meta-ibm: disable phosphor-ipmi-net by default p10bmc
This change will disable the IPMI network interface by default on the
first boot of a p10bmc system after a factory reset. After the first
boot the service is prevented from running again and from there on
adheres to the customers settings.
It is necessary that IPMI network services are started for a brief
moment in time to ensure they show up in the systemd service list.
This is important to ensure that the service-config-manager, which is
responsible for enabling/disabling these services can properly locate
them in the systemd service list.
Tested:
- Issued 5 mini-factory resets to mimic a fresh system boot
Verified service-config-manager identified both IPMI service and
socket files for eth0 and eth1
Verified IPMI was disabled by default
Verified could enable IPMI via the web UI and could issue IPMI
commands using ipmitool with a user that was in the IPMI group
Verified that once IPMI was enabled, it stayed enabled through BMC
reboots
Verified when IPMI was disabled via the GUI, it stayed disabled
through BMC reboots
Signed-off-by: Corey Hardesty <corey.hardesty@icloud.com>
Change-Id: Idad03366c1eb11cbfd7f4ad700976c177eb0121f
diff --git a/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net/first-boot-disable-ipmi-net.service b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net/first-boot-disable-ipmi-net.service
new file mode 100644
index 0000000..92b8c3f
--- /dev/null
+++ b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net/first-boot-disable-ipmi-net.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=First Boot Disable IPMI Network
+After=phosphor-ipmi-net@eth0.service
+After=phosphor-ipmi-net@eth1.service
+After=phosphor-ipmi-net@eth0.socket
+After=phosphor-ipmi-net@eth1.socket
+Before=srvcfg-manager.service
+ConditionFileNotEmpty=!/var/lib/ipmi-net-disable-one-time
+
+[Service]
+ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth0.socket
+ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth0.socket
+ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth0.service
+ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth0.service
+ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth1.socket
+ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth1.socket
+ExecStart=/bin/systemctl stop phosphor-ipmi-net@eth1.service
+ExecStart=/bin/systemctl disable phosphor-ipmi-net@eth1.service
+ExecStart=/bin/systemctl --no-reload disable first-boot-disable-ipmi-net.service
+ExecStart=/bin/touch /var/lib/ipmi-net-disable-one-time
+SyslogIdentifier=first-boot-disable-ipmi-net
+Type=oneshot
+RemainAfterExit=Yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend
index 82705c4..7883432 100644
--- a/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend
+++ b/meta-ibm/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend
@@ -9,3 +9,12 @@
${PN}@${ALT_RMCPP_IFACE}.service \
${PN}@${ALT_RMCPP_IFACE}.socket \
"
+
+FILESEXTRAPATHS:prepend:p10bmc := "${THISDIR}/${PN}:"
+SRC_URI:append:p10bmc = " file://first-boot-disable-ipmi-net.service"
+SYSTEMD_SERVICE:${PN}:append:p10bmc = " first-boot-disable-ipmi-net.service"
+
+do_install:append:p10bmc() {
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/first-boot-disable-ipmi-net.service ${D}${systemd_system_unitdir}/
+}