diff options
| author | Nan Zhou <nanzhoumails@gmail.com> | 2022-10-12 23:29:34 +0300 |
|---|---|---|
| committer | Nan Zhou <nanzhoumails@gmail.com> | 2022-10-18 01:26:09 +0300 |
| commit | 307386e8e5a18ec24955fc32bee556409a831a83 (patch) | |
| tree | 4fc1e3675db68684535eacd4bd75d800f402087f /config | |
| parent | bf7e67e7210df3db013df5fe4c232737fe1eb10b (diff) | |
| download | bmcweb-307386e8e5a18ec24955fc32bee556409a831a83.tar.xz | |
move config to a subdir
This pattern is used in other places, e.g.,
https://github.com/openbmc/phosphor-logging
In this way, we can cleanly add the bmcweb_config.h into include
directory. Otherwise, any subdir we have in this project will need to
include the root.
Tested: it builds.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I882e51f3acb256a881c9474f6e4d4e19fea4a413
Diffstat (limited to 'config')
| -rw-r--r-- | config/bmcweb.service.in | 14 | ||||
| -rw-r--r-- | config/bmcweb.socket.in | 9 | ||||
| -rw-r--r-- | config/bmcweb_config.h.in | 17 | ||||
| -rw-r--r-- | config/meson.build | 44 | ||||
| -rw-r--r-- | config/pam-webserver | 8 |
5 files changed, 92 insertions, 0 deletions
diff --git a/config/bmcweb.service.in b/config/bmcweb.service.in new file mode 100644 index 0000000000..a0b6777caf --- /dev/null +++ b/config/bmcweb.service.in @@ -0,0 +1,14 @@ +[Unit] +Description=Start bmcweb server + +Wants=network.target +After=network.target + +[Service] +ExecReload=kill -s HUP $MAINPID +ExecStart=@MESON_INSTALL_PREFIX@/bin/bmcweb +Type=simple +WorkingDirectory=/home/root + +[Install] +WantedBy=network.target diff --git a/config/bmcweb.socket.in b/config/bmcweb.socket.in new file mode 100644 index 0000000000..68123f8b4f --- /dev/null +++ b/config/bmcweb.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=BMC Webserver socket + +[Socket] +ListenStream=@HTTPS_PORT@ +ReusePort=true + +[Install] +WantedBy=sockets.target diff --git a/config/bmcweb_config.h.in b/config/bmcweb_config.h.in new file mode 100644 index 0000000000..b0a3a7bf51 --- /dev/null +++ b/config/bmcweb_config.h.in @@ -0,0 +1,17 @@ +#pragma once + +#include <cstdint> +#include <cstddef> + +// clang-format off +constexpr const int bmcwebInsecureDisableXssPrevention = + @BMCWEB_INSECURE_DISABLE_XSS_PREVENTION@; + +constexpr const bool bmcwebInsecureEnableQueryParams = @BMCWEB_INSECURE_ENABLE_QUERY_PARAMS@ == 1; + +constexpr const size_t bmcwebHttpReqBodyLimitMb = @BMCWEB_HTTP_REQ_BODY_LIMIT_MB@; + +constexpr const char* mesonInstallPrefix = "@MESON_INSTALL_PREFIX@"; + +constexpr const bool bmcwebInsecureEnableHttpPushStyleEventing = @BMCWEB_INSECURE_ENABLE_HTTP_PUSH_STYLE_EVENTING@ == 1; +// clang-format on diff --git a/config/meson.build b/config/meson.build new file mode 100644 index 0000000000..f42656b296 --- /dev/null +++ b/config/meson.build @@ -0,0 +1,44 @@ +# Gather the Configuration data + +conf_data = configuration_data() +conf_data.set('BMCWEB_HTTP_REQ_BODY_LIMIT_MB', get_option('http-body-limit')) +xss_enabled = get_option('insecure-disable-xss') +conf_data.set10('BMCWEB_INSECURE_DISABLE_XSS_PREVENTION', xss_enabled.enabled()) +enable_redfish_query = get_option('insecure-enable-redfish-query') +conf_data.set10('BMCWEB_INSECURE_ENABLE_QUERY_PARAMS', enable_redfish_query.enabled()) +# enable_redfish_aggregation = get_option('redfish-aggregation') +# conf_data.set10('BMCWEB_ENABLE_REDFISH_AGGREGATION', enable_redfish_aggregation.enabled()) +insecure_push_style_notification = get_option('insecure-push-style-notification') +conf_data.set10('BMCWEB_INSECURE_ENABLE_HTTP_PUSH_STYLE_EVENTING', insecure_push_style_notification.enabled()) +conf_data.set('MESON_INSTALL_PREFIX', get_option('prefix')) +conf_data.set('HTTPS_PORT', get_option('https_port')) + +conf_h_dep = declare_dependency( + include_directories: include_directories('.'), + sources: configure_file( + input: 'bmcweb_config.h.in', + output: 'bmcweb_config.h', + configuration: conf_data + ) +) + +# Configure and install systemd unit files + +configure_file(input : 'bmcweb.socket.in', + output : 'bmcweb.socket', + install_dir: systemd_system_unit_dir, + configuration: conf_data, + install : true) + +configure_file(input : 'bmcweb.service.in', + output : 'bmcweb.service', + install_dir: systemd_system_unit_dir, + configuration: conf_data, + install : true) + +# Copy pam-webserver to etc/pam.d +configure_file(input : 'pam-webserver', + output : 'webserver', + copy : true, + install_dir: '/etc/pam.d', + install : true)
\ No newline at end of file diff --git a/config/pam-webserver b/config/pam-webserver new file mode 100644 index 0000000000..a5e7af4c6a --- /dev/null +++ b/config/pam-webserver @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth include common-auth +# skip redfish group check for non-local user (ldap) +auth [success=ok perm_denied=1 default=ignore] pam_localuser.so +auth required pam_succeed_if.so user ingroup redfish +account include common-account +password include common-password |