Age | Commit message (Collapse) | Author | Files | Lines |
|
This creates a new DISTRO_FEATURE "ibm-service-account-policy" which
- Adds an admin account which cannot SSH to the BMC's command shell.
- Adds a service account which can SSH and has passwordless sudo access.
This feature is applied to witherspoon-tacoma and p10bmc (rainier).
Tested:
The image behaves as before when the distro feature is not configured.
When the distro feature is configured:
The root user has the same access as before.
The admin user:
- Is not allowed to access the BMC's command shell.
- Console login gets: This account is currently not available.
- SSH login gets: Permission denied, please try again.
- Redfish and REST API access works with role=Administrator.
The service user:
- Console login to the BMC's command shell works. The home
directory is /. Passwordless sudo works.
- SSH login works and using sudo from a SSH session works.
- Redfish and REST API access works with role=Administrator.
Change-Id: Icac5ba7f4fa663047709ab55007bbcfec8158f5e
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
|
The IBM rainier machine name is being replaced with the generic p10bmc.
Change-Id: I0a265a7eb9d763a8385a7139dae47bf2f475c672
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
The ibmtpm2tss tools are required to use the Nuvoton NPCT750A TPM
from userland.
The ibmtpm2tss package also required OpenSSL camellia support, so
remove the override disabling that for those two machines.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Change-Id: Ifc0afc58f4a31ea4b6d1750d470738d0d0e82754
|
|
openbmc master has exceeded the available flash space on witherspoon.
Remove LDAP so it fits again and we can continue to use witherspoon for
HW CI validation of openbmc master commits.
IBM has forked off its own openbmc repo for maintenance of customer
witherspoon systems. Therefore it is not necessary for openbmc
master to continue to support everything.
Tested:
- Verified generated image flashes on witherspoon and HW CI tests passed
- obmc-phosphor-image-witherspoon.squashfs-xz 19.27MB -> 18.53MB
(From meta-ibm rev: 6390f0999f00b1cdfe19daf2d7e8868c25808497)
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I39b5d785919bdcd54b6bcf04217439050442f119
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
- This commit removes the first-boot-set-mac service as the
similar and a better functionaly is now implemented in
phosphor-networkd service.
- Here are the few disadvantages of the first-boot-set-mac service
1. The first-boot-set-mac is a script is not scalable with the
increase in the number of ethernet interfaces.
2. Why do we need a new service just for setting the MAC Address
when the network service alone can do it , and it makes sense
to tie up this feature with Network as setting MAC address
functionality is implemented and owned by networkd.
3. With first-boot-set MAC, we need to make sure the VPD is populated
before , if for any reason the VPD is not generated the first-boot
service cannot help set the MAC.
(From meta-ibm rev: 8638c6eb8d54507b632088b329c104e859cd8d19)
Signed-off-by: manojkiran.eda@gmail.com <manojeda@in.ibm.com>
Change-Id: I955834b56c28f9a311563dd40607c8f2ba305d40
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
The metadata common to all IBM systems is confusingly split between
meta-ibm and meta-witherspoon. Move everything to meta-ibm.
The meta-ibm README is re-written to more accurately reflect the scope
of the layer.
Allow the configuration samples (bblayers.conf.sample,
local.conf.sample) to be sourced from either meta-ibm or
meta-witherspoon until such a time that any workflows and tooling have
had the opportunity to move to meta-ibm.
(From meta-ibm rev: 6e05ef2e90b214eaf4e43ee7027bbbb1d8d09442)
Change-Id: I3ec890d5300f9649c974ea6b9dca93a2e8a889ab
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|