search

ibm-openbmc / dev

Product Development Project Mgmt and Tracking
16 stars 2 forks source link

FW1050: Rainier: IPMI failed to enable post factory reset clean on 1050 #3622

Closed jayeshmpatel closed 1 year ago

jayeshmpatel commented 1 year ago

Expected Behavior:

Post factory reset, IPMI by default is Disabled.

User should be able to enable network IPMI and IPMI tool should be able to query or perform operation on BMC over LAN.

Actual Behavior

IPMI enable procedure failed with firmware 1050 release code post factory reset. Failed at below procedure step 4) Output:

$ curl -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/Accounts/ipmi_admin_user -d '{"AccountTypes": ["Redfish", "IPMI", "HostConsole", "WebUI", "ManagerConsole"]}'
{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_1_1.Message",
        "Message": "The property AccountTypes is not in the list of valid properties for the resource.",
        "MessageArgs": [
          "AccountTypes"
        ],
        "MessageId": "Base.1.13.0.PropertyUnknown",
        "MessageSeverity": "Warning",
        "Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed."
      }
    ],
    "code": "Base.1.13.0.PropertyUnknown",
    "message": "The property AccountTypes is not in the list of valid properties for the resource."
  }
}

Steps to Reproduce the Problem

++++++++++++++++++++++++++++++++++++++++++ Steps to enable and add new IPMI admin user ++++++++++++++++++++++++++++++++++++++++++

  1. Create user ipmi_admin_user/0penBmc0 using GUI

  2. Create a session using a new user admin and enable IPMI out of band protocol

> export BMC_IP=xx.xx.xx.xx

> curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions -d '{"UserName":"ipmi_admin_user", "Password":"0penBmc0"}'
{
  "@odata.id": "/redfish/v1/SessionService/Sessions/K2JvCJ7D6T",
  "@odata.type": "#Session.v1_3_0.Session",
  "ClientOriginIPAddress": "::ffff:xx.xx.xx.xx",
  "Description": "Manager User Session",
  "Id": "K2JvCJ7D6T",
  "Name": "User Session",
  "Oem": {
    "OpenBMC": {
      "@odata.type": "#OemSession.v1_0_0.Session",
      "ClientID": ""
    }
  },
  "UserName": "ipmi_admin_user"
}

> cat headers.txt | grep Auth
X-Auth-Token: Qo8EA2eH5jBJX0gwNZ4Z

> export bmc_token=Qo8EA2eH5jBJX0gwNZ4Z

> curl -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X GET https://${BMC_IP}/redfish/v1/Managers/bmc/NetworkProtocol | grep -A3 IPMI
  "IPMI": {
    "Port": null,
    "ProtocolEnabled": false
  },

> curl -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X PATCH https://${BMC_IP}/redfish/v1/Managers/bmc/NetworkProtocol -d '{"IPMI": {"ProtocolEnabled": true}}'

> curl -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X GET https://${BMC_IP}/redfish/v1/Managers/bmc/NetworkProtocol
  "IPMI": {
    "Port": 623,
    "ProtocolEnabled": true
  },

  1. Confirm over GUI that the IPMI button is enabled

  2. Add ipmi_admin_user to the IPMI group

    
> curl -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/Accounts/ipmi_admin_user -d '{"AccountTypes": ["Redfish", "IPMI", "HostConsole", "WebUI", "ManagerConsole"]}'
{
"@Message.ExtendedInfo": [
{
  "@odata.type": "#Message.v1_1_1.Message",
  "Message": "Successfully Completed Request",
  "MessageArgs": [],
  "MessageId": "Base.1.8.1.Success",
  "MessageSeverity": "OK",
  "Resolution": "None"
}
]
}
5. Change the ipmi_admin_user password via GUI  ipmi_user_admin/0penBmc1

6. Confirm if it enable using out of band ipmitool

ipmitool -I lanplus -C 17 -N 3 -p 623 -U ipmi_admin_user -P 0penBmc1 -H xx.xx.xx.xx power status Chassis Power is off

Specifications

ChicagoDuan commented 1 year ago

Hi @jayeshmpatel Following your steps, I am unable to reproduce the problem.

The error type you encountered seems to only occur in the following situations, indicating that your accountTypes are incorrect, but I have checked your request accountTypes and they are correct. This looks strange. https://github.com/ibm-openbmc/bmcweb/blob/1050/redfish-core/lib/account_service.hpp#L202

for (const auto& accountType : *accountTypes)
    {
        if (accountType == "Redfish")
        {
            isRedfish = true;
        }
        else if (accountType == "IPMI")
        {
            isIPMI = true;
        }
        else if (accountType == "WebUI")
        {
            isWebUI = true;
        }
        else if ((accountType == "HostConsole"))
        {
            isHostConsole = true;
        }
        else if (accountType == "ManagerConsole")
        {
            isManagerConsole = true;
        }
        else
        {
            // set false if accountTypes not found and return
            isFoundAccountTypes = false;
            messages::propertyValueNotInList(asyncResp->res, "AccountTypes",
                                             accountType);
            return isFoundAccountTypes;
        }
    }
jayeshmpatel commented 1 year ago

@gkeishin can you pls comment on recreate?

mzipse commented 1 year ago

There may have been some recent changes in this area that might've helped this. @ninadpalsule , I could be wrong but were you involved in any changes in this area?

ninadpalsule commented 1 year ago

@mzipse, No I have not done any changes in this area. I am working on hostconsole group related changes but those are not yet merged.

jayeshmpatel commented 1 year ago

Confirm with @gkeishin that we are not able to re-create this with the latest level of 1050 fw. so closing.