Maintenance: GitLab GKE platform upgrade and software upgrade on Friday Oct. 22 at 9 p.m. Service may not be available between 9 p.m. and 9:20 p.m.

Commit 518fa4c1 authored by Karl Kornel's avatar Karl Kornel
Browse files

ipmi: Pull in Karl’s changes from base dev

parent 0f9e72ed
# base::ipmi and base::noipmi # base::ipmi: ipmi classes to load, and suppress loading, IPMI client & server.
# #
# ipmi classes to load, and suppress loading, ipmi client modules. # Most of the time, you should use it like this:
# Loading of ipmi is automatically suppressed on VMware platforms. #
# include base::ipmi
#
# That will enable IPMI for physical systems, and will disable IPMI for virtual
# systems (including EC2 systems). This cannot be overridden.
#
# If you want to disable IPMI (for example, on workstations), use it like this:
#
# class { 'base::ipmi':
# ensure => absent,
# }
#
# WARNING: On a running system, changing base::ipmi::ensure from present to
# absent may not work properly, depending on what user-space stuff is using
# IPMI functionality. If you get errors, restart.
class base::ipmi { class base::ipmi (
$ensure = present,
) {
# disable ipmi and ipmievd on vmware (or others). facter string comparison # If we are virtual or on EC2, then explicitly disable IPMI
if $::is_virtual == 'true' or $::ec2_profile == 'default-paravirtual' { if $::is_virtual == 'true' or $::ec2_profile == 'default-paravirtual' {
case $::operatingsystem { $real_ensure = absent
'debian', 'ubuntu': { }
package { 'ipmitool': ensure => purged } else {
} $real_ensure = $ensure
'redhat': { }
service { 'ipmi':
ensure => stopped, # Check to see what we should do
enable => false, case $real_ensure {
} 'present': {
} case $::osfamily {
default: {} 'Debian': {
}
} else { # First, install the ipmitool package
case $::osfamily { package { 'ipmitool':
'Debian': {
package { 'ipmitool':
ensure => present;
}
if ($::kernelmajversion >= '3.13') {
# no msghandler module on kernels > 3.13
base::os::kernel_module { 'ipmi_si':
ensure => present,
}
}
else {
base::os::kernel_module { 'ipmi_msghandler':
ensure => present; ensure => present;
} }
base::os::kernel_module { 'ipmi_si':
ensure => present, # Next, install the config file
require => Base::Os::Kernel_module['ipmi_msghandler']; file { '/etc/default/ipmievd':
content => template('base/ipmi/etc/default/ipmievd.erb'),
require => Package['ipmitool'],
} }
}
base::os::kernel_module { 'ipmi_devintf': # Next, install kernel modules
ensure => present, # For Debian 8+, the package brings in everything it needs by
require => Base::Os::Kernel_module['ipmi_si']; # default. But, if we are re-enabling we need to recover a file that
} # we deleted. We then have to trigger systemd to load modules.
service { 'ipmievd': if $::operatingsystem == 'Debian' and $::lsbmajdistrelease >= 8 {
ensure => running, exec { 'Re-create /usr/lib/modules-load.d/ipmievd.conf':
name => 'ipmievd', command => '/usr/bin/apt-get install --reinstall ipmitool',
enable => true, creates => '/usr/lib/modules-load.d/ipmievd.conf',
hasstatus => false, require => Package['ipmitool'],
status => 'pidof ipmievd', notify => Exec['Load modules from /usr/lib/modules-load.d/ipmievd.conf'],
require => [Base::Os::Kernel_module['ipmi_devintf'],
File['/etc/default/ipmievd']
],
}
file { '/etc/default/ipmievd':
content => template('base/ipmi/etc/default/ipmievd.erb'),
notify => Service['ipmievd'],
}
}
'RedHat': {
case $::lsbmajdistrelease {
'6', '7': {
package { 'OpenIPMI': ensure => present; }
}
default: {
package {
'OpenIPMI-tools': ensure => present;
'OpenIPMI': ensure => present;
} }
exec { 'Load modules from /usr/lib/modules-load.d/ipmievd.conf':
command => 'systemctl restart systemd-modules-load.service',
notify => Service['ipmievd'],
refreshonly => true,
}
# Our ipmievd requirements are just the package & the config file.
$ipmievd_requirements = [Package['ipmitool'],
File['/etc/default/ipmievd'],
]
} }
} # For older Debian, and all Ubuntu, we must load the modules.
service { 'ipmi': else {
ensure => running, # Start with ipmi_msghandler
name => 'ipmi', base::os::kernel_module { 'ipmi_msghandler':
enable => true, ensure => present,
hasstatus => true,
require => Package['OpenIPMI'],
}
case $::lsbmajdistrelease {
'5', '6': {
service { 'ipmievd':
ensure => running,
name => 'ipmievd',
enable => true,
hasstatus => true,
require => $::lsbmajdistrelease ? {
'5' => Package['OpenIPMI-tools'],
default => Package['OpenIPMI'],
},
} }
# Load lots of additional modules
# In Unbuntu, Kernel 3.13 apparently had one IPMI function compiled
# into the kernel, meaning there was no driver to load.
# See Ubuntu bug #1284334
# Also, there's a kernel module called 'ipmi_watchdog', but it has
# alot of options to set on load, so we don't try to load it.
if $::operatingsystem == 'Ubuntu'
and $::kernelmajversion == '3.13'
{
$additional_ipmi_modules = [
'acpi_ipmi',
'ipmi_devintf',
'ipmi_poweroff',
]
} else {
$additional_ipmi_modules = [
'acpi_ipmi',
'ipmi_devintf',
'ipmi_poweroff',
'ipmi_si',
]
}
base::os::kernel_module { $additional_ipmi_modules:
ensure => present,
require => Base::Os::Kernel_module['ipmi_msghandler'],
}
# Set our requirements for starting ipevd
$ipmievd_requirements = [Base::Os::Kernel_module['ipmi_devintf'],
File['/etc/default/ipmievd']
]
}
# Finally, start the ipmievd service
service { 'ipmievd':
ensure => running,
name => 'ipmievd',
enable => true,
hasstatus => false,
status => 'pidof ipmievd',
require => $ipmievd_requirements,
}
} # Done handling ensure => present for osfamily Debian
# Catch RHEL and related systems
'RedHat': {
# We need to have the OpenIPMI package
package { 'OpenIPMI':
ensure => present,
} }
# For RHEL 5 and earlier, the client is a separate package
if $::lsbmajdistrelease <= 5 {
package { 'OpenIPMI-tools':
ensure => present,
}
$ipmi_package = [Package['OpenIPMI'],
Package['OpenIPMI-tools'],
]
} else {
$ipmi_package = Package['OpenIPMI']
}
# Define and start the services
# (For RHEL <= 5, we don't need the client to start the service)
service { 'ipmi':
ensure => running,
name => 'ipmi',
enable => true,
hasstatus => true,
require => $ipmi_package,
}
# ipmievd is a separate service, starting with RHEL 5
service { 'ipmievd':
ensure => running,
name => 'ipmievd',
enable => true,
hasstatus => true,
require => $ipmi_package,
}
} # Done handling ensure => present for osfamily RedHat
default: {
fail('base::ipmi does not recognize this osfamily')
} }
} } # Done checking $osfamily
} } # Done handling ensure => 'present'
# Disable cipher zero. Some IPMI report the ciphers backwards so we work 'absent': {
# around it. Puppet 2.6.3 doesn't support provider param for exec. case $::osfamily {
# Working around it. The signal file /etc/noipmi allows this execution to 'Debian': {
# be suppressed on systems that don't have ipmi. # Stop the IPMI service
exec { 'ipmitool lan set 1 cipher_privs XaaaaaaaaaaaaaX': service { 'ipmievd':
unless => 'bash -c \'if [ ! -e /etc/noipmi ] && ! `ipmitool lan print | grep -q "Cipher Suite Priv Max : Not Available"`; then ipmitool lan print | grep "Cipher Suite Priv Max" | cut -d: -f2 | egrep -q "^ XaaaaaaaaaaaaaX"; fi\'', ensure => stopped,
} name => 'ipmievd',
} enable => false,
} hasstatus => false,
status => 'pidof ipmievd',
require => $ipmievd_requirements,
}
# Remove any remaining ipmievd configuration
file { '/etc/default/ipmievd':
ensure => absent,
require => Service['ipmievd'],
}
# Unload lots of additional modules
# In Unbuntu, Kernel 3.13 apparently had one IPMI function compiled
# into the kernel, meaning there was no driver to unload.
# See Ubuntu bug #1284334
if $::operatingsystem == 'Ubuntu'
and $::kernelmajversion == '3.13'
{
$dependent_ipmi_modules = [
'acpi_ipmi',
'ipmi_devintf',
'ipmi_poweroff',
'ipmi_watchdog'
]
base::os::kernel_module { $dependent_ipmi_modules:
ensure => absent,
require => Service['ipmievd'],
}
} else {
# This is a little more annoying, as we have two dependency levels
# to deal with.
$additional_ipmi_modules = [
'acpi_ipmi',
'ipmi_devintf',
'ipmi_poweroff',
'ipmi_watchdog',
]
base::os::kernel_module { $additional_ipmi_modules:
ensure => absent,
require => Service['ipmievd'],
}
$dependent_ipmi_modules = 'ipmi_si'
base::os::kernel_module { $dependent_ipmi_modules:
ensure => absent,
require => Base::Os::Kernel_module[$additional_ipmi_modules],
}
}
# Unload the ipmi_msghandler, the root for most IPMI stuff
base::os::kernel_module { 'ipmi_msghandler':
ensure => absent,
require => Base::Os::Kernel_module[$dependent_ipmi_modules],
}
# For Debian 8+, make sure modules are not re-loaded on startup
if $::operatingsystem == 'Debian' and $::lsbmajdistrelease >= 8 {
file { '/usr/lib/modules-load.d/ipmievd.conf':
ensure => absent,
}
}
class base::noipmi inherits base::ipmi { # Packages: The IPMI daemon and the client come in one package.
Base::Os::Kernel_module['ipmi_si'] { ensure => absent } # Some people might want to keep the client, so we don't delete it.
Base::Os::Kernel_module['ipmi_devintf'] { ensure => absent } } # Done handling ensure => absent for osfamily Debian
File['/etc/default/ipmievd'] { ensure => absent }
Service['ipmievd'] { ensure => stopped } 'RedHat': {
# Make sure the IPMI service isn't running
service { 'ipmi':
ensure => stopped,
enable => false,
}
file { '/etc/noipmi': # Make sure the IPMI packages are uninstalled
mode => '0644', # (We keep tools, but remove the server/driver)
content => "ipmi is not supported on this system\n", package { 'OpenIPMI':
ensure => purged;
}
}
default: {
fail('base::noipmi does not recognize this OS family')
}
} # Dont handling ensure => absent for osfamily RedHat
# Leave a file marker on the system saying that IPMI is disabled
file { '/etc/noipmi':
mode => '0644',
content => "ipmi is not supported, or has been disabled in Puppet.\n",
}
} # Done handling ensure => absent
default: {
fail("Valid values for base::ipmi::ensure are 'present' or 'absent'")
}
} }
} }
ENABLED=true ENABLED=true
<% if ((@operatingsystem == 'Debian' and @lsbmajdistrelease >= 8) \ <% if ((@operatingsystem == 'Debian' and @lsbmajdistrelease >= 8) \
or (@operatingsystem == 'Ubuntu' and @lsbmajdistrelease.split('.')[0].to_i >= 14)) or (@operatingsystem == 'Ubuntu' and !@lsbmajdistrelease.split('.')[0].nil? and @lsbmajdistrelease.split('.')[0].to_i >= 14))
%> %>
IPMIEVD_OPTIONS="open daemon" IPMIEVD_OPTIONS="open daemon"
<% end -%> <% end -%>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment