From 03e495fcab2391a59426df61b93b794d9b78032e Mon Sep 17 00:00:00 2001 From: morimoto-cybozu Date: Wed, 25 Oct 2023 01:14:00 +0000 Subject: [PATCH] Add "repair" BMC user Signed-off-by: morimoto-cybozu --- CHANGELOG.md | 3 +++ config/config.go | 1 + config/config_test.go | 6 ++++++ docs/config.md | 7 +++++-- pkg/setup-hw/dell.go | 31 +++++++++++++++++++++++-------- testdata/bmc-user.json | 6 ++++++ 6 files changed, 44 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 69b427b..7cf538c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +- Add "repair" BMC user in [#96](https://github.com/cybozu-go/setup-hw/pull/96) + - **Breaking change:** This user is mandatory for iDRAC. + ## [1.14.3] - 2023-08-15 - Disable "iDRAC path through I/F" in [#93](https://github.com/cybozu-go/setup-hw/pull/93) - Factory setting has been changed that iDRAC path through I/F enabled, but it gives problem to neco setup. diff --git a/config/config.go b/config/config.go index cb4c49b..a4654e2 100644 --- a/config/config.go +++ b/config/config.go @@ -80,6 +80,7 @@ type Credentials struct { // UserConfig represents a set of BMC user credentials in JSON format. type UserConfig struct { Root Credentials `json:"root"` + Repair Credentials `json:"repair"` Power Credentials `json:"power"` Support Credentials `json:"support"` } diff --git a/config/config_test.go b/config/config_test.go index 02414b5..05314cb 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -86,6 +86,12 @@ func TestUserConfig(t *testing.T) { if uc.Root.Password.Salt != "593C31FF6D409480F032AA2FF6EC781E" { t.Error("wrong root password salt") } + if uc.Repair.Password.Hash != "78B13CF445B376D74BD1BEBA0B8802AD691D69483E752191D06D3C0AF362DAD8" { + t.Error("wrong repair password hash") + } + if uc.Repair.Password.Salt != "8E4934DDBEEE7C9AE9427A8283D7FA10" { + t.Error("wrong repair password salt") + } if uc.Power.Password.Raw != "ranranran" { t.Error("wrong power password") } diff --git a/docs/config.md b/docs/config.md index bc4457a..199ed80 100644 --- a/docs/config.md +++ b/docs/config.md @@ -27,9 +27,12 @@ This file contains credentials of BMC users. BMC users are statically defined in `setup-hw` as follows: * `root`: The administrator of BMC. -* `power`: Control power supply. +* `repair`: Restricted user who can execute repair operations, e.g. BMC reset. +* `power`: Restricted user who can control power supply. * `support`: Read-only account. +All users are mandatory for iDRAC. + Credential types are: * Raw password @@ -37,7 +40,7 @@ Credential types are: For iDRAC, use [`idrac-passwd-hash`](../pkg/idrac-passwd-hash) tool to generate them. Supported credential types varies by BMC types. -iDRAC, BMC embedded in Dell servers, supports all credential types. +iDRAC supports all credential types. Example: diff --git a/pkg/setup-hw/dell.go b/pkg/setup-hw/dell.go index c7359f1..95c810b 100644 --- a/pkg/setup-hw/dell.go +++ b/pkg/setup-hw/dell.go @@ -526,15 +526,27 @@ func (dc *dellConfigurator) configIPMI(ctx context.Context) error { return racadmRetry(ctx, "set", key, "1") } +// configUser creates/updates an iDRAC user with specified parameters +// +// priv is the bitwise OR of the following privileges: +// - 0x001 Login +// - 0x002 Configure +// - 0x004 Configure Users +// - 0x008 Logs +// - 0x010 System Control +// - 0x020 Access Virtual Console +// - 0x040 Access Virtual Media +// - 0x080 System Operations +// - 0x100 Debug +// +// ipmiPriv is one of the following privileges: +// - 1 Callback level +// - 2 User level +// - 3 Operator level +// - 4 Administrator level +// - 5 OEM Proprietary level +// - 15 No access func (dc *dellConfigurator) configUser(ctx context.Context, idx, name, priv, ipmiPriv string, cred config.Credentials) error { - // ipmipriv: - // - 1 Callback level - // - 2 User level - // - 3 Operator level - // - 4 Administrator level - // - 5 OEM Proprietary level - // - 15 No access - prefix := "iDRAC.Users." + idx + "." if _, err := racadmSetConfig(ctx, prefix+"Username", name); err != nil { return err @@ -578,6 +590,9 @@ func (dc *dellConfigurator) configUsers(ctx context.Context) error { if err := dc.configUser(ctx, "4", "power", "0x11", "3", dc.userConfig.Power); err != nil { return err } + if err := dc.configUser(ctx, "5", "repair", "0x13", "15", dc.userConfig.Repair); err != nil { + return err + } return nil } diff --git a/testdata/bmc-user.json b/testdata/bmc-user.json index 96698c2..c15d005 100644 --- a/testdata/bmc-user.json +++ b/testdata/bmc-user.json @@ -5,6 +5,12 @@ "salt": "593C31FF6D409480F032AA2FF6EC781E" } }, + "repair": { + "password": { + "hash": "78B13CF445B376D74BD1BEBA0B8802AD691D69483E752191D06D3C0AF362DAD8", + "salt": "8E4934DDBEEE7C9AE9427A8283D7FA10" + } + }, "power": { "password": { "raw": "ranranran"