Add "repair" BMC user

Signed-off-by: morimoto-cybozu <kenji_morimoto@cybozu.co.jp>

CHANGELOG.md

@@ -5,6 +5,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+- Add "repair" BMC user in [#96](https://github.com/cybozu-go/setup-hw/pull/96)
+    - **Breaking change:** This user is mandatory for iDRAC.
+
 ## [1.14.3] - 2023-08-15
 - Disable "iDRAC path through I/F" in [#93](https://github.com/cybozu-go/setup-hw/pull/93)
   - Factory setting has been changed that iDRAC path through I/F enabled, but it gives problem to neco setup. 

config/config.go

@@ -80,6 +80,7 @@ type Credentials struct {
 // UserConfig represents a set of BMC user credentials in JSON format.
 type UserConfig struct {
 	Root    Credentials `json:"root"`
+	Repair  Credentials `json:"repair"`
 	Power   Credentials `json:"power"`
 	Support Credentials `json:"support"`
 }

config/config_test.go

@@ -86,6 +86,12 @@ func TestUserConfig(t *testing.T) {
 	if uc.Root.Password.Salt != "593C31FF6D409480F032AA2FF6EC781E" {
 		t.Error("wrong root password salt")
 	}
+	if uc.Repair.Password.Hash != "78B13CF445B376D74BD1BEBA0B8802AD691D69483E752191D06D3C0AF362DAD8" {
+		t.Error("wrong repair password hash")
+	}
+	if uc.Repair.Password.Salt != "8E4934DDBEEE7C9AE9427A8283D7FA10" {
+		t.Error("wrong repair password salt")
+	}
 	if uc.Power.Password.Raw != "ranranran" {
 		t.Error("wrong power password")
 	}

docs/config.md

@@ -27,17 +27,20 @@ This file contains credentials of BMC users.
 BMC users are statically defined in `setup-hw` as follows:
 
 * `root`: The administrator of BMC.
-* `power`: Control power supply.
+* `repair`: Restricted user who can execute repair operations, e.g. BMC reset.
+* `power`: Restricted user who can control power supply.
 * `support`: Read-only account.
 
+All users are mandatory for iDRAC.
+
 Credential types are:
 
 * Raw password
 * Hashed password with salt  
     For iDRAC, use [`idrac-passwd-hash`](../pkg/idrac-passwd-hash) tool to generate them.
 
 Supported credential types varies by BMC types.
-iDRAC, BMC embedded in Dell servers, supports all credential types.
+iDRAC supports all credential types.
 
 Example:
 

pkg/setup-hw/dell.go

@@ -526,15 +526,27 @@ func (dc *dellConfigurator) configIPMI(ctx context.Context) error {
 	return racadmRetry(ctx, "set", key, "1")
 }
 
+// configUser creates/updates an iDRAC user with specified parameters
+//
+// priv is the bitwise OR of the following privileges:
+// - 0x001 Login
+// - 0x002 Configure
+// - 0x004 Configure Users
+// - 0x008 Logs
+// - 0x010 System Control
+// - 0x020 Access Virtual Console
+// - 0x040 Access Virtual Media
+// - 0x080 System Operations
+// - 0x100 Debug
+//
+// ipmiPriv is one of the following privileges:
+// - 1 Callback level
+// - 2 User level
+// - 3 Operator level
+// - 4 Administrator level
+// - 5 OEM Proprietary level
+// - 15 No access
 func (dc *dellConfigurator) configUser(ctx context.Context, idx, name, priv, ipmiPriv string, cred config.Credentials) error {
-	// ipmipriv:
-	// - 1 Callback level
-	// - 2 User level
-	// - 3 Operator level
-	// - 4 Administrator level
-	// - 5 OEM Proprietary level
-	// - 15 No access
-
 	prefix := "iDRAC.Users." + idx + "."
 	if _, err := racadmSetConfig(ctx, prefix+"Username", name); err != nil {
 		return err
@@ -578,6 +590,9 @@ func (dc *dellConfigurator) configUsers(ctx context.Context) error {
 	if err := dc.configUser(ctx, "4", "power", "0x11", "3", dc.userConfig.Power); err != nil {
 		return err
 	}
+	if err := dc.configUser(ctx, "5", "repair", "0x13", "15", dc.userConfig.Repair); err != nil {
+		return err
+	}
 	return nil
 }
 

testdata/bmc-user.json

@@ -5,6 +5,12 @@
             "salt": "593C31FF6D409480F032AA2FF6EC781E"
         }
     },
+    "repair": {
+        "password": {
+            "hash": "78B13CF445B376D74BD1BEBA0B8802AD691D69483E752191D06D3C0AF362DAD8",
+            "salt": "8E4934DDBEEE7C9AE9427A8283D7FA10"
+        }
+    },
     "power": {
         "password": {
             "raw": "ranranran"