From 41fb014ddf36de5af89e3f0a11755d846bceffe9 Mon Sep 17 00:00:00 2001 From: Bryan Wendlandt <74682355+bwendlandt-intel@users.noreply.github.com> Date: Fri, 1 Sep 2023 14:13:54 -0600 Subject: [PATCH 1/5] docs(reference): local acm activate (#328) * docs(reference): local acm activate * docs(reference): breakout tables --- docs/Reference/RPC/commandsRPC.md | 79 ++++++++++++++++++------------- 1 file changed, 45 insertions(+), 34 deletions(-) diff --git a/docs/Reference/RPC/commandsRPC.md b/docs/Reference/RPC/commandsRPC.md index 08b7204e4..59f3852d7 100644 --- a/docs/Reference/RPC/commandsRPC.md +++ b/docs/Reference/RPC/commandsRPC.md @@ -54,40 +54,56 @@ Activate the device with a specified profile: #### Activate the device locally: -Currently, this capability is only supported for activating unprovisioned (e.g. pre-provisioning state) devices. This command **only** activates AMT. It does not do profile-based configuration. +This capability is only supported for activating unprovisioned (e.g. pre-provisioning state) devices. This command **only** activates AMT. It does not do profile-based configuration. -=== "Linux" - ``` bash - sudo ./rpc activate -local -password NewAMTPassword +=== "CCM" ``` -=== "Windows" + rpc activate -local -ccm -amtPassword NewAMTPassword ``` - .\rpc activate -local -password NewAMTPassword +=== "ACM" + ``` + rpc activate -local -acm -amtPassword NewAMTPassword -provisioningCert "{BASE64_PROV_CERT}" -provivisioningCertPwd certPassword ```
-#### `activate` Options +#### `activate` General Options | OPTION | DESCRIPTION | |--------------------|---------------------------------------------------------------------------------------------------------------------------------| -| -d string | DNS suffix override | -| -h string | Hostname override | | -json | JSON output | | -l string | Log level (panic,fatal,error,warn,info,debug,trace) (default "info") | | -lmsaddress string | LMS address (default "localhost"). Can be used to change location of LMS for debugging. | | -lmsport string | LMS port (default "16992") | -| -local | Execute command to AMT directly without cloud interaction. | | -n | Skip WebSocket server certificate verification | -| -name | Friendly name to associate with this device | +| -t duration | Time to wait until AMT is ready (e.g. `2m` or `30s`), the default is `2m0s` | +| -v | Verbose output | + +#### `activate` Remote-Specific Options + +| OPTION | DESCRIPTION | +|--------------------|---------------------------------------------------------------------------------------------------------------------------------| +| -d string | DNS suffix override | +| -h string | Hostname override | +| -n | Skip WebSocket server certificate verification | +| -name string | Friendly name to associate with this device | | -p string | Proxy address and port | -| -password | AMT password | +| -password | Existing set AMT password | | -profile string | Name of the profile to use | -| -t duration | Time to wait until AMT is ready (e.g. `2m` or `30s`), the default is `2m0s` | | -tenant string | TenantID of profile. If not provided, then assumed empty string (i.e. [no Multitenancy enabled](../middlewareExtensibility.md)) | | -token string | JWT Token for Authorization | | -u string | WebSocket address of server to activate against | -| -v | Verbose output | + +#### `activate` Local-Specific Options + +| OPTION | DESCRIPTION | +|-----------------------------------|-----------------------------------------------------------------| +| -acm | Flag for ACM Local Activation. | +| -amtPassword string | New AMT Password to set on device. | +| -ccm | Flag for CCM Local Activation. | +| -local | Execute command to AMT directly without cloud interaction. | +| -provisioningCert Base64 string | Base64 Encoded String of the `.pfx` provisioning certificate. | +| -provisioningCertPwd string | Password of provisioning certificate. | For more information, see [Build & Run RPC](../../GetStarted/buildRPC.md). @@ -100,25 +116,15 @@ To learn how to use the RPC application to transition an already activated (prov #### Deactivate the device using RPS: -=== "Linux" - ``` bash - sudo ./rpc deactivate -u wss://server/deactivate - ``` -=== "Windows" - ``` - .\rpc deactivate -u wss://server/deactivate - ``` +``` +rpc deactivate -u wss://server/deactivate +``` #### Deactivate the device locally: -=== "Linux" - ``` bash - sudo ./rpc deactivate -local - ``` -=== "Windows" - ``` - .\rpc deactivate -local - ``` +``` +rpc deactivate -local -password AMTPassword +```
@@ -126,19 +132,24 @@ To learn how to use the RPC application to transition an already activated (prov | OPTION | DESCRIPTION | |--------------------|-----------------------------------------------------------------------------------------| -| -f | Force deactivate even if device is not registered with the RPS server | | -json | JSON output | | -l string | Log level (panic,fatal,error,warn,info,debug,trace) (default "info") | | -lmsaddress string | LMS address (default "localhost"). Can be used to change location of LMS for debugging. | | -lmsport string | LMS port (default "16992") | | -local | Execute command to AMT directly without cloud interaction. | -| -n | Skip WebSocket server certificate verification | -| -p string | Proxy address and port | | -password string | AMT password | | -t duration | Time to wait until AMT is ready (e.g. `2m` or `30s`), the default is `2m0s` | +| -v | Verbose output | + +#### `deactivate` Remote-Specific Options + +| OPTION | DESCRIPTION | +|--------------------|-----------------------------------------------------------------------------------------| +| -f | Force deactivate even if device is not registered with the RPS server | +| -n | Skip WebSocket server certificate verification | +| -p string | Proxy address and port | | -token string | JWT Token for Authorization | | -u string | WebSocket address of server to activate against | -| -v | Verbose output | For more information, see [Build & Run RPC](../../GetStarted/buildRPC.md). From 592d16c165b24992f3a5a6c35a59c8b5b8658228 Mon Sep 17 00:00:00 2001 From: Walt Date: Fri, 8 Sep 2023 14:30:33 -0700 Subject: [PATCH 2/5] docs(reference): local configuration addwifisettings (#327) * docs(reference): local configuration addwifisettings * docs(reference): local wifi config first pass * docs(reference): sectioning and update cmds * docs(reference): change flag names * docs(reference): add wpa --------- Co-authored-by: Tim Shockley Co-authored-by: bryan-wendlandt Co-authored-by: Bryan Wendlandt <74682355+bwendlandt-intel@users.noreply.github.com> --- docs/Reference/RPC/commandsRPC.md | 367 +++++++++++++++++++++++------- 1 file changed, 285 insertions(+), 82 deletions(-) diff --git a/docs/Reference/RPC/commandsRPC.md b/docs/Reference/RPC/commandsRPC.md index 59f3852d7..57847e745 100644 --- a/docs/Reference/RPC/commandsRPC.md +++ b/docs/Reference/RPC/commandsRPC.md @@ -16,13 +16,14 @@ Run the RPC application on the command line with no arguments to see supported c .\rpc.exe ``` -| COMMAND | DESCRIPTION | EXAMPLE | -|-------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------| -| [activate](#activate) | Activate this device with a specified profile. | ./rpc activate -u wss://server/activate -profile profilename | -| [deactivate](#deactivate) | Deactivate this device. You will be prompted for the AMT password. | ./rpc deactivate -u wss://server/deactivate | -| [maintenance](#maintenance) | Execute a maintenance task for the device. You will be prompted for the AMT password. | ./rpc maintenance syncclock -u wss://server/maintenance | -| [amtinfo](#amtinfo) | Display AMT status and configuration. | ./rpc amtinfo | -| [version](#version) | Display the current version of RPC and the RPC Protocol version. | ./rpc version | +| COMMAND | DESCRIPTION | EXAMPLE | +|-----------------------------|---------------------------------------------------------------------------------------------|--------------------------------------------------------------| +| [activate](#activate) | Activate this device with a specified profile. | ./rpc activate -u wss://server/activate -profile profilename | +| [deactivate](#deactivate) | Deactivate this device. You will be prompted for the AMT password. | ./rpc deactivate -u wss://server/deactivate | +| [maintenance](#maintenance) | Execute a maintenance task for the device. You will be prompted for the AMT password. | ./rpc maintenance syncclock -u wss://server/maintenance | +| [configure](#configure) | Local configuration of a feature on this device. You will be prompted for the AMT password. | ./rpc configure addwifisettings ... | +| [amtinfo](#amtinfo) | Display AMT status and configuration. | ./rpc amtinfo | +| [version](#version) | Display the current version of RPC and the RPC Protocol version. | ./rpc version | ##List Command Options @@ -162,7 +163,6 @@ Execute a maintenance command for the managed device: | SUBCOMMAND | DESCRIPTION | |---------------------------------------|-------------------------------------------------------------------------------------------------------| -| [addwifisettings](#addwifisettings) | Configure wireless 802.1x locally with RPC (no communication with RPS and EA) | | [changepassword](#changepassword) | Change the AMT password.
A random password is generated by default if `-static` is not provided. | | [syncclock](#syncclock) | Sync the host OS clock to AMT. | | [synchostname](#synchostname) | Sync the OS hostname to AMT Network Settings. | @@ -190,80 +190,6 @@ Execute a maintenance command for the managed device:
-#### addwifisettings - -Configure wireless 802.1x settings of an existing, activated AMT device by passing credentials and certificates directly to AMT rather than through RPS/EA/RPC. More information on configuring AMT to use 802.1x can be found in [802.1x Configuration](../EA/ieee8021xconfig.md). - -On failure, the `addwifisettings` maintenance command will rollback any certificates added before the error occurred. - -!!! Note - Adding new wifi settings will delete existing wifi settings. - -##### via Config file - -1. Create a new file called `config.yaml`. Copy and paste the template below. - - ```yaml - ieee801xConfig: - name: 'profileName' # profile name (i.e. friendly name) - authenticationMethod: 7 # wifi authentication method - encryptionMethod: 4 # wifi encryption method - clientCert: '' - caCert: '' - privateKey: '' - ssid: '' # wifi SSID - username: "" # 8021x username - authenticationProtocol: 0 #8021x profile protocol (e.g. EAP-TLS(0)) - priority: 1 - ``` - -2. Fill in fields with desired options. - -3. Provide the `config.yaml` file using the `-config` flag. - - === "Linux" - ``` bash - sudo ./rpc maintenance addwifisettings -config config.yaml - ``` - === "Windows" - ``` - .\rpc maintenance addwifisettings -config config.yaml - ``` - -##### via CLI - -Alternatively, provide all options directly in the command line. - -!!! warning "Warning - Use Case and Security" - The CLI option is intended for use as part of an integration of RPC as a shared library. The passing of secrets directly via command line is highly insecure and **NOT** recommended. - -=== "Linux" - ``` bash - sudo ./rpc maintenance addwifisettings -name profileName -authenticationMethod 7 -encryptionMethod 4 -ssid "networkSSID" -username "username" -authenticationProtocol 0 -priority 1 -clientCert {CLIENT_CERT} -caCert {CA_CERT} -privateKey {CLIENT_PRIVATE_KEY} - ``` -=== "Windows" - ``` - .\rpc maintenance addwifisettings -name profileName -authenticationMethod 7 -encryptionMethod 4 -ssid "networkSSID" -username "username" -authenticationProtocol 0 -priority 1 -clientCert {CLIENT_CERT} -caCert {CA_CERT} -privateKey {CLIENT_PRIVATE_KEY} - ``` - -
- -| OPTION | DESCRIPTION | -|---------------------------|-------------------------------------------------------------------------------------------------------------------| -| -authenticationMethod | Wifi authentication method. Valid Values = {5, 7} where `5` = WPA_IEEE8021X, `7` = WPA2_IEEE8021X | -| -authenticationProtocol | 802.1x profile protocol. Valid Values = {0} where `0` = EAP-TLS | -| -caCert | Trusted Microsoft root CA or 3rd-party root CA in Active Directory domain | -| -clientCert | Client certificate chained to the `caCert`. Issued by enterprise CA or mapped to computer account in Active Directory.
AMT provides this certificate to authenticate itself with the Radius Server | -| -config | File path of a `.yaml` file with desired wireless 802.1x configuration, see [via Config File](#via-config-file) | -| -encryptionMethod | Wifi encryption method. Valid Values = {3, 4} where `3` = TKIP, `4` = CCMP | -| -name | Profile name (Friendly name), must be alphanumeric | -| -priority | Ranked priority over other profiles | -| -privateKey | Private key of the `clientCert` | -| -ssid | Wifi SSID | -| -username | 802.1x username, must match the Common Name of the `clientCert` | - -
- #### changepassword Change the AMT password. A random password is generated by default if `static` option is not passed. @@ -336,6 +262,283 @@ Sync the static IP of host OS to AMT Network Settings.
+### configure + +Execute a configuration command for the managed device: + +| SUBCOMMAND | DESCRIPTION | +|---------------------------------------|-------------------------------------------------------------------------------------------------------| +| [addwifisettings](#addwifisettings) | Configure wireless 802.1x locally with RPC (no communication with RPS and EA) | + +
+ +#### Common `configuration` Options + +| OPTION | DESCRIPTION | +|--------------------|--------------------------------------------------------------------------------------------------------------------------------- | +| -json | JSON output | +| -l string | Log level (panic,fatal,error,warn,info,debug,trace) (default "info") | +| -password string | AMT password | +| -v | Verbose output | + +
+ +#### addwifisettings + +Configure wireless 802.1x settings of an existing, activated AMT device by passing credentials and certificates directly to AMT rather than through RPS/EA/RPC. More information on configuring AMT to use 802.1x can be found in [802.1x Configuration](../EA/ieee8021xconfig.md). + +On failure, the `addwifisettings` maintenance command will rollback any certificates added before the error occurred. + + +=== "Config File" + ##### via Config file + + The Config file can be formatted as either YAML or JSON. This example shows YAML but a JSON template is provided as well. + + 1. Create a new file called `config.yaml`. Copy and paste the corresponding template below. + + These templates show how to create a simple Wireless profile called **exampleWifiWPA2** and a Wireless profile utilizing 802.1x called **exampleWifi8021x**. + + === "YAML" + ```yaml title="config.yaml" + password: 'amtPassword' # optionally, you can provide the AMT password of the device in the config file + wifiConfigs: + - profileName: 'exampleWifiWPA2' # friendly name (ex. Profile name) + ssid: 'exampleSSID' + priority: 1 + authenticationMethod: 6 + encryptionMethod: 4 + pskPassphrase: '' + - profileName: 'exampleWifi8021x' # friendly name (ex. Profile name) + ssid: 'ssid' + priority: 2 + authenticationMethod: 7 + encryptionMethod: 4 + ieee8021xProfileName: 'exampleIeee8021xEAP-TLS' + ieee8021xConfigs: + - profileName: 'exampleIeee8021xEAP-TLS' + username: "exampleUserName" + password: "" # 8021x password if authenticationProtocol is PEAPv0/EAP-MSCHAPv2(2) + authenticationProtocol: 0 #8021x profile (ex. EAP-TLS(0)) + clientCert: '' + caCert: '' + privateKey: '' + ``` + + === "JSON" + ```json title="config.json" + { + "password": "amtPassword", + "wifiConfigs": [ + { + "profileName": "exampleWifiWPA2", + "ssid": "exampleSSID", + "priority": 1, + "authenticationMethod": 6, + "encryptionMethod": 4, + "pskPassphrase": "" + }, + { + "profileName": "exampleWifi8021x", + "ssid": "ssid", + "priority": 2, + "authenticationMethod": 7, + "encryptionMethod": 4, + "pskPassphrase": "", + "ieee8021xProfileName": "exampleIeee8021xEAP-TLS" + } + ], + "ieee8021xConfigs": [ + { + "profileName": "exampleIeee8021xEAP-TLS", + "username": "exampleUserName", + "password": "", + "authenticationProtocol": 0, + "clientCert": "", + "caCert": "", + "privateKey": "" + } + ] + } + ``` + + 2. Fill in fields with desired options and secrets. If the secrets are **not** provided (e.g. secret field is an empty string or not given), the secrets will be prompted for as user input in the command line. + + Alternatively, secrets can be stored and referenced in a separate file. See **Config w/ Secrets File** tab for more information. + + 3. Provide the `config.yaml` file using the `-config` flag. + + ``` + rpc configure addwifisettings -config config.yaml + ``` + +=== "Config w/ Secrets File" + ##### via Config with Secrets file + + If a secrets file is included with the configuration file, those secrets will be used in the matching `profileName` configuration. These templates show how to create a simple Wireless profile called **exampleWifiWPA2** and a Wireless profile utilizing 802.1x called **exampleWifi8021x**. + + 1. Create a new file called `config.yaml`. Copy and paste the corresponding template below. + + This `config.yaml` is slightly different from the standard one as we either delete or leave blank the secret fields `pskPassphrase`, `password`, and `privateKey`. + + === "YAML" + ```yaml title="config.yaml" + wifiConfigs: + - profileName: 'exampleWifiWPA2' # friendly name (ex. Profile name) + ssid: 'exampleSSID' + priority: 1 + authenticationMethod: 6 + encryptionMethod: 4 + - profileName: 'exampleWifi8021x' # friendly name (ex. Profile name) + ssid: 'ssid' + priority: 2 + authenticationMethod: 7 + encryptionMethod: 4 + ieee8021xProfileName: 'exampleIeee8021xEAP-TLS' + ieee8021xConfigs: + - profileName: 'exampleIeee8021xEAP-TLS' + username: "exampleUserName" + password: "" # 8021x password if authenticationProtocol is PEAPv0/EAP-MSCHAPv2(2) + authenticationProtocol: 0 #8021x profile (ex. EAP-TLS(0)) + clientCert: '' + caCert: '' + ``` + + === "JSON" + ```json title="config.json" + { + "wifiConfigs": [ + { + "profileName": "exampleWifiWPA2", + "ssid": "exampleSSID", + "priority": 1, + "authenticationMethod": 6, + "encryptionMethod": 4, + "pskPassphrase": "" + }, + { + "profileName": "exampleWifi8021x", + "ssid": "ssid", + "priority": 2, + "authenticationMethod": 7, + "encryptionMethod": 4, + "ieee8021xProfileName": "exampleIeee8021xEAP-TLS" + } + ], + "ieee8021xConfigs": [ + { + "profileName": "exampleIeee8021xEAP-TLS", + "username": "exampleUserName", + "password": "", + "authenticationProtocol": 0, + "clientCert": "", + "caCert": "", + } + ] + } + ``` + + 2. Create a new file called `secrets.yaml`. Copy and paste the template below. + + === "YAML" + ```yaml title="secrets.yaml" + secrets: + - profileName: 'exampleWifiWPA2' + pskPassphrase: '' + - profileName: 'exampleIeee8021xEAP-TLS' + privateKey: '' + - profileName: 'ieee8021xPEAPv0' + password: '' + ``` + === "JSON" + ```json title="secrets.json" + { + "secrets": [ + { + "profileName": "exampleWifiWPA2", + "pskPassphrase": "" + }, + { + "profileName": "exampleIeee8021xEAP-TLS", + "privateKey": "" + }, + { + "profileName": "ieee8021xPEAPv0", + "password": "" + } + ] + } + ``` + + 3. Fill in fields with the secrets. The `profileName` given in the secrets file must match the corresponding Wireless or 802.1x configuration `profileName`. + + 4. Provide the `secrets.yaml` file using the `-secrets` flag. + + ``` + rpc configure addwifisettings -config config.yaml -secrets secrets.yaml + ``` + + +=== "Individual Options" + ##### via Individual Options + + Alternatively, provide all options directly in the command line. The user will be prompted for missing secrets (i.e. password, privateKey, pskPassphrase, ieee8021xPassword), if not provided. + + !!! warning "Warning - Use Case and Security" + The CLI option is intended for use as part of an integration of RPC as a shared library. The passing of secrets directly via command line is highly insecure and **NOT** recommended. + + ``` + rpc configure addwifisettings -profileName profileName -authenticationMethod 7 -encryptionMethod 4 -ssid "networkSSID" -username "username" -authenticationProtocol 0 -priority 1 -clientCert "{CLIENT_CERT}" -caCert "{CA_CERT}" -privateKey "{PRIVATE_KEY}" + ``` + +=== "-configJson String Option" + ##### via -configJson Option + + Or, provide the JSON string directly in the command line. The user will be prompted for missing secrets (i.e. password, privateKey, pskPassphrase, ieee8021xPassword), if not provided. + + !!! warning "Warning - Use Case and Security" + The CLI option is intended for use as part of an integration of RPC as a shared library. The passing of secrets directly via command line is highly insecure and **NOT** recommended. + + === "Wireless Only" + ``` + rpc configure addwifisettings -configJson "{ "wifiConfigs": [ { "profileName": "exampleWifi", "authenticationMethod": 6, "encryptionMethod": 4, "ssid": "networkSSID", "username": "username", "authenticationProtocol": 0, "priority": 1 } ] }" + ``` + + === "Wireless w/ 802.1x" + ``` + rpc configure addwifisettings -configJson "{ "wifiConfigs": [ { "profileName": "exampleWifi8021x", "ssid": "networkSSID", "priority": 1, "authenticationMethod": 7, "encryptionMethod": 4, "ieee8021xProfileName": "exampleIeee8021xEAP-TLS" } ], "ieee8021xConfigs": [ { "profileName": "exampleIeee8021xEAP-TLS", "username": "exampleUserName", "password": "", "authenticationProtocol": 0, "clientCert": "{CLIENT_CERT}", "caCert": "{CA_CERT}", "privateKey": "{PRIVATE_KEY}" } ] }" + ``` + +!!! success "Example Successful Output of Configuring Two Wireless Profiles" + ``` + time="2023-08-30T13:21:39-07:00" level=info msg="configuring wifi profile: exampleWifiWPA2" + time="2023-08-30T13:21:39-07:00" level=info msg="successfully configured: exampleWifiWPA2" + time="2023-08-30T13:21:39-07:00" level=info msg="configuring wifi profile: exampleWifi8021x" + time="2023-08-30T13:21:39-07:00" level=info msg="successfully configured: exampleWifi8021x" + ``` + +
+ +| OPTION | DESCRIPTION | +|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| -authenticationMethod | Wifi authentication method. Valid Values = {4, 5, 6, 7} where `4` = WPA PSK, `5` = WPA_IEEE8021X, `6` = WPA2 PSK, `7` = WPA2_IEEE8021X | +| -authenticationProtocol | 802.1x profile protocol. Valid Values = {0, 2} where `0` = EAP-TLS, `2` = EAP/MSCHAPv2 | +| -caCert | Trusted Microsoft root CA or 3rd-party root CA in Active Directory domain. | +| -clientCert | Client certificate chained to the `caCert`. Issued by enterprise CA or mapped to computer account in Active Directory.
AMT provides this certificate to authenticate itself with the Radius Server. | +| -config | File path of a `.yaml` or `.json` file with desired wireless and/or wireless 802.1x configuration. | +| -configJson | Configuration as a JSON string | +| -encryptionMethod | Wifi encryption method. Valid Values = {3, 4} where `3` = TKIP, `4` = CCMP | +| -ieee8021xPassword | 802.1x profile password if authenticationProtocol is PEAPv0/EAP-MSCHAPv2(2). | +| -profileName | Profile name (Friendly name), must be alphanumeric. | +| -priority | Ranked priority over other profiles. | +| -privateKey | 802.1x profile private key of the `clientCert`. | +| -pskPassphrase | Wifi `pskPassphrase`, if `authenticationMethod` is WPA PSK(4) or WPA2 PSK(6). | +| -secrets | File path of a `.yaml` or `.json` file with secrets to be applied to the configurations. | +| -ssid | Wifi SSID | +| -username | 802.1x username, must match the Common Name of the `clientCert`. | + +
+ ### amtinfo Display AMT status and configuration: From 2227d3d4220a62e73c87b777bba264d0a7536427 Mon Sep 17 00:00:00 2001 From: matt-primrose Date: Mon, 11 Sep 2023 10:03:15 -0700 Subject: [PATCH 3/5] docs(release-notes): august release notes --- docs/release-notes.md | 102 +++++++++++++++++++++++------------------- 1 file changed, 55 insertions(+), 47 deletions(-) diff --git a/docs/release-notes.md b/docs/release-notes.md index d0ae0212e..209910e16 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -8,11 +8,13 @@ !!! note "Note From the Team" - Hey everyone, + Greetings everyone, - We're in the depths of summer here in Arizona, so nothing to do but stay inside and write code! This month we continue to expand our RPC-Go activation and deactivation features and we add a new optional service to assist with configuration. Check out the video above where Bryan talks about these new features. + While Arizona experiences a welcome cooldown, the Open AMT Cloud Toolkit team is cranking up the heat with our latest release! In this month's update, we're thrilled to announce two exciting new features added to RPC-Go. It's now more versatile than ever with ACM activation and Wifi configuration capabilities. - The Open AMT Cloud Toolkit team has moved to [Discord](https://discord.gg/yrcMp2kDWh). Come join the discussion! + With these enhancements, RPC-Go empowers users to configure AMT into either ACM or CCM without the necessity of engaging with a cloud service. This newfound autonomy provides our customers with a level of flexibility that was previously unattainable. Furthermore, RPC-Go now extends its support to configure any type of wifi profile that AMT supports locally. + + We're excited about these advancements and look forward to hearing your feedback. *Best wishes,* *The Open AMT Cloud Toolkit Team* @@ -20,29 +22,23 @@ ## What's New? -:material-new-box: **New Feature: Local Activation and Deactivation** +:material-new-box: **New Feature: Local ACM Activation** -With this release, you can now activate AMT into CCM just using RPC using the `-local` flag. We've also expanded our deactivation feature to include devices activated in ACM. RPC can now deactivate both CCM and ACM configured devices without needing RPS. +With this release, you can now activate AMT into ACM just using RPC using the `-local` flag. Similar to local CCM activation, local ACM activation will require secrets to be passed to the AMT device, so users of this feature will need to have high trust in the local OS. View full command line options [here](https://open-amt-cloud-toolkit.github.io/docs/2.14/Reference/RPC/commandsRPC/#activate-the-device-locally) Local activate command: ``` bash -rpc activate -local -password NewAMTPassword +rpc activate -local -acm -amtPassword NewAMTPassword -provisioningCert "{BASE64_PROV_CERT}" -provivisioningCertPwd certPassword ``` -Local deactivate command: -``` bash -rpc deactivate -local -``` - -:material-new-box: **New Feature: Move to ACM** +:material-new-box: **New Feature: Local Wifi Configuration** -In addition to the activation flows above, we've also added the ability to move a device from CCM to ACM without having to first deactivate AMT. This feature is beneficial when devices shift from a CCM-only network to one that can also handle ACM activation. RPS is required for this flow. +In this release, we have added the ability to configured any wifi profile, not just 802.1x wifi profiles. Users will also be able to configure multiple wifi profiles at the same time by providing the details either via the command line or by passing in a config file. View full command line options [here](https://open-amt-cloud-toolkit.github.io/docs/2.14/Reference/RPC/commandsRPC/#addwifisettings) -:material-fast-forward: **New Preview Feature: Centralized Configuration** - -We added an optional service called [Hashicorp Consul](https://www.consul.io/) for centralized configuration in scale deployments. When MPS or RPS are first deployed with Consul enabled, they'll check for a configuration in Consul. If found, that configuration will be used to start the service. If not found, the service will use the local configuration file and save it to Consul for future use by subsequent services. [Find more info about enabling Consul in the Centralized Configuration docs.](./Deployment/centralizedConfiguration.md) - -This is currently a preview feature so expect additional changes as we receive feedback. +Local wifi configuration command: +```bash +rpc configure addwifisettings -config config.yaml -secrets secrets.yaml +``` ## Get the Details @@ -50,68 +46,80 @@ This is currently a preview feature so expect additional changes as we receive f #### RPS -v2.15.0 +v2.16.1 -- add consul config support ([#1081](https://github.com/open-amt-cloud-toolkit/rps/issues/1081)) (#d39edab) +- Fix: blocks AMT 11.12 system activation if build number < 3000 ([#1176](https://github.com/open-amt-cloud-toolkit/rps/issues/1176)) (#a3e527b) -v2.14.0 +v2.16.0 -- adds capability to upgrade to admin control mode ([#1098](https://github.com/open-amt-cloud-toolkit/rps/issues/1098)) (#7a409bd) +- Feat: support for sha1 hash added via mebx ([#1155](https://github.com/open-amt-cloud-toolkit/rps/issues/1155)) (#b630e11) -#### MPS +#### RPC -v2.11.0 +v2.14.2 -- add configs to consul (#982) (#b2d1dd4) +- ensure warning for CCM deactivation password flag -#### RPC +v2.14.1 -v2.12.0 +- addwifisettings - track added certs to prevent duplicates error -- add local deactivation in ACM +v2.14.0 -v2.11.1 +- local wifi configuration -- password not set correctly for ccm activate +v2.13.1 -v2.11.0 +- update ProjectVersion to 2.13.0 -- add local CCM activate -- allow for spaces in input parameters +v2.13.0 + +- activate in acm using local command #### Sample Web UI -v2.12.2 +v2.13.1 -- adds status check for domain creation test (f400ba4) +- remove UI override of AMT feature settings ([#1328](https://github.com/open-amt-cloud-toolkit/sample-web-ui/issues/1328)) (#510dff3) +- update status message ([#1334](https://github.com/open-amt-cloud-toolkit/sample-web-ui/issues/1334)) (#bd80ebf) -v2.12.1 +v2.13.0 -- profile creation issue (1388bfd) +- display component versions ([#1267](https://github.com/open-amt-cloud-toolkit/sample-web-ui/issues/1267)) (#2dbca39) +- fix dark theme (#cdea729) #### wsman-messages -v5.5.0 +v5.5.1 -- adds call for UpgradeClientToAdmin ([#528](https://github.com/open-amt-cloud-toolkit/wsman-messages/issues/528)) (474e55e) +- update build tasks, package.json and changelog (#9274dab) #### go-wsman-messages -v1.5.0 +v1.8.2 + +- AddWifiSettings check for empty client cert ([c19c9b4](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/c19c9b42d40ae15b28bfabc2b4e6daef0b489b8f)) + +v1.8.1 -- add unprovision response type to amt.setupandconfiguration (72a4b3c) +- undo breaking changes ([23c91ed](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/23c91ed35af23f5e940f5cd1ffdd04d22f72bb9f)) -v1.4.1 +v1.8.0 -- setup and configuration service unprovisioning action (6727e46) +- Adds structs to parse xml for deleting all wifi configs ([d64d4d4](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/d64d4d402a30e36474c56260d863aabded52a092)) +- amt: adds amt PublicPrivateKeyPair struct for response ([eca5a6e](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/eca5a6ec878540b8aaca44fc61d1a1fc3505ce74)) +- amt: adds pull responses for publickey and publicprivate ([10bf4a8](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/10bf4a8e9e48548630d5a4555539b2d9e99331c1)) +- amt: adds wifiportconfiguration.AddWiFiSettingsResponse ([2158757](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/21587573d5426e575ea36ada4d1e39ec7348cc8d)) +- cim: adds concrete.dependency support ([ae8f3d3](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/ae8f3d3d5fdb639a4fc145d54e8c0e19b2be93f6)) +- cim: adds credential.context support ([6db69ad](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/6db69ad165329a1e4f5f73e6a62a69f27cf665ff)) -v1.4.0 +v1.7.0 -- ips: adds call for UpgradeClientToAdmin (4ef31c6) +- cim: adds responses for WiFiPortConfigurationService and WifiPort ([6cbaa36](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/6cbaa36605d4855fbcf97d2fe2cfb6dd3777b6c7)) -v1.3.0 +v1.6.0 -- ips: add response types for CCM HostBasedSetup (7945e91) +- ips: add additional strongly typed output for ([90aa393](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/commit/90aa393b477d12dfafc00de94307f9adfb0ad42d)), closes [#18115](https://github.com/open-amt-cloud-toolkit/go-wsman-messages/issues/18115) ## Project Board From c3f5dc06f17b29d0e8596c6ffb43455f0054f766 Mon Sep 17 00:00:00 2001 From: bryan-wendlandt Date: Mon, 11 Sep 2023 12:43:56 -0600 Subject: [PATCH 4/5] docs(release-notes): remove video and spelling --- docs/release-notes.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/docs/release-notes.md b/docs/release-notes.md index 209910e16..d82932682 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -1,11 +1,6 @@ --8<-- "References/abbreviations.md" ## Release Highlights -
- -
-
- !!! note "Note From the Team" Greetings everyone, @@ -24,7 +19,7 @@ :material-new-box: **New Feature: Local ACM Activation** -With this release, you can now activate AMT into ACM just using RPC using the `-local` flag. Similar to local CCM activation, local ACM activation will require secrets to be passed to the AMT device, so users of this feature will need to have high trust in the local OS. View full command line options [here](https://open-amt-cloud-toolkit.github.io/docs/2.14/Reference/RPC/commandsRPC/#activate-the-device-locally) +With this release, you can now activate AMT into ACM just using RPC using the `-local` flag. Similar to local CCM activation, local ACM activation will require secrets to be passed to the AMT device, so users of this feature will need to have high trust in the local OS. View full command line options in [Activate Device Locally](https://open-amt-cloud-toolkit.github.io/docs/2.14/Reference/RPC/commandsRPC/#activate-the-device-locally) Local activate command: ``` bash @@ -33,7 +28,7 @@ rpc activate -local -acm -amtPassword NewAMTPassword -provisioningCert "{BASE64_ :material-new-box: **New Feature: Local Wifi Configuration** -In this release, we have added the ability to configured any wifi profile, not just 802.1x wifi profiles. Users will also be able to configure multiple wifi profiles at the same time by providing the details either via the command line or by passing in a config file. View full command line options [here](https://open-amt-cloud-toolkit.github.io/docs/2.14/Reference/RPC/commandsRPC/#addwifisettings) +In this release, we have added the ability to configure any wifi profile, not just 802.1x wifi profiles. Users will also be able to configure multiple wifi profiles at the same time by providing the details either via the command line or by passing in a config file. View full command line options in [`addwifisettings` RPC Configure command](https://open-amt-cloud-toolkit.github.io/docs/2.14/Reference/RPC/commandsRPC/#addwifisettings) Local wifi configuration command: ```bash From 245496b2e5e40983b8c1757454b8f7f57cf5b353 Mon Sep 17 00:00:00 2001 From: Bryan Wendlandt <74682355+bwendlandt-intel@users.noreply.github.com> Date: Mon, 11 Sep 2023 13:43:00 -0600 Subject: [PATCH 5/5] docs(site): redirect to August release (#330) * docs(site): redirect to August release * docs(site): rev rpc --- docs/APIs/indexMPS.md | 2 +- docs/APIs/indexRPS.md | 2 +- docs/videos.md | 14 +++++++------- mkdocs.yml | 6 +++--- site/index.html | 2 +- site/versions.json | 4 ++-- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/APIs/indexMPS.md b/docs/APIs/indexMPS.md index aeee36041..3312fc3e4 100644 --- a/docs/APIs/indexMPS.md +++ b/docs/APIs/indexMPS.md @@ -7,4 +7,4 @@ } -!!swagger-http https://api.swaggerhub.com/apis/rbheopenamt/mps/2.10.0!! \ No newline at end of file +!!swagger-http https://api.swaggerhub.com/apis/rbheopenamt/mps/2.11.0!! \ No newline at end of file diff --git a/docs/APIs/indexRPS.md b/docs/APIs/indexRPS.md index 82d421df5..b87f58674 100644 --- a/docs/APIs/indexRPS.md +++ b/docs/APIs/indexRPS.md @@ -7,4 +7,4 @@ } -!!swagger-http https://api.swaggerhub.com/apis/rbheopenamt/rps/2.13.0!! \ No newline at end of file +!!swagger-http https://api.swaggerhub.com/apis/rbheopenamt/rps/2.16.0!! \ No newline at end of file diff --git a/docs/videos.md b/docs/videos.md index 3036b15c5..85ad03c0f 100644 --- a/docs/videos.md +++ b/docs/videos.md @@ -4,19 +4,19 @@ Learn the high-level basics and get familiar with the toolkit. Learn about the different microservices and their roles then get up to speed with the latest features, changes, and fixes.
-

What's New: July Release (v{{ repoVersion.oamtct }})

-

+

Overview of Open AMT Cloud Toolkit

-
+ +

-

Discover what new features and changes are in our latest rapid release. See full Release Notes.

-

+

+

See what Open AMT Cloud Toolkit is and what you can do with it.

Additional Resources: Architecture Overview, MPS Security Considerations, and RPS Security Considerations

+

diff --git a/mkdocs.yml b/mkdocs.yml index 5d92a019c..d6137d807 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -178,9 +178,9 @@ extra: - lts repoVersion: mpsAPI: 2.11.0 - rpsAPI: 2.15.0 - oamtct: 2.13.0 - rpc_go: 2.12.0 + rpsAPI: 2.16.0 + oamtct: 2.14.0 + rpc_go: 2.14.2 rpc_c: 2.0.0 ui_toolkit: 2.0.10 ui_toolkit_react: 3.0.2 diff --git a/site/index.html b/site/index.html index 4762fce92..a6eca2810 100644 --- a/site/index.html +++ b/site/index.html @@ -3,7 +3,7 @@ Redirecting diff --git a/site/versions.json b/site/versions.json index 9270534e6..f6383801d 100644 --- a/site/versions.json +++ b/site/versions.json @@ -1,6 +1,6 @@ [ - {"version": "2.14", "title": "2.14 (DEV)", "aliases": []}, - {"version": "2.13", "title": "2.13 (Jul 23)", "aliases": ["rapid"]}, + {"version": "2.14", "title": "2.14 (Aug 23)", "aliases": ["rapid"]}, + {"version": "2.13", "title": "2.13 (Jul 23)", "aliases": []}, {"version": "2.12", "title": "2.12 (Jun 23)", "aliases": []}, {"version": "2.11", "title": "2.11 (May 23)", "aliases": []}, {"version": "2.10", "title": "2.10 (Apr 23)", "aliases": []},