| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The huygens machine is based on the new pstbmc machine family from IBM.
It will be our first redundant BMC system [1]. This new system expects
to have chrony daemon to run along with the existing systemd-
timesyncd deamon.
The purpose of installing chrony in rootfs is to run chrony only in
time server mode so that it can allow other BMC to obtain time
from it.
This commit adds an override to the chrony configuration and allows
us to run both the daemons as per our use case.
[1]: https://gerrit.openbmc.org/c/openbmc/docs/+/70233
Tested: Both the daemons run parallely without any conflict.
Change-Id: I9de73ab135977847121daabefaf81265000e371e
Signed-off-by: Pavithra Barithaya <pavithrabarithaya07@gmail.com>
|
|
The huygens machine is based on the new pstbmc machine family from IBM.
It will be our first redundant BMC system [1].
The initial focus on this machine will be the redundant BMC feature.
The simulation model we use will just be 2 BMCs initially. Due to this
focus and simulation model, this commit strips out all of the host
firmware and host processor related features.
Tested:
- Confirmed in our 2 BMC simulation model that both BMCs come to Ready
and only the expected vpd services have failed
- Confirmed network into the BMCs worked as expected
[1]: https://gerrit.openbmc.org/c/openbmc/docs/+/70233
Change-Id: Ieb42337980c0ec39d16c492c77810473d5105aa0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
We are pursuing a different design point and no longer have use for this
machine.
Change-Id: I68f9333ebdb9f3a88efa784eaef2226d9d59478b
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
The webui-vue package is now enabled by default. Clean up all the meta
layers to clean up the explicit enablement.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I4895be56c70d2c8666dd96cec18d2c097f0c05a3
|
|
Remove RDEPENDS usage to bring in the webui and move to the new
IMAGE_FEATURE
Tested:
- Confirmed system1 has webui
Change-Id: I942509a3b5db2de8caf693f81f78850afd90f58d
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
currently admin user created with home directory '/' and there is an
error while deleting admin user.
this commit updates admin user home directory to /home/admin.
Tested by: Notice admin home directory and Delete admin user
Change-Id: I32210435ac0a94555d2f369e226df7e04f49d88c
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
|
|
This feature helps to support a system where multiple
BMC's will be a part of a single composed system.
etcd is a strongly consistent, distributed key-value store
that provides a reliable way to store data that needs to be
accessed by a distributed system or cluster of machines.
Enabled "etcd" package to install etcd binaries and
the required systemd units to start etcd in cluster configuration.
Tested: verified image.
Installed binaries and systemd unit files.
rootfs/etc/etcd.d/etcd-existing.conf
rootfs/etc/etcd-new.conf.sample
rootfs/etc/systemd/system/multi-user.target.wants/etcd-new.service
rootfs/etc/systemd/system/multi-user.target.wants/etcd.service
rootfs/lib/systemd/system/etcd-new.service
rootfs/lib/systemd/system/etcd.service
rootfs/usr/bin/etcd
rootfs/usr/bin/etcdctl
Change-Id: Iad30df3475b861491492168f975d7b347a1481a6
Signed-off-by: ojayanth <ojayanth@in.ibm.com>
|
|
This commit adds the rsyslogd process in P10BMC systems.
This is the revert of the commit -
https://gerrit.openbmc.org/c/openbmc/openbmc/+/59038
The OpenBMC community has defaulted to rsyslog
as the more feature rich alternative to syslog.
Even though we don’t need the remote offload capabilities of
rsyslog, it provides other features
(like forwarding other users of syslog to the journal).
Change-Id: I5f114d0157ec4d6c2390dccc5972019647f1ab20
Signed-off-by: Pavithra Barithaya <pavithra.b@ibm.com>
|
|
This is added in the line above as the witherspoon-tacoma is included in
the ibm-ac-server group. This package does not work on a tacoma though
(when building on POWER hardware) so remove it as it is not critical to
the function we need on a tacoma.
This does not build on POWER hardware due to this QEMU bug:
https://gitlab.com/qemu-project/qemu/-/issues/1528
Under the covers, the liberation-fonts repo uses fontcache.bbclass which
utilizes qemu-arm in the cross-compile environment.
Once the following bug is in a QEMU recipe, this will resolve the issue
but there's no reason to include this package on tacoma.
Tested:
- Confirmed witherspoon-tacoma machine builds on POWER hardware
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I98220a51b838498b572bda07b28ed483e9316889
|
|
This is added in the line above as the witherspoon-tacoma is included in
the ibm-ac-server group. This package does not work on a tacoma though
so remove it.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ibf1bc79d6e33646bfff1fa4f560b0b3a40ceb270
|
|
This commit removes the unused rsyslogd
process running in P10BMC systems.
The REST API for this was disabled long back.
Test:
Tested on P10BMC machine.
systemctl status rysylog.service
Unit rysylog.service could not be found.
Removing rsyslog service doesn't affect BMC
boot time.
Signed-off-by: Priyanga Ramasamy <priyanga24@in.ibm.com>
Change-Id: I1b8b1fac9cef4601717fd4daeaf7f76d8b1f4200
|
|
A fork of it is maintained but its upstream layer has largely been
unmaintained.
No future products are planned to be based on this layer.
Mihawk is similar to Witherspoon.
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
Change-Id: I82f7d777b78cd126237d51e42f1e11abdf80ae68
|
|
phosphor-defaults.inc now automatically inherits extrausers and
configures the default root/0penBmc account, so individual platforms no
longer need to specify either explicitly.
Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Change-Id: Ic2b725f0eaadfafef67069449497e57438fa0fba
|
|
phosphor-dbus-monitor still uses autoconf and has a hard dependency on
phosphor-snmp, causing phosphor-snmp to be brought in on systems that
have no interest in using SNMP. The vast majority of systems do not
supply any config for phosphor-dbus-monitor, so the usage of it does not
seem wide enough to enable the IMAGE_FEATURE by default.
- Remove 'obmc-dbus-monitor' from IMAGE_FEATURE by default.
- Clean up all systems that manually remove the dbus-monitor feature or
package.
- Explicitly add the 'obmc-dbus-monitor' to the following systems:
- meta-ibm: all
- meta-inspur: fp5280g2
- meta-quanta: s6q
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iad6c4104466e21d1b9843dac964a634019eb6935
|
|
This package does not currently support openssl v3:
| TpmToOsslMath.h:79:5: error: #error Untested OpenSSL version
| 79 | # error Untested OpenSSL version
| | ^~~~~
For now, remove this package so we can make forward progress with
openssl v3 in openbmc.
The following issue appears to be tracking support:
https://sourceforge.net/p/ibmswtpm2/tickets/18/
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I2249c323b8219525dcef856d8ceab63de417e299
|
|
This feature is not needed on p10bmc systems and causes unwanted probing
of i2c hardware and journal entries.
Tested:
- Booted p10bmc machine and made sure it still worked as expected
and no new errors arose
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Idff2477060f5719ad85529daff28ef945e77700e
|
|
Running out of flash space on our witherspoon system so need to cut
back some function. Telemetry is fairly new and takes a sizeable chunk
of flash space (200KB)
Tested:
- Verified squashfs went from 19.20MB to 19.00MB with this change
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I1741649f573cd25363167d69b4a802f2f261d93a
|
|
Change-Id: I9116ed7260e369136acb39eec15075db2d4dbeba
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
Background:
OpenBMC provisions the BMC firmware image with the root account password
in a form which is no longer acceptable to Linux-PAM version 1.5.1.
Specifically, [phosphor-defaults.inc][] sets the password hash into
/etc/shadow as "\$1\$UGMqyqdG\$FZiylVFmRRfl9Z0Ue8G7e/", where $1
indicates the deprecated [MD5 hash algorithm][]. Ref: [wikipedia passwd
entry][]. Beginning around PAM version 1.5.1, when you log in, the
[pam_unix.so module][] authenticates okay but requires the password to
be changed. (For example, you'll get a message like "You are required
to change your password immediately (administrator enforced)." This
behavior is undesirable for OpenBMC project defaults, and is not
tolerated by the project's current continuous integration tools.)
This change is to replace the password hash to keep the same cleartext
password but hashed with an acceptable algorithm.
Specifically, the password hash supplied in phosphor-defaults.inc is
updated to use the same password as before but encoded
with the SHA-512 algorithm. The hash was generated by the
`openssl passwd -6 0penBmc` command. This change ought to be
transparent and forward and backward compatible.
Note various meta-layers use this same hash string in
conf/local.conf.sample files. They are changed to match.
References:
[phosphor-defaults.inc]: https://github.com/openbmc/openbmc/blob/1a977b269ed437bebb9ae7810e3157746ec9174d/meta-phosphor/conf/distro/include/phosphor-defa
ults.inc#L245
[wikipedia passwd entry]: https://en.wikipedia.org/wiki/Passwd
[pam_unix.so module]: https://github.com/linux-pam/linux-pam/tree/master/modules/pam_unix
[MD5 hash algorithm]: https://en.wikipedia.org/wiki/MD5
Tested:
Created image with new password hash and PAM 1.5.1 and checked that
login works okay and does not require the passwod to be changed.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I5b189374f08ba506dbed7f8b9b991f2808cc3bc5
|
|
Background: The OpenBmc project default root account password is set
in meta-phosphor/conf/distro/include/phosphor-defaults.inc and can be
customized in each layer's local.conf file.
Many of these local.conf.sample files had redundant code to set the
password, which probably should not have been there. Removing them
allows the defaults in phosphor-defaults.inc to take effect.
Tested: No. Only meta-ibm was tested.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I76dce00d269d7afa005d7bcfd63f846d3cf45596
|
|
This creates a new DISTRO_FEATURE "ibm-service-account-policy" which
- Adds an admin account which cannot SSH to the BMC's command shell.
- Adds a service account which can SSH and has passwordless sudo access.
This feature is applied to witherspoon-tacoma and p10bmc (rainier).
Tested:
The image behaves as before when the distro feature is not configured.
When the distro feature is configured:
The root user has the same access as before.
The admin user:
- Is not allowed to access the BMC's command shell.
- Console login gets: This account is currently not available.
- SSH login gets: Permission denied, please try again.
- Redfish and REST API access works with role=Administrator.
The service user:
- Console login to the BMC's command shell works. The home
directory is /. Passwordless sudo works.
- SSH login works and using sudo from a SSH session works.
- Redfish and REST API access works with role=Administrator.
Change-Id: Icac5ba7f4fa663047709ab55007bbcfec8158f5e
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
|
The IBM rainier machine name is being replaced with the generic p10bmc.
Change-Id: I0a265a7eb9d763a8385a7139dae47bf2f475c672
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
The ibmtpm2tss tools are required to use the Nuvoton NPCT750A TPM
from userland.
The ibmtpm2tss package also required OpenSSL camellia support, so
remove the override disabling that for those two machines.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Change-Id: Ifc0afc58f4a31ea4b6d1750d470738d0d0e82754
|
|
openbmc master has exceeded the available flash space on witherspoon.
Remove LDAP so it fits again and we can continue to use witherspoon for
HW CI validation of openbmc master commits.
IBM has forked off its own openbmc repo for maintenance of customer
witherspoon systems. Therefore it is not necessary for openbmc
master to continue to support everything.
Tested:
- Verified generated image flashes on witherspoon and HW CI tests passed
- obmc-phosphor-image-witherspoon.squashfs-xz 19.27MB -> 18.53MB
(From meta-ibm rev: 6390f0999f00b1cdfe19daf2d7e8868c25808497)
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I39b5d785919bdcd54b6bcf04217439050442f119
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
- This commit removes the first-boot-set-mac service as the
similar and a better functionaly is now implemented in
phosphor-networkd service.
- Here are the few disadvantages of the first-boot-set-mac service
1. The first-boot-set-mac is a script is not scalable with the
increase in the number of ethernet interfaces.
2. Why do we need a new service just for setting the MAC Address
when the network service alone can do it , and it makes sense
to tie up this feature with Network as setting MAC address
functionality is implemented and owned by networkd.
3. With first-boot-set MAC, we need to make sure the VPD is populated
before , if for any reason the VPD is not generated the first-boot
service cannot help set the MAC.
(From meta-ibm rev: 8638c6eb8d54507b632088b329c104e859cd8d19)
Signed-off-by: manojkiran.eda@gmail.com <manojeda@in.ibm.com>
Change-Id: I955834b56c28f9a311563dd40607c8f2ba305d40
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
The metadata common to all IBM systems is confusingly split between
meta-ibm and meta-witherspoon. Move everything to meta-ibm.
The meta-ibm README is re-written to more accurately reflect the scope
of the layer.
Allow the configuration samples (bblayers.conf.sample,
local.conf.sample) to be sourced from either meta-ibm or
meta-witherspoon until such a time that any workflows and tooling have
had the opportunity to move to meta-ibm.
(From meta-ibm rev: 6e05ef2e90b214eaf4e43ee7027bbbb1d8d09442)
Change-Id: I3ec890d5300f9649c974ea6b9dca93a2e8a889ab
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
