summaryrefslogtreecommitdiff
path: root/meta-supermicro/meta-common/recipes-extended
diff options
context:
space:
mode:
Diffstat (limited to 'meta-supermicro/meta-common/recipes-extended')
-rw-r--r--meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password30
-rw-r--r--meta-supermicro/meta-common/recipes-extended/pam/libpam_%.bbappend4
-rw-r--r--meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.service9
-rw-r--r--meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.sh10
-rw-r--r--meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog-override.conf2
-rw-r--r--meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.conf79
-rw-r--r--meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate22
-rw-r--r--meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend24
8 files changed, 180 insertions, 0 deletions
diff --git a/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password b/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password
new file mode 100644
index 000000000..5a42680ee
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password
@@ -0,0 +1,30 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords. The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords. Without this option,
+# the default is Unix crypt. Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# here are the per-package modules (the "Primary" block)
+password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=9 difok=0 lcredit=-1 ocredit=-1 dcredit=-1 ucredit=-1 maxrepeat=3
+password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi use_authtok
+password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok
+password [success=ok default=die] pam_unix.so sha512 use_authtok
+password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
diff --git a/meta-supermicro/meta-common/recipes-extended/pam/libpam_%.bbappend b/meta-supermicro/meta-common/recipes-extended/pam/libpam_%.bbappend
new file mode 100644
index 000000000..20fe5e4cd
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/pam/libpam_%.bbappend
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS:append := "${THISDIR}/${PN}:"
+
+SRC_URI += " file://pam.d/common-password \
+ "
diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.service b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.service
new file mode 100644
index 000000000..8f3a2bc31
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Rotate the event logs
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/rotate-event-logs.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.sh b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.sh
new file mode 100644
index 000000000..5a8c5cc10
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rotate-event-logs.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+while true; do
+ sleep 60
+ /usr/sbin/logrotate /etc/logrotate.d/logrotate.rsyslog
+ ec=$?
+ if [ $ec -ne 0 ] ; then
+ echo "logrotate failed ($ec)"
+ fi
+done
diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog-override.conf b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog-override.conf
new file mode 100644
index 000000000..14bcc0781
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog-override.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecReload=/bin/kill -HUP $MAINPID
diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.conf b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.conf
new file mode 100644
index 000000000..46a287eef
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.conf
@@ -0,0 +1,79 @@
+# if you experience problems, check
+# http://www.rsyslog.com/troubleshoot for assistance
+
+# rsyslog v3: load input modules
+# If you do not load inputs, nothing happens!
+# You may need to set the module load path if modules are not found.
+#
+# Ported from debian's sysklogd.conf
+
+# Journal-style logging
+# Limit to no more than 2000 entries in one minute and enable the
+# journal workaround to avoid duplicate entries
+module(load="imjournal" StateFile="/var/log/state"
+ RateLimit.Interval="60"
+ RateLimit.Burst="2000")
+
+# Template for IPMI SEL messages
+# "<timestamp> <ID>,<Type>,<EventData>,[<Generator ID>,<Path>,<Direction>]"
+template(name="IPMISELTemplate" type="list") {
+ property(name="timereported" dateFormat="rfc3339")
+ constant(value=" ")
+ property(name="$!IPMI_SEL_RECORD_ID")
+ constant(value=",")
+ property(name="$!IPMI_SEL_RECORD_TYPE")
+ constant(value=",")
+ property(name="$!IPMI_SEL_DATA")
+ constant(value=",")
+ property(name="$!IPMI_SEL_GENERATOR_ID")
+ constant(value=",")
+ property(name="$!IPMI_SEL_SENSOR_PATH")
+ constant(value=",")
+ property(name="$!IPMI_SEL_EVENT_DIR")
+ constant(value="\n")
+}
+
+# Template for Redfish messages
+# "<timestamp> <MessageId>,<MessageArgs>"
+template(name="RedfishTemplate" type="list") {
+ property(name="timereported" dateFormat="rfc3339")
+ constant(value=" ")
+ property(name="$!REDFISH_MESSAGE_ID")
+ constant(value=",")
+ property(name="$!REDFISH_MESSAGE_ARGS")
+ constant(value="\n")
+}
+
+# Template for Application Crashes
+# "<timestamp> <MessageId>,<MessageArgs>"
+template(name="CrashTemplate" type="list") {
+ property(name="timereported" dateFormat="rfc3339")
+ constant(value=" ")
+ constant(value="OpenBMC.0.1.ServiceFailure")
+ constant(value=",")
+ property(name="$!UNIT")
+ constant(value="\n")
+}
+
+
+# If the journal entry has the IPMI SEL MESSAGE_ID, save as IPMI SEL
+# The MESSAGE_ID string is generated using journalctl and must match the
+# MESSAGE_ID used in IPMI to correctly find the SEL entries.
+if ($!MESSAGE_ID == "b370836ccf2f4850ac5bee185b77893a") then {
+ action(type="omfile" file="/var/log/ipmi_sel" template="IPMISELTemplate")
+}
+
+# If the journal entry has a Redfish MessageId, save as a Redfish event
+if ($!REDFISH_MESSAGE_ID != "") then {
+ action(type="omfile" file="/var/log/redfish" template="RedfishTemplate")
+}
+
+# If the journal entry has a Exit Code, save as a Redfish event
+if ($!EXIT_STATUS != "" and $!EXIT_STATUS != "0") then {
+ action(type="omfile" file="/var/log/redfish" template="CrashTemplate")
+}
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
new file mode 100644
index 000000000..a6ba28d86
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
@@ -0,0 +1,22 @@
+# /etc/logrotate.d/rsyslog - Ported from Debian
+
+# Keep up to four 64k files for ipmi_sel (256k total)
+/var/log/ipmi_sel
+{
+ rotate 3
+ size 64k
+ missingok
+ postrotate
+ systemctl reload rsyslog 2> /dev/null || true
+ endscript
+}
+# Keep up to four 64k files for redfish (256k total)
+/var/log/redfish
+{
+ rotate 3
+ size 64k
+ missingok
+ postrotate
+ systemctl reload rsyslog 2> /dev/null || true
+ endscript
+}
diff --git a/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend
new file mode 100644
index 000000000..034ae3cfa
--- /dev/null
+++ b/meta-supermicro/meta-common/recipes-extended/rsyslog/rsyslog_%.bbappend
@@ -0,0 +1,24 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "file://rsyslog.conf \
+ file://rsyslog.logrotate \
+ file://rotate-event-logs.service \
+ file://rotate-event-logs.sh \
+ file://rsyslog-override.conf \
+ "
+
+FILES:${PN} += "${systemd_system_unitdir}/rsyslog.service.d/rsyslog-override.conf"
+
+PACKAGECONFIG:append = " imjournal"
+
+do_install:append() {
+ install -m 0644 ${WORKDIR}/rotate-event-logs.service ${D}${systemd_system_unitdir}
+ install -d ${D}${systemd_system_unitdir}/rsyslog.service.d
+ install -m 0644 ${WORKDIR}/rsyslog-override.conf \
+ ${D}${systemd_system_unitdir}/rsyslog.service.d/rsyslog-override.conf
+ install -d ${D}${bindir}
+ install -m 0755 ${WORKDIR}/rotate-event-logs.sh ${D}/${bindir}/rotate-event-logs.sh
+ rm ${D}${sysconfdir}/rsyslog.d/imjournal.conf
+}
+
+SYSTEMD_SERVICE:${PN} += " rotate-event-logs.service"
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-16 07:22:32 +0300