provision-tc for tiberos

intel · Oct 3, 2024 · 6e82513 · 6e82513
1 parent b74eeda
commit 6e82513
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 20 deletions.
diff --git a/inbm/cloudadapter-agent/fpm-template/usr/bin/provision-tc b/inbm/cloudadapter-agent/fpm-template/usr/bin/provision-tc
@@ -30,7 +30,7 @@ function provision {
   if ! [[ $LOCAL_MQTT_PORT =~ $re ]] ; then
     echo "error: Not a number: $LOCAL_MQTT_PORT in setting mqtt port number" >&2; exit 1
   fi
-  echo "$LOCAL_MQTT_PORT" >/etc/intel-manageability/local-mqtt-port.txt
+  echo "$LOCAL_MQTT_PORT" >/var/intel-manageability/local-mqtt-port.txt
   enable_mqtt
   if [[ "x$NO_CLOUD" == "x" ]]; then
     configure_cloud
@@ -76,7 +76,7 @@ function check_requirements {
   fi
 
   # Check for safe mode
-  if [ -f /etc/intel-manageability/secret/SAFE_MODE ]; then
+  if [ -f /var/intel-manageability/secret/SAFE_MODE ]; then
     echo "WARNING: Safe mode is on. Provisioned credentials will go away on next boot."
   fi
 

diff --git a/inbm/fpm/mqtt/template/usr/bin/mqtt-detect-tpm b/inbm/fpm/mqtt/template/usr/bin/mqtt-detect-tpm
@@ -2,7 +2,7 @@
 
 set -eo pipefail
 
-TPM_FLAG_FILE=/etc/intel-manageability/public/tpm_flag
+TPM_FLAG_FILE=/var/intel-manageability/public/tpm_flag
 
 function detect_tpm {
     if [[ "x$PROVISION_TPM" == "xdisable" ]]; then

diff --git a/inbm/fpm/mqtt/template/usr/bin/mqtt-ensure-keys-generated b/inbm/fpm/mqtt/template/usr/bin/mqtt-ensure-keys-generated
@@ -1,15 +1,15 @@
 #!/bin/bash
 set -euxo pipefail
 
-TC_PUBLIC="/etc/intel-manageability/public"
-TC_SECRET="/etc/intel-manageability/secret"
+TC_PUBLIC="/var/intel-manageability/public"
+TC_SECRET="/var/intel-manageability/secret"
 DAYS_EXPIRY="2555"
 
 do_provision() {
     rm -f "$TC_SECRET"/.provisioned
     /usr/bin/inb-provision-certs "$TC_PUBLIC" "$TC_SECRET"
 
-    fix_permissions
+    #fix_permissions
 
     touch "$TC_SECRET"/.provisioned
 }
@@ -89,7 +89,7 @@ if ! [ -f "$TC_SECRET"/.provisioned ] ; then
     do_provision
 else
     # Fix permissions even if we end up not reprovisioning
-    fix_permissions
+    #fix_permissions
 
     # Check for HDDL mode; always reprovision with HDDL mode due to time sync issue.
     KMB_PCIE_EP_STATUS="/proc/device-tree/soc/pcie_ep@37000000/status"

diff --git a/inbm/fpm/mqtt/template/usr/bin/mqtt-ensure-secret-mounted b/inbm/fpm/mqtt/template/usr/bin/mqtt-ensure-secret-mounted
@@ -1,8 +1,8 @@
 #!/bin/bash
 set -euxo pipefail
 
-TC_SECRET="/etc/intel-manageability/secret"
-TC_PUBLIC="/etc/intel-manageability/public"
+TC_SECRET="/var/intel-manageability/secret"
+TC_PUBLIC="/var/intel-manageability/public"
 TC_SECRET_IMG_DIR="/var/intel-manageability"
 TC_SECRET_IMG="$TC_SECRET_IMG_DIR/secret.img"
 

diff --git a/inbm/fpm/mqtt/template/usr/bin/mqtt-provision-start b/inbm/fpm/mqtt/template/usr/bin/mqtt-provision-start
@@ -1,22 +1,22 @@
 #!/bin/bash
 set -euxo pipefail
 # Ensure mqtt-broker has required permissions
-getent group pmsuser || groupadd pmsuser
+#getent group pmsuser || groupadd pmsuser
 chgrp mqtt-broker /var/persistent-log/mosquitto
 chmod g+rwx /var/persistent-log/mosquitto
 chmod -R g+rw /var/persistent-log/mosquitto
 
 # Ensure mosquitto.conf is upgraded
-if ! grep "COMPATIBLE WITH MOSQUITTO 2.0: TRUE" /etc/intel-manageability/public/mqtt-broker/mosquitto.conf >&/dev/null ; then
+if ! grep "COMPATIBLE WITH MOSQUITTO 2.0: TRUE" /var/intel-manageability/public/mqtt-broker/mosquitto.conf >&/dev/null ; then
   echo mosquitto.conf needs to be upgraded, or this is the first mqtt
-  echo startup and mosquitto.conf needs to be copied from /usr/... to /etc/...
-  cp /usr/share/intel-manageability/mqtt/mosquitto.conf.dist /etc/intel-manageability/public/mqtt-broker/mosquitto.conf
+  echo startup and mosquitto.conf needs to be copied from /usr/... to /var/...
+  cp /usr/share/intel-manageability/mqtt/mosquitto.conf.dist /var/intel-manageability/public/mqtt-broker/mosquitto.conf
 else
   echo mosquitto.conf is up to date
 fi
 
-if [ -f /etc/intel-manageability/local-mqtt-port.txt ] ; then
-  LOCAL_MQTT_PORT=$(cat /etc/intel-manageability/local-mqtt-port.txt)
+if [ -f /var/intel-manageability/local-mqtt-port.txt ] ; then
+  LOCAL_MQTT_PORT=$(cat /var/intel-manageability/local-mqtt-port.txt)
   re='^[0-9]+$'
   if ! [[ $LOCAL_MQTT_PORT =~ $re ]] ; then
      echo "error: Not a number: $LOCAL_MQTT_PORT in setting mqtt port number" >&2; exit 1
@@ -27,17 +27,17 @@ else
 fi
 
 # Set local port in TC service environment file
-TC_ENV_FILE=/etc/intel-manageability/public/mqtt.environment
+TC_ENV_FILE=/var/intel-manageability/public/mqtt.environment
 echo MQTT_HOST=localhost >"$TC_ENV_FILE"
 echo MQTT_PORT="$LOCAL_MQTT_PORT" >>"$TC_ENV_FILE"
-echo MQTT_CA_CERTS=/etc/intel-manageability/public/mqtt-ca/mqtt-ca.crt >>"$TC_ENV_FILE"
+echo MQTT_CA_CERTS=/var/intel-manageability/public/mqtt-ca/mqtt-ca.crt >>"$TC_ENV_FILE"
 
 # Set local port in mosquitto.conf
-sed -i -e "s/listener .* 127.0.0.1/listener $LOCAL_MQTT_PORT 127.0.0.1/g" /etc/intel-manageability/public/mqtt-broker/mosquitto.conf
+sed -i -e "s/listener .* 127.0.0.1/listener $LOCAL_MQTT_PORT 127.0.0.1/g" /var/intel-manageability/public/mqtt-broker/mosquitto.conf
 
 # If dispatcher.environment exists, patch its port
-if [ -f /etc/dispatcher.environment ]; then
-  sed -i -e "s/MQTT_PORT=.*/MQTT_PORT=$LOCAL_MQTT_PORT/g" /etc/dispatcher.environment
+if [ -f /var/dispatcher.environment ]; then
+  sed -i -e "s/MQTT_PORT=.*/MQTT_PORT=$LOCAL_MQTT_PORT/g" /var/dispatcher.environment
 fi