diff options
author | Albert Zhang <zhanghaodi@inspur.com> | 2021-06-15 12:53:56 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2021-06-18 21:19:19 +0300 |
commit | e5a99777b8710cdcc82bffb25a7a248e18705e2d (patch) | |
tree | a04425d3aebfc7dc778edfd76927c7703099d473 /redfish-core/lib/network_protocol.hpp | |
parent | 0256b69420e2b99eb0494334da71dd50f457a8e8 (diff) | |
download | bmcweb-e5a99777b8710cdcc82bffb25a7a248e18705e2d.tar.xz |
Redfish: Allow disabling and enabling SSH
This patch adds support for disabling and enabling SSH using
Redfish API.
Tested:Validator passes
1.Disabled SSH from Redfish and verified cannot open a new SSH
connection to the machine, but the original SSH connection still
takes effect and verified ProtocolEnabled is false for SSH.
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
...
}
curl -k -H "X-Auth-Token: $token" -X PATCH '-d
{"SSH": {"ProtocolEnabled": false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
Open a new SSH connection:
sudo ssh username@<IP>
ssh: connect to host <IP> port 22: Connection refused
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": false
},
...
}
D-bus has changed to :
busctl introspect xyz.openbmc_project.Control.Service.Manager
/xyz/openbmc_project/control/service/dropbear
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
... ... ...
xyz.openbmc_project.Control.Service.Attributes interface
.Enabled property b false emits-change writable
.Masked property b false emits-change writable
.Running property b false emits-change writable
...
2.Abled SSH from Redfish, verified can open a new SSH
connection to the machine and ProtocolEnabled is true for SSH.
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": false
},
...
}
curl -k -H "X-Auth-Token: $token" -X PATCH '-d
{"SSH": {"ProtocolEnabled": false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
Open a new SSH connection:
sudo ssh username@<IP>
Successfully connected
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
...
}
D-bus has changed to :
busctl introspect xyz.openbmc_project.Control.Service.Manager
/xyz/openbmc_project/control/service/dropbear
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
... ... ...
xyz.openbmc_project.Control.Service.Attributes interface
.Enabled property b true emits-change writable
.Masked property b false emits-change writable
.Running property b true emits-change writable
...
Signed-off-by: Albert Zhang <zhanghaodi@inspur.com>
Change-Id: Ifd80db4d33934e83d4e5f337e5dfd02b4ba39018
Diffstat (limited to 'redfish-core/lib/network_protocol.hpp')
-rw-r--r-- | redfish-core/lib/network_protocol.hpp | 51 |
1 files changed, 34 insertions, 17 deletions
diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp index e0b5dac541..d82c2525a1 100644 --- a/redfish-core/lib/network_protocol.hpp +++ b/redfish-core/lib/network_protocol.hpp @@ -351,28 +351,23 @@ void handleNTPServersPatch(const std::vector<std::string>& ntpServers, std::variant<std::vector<std::string>>{ntpServers}); } -void handleIpmiProtocolEnabled( - const bool ipmiProtocolEnabled, - const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) +void handleProtocolEnabled(const bool protocolEnabled, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string_view netBasePath) { crow::connections::systemBus->async_method_call( - [ipmiProtocolEnabled, - asyncResp](const boost::system::error_code ec, - const crow::openbmc_mapper::GetSubTreeType& subtree) { + [protocolEnabled, asyncResp, + netBasePath](const boost::system::error_code ec, + const crow::openbmc_mapper::GetSubTreeType& subtree) { if (ec) { messages::internalError(asyncResp->res); return; } - constexpr char const* netipmidBasePath = - "/xyz/openbmc_project/control/service/" - "phosphor_2dipmi_2dnet_40"; - for (const auto& entry : subtree) { - if (boost::algorithm::starts_with(entry.first, - netipmidBasePath)) + if (boost::algorithm::starts_with(entry.first, netBasePath)) { crow::connections::systemBus->async_method_call( [asyncResp](const boost::system::error_code ec2) { @@ -385,7 +380,7 @@ void handleIpmiProtocolEnabled( entry.second.begin()->first, entry.first, "org.freedesktop.DBus.Properties", "Set", "xyz.openbmc_project.Control.Service.Attributes", - "Running", std::variant<bool>{ipmiProtocolEnabled}); + "Running", std::variant<bool>{protocolEnabled}); crow::connections::systemBus->async_method_call( [asyncResp](const boost::system::error_code ec2) { @@ -398,7 +393,7 @@ void handleIpmiProtocolEnabled( entry.second.begin()->first, entry.first, "org.freedesktop.DBus.Properties", "Set", "xyz.openbmc_project.Control.Service.Attributes", - "Enabled", std::variant<bool>{ipmiProtocolEnabled}); + "Enabled", std::variant<bool>{protocolEnabled}); } } }, @@ -459,9 +454,11 @@ inline void requestRoutesNetworkProtocol(App& app) std::optional<std::string> newHostName; std::optional<nlohmann::json> ntp; std::optional<nlohmann::json> ipmi; + std::optional<nlohmann::json> ssh; if (!json_util::readJson(req, asyncResp->res, "NTP", ntp, - "HostName", newHostName, "IPMI", ipmi)) + "HostName", newHostName, "IPMI", ipmi, + "SSH", ssh)) { return; } @@ -515,8 +512,28 @@ inline void requestRoutesNetworkProtocol(App& app) if (ipmiProtocolEnabled) { - handleIpmiProtocolEnabled(*ipmiProtocolEnabled, - asyncResp); + handleProtocolEnabled( + *ipmiProtocolEnabled, asyncResp, + "/xyz/openbmc_project/control/service/" + "phosphor_2dipmi_2dnet_40"); + } + } + + if (ssh) + { + std::optional<bool> sshProtocolEnabled; + if (!json_util::readJson(*ssh, asyncResp->res, + "ProtocolEnabled", + sshProtocolEnabled)) + { + return; + } + + if (sshProtocolEnabled) + { + handleProtocolEnabled( + *sshProtocolEnabled, asyncResp, + "/xyz/openbmc_project/control/service/dropbear"); } } }); |