
|
if [ "$USERSLOT" == 0 ]; then $USERSLOT = 2; fi
|
|
if [ "$ISITE" = 1 ]; then
|
|
allowcred.awk &
|
|
CREDPID=$!
|
|
while ! remoteimmsetup
|
|
do
|
|
logger -s -t $log_label -p local4.info "Waiting for xCAT remote configuration of service processor via CMM.."
|
|
done
|
|
kill $CREDPID
|
|
fi
|
|
|
|
# Get the specified user
|
|
CURRENTUSER=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $2}'`
|
|
DISABLEUSERS=`echo $DISABLEUSERS|sed -e s/$USERSLOT//`
|
|
logger -s -t $log_label -p local4.info "CURRENTUSER=$CURRENTUSER, DISABLEUSERS=$DISABLEUSERS"
|
|
for userid in $DISABLEUSERS; do
|
|
TRIES=0
|
|
# Disable the non-specified user
|
|
while ! ipmitool -d $idev user disable $userid; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
done
|
|
|
|
TRIES=0
|
|
# Enable the specified user
|
|
while ! ipmitool -d $idev user enable $USERSLOT; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
ipmitool raw 6 0x43 $(($LANCHAN|176)) $USERSLOT 4
|
|
|
|
TRIES=0
|
|
if [ "$CURRENTUSER" != "$user" ]; then
|
|
# Change the user name, if necessary
|
|
while ! ipmitool -d $idev user set name $USERSLOT "$user"; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
fi
|
|
|
|
TRIES=0
|
|
# Last param in ipmitool user priv is the channel to set it on.
|
|
# Penguin boxes are all channel 2
|
|
#
|
|
# Get privilege for the specified user
|
|
#
|
|
CURRPRIV=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $6}'`
|
|
logger -s -t $log_label -p local4.info "CURRPRIV=$CURRPRIV"
|
|
if [ "$CURRPRIV" != "ADMINISTRATOR" ]; then
|
|
# Set the ADMIN privilege for the specified user
|
|
while ! ipmitool -d $idev user priv $USERSLOT 4 $LANCHAN; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
fi
|
|
|
|
TRIES=0
|
|
# Enable the channel link for the specified user
|
|
if [ "$IPMIMFG" == 343 -a "$XPROD" == 124 ]; then # For Intel S2600BP system boards
|
|
cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on ipmi=on"
|
|
else
|
|
cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on"
|
|
fi
|
|
while ! eval $cmd; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
|
|
let idev=idev-1
|
|
done
|
|
|
|
let idev=NUMBMCS-1
|
|
for bmcp in $BMCPW; do
|
|
if [ "$bmcp" = "" ]; then continue; fi
|
|
|
|
TRIES=0
|
|
# Set the password for the specified user
|
|
while ! ipmitool -d $idev user set password $USERSLOT "$bmcp"; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
|
|
logger -s -t $log_label -p local4.info "Set up following user table: "
|
|
TRIES=0
|
|
# Display the user list
|
|
ipmitool -d $idev user list $LANCHAN
|
|
let idev=idev-1
|
|
done
|
|
|
|
let idev=NUMBMCS
|
|
while [ $idev -gt 0 ]; do
|
|
let idev=idev-1
|
|
|
|
MSG="Enabling the non-volatile channel access ($LANCHAN)"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
TRIES=0
|
|
# Set the non-volatile channel access: enable and privilege
|
|
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x42 0x44 > /dev/null; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
|
|
|
|
MSG="Enabling the volatile channel access ($LANCHAN)"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
TRIES=0
|
|
# Set the volatile channel access: enable and privilege
|
|
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x82 0x84 > /dev/null; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
|
|
|
|
MSG="Enabling ARP responses"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
TRIES=0
|
|
# enable the ARP response on the channel
|
|
while ! ipmitool -d $idev lan set $LANCHAN arp respond on > /dev/null; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
echo -n .
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
|
|
|
|
MSG="Enabling IPMI MD5 LAN access"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
TRIES=0
|
|
# Set the auth level to md5 for the channel
|
|
while ! ipmitool -d $idev lan set $LANCHAN auth admin md5 > /dev/null; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
|
|
|
|
if [ ! "$IPMIVER" == "1.5" ]; then
|
|
MSG="Enabling IPMI v 2.0 LAN access"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
# the following goals:
|
|
# - disable cipher suite 0 (if present, avoid password bypass)
|
|
# - disable cipher suite 1 (if present, to avoid weaking Kg if used)
|
|
# - enable cipher suite 2 (scenarios without perl Rijndael)
|
|
# - enable cipher suite 3
|
|
# - ignore the rest
|
|
#
|
|
# Read the LAN info
|
|
#
|
|
ZEROIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '%0$'|sed -e 's/:.*//')
|
|
ONEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^1$'|sed -e 's/:.*//')
|
|
TWOIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^2$'|sed -e 's/:.*//')
|
|
THREEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^3$'|sed -e 's/:.*//')
|
|
ACCESS=$(ipmitool lan print $LANCHAN|grep 'Cipher Suite Priv Max'|cut -d: -f 2|sed -e 's/ //g' -e 's/\(.\)/\1\n/g'|grep -v '^$')
|
|
# logger -s -t $log_label -p local4.info "ZEROIDX is $ZEROIDX, ONEIDX is $ONEIDX, TWOIDX is $TWOIDX, THREEIDX is $THREEIDX, ACCESS is $ACCESS"
|
|
NEWACCESS=""
|
|
i=1
|
|
for elem in $ACCESS; do
|
|
if [ $i = "$ZEROIDX" -o $i = "$ONEIDX" ]; then
|
|
NEWACCESS="$NEWACCESS"X
|
|
elif [ $i = "$TWOIDX" -o $i = "$THREEIDX" ]; then
|
|
#do not *downgrade* from OEM priv
|
|
if [ "$elem" != "O" ]; then NEWACCESS="$NEWACCESS"a; else NEWACCESS="$NEWACCESS"$elem; fi
|
|
else
|
|
NEWACCESS="$NEWACCESS"$elem
|
|
fi
|
|
i=$((i+1))
|
|
done
|
|
|
|
# logger -s -t $log_label -p local4.info "ACCESS=$NEWACCESS"
|
|
|
|
MSG="Set the cipher_privileges for the channel"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
# Set the cipher_privileges for the channel
|
|
if ipmitool lan set $LANCHAN cipher_privs $NEWACCESS > /dev/null; then
|
|
logger -s -t $log_label -p local4.info "$MSG: OK"
|
|
else
|
|
logger -s -t $log_label -p local4.info "$MSG: ERROR"
|
|
fi
|
|
|
|
MSG="Enabling SOL for channel $LANCHAN"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
TRIES=0
|
|
# Enable the SOL for the channel
|
|
while ! ipmitool -d $idev raw 0xc 0x21 $LANCHAN 0x1 0x1 > /dev/null; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
|
|
|
|
MSG="Enabling SOL for $BMCUS"
|
|
logger -s -t $log_label -p local4.info "$MSG"
|
|
TRIES=0
|
|
# Enable the SOL for the USER and set the payload 1
|
|
while ! ipmitool -d $idev raw 6 0x4c $LANCHAN $USERSLOT 2 0 0 0 > /dev/null; do
|
|
sleep 1
|
|
let TRIES=TRIES+1
|
|
if [ $TRIES -gt $TIMEOUT ]; then break; fi
|
|
done
|
|
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
|
|
fi
|
|
|
|
# Cold reset the BMC
|
|
cold_reset_bmc
|
|
|
|
# update the node status to 'bmcready'
|
|
if [ ! -z "$XCATMASTER" ]; then
|
|
updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
|
|
fi
|
|
|
|
logger -s -t $log_label -p local4.info "Lighting Identify Light"
|
|
if [ "$XPROD" = "43707" -a "$IPMIMFG" = '0' ]; then
|
|
ISOPENPOWER=1
|
|
elif [ "$IPMIMFG" = "10876" ];then
|
|
# Handle Supermicro Servers (MFG=10876)
|
|
# Boston (PROD=2437), Briggs/Stratton (PROD=2355)
|
|
if [ "$XPROD" = "2437" -o "$XPROD" = "2355" ]; then
|
|
ISOPENPOWER=1
|
|
fi
|
|
fi
|
|
|
|
|
|
if [ "$ISOPENPOWER" = '1' ]; then
|
|
# OpenPOWER BMC specific, turn on the LED beacon light.
|
|
# - default interval, # ipmitool chassis identify
|
|
# Chassis identify interval: default (15 seconds)
|
|
# - 275 is too large, # ipmitool chassis identify 275
|
|
# Given interval is too big.
|
|
ipmitool chassis identify 250
|
|
else
|
|
# All other BMCs
|
|
while :
|
|
# Identify the server by turning on the LED light
|
|
do ipmitool -d $idev raw 0 4 10 > /dev/null
|
|
sleep 7
|
|
done &
|
|
fi
|
|
done
|
|
|
|
# remove the bmc configuration information before exit
|
|
rm -f /tmp/ipmicfg.xml
|