tinkerbell / pbnj

Service for interacting with BMCs
Apache License 2.0
109 stars 37 forks source link

Add AMT Support #134

Closed evdevr closed 1 year ago

evdevr commented 2 years ago

Devices with Intel vPro processors have an out-of-band management solution built-in with Intel AMT. Adding support for AMT to PBnJ will enable BMC-like interactions to systems with these processors. This will allow full Tinkerbell management of hardware often used for small-scale cluster testing on hardware like Intel NUCs.

Expected Behaviour

PBnJ should communicate with AMT over the SOAP-based WS-Management interface to perform BMC interactions like power cycling and PXE booting the target device. Initial manual configuration to enable AMT is expected.

Current Behaviour

Currently PBnJ does not support AMT.

Possible Solution

Intel AMT has a SOAP-based WS-Management interface for interacting out-of-band with AMT systems. There are a few potential starting points below with code that communicates over this interface.

Resources:

Intel has released the Open Active Management Technology (Open AMT) Cloud Toolkit (docs, source) which provides a set of microservices and libraries for integrating AMT. The Remote Provisioning Client (RPC) may be the most helpful piece, as it's written in go and interacts with AMT directly over the WS-MAN interface. (docs, source).

There is also OpenWSMAN (site, wiki, source. This was originally developed and open-sourced by Intel and looks to be in C++.

An interesting (although dated) write-up on AMT from a discovery and security perspective can be found here: https://www.uberwall.org/bin/download/download/102/lacon12_intel_amt.pdf

Context

I'm building a small cluster with 3 Intel NUCs to demonstrate EKS Anywhere, which uses Tinkerbell and PBnJ.

Your Environment

$ eksctl anywhere version v0.12.1



* Hardware (x3)
Intel NUCs Model: SBNUC11TNHv50L0  
32 GB memory: F4-2400C16D-32GRS  
500 GB SSD: MZ-77E500B-AM  

* Link to your project or a code example to reproduce issue:
n/a

## Background
[Intel Active Management Technology (AMT)](https://www.intel.com/content/www/us/en/developer/articles/guide/getting-started-with-active-management-technology.html) is part of Intel vPro. If you have a vPro processor, you have AMT. 

## Other Potential Resources
There is also the High Level API (HLAPI) written in C# (seems to be Windows-focused):  
[Intel AMT High-level API (HLAPI) overview](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-amt-high-level-api-intel-manageability-library-to-manageability-webpage.html)  
[Intel AMT High-level API (HLAPI) docs](https://software.intel.com/sites/manageability/HLAPI_Documentation/default.htm)

The docs here seem to indicate Linux is not really supported by the AMT SDK:  
[Intel AMT Implementation and Reference Guide](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm) (includes AMT SDK docs)  
(Linux sample app no longer supported, Linux version required is RHEL 5.x)
joelrebel commented 1 year ago

Closing this issue since iAMT support was added by @jacobweinstock