[setup-hw] TPM2.0 server does not work setup-hw command

What

Ignition for CS runs exec-setup-hw.service in cybozu-go/neco. The target node was the factory configuration. According to the journal log. It does not work well.

Aug 16 05:58:43 rack0-cs10 setup-hw[24663]: 2019-08-16T05:58:43.119049Z rack0-cs10 setup-hw info: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 get iDRAC.Info.Name]" command="/opt/dell/srvadmin/bin/idracadm7" response_time=0.995025145 type="exec"
Aug 16 05:58:43 rack0-cs10 setup-hw[24663]: 2019-08-16T05:58:43.747977Z rack0-cs10 setup-hw info: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 jobqueue view]" command="/opt/dell/srvadmin/bin/idracadm7" response_time=0.628755781 type="exec"
Aug 16 05:58:45 rack0-cs10 setup-hw[24663]: 2019-08-16T05:58:45.282897Z rack0-cs10 setup-hw info: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 set BIOS.SysProfileSettings.SysProfile PerfPerWattOptimizedOs]" command="/opt/dell/srvadmin/bin/idracadm7" response_time=0.957903481 type="exec"
Aug 16 05:58:47 rack0-cs10 setup-hw[24663]: 2019-08-16T05:58:47.569928Z rack0-cs10 setup-hw info: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 set BIOS.ProcSettings.LogicalProc Disabled]" command="/opt/dell/srvadmin/bin/idracadm7" response_time=0.724931143 type="exec"
Aug 16 05:58:49 rack0-cs10 setup-hw[24663]: 2019-08-16T05:58:49.760921Z rack0-cs10 setup-hw error: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 set BIOS.SysSecurity.TpmSecurity OnPbm]" command="/opt/dell/srvadmin/bin/idracadm7" error="exit status 2" response_time=0.631976108 type="exec"
Aug 16 05:59:00 rack0-cs10 setup-hw[24663]: 2019-08-16T05:59:00.394946Z rack0-cs10 setup-hw error: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 set BIOS.SysSecurity.TpmSecurity OnPbm]" command="/opt/dell/srvadmin/bin/idracadm7" error="exit status 2" response_time=0.633569705 type="exec"
Aug 16 05:59:11 rack0-cs10 setup-hw[24663]: 2019-08-16T05:59:11.026653Z rack0-cs10 setup-hw error: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 set BIOS.SysSecurity.TpmSecurity OnPbm]" command="/opt/dell/srvadmin/bin/idracadm7" error="exit status 2" response_time=0.631350403 type="exec"
Aug 16 05:59:21 rack0-cs10 setup-hw[24663]: 2019-08-16T05:59:21.657935Z rack0-cs10 setup-hw error: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 set BIOS.SysSecurity.TpmSecurity OnPbm]" command="/opt/dell/srvadmin/bin/idracadm7" error="exit status 2" response_time=0.630667294 type="exec"
Aug 16 05:59:32 rack0-cs10 setup-hw[24663]: 2019-08-16T05:59:32.582873Z rack0-cs10 setup-hw error: "well: exec" args="[/opt/dell/srvadmin/bin/idracadm7 set BIOS.SysSecurity.TpmSecurity OnPbm]" command="/opt/dell/srvadmin/bin/idracadm7" error="exit status 2" response_time=0.924561633 type="exec"
Aug 16 05:59:32 rack0-cs10 setup-hw[24663]: 2019-08-16T05:59:32.582931Z rack0-cs10 setup-hw error: "exit status 2"
Aug 16 05:59:32 rack0-cs10 systemd[1]: exec-setup-hw.service: Main process exited, code=exited, status=1/FAILURE
Aug 16 05:59:32 rack0-cs10 systemd[1]: exec-setup-hw.service: Failed with result 'exit-code'.
Aug 16 05:59:32 rack0-cs10 systemd[1]: Failed to start Run setup-hw tool.

TPM configuration looks failed to setup.

How

Investigate root causes and fix bug of the setup-hw command in cybozu-go/setup-hw. Current reproduced hosts are:

    REGISTER_DATE=$(sabactl machines get --serial 3FQ5DW2 | jq -r '.[].spec."register-date"')
    CS_IPS=$(sabactl machines get --role cs | jq -r ".[] | select(.spec.\"register-date\" == \"$REGISTER_DATE\") | .info.network.ipv4[0].address" | sort)

Checklist

[ ] Finish implentation of the issue
[ ] Test all functions
[ ] Have enough logs to trace activities
[ ] Notify developers of necessary actions

cybozu-go / neco

[setup-hw] TPM2.0 server does not work setup-hw command #465

What

How

Checklist