# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
#
# Raw commands to set BMCs to defaults
#   dx320
#     0x2e 0x10 0x4d 0x4f 0x00 0xff
#
#   dx340 
#     0x30 0x13 0xff 0x00 0x00 0x00
#
#   dx360/x3450
#     0x30 0x02 0x43 0x4c 0x52 0xaa
#     0x08 0x00 0x49 0x4e 0x54 0x45 0x4c
#     0x08 0x04
#
allowcred.awk &
CREDPID=$!
sleep 5
modprobe ipmi_si
modprobe ipmi_devintf
IPCFGMETHOD=static
while [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; do
    while ! getipmi
    do
        echo "Retrying retrieval of IPMI settings from server"
    done
    TIMEOUT=15
    BMCIP=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCVLAN=`grep taggedvlan /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    if [ -z "$BMCVLAN" ]; then BMCVLAN=off; fi
    BMCGW=`grep gateway /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCNM=`grep netmask /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCUS=`grep username /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    BMCPW=`grep password /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    IPCFGMETHOD=`grep ipcfgmethod /tmp/ipmicfg.xml|awk -F\> '{print $2}'|awk -F\< '{print $1}'`
    if [ -z "$IPCFGMETHOD" ]; then
	IPCFGMETHOD="static"
    fi
    if [ -z "$BMCIP" -a $IPCFGMETHOD="static" ]; then
        echo "FAILED TO RETRIEVE SETTINGS, RETRYING in 15 seconds"
        sleep 15
    fi
done
kill $CREDPID
NUMBMCS=`grep bmcip /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'|wc -l`
IPMIVER=`ipmitool mc info|grep ^IPMI|awk  '{print $4}'`
IPMIMFG=`ipmitool mc info|grep "^Manufacturer ID"|awk  '{print $4}'`
if [ "$IPMIMFG" == 2 ]; then #IBM
    XPROD=`ipmitool mc info|grep "^Product ID"|awk '{print $4}'`
    if [ "$XPROD" == "220" ]; then
        LOCKEDUSERS=1
        BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
        if [ ! -z "$BMCPORT" ]; then
	    let idev=0
	    IFS=','
	    for p in $BMCPORT; do
            	ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
            	ipmitool -d $idev raw 0x04 0x12 0x09 0x01 0x18 0x${p}1 0x00 > /dev/null
	    	let idev=idev+1
	    done
	    unset IFS
        fi
    elif [ "$XPROD" == "291" ]; then
        LOCKEDUSERS=1
    else
        IBMFAM=`ipmitool raw 0x3a 0x50 |head -n 1| awk '{print $1 $2 $3 $4}'`
        if [ "$IBMFAM" == "59554f4f" ]; then
            BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
            if [ ! -z "$BMCPORT" ]; then
	    	let idev=0
		    IFS=','
		    for p in $BMCPORT; do
	            	ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
		    	let idev=idev+1
		    done
		    unset IFS
            fi
        fi
    fi
elif [ "$IPMIMFG" == 20301 ] ; then
    XPROD=`ipmitool mc info|grep "^Product ID"|awk '{print $4}'`
    IBMVPDV=`ipmitool raw 0x3a 0xb 2 0 16 1`
    if [ $IBMVPDV -eq 2 ]; then
	ISITE=1;
    fi
        LOCKEDUSERS=1
        BMCPORT=`grep bmcport /tmp/ipmicfg.xml |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
        if [ ! -z "$BMCPORT" ]; then
	    	let idev=0
		    IFS=','
		    for p in $BMCPORT; do
	            	ipmitool -d $idev raw 0xc 1 1 0xc0 $p > /dev/null
		        NEWPORT=`ipmitool -d $idev raw 0xc 2 1 0xc0 0 0|awk '{print $2}'`
			sleep 10 

		    	let idev=idev+1
		    done
		    unset IFS
        fi
elif [ "$IPMIMFG" == "47488" ]; then
        LOCKEDUSERS=1
fi
echo -n "Auto detecting LAN channel..."

while [ -z "$LANCHAN" ]; do 
	for TLANCHAN in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16; do 
	   if ipmitool channel info $TLANCHAN 2> /dev/null | grep 802.3 > /dev/null 2>&1 && ipmitool raw 0xc 2 $TLANCHAN 5 0 0 > /dev/null 2>&1; 
	   then 
		LANCHAN=$TLANCHAN
	        break; 
	    fi; 
	    echo -n "."
	done
	if [ -z "$LANCHAN" ]; then
		echo "Unable to detect lan channel, retrying in 10 seconds";
		sleep 10
	fi
done
echo "Detected LAN channel $LANCHAN"
        
let idev=NUMBMCS
if [ $IPCFGMETHOD="static" ]; then
	while [ $idev -gt 0 ]; do
		let idev=idev-1
		TRIES=0
		while ! ipmitool -d $idev lan set $LANCHAN ipsrc static; do
		    sleep 1
		    let TRIES=TRIES+1
		    if [ $TRIES -gt $TIMEOUT ]; then break; fi
		done
	done
	let idev=0
	for b in $BMCIP; do
		TRIES=0
		while ! ipmitool -d $idev lan set $LANCHAN ipaddr $b; do
		    sleep 1
		    let TRIES=TRIES+1
		    if [ $TRIES -gt $TIMEOUT ]; then break; fi
		done
		let idev=idev+1
	done
	let idev=0
	for m in $BMCNM; do
		TRIES=0
		while ! ipmitool -d $idev lan set $LANCHAN netmask $m; do
		    sleep 1
		    let TRIES=TRIES+1
		    if [ $TRIES -gt $TIMEOUT ]; then break; fi
		done
		let idev=idev+1
	done
	TRIES=0
	if [ ! -z "$BMCGW" ]; then
	    let idev=0
	    for g in $BMCGW; do
	    	TRIES=0
		    while ! ipmitool -d $idev lan set $LANCHAN defgw ipaddr $g; do
		        sleep 1
		        let TRIES=TRIES+1
		        if [ $TRIES -gt $TIMEOUT ]; then break; fi
		    done
	            let idev=idev+1
	    done
	    TRIES=0
	fi
else
	 let idev=NUMBMCS
	 while [ $idev -gt 0 ]; do
                let idev=idev-1
                TRIES=0
                while ! ipmitool -d $idev lan set $LANCHAN ipsrc $IPCFGMETHOD; do
                    sleep 1
                    let TRIES=TRIES+1
                    if [ $TRIES -gt $TIMEOUT ]; then break; fi
                done
        done
fi

let idev=0
for b in $BMCVLAN; do
	TRIES=0
	while ! ipmitool -d $idev lan set $LANCHAN vlan id $b; do
	    sleep 1
	    let TRIES=TRIES+1
	    if [ $TRIES -gt $TIMEOUT ]; then break; fi
	done
	let idev=idev+1
done

let idev=NUMBMCS-1
for bmcu in $BMCUS; do
    if [ "$bmcu" = "" ]; then continue; fi
DISABLEUSERS="1 2 3 4"
if [ ! -z "$LOCKEDUSERS" ]; then
    USERSLOT=`ipmitool -d $idev user list $LANCHAN |grep -v ^ID|awk '{print $1 " " $2}'|grep -w "$BMCUS"|awk '{print $1}'`
    if [ -z "$USERSLOT" ]; then
        USERSLOT=4
    fi
else
    USERSLOT=2
fi
if [ "$ISITE" = 1 ]; then
    allowcred.awk &
    CREDPID=$!
    while ! remoteimmsetup
    do
        echo "Waiting for xCAT remote configuration of service processor via CMM.."
    done
    kill $CREDPID
fi
CURRENTUSER=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $2}'`
DISABLEUSERS=`echo 1 2 3 4|sed -e s/$USERSLOT//`
for user in $DISABLEUSERS; do
    while ! ipmitool -d $idev user disable $user; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    TRIES=0
done
TRIES=0
while ! ipmitool -d $idev user enable $USERSLOT; do
    sleep 1
    let TRIES=TRIES+1
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
TRIES=0
# Last param in ipmitool user priv is the channel to set it on.
# Penguin boxes are all channel 2
CURRPRIV=`ipmitool -d $idev user list $LANCHAN|grep ^$USERSLOT|awk '{print $6}'`
if [ "$CURRPRIV" != "ADMINISTRATOR" ]; then 
    while ! ipmitool -d $idev user priv $USERSLOT 4 $LANCHAN; do
        sleep 1
        let TRIES=TRIES+1
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    TRIES=0
fi
TRIES=0
while ! ipmitool -d $idev channel setaccess $LANCHAN $USERSLOT link=on; do
    sleep 1
    let TRIES=TRIES+1
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
TRIES=0
if [ "$CURRENTUSER" != "$bmcu" ]; then
    while ! ipmitool -d $idev user set name $USERSLOT $bmcu; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
fi
let idev=idev-1
done
let idev=NUMBMCS-1
for bmcp in $BMCPW; do
    if [ "$bmcp" = "" ]; then continue; fi
TRIES=0
while ! ipmitool -d $idev user set password $USERSLOT $bmcp; do
    sleep 1
    let TRIES=TRIES+1
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
TRIES=0
echo "Set up following user table: "
ipmitool -d $idev user list $LANCHAN
let idev=idev-1
done

let idev=NUMBMCS
while [ $idev -gt 0 ]; do
let idev=idev-1


echo -n "Enabling Channel $LANCHAN: "
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x42 0x44 > /dev/null; do
    sleep 1
    let TRIES=TRIES+1
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
TRIES=0
while ! ipmitool -d $idev raw 0x6 0x40 $LANCHAN 0x82 0x84 > /dev/null; do
    sleep 1
    let TRIES=TRIES+1
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then echo "ERROR"; else echo "OK"; fi
TRIES=0

echo -n "Enabling ARP responses: "
while ! ipmitool -d $idev lan set $LANCHAN arp respond on > /dev/null; do
    sleep 1
    let TRIES=TRIES+1
    echo -n .
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then echo "ERROR"; else echo "OK"; fi
TRIES=0

echo -n "Enabling IPMI v 1.5 MD5 LAN access:"
while ! ipmitool -d $idev lan set $LANCHAN auth admin md5 > /dev/null; do
    sleep 1
    let TRIES=TRIES+1
    if [ $TRIES -gt $TIMEOUT ]; then break; fi
done
if [ $TRIES -gt $TIMEOUT ]; then echo "ERROR"; else echo "OK"; fi
TRIES=0
if [ ! "$IPMIVER" == "1.5"  ]; then 
    echo -n "Enabling IPMI v 2.0 LAN access: "
    #the following goals:
    #disable cipher suite 0 (if present, avoid password bypass)
    #disable cipher suite 1 (if present, to avoid weaking Kg if used)
    #enable cipher suite 2 (scenarios without perl Rijndael)
    #enable cipher suite 3
    #ignore the rest
    ZEROIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '%0$'|sed -e 's/:.*//')
    ONEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^1$'|sed -e 's/:.*//')
    TWOIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^2$'|sed -e 's/:.*//')
    THREEIDX=$(ipmitool lan print $LANCHAN|grep ^RMCP+|cut -d: -f 2|sed -e 's/ //' -e 's/,/\n/g'|grep -n '^3$'|sed -e 's/:.*//')
    ACCESS=$(ipmitool lan print $LANCHAN|grep 'Cipher Suite Priv Max'|cut -d: -f 2|sed -e 's/ //g' -e 's/\(.\)/\1\n/g'|grep -v '^$')
    NEWACCESS=""
    i=1
    for elem in $ACCESS; do
        if [ $i = "$ZEROIDX" -o $i = "$ONEIDX" ]; then
            NEWACCESS="$NEWACCESS"X
        elif [ $i = "$TWOIDX" -o $i = "$THREEIDX" ]; then
            #do not *downgrade* from OEM priv
            if [ "$elem" != "O" ]; then NEWACCESS="$NEWACCESS"a; else NEWACCESS="$NEWACCESS"$elem; fi
        else
            NEWACCESS="$NEWACCESS"$elem
        fi
	    i=$((i+1))
    done
    if ipmitool lan set $LANCHAN cipher_privs $NEWACCESS > /dev/null; then
		echo OK
    else
		echo ERROR
    fi


    TRIES=0

    echo -n "Enabling SOL for channel $LANCHAN:"
    while ! ipmitool -d $idev raw 0xc 0x21 $LANCHAN 0x1 0x1 > /dev/null; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    if [ $TRIES -gt $TIMEOUT ]; then echo "ERROR"; else echo "OK"; fi
    TRIES=0
    
    echo -n "Enabling SOL for $BMCUS:"
    while ! ipmitool -d $idev raw 6 0x4c $LANCHAN $USERSLOT 2 0 0 0 > /dev/null; do
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    if [ $TRIES -gt $TIMEOUT ]; then echo "ERROR"; else echo "OK"; fi
    echo -n "Putting SOL on channel $LANCHAN:"
    while ! OUTPUT=`ipmitool -d $idev raw 0xc 0x21 $LANCHAN 7 $LANCHAN 2>&1 > /dev/null`; do
	if echo $OUTPUT|grep "Unknown (0x80)" > /dev/null; then
		echo "Not Needed"
		break
        fi
        sleep 1
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
    done
    if [ $TRIES -gt $TIMEOUT ]; then echo "ERROR"; else echo "OK"; fi
fi

XPROD=`ipmitool mc info|grep "^Product ID"|awk '{print $4}'`
if [ "$XPROD" = "309" ] ; then
    # Reset the BMC for the x3755 M4 (8722), otherwise will not be able to get to the BMC
    echo "Resetting BMC ..."
    ipmitool mc reset cold
    echo "Waiting for the BMC to appear ..."
    sleep 15
    TRIES=0
    while ! ipmitool lan print $LANCHAN > /dev/null; do
        sleep 3
        let TRIES=TRIES+1
        if [ $TRIES -gt $TIMEOUT ]; then break; fi
   done
fi

# update the node status to 'bmcready'
for parm in `cat /proc/cmdline`; do
	key=`echo $parm|awk -F= '{print $1}'`
	if [ "$key" = "xcatd" ]; then
		XCATMASTER=`echo $parm|awk -F= '{print $2}'|awk -F: '{print $1}'`
	fi
done
if [ ! -z "$XCATMASTER" ]; then
    updateflag.awk $XCATMASTER 3002 "installstatus bmcready"
fi
#frume.awk

echo "Lighting Identify Light"
while :
    do ipmitool -d $idev raw 0 4 10 > /dev/null
    sleep 7
done &
done

