setup_oob 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ef36b57d84c15b988bdd3bafdcde5ec3f6a7b14a5d5af7a3b9e1755d427a2af6
+  data.tar.gz: 0a22b11dd0a28a56a5fb99436645ce276789809b4d39dfd2f95a4afe54bb9ee3
+SHA512:
+  metadata.gz: fad91e1545018c965d3ec0ef487f514bab543e229dcb9b181ff2fa3327ba6b7b08f69d156fd462559573a08c3f3e9ac833b4808faea466a2ff03db63b1a65dbd
+  data.tar.gz: 596e877ee79a6bbe5a9923dbff6734bb7ffed2a7f7641c35620956e6042185cc7dc228860b7502b9c910ad17385d93df600c5c902c39f59ce12a848ad4d977db

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## 0.0.1
+
+- Initial release

data/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,73 @@
+# Setup OOB
+
+[![Continuous Integration](https://github.com/vicariousinc/setup-oob/workflows/Continuous%20Integration/badge.svg)](https://github.com/vicariousinc/setup-oob/actions?query=workflow%3AContinuous%20Integration)
+
+This is a utility for configuring out-of-band management systems from within
+the running (Linux) OS.
+
+It is built to be highly modular and easy to add support for new types of OOB
+devices.
+
+As of current writing it supports SuperMicro's SMC systems and Dell's iDRAC
+systems.
+
+It is specifically designed to be easy to run from a Configuration Management
+system such as Chef, and thus has a 'check' mode to enable idempotent behavior.
+
+Setup OOB attempts to do as much as possible with the generic `ipmitool`, and
+falls back to vendor-specific tools only where necessary. In fact, great
+lengths were taken to determine the underlying IPMI commands in order to not
+rely on vendor tools.
+
+## General Use
+
+Note that the `--help` message is always the best place to find all the current
+options. This section instead attempts to provide and overview of usage, not an
+exhaustive list of all options.
+
+You must tell Setup OOB what type of device it needs to configure with the
+`--type` option. As of now it takes either `smc` or `drac`. Let's say you want
+to configure an iDRAC system, you might check to see if it's configured
+properly with:
+
+```shell
+setup_oob --type drac --check --name server001-oob --network-mode shared \
+  --network-src dhcp
+```
+
+This would return 0 if these were all configured this way or non-zero if
+something didn't match. If it was not correct, you could converge it to the
+desired settings by re-running without `--check`:
+
+```shell
+setup_oob --type drac --name server001-oob --network-mode shared \
+  --network-src dhcp
+```
+
+If configuring a local system, IPMI does not need a password, however for some
+devices, when vendor-specific tooling is required, it may fail without
+specifying the password via `--old-password` (unless it's still the device
+default).
+
+## SMC Licensing
+
+Setup OOB can "activate" SMC systems for you. Automating this can be a bit
+difficult without having to store every single license in code or have your
+Configuration Management system reach out to an external database.
+
+However, license keys can be derived from the host MAC address and a private
+key. *IF YOU HAVE PURCHASED LICENSES* (and if your legal team approves), you
+can find the key on the internet and pass it into `--key-file`. If you do this,
+then Setup OOB can generate the license key and activate the license for you.
+
+To be clear: *DO NOT DO THIS IF YOU HAVE NOT PURCHASED A LICENSE FOR THE
+MACHINES IN QUESTION*. Doing so is certainly a violation of your agreement with
+SMC.
+
+The authors of this software are not responsible for illegal use of this
+option.
+
+## External tools
+
+Setup OOB requires `ipmitool` at a minimum. For SMC hosts, that is the only
+requirement. For DRAC hosts, it also requires racadm.

data/bin/setup-oob

@@ -0,0 +1,137 @@
+#!/opt/chef/embedded/bin/ruby
+# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2
+
+# Copyright 2021-present Vicarious
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Helpful hints for figuring things out on the SMC:
+#
+# Run the SMCIPMITool in shell mode, then you can turn on copious debugging:
+#
+#   ./SMCIPMITool $host $user $pass shell
+#
+# Once you're in the shell you can do 'debug 1' to dump all IPMI traffic
+# for any command you run (there's also 2 and 3 for more)
+#
+# Then you can test things with:
+#   ipmitool -H $host -U $user -p $pass raw 0xYY 0xZZ ...
+#
+# In almost all cases the netfn is 0x30.
+
+require 'logger'
+require 'optparse'
+require_relative '../lib/setup_oob/oob'
+require_relative '../lib/setup_oob/version'
+
+options = {
+  :level => Logger::INFO,
+  :host => 'localhost',
+}
+OptionParser.new do |opts|
+  opts.on(
+    '-l', '--log-level LEVEL', String, 'Logging level. Defaults to "info"'
+  ) do |l|
+    options[:level] = l
+  end
+
+  opts.on('-c', '--check', 'Check current settings') do
+    options[:check] = true
+  end
+
+  opts.on('-h', '--help') do
+    puts opts
+    exit
+  end
+
+  opts.on(
+    '-H', '--host HOST', String,
+    'Host to operate on. If the host is "localhost", then local IPMI is ' +
+    'used and no authentication is needed (which is great for setting the ' +
+    'right password no matter what it currently is. (default: localhost)'
+  ) do |h|
+    unless h == 'localhost' || h.end_with?('-oob') || h.include?('.')
+      h << '-oob'
+    end
+    options[:host] = h
+  end
+
+  opts.on(
+    '-k', '--key-file FILE', String,
+    'A file containing a secret key used to generate licenses. Do not use ' +
+    'unless you have already purchased licenses!'
+  ) do |k|
+    options[:key] = File.read(k)
+  end
+
+  opts.on(
+    '-n', '--name NAME', String,
+    'Desired name for the OOB. You probably do NOT want to use this ' +
+    'option. By default it is automatically generated for you. If ' +
+    'operating on "localhost", then the host\'s hostname is determined ' +
+    'and "-oob" is appended to the end. If operating on a remote host, then ' +
+    '"-oob" is appended to whatever was passed into -H'
+  ) do |name|
+    options[:desired_hn] = name
+  end
+
+  opts.on(
+    '--network-mode MODE', ['dedicated', 'shared', 'failover'],
+    'Desired network mode.'
+  ) do |mode|
+    options[:network_mode] = mode
+  end
+
+  opts.on(
+    '--network-src MODE', String, 'Desired network src.'
+  ) do |src|
+    options[:network_src] = src
+  end
+
+  opts.on(
+    '-o', '--old-password PASSWORD', String,
+    'The password to use to authenticate. If using in local mode, this is ' +
+    'ignored. If needed, but not specified, the "-p" password will be tried ' +
+    'and then the default password.'
+  ) do |pass|
+    options[:old_password] = pass
+  end
+
+  opts.on(
+    '-p', '--password PASSWORD', String,
+    'The desired password for the ADMIN user.'
+  ) do |pass|
+    options[:password] = pass
+  end
+
+  opts.on('-t', '--type TYPE', String, 'The type of OOB (drac or smc)') do |t|
+    options[:type] = t
+  end
+
+  opts.on('--version') do
+    puts SetupOOB::VERSION
+    exit
+  end
+end.parse!
+
+unless options[:type]
+  fail 'must specify type'
+end
+
+puts "Configuring #{options[:host]}"
+ipmi = OOB.new(options)
+if options[:check]
+  exit(ipmi.converged? ? 0 : 1)
+else
+  ipmi.converge!
+end

data/lib/setup_oob/command/base.rb

@@ -0,0 +1,91 @@
+# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2
+
+# Copyright 2021-present Vicarious
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The base class for a command
+class CommandBase
+  attr_accessor :logger
+
+  def initialize(host, logger, data)
+    @host = host
+    @logger = logger
+    # data is any extra data subcommands might need
+    @data = data
+  end
+
+  def converged?
+    converged = _converged?
+    logger.info("#{pretty_self}: converged: #{converged}")
+    converged
+  end
+
+  def converge!
+    logger.info("Validating #{pretty_self}")
+    _converge!
+  end
+
+  private
+
+  def _converged?
+    fail NotImplementedError
+  end
+
+  def _converge!
+    fail NotImplementedError
+  end
+
+  def pretty_self
+    self.class.to_s.split('::').last
+  end
+
+  # not applicable to all sub-classes, but common enough might
+  # as well include it here.
+  def enabled?
+    fail NotImplementedError
+  end
+
+  # get a single value you from the device
+  def getval(_key)
+    fail NotImplementedError
+  end
+
+  # set key to val
+  def setval(_key, _val)
+    fail NotImplementedError
+  end
+
+  # same as get, but handles multi-value gets and returns a hash
+  def getvals(_key)
+    fail NotImplementedError
+  end
+
+  # Simpler wrapper around Mixlib::ShellOut to log the command
+  def run(cmd, forcefail = true)
+    logger.debug("Running: #{cmd.join(' ')}")
+    s = Mixlib::ShellOut.new(*cmd)
+    s.run_command
+    s.error! if forcefail
+    s
+  end
+
+  # Given an array of bytes, get a string out of it.
+  def bytes_to_str(bytes)
+    bytes.pack('C*').force_encoding('utf-8')
+  end
+
+  def basecmd(_defaultpass)
+    fail NotImplementedError
+  end
+end

data/lib/setup_oob/command/drac.rb

@@ -0,0 +1,164 @@
+# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2
+
+# Copyright 2021-present Vicarious
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'mixlib/shellout'
+require_relative 'base'
+require_relative 'mixins'
+
+# A slight extension of the Command class to add some DRAC-specific
+# utility functions. Will be the base class for all DRAC commands
+class DRACCommandBase < CommandBase
+  def getval(key)
+    s = run(basecmd + ['get', key])
+    s.stdout.lines[1].strip.split('=')[1]
+  end
+
+  def setval(key, val)
+    run(basecmd + ['set', key, val])
+  end
+
+  def getvals(key)
+    s = run(basecmd + ['get', key])
+    data = {}
+    s.stdout.each_line do |line|
+      next if line.start_with?('[')
+      next if line.strip.empty?
+
+      k, v = line.strip.split('=')
+      data[k] = v
+    end
+    data
+  end
+
+  def basecmd(_defaultpass = false)
+    if @host == 'localhost'
+      ['racadm']
+    else
+      fail NotImplementedError
+    end
+  end
+end
+
+# The collection of all DRAC command classes
+class DRACCommands
+  # Manage the hostname
+  class Hostname < DRACCommandBase
+    private
+
+    include CommandMixins::Hostname
+
+    def hostname
+      getval('iDRAC.NIC.DnsRacName')
+      # data = getvals('iDRAC.NIC')
+      # "#{data['DNSRacName']}.#{data['DNSDomainName']}"
+    end
+
+    def set_hostname
+      setval('iDRAC.NIC.DNSRacName', desired_hostname)
+      # setval('iDRAC.NIC.DNSDomainName', dn)
+    end
+  end
+
+  # Manage NTP
+  class Ntp < DRACCommandBase
+    private
+
+    include CommandMixins::Ntp
+
+    def vals
+      @vals ||= getvals('idrac.NTPConfigGroup')
+    end
+
+    # Like the super-class, except we have to save the magic bytes...
+    def enabled?
+      vals['NTPEnable'] == 'Enabled'
+    end
+
+    def enable
+      setval('idrac.NTPConfigGroup.NTPEnable', 'Enabled')
+    end
+
+    def get_server(idx)
+      vals["NTP#{idx + 1}"]
+    end
+
+    def set_server(idx)
+      setval("idrac.NTPConfigGroup.NTP#{idx + 1}", servers[idx])
+    end
+  end
+
+  class Ddns < DRACCommandBase
+    private
+
+    include CommandMixins::Ddns
+
+    def enabled?
+      getval('iDRAC.NIC.DNSRegister') == 'Enabled'
+    end
+
+    def enable
+      setval('iDRAC.NIC.DNSRegister', 'Enabled')
+    end
+  end
+
+  class Networksrc < DRACCommandBase
+    include CommandMixins::Networksrc
+  end
+
+  class Networkmode < DRACCommandBase
+    private
+
+    include CommandMixins::Networkmode
+
+    def mode_correct?
+      logger.debug('  - Checking NIC mode')
+      getval('iDRAC.NIC.Selection').downcase == desired_mode
+    end
+
+    def set_mode
+      case desired_mode
+      when 'shared'
+        setval('iDRAC.NIC.Selection', 'LOM1')
+      when 'dedicated'
+        setval('iDRAC.NIC.Selection', desired_mode.capitalize)
+      else
+        fail "Unknown NIC mode: #{desired_mode}"
+      end
+    end
+  end
+
+  class Password < DRACCommandBase
+    private
+
+    include CommandMixins::Password
+
+    def admin_id
+      return @admin_id if @admin_id
+
+      s = run(basecmd + ['get', 'iDrac.Users'])
+      s.stdout.each_line do |line|
+        next unless line.start_with?('iDRAC.Users')
+
+        key = line.split[0]
+        info = getvals(key)
+        if info['UserName'] == 'root'
+          @admin_id = key.split('.')[2]
+          return @admin_id
+        end
+      end
+    end
+  end
+end