Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / 68e567f9e76d4e54a70a84dbc43050d4cf214562
commit68e567f9e76d4e54a70a84dbc43050d4cf214562[log] [tgz]
authorJoseph Reynolds <joseph-reynolds@charter.net>Wed Feb 24 17:20:01 2021 -0600
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Thu May 13 12:17:14 2021 +0000
tree7f0b2303f18125cffbff28fca850bfcd20023e1e
parent01439a98f9b7b599ac02da3d90bc1954aee86cd8 [diff]
IBM DISTRO_FEATURE ibm-service-account-policy

This creates a new DISTRO_FEATURE "ibm-service-account-policy" which
 - Adds an admin account which cannot SSH to the BMC's command shell.
 - Adds a service account which can SSH and has passwordless sudo access.

This feature is applied to witherspoon-tacoma and p10bmc (rainier).

Tested:
  The image behaves as before when the distro feature is not configured.
  When the distro feature is configured:
  The root user has the same access as before.
  The admin user:
   - Is not allowed to access the BMC's command shell.
   - Console login gets: This account is currently not available.
   - SSH login gets: Permission denied, please try again.
   - Redfish and REST API access works with role=Administrator.
  The service user:
   - Console login to the BMC's command shell works.  The home
     directory is /.  Passwordless sudo works.
   - SSH login works and using sudo from a SSH session works.
   - Redfish and REST API access works with role=Administrator.

Change-Id: Icac5ba7f4fa663047709ab55007bbcfec8158f5e
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
4 files changed
tree: 7f0b2303f18125cffbff28fca850bfcd20023e1e
  1. .github/
  2. meta-alibaba/
  3. meta-amd/
  4. meta-ampere/
  5. meta-arm/
  6. meta-aspeed/
  7. meta-bytedance/
  8. meta-evb/
  9. meta-facebook/
  10. meta-fii/
  11. meta-google/
  12. meta-hpe/
  13. meta-hxt/
  14. meta-ibm/
  15. meta-ingrasys/
  16. meta-inspur/
  17. meta-intel-openbmc/
  18. meta-inventec/
  19. meta-lenovo/
  20. meta-microsoft/
  21. meta-nuvoton/
  22. meta-openembedded/
  23. meta-openpower/
  24. meta-phosphor/
  25. meta-portwell/
  26. meta-qualcomm/
  27. meta-quanta/
  28. meta-raspberrypi/
  29. meta-security/
  30. meta-supermicro/
  31. meta-wistron/
  32. meta-x86/
  33. meta-xilinx/
  34. meta-yadro/
  35. poky/
  36. bitbakepoky/bitbake/
  37. LICENSEpoky/LICENSE
  38. metapoky/meta
  39. meta-pokypoky/meta-poky/
  40. meta-skeletonpoky/meta-skeleton
  41. oe-init-build-envpoky/oe-init-build-env
  42. scriptspoky/scripts/
  43. .gitignore
  44. .gitreview
  45. .templateconf
  46. MAINTAINERS
  47. openbmc-env
  48. OWNERS
  49. README.md
  50. setup
README.md

OpenBMC

Build Status

The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.

Setting up your OpenBMC project

1) Prerequisite

  • Ubuntu 14.04
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
  • Fedora 28
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake \
    rpcgen perl-Thread-Queue perl-bignum perl-Crypt-OpenSSL-Bignum
sudo dnf groupinstall "C Development Tools and Libraries"

2) Download the source

git clone git@github.com:openbmc/openbmc.git
cd openbmc

3) Target your hardware

Any build requires an environment set up according to your hardware target. There is a special script in the root of this repository that can be used to configure the environment as needed. The script is called setup and takes the name of your hardware target as an argument.

The script needs to be sourced while in the top directory of the OpenBMC repository clone, and, if run without arguments, will display the list of supported hardware targets, see the following example:

$ . setup <machine> [build_dir]
Target machine must be specified. Use one of:

centriq2400-rep         f0b                     fp5280g2
gsj                     hr630                   hr855xg2
lanyang                 mihawk                  msn
neptune                 nicole                  olympus
olympus-nuvoton         on5263m5                p10bmc
palmetto                qemuarm                 quanta-q71l
romulus                 s2600wf                 stardragon4800-rep2
swift                   tiogapass               vesnin
witherspoon             witherspoon-tacoma      yosemitev2
zaius

Once you know the target (e.g. romulus), source the setup script as follows:

. setup romulus build

For evb-ast2500, please use the below command to specify the machine config, because the machine in meta-aspeed layer is in a BSP layer and does not build the openbmc image.

TEMPLATECONF=meta-evb/meta-evb-aspeed/meta-evb-ast2500/conf . openbmc-env

4) Build

bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

OpenBMC Development

The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.

Questions

First, please do a search on the internet. There's a good chance your question has already been asked.

For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.

For technical discussions, please see contact info below for Discord and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or Discord.

Features of OpenBMC

Feature List

  • Host management: Power, Cooling, LEDs, Inventory, Events, Watchdog
  • Full IPMI 2.0 Compliance with DCMI
  • Code Update Support for multiple BMC/BIOS images
  • Web-based user interface
  • REST interfaces
  • D-Bus based interfaces
  • SSH based SOL
  • Remote KVM
  • Hardware Simulation
  • Automated Testing
  • User management
  • Virtual media

Features In Progress

  • OpenCompute Redfish Compliance
  • Verified Boot

Features Requested but need help

  • OpenBMC performance monitoring

Finding out more

Dive deeper into OpenBMC by opening the docs repository.

Technical Steering Committee

The Technical Steering Committee (TSC) guides the project. Members are:

  • Brad Bishop (chair), IBM
  • Nancy Yuen, Google
  • Sai Dasari, Facebook
  • James Mihm, Intel
  • Sagar Dharia, Microsoft
  • Supreeth Venkatesh, Arm

Contact