diff --git a/onboarding-manager/VERSION b/onboarding-manager/VERSION index 6b9f70cb8..5d71905f6 100644 --- a/onboarding-manager/VERSION +++ b/onboarding-manager/VERSION @@ -1 +1 @@ -1.38.7-dev +1.38.7 diff --git a/onboarding-manager/pkg/cloudinit/99_infra.cfg b/onboarding-manager/pkg/cloudinit/99_infra.cfg index 6aee6ccd4..aca8bc102 100644 --- a/onboarding-manager/pkg/cloudinit/99_infra.cfg +++ b/onboarding-manager/pkg/cloudinit/99_infra.cfg @@ -200,6 +200,16 @@ write_files: Subsystem sftp /usr/lib/openssh/sftp-server {{- end }} {{- end }} + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: {{- if .WITH_PRESERVE_IP }} - bash /opt/intel_edge_node/staticip.sh @@ -227,7 +237,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-01.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-01.cfg index a7420767f..3f705c24f 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-01.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-01.cfg @@ -116,6 +116,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/libexec/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment @@ -128,7 +138,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-02.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-02.cfg index ffa72b48b..055da58f7 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-02.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-02.cfg @@ -142,6 +142,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/lib/openssh/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-03.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-03.cfg index c372e7578..fb2074d07 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-03.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-03.cfg @@ -116,6 +116,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/libexec/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment @@ -128,7 +138,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-04.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-04.cfg index f49bc5fa9..9bb22d0aa 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-04.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-04.cfg @@ -108,6 +108,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/libexec/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment @@ -120,7 +130,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-05.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-05.cfg index bf3742a4e..a6b7097e3 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-05.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-05.cfg @@ -134,6 +134,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/lib/openssh/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-06.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-06.cfg index 2cfe16ad6..8e76afa62 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-06.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-06.cfg @@ -134,6 +134,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/lib/openssh/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | . /etc/environment diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-07.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-07.cfg index dc10a2631..f11a057fd 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-07.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-07.cfg @@ -108,6 +108,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/libexec/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment @@ -118,7 +128,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-08.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-08.cfg index a611b7320..818e1f24d 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-08.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-08.cfg @@ -130,6 +130,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/lib/openssh/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-09.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-09.cfg index 225a57c2f..e1e2f9311 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-09.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-09.cfg @@ -160,6 +160,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/lib/openssh/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - bash /opt/intel_edge_node/staticip.sh - | diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-10.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-10.cfg index 6d6c1849e..353858c50 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-10.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-10.cfg @@ -134,6 +134,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/libexec/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - bash /opt/intel_edge_node/staticip.sh - | @@ -147,7 +157,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-11.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-11.cfg index 56870104d..8715c55bc 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-11.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-11.cfg @@ -117,6 +117,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/libexec/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment @@ -129,7 +139,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-12.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-12.cfg index 59c165d40..03dc04ea3 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-12.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-12.cfg @@ -123,6 +123,16 @@ write_files: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr UsePAM yes Subsystem sftp /usr/libexec/sftp-server + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment @@ -135,7 +145,13 @@ runcmd: chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_id chown -R node-agent:bm-agents /etc/intel_edge_node/client-credentials/client_secret systemctl restart caddy.service # workaround for caddy issue. Remove the line once Image is ready with caddy changes. - SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service" "platform-manageability-agent.service") + SERVICES=("caddy.service" "node-agent.service" "cluster-agent.service" "hardware-discovery-agent.service" "platform-observability-collector.service" "platform-observability-health-check.service" "platform-observability-logging.service" "platform-observability-metrics.service" "platform-telemetry-agent.service" "platform-update-agent.service" "rasdaemon.service") + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + if [ "$PMA_ENABLE" = "true" ]; then + SERVICES+=("platform-manageability-agent.service") + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + fi for SERVICE in "${SERVICES[@]}" do systemctl start "$SERVICE" & diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-13.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-13.cfg index 87d02176a..c21c46223 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-13.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-13.cfg @@ -37,6 +37,16 @@ write_files: efibootmgr -b "$boot_part_number" -a fi done < <(efibootmgr | grep "Boot" | grep -i -v -E "BootCurrent|BootOrder" | awk '{print $1}' | cut -c 5-9) + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment diff --git a/onboarding-manager/pkg/cloudinit/testout/expected-installer-14.cfg b/onboarding-manager/pkg/cloudinit/testout/expected-installer-14.cfg index 433ac1998..c291c50ab 100644 --- a/onboarding-manager/pkg/cloudinit/testout/expected-installer-14.cfg +++ b/onboarding-manager/pkg/cloudinit/testout/expected-installer-14.cfg @@ -46,6 +46,16 @@ write_files: efibootmgr -b "$boot_part_number" -a fi done < <(efibootmgr | grep "Boot" | grep -i -v -E "BootCurrent|BootOrder" | awk '{print $1}' | cut -c 5-9) + - path: /opt/edge-node/node/check_vpro_ism_capable.sh + permissions: '0755' + content: | + #!/bin/bash + if rpc amtinfo | grep -iqE "AMT Pro Corporate|Intel Standard Manageability Corporate" > /dev/null; then + PMA_ENABLE=true + else + PMA_ENABLE=false + fi + echo "$PMA_ENABLE" runcmd: - | grep -qF "http_proxy" /etc/environment || echo http_proxy=http-proxy.test >> /etc/environment diff --git a/onboarding-manager/pkg/platformbundle/ubuntu-22.04/Installer b/onboarding-manager/pkg/platformbundle/ubuntu-22.04/Installer index cefe33468..4cc78414d 100644 --- a/onboarding-manager/pkg/platformbundle/ubuntu-22.04/Installer +++ b/onboarding-manager/pkg/platformbundle/ubuntu-22.04/Installer @@ -65,6 +65,91 @@ print_error_on_console() { trap 'print_error_on_console ${LINENO}' ERR +install_lms_rpc(){ + if grep -q "install_lms_rpc done" "$SCRIPT_DIR"/$STATUS_FILENAME; then + echo "Skipping install_lms_rpc" + else + # Download, build and install LMS + LMS_VERSION="2506.0.0.0" + expected_checksum="bfdcbfb6b2a739321998a0772767c1532ede70f4bd38cdbe48488b59d118a086" + + curl -fsSL --connect-timeout 30 --max-time 300 \ + "https://github.com/intel/lms/archive/refs/tags/v${LMS_VERSION}.tar.gz" \ + -o "v${LMS_VERSION}.tar.gz" + + if [ -f "v${LMS_VERSION}.tar.gz" ]; then + actual_checksum=$(sha256sum "v${LMS_VERSION}.tar.gz" | awk '{print $1}') + if [ "$actual_checksum" != "$expected_checksum" ]; then + echo "ERROR: Checksum mismatch. Expected: $expected_checksum, Got: $actual_checksum" + rm -f "v${LMS_VERSION}.tar.gz" + exit 1 + fi + echo "Checksum verification successful." + + tar -xzf "v${LMS_VERSION}.tar.gz" + rm -f "v${LMS_VERSION}.tar.gz" + cd "lms-${LMS_VERSION}" || exit 1 + + export LMS_ROOT="$PWD" + mkdir -p build && cd build || exit 1 + + cmake -Wno-dev -DBUILD_SHARED_LIBS=OFF -DNETWORK_NM=OFF \ + -DNETWORK_CN=OFF -DCMAKE_INSTALL_PREFIX=/usr "$LMS_ROOT" + + if ! make -j"$(($(nproc) / 2))"; then + echo "ERROR: LMS build failed" + exit 1 + fi + + # Create package without sudo, then install with sudo + if ! make package; then + echo "ERROR: LMS package creation failed" + exit 1 + fi + + if [ -f "./lms-2506.0.0-Linux.deb" ]; then + echo "LMS package built successfully" + if sudo apt-get install -y -o Dpkg::Options::="--force-confnew" "./lms-2506.0.0-Linux.deb"; then + echo "LMS package installed successfully" + sudo systemctl stop lms.service + sudo systemctl disable lms.service + sudo systemctl mask lms.service + rm -f "lms-2506.0.0-Linux.deb" + else + echo "WARNING: Failed to install LMS package. Platform manageability features may not work properly." + echo "Continuing with installation..." + fi + else + echo "ERROR: LMS package not found. Build failed." + exit 1 + fi + else + echo "ERROR: Failed to download LMS source. Aborting installation." + exit 1 + fi + + #Download RPC binary + echo "Download RPC binary" + expected_checksum="609b3a69f6534005ca0bf62b12b04c1d18cbc28decc6cf2d5d03d0bc521d9de8" + curl -LO "https://github.com/device-management-toolkit/rpc-go/releases/download/v2.48.2/rpc_linux_x64.tar.gz" + + if [ -f "rpc_linux_x64.tar.gz" ]; then + actual_checksum=$(sha256sum "rpc_linux_x64.tar.gz" | awk '{print $1}') + if [ "$actual_checksum" != "$expected_checksum" ]; then + echo "Checksum mismatch. File may be corrupted." + fi + echo "Checksum verification successful." + tar -xvf rpc_linux_x64.tar.gz -C /usr/bin + rm -rf rpc_linux_x64.tar.gz + mv /usr/bin/rpc_linux_x64 /usr/bin/rpc + else + echo "Downloaded file does not exist. Aborting installation." + exit 1 + fi + echo "install_lms_rpc done" | tee -a "$SCRIPT_DIR"/$STATUS_FILENAME + fi +} + get_rs_token() { if [ "$RS_TYPE" == "auth" ]; then # Temp file to store response @@ -305,11 +390,8 @@ remove_lines_from_sotaSW() { install_other_agents() { if grep -q "install_other_agents done" "$SCRIPT_DIR"/$STATUS_FILENAME; then - echo "Skipping install_other_agents" + echo "Skipping install_other_agents" else - # Get authentication token - RS_AT=$(get_rs_token) - echo "Install bare-metal agents..." echo "cluster-agent cluster-agent/cluster-orchestrator-url string ${CLUSTER_ORCH_URL}" | debconf-set-selections echo "hardware-discovery-agent hardware-discovery-agent/onboarding.serviceURL string ${HW_INVENTORY_URL}" | debconf-set-selections @@ -320,86 +402,7 @@ install_other_agents() { echo "platform-update-agent platform-update-agent/enaDebURL string ${CADDY_APT_PROXY_URL}" | debconf-set-selections echo "platform-update-agent platform-update-agent/updateServiceURL string ${UPDATE_SERVICE_URL}" | debconf-set-selections echo "telemetry-agent telemetry-agent/telemetrymanager.serviceURL string ${TELEMETRY_MANAGER_URL}" | debconf-set-selections - echo "platform-manageability-agent platform-manageability-agent/manageability.serviceURL string ${PLATFORM_MANAGEABILITY_URL}" | debconf-set-selections - echo "platform-manageability-agent platform-manageability-agent/rpsAddress string ${RPS_ADDRESS}" | debconf-set-selections - - # Download, build and install LMS - LMS_VERSION="2506.0.0.0" - expected_checksum="bfdcbfb6b2a739321998a0772767c1532ede70f4bd38cdbe48488b59d118a086" - - curl -fsSL --connect-timeout 30 --max-time 300 \ - "https://github.com/intel/lms/archive/refs/tags/v${LMS_VERSION}.tar.gz" \ - -o "v${LMS_VERSION}.tar.gz" - - if [ -f "v${LMS_VERSION}.tar.gz" ]; then - actual_checksum=$(sha256sum "v${LMS_VERSION}.tar.gz" | awk '{print $1}') - if [ "$actual_checksum" != "$expected_checksum" ]; then - echo "ERROR: Checksum mismatch. Expected: $expected_checksum, Got: $actual_checksum" - rm -f "v${LMS_VERSION}.tar.gz" - exit 1 - fi - echo "Checksum verification successful." - - tar -xzf "v${LMS_VERSION}.tar.gz" - rm -f "v${LMS_VERSION}.tar.gz" - cd "lms-${LMS_VERSION}" || exit 1 - - export LMS_ROOT="$PWD" - mkdir -p build && cd build || exit 1 - - cmake -Wno-dev -DBUILD_SHARED_LIBS=OFF -DNETWORK_NM=OFF \ - -DNETWORK_CN=OFF -DCMAKE_INSTALL_PREFIX=/usr "$LMS_ROOT" - - if ! make -j"$(($(nproc) / 2))"; then - echo "ERROR: LMS build failed" - exit 1 - fi - - # Create package without sudo, then install with sudo - if ! make package; then - echo "ERROR: LMS package creation failed" - exit 1 - fi - - if [ -f "./lms-2506.0.0-Linux.deb" ]; then - echo "LMS package built successfully" - if sudo apt-get install -y -o Dpkg::Options::="--force-confnew" "./lms-2506.0.0-Linux.deb"; then - echo "LMS package installed successfully" - sudo systemctl stop lms.service - sudo systemctl disable lms.service - sudo systemctl mask lms.service - rm -f "lms-2506.0.0-Linux.deb" - else - echo "WARNING: Failed to install LMS package. Platform manageability features may not work properly." - echo "Continuing with installation..." - fi - else - echo "ERROR: LMS package not found. Build failed." - exit 1 - fi - else - echo "ERROR: Failed to download LMS source. Aborting installation." - exit 1 - fi - - #Download RPC binary - echo "Download RPC binary" - expected_checksum="609b3a69f6534005ca0bf62b12b04c1d18cbc28decc6cf2d5d03d0bc521d9de8" - curl -LO "https://github.com/device-management-toolkit/rpc-go/releases/download/v2.48.2/rpc_linux_x64.tar.gz" - - if [ -f "rpc_linux_x64.tar.gz" ]; then - actual_checksum=$(sha256sum "rpc_linux_x64.tar.gz" | awk '{print $1}') - if [ "$actual_checksum" != "$expected_checksum" ]; then - echo "Checksum mismatch. File may be corrupted." - fi - echo "Checksum verification successful." - tar -xvf rpc_linux_x64.tar.gz -C /usr/bin - rm -rf rpc_linux_x64.tar.gz - mv /usr/bin/rpc_linux_x64 /usr/bin/rpc - else - echo "Downloaded file does not exist. Aborting installation." - exit 1 - fi + apt-get update apt-get install -y -o Dpkg::Options::="--force-confnew" \ cluster-agent="$CLUSTER_AGENT_VERSION" \ @@ -415,8 +418,18 @@ install_other_agents() { tpm-provision="$TPM_PROVISION_VERSION" \ inbc-program="$INBC_PROGRAM_VERSION" \ platform-update-agent="$PLATFORM_UPDATE_AGENT_VERSION" \ - platform-telemetry-agent="$PLATFORM_TELEMETRY_AGENT_VERSION" \ - platform-manageability-agent="$PLATFORM_MANAGEABILITY_AGENT_VERSION" + platform-telemetry-agent="$PLATFORM_TELEMETRY_AGENT_VERSION" + + PMA_ENABLE=$(bash /opt/edge-node/node/check_vpro_ism_capable.sh) + + if [ "$PMA_ENABLE" = "true" ]; then + echo "platform-manageability-agent platform-manageability-agent/manageability.serviceURL string ${PLATFORM_MANAGEABILITY_URL}" | debconf-set-selections + echo "platform-manageability-agent platform-manageability-agent/rpsAddress string ${RPS_ADDRESS}" | debconf-set-selections + apt-get install -y -o Dpkg::Options::="--force-confnew" platform-manageability-agent="$PLATFORM_MANAGEABILITY_AGENT_VERSION" + else + sed -i '/serviceClients:/ s/platform-manageability-agent, *//; /serviceClients:/ s/, *platform-manageability-agent//; /serviceClients:/ s/platform-manageability-agent//' /etc/edge-node/node/confs/node-agent.yaml + systemctl restart node-agent + fi # Remove docker. trtl and inbm-telemetry checks from INBM configuration file remove_lines_from_sotaSW /etc/intel_manageability.conf docker trtl inbm-telemetry @@ -556,6 +569,7 @@ install_dependencies 2>&1 | tee -a "$SCRIPT_DIR"/$SETUP_STATUS_FILENAME enable_kernel_config 2>&1 | tee -a "$SCRIPT_DIR"/$SETUP_STATUS_FILENAME install_syslogrotate_job 2>&1 | tee -a "$SCRIPT_DIR"/$SETUP_STATUS_FILENAME echo "Install agents..........................." +install_lms_rpc 2>&1 | tee -a "$SCRIPT_DIR"/$SETUP_STATUS_FILENAME install_node_agent 2>&1 | tee -a "$SCRIPT_DIR"/$SETUP_STATUS_FILENAME install_other_agents 2>&1 | tee -a "$SCRIPT_DIR"/$SETUP_STATUS_FILENAME install_syslogrotate_ufw 2>&1 | tee -a "$SCRIPT_DIR"/$SETUP_STATUS_FILENAME