From 036d1d1dcc3d3f7b64bea8da9eb37102630649bc Mon Sep 17 00:00:00 2001 From: NodeMan97 Date: Fri, 17 Jun 2022 09:27:51 -0500 Subject: meta-ibm: disable phosphor-ipmi-net by default p10bmc This change will disable the IPMI network interface by default on the first boot of a p10bmc system after a factory reset. After the first boot the service is prevented from running again and from there on adheres to the customers settings. It is necessary that IPMI network services are started for a brief moment in time to ensure they show up in the systemd service list. This is important to ensure that the service-config-manager, which is responsible for enabling/disabling these services can properly locate them in the systemd service list. Tested: - Issued 5 mini-factory resets to mimic a fresh system boot Verified service-config-manager identified both IPMI service and socket files for eth0 and eth1 Verified IPMI was disabled by default Verified could enable IPMI via the web UI and could issue IPMI commands using ipmitool with a user that was in the IPMI group Verified that once IPMI was enabled, it stayed enabled through BMC reboots Verified when IPMI was disabled via the GUI, it stayed disabled through BMC reboots Signed-off-by: Corey Hardesty Change-Id: Idad03366c1eb11cbfd7f4ad700976c177eb0121f --- .../first-boot-disable-ipmi-net.service | 26 ++++++++++++++++++++++ .../ipmi/phosphor-ipmi-net_%.bbappend | 9 ++++++++ 2 files changed, 35 insertions(+) create mode 100644 meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net/first-boot-disable-ipmi-net.service (limited to 'meta-ibm/recipes-phosphor/ipmi') diff --git a/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net/first-boot-disable-ipmi-net.service b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net/first-boot-disable-ipmi-net.service new file mode 100644 index 0000000000..92b8c3fb54 --- /dev/null +++ b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net/first-boot-disable-ipmi-net.service @@ -0,0 +1,26 @@ +[Unit] +Description=First Boot Disable IPMI Network +After=phosphor-ipmi-net@eth0.service +After=phosphor-ipmi-net@eth1.service +After=phosphor-ipmi-net@eth0.socket +After=phosphor-ipmi-net@eth1.socket +Before=srvcfg-manager.service +ConditionFileNotEmpty=!/var/lib/ipmi-net-disable-one-time + +[Service] +ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth0.socket +ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth0.socket +ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth0.service +ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth0.service +ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth1.socket +ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth1.socket +ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth1.service +ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth1.service +ExecStart=/bin/systemctl --no-reload disable first-boot-disable-ipmi-net.service +ExecStart=/bin/touch /var/lib/ipmi-net-disable-one-time +SyslogIdentifier=first-boot-disable-ipmi-net +Type=oneshot +RemainAfterExit=Yes + +[Install] +WantedBy=multi-user.target diff --git a/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend index 82705c4924..788343201c 100644 --- a/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend +++ b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend @@ -9,3 +9,12 @@ SYSTEMD_SERVICE:${PN}:append:p10bmc = " \ ${PN}@${ALT_RMCPP_IFACE}.service \ ${PN}@${ALT_RMCPP_IFACE}.socket \ " + +FILESEXTRAPATHS:prepend:p10bmc := "${THISDIR}/${PN}:" +SRC_URI:append:p10bmc = " file://first-boot-disable-ipmi-net.service" +SYSTEMD_SERVICE:${PN}:append:p10bmc = " first-boot-disable-ipmi-net.service" + +do_install:append:p10bmc() { + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/first-boot-disable-ipmi-net.service ${D}${systemd_system_unitdir}/ +} -- cgit v1.2.3