diff options
author | jmbills <jason.m.bills@intel.com> | 2022-01-18 21:55:05 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-18 21:55:05 +0300 |
commit | 7cf0c1cd0ce835d1833509b7b911e8a97380278b (patch) | |
tree | 0b45c3beaa9874facc4ed1a2395a31e42be0135d /meta-supermicro/meta-common/recipes-extended | |
parent | 4dac5fcd49b5e2de1074f1363775ec0f19041072 (diff) | |
parent | 1fc0d70f658da30091bcd49f9bf29aecd6b99ba7 (diff) | |
download | openbmc-7cf0c1cd0ce835d1833509b7b911e8a97380278b.tar.xz |
Merge pull request #76 from Intel-BMC/update1-0.86
Update
Diffstat (limited to 'meta-supermicro/meta-common/recipes-extended')
8 files changed, 180 insertions, 0 deletions
diff --git a/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password b/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password new file mode 100644 index 000000000..5a42680ee --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password @@ -0,0 +1,30 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# here are the per-package modules (the "Primary" block) +password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=9 difok=0 lcredit=-1 ocredit=-1 dcredit=-1 ucredit=-1 maxrepeat=3 +password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi use_authtok +password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok +password [success=ok default=die] pam_unix.so sha512 use_authtok +password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) diff --git a/meta-supermicro/meta-common/recipes-extended/pam/libpam_%.bbappend b/meta-supermicro/meta-common/recipes-extended/pam/libpam_%.bbappend new file mode 100644 index 000000000..20fe5e4cd --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/pam/libpam_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS:append := "${THISDIR}/${PN}:" + +SRC_URI += " file://pam.d/common-password \ + " diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.service b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.service new file mode 100644 index 000000000..8f3a2bc31 --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.service @@ -0,0 +1,9 @@ +[Unit] +Description=Rotate the event logs + +[Service] +Type=simple +ExecStart=/usr/bin/rotate-event-logs.sh + +[Install] +WantedBy=multi-user.target diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.sh b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.sh new file mode 100644 index 000000000..5a8c5cc10 --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +while true; do + sleep 60 + /usr/sbin/logrotate /etc/logrotate.d/logrotate.rsyslog + ec=$? + if [ $ec -ne 0 ] ; then + echo "logrotate failed ($ec)" + fi +done diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog-override.conf b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog-override.conf new file mode 100644 index 000000000..14bcc0781 --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog-override.conf @@ -0,0 +1,2 @@ +[Service] +ExecReload=/bin/kill -HUP $MAINPID diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.conf b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.conf new file mode 100644 index 000000000..46a287eef --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.conf @@ -0,0 +1,79 @@ +# if you experience problems, check +# http://www.rsyslog.com/troubleshoot for assistance + +# rsyslog v3: load input modules +# If you do not load inputs, nothing happens! +# You may need to set the module load path if modules are not found. +# +# Ported from debian's sysklogd.conf + +# Journal-style logging +# Limit to no more than 2000 entries in one minute and enable the +# journal workaround to avoid duplicate entries +module(load="imjournal" StateFile="/var/log/state" + RateLimit.Interval="60" + RateLimit.Burst="2000") + +# Template for IPMI SEL messages +# "<timestamp> <ID>,<Type>,<EventData>,[<Generator ID>,<Path>,<Direction>]" +template(name="IPMISELTemplate" type="list") { + property(name="timereported" dateFormat="rfc3339") + constant(value=" ") + property(name="$!IPMI_SEL_RECORD_ID") + constant(value=",") + property(name="$!IPMI_SEL_RECORD_TYPE") + constant(value=",") + property(name="$!IPMI_SEL_DATA") + constant(value=",") + property(name="$!IPMI_SEL_GENERATOR_ID") + constant(value=",") + property(name="$!IPMI_SEL_SENSOR_PATH") + constant(value=",") + property(name="$!IPMI_SEL_EVENT_DIR") + constant(value="\n") +} + +# Template for Redfish messages +# "<timestamp> <MessageId>,<MessageArgs>" +template(name="RedfishTemplate" type="list") { + property(name="timereported" dateFormat="rfc3339") + constant(value=" ") + property(name="$!REDFISH_MESSAGE_ID") + constant(value=",") + property(name="$!REDFISH_MESSAGE_ARGS") + constant(value="\n") +} + +# Template for Application Crashes +# "<timestamp> <MessageId>,<MessageArgs>" +template(name="CrashTemplate" type="list") { + property(name="timereported" dateFormat="rfc3339") + constant(value=" ") + constant(value="OpenBMC.0.1.ServiceFailure") + constant(value=",") + property(name="$!UNIT") + constant(value="\n") +} + + +# If the journal entry has the IPMI SEL MESSAGE_ID, save as IPMI SEL +# The MESSAGE_ID string is generated using journalctl and must match the +# MESSAGE_ID used in IPMI to correctly find the SEL entries. +if ($!MESSAGE_ID == "b370836ccf2f4850ac5bee185b77893a") then { + action(type="omfile" file="/var/log/ipmi_sel" template="IPMISELTemplate") +} + +# If the journal entry has a Redfish MessageId, save as a Redfish event +if ($!REDFISH_MESSAGE_ID != "") then { + action(type="omfile" file="/var/log/redfish" template="RedfishTemplate") +} + +# If the journal entry has a Exit Code, save as a Redfish event +if ($!EXIT_STATUS != "" and $!EXIT_STATUS != "0") then { + action(type="omfile" file="/var/log/redfish" template="CrashTemplate") +} + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate new file mode 100644 index 000000000..a6ba28d86 --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate @@ -0,0 +1,22 @@ +# /etc/logrotate.d/rsyslog - Ported from Debian + +# Keep up to four 64k files for ipmi_sel (256k total) +/var/log/ipmi_sel +{ + rotate 3 + size 64k + missingok + postrotate + systemctl reload rsyslog 2> /dev/null || true + endscript +} +# Keep up to four 64k files for redfish (256k total) +/var/log/redfish +{ + rotate 3 + size 64k + missingok + postrotate + systemctl reload rsyslog 2> /dev/null || true + endscript +} diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend new file mode 100644 index 000000000..034ae3cfa --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend @@ -0,0 +1,24 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://rsyslog.conf \ + file://rsyslog.logrotate \ + file://rotate-event-logs.service \ + file://rotate-event-logs.sh \ + file://rsyslog-override.conf \ + " + +FILES:${PN} += "${systemd_system_unitdir}/rsyslog.service.d/rsyslog-override.conf" + +PACKAGECONFIG:append = " imjournal" + +do_install:append() { + install -m 0644 ${WORKDIR}/rotate-event-logs.service ${D}${systemd_system_unitdir} + install -d ${D}${systemd_system_unitdir}/rsyslog.service.d + install -m 0644 ${WORKDIR}/rsyslog-override.conf \ + ${D}${systemd_system_unitdir}/rsyslog.service.d/rsyslog-override.conf + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/rotate-event-logs.sh ${D}/${bindir}/rotate-event-logs.sh + rm ${D}${sysconfdir}/rsyslog.d/imjournal.conf +} + +SYSTEMD_SERVICE:${PN} += " rotate-event-logs.service" |