diff --git a/docker/snmp-exporter/generator.yml b/docker/snmp-exporter/generator.yml index 65b5971ee5773e20ce0e6d5faf89c9b5cedd298b..a04006a5491d9a602f808a7476cdc0bc89ca541b 100644 --- a/docker/snmp-exporter/generator.yml +++ b/docker/snmp-exporter/generator.yml @@ -4,6 +4,9 @@ auths: version: 1 public_v2: version: 2 + lcu: + community: monitoring + version: 2 pcon_acc: community: accread version: 1 @@ -109,6 +112,22 @@ modules: scale: 0.1 outputVoltage: scale: 0.1 +# +# Supermicro X12/X13 +# + aten: + walk: + - ipmi + - boardinfo + - hardwareinfo + - powerinfo + overrides: + powerStatus: + type: EnumAsStateSet + sensorReading: + type: OctetString + biosVesion: + type: OctetString # # White Rabbit diff --git a/docker/snmp-exporter/lofar_mibs/IPMI-SNMP-Agent.mib b/docker/snmp-exporter/lofar_mibs/IPMI-SNMP-Agent.mib new file mode 100644 index 0000000000000000000000000000000000000000..92af90923f5bc44e4a03cd0880ae9260de68c122 --- /dev/null +++ b/docker/snmp-exporter/lofar_mibs/IPMI-SNMP-Agent.mib @@ -0,0 +1,2123 @@ +ATEN-IPMI-MIB DEFINITIONS ::= BEGIN + +-- +-- Top-level infrastructure of the ATEN CORP. enterprise MIB tree +-- + +IMPORTS + NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-TYPE, enterprises, Integer32, IpAddress FROM SNMPv2-SMI + DateAndTime FROM SNMPv2-TC; + +aten MODULE-IDENTITY + LAST-UPDATED "202403291150Z" + ORGANIZATION "Supermicro" + CONTACT-INFO "https://www.supermicro.com/en/support" + DESCRIPTION "Supermicro develops this enterprise MIB tree based on Aten's solution" + REVISION "202401171150Z" + DESCRIPTION "This enterprise MIB tree is released on 2024/01/17" + ::= { enterprises 21317 } + +-- +-- ATEN CORP. enterprise-specific management objects +-- + +ipmi OBJECT IDENTIFIER ::= { aten 1 } +boardinfo OBJECT IDENTIFIER ::= { ipmi 5 } +hardwareinfo OBJECT IDENTIFIER ::= { ipmi 6 } +storage OBJECT IDENTIFIER ::= { ipmi 7 } +powerinfo OBJECT IDENTIFIER ::= { ipmi 14 } +fruinfo OBJECT IDENTIFIER ::= { ipmi 16 } +ntpinfo OBJECT IDENTIFIER ::= { ipmi 17 } +nvme OBJECT IDENTIFIER ::= { ipmi 19 } +network OBJECT IDENTIFIER ::= { ipmi 21 } +smtp OBJECT IDENTIFIER ::= { ipmi 22 } + +-- +-- MIB Module Object Types +-- +sel OBJECT-TYPE + SYNTAX Integer32 (0) + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Number of SELs + Set case: + 0 : Clear all SELs" + ::= { ipmi 2 } + +sensorTable OBJECT-TYPE + SYNTAX SEQUENCE OF SensorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of sensors. The number of entries is + given by the value of ifNumber." + ::= { ipmi 3 } + +sensorEntry OBJECT-TYPE + SYNTAX SensorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular sensor." + INDEX { sensorNumber } + ::= { sensorTable 1 } + +SensorEntry ::= + SEQUENCE { + sensorNumber Integer32, + sensorReading OCTET STRING, + sensorPositiveHysteresis Integer32, + sensorNegativeHysteresis Integer32, + lncThreshold OCTET STRING, + lcThreshold OCTET STRING, + lnrThreshold OCTET STRING, + uncThreshold OCTET STRING, + ucThreshold OCTET STRING, + unrThreshold OCTET STRING, + eventAssertionEnable Integer32, + eventDeassertionEnable Integer32, + sensorIDString OCTET STRING + } + +sensorNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each interface. It + is recommended that values are assigned contiguously + starting from 1. The value for each interface sub-layer + must remain constant at least from one re-initialization of + the entity's network management system to the next re- + initialization." + ::= { sensorEntry 1 } + +sensorReading OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual string containing information about the + interface. This string should include the name of the + manufacturer, the product name and the version of the + interface hardware/software." + ::= { sensorEntry 2 } + +sensorPositiveHysteresis OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of interface. Additional values for ifType are + assigned by the Internet Assigned Numbers Authority (IANA), + through updating the syntax of the IANAifType textual + convention." + ::= { sensorEntry 3 } + +sensorNegativeHysteresis OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size of the largest packet which can be sent/received + on the interface, specified in octets. For interfaces that + are used for transmitting network datagrams, this is the + size of the largest network datagram that can be sent on the + interface." + ::= { sensorEntry 4 } + +lncThreshold OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An estimate of the interface's current bandwidth in bits + per second. For interfaces which do not vary in bandwidth + or for those where no accurate estimation can be made, this + object should contain the nominal bandwidth. If the + bandwidth of the interface is greater than the maximum value + reportable by this object then this object should report its + maximum value (4,294,967,295) and ifHighSpeed must be used + to report the interace's speed. For a sub-layer which has + no concept of bandwidth, this object should be zero." + ::= { sensorEntry 5 } + +lcThreshold OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a MAC address. The interface's media-specific MIB + must define the bit and byte ordering and the format of the + value of this object. For interfaces which do not have such + an address (e.g., a serial line), this object should contain + an octet string of zero length." + ::= { sensorEntry 6 } + +lnrThreshold OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The desired state of the interface. The testing(3) state + indicates that no operational packets can be passed. When a + managed system initializes, all interfaces start with + ifAdminStatus in the down(2) state. As a result of either + explicit management action or per configuration information + retained by the managed system, ifAdminStatus is then + changed to either the up(1) or testing(3) states (or remains + in the down(2) state)." + ::= { sensorEntry 7 } + + + +uncThreshold OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current operational state of the interface. The + testing(3) state indicates that no operational packets can + be passed. If ifAdminStatus is down(2) then ifOperStatus + should be down(2). If ifAdminStatus is changed to up(1) + then ifOperStatus should change to up(1) if the interface is + ready to transmit and receive network traffic; it should + change to dormant(5) if the interface is waiting for + external actions (such as a serial line waiting for an + incoming connection); it should remain in the down(2) state + if and only if there is a fault that prevents it from going + to the up(1) state; it should remain in the notPresent(6) + state if the interface has missing (typically, hardware) + components." + ::= { sensorEntry 8 } + +ucThreshold OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time the interface entered + its current operational state. If the current state was + entered prior to the last re-initialization of the local + network management subsystem, then this object contains a + zero value." + ::= { sensorEntry 9 } + +unrThreshold OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received on the interface, + + + including framing characters. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { sensorEntry 10 } + +eventAssertionEnable OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were not addressed to a multicast + or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { sensorEntry 11 } + +eventDeassertionEnable OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were addressed to a multicast or + broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime. + + This object is deprecated in favour of ifInMulticastPkts and + ifInBroadcastPkts." + ::= { sensorEntry 12 } + +sensorIDString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "16-byte length field for displaying each available sensors' ID string." + ::= { sensorEntry 13 } + +powerStatus OBJECT-TYPE + SYNTAX INTEGER { poweroff(0), poweron(1), powerreset(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Get and set the power status of system. + Set case: + 0 : power off + 1 : power on + 2 : power reset" + ::= { ipmi 4 } + +coldResetBMC OBJECT-TYPE + SYNTAX Integer32 (1) + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Cold reset the BMC." + ::= { ipmi 8 } + +bmcMajorVesion OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BMC Major Vesion" + ::= { boardinfo 1 } + +bmcMinorVesion OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BMC Minor Vesion" + ::= { boardinfo 2 } + +bmcBuildDate OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BMC FW Build Date" + ::= { boardinfo 3 } + +biosVesion OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BIOS Vesion" + ::= { boardinfo 4 } + +biosBuildDate OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BIOS Build Date" + ::= { boardinfo 5 } + +hostName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BMC Host Name" + ::= { boardinfo 6 } + +bmcBuildVesion OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BMC Build Vesion" + ::= { boardinfo 7 } + +serialNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Motherboard Serial Number" + ::= { hardwareinfo 1 } + +cpuTable OBJECT-TYPE + SYNTAX SEQUENCE OF CpuEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of CPUs. The number of entries is + given by the number of CPUs." + ::= { hardwareinfo 2 } + +cpuEntry OBJECT-TYPE + SYNTAX CpuEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular CPU." + INDEX { cpuNumber } + ::= { cpuTable 1 } + +CpuEntry ::= + SEQUENCE { + cpuNumber Integer32, + processor OCTET STRING, + speed Integer32, + core Integer32, + coreActive Integer32, + manufacturer OCTET STRING + } + +cpuNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each CPU. It + is recommended that values are assigned contiguously + starting from 1." + ::= { cpuEntry 1 } + +processor OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Processor name." + ::= { cpuEntry 2 } + +speed OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Processor speed (MHz)." + ::= { cpuEntry 3 } + +core OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of processor cores." + ::= { cpuEntry 4 } + +coreActive OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of active processor cores." + ::= { cpuEntry 5 } + +manufacturer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "CPU Manufacturer" + ::= { cpuEntry 6 } + +dimmTable OBJECT-TYPE + SYNTAX SEQUENCE OF DimmEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of DIMMs. The number of entries is + given by the number of DIMMs." + ::= { hardwareinfo 3 } + +dimmEntry OBJECT-TYPE + SYNTAX DimmEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular DIMM." + INDEX { dimmNumber } + ::= { dimmTable 1 } + +DimmEntry ::= + SEQUENCE { + dimmNumber Integer32, + dimmLocation OCTET STRING, + dimmMaxCapSpeed Integer32, + dimmOpSpeed Integer32, + dimmSize Integer32, + dimmSerialNo OCTET STRING, + dimmPartNo OCTET STRING, + dimmManufacturer OCTET STRING + } + +dimmNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each DIMM. It + is recommended that values are assigned contiguously + starting from 1." + ::= { dimmEntry 1 } + +dimmLocation OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The location of this DIMM." + ::= { dimmEntry 2 } + +dimmMaxCapSpeed OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The max capable speed (MHz) of this DIMM." + ::= { dimmEntry 3 } + +dimmOpSpeed OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current operation speed (MHz) of this DIMM." + ::= { dimmEntry 4 } + +dimmSize OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size (MBytes) of this DIMM." + ::= { dimmEntry 5 } + +dimmSerialNo OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The serial number of this DIMM." + ::= { dimmEntry 6 } + +dimmPartNo OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The serial number of this DIMM." + ::= { dimmEntry 7 } + +dimmManufacturer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The manufacturer of this DIMM." + ::= { dimmEntry 8 } + +controllerTable OBJECT-TYPE + SYNTAX SEQUENCE OF ControllerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of raid controllers. The number of entries is + given by the number of controllers." + ::= { storage 1 } + +controllerEntry OBJECT-TYPE + SYNTAX ControllerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular controller." + INDEX { controllerNumber } + ::= { controllerTable 1 } + +ControllerEntry ::= + SEQUENCE { + controllerNumber Integer32, + controllerProductName OCTET STRING, + serial OCTET STRING, + package OCTET STRING, + fwVersion OCTET STRING, + biosVersion OCTET STRING, + bootBlockVersion OCTET STRING, + batteryStatus Integer32, + pcieLocation Integer32, + pcieSlot Integer32 + } + +controllerNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each controller. It + is recommended that values are assigned contiguously + starting from 1." + ::= { controllerEntry 1 } + +controllerProductName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(96)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Product name of the controller." + ::= { controllerEntry 2 } + +serial OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Serial number of the controller." + ::= { controllerEntry 3 } + +package OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(96)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Package version of the controller." + ::= { controllerEntry 4 } + +fwVersion OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Firmware version of the controller." + ::= { controllerEntry 5 } + +biosVersion OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BIOS version of the controller." + ::= { controllerEntry 6 } + +bootBlockVersion OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Boot block version of the controller." + ::= { controllerEntry 7 } + +batteryStatus OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Battery status of the controller. + 0: Missing + 1: Charging + 2: Discharging + 3: Optimal + 4: Needs to be replaced" + ::= { controllerEntry 8 } + +pcieLocation OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PCIE location of the controller. + 0: ONBOARD + 1: RISER WIO Right + 2: RISER WIO Left + 3: RISER Ultra IO" + ::= { controllerEntry 9 } + +pcieSlot OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PCIE slot number of the controller." + ::= { controllerEntry 10 } + +nicTable OBJECT-TYPE + SYNTAX SEQUENCE OF NicEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of NICs. The number of entries is + given by the number of NICs." + ::= { ipmi 20 } + +nicEntry OBJECT-TYPE + SYNTAX NicEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular NIC." + INDEX { nicNumber } + ::= { nicTable 1 } + +NicEntry ::= + SEQUENCE { + nicNumber Integer32, + nicName OCTET STRING, + nicMac OCTET STRING, + nicIpv4Addr IpAddress, + nicIpv6Addr OCTET STRING, + nicGateway OCTET STRING, + nicNetmask OCTET STRING, + nicFqdn OCTET STRING, + nicDns OCTET STRING, + nicSpeed OCTET STRING, + nicDescript OCTET STRING, + nicStatus OCTET STRING + } + +nicNumber OBJECT-TYPE + SYNTAX Integer32 (1..32) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each NIC. It + is recommended that values are assigned contiguously + starting from 1." + ::= { nicEntry 1 } + +nicName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Name of the NIC." + ::= { nicEntry 2 } + +nicMac OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(17)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "MAC of the NIC." + ::= { nicEntry 3 } + +nicIpv4Addr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "IPv4 address of the NIC." + ::= { nicEntry 4 } + +nicIpv6Addr OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(45)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "IPv6 address of the NIC." + ::= { nicEntry 5 } + +nicGateway OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(45)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Gateway of the NIC." + ::= { nicEntry 6 } + +nicNetmask OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(45)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Netmask of the NIC." + ::= { nicEntry 7 } + +nicFqdn OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(256)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FQDN of the NIC." + ::= { nicEntry 8 } + +nicDns OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(91)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "DNS of the NIC." + ::= { nicEntry 9 } + +nicSpeed OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Speed of the NIC. (Unit: Mbps)" + ::= { nicEntry 10 } + +nicDescript OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Description of the NIC." + ::= { nicEntry 11 } + +nicStatus OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Status of the NIC." + ::= { nicEntry 12 } + +phyHddTable OBJECT-TYPE + SYNTAX SEQUENCE OF HddEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of HDDs. The number of entries is + given by the number of HDDs." + ::= { storage 2 } + +hddEntry OBJECT-TYPE + SYNTAX HddEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular HDD." + INDEX { hddNumber } + ::= { phyHddTable 1 } + +HddEntry ::= + SEQUENCE { + hddNumber Integer32, + hddControllerNumber Integer32, + enclosureNumber Integer32, + status Integer32, + temperature Integer32, + capacity Integer32, + vendor OCTET STRING, + modelName OCTET STRING, + revision OCTET STRING, + sn OCTET STRING, + linkSpeed Integer32, + fwState Integer32, + otherErrCount Integer32, + predictedFailCount Integer32, + mediaErrCount Integer32 + } + +hddNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each HDD. It + is recommended that values are assigned contiguously + starting from 1." + ::= { hddEntry 1 } + +hddControllerNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The controller that this HDD belongs to." + ::= { hddEntry 2 } + +enclosureNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The enclosure that this HDD belongs to." + ::= { hddEntry 3 } + +status OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Current status of the HDD. + 1: present + 0: not present" + ::= { hddEntry 4 } + +temperature OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Current temperature of the HDD." + ::= { hddEntry 5 } + +capacity OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Capacity(GB) of the HDD. " + ::= { hddEntry 6 } + +vendor OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The vendor of the HDD." + ::= { hddEntry 7 } + +modelName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Model name of the HDD." + ::= { hddEntry 8 } + +revision OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Revision of the HDD." + ::= { hddEntry 9 } + +sn OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The serial number of the HDD." + ::= { hddEntry 10 } + +linkSpeed OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The link speed of the HDD. + 0: not defined + 1: 1.5Gb/s - SATA 150 + 2: 3.0Gb/s + 3: 6.0Gb/s + 4: 12.0Gb/s" + ::= { hddEntry 11 } + +fwState OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The firmware state of the HDD. + 00: Unconfigured good drive + 01: Unconfigured bad drive + 02: Hot spare drive + 16: Configured-good drive(data invalid) + 17: Configured-bad drive (data invalid) + 20: Configured-drive is rebuilding + 24: Configured-drive is online + 32: drive is getting copied + 64: drive is exposed and controlled by host + 128: UnConfigured - shielded + 130: Hot Spare - shielded + 144: Configured - shielded" + ::= { hddEntry 12 } + +otherErrCount OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Other error count of the HDD." + ::= { hddEntry 13 } + +predictedFailCount OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Predicted fail count of the HDD." + ::= { hddEntry 14 } + +mediaErrCount OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Media error Count of the HDD." + ::= { hddEntry 15 } + + +logHddTable OBJECT-TYPE + SYNTAX SEQUENCE OF VolumeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of volumes. The number of entries is + given by the number of volumes." + ::= { storage 3 } + +volumeEntry OBJECT-TYPE + SYNTAX VolumeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular volume." + INDEX { volNumber } + ::= { logHddTable 1 } + +VolumeEntry ::= + SEQUENCE { + volNumber Integer32, + volControllerNumber Integer32, + volStatus Integer32, + volCapacity Integer32, + priRaidLevel Integer32, + raidLevelQualifier Integer32, + secRaidLevel Integer32, + ldStripSize Integer32, + numDevices Integer32, + spanDepth Integer32, + state Integer32, + volName OCTET STRING + } + +volNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each volume. It + is recommended that values are assigned contiguously + starting from 1." + ::= { volumeEntry 1 } + +volControllerNumber OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The controller that this HDD belongs to." + ::= { volumeEntry 2 } + +volStatus OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Current status of the volume. + 1: present + 0: not present" + ::= { volumeEntry 3 } + +volCapacity OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Capacity(GB) of the volume." + ::= { volumeEntry 4 } + +priRaidLevel OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Primary raid level of the volume." + ::= { volumeEntry 5 } + +raidLevelQualifier OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Raid level qaulifier of the volume." + ::= { volumeEntry 6 } + +secRaidLevel OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Secondary raid level of the volume." + ::= { volumeEntry 7 } + +ldStripSize OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LD strip size of the volume. + (per DDF: 4=8K, 5=16K, 7=64K, 11=1MB, etc.)" + ::= { volumeEntry 8 } + +numDevices OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "number of drives per span." + ::= { volumeEntry 9 } + +spanDepth OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Span depth of the volume." + ::= { volumeEntry 10 } + +state OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State of the volume. + 0: offline + 1: partially degraded + 2: degraded + 3: optimal" + ::= { volumeEntry 11 } + +volName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the volume." + ::= { volumeEntry 12 } + +userTable OBJECT-TYPE + SYNTAX SEQUENCE OF UserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of all users." + ::= { ipmi 9 } + +userInfo OBJECT-TYPE + SYNTAX UserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular user." + INDEX { id } + ::= { userTable 1 } + +UserEntry ::= + SEQUENCE { + id Integer32, + username OCTET STRING, + password OCTET STRING, + privilege Integer32 + } + +id OBJECT-TYPE + SYNTAX Integer32 (1..15) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for user ID, greater than zero." + ::= { userInfo 1 } + +username OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(15)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "User name." + ::= { userInfo 2 } + +password OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(20)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Password." + ::= { userInfo 3 } + +privilege OBJECT-TYPE + SYNTAX Integer32 (2..4) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "User privilege." + ::= { userInfo 4 } + +uid OBJECT-TYPE + SYNTAX INTEGER { off(0), on(1) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Get and set the UID status. + Get case: + 0 : off + 1 : on + Set case: + 0 : off + 1 : on" + ::= { ipmi 10 } + + + +psuNumber OBJECT-TYPE + SYNTAX Integer32 (0..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of PSUs" + ::= { powerinfo 1 } + +psuTable OBJECT-TYPE + SYNTAX SEQUENCE OF PsuEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of PSUs. The number of entries is + given by the number of PSUs." + ::= { powerinfo 2 } + +psuEntry OBJECT-TYPE + SYNTAX PsuEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing a particular PSU information." + INDEX { psuIndex } + ::= { psuTable 1 } + +PsuEntry ::= + SEQUENCE { + psuIndex Integer32, + psuStatus Integer32, + inputVoltage OCTET STRING, + inputCurrent OCTET STRING, + inputPower Integer32, + outputVoltage OCTET STRING, + outputCurrent OCTET STRING, + outputPower Integer32, + temperature1 Integer32, + temperature2 Integer32, + fanRPM1 Integer32, + fanRPM2 Integer32, + psuSerialNumber OCTET STRING + } + +psuIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, start from one, for each PSU. It is + recommended that values are assigned contiguously + starting from 1." + ::= { psuEntry 1 } + +psuStatus OBJECT-TYPE + SYNTAX INTEGER { fail(0), good(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Status." + ::= { psuEntry 2 } + +inputVoltage OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Input Voltage." + ::= { psuEntry 3 } + +inputCurrent OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Input Current." + ::= { psuEntry 4 } + +inputPower OBJECT-TYPE + SYNTAX Integer32 (1..1048576) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Input Power." + ::= { psuEntry 5 } + +outputVoltage OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Output Voltage." + ::= { psuEntry 6 } + +outputCurrent OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Output Current." + ::= { psuEntry 7 } + +outputPower OBJECT-TYPE + SYNTAX Integer32 (1..1048576) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Output Power." + ::= { psuEntry 8 } + +temperature1 OBJECT-TYPE + SYNTAX Integer32 (1..256) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Temperature1." + ::= { psuEntry 9 } + +temperature2 OBJECT-TYPE + SYNTAX Integer32 (1..256) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Temperature2." + ::= { psuEntry 10 } + +fanRPM1 OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Fan RPM1." + ::= { psuEntry 11 } + +fanRPM2 OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Fan RPM2." + ::= { psuEntry 12 } + +psuSerialNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "PSU Serial Number." + ::= { psuEntry 13 } + +-- +-- FanMode MIB (15) +-- +fanMode OBJECT-TYPE + SYNTAX INTEGER { standard(0), fullspeed(1), optimal(2), pue2optimal(3), heavyIO(4)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "" + ::= { ipmi 15 } + +-- +-- FRU MIB (16) +-- +chassis OBJECT IDENTIFIER ::= { fruinfo 1 } +board OBJECT IDENTIFIER ::= { fruinfo 2 } +product OBJECT IDENTIFIER ::= { fruinfo 3 } + +chassisType OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Chassis Type." + ::= { chassis 1 } + +chassisPartNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Chassis Part Number" + ::= { chassis 2 } + +chassisSerialNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Chassis Serial Number" + ::= { chassis 3 } + +boardLanguage OBJECT-TYPE + SYNTAX INTEGER { afar(1), abkhazian(2), afrikaans(3), amharic(4), arabic(5), assamese(6), aymara(7), azerbaijani(8), bashkir(9), byelorussian(10), bulgarian(11), bihari(12), bislama(13), bengali(14), tibetan(15), breton(16), catalan(17), corsican(18), czech(19), welsh(20), danish(21), german(22), bhutani(23), greek(24), english(25), esperanto(26), spanish(27), estonian(28), basque(29), persian(30), finnish(31), fiji(32), faeroese(33), french(34), frisian(35), irish(36), gaelic(37), galician(38), guarani(39), gujarati(40), hausa(41), hindi(42), croatian(43), hungarian(44), armenian(45), interlingua(46), interlingue(47), inupiak(48), indonesian(49), icelandic(50), italian(51), hebrew(52), japanese(53), yiddish(54), javanese(55), georgian(56), kazakh(57), greenlandic(58), cambodian(59), kannada(60), korean(61), kashmiri(62), kurdish(63), kirghiz(64), latin(65), lingala(66), laothian(67), lithuanian(68), lettish(69), malagasy(70), maori(71), macedonian(72), malayalam(73), mongolian(74), moldavian(75), marathi(76), malay(77), maltese(78), burmese(79), nauru(80), nepali(81), dutch(82), norwegian(83), occitan(84), oromo(85), oriya(86), punjabi(87), polish(88), pushto(89), portuguese(90), quechua(91), rhaeto-romance(92), kirundi(93), romanian(94), russian(95), kinyarwanda(96), sanskrit(97), sindhi(98), sangro(99), serbo-croatian(100), singhalese(101), slovak(102), slovenian(103), samoan(104), shona(105), somali(106), albanian(107), serbian(108), siswati(109), sesotho(110), sudanese(111), swedish(112), swahili(113), tamil(114), tegulu(115), tajik(116), thai(117), tigrinya(118), turkmen(119), tagalog(120), setswana(121), tonga(122), turkish(123), tsonga(124), tatar(125), twi(126), ukrainian(127), urdu(128), uzbek(129), vietnamese(130), volapuk(131), wolof(132), xhosa(133), yoruba(134), chinese(135), zulu(136) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Board Language" + ::= { board 1 } + +boardManufacturer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Board Manufacturer" + ::= { board 2 } + +boardProductName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Board Product Name" + ::= { board 3 } + +boardSerialNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Board Serial Number" + ::= { board 4 } + +boardPartNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Board part Number" + ::= { board 5 } + +productLanguage OBJECT-TYPE + SYNTAX INTEGER { afar(1), abkhazian(2), afrikaans(3), amharic(4), arabic(5), assamese(6), aymara(7), azerbaijani(8), bashkir(9), byelorussian(10), bulgarian(11), bihari(12), bislama(13), bengali(14), tibetan(15), breton(16), catalan(17), corsican(18), czech(19), welsh(20), danish(21), german(22), bhutani(23), greek(24), english(25), esperanto(26), spanish(27), estonian(28), basque(29), persian(30), finnish(31), fiji(32), faeroese(33), french(34), frisian(35), irish(36), gaelic(37), galician(38), guarani(39), gujarati(40), hausa(41), hindi(42), croatian(43), hungarian(44), armenian(45), interlingua(46), interlingue(47), inupiak(48), indonesian(49), icelandic(50), italian(51), hebrew(52), japanese(53), yiddish(54), javanese(55), georgian(56), kazakh(57), greenlandic(58), cambodian(59), kannada(60), korean(61), kashmiri(62), kurdish(63), kirghiz(64), latin(65), lingala(66), laothian(67), lithuanian(68), lettish(69), malagasy(70), maori(71), macedonian(72), malayalam(73), mongolian(74), moldavian(75), marathi(76), malay(77), maltese(78), burmese(79), nauru(80), nepali(81), dutch(82), norwegian(83), occitan(84), oromo(85), oriya(86), punjabi(87), polish(88), pushto(89), portuguese(90), quechua(91), rhaeto-romance(92), kirundi(93), romanian(94), russian(95), kinyarwanda(96), sanskrit(97), sindhi(98), sangro(99), serbo-croatian(100), singhalese(101), slovak(102), slovenian(103), samoan(104), shona(105), somali(106), albanian(107), serbian(108), siswati(109), sesotho(110), sudanese(111), swedish(112), swahili(113), tamil(114), tegulu(115), tajik(116), thai(117), tigrinya(118), turkmen(119), tagalog(120), setswana(121), tonga(122), turkish(123), tsonga(124), tatar(125), twi(126), ukrainian(127), urdu(128), uzbek(129), vietnamese(130), volapuk(131), wolof(132), xhosa(133), yoruba(134), chinese(135), zulu(136) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Product Language" + ::= { product 1 } + +productManufacturer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Product Manufacturer" + ::= { product 2 } + +productName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Product Name" + ::= { product 3 } + +productPartNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Product Part Number" + ::= { product 4 } + +productVersion OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Product Version" + ::= { product 5 } + +productSerialNumber OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Product Serial Number" + ::= { product 6 } + +productAssetTag OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "FRU Product Asset Tag" + ::= { product 7 } +-- +-- NTP INFO MIB (17) +-- +timeZone OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(5)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Get and set time zone. + Get/Set case: + -1200 + -1100 + -1000 + -0930 + -0900 + -0800 + -0700 + -0600 + -0500 + -0430 + -0400 + -0330 + -0300 + -0230 + -0200 + -0100 + +0000 + +0100 + +0200 + +0300 + +0330 + +0400 + +0430 + +0500 + +0530 + +0545 + +0600 + +0630 + +0700 + +0800 + +0900 + +0930 + +1000 + +1030 + +1100 + +1130 + +1200 + +1300 + +1400" + ::= { ntpinfo 1 } + +ntpEnable OBJECT-TYPE + SYNTAX INTEGER { disabled(0), enabled(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION "Get and set NTP status. + Get case: + 0 : off + 1 : on + Set case: + 0 : off + 1 : on" + ::= { ntpinfo 2 } + +primaryNTPServer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(127)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Get and set primary NTP server" + ::= { ntpinfo 3 } + +secondaryNTPServer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(127)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Get and set secondary NTP server" + ::= { ntpinfo 4 } + +dst OBJECT-TYPE + SYNTAX INTEGER { disabled(0), enabled(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Get and set daylight saving time status + Get case: + 0 : off + 1 : on + Set case: + 0 : off + 1 : on" + ::= { ntpinfo 5 } + +selTable OBJECT-TYPE + SYNTAX SEQUENCE OF SelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table displays a record of critical system events from the monitored system." + ::= { ipmi 18 } + +selEntry OBJECT-TYPE + SYNTAX SelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry event logs indicate the time when a critical condition occurred and the time it was resolved" + INDEX { selEid } + ::= { selTable 1 } + +SelEntry ::= + SEQUENCE { + selEid Integer32, + selTimeStamp DateAndTime, + selSensorName OCTET STRING, + selSensorType OCTET STRING, + selDescription OCTET STRING, + selRawData OCTET STRING + } + +selEid OBJECT-TYPE + SYNTAX Integer32 (1..512) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "system event log EID" + ::= { selEntry 1 } + +selTimeStamp OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "System event log trigger time" + ::= { selEntry 2 } + +selSensorName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "System evnet log sensor name" + ::= { selEntry 3 } + +selSensorType OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "System evnet log sensor type" + ::= { selEntry 4 } + +selDescription OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(512)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "System evnet log description" + ::= { selEntry 5 } + +selRawData OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(20)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "System evnet log raw data" + ::= { selEntry 6 } + + +alertTable OBJECT-TYPE + SYNTAX SEQUENCE OF AlertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of all alerts." + ::= { ipmi 11 } + +alertInfo OBJECT-TYPE + SYNTAX AlertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular alert." + INDEX { id } + ::= { alertTable 1 } + +AlertEntry ::= + SEQUENCE { + alertNo Integer32, + alertLevel OCTET STRING, + destinationAddress OCTET STRING + } + +alertNo OBJECT-TYPE + SYNTAX Integer32 (1..16) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for alert ID, greater than zero." + ::= { alertInfo 1 } + +alertLevel OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(25)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Alert Level." + ::= { alertInfo 2 } + +destinationAddress OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(270)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Alert Level." + ::= { alertInfo 3 } + +-- +-- Network MIB (21) +-- + +ipv4DNSServer OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "IPv4 dns server." + ::= { network 1 } + +ipv4Gateway OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "IPv4 gateway" + ::= { network 2 } + +ipv6DNSServer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(45)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "IPv6 dns server." + ::= { network 3 } + +ipv6DUID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "IPv6 DUID" + ::= { network 4 } + +dhcpv6State OBJECT-TYPE + SYNTAX INTEGER { stateless(0) , stateful(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "DHCPv6 State" + ::= { network 5 } + +hostname OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "BMC hostname" + ::= { network 6 } + +dhcpEnabled OBJECT-TYPE + SYNTAX INTEGER { disabled(0), enabled(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "DHCP enabled" + ::= { network 7 } + +vlanIDEnabled OBJECT-TYPE + SYNTAX INTEGER { disabled(0), enabled(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "VLan enabled" + ::= { network 8 } + +vlanID OBJECT-TYPE + SYNTAX Integer32 (1..4095) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Vlan ID" + ::= { network 9 } + +lanInterface OBJECT-TYPE + SYNTAX INTEGER { dedicated(0) , shared(1) ,failover(2)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "the current Lan interface" + ::= { network 10 } + +rmcpPort OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "IPMI port number" + ::= { network 11 } + +activeLanInterface OBJECT-TYPE + SYNTAX INTEGER { dedicated(0) , shared(1) ,failover(2)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "which Lan interface is active." + ::= { network 12 } + +dedicatedLanDuplex OBJECT-TYPE + SYNTAX INTEGER { unknown(0), fullduplex(1) , halfduplex(2)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Duplex Mode of the dedicated Lan" + ::= { network 13 } + +sharedLanDuplex OBJECT-TYPE + SYNTAX INTEGER { unknown(0), fullduplex(1) , halfduplex(2)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Duplex Mode of the share Lan" + ::= { network 14 } + + +-- +-- SMTP MIB (22) +-- + +smtpEnabled OBJECT-TYPE + SYNTAX INTEGER { disabled(0), enabled(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "enable Email server " + ::= { smtp 1 } + +smtpServer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Email server" + ::= { smtp 2 } + +smtpPort OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "the port number of the email server" + ::= { smtp 3 } + +smtpUsername OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "the username for email server's authentication" + ::= { smtp 4 } + +smtpSenderEmail OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(63)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "the sender's email address" + ::= { smtp 5 } + +-- +-- MouseMode MIB (23) +-- +mouseMode OBJECT-TYPE + SYNTAX INTEGER { absolute(1), relative(2), single(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "the port number of the email server" + ::= { ipmi 23 } + +-- +-- BootOrder MIB (24) +-- +sysBootOrder OBJECT-TYPE + SYNTAX INTEGER { none(0), pxe(1), hdd(2), diags(3), cdDvd(4), biosSetup(5), floppy(6), usbKey(7), usbHdd(8), usbFloppy(9), usbCD(10), uefiUsbKey(11), uefiCD(12), uefiHdd(13), uefiUsbHdd(14), uefiUsbCD(15), uefiPxe(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "One time change system boot order." + ::= { ipmi 24 } + + +-- +-- NVMe MIB (19) +-- + +nvmeCtrlTbl OBJECT-TYPE + SYNTAX SEQUENCE OF NVMeCtrlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of NVMe controllers. The number of entries is + given by the number of controllers." + ::= { nvme 1 } + +nvmeCtrlEntry OBJECT-TYPE + SYNTAX NVMeCtrlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing a particular NVMe controller information." + INDEX { nvmeCtrlPresent } + ::= { nvmeCtrlTbl 1 } + +NVMeCtrlEntry ::= + SEQUENCE { + nvmeCtrlPresent Integer32, + maxTemp Integer32, + maxSlotNum Integer32, + onboard Integer32, + driverIndex Integer32, + cpldVer OCTET STRING + } + +nvmeCtrlPresent OBJECT-TYPE + SYNTAX INTEGER { absent(0), present(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe controllor present or not." + ::= { nvmeCtrlEntry 1 } + +maxTemp OBJECT-TYPE + SYNTAX Integer32 (1..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum temperature from all existed NVMe drives." + ::= { nvmeCtrlEntry 2 } + +maxSlotNum OBJECT-TYPE + SYNTAX Integer32 (0..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Maximum slot number at each group." + ::= { nvmeCtrlEntry 3 } + +onboard OBJECT-TYPE + SYNTAX INTEGER { no(0), yes(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe controller type." + ::= { nvmeCtrlEntry 4 } + +driverIndex OBJECT-TYPE + SYNTAX Integer32 (0..1) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe BPN driver index." + ::= { nvmeCtrlEntry 5 } + +cpldVer OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "CPLD FW version of this NVMe controller." + ::= { nvmeCtrlEntry 6 } + +nvmeDriveTbl OBJECT-TYPE + SYNTAX SEQUENCE OF NVMeDriveEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of NVMe drives. The number of entries is + given by the number of drives." + ::= { nvme 2 } + +nvmeDriveEntry OBJECT-TYPE + SYNTAX NVMeDriveEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing a particular NVMe drive information." + INDEX { slotId } + ::= { nvmeDriveTbl 1 } + +NVMeDriveEntry ::= + SEQUENCE { + slotId Integer32, + groupId Integer32, + nvmeDrivePresent Integer32, + locate Integer32, + save2Remove Integer32, + vmdMode Integer32, + temp Integer32, + classCode OCTET STRING, + vendorID OCTET STRING, + serialNum OCTET STRING, + modelNum OCTET STRING, + port0MaxLinkSpd OCTET STRING, + port0MaxLinkWidth OCTET STRING, + port1MaxLinkSpd OCTET STRING, + port1MaxLinkWidth OCTET STRING, + initPowerRequirement Integer32, + maxPowerRequirement Integer32 + } + +slotId OBJECT-TYPE + SYNTAX Integer32 (0..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe Slot ID at one group." + ::= { nvmeDriveEntry 1 } + +groupId OBJECT-TYPE + SYNTAX Integer32 (0..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Group ID at this slot." + ::= { nvmeDriveEntry 2 } + +nvmeDrivePresent OBJECT-TYPE + SYNTAX INTEGER { absent(0), present(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive presence at this slot." + ::= { nvmeDriveEntry 3 } + +locate OBJECT-TYPE + SYNTAX INTEGER { dislocate(0), locate(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive locate/dislocate status at this slot." + ::= { nvmeDriveEntry 4 } + +save2Remove OBJECT-TYPE + SYNTAX INTEGER { not-ready(0), ready(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive save2Remove status at this slot." + ::= { nvmeDriveEntry 5 } + +vmdMode OBJECT-TYPE + SYNTAX INTEGER { vmd-off(0), vmd-on(1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive vmdMode status at this slot." + ::= { nvmeDriveEntry 6 } + +temp OBJECT-TYPE + SYNTAX Integer32 (0..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive temperature at this slot." + ::= { nvmeDriveEntry 7 } + +classCode OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive class code at this slot." + ::= { nvmeDriveEntry 8 } + +vendorID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive class code at this slot." + ::= { nvmeDriveEntry 9 } + +serialNum OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(20)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive serial number at this slot." + ::= { nvmeDriveEntry 10 } + +modelNum OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(40)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive model number at this slot." + ::= { nvmeDriveEntry 11 } + +port0MaxLinkSpd OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive port0 max link speed at this slot." + ::= { nvmeDriveEntry 12 } + +port0MaxLinkWidth OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive port0 max link width at this slot." + ::= { nvmeDriveEntry 13 } + +port1MaxLinkSpd OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive port1 max link speed at this slot." + ::= { nvmeDriveEntry 14 } + +port1MaxLinkWidth OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "NVMe drive port1 max link width at this slot." + ::= { nvmeDriveEntry 15 } + +initPowerRequirement OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Initial power requirment (Watts)." + ::= { nvmeDriveEntry 16 } + +maxPowerRequirement OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Maximum power requirment (Watts)." + ::= { nvmeDriveEntry 17 } + +guid NOTIFICATION-TYPE + STATUS current + DESCRIPTION "GUID." + ::= { ipmi 30 } + +END diff --git a/infra/env/common.yaml b/infra/env/common.yaml index 93fe34c00246736c85e715ddf4584284227ce89f..cdb67b36a65142515d89be417f4b74bd061fe8f2 100644 --- a/infra/env/common.yaml +++ b/infra/env/common.yaml @@ -37,7 +37,7 @@ object_storage: pass: minioadmin vector: - version: 0.39.X-distroless-static + version: 0.40.X-distroless-static pypcc: version: v1-0 diff --git a/infra/jobs/station/logging.levant.nomad b/infra/jobs/station/logging.levant.nomad index 5fc213d1d568749f632c833d076472694a9e7f75..dfda40153f77055ab08ba8247e9db0130b96b42b 100644 --- a/infra/jobs/station/logging.levant.nomad +++ b/infra/jobs/station/logging.levant.nomad @@ -173,16 +173,12 @@ healthchecks.require_healthy = true [sources.host_metrics] type = "host_metrics" scrape_interval_secs = 10 -[sources.nomad_metrics] - type = "prometheus_scrape" - scrape_interval_secs = 10 - endpoints = [ "http://(( env "attr.unique.network.ip-address" )):4646/v1/metrics?format=prometheus" ] [sources.vector_metrics] type = "internal_metrics" scrape_interval_secs = 10 [sinks.prometheus_remote_write] type = "prometheus_remote_write" - inputs = [ "host_metrics", "nomad_metrics", "vector_metrics" ] + inputs = [ "host_metrics", "vector_metrics" ] endpoint = "http://prometheus.service.consul:9090/api/v1/write" healthcheck.enabled = false EOF diff --git a/infra/jobs/station/monitoring.levant.nomad b/infra/jobs/station/monitoring.levant.nomad index ef97263356cd39df8381655e305abb3e9273a3b5..4d814ff1a75df0932406d8eb7865c4414c4425b0 100644 --- a/infra/jobs/station/monitoring.levant.nomad +++ b/infra/jobs/station/monitoring.levant.nomad @@ -278,9 +278,9 @@ postgres.service.consul:5432:grafana:postgres:password consul_sd_configs: - server: 'consul.service.consul:8500' services: - {{range services}}{{if in .Tags "scrape"}}{{ if .Name | regexMatch "(.+)-sidecar-proxy$" }}{{ else }} + {{range services}}{{ if and (in .Tags "scrape") (.Name | contains "sidecar" | not) }} - '{{.Name}}' - {{end}}{{end}}{{end}} + {{ end }}{{end}} relabel_configs: - target_label: host replacement: localhost @@ -302,9 +302,15 @@ postgres.service.consul:5432:grafana:postgres:password consul_sd_configs: - server: 'consul.service.consul:8500' services: - {{range services}}{{if in .Tags "snmp-scrape"}}{{ if .Name | regexMatch "(.+)-sidecar-proxy$" }}{{ else }} + {{range services}}{{ if and (in .Tags "snmp-scrape") (.Name | contains "sidecar" | not) }} - '{{.Name}}' - {{end}}{{end}}{{end}} + {{ end }}{{end}} + metric_relabel_configs: + - source_labels: [prefix, __name__] + separator: "" + target_label: __name__ + - action: labeldrop + regex: prefix relabel_configs: - target_label: host replacement: localhost @@ -316,6 +322,8 @@ postgres.service.consul:5432:grafana:postgres:password target_label: __param_auth - target_label: __address__ replacement: "snmp-exporter.service.consul:9116" + - source_labels: [__meta_consul_service_metadata_prefix] + target_label: prefix - source_labels: [__meta_consul_service] target_label: instance # avoid a dynamic ip:port or hostname EOH @@ -391,6 +399,12 @@ postgres.service.consul:5432:grafana:postgres:password ring: kvstore: store: inmemory + limits_config: + ingestion_rate_mb: 1000 + ingestion_burst_size_mb: 10000 + max_global_streams_per_user: 0 + per_stream_rate_limit: 100MB + per_stream_rate_limit_burst: 1000MB [[ if eq .station "dev" ]] distributor: diff --git a/infra/station/README.md b/infra/station/README.md new file mode 100644 index 0000000000000000000000000000000000000000..763727cea729a3fe4a114d1865046069df65e023 --- /dev/null +++ b/infra/station/README.md @@ -0,0 +1,102 @@ +# LCU installation + +## Base system + +The base system is installed using [debian preseeding](https://wiki.debian.org/DebianInstaller/Preseed). +The setup is rather simple. The following settings are applied during installation: +* system user lcuadmin is created +* openssh-server is installed +* custom disk partitioning is used + +The full configuration can be found in the `preseed.cfg` in the debian directory. + +### Partitioning + +| dev | size | type | mount | +|----------------|--------|------|-----------| +| /dev/nvme0n1p1 | 1 GiB | EFI | /boot/efi | +| /dev/nvme0n1p2 | 1 GiB | ext4 | /boot | +| /dev/nvme0n1p3 | 100% | lvm | vg0 | +| /dev/vg0/root | 50 GiB | ext4 | / | +| /dev/vg0/home | 10 GiB | ext4 | /home | +| /dev/vg0/swap | 8 GiB | swap | | + +## Installation + +The software of the LCU is installed using ansible. + +The following playbooks have to be applied: + +#### base.yml + +Copies ssh keys, sets a new user password for lcuadmin and disables password login for ssh. + +#### consul.yml + +Installs the consul server and applies configuration to connect to the central consul datacenter. + +Configures dnsmasq as the primary DNS server for the OS and to forward `.consul` queries to the consul DNS server + +Creates a role on the central Vault to allow the consul server to sign TLS certificates used for mTLS inter-service configuration + +#### nomad.yml +Installs the nomad server as well as docker and the required CNI plugins + +Increases settings for inotify and the UDP max receive buffer size + +Alters the nomad server to allow memory over-subscription + +Deploys nomads own consul agent to join the consul datacenter + +#### ovs.yml +Installs OVS on the host system + +Configures the internal network interface(s) to be part of the ovs bridge + +Installs and configures the [ovs CNI plugin](https://github.com/k8snetworkplumbingwg/ovs-cni) + +#### time.yml +Installs and configures chrony as a NTP server + +Sets the timezone to UTC + +### Run a playbook +Create a file `ansible.cfg` with the content +```ini +[defaults] +host_key_checking = False +inventory = hosts.yaml +``` + +Create a file `hosts.yaml` with the content +```yaml +station: + hosts: + <station>: + ansible_host: lcu.<station>.lofar + station_name: <station> +vault: + hosts: + monitor: + ansible_host: monitor.control.lofar +all: + vars: + consul_vault_token: "<token>" + nomad_encrypt: "<encrypt key>" + nomad_vault_token: "<token>" + ansible_user: lcuadmin + consul_encrypt: "<encrypt key>>" + volume_group: vg0 + eth: + - enp1s0f0 + - enp1s0f1 + dns_servers: + - 10.149.64.20 + - 10.149.64.21 + +``` + +Run +```bash +ansible-playbook -v <playbook>.yml +``` diff --git a/infra/station/base.yml b/infra/station/base.yml new file mode 100644 index 0000000000000000000000000000000000000000..9388b11ca2ba8cc197fc360835cabc4676dd56d8 --- /dev/null +++ b/infra/station/base.yml @@ -0,0 +1,48 @@ +--- +- name: setup base system + hosts: station + remote_user: root + become: true + become_user: root + tasks: + - name: install packages + apt: + pkg: + - htop + update_cache: yes + state: present + + - name: Set a hostname specifying strategy + hostname: + name: "{{ station_name }}c" + + - name: Set up multiple authorized keys + ansible.posix.authorized_key: + user: lcuadmin + state: present + key: '{{ item }}' + with_file: + - public_keys/mol + - public_keys/feldt + - public_keys/lukken + + - name: Create sudoers + copy: + content: 'lcuadmin ALL=(ALL)NOPASSWD: ALL' + dest: /etc/sudoers.d/lcuadmin +# +# - name: Set lcuadmin password +# user: +# name: lcuadmin +# password: "{{ lcu_admin_password }}" +# +# - name: disable sshd password login +# copy: +# content: 'PasswordAuthentication no' +# dest: /etc/ssh/sshd_config.d/no-passwd.conf +# +# - name: Restart sshd +# service: +# name: ssh +# enabled: true +# state: restarted diff --git a/infra/station/cni/nftables.conf.j2 b/infra/station/cni/nftables.conf.j2 index c225e786230d88cab4ac213a95e1b848f69d51ef..70cccadccf8b0e850dbc8400c225120a88dd64d8 100644 --- a/infra/station/cni/nftables.conf.j2 +++ b/infra/station/cni/nftables.conf.j2 @@ -9,6 +9,6 @@ table ip ovs_nat { chain postrouting { type nat hook postrouting priority srcnat; policy accept; - oifname "{{ eth_ext }}" masquerade + oifname "ctrl0" masquerade } } diff --git a/infra/station/cni/stationnet.conflist b/infra/station/cni/stationnet.conflist index 07dcff35ebf26a73cb73b43ae987f774fbc6150d..783647ecc45653a352de45a51b1061e549fa780b 100644 --- a/infra/station/cni/stationnet.conflist +++ b/infra/station/cni/stationnet.conflist @@ -5,11 +5,11 @@ { "type": "ovs", "bridge": "br0", - "interface_type": "system", "configuration_path": "/opt/cni/net.d/ovs.d/ovs.conf", "isDefaultGateway": true, "ipMasq": true, "hairpinMode": true, + "vlan": 999, "mtu": 9000, "ipam": { "type": "host-local", @@ -21,6 +21,9 @@ { "dst": "0.0.0.0/0" } ] } + }, + { + "type": "firewall" } ] } diff --git a/infra/station/consul/consul.hcl.j2 b/infra/station/consul/consul.hcl.j2 index 8b2ea274d1931381bcc04708cb4f7661a4d1df73..7fa0d98314a0331999943a92cb82026eb9125aa9 100644 --- a/infra/station/consul/consul.hcl.j2 +++ b/infra/station/consul/consul.hcl.j2 @@ -5,12 +5,12 @@ encrypt = "{{ consul_encrypt }}" data_dir = "/opt/consul" bind_addr = "0.0.0.0" -client_addr = "10.99.250.250 {{ '{{' }} GetInterfaceIP \"{{ eth_ext }}\" {{ '}}' }} 127.0.0.1" +client_addr = "10.99.250.250 {{ '{{' }} GetInterfaceIP \"ctrl0\" {{ '}}' }} 127.0.0.1" advertise_addr = "10.99.250.250" retry_join = ["127.0.0.1"] -serf_wan = "{{ '{{' }} GetInterfaceIP \"{{ eth_ext }}\" {{ '}}' }}" -#advertise_addr_wan = "{{ '{{' }} GetInterfaceIP \"{{ eth_ext }}\" {{ '}}' }}" +serf_wan = "{{ '{{' }} GetInterfaceIP \"ctrl0\" {{ '}}' }}" +#advertise_addr_wan = "{{ '{{' }} GetInterfaceIP \"ctrl0\" {{ '}}' }}" primary_gateways = [ "mesh-gateway.central.lofar.net:8443" ] bootstrap=true @@ -50,7 +50,7 @@ telemetry { services { name = "white-rabbit-snmp" id = "white-rabbit-snmp" - address = "10.151.1.20" + address = "10.151.68.20" port = 161 tags = ["snmp-scrape"] meta = { diff --git a/infra/station/debian/grub/grub.cfg b/infra/station/debian/grub/grub.cfg new file mode 100644 index 0000000000000000000000000000000000000000..75b94c7d6ed89b5cf026dcfaa2758f0746c5dc15 --- /dev/null +++ b/infra/station/debian/grub/grub.cfg @@ -0,0 +1,37 @@ +if [ x$feature_default_font_path = xy ] ; then + font=unicode +else + font=$prefix/font.pf2 +fi + +if loadfont $font ; then + set gfxmode=800x600 + set gfxpayload=keep + insmod efi_gop + insmod efi_uga + insmod video_bochs + insmod video_cirrus + insmod gfxterm + insmod png + terminal_output gfxterm +fi + +if background_image /isolinux/splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +elif background_image /splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue +fi + +insmod play +play 960 440 1 0 4 440 1 +set theme=/boot/grub/theme/1 +menuentry --hotkey=a 'Automated install' { + set background_color=black + linux /install.amd/vmlinuz auto=true url=file://cdrom/preseed.cfg priority=critical vga=788 --- quiet + initrd /install.amd/initrd.gz +} diff --git a/infra/station/debian/isolinux/auto.cfg b/infra/station/debian/isolinux/auto.cfg new file mode 100644 index 0000000000000000000000000000000000000000..ab939fc618e66bdf192fbf4a3294a0b862e41a9a --- /dev/null +++ b/infra/station/debian/isolinux/auto.cfg @@ -0,0 +1,4 @@ +label autodark + menu label ^Automated LCU install + kernel /install.amd/vmlinuz + append auto=true url=file://cdrom/preseed.cfg priority=critical vga=788 initrd=/install.amd/initrd.gz theme=dark --- quiet diff --git a/infra/station/debian/isolinux/menu.cfg b/infra/station/debian/isolinux/menu.cfg new file mode 100644 index 0000000000000000000000000000000000000000..43e0e87e8764cad7fde8ef4ef590a50e2da5bc8b --- /dev/null +++ b/infra/station/debian/isolinux/menu.cfg @@ -0,0 +1,55 @@ +menu hshift 4 +menu width 70 + +menu title Debian GNU/Linux installer menu (BIOS mode) +include stdmenu.cfg +include auto.cfg +include txt.cfg +menu begin advanced + menu label ^Advanced options + menu title Advanced options + include stdmenu.cfg + label mainmenu + menu label ^Back.. + menu exit + include adgtk.cfg + include adtxt.cfg + include adspkgtk.cfg + include adspk.cfg +menu end +menu begin dark + menu label Accessible ^dark contrast installer menu + menu title Accessible dark contrast option + include drkmenu.cfg + label mainmenu + menu label ^Back.. + menu exit + include drkgtk.cfg + include drk.cfg + menu begin advanced + menu label ^Advanced options + menu title Advanced options + include drkmenu.cfg + label mainmenu + menu label ^Back.. + menu exit + include addrkgtk.cfg + include addrk.cfg + menu end + include x86drkme.cfg + label help + menu label ^Help + text help + Display help screens; type 'menu' at boot prompt to return to this menu + endtext + config prompt.cfg +menu end +include x86menu.cfg +label help + menu label ^Help + text help + Display help screens; type 'menu' at boot prompt to return to this menu + endtext + config prompt.cfg +include spkgtk.cfg +include spk.cfg diff --git a/infra/station/debian/preseed.cfg b/infra/station/debian/preseed.cfg new file mode 100644 index 0000000000000000000000000000000000000000..9d888f1b1fcae487a611f77face6748d529415a7 --- /dev/null +++ b/infra/station/debian/preseed.cfg @@ -0,0 +1,396 @@ +#_preseed_V1 +#### Contents of the preconfiguration file (for bookworm) +### Localization +# Preseeding only locale sets language, country and locale. +#d-i debian-installer/locale string en_US + +# The values can also be preseeded individually for greater flexibility. +d-i debian-installer/language string en +d-i debian-installer/country string NL +d-i debian-installer/locale string en_US.UTF-8 +# Optionally specify additional locales to be generated. +#d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8 + +# Keyboard selection. +d-i keyboard-configuration/xkb-keymap select us +# d-i keyboard-configuration/toggle select No toggling + +### Network configuration +# Disable network configuration entirely. This is useful for cdrom +# installations on non-networked devices where the network questions, +# warning and long timeouts are a nuisance. +#d-i netcfg/enable boolean false + +# netcfg will choose an interface that has link if possible. This makes it +# skip displaying a list if there is more than one interface. +d-i netcfg/choose_interface select auto + +# To pick a particular interface instead: +d-i netcfg/choose_interface select enp1s0f0 + +# To set a different link detection timeout (default is 3 seconds). +# Values are interpreted as seconds. +d-i netcfg/link_wait_timeout string 10 + +# If you have a slow dhcp server and the installer times out waiting for +# it, this might be useful. +d-i netcfg/dhcp_timeout string 60 +d-i netcfg/dhcpv6_timeout string 60 + +# Automatic network configuration is the default. +# If you prefer to configure the network manually, uncomment this line and +# the static network configuration below. +#d-i netcfg/disable_autoconfig boolean true + +# If you want the preconfiguration file to work on systems both with and +# without a dhcp server, uncomment these lines and the static network +# configuration below. +#d-i netcfg/dhcp_failed note +#d-i netcfg/dhcp_options select Configure network manually + +# Static network configuration. +# +# IPv4 example +#d-i netcfg/get_ipaddress string 192.168.1.42 +#d-i netcfg/get_netmask string 255.255.255.0 +#d-i netcfg/get_gateway string 192.168.1.1 +#d-i netcfg/get_nameservers string 192.168.1.1 +#d-i netcfg/confirm_static boolean true +# +# IPv6 example +#d-i netcfg/get_ipaddress string fc00::2 +#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff:: +#d-i netcfg/get_gateway string fc00::1 +#d-i netcfg/get_nameservers string fc00::1 +#d-i netcfg/confirm_static boolean true + +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +#d-i netcfg/get_hostname string unassigned-hostname +#d-i netcfg/get_domain string unassigned-domain + +# If you want to force a hostname, regardless of what either the DHCP +# server returns or what the reverse DNS entry for the IP is, uncomment +# and adjust the following line. +d-i netcfg/hostname string lcu-install +d-i netcfg/domain string control.lofar + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string + +# If non-free firmware is needed for the network or other hardware, you can +# configure the installer to always try to load it, without prompting. Or +# change to false to disable asking. +d-i hw-detect/load_firmware boolean true + +### Network console +# Use the following settings if you wish to make use of the network-console +# component for remote installation over SSH. This only makes sense if you +# intend to perform the remainder of the installation manually. +#d-i anna/choose_modules string network-console +#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key +#d-i network-console/password password r00tme +#d-i network-console/password-again password r00tme + +### Mirror settings +# Mirror protocol: +# If you select ftp, the mirror/country string does not need to be set. +# Default value for the mirror protocol: http. +d-i mirror/protocol string ftp +#d-i mirror/country string manual +d-i mirror/http/hostname string ftp.nl.debian.org +d-i mirror/http/directory string /debian +#d-i mirror/http/proxy string + +# Suite to install. +#d-i mirror/suite string testing +# Suite to use for loading installer components (optional). +#d-i mirror/udeb/suite string testing + +### Account setup +# Skip creation of a root account (normal user account will be able to +# use sudo). +d-i passwd/root-login boolean false +# Alternatively, to skip creation of a normal user account. +#d-i passwd/make-user boolean false + +d-i passwd/user-fullname string lcuadmin +d-i passwd/username string lcuadmin +d-i passwd/user-password password Start123 +d-i passwd/user-password-again password Start123 +# Root password, either in clear text +#d-i passwd/root-password password Start123 +#d-i passwd/root-password-again password Start123 +# or encrypted using a crypt(3) hash. +#d-i passwd/root-password-crypted password [crypt(3) hash] + +# To create a normal user account. +#d-i passwd/user-fullname string Debian User +#d-i passwd/username string debian +# Normal user's password, either in clear text +#d-i passwd/user-password password insecure +#d-i passwd/user-password-again password insecure +# or encrypted using a crypt(3) hash. +#d-i passwd/user-password-crypted password [crypt(3) hash] +# Create the first user with the specified UID instead of the default. +#d-i passwd/user-uid string 1010 + +# The user account will be added to some standard initial groups. To +# override that, use this. +#d-i passwd/user-default-groups string audio cdrom video + +### Clock and time zone setup +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string Europe/Amsterdam + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +d-i clock-setup/ntp-server string ntp1.control.lofar + +### Partitioning +d-i partman-auto/disk string /dev/nvme0n1 +d-i partman-auto/method string lvm + +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-lvm/device_remove_lvm boolean true + +d-i partman-auto/choose_recipe select boot-root +d-i partman-auto-lvm/new_vg_name string vg0 + +d-i partman-efi/non_efi_system boolean true +d-i partman-partitioning/choose_label select gpt +d-i partman-partitioning/default_label string gpt + +d-i partman/choose_partition select finish + +d-i partman-basicfilesystems/no_mount_point boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 1024 1024 1024 fat32 \ + $iflabel{ gpt } \ + $primary{ } \ + method{ efi } \ + format{ } \ + . \ + 1024 1024 1024 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /boot } \ + . \ + 500 10000 1000000000 free \ + $defaultignore{ } \ + $primary{ } \ + method{ lvm } \ + vg_name{ vg0 } \ + . \ + 8192 8192 8192 linux-swap \ + $lvmok{ } \ + in_vg{ vg0 } \ + lv_name{ swap } \ + method{ swap } \ + format{ } \ + . \ + 51200 51200 51200 ext4 \ + $lvmok{ } \ + in_vg{ vg0 } \ + lv_name{ root } \ + method{ format } \ + format{ } \ + use_filesystem{ } \ + filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 10240 10240 10240 ext4 \ + $lvmok{ } \ + in_vg{ vg0 } \ + lv_name{ home } \ + method{ format } \ + format{ } \ + use_filesystem{ } \ + filesystem{ ext4 } \ + mountpoint{ /home } \ + . + + +## Controlling how partitions are mounted +# The default is to mount by UUID, but you can also choose "traditional" to +# use traditional device names, or "label" to try filesystem labels before +# falling back to UUIDs. +#d-i partman/mount_style select uuid + +### Base system installation +# Configure APT to not install recommended packages by default. Use of this +# option can result in an incomplete system and should only be used by very +# experienced users. +#d-i base-installer/install-recommends boolean false + +# The kernel image (meta) package to be installed; "none" can be used if no +# kernel is to be installed. +#d-i base-installer/kernel/image string linux-image-686 + +### Apt setup +# Choose, if you want to scan additional installation media +# (default: false). +d-i apt-setup/cdrom/set-first boolean false +# You can choose to install non-free firmware. +d-i apt-setup/non-free-firmware boolean true +# You can choose to install non-free and contrib software. +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true +# Uncomment the following line, if you don't want to have the sources.list +# entry for a DVD/BD installation image active in the installed system +# (entries for netinst or CD images will be disabled anyway, regardless of +# this setting). +#d-i apt-setup/disable-cdrom-entries boolean true +# Uncomment this if you don't want to use a network mirror. +d-i apt-setup/use_mirror boolean false +# Select which update services to use; define the mirrors to be used. +# Values shown below are the normal defaults. +#d-i apt-setup/services-select multiselect security, updates +#d-i apt-setup/security_host string security.debian.org + +# Additional repositories, local[0-9] available +#d-i apt-setup/local0/repository string \ +# http://local.server/debian stable main +#d-i apt-setup/local0/comment string local server +# Enable deb-src lines +#d-i apt-setup/local0/source boolean true +# URL to the public key of the local repository; you must provide a key or +# apt will complain about the unauthenticated repository and so the +# sources.list line will be left commented out. +#d-i apt-setup/local0/key string http://local.server/key +# or one can provide it in-line by base64 encoding the contents of the +# key file (with `base64 -w0`) and specifying it thus: +#d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo= +# The content of the key file is checked to see if it appears to be ASCII-armoured. +# If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension. +# "keybox database" format is currently not supported. (see generators/60local in apt-setup's source) + +# By default the installer requires that repositories be authenticated +# using a known gpg key. This setting can be used to disable that +# authentication. Warning: Insecure, not recommended. +#d-i debian-installer/allow_unauthenticated boolean true + +# Uncomment this to add multiarch configuration for i386 +#d-i apt-setup/multiarch string i386 + + +### Package selection +#tasksel tasksel/first multiselect standard, openssh-server + +# Or choose to not get the tasksel dialog displayed at all (and don't install +# any packages): +d-i pkgsel/run_tasksel boolean false + +# Individual additional packages to install +d-i pkgsel/include string openssh-server sudo +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select full-upgrade + +# You can choose, if your system will report back on what software you have +# installed, and what software you use. The default is not to report back, +# but sending reports helps the project determine what software is most +# popular and should be included on the first CD/DVD. +#popularity-contest popularity-contest/participate boolean false + +### Boot loader installation +# Grub is the boot loader (for x86). + +# This is fairly safe to set, it makes grub install automatically to the UEFI +# partition/boot record if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the UEFI partition/boot record, if +# it also finds some other OS, which is less safe as it might not be able to +# boot that other OS. +d-i grub-installer/with_other_os boolean false + +# Due notably to potential USB sticks, the location of the primary drive can +# not be determined safely in general, so this needs to be specified: +#d-i grub-installer/bootdev string /dev/sda +# To install to the primary device (assuming it is not a USB stick): +d-i grub-installer/bootdev string default + +# Alternatively, if you want to install to a location other than the UEFI +# parition/boot record, uncomment and edit these lines: +#d-i grub-installer/only_debian boolean false +#d-i grub-installer/with_other_os boolean false +#d-i grub-installer/bootdev string (hd0,1) +# To install grub to multiple disks: +#d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1) + +# Optional password for grub, either in clear text +#d-i grub-installer/password password r00tme +#d-i grub-installer/password-again password r00tme +# or encrypted using an MD5 hash, see grub-md5-crypt(8). +#d-i grub-installer/password-crypted password [MD5 hash] + +# Use the following option to add additional boot parameters for the +# installed system (if supported by the bootloader installer). +# Note: options passed to the installer will be added automatically. +#d-i debian-installer/add-kernel-opts string nousb + +### Finishing up the installation +# During installations from serial console, the regular virtual consoles +# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next +# line to prevent this. +#d-i finish-install/keep-consoles boolean true + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This will prevent the installer from ejecting the CD during the reboot, +# which is useful in some situations. +#d-i cdrom-detect/eject boolean false + +# This is how to make the installer shutdown when finished, but not +# reboot into the installed system. +#d-i debian-installer/exit/halt boolean true +# This will power off the machine instead of just halting it. +#d-i debian-installer/exit/poweroff boolean true + +### Preseeding other packages +# Depending on what software you choose to install, or if things go wrong +# during the installation process, it's possible that other questions may +# be asked. You can preseed those too, of course. To get a list of every +# possible question that could be asked during an install, do an +# installation, and then run these commands: +# debconf-get-selections --installer > file +# debconf-get-selections >> file + + +#### Advanced options +### Running custom commands during the installation +# d-i preseeding is inherently not secure. Nothing in the installer checks +# for attempts at buffer overflows or other exploits of the values of a +# preconfiguration file like this one. Only use preconfiguration files from +# trusted locations! To drive that home, and because it's generally useful, +# here's a way to run any shell command you'd like inside the installer, +# automatically. + +# This first command is run as early as possible, just after +# preseeding is read. +#d-i preseed/early_command string anna-install some-udeb +# This command is run immediately before the partitioner starts. It may be +# useful to apply dynamic partitioner preseeding that depends on the state +# of the disks (which may not be visible when preseed/early_command runs). +#d-i partman/early_command \ +# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. +#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh diff --git a/infra/station/docker/daemon.json.j2 b/infra/station/docker/daemon.json.j2 new file mode 100644 index 0000000000000000000000000000000000000000..660a5c84c41cf6653a67e014894f9fe0bc48ad54 --- /dev/null +++ b/infra/station/docker/daemon.json.j2 @@ -0,0 +1,3 @@ +{ + "registry-mirrors": ["https://docker.lofar.net"] +} diff --git a/infra/station/ipmi-metrics.yml b/infra/station/ipmi-metrics.yml new file mode 100644 index 0000000000000000000000000000000000000000..7df9001eeb9b748ba895055f8b4b7e08c4fdd72c --- /dev/null +++ b/infra/station/ipmi-metrics.yml @@ -0,0 +1,42 @@ +--- +- name: setup ipmi scraping + hosts: station + remote_user: root + become: true + become_user: root + tasks: + - name: install packages + apt: + pkg: + - prometheus-ipmi-exporter + - freeipmi-tools + update_cache: yes + state: present + - name: copy prometheus-ipmi config + template: + src: ipmi/ipmi.yml + dest: /etc/prometheus/ipmi.yml + - name: copy prometheus-ipmi config + template: + src: ipmi/default + dest: /etc/default/prometheus-ipmi-exporter + - name: copy sudoers + template: + src: ipmi/prometheus.sudoers + dest: /etc/sudoers.d/prometheus + - name: copy lcu-ipmi-service.hcl + template: + src: ipmi/lcu-ipmi-service.hcl + dest: /etc/consul.d/lcu-ipmi-service.hcl + + - name: Start prometheus-ipmi-exporter.service + ansible.builtin.service: + name: prometheus-ipmi-exporter.service + state: restarted + enabled: yes + - name: Reload consul.service + ansible.builtin.service: + name: consul.service + state: reloaded + + diff --git a/infra/station/ipmi/default b/infra/station/ipmi/default new file mode 100644 index 0000000000000000000000000000000000000000..a45667dff92a84e7dff8ebe382c1effd0bece569 --- /dev/null +++ b/infra/station/ipmi/default @@ -0,0 +1,15 @@ +ARGS="--config.file=/etc/prometheus/ipmi.yml" + +# prometheus-ipmi-exporter supports the following options: +# +# --config.file=CONFIG.FILE +# Path to configuration file. +# --freeipmi.path="/usr/sbin" +# Path to FreeIPMI executables. +# --log.level=info +# Only log messages with the given severity or above. One of: [debug, info, +# warn, error] +# --log.format=logfmt +# Output format of log messages. One of: [logfmt, json] +# --web.listen-address=":9290" +# Address to listen on for web interface and telemetry. diff --git a/infra/station/ipmi/ipmi.yml b/infra/station/ipmi/ipmi.yml new file mode 100644 index 0000000000000000000000000000000000000000..fe1eebd811fd5f46552809ac59fc56b8b7870e52 --- /dev/null +++ b/infra/station/ipmi/ipmi.yml @@ -0,0 +1,27 @@ +modules: + default: + # Available collectors are bmc, ipmi, chassis, dcmi, sel, and sm-lan-mode + collectors: + - bmc + - ipmi + - dcmi + - sel + # Got any sensors you don't care about? Add them here. + collector_cmd: + ipmi: ../bin/sudo + bmc: ../bin/sudo + dcmi: ../bin/sudo + sel: ../bin/sudo + custom_args: + ipmi: + - "ipmimonitoring" + bmc: + - "bmc-info" + dcmi: + - "ipmi-dcmi" + sel: + - "ipmi-sel" + exclude_sensor_ids: + - 2 + - 29 + - 32 diff --git a/infra/station/ipmi/lcu-ipmi-service.hcl b/infra/station/ipmi/lcu-ipmi-service.hcl new file mode 100644 index 0000000000000000000000000000000000000000..f25d24fd4b2c761da41eac06d79334790a4e1568 --- /dev/null +++ b/infra/station/ipmi/lcu-ipmi-service.hcl @@ -0,0 +1,7 @@ +services { + name = "lcu-ipmi" + id = "lcu-ipmi" + address = "10.99.250.250" + port = 9290 + tags = ["scrape"] +} diff --git a/infra/station/ipmi/prometheus.sudoers b/infra/station/ipmi/prometheus.sudoers new file mode 100644 index 0000000000000000000000000000000000000000..88aa2a50ed956a6d88d75401b0615ae627d67006 --- /dev/null +++ b/infra/station/ipmi/prometheus.sudoers @@ -0,0 +1,7 @@ +prometheus ALL = NOPASSWD: /usr/sbin/ipmimonitoring,\ + /usr/sbin/ipmi-sensors,\ + /usr/sbin/ipmi-dcmi,\ + /usr/sbin/ipmi-raw,\ + /usr/sbin/bmc-info,\ + /usr/sbin/ipmi-chassis,\ + /usr/sbin/ipmi-sel diff --git a/infra/station/logging-journald.nomad b/infra/station/logging-journald.nomad new file mode 100644 index 0000000000000000000000000000000000000000..e599dc361a0fb9b62cfb66cb2ed16c3d9c86b0e5 --- /dev/null +++ b/infra/station/logging-journald.nomad @@ -0,0 +1,133 @@ +job "log-scraping-journald" { + datacenters = ["stat"] + type = "system" + + update { + min_healthy_time = "10s" + healthy_deadline = "5m" + progress_deadline = "10m" + auto_revert = true + } + + group "vector" { + count = 1 + restart { + attempts = 3 + interval = "10m" + delay = "30s" + mode = "delay" + } + network { + mode = "bridge" + port "api" { + to = 8686 + host_network = "station" + } + } + + task "vector" { + driver = "raw_exec" + artifact { + source = "https://packages.timber.io/vector/0.39.0/vector-0.39.0-x86_64-unknown-linux-gnu.tar.gz" + } + config { + command = "vector-x86_64-unknown-linux-gnu/bin/vector" + } + # Vector won't start unless the sinks(backends) configured are healthy + env { + VECTOR_CONFIG = "local/vector.toml" + VECTOR_REQUIRE_HEALTHY = "true" + } + # resource limits are a good idea because you don't want your log collection to consume all resources available + resources { + cpu = 512 + memory = 1024 + } + # template with Vector's configuration + template { + destination = "local/vector.toml" + change_mode = "signal" + change_signal = "SIGHUP" + left_delimiter = "((" + right_delimiter = "))" + data = <<EOF +data_dir = "local/" +healthchecks.require_healthy = true + +[api] + enabled = true + address = "0.0.0.0:8686" + playground = false + +[sources.journald] + type = "journald" +# [transforms.journald-flags] +# inputs = ["journald"] +# type = "remap" +# source = ''' +# # parse_key_value only supports \", not a literal \n, so we replace them with actual newlines instead. +# .message = replace!(.message,"\\n","\n") +# +# # parse trying various formats +# structured = +# parse_syslog(.message) ?? +# parse_json(.message) ?? +# parse_common_log(.message) ?? +# parse_key_value!(.message, whitespace: "strict") +# . = merge!(., structured) +# +# # unify fields across formats +# .message = .msg || .message +# .timestamp = parse_timestamp(.ts, "%F %T,%3f") ?? .timestamp +# .level = downcase!(.level || "info") +# +# # hard limit on message size to prevent explosion +# .message = truncate!(.message, limit: 8192, ellipsis: true) +# +# # delete labels that vary too much or are duplicates +# del(.label) +# del(.ts) +# del(.msg) +# +# # labels from the docker_logs source that will vary way too much +# del(.host) +# ''' +[sinks.loki] + type = "loki" + inputs = [ "journald" ] + endpoint = "http://loki.service.consul:3100" + encoding.codec = "json" + healthcheck.enabled = true + out_of_order_action = "accept" + batch.max_bytes = 4194304 +[sinks.loki.labels] + "source" = 'journald' +# [sinks.loki_central] +# type = "loki" +# inputs = [ "journald" ] +# tenant_id = "lofar" +# endpoint = "http://logs.service.lofar-central.consul:3100" +# encoding.codec = "json" +# healthcheck.enabled = true +# remove_label_fields = true +# out_of_order_action = "accept" +# batch.max_bytes = 4194304 +# [sinks.loki_central.labels] +# "station" = '[[.station]]' +# "nomad_*" = '{{ nomad }}' + +EOF + } + service { + check { + port = "api" + type = "http" + path = "/health" + interval = "30s" + timeout = "5s" + } + } + kill_timeout = "30s" + } + } +} diff --git a/infra/station/nomad.yml b/infra/station/nomad.yml index aa9d8c36f16bded8db48ed4a5425502fac8f192a..5f9154b397524d39db3b49535fe7d3404954aacf 100644 --- a/infra/station/nomad.yml +++ b/infra/station/nomad.yml @@ -24,6 +24,8 @@ pkg: - nomad - docker.io + - wget + - jq update_cache: yes state: present - name: create directory if they don't exist @@ -57,12 +59,52 @@ state: directory mode: '0755' + - name: Install CNI config + block: + - ansible.builtin.get_url: + url: https://github.com/k8snetworkplumbingwg/ovs-cni/releases/download/v0.32.0/ovs + dest: /opt/cni/bin/ovs + mode: 0775 + - ansible.builtin.file: + path: /opt/cni/config + state: directory + mode: '0755' + - ansible.builtin.file: + path: /opt/cni/net.d/ovs.d + state: directory + mode: '0755' + - ansible.builtin.copy: + src: cni/stationnet.conflist + dest: /opt/cni/config/stationnet.conflist + - ansible.builtin.copy: + src: cni/ovs.conf + dest: /opt/cni/net.d/ovs.d/ovs.conf + - service: + name: nomad + state: restarted - name: configure nomad ansible.builtin.template: src: nomad/nomad.hcl.j2 dest: /etc/nomad.d/nomad.hcl + - name: configure docker + ansible.builtin.template: + src: docker/daemon.json.j2 + dest: /etc/docker/daemon.json + + - service: + name: docker + state: reloaded + + - name: copy station-control service + copy: + src: nomad/station-control.service + dest: /etc/systemd/system/ + + - name: start consul-template + systemd: state=started name=consul-template daemon_reload=yes + - ansible.posix.sysctl: name: fs.inotify.max_user_instances value: '1024' @@ -78,7 +120,7 @@ value: '16777216' state: present - - name: Start docker + - name: Start nomad ansible.builtin.service: name: nomad state: started @@ -90,17 +132,23 @@ state: started enabled: yes + - name: Start station-control + ansible.builtin.service: + name: station-control + state: started + enabled: yes + - name: deploy consul agent hosts: station connection: ssh gather_facts: true tasks: - - name: Lookup ansible_hostname in getent database - command: - argv: - - data=$(wget -qO- http://localhost:4646/v1/operator/scheduler/configuration | jq '.SchedulerConfig | .MemoryOversubscriptionEnabled=true') - - wget --method=PUT --body-data="$data" -qO- http://localhost:4646/v1/operator/scheduler/configuration - register: result +# - name: Lookup ansible_hostname in getent database +# command: +# argv: +# - data=$(wget -qO- http://localhost:4646/v1/operator/scheduler/configuration | jq '.SchedulerConfig | .MemoryOversubscriptionEnabled=true') +# - wget --method=PUT --body-data="$data" -qO- http://localhost:4646/v1/operator/scheduler/configuration +# register: result - name: Lookup ansible_hostname in getent database command: argv: diff --git a/infra/station/nomad/nomad.hcl.j2 b/infra/station/nomad/nomad.hcl.j2 index b39cace4450c42910986a37951ac0d1d665dc084..7d88b0771d2147bd01e9eb1d8f043d91c0099e14 100644 --- a/infra/station/nomad/nomad.hcl.j2 +++ b/infra/station/nomad/nomad.hcl.j2 @@ -8,6 +8,9 @@ server { enabled = true bootstrap_expect = 1 encrypt = "{{ nomad_encrypt }}" + server_join { + retry_join = [ "nomad.service.lofar-central.consul" ] + } } limits { @@ -19,9 +22,12 @@ client { enabled = true servers = ["127.0.0.1"] cni_path = "/opt/cni/bin" - network_interface = "br0" + network_interface = "stat0" host_network "external" { - interface = "{{ eth_ext }}" + interface = "ctrl0" + } + host_network "data" { + interface = "data0" } host_network "default" { cidr = "10.99.0.0/16" @@ -74,9 +80,9 @@ client { } advertise { - http = "{{ '{{' }} GetInterfaceIP \"{{ eth_ext }}\" {{ '}}' }}" - rpc = "{{ '{{' }} GetInterfaceIP \"{{ eth_ext }}\" {{ '}}' }}" - serf = "{{ '{{' }} GetInterfaceIP \"{{ eth_ext }}\" {{ '}}' }}" + http = "{{ '{{' }} GetInterfaceIP \"ctrl0\" {{ '}}' }}" + rpc = "{{ '{{' }} GetInterfaceIP \"ctrl0\" {{ '}}' }}" + serf = "{{ '{{' }} GetInterfaceIP \"ctrl0\" {{ '}}' }}" } telemetry { diff --git a/infra/station/nomad/station-control.service b/infra/station/nomad/station-control.service new file mode 100644 index 0000000000000000000000000000000000000000..81d055ec741cbf57784ab5522583f7a5f0473fce --- /dev/null +++ b/infra/station/nomad/station-control.service @@ -0,0 +1,14 @@ +[Unit] +Description=station-control +After=nomad.service docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/nomad node eligibility -self -enable +ExecStop=/usr/bin/nomad node drain -self -enable -deadline "30s" -detach -yes +User=nomad +Group=nomad + +[Install] +WantedBy=multi-user.target diff --git a/infra/station/ovs.yml b/infra/station/ovs.yml index 8c61dfe6a83048819d1ae75f75ea112f3fae52a7..ea7aa18fe7d0b40fa9410e4b4206f89f97aacc71 100644 --- a/infra/station/ovs.yml +++ b/infra/station/ovs.yml @@ -5,34 +5,70 @@ become: true become_user: root tasks: - - name: add interface config + - name: install packages + apt: + pkg: + - openvswitch-switch + - openvswitch-common + - nftables + # debug tooling + - tcpdump + - jnettop + - ngrep + - bettercap + - tshark + update_cache: yes + state: present + + - name: add station interface config notify: networking changed copy: - dest: /etc/network/interfaces.d/br0 + dest: /etc/network/interfaces.d/stat0 mode: 0644 content: > - auto br0 + auto stat0 - iface br0 inet static - pre-up ip link set dev {{eth_int}} up + iface stat0 inet static + {% for nic in eth %} + pre-up ip link set dev {{nic}} up + {% endfor %} address 10.99.250.250/16 - post-up ip link set {{eth_int}} mtu 9000 - post-down ip link set dev {{eth_int}} down + {% for nic in eth %} + post-up ip link set {{nic}} mtu 9000 + {% endfor %} + - name: add ctrl interface config + notify: networking changed + copy: + dest: /etc/network/interfaces.d/ctrl0 + mode: 0644 + content: > + auto ctrl0 + + iface ctrl0 inet static + {% for nic in eth %} + pre-up ip link set dev {{nic}} up + {% endfor %} + address {{ ctrl_ip }}/13 + gateway {{ gateway_ip }} + {% for nic in eth %} + post-up ip link set {{nic}} mtu 9000 + {% endfor %} +# - name: add data interface config +# notify: networking changed +# copy: +# dest: /etc/network/interfaces.d/data0 +# mode: 0644 +# content: > +# auto data0 +# +# iface data0 inet static +# address {{ data_ip }} - ansible.posix.sysctl: name: net.core.rmem_max value: '16777216' state: present - - name: install packages - apt: - pkg: - - openvswitch-switch - - openvswitch-common - - nftables - update_cache: yes - state: present - - name: run ovsdb-server systemd: name: ovsdb-server @@ -43,20 +79,45 @@ name: ovs-vswitchd enabled: yes state: started + - openvswitch.openvswitch.openvswitch_bridge: bridge: br0 - #set: "set-controller br0 ptcp:" set: "int br0 mtu_request=9000" state: present - #- openvswitch.openvswitch.openvswitch_port: - # bridge: br0 - # port: "{{ eth_ext }}" - # state: present - - openvswitch.openvswitch.openvswitch_port: + + - name: active-backup bond on eth_ext + openvswitch.openvswitch.openvswitch_bond: bridge: br0 - port: "{{ eth_int }}" + port: bond0 + bond_mode: balance-tcp + interfaces: "{{eth}}" + lacp: active + other_config: + lacp-fallback-ab: 'true' state: present + - openvswitch.openvswitch.openvswitch_bridge: + bridge: data0 + parent: br0 + vlan: 1000 + set: "int data0 mtu_request=9000" + state: present + + - openvswitch.openvswitch.openvswitch_bridge: + bridge: stat0 + parent: br0 + vlan: 999 + set: "int stat0 mtu_request=9000" + state: present + + - openvswitch.openvswitch.openvswitch_bridge: + bridge: ctrl0 + parent: br0 + vlan: 102 + set: "int ctrl0 mtu_request=9000" + state: present + + - name: configure nftables block: - ansible.builtin.template: @@ -65,29 +126,7 @@ - service: name: nftables state: restarted - - name: Install CNI config - block: - - ansible.builtin.get_url: - url: https://github.com/k8snetworkplumbingwg/ovs-cni/releases/download/v0.32.0/ovs - dest: /opt/cni/bin/ovs - mode: 0775 - - ansible.builtin.file: - path: /opt/cni/config - state: directory - mode: '0755' - - ansible.builtin.file: - path: /opt/cni/net.d/ovs.d - state: directory - mode: '0755' - - ansible.builtin.copy: - src: cni/stationnet.conflist - dest: /opt/cni/config/stationnet.conflist - - ansible.builtin.copy: - src: cni/ovs.conf - dest: /opt/cni/net.d/ovs.d/ovs.conf - - service: - name: nomad - state: restarted + enabled: true handlers: - name: Restart networking service: diff --git a/infra/station/public_keys/feldt b/infra/station/public_keys/feldt new file mode 100644 index 0000000000000000000000000000000000000000..1f911d54b8e527b551986a29eeae92d4f5bdd380 --- /dev/null +++ b/infra/station/public_keys/feldt @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhxDArT4JOrprdJ61H/+2cVEr0kRvkzPzyNm8VmyzYQ feldt diff --git a/infra/station/public_keys/lukken b/infra/station/public_keys/lukken new file mode 100644 index 0000000000000000000000000000000000000000..9148671b721d807dca9119b8a82ea375b0507bb0 --- /dev/null +++ b/infra/station/public_keys/lukken @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7hviFagokycOHcczMQG757DFURSeBWK91wahDX3frbMkieU1fR8W9E06YryPVZPLo1fybxD2uT6CTHlfnPCr04B8ioKKVhE0mQZBeSJBbsOOKAFtNmGyeJDAM5BJ7lR5nNyWdnKA8B/l0DlLWsAnbsN3jy7TcMw0eD6uRIRfv48ZdbuEbhaRce7g0DBPwqq6EP6LL7yh7FZ3GMlFf5kaUfDYHwPrtuMkIKJqPsK+72m/hPQbaW5U1hNiyLS2dcabb6uYnzksgcp9r4+L1MZdt1t6t5IS8JICy361cu7VOjhtgSnf+dVTQpt75d9BUAJhVe8k4ftBK2+Gn+JKMkcBZ4s8tuMr8cEyeyYjQdaWWv0Sehauwupea73VgOnPHWtcbWiMobgM8MG+hA5ofYiI35S4U6SozWNHuGq+5w/MSs6MPgcrX53+bUFGsOz7/NNKCVLW9vqUaA6jPwKYGpEKymGzY+1Y7LF+4p6D8+//zmL3pSI3G0cmbzB2esEE8nAX5oQv15NxX53pbHhkjIciDmrq7gfeSRHYfkPGarsRzQHfErdCaX56YB85mgYcCAAb20s69vz3W8JGxH64TpvVkHYS5Bhxi0d4YM3Ip5pJIPdY4in+zBb++/o7hi5zk6Z91MD9k3hZq07rD9lmWjQ2S5H61NgHsFJrrpOqXs7bD5w== lukken diff --git a/infra/station/public_keys/mol b/infra/station/public_keys/mol new file mode 100644 index 0000000000000000000000000000000000000000..d757cbaf4171f0ca6f25c8b37fe7610e5ea6944c --- /dev/null +++ b/infra/station/public_keys/mol @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEhtq3fDtEOcI0xbedHuvXHdqjPLe/PzvMUD4qKzkm0cd8KCi3rvj44CDMWtYK6dL7nhqGhwZqWKkw/kd3acDTsG/aEx+lNrX643TRj5FT/Ok2tHmRaa3K28EmpkxP+vnuFUebsTMfuOcBFiHiq3CHUgqpTnpDuO8J/Zfy1T/RUDIlodf/8xtShjhIhCbvneMCFzwW+S9+Vt3lK7RLae27vz8JBn8Ws3paI5qNndfqtX5I4VI+X3gt/a6Zm+0WE5xVMrc2mo+H5c5YoKUUg6Huhj4bSzvzKdvacIYHCt0PxHgMVDNKM0oGi5B0FdQKuj5Pvt//iEHoUMjmo6nRINnB mol diff --git a/infra/station/roles/volume/tasks/main.yml b/infra/station/roles/volume/tasks/main.yml index ce2ec13ba73e15dbbc0f0cdb69e9d406e7efca59..572f81d73c49c097a37b5ace23501a8534c0cd6f 100644 --- a/infra/station/roles/volume/tasks/main.yml +++ b/infra/station/roles/volume/tasks/main.yml @@ -7,6 +7,13 @@ update_cache: yes state: present when: fstype == "xfs" +- name: install btrfs-progs + apt: + pkg: + - btrfs-progs + update_cache: yes + state: present + when: fstype == "btrfs" - name: 'add {{ volume_name }} volume' lvol: vg: '{{ volume_group }}' diff --git a/sbin/generate_iso.sh b/sbin/generate_iso.sh new file mode 100755 index 0000000000000000000000000000000000000000..33cd145b1a1d39eeb7270fc9954b3e3044a922a2 --- /dev/null +++ b/sbin/generate_iso.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +BASE_DIR=$(realpath "infra/station/debian") + +VERSION=$(curl ftp://get.debian.org/images/release/current/amd64/iso-cd/ | grep -E 'debian-[0-9]' | awk '{print $9}') +curl "ftp://get.debian.org/images/release/current/amd64/iso-cd/$VERSION" -o "$VERSION" + +7z x "-o$BASE_DIR/isofiles" "$VERSION" + +cp "$BASE_DIR/preseed.cfg" "$BASE_DIR/isofiles/preseed.cfg" +cp "$BASE_DIR/grub/grub.cfg" "$BASE_DIR/isofiles/boot/grub/grub.cfg" +cp "$BASE_DIR/isolinux/auto.cfg" "$BASE_DIR/isofiles/isolinux/auto.cfg" +cp "$BASE_DIR/isolinux/menu.cfg" "$BASE_DIR/isofiles/isolinux/menu.cfg" + +#dd if="$VERSION" bs=1 count=432 of=isohdpfx.bin + +#xorriso -as mkisofs -o debian.iso \ +# -isohybrid-mbr isohdpfx.bin \ +# -c isolinux/boot.cat -b isolinux/isolinux.bin -no-emul-boot \ +# -boot-load-size 4 -boot-info-table "$BASE_DIR/isofiles" + +xorriso -as mkisofs -r -checksum_algorithm_iso sha256,sha512 \ + -V 'Debian 12.5.0 amd64 n' -o debian.iso \ + -J -joliet-long -cache-inodes -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin \ + -b isolinux/isolinux.bin -c isolinux/boot.cat -boot-load-size 4 -boot-info-table \ + -no-emul-boot -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot -isohybrid-gpt-basdat \ + -isohybrid-apm-hfsplus "$BASE_DIR/isofiles"