open-edge-platform · punam20 · Jul 30, 2025 · Jul 17, 2025 · Jul 18, 2025 · Jul 18, 2025
@@ -19,7 +19,7 @@ packages:
     version: 1.7.2
     ociArtifact: edge-orch/en/deb/node-agent
   - name: platform-manageability-agent
-    version: 0.1.2
+    version: 0.1.3
     ociArtifact: edge-orch/en/deb/platform-manageability-agent
   - name: platform-observability-agent
     version: 1.8.0

@@ -33,6 +33,7 @@ include <tunables/global>
   owner /etc/intel_edge_node/tokens/node-agent/access_token rw,
   owner /etc/intel_edge_node/tokens/platform-observability-agent/access_token rw,
   owner /etc/intel_edge_node/tokens/platform-telemetry-agent/access_token rw,
+  owner /etc/intel_edge_node/tokens/platform-manageability-agent/access_token rw,
   owner /etc/intel_edge_node/tokens/platform-update-agent/access_token rw,
   owner /etc/intel_edge_node/tokens/prometheus/access_token rw,
   owner /etc/intel_edge_node/tokens/release-service/access_token rw,

@@ -23,4 +23,4 @@ auth:
   rsTokenURL: token-provider.edgeorch.intel.com
   accessTokenPath: /etc/intel_edge_node/tokens
   clientCredsPath: /etc/intel_edge_node/client-credentials
-  tokenClients: [ node-agent,  hd-agent, cluster-agent, platform-update-agent, platform-observability-agent, platform-telemetry-agent, prometheus, connect-agent, attestation-manager ]
+  tokenClients: [ node-agent,  hd-agent, cluster-agent, platform-update-agent, platform-observability-agent, platform-telemetry-agent, prometheus, connect-agent, attestation-manager, platform-manageability-agent ]
@@ -10,6 +10,7 @@ etc/intel_edge_node/tokens/node-agent
 etc/intel_edge_node/tokens/platform-observability-agent
 etc/intel_edge_node/tokens/platform-telemetry-agent
 etc/intel_edge_node/tokens/platform-update-agent
+etc/intel_edge_node/tokens/platform-manageability-agent
 etc/intel_edge_node/tokens/prometheus
 etc/intel_edge_node/tokens/release-service
 run/node-agent
@@ -1 +1 @@
-0.1.2
+0.1.3
@@ -11,6 +11,7 @@ import (
 	"fmt"
 	"os"
 	"os/signal"
+	"strings"
 	"sync"
 	"sync/atomic"
 	"syscall"
@@ -39,7 +40,12 @@ const (
 	AMTStatusEnabled  int32 = 1
 )
 
-var isAMTEnabled int32
+var (
+	log = logger.Logger
+
+	isAMTEnabled                  int32
+	isModuleAndServiceInitialized int32
+)
 
 func isAMTCurrentlyEnabled() bool {
 	return atomic.LoadInt32(&isAMTEnabled) == AMTStatusEnabled
@@ -51,7 +57,6 @@ func main() {
 		os.Exit(0)
 	}
 
-	var log = logger.Logger
 	log.Infof("Starting Platform Manageability Agent")
 
 	// Initialize configuration
@@ -117,13 +122,13 @@ func main() {
 
 	log.Info("Platform Manageability Agent started successfully")
 
-	tlsConfig, err := auth.GetAuthConfig(auth.GetAuthContext(ctx, confs.AccessTokenPath), nil)
+	tlsConfig, err := auth.GetAuthConfig(ctx, nil)
 	if err != nil {
 		log.Fatalf("TLS configuration creation failed! Error: %v", err)
 	}
 
 	log.Infof("Connecting to Device Management Manager at %s", confs.Manageability.ServiceURL)
-	dmMgrClient := comms.ConnectToDMManager(auth.GetAuthContext(ctx, confs.AccessTokenPath), confs.Manageability.ServiceURL, tlsConfig)
+	dmMgrClient := comms.ConnectToDMManager(ctx, confs.Manageability.ServiceURL, tlsConfig)
 
 	hostID, err := utils.GetSystemUUID()
 	if err != nil {
@@ -137,16 +142,30 @@ func main() {
 
 		op := func() error {
 			log.Infof("Reporting AMT status for host %s", hostID)
-			status, err := dmMgrClient.ReportAMTStatus(ctx, hostID)
+			status, err := dmMgrClient.ReportAMTStatus(auth.GetAuthContext(ctx, confs.AccessTokenPath), hostID)
 			if err != nil {
 				log.Errorf("Failed to report AMT status for host %s: %v", hostID, err)
 				return fmt.Errorf("failed to report AMT status: %w", err)
 			}
+
 			switch status {
 			case pb.AMTStatus_DISABLED:
 				atomic.StoreInt32(&isAMTEnabled, AMTStatusDisabled)
 			case pb.AMTStatus_ENABLED:
 				atomic.StoreInt32(&isAMTEnabled, AMTStatusEnabled)
+				if atomic.CompareAndSwapInt32(&isModuleAndServiceInitialized, 0, 1) {
+					if err := loadModule(); err != nil {
+						log.Errorf("Error while loading module: %v", err)
+					} else {
+						log.Info("Module mei_me loaded successfully")
+					}
+					for _, action := range []string{"unmask", "enable", "start"} {
+						log.Infof("%sing %s...\n", action, "lms.service")
+						if err := enableService(action); err != nil {
+							log.Errorf("Error while enabling service: %v", err)
+						}
+					}
+				}
 			default:
 				log.Warnf("Unknown AMT status: %v, treating as disabled", status)
 				atomic.StoreInt32(&isAMTEnabled, AMTStatusDisabled)
@@ -185,7 +204,7 @@ func main() {
 			// FIXME: https://github.com/open-edge-platform/edge-node-agents/pull/170#discussion_r2236433075
 			// The suggestion is to combine the activation check and retrieval of activation details into a single call
 			// to reduce the number of RPC calls.
-			err = dmMgrClient.RetrieveActivationDetails(ctx, hostID, confs)
+			err = dmMgrClient.RetrieveActivationDetails(auth.GetAuthContext(ctx, confs.AccessTokenPath), hostID, confs)
 			if err != nil {
 				if errors.Is(err, comms.ErrActivationSkipped) {
 					log.Logger.Debugf("AMT activation skipped for host %s - reason: %v", hostID, err)
@@ -269,6 +288,45 @@ func main() {
 	log.Infof("Platform Manageability Agent finished")
 }
 
+func enableService(action string) error {
+	allowedActions := map[string]bool{"unmask": true, "enable": true, "start": true}
+
+	if !allowedActions[action] {
+		return fmt.Errorf("invalid service details")
+	}
+
+	// Check if the service is already running
+	output, err := utils.ExecuteCommand("systemctl", []string{"is-active", "lms.service"})
+	if err == nil && strings.TrimSpace(string(output)) == "active" {
+		log.Infof("Service %s is already running, skipping %s operation", "lms.service", action)
+		return nil
+	}
+
+	output, err = utils.ExecuteCommand("sudo", []string{"systemctl", action, "lms.service"})
+	if err != nil {
+		return fmt.Errorf("failed to %s %s: %v", action, "lms.service", err)
+	}
+	log.Infof("Service %s %s successfully: %s", "lms.service", action, string(output))
+	return nil
+}
+
+func loadModule() error {
+	// Check if the module is already loaded using lsmod | grep
+	output, err := utils.ExecuteCommand("sh", []string{"-c", "lsmod | grep mei_me"})
+	if err == nil && len(strings.TrimSpace(string(output))) > 0 {
+		log.Info("Module mei_me is already loaded, skipping load operation")
+		return nil
+	}
+
+	// Load the module if not already loaded
+	output, err = utils.ExecuteCommand("sudo", []string{"modprobe", "mei_me"})
+	if err != nil {
+		return fmt.Errorf("failed to load module %s: %v", "mei_me", err)
+	}
+	log.Infof("Module %s loaded successfully: %s", "mei_me", string(output))
+	return nil
+}
+
 func initStatusClientAndTicker(ctx context.Context, cancel context.CancelFunc, log *logrus.Entry, statusServer string) (*status.StatusClient, time.Duration) {
 	statusClient, err := status.InitClient(statusServer)
 	if err != nil {

@@ -7,9 +7,10 @@ logLevel: info
 GUID: 'aaaaaaaa-0000-1111-2222-bbbbbbbbcccc'
 manageability:
   enabled: true
-  serviceURL: infra.test.edgeorch.intel.com:443
+  serviceURL: 'infra.test.edgeorch.intel.com:443'
   heartbeatInterval: 10s
+rpsAddress: 'rps.test.edgeorch.intel.com'
 statusEndpoint: 'unix:///run/node-agent/node-agent.sock'
 metricsEndpoint: 'unix:///run/platform-observability-agent/platform-observability-agent.sock'
 metricsInterval: 10s
-accessTokenPath: /etc/intel_edge_node/tokens
+accessTokenPath: /etc/intel_edge_node/tokens/platform-manageability-agent/access_token
@@ -1 +1 @@
-platform-manageability-agent  ALL=(root) NOPASSWD:/usr/bin/sh,/usr/bin/rpc,/usr/sbin/dmidecode
+pm-agent  ALL=(root) NOPASSWD:/usr/bin/rpc,/usr/sbin/dmidecode,/usr/bin/systemctl,/usr/sbin/modprobe
@@ -1 +1,2 @@
 configs/platform-manageability-agent.yaml etc/edge-node/node/confs
+configs/sudoers.d/pm-agent etc/sudoers.d
@@ -10,7 +10,6 @@ RestartSec=60
 Restart=on-failure
 User=pm-agent
 Group=bm-agents
-User=platform-manageability-agent
 CPUQuota=20%
 MemoryMax=128M
 

@@ -4,11 +4,21 @@ set -e
 
 . /usr/share/debconf/confmodule
 
+db_get platform-manageability-agent/manageability.serviceURL
+if [ ! -z "$RET" ]; then
+    sed -i "s/^  serviceURL: '.*'/  serviceURL: '$RET'/" /etc/edge-node/node/confs/platform-manageability-agent.yaml
+fi
+
+db_get platform-manageability-agent/rpsAddress
+if [ ! -z "$RET" ]; then
+    sed -i "s/^rpsAddress: '.*'/rpsAddress: '$RET'/" /etc/edge-node/node/confs/platform-manageability-agent.yaml
+fi
+
 # Create system group if it doesn't exist
 groupadd -f bm-agents --system
 
 # Create system user if it doesn't exist
-id -u platform-manageability-agent >/dev/null 2>&1 || useradd platform-manageability-agent --system -g bm-agents -s /sbin/nologin
+id -u pm-agent >/dev/null 2>&1 || useradd pm-agent --system -g bm-agents -s /sbin/nologin
 
 # Directory and permission setup is handled by node-agent
 

@@ -0,0 +1,9 @@
+Template: platform-manageability-agent/manageability.serviceURL
+Type: string
+Default: localhost:443
+Description: Onboarding service  URL:
+
+Template: platform-manageability-agent/rpsAddress
+Type: string
+Default: localhost
+Description: RPS address:
@@ -21,14 +21,24 @@ type CommandExecutor interface {
 
 type RealCommandExecutor struct{}
 
+func ExecuteCommand(command string, args []string) ([]byte, error) {
+	cmd := exec.Command(command, args...)
+	output, err := cmd.Output()
+	if err != nil {
+		log.Logger.Errorf("Failed to execute command %s with args %v: %v", command, args, err)
+		return nil, fmt.Errorf("failed to execute command %s with args %v: %w", command, args, err)
+	}
+	return output, nil
+}
+
 // ExecuteAMTInfo executes the AMT info command with retries.
 func (r *RealCommandExecutor) ExecuteAMTInfo() ([]byte, error) {
 	maxRetries := 3
 	retryInterval := 5 * time.Second
 
 	var err error
 	for i := 1; i <= maxRetries; i++ {
-		cmd := exec.Command("sudo", "/etc/intel_edge_node/rpc", "amtinfo")
+		cmd := exec.Command("sudo", "/usr/bin/rpc", "amtinfo")
 		output, err := cmd.Output()
 		if err == nil {
 			return output, nil
@@ -43,7 +53,7 @@ func (r *RealCommandExecutor) ExecuteAMTInfo() ([]byte, error) {
 
 // ExecuteAMTActivate executes the AMT activate command.
 func (r *RealCommandExecutor) ExecuteAMTActivate(rpsAddress, profileName, password string) ([]byte, error) {
-	cmd := exec.Command("sudo", "/etc/intel_edge_node/rpc", "activate", "-u", rpsAddress, "-profile", profileName, "-password", password, "-n")
+	cmd := exec.Command("sudo", "/usr/bin/rpc", "activate", "-u", rpsAddress, "-profile", profileName, "-password", password, "-n")
 	return cmd.CombinedOutput()
 }
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		platform-manageability-agent ALL=(root) NOPASSWD:/usr/bin/sh,/usr/bin/rpc,/usr/sbin/dmidecode
		pm-agent ALL=(root) NOPASSWD:/usr/bin/rpc,/usr/sbin/dmidecode,/usr/bin/systemctl,/usr/sbin/modprobe
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		configs/platform-manageability-agent.yaml etc/edge-node/node/confs
		configs/sudoers.d/pm-agent etc/sudoers.d