2
0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-10-26 00:45:38 +00:00
Files
xcat-core/xCAT-genesis-scripts/usr/bin/bmcsetup
Kilian Cavalotti 787ea2191e bmcsetup: enhance BMC port configuration for Dell systems
Add optional values to ipmi.bmcport to support more fine-grained
configuration for Dell servers, and mirror the `ipmitool delloem`
capabilities:

   lan set <Mode>
    sets the NIC Selection Mode :
        dedicated, shared with lom<idx>

   lan set <Shared Failover Mode>
    sets the shared Failover Mode :
        shared with failover lom<idx>
        shared with failover all loms,
        shared with failover none.

This patch introduces the possibility to provide 3 (space-separated)
values for ipmi.bmcport:
  1st value:  0 = shared / 1 = dedicated
  2nd value   shared LOM (1-4)   (0 or no value means first available LOM)
  3rd value:  failover LOM (1-4) (0 means no failover, no value means all LOMs)

To ensure maximum compatibility with the default 0/1 shared/dedicated
scheme, the 2nd and 3rd values are optional, and will retain the
previous behavior when not specified.

Examples:

ipmi.bmcport value      BMC interface configuration
0                       Shared with first available interface, failover with
                        all LOMs (catch-all mode)
0 1                     Shared with LOM1, failover all LOMs
0 1 2                   Shared with LOM1, failover LOM2
0 2 0                   Shared with LOM2, no failover
1                       Dedicated
2024-08-12 13:20:16 -07:00

751 lines
28 KiB
Bash
Executable File

#!/bin/sh
# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
# Lenovo (c) 2016
#
# Raw commands to set BMCs to defaults
# dx320
# 0x2e 0x10 0x4d 0x4f 0x00 0xff
#
# dx340
# 0x30 0x13 0xff 0x00 0x00 0x00
#
# dx360/x3450
# 0x30 0x02 0x43 0x4c 0x52 0xaa
# 0x08 0x00 0x49 0x4e 0x54 0x45 0x4c
# 0x08 0x04
#
log_label="xcat.genesis.bmcsetup"
TIMEOUT=15
#
# Function: cold_reset_bmc
#
# Cold reset the BMC for certain servers
# Product ID: 309 - x3755 M4 (8722)
# Product ID: 43707 and Manufacturer ID: 0 - IBM Power S822LC and S812LC
#
# Otherwise the BMC will not respond to ping after running the ipmitool commands in this script
# It is found that Dell PowerEdge M605 server have the same product ID '43707', but its 'Manufacturer ID' is '674'
function cold_reset_bmc() {
if [ -z $XPROD ]; then
logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}"
rm -f /tmp/ipmicfg.xml
exit 1
fi
if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then
return
fi
if [ "$XPROD" = "309" -o "$XPROD" = "43707" ] ; then
if [ "$XPROD" = "43707" ]; then
# OpenPOWER SPECIFIC, the OpenPOWER machines with AMI BMC should NOT need a
# reset after applying ipmitool commands. However, it seems there is a problem with
# the BMC where after 15 seconds, it stops responding. To work around, sleep 30
# seconds before issuing the reset of the BMC.
snooze
else
logger -s -t $log_label -p local4.info "Resetting BMC ..."
ipmitool mc reset cold
logger -s -t $log_label -p local4.info "Waiting for the BMC to appear ..."
fi
if [ "$XPROD" = "43707" ]; then
# OpenPOWER SPECIFIC, check the BMC with the following raw command to
# make sure that the bmc is really in a "ready" state before continuing
SLEEP_INTERVAL=3
MAX_ITERATION=100
tries=0
while [ $tries -lt ${MAX_ITERATION} ] ; do
sleep ${SLEEP_INTERVAL}
ret=`ipmitool raw 0x3a 0x0a 2> /dev/null`
if [ "$ret" == " 00" ]; then
return
fi
tries=$(($tries+1))
done
TOTAL_SEC=$((${SLEEP_INTERVAL} * ${MAX_ITERATION}))
logger -s -t $log_label -p local4.error "ERROR, After waiting ${TOTAL_SEC} seconds, the BMC is not in a ready state."
else
# for Non OpenPOWER servers, just sleep for some set time.
sleep 15
TRIES=0
# Get the LAN information
while ! ipmitool lan print $LANCHAN > /dev/null; do
sleep 3
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
fi
fi
}
#
# Function snooze()
#
# The purpose of this is to work around the issue with OpenPOWER BMCs after
# making a change to network configuration, sleep 30 to be sure the changes apply.
#
function snooze() {
if [ -z $XPROD ]; then
logger -s -t $log_label -p local4.crit "CRITICAL ERROR - XPROD must be set before calling ${FUNCNAME[0]}"
rm -f /tmp/ipmicfg.xml
exit 1
fi
if [ "$XPROD" = "43707" -a "$IPMIMFG" != '0' ]; then
return
fi
if [ "$XPROD" = "43707" ]; then
# For OpenPOWER Machines
logger -s -t $log_label -p local4.debug "OpenPOWER, snooze for 30 seconds..."
sleep 30
else
sleep 1
fi
}
if ! ipmitool -V 2>/dev/null| grep "version"; then
echo "No ipmitool find, please install it first";
exit 1;
fi
# Add ipmi_devintf module to allow the ipmitool operation in-band
if grep -q "^ppc64" <<< "$(uname -m)"; then
modprobe ipmi_powernv
else
modprobe ipmi_si
fi
modprobe ipmi_devintf
for parm in `cat /proc/cmdline`; do
key=`echo $parm|awk -F= '{print $1}'`
if [ "$key" = "xcatd" ]; then
XCATMASTER=`echo $parm|awk -F= '{print $2}'|awk -F: '{print $1}'`
fi
done
allowcred.awk &
CREDPID=$!
sleep 5
IPCFGMETHOD=static
while [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; do
while ! getipmi
do
logger -s -t $log_label -p local4.info "Retrying retrieval of IPMI settings from server"
done
BMCIP=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
BMCVLAN=`grep taggedvlan /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
if [ -z "$BMCVLAN" ]; then
BMCVLAN=off;
fi
BMCGW=`grep gateway /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
BMCNM=`grep netmask /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
BMCUS=`grep username /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
BMCPW=`grep password /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
IPCFGMETHOD=`grep ipcfgmethod /tmp/ipmicfg.xml|awk -F\> '{print $2}'|awk -F\< '{print $1}'`
if [ -z "$IPCFGMETHOD" ]; then
IPCFGMETHOD="static"
fi
if [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; then
logger -s -t $log_label -p local4.err "FAILED TO RETRIEVE SETTINGS, RETRYING in 15 seconds"
sleep 15
fi
done
kill $CREDPID
NUMBMCS=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'|wc -l`
logger -s -t $log_label -p local4.debug "BMC Information obtained from xCAT"
logger -s -t $log_label -p local4.debug "NUMBMCS=$NUMBMCS ==> BMC IP=$BMCIP/$BMCNM, GW=$BMCGW, VLAN=$BMCVLAN"
#
# Get the BMC Version and Manufacturer ID
#
MC_INFO=/tmp/xcat.ipmitool.mcinfo
ipmitool mc info > ${MC_INFO}
IPMIVER=`cat ${MC_INFO} |grep ^IPMI|awk '{print $4}'`
IPMIMFG=`cat ${MC_INFO} |grep "^Manufacturer ID"|awk '{print $4}'`
# Get the BMC Product ID
XPROD=`cat ${MC_INFO} |grep "^Product ID"|awk '{print $4}'`
logger -s -t $log_label -p local4.info "IPMIVER=$IPMIVER, IPMIMFG=$IPMIMFG, XPROD=$XPROD"
#
# IPMIMFG=2 = IBM
# IPMIMFG=0 = OpenPOWER
# IPMIMFG=42817 and XPROD=16975 = OpenBMC (AC922)
# IPMIMFG=42817 and XPROD=1 = OpenBMC (IC922)
#
if [ "$IPMIMFG" == 2 ]; then #IBM
if [ "$XPROD" == "220" ]; then
LOCKEDUSERS=1
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
if [ ! -z "$BMCPORT" ]; then
let idev=0
IFS=','
for p in $BMCPORT; do
# Set the LAN Configuration Parameters (OEM)
ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
# Set the PEF Configuration Parameters (Platform Event Filtering)
ipmitool -d $idev raw 0x04 0x12 0x09 0x01 0x18 0x${p}1 0x00 > /dev/null
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do
sleep 1
# Get the LAN Configuration Parameters (OEM)
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
done
let idev=idev+1
done
unset IFS
fi
elif [ "$XPROD" == "291" ]; then
LOCKEDUSERS=1
else
# Get a ID for the server
IBMFAM=`ipmitool raw 0x3a 0x50 |head -n 1| awk '{print $1 $2 $3 $4}'`
logger -s -t $log_label -p local4.info "IBMFAM is $IBMFAM"
if [ "$IBMFAM" == "59554f4f" ]; then
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
if [ ! -z "$BMCPORT" ]; then
let idev=0
IFS=','
for p in $BMCPORT; do
ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
while [ "$CURBMCPORT" -ne "$BMCPORT" ]; do
sleep 1
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
done
let idev=idev+1
done
unset IFS
fi
fi
fi
elif [ "$IPMIMFG" == 19046 -a "$XPROD" == 13616 ] ; then
LOCKEDUSERS=1
elif [ "$IPMIMFG" == 20301 -o "$IPMIMFG" == 19046 ] ; then
IBMVPDV=`ipmitool raw 0x3a 0xb 2 0 16 1`
logger -s -t $log_label -p local4.info "XPROD is $XPROD, IBMVPDV is $IBMVPDV"
if [ $IBMVPDV -eq 2 ]; then
ISITE=1;
fi
LOCKEDUSERS=1
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
if [ ! -z "$BMCPORT" ]; then
let idev=0
IFS=','
for p in $BMCPORT; do
unset IFS
ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
IFS=','
# after this change, we need to watch and wait to see that it
# actually takes effect. On port change, the service processor
# does not migrate the network configuration over
# so we might be halfway through setting up when the net config
# reverts to dhcp then static, which setting a static ip for is
# considered invalid
CHECKBMCPORT=$(echo $p|awk '{print $1}')
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
logger -s -t $log_label -p local4.info "CURBMCPORT is $CURBMCPORT"
while [ -z "$CURBMCPORT" -o 0"$CURBMCPORT" -ne 0"$CHECKBMCPORT" ]; do
sleep 1
CURBMCPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0 | awk '{print $2}'`
done
let idev=idev+1
done
unset IFS
fi
elif [ "$IPMIMFG" == "47488" ]; then
LOCKEDUSERS=1
elif [ "$IPMIMFG" == "674" ]; then # DELL
logger -s -t $log_label -p local4.info "Dell server detected"
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
# BMCPORT can take 3 values:
# 1st value: 0 = shared / 1 = dedicated
# 2nd value shared LOM (1-4) (0 or no value means first available LOM)
# 3rd value: failover LOM (1-4) (0 means no failover, no value means all LOMs)
read -r bmc_mode shared_lom failover_lom <<< "$BMCPORT"
logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
logger -s -t $log_label -p local4.info "bmc_mode:$bmc_mode shared_lom:$shared_lom failover_lom:$failover_lom"
if [ "$bmc_mode" == "1" ]; then # dedicated
logger -s -t $log_label -p local4.info "Setting BMC to dedicated mode"
# https://github.com/ipmitool/ipmitool/issues/18
# ipmitool raw 0x30 0x28 0xAA 0xBB, with:
# AA: 01 = dedicated, 02...05 = shared with lom1...4
# BB: 00 = no failover, 02...05 = failover on lom1...4, , 06 = failover on all loms
ipmitool raw 0x30 0x28 0x01 0x00
elif [ "$bmc_mode" == "0" ]; then # shared
logger -s -t $log_label -p local4.info "Setting BMC to shared mode"
case "$failover_lom" in
"" ) xFAIL=0x06 ;;
0 ) xFAIL=0x00 ;;
[1-4]) xFAIL=$(printf 0x%02x $((failover_lom+1))) ;;
*) logger -s -t $log_label -p local4.info "WARNING: can't set failover LOM to $failover_lom, defaulting to failover all LOMs"
xFAIL=0x06 ;;
esac
case "$shared_lom" in
""|0) xLOM=00 ;;
[1-4]) xLOM=$(printf 0x%02x $((shared_lom+1))) ;;
*) logger -s -t $log_label -p local4.info "WARNING: can't set shared LOM to $shared_lom, defaulting to first available LOMs"
xLOM=00 ;;
esac
case "$xLOM" in
"00") # try to find the first available LOM
_lom=1
while ! ipmitool raw 0x30 0x28 "$(printf 0x%02x $((_lom+1)))" "$xFAIL" 2>/dev/null; do
_lom=$((_lom+1))
snooze
if [ $_lom -gt 4 ]; then
logger -s -t $log_label -p local4.info "ERROR: setting BMC to share mode failed"
break;
fi
done
;;
*) ipmitool raw 0x30 0x28 "$xLOM" "$xFAIL" || \
logger -s -t $log_label -p local4.info "ERROR: error setting BMCPORT to requested parameters"
;;
esac
fi
elif [ "$IPMIMFG" == "10876" ]; then # Supermicro
BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
logger -s -t $log_label -p local4.info "BMCPORT is $BMCPORT"
# https://www.supermicro.com/support/faqs/faq.cfm?faq=17953
if [ "$BMCPORT" == "0" ]; then # shared
ipmitool raw 0x30 0x70 0x0c 1 1
elif [ "$BMCPORT" == "1" ]; then # dedicated
ipmitool raw 0x30 0x70 0x0c 1 0
fi
elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "16975" ]; then # IBM OpenPOWER servers with OpenBMC (AC922)
ISOPENBMC=1
elif [ "$IPMIMFG" == "42817" -a "$XPROD" == "1" ]; then # IBM OpenPOWER servers with OpenBMC (IC922)
ISOPENBMC=1
fi
LAN_MED_TYPE="802.3"
if [ ! -z "$ISOPENBMC" ]; then
# For OpenBMC, the value of "Channel Medium Type" attribute could be "Other LAN" for FW drivers prior to OP940.01
# and "802.3" for FW drivers OP940.01 and later
LAN_MED_TYPE="802.3|Other LAN"
fi
# Loop through channels and pick the one to communicate on
while [ -z "$LANCHAN" ]; do
logger -s -t $log_label -p local4.info "Auto detecting LAN channel..."
for TLANCHAN in {1..16}; do
# Try to get the channel information; then get the MAC which is used for the channel
if ipmitool channel info $TLANCHAN 2> /dev/null | grep -E "$LAN_MED_TYPE" > /dev/null 2>&1 && ipmitool raw 0xc 2 $TLANCHAN 5 0 0 > /dev/null 2>&1; then
LANCHAN=$TLANCHAN
break;
fi;
echo -n "."
done
if [ -z "$LANCHAN" ]; then
logger -s -t $log_label -p local4.info "Unable to detect lan channel, retrying in 10 seconds"
sleep 10
fi
done
logger -s -t $log_label -p local4.info "Detected LAN channel $LANCHAN"
let idev=NUMBMCS
if [ $IPCFGMETHOD="static" ]; then
while [ $idev -gt 0 ]; do
let idev=idev-1
TRIES=0
# Set the channel to use STATIC IP address
while ! ipmitool -d $idev lan set $LANCHAN ipsrc static; do
snooze
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then
break;
fi
done
done
let idev=0
for b in $BMCIP; do
TRIES=0
# Set the IP for the current channel
while ! ipmitool -d $idev lan set $LANCHAN ipaddr $b; do
snooze
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then
break;
fi
done
let idev=idev+1
done
let idev=0
for m in $BMCNM; do
TRIES=0
# Set the NETMASK for the current channel
while ! ipmitool -d $idev lan set $LANCHAN netmask $m; do
snooze
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then
break;
fi
done
let idev=idev+1
done
if [ ! -z "$BMCGW" ]; then
let idev=0
for g in $BMCGW; do
TRIES=0
# Set the GATEWAY for the current channel
while ! ipmitool -d $idev lan set $LANCHAN defgw ipaddr $g; do
snooze
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then
break;
fi
done
let idev=idev+1
done
fi
else
if [ -z "$ISOPENBMC" ];then
let idev=NUMBMCS
else
let idev=0
fi
while [ $idev -gt 0 ]; do
let idev=idev-1
TRIES=0
# Set the method to get IP for the current channel, if required.
while ! ipmitool -d $idev lan set $LANCHAN ipsrc $IPCFGMETHOD; do
snooze
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then
break;
fi
done
done
fi
if [ "$BMCVLAN" = off ]; then
TRIES=0
while ! ipmitool raw 0xc 1 $LANCHAN 0x14 0 0; do
snooze
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then
break;
fi
done
else
let idev=0
for b in $BMCVLAN; do
TRIES=0
# Set VLAN for the current channel
while ! ipmitool -d $idev lan set $LANCHAN vlan id $b; do
snooze
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then
break;
fi
done
let idev=idev+1
done
fi
# update the node status to 'bmcready' for openbmc, no more configuration is needed.
if [ ! -z "$ISOPENBMC" ]; then
# To enable network configuration for openbmc
#
# For OpenBMC, FW team still suggest running the raw command instead of access on, use raw for now
#
# ipmitool -d 0 lan set $LANCHAN access on
ipmitool -d 0 raw 0x06 0x40 $LANCHAN 0x42 0x44
# update the node status to 'bmcready'
if [ ! -z "$XCATMASTER" ]; then
# Wait for some time for the new network setting is ready
snooze
if ipmitool lan print 1 | grep $BMCIP >/dev/null; then
updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
else
updateflag.awk $XCATMASTER 3002 "installstatus failed"
fi
fi
rm -f /tmp/ipmicfg.xml
exit $bmc_config_rc
fi
# After network commands are issued, pause to allow the BMC to apply (OpenPOWER)
snooze
let idev=NUMBMCS-1
for user in $BMCUS; do
if [ "$user" = "" ]; then
continue
fi
DISABLEUSERS=$(ipmitool user list $LANCHAN|awk '{print $1}'|grep -v ID)
# Get the User Slots
USERSLOT=`ipmitool -d $idev user list $LANCHAN |grep -v ^ID|awk '{print $1 " " $2}'|grep -w "$BMCUS"|awk '{print $1}'`
if [ -z "$USERSLOT" ]; then
USERSLOT=$((`ipmitool raw 6 0x44 1 1|awk '{print $3}'` + 1))
fi
if [ "$USERSLOT" == 0 ]; then
# automatically find first unlocked user slot
for slot in {1..16}; do
USERLOCKED=`ipmitool channel getaccess $LANCHAN $slot | grep Fixed | awk '{print $4}'`
if [ "$USERLOCKED" == "No" ]; then
USERSLOT=$slot
break
fi
done
fi
# fall back to userslot 2 as a last resort
if [ "$USERSLOT" == 0 ]; then $USERSLOT = 2; fi
if [ "$ISITE" = 1 ]; then
allowcred.awk &
CREDPID=$!
while ! remoteimmsetup
do
logger -s -t $log_label -p local4.info "Waiting for xCAT remote configuration of service processor via CMM.."
done
kill $CREDPID
fi
# Get the specified user
CURRENTUSER=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $2}'`
DISABLEUSERS=`echo $DISABLEUSERS|sed -e s/$USERSLOT//`
logger -s -t $log_label -p local4.info "CURRENTUSER=$CURRENTUSER, DISABLEUSERS=$DISABLEUSERS"
for userid in $DISABLEUSERS; do
TRIES=0
# Disable the non-specified user
while ! ipmitool -d $idev user disable $userid; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
done
TRIES=0
# Enable the specified user
while ! ipmitool -d $idev user enable $USERSLOT; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
ipmitool raw 6 0x43 $(($LANCHAN|176)) $USERSLOT 4
TRIES=0
if [ "$CURRENTUSER" != "$user" ]; then
# Change the user name, if necessary
while ! ipmitool -d $idev user set name $USERSLOT "$user"; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
fi
TRIES=0
# Last param in ipmitool user priv is the channel to set it on.
# Penguin boxes are all channel 2
#
# Get privilege for the specified user
#
CURRPRIV=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $6}'`
logger -s -t $log_label -p local4.info "CURRPRIV=$CURRPRIV"
if [ "$CURRPRIV" != "ADMINISTRATOR" ]; then
# Set the ADMIN privilege for the specified user
while ! ipmitool -d $idev user priv $USERSLOT 4 $LANCHAN; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
fi
TRIES=0
# Enable the channel link for the specified user
if [ "$IPMIMFG" == 343 -a "$XPROD" == 124 ]; then # For Intel S2600BP system boards
cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on ipmi=on"
else
cmd="ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on"
fi
while ! eval $cmd; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
let idev=idev-1
done
let idev=NUMBMCS-1
for bmcp in $BMCPW; do
if [ "$bmcp" = "" ]; then continue; fi
TRIES=0
# Set the password for the specified user
while ! ipmitool -d $idev user set password $USERSLOT "$bmcp"; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
logger -s -t $log_label -p local4.info "Set up following user table: "
TRIES=0
# Display the user list
ipmitool -d $idev user list $LANCHAN
let idev=idev-1
done
let idev=NUMBMCS
while [ $idev -gt 0 ]; do
let idev=idev-1
MSG="Enabling the non-volatile channel access ($LANCHAN)"
logger -s -t $log_label -p local4.info "$MSG"
TRIES=0
# Set the non-volatile channel access: enable and privilege
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x42 0x44 > /dev/null; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
MSG="Enabling the volatile channel access ($LANCHAN)"
logger -s -t $log_label -p local4.info "$MSG"
TRIES=0
# Set the volatile channel access: enable and privilege
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x82 0x84 > /dev/null; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
MSG="Enabling ARP responses"
logger -s -t $log_label -p local4.info "$MSG"
TRIES=0
# enable the ARP response on the channel
while ! ipmitool -d $idev lan set $LANCHAN arp respond on > /dev/null; do
sleep 1
let TRIES=TRIES+1
echo -n .
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
MSG="Enabling IPMI MD5 LAN access"
logger -s -t $log_label -p local4.info "$MSG"
TRIES=0
# Set the auth level to md5 for the channel
while ! ipmitool -d $idev lan set $LANCHAN auth admin md5 > /dev/null; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
if [ ! "$IPMIVER" == "1.5" ]; then
MSG="Enabling IPMI v 2.0 LAN access"
logger -s -t $log_label -p local4.info "$MSG"
# the following goals:
# - disable cipher suite 0 (if present, avoid password bypass)
# - disable cipher suite 1 (if present, to avoid weaking Kg if used)
# - enable cipher suite 2 (scenarios without perl Rijndael)
# - enable cipher suite 3
# - ignore the rest
#
# Read the LAN info
#
ZEROIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '%0$'|sed -e 's/:.*//')
ONEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^1$'|sed -e 's/:.*//')
TWOIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^2$'|sed -e 's/:.*//')
THREEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^3$'|sed -e 's/:.*//')
ACCESS=$(ipmitool lan print $LANCHAN|grep 'Cipher Suite Priv Max'|cut -d: -f 2|sed -e 's/ //g' -e 's/\(.\)/\1\n/g'|grep -v '^$')
# logger -s -t $log_label -p local4.info "ZEROIDX is $ZEROIDX, ONEIDX is $ONEIDX, TWOIDX is $TWOIDX, THREEIDX is $THREEIDX, ACCESS is $ACCESS"
NEWACCESS=""
i=1
for elem in $ACCESS; do
if [ $i = "$ZEROIDX" -o $i = "$ONEIDX" ]; then
NEWACCESS="$NEWACCESS"X
elif [ $i = "$TWOIDX" -o $i = "$THREEIDX" ]; then
#do not *downgrade* from OEM priv
if [ "$elem" != "O" ]; then NEWACCESS="$NEWACCESS"a; else NEWACCESS="$NEWACCESS"$elem; fi
else
NEWACCESS="$NEWACCESS"$elem
fi
i=$((i+1))
done
# logger -s -t $log_label -p local4.info "ACCESS=$NEWACCESS"
MSG="Set the cipher_privileges for the channel"
logger -s -t $log_label -p local4.info "$MSG"
# Set the cipher_privileges for the channel
if ipmitool lan set $LANCHAN cipher_privs $NEWACCESS > /dev/null; then
logger -s -t $log_label -p local4.info "$MSG: OK"
else
logger -s -t $log_label -p local4.info "$MSG: ERROR"
fi
MSG="Enabling SOL for channel $LANCHAN"
logger -s -t $log_label -p local4.info "$MSG"
TRIES=0
# Enable the SOL for the channel
while ! ipmitool -d $idev raw 0xc 0x21 $LANCHAN 0x1 0x1 > /dev/null; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
MSG="Enabling SOL for $BMCUS"
logger -s -t $log_label -p local4.info "$MSG"
TRIES=0
# Enable the SOL for the USER and set the payload 1
while ! ipmitool -d $idev raw 6 0x4c $LANCHAN $USERSLOT 2 0 0 0 > /dev/null; do
sleep 1
let TRIES=TRIES+1
if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then logger -s -t $log_label -p local4.err "$MSG: ERROR"; else logger -s -t $log_label -p local4.info "$MSG: OK"; fi
fi
# Cold reset the BMC
cold_reset_bmc
# update the node status to 'bmcready'
if [ ! -z "$XCATMASTER" ]; then
updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
fi
logger -s -t $log_label -p local4.info "Lighting Identify Light"
if [ "$XPROD" = "43707" -a "$IPMIMFG" = '0' ]; then
ISOPENPOWER=1
elif [ "$IPMIMFG" = "10876" ];then
# Handle Supermicro Servers (MFG=10876)
# Boston (PROD=2437), Briggs/Stratton (PROD=2355)
if [ "$XPROD" = "2437" -o "$XPROD" = "2355" ]; then
ISOPENPOWER=1
fi
fi
if [ "$ISOPENPOWER" = '1' ]; then
# OpenPOWER BMC specific, turn on the LED beacon light.
# - default interval, # ipmitool chassis identify
# Chassis identify interval: default (15 seconds)
# - 275 is too large, # ipmitool chassis identify 275
# Given interval is too big.
ipmitool chassis identify 250
else
# All other BMCs
while :
# Identify the server by turning on the LED light
do ipmitool -d $idev raw 0 4 10 > /dev/null
sleep 7
done &
fi
done
# remove the bmc configuration information before exit
rm -f /tmp/ipmicfg.xml