Age | Commit message (Collapse) | Author | Files | Lines |
|
NOTICE: Future-deprecated features used:
* 0.64.0: {'copy arg in configure_file'}
Port to the new version of this, which is install_data.
Tested: Meson configure no longer throws the above warning.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9c4d91c3c45bc52dde69ca34d7fc686e2e6c0d74
|
|
c9374ff613b6836010877f8083e75657abc78343
Was recently checked in that adds subproject files for nlohmann. It
opted for the name "nlohmann" when the upstream project installs itself
as "nlohmann_json". This mismatch causes a yocto build failure.
Fix it.
Tested: Code compiles
Change-Id: I2df5f473a61172593e9a1045fc5a229e06e3afc2
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
this-> is redundant when operating within a class member scope. We
should aim to be consistent.
This change was done automatically with sed replace
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If791e83e0bd5f84031e65156b7ea082ded8e158c
|
|
This drop adds support for multiple consoles. The following changes are
made to achieve this.
- Kept the "/console0" route for backward compatibility
- Added a new route "/console/<str>" to support multiple consoles. All
new consoles must use this route string.
Testing:
- Make sure that old console path /console0 is working.
[INFO "http_connection.hpp":209] Request: 0x1bc2e60 HTTP/1.1
GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1bdb67c opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/default service =
xyz.openbmc_project.Console.default Request target = /console0
[DEBUG "obmc_console.hpp":198] Console web socket path: /console0
Console unix FD: 12 duped FD: 13
[DEBUG "obmc_console.hpp":82] Reading from socket
[DEBUG "obmc_console.hpp":162] Remove connection 0x1bdb67c from
obmc console
- Make sure that new path for default console working
[INFO "http_connection.hpp":209] Request: 0x1bd76a8 HTTP/1.1
GET /console/default ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console/<str>'
1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1baf82c opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/default service =
xyz.openbmc_project.Console.default Request
target = /console/default
[DEBUG "obmc_console.hpp":198] Console web socket path:
/console/default Console unix FD: 12 duped FD: 13
[DEBUG "obmc_console.hpp":82] Reading from socket
[INFO "obmc_console.hpp":154] Closing websocket. Reason:
[DEBUG "obmc_console.hpp":162] Remove connection 0x1baf82c from
obmc console
- Make sure that path for hypervisor console is working.
[INFO "http_connection.hpp":209] Request: 0x1bc2e60 HTTP/1.1
GET /console/hypervisor ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console/<str>'
1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1bc5234 opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/hypervisor service =
xyz.openbmc_project.Console.hypervisor Request
target = /console/hypervisor
[DEBUG "obmc_console.hpp":198] Console web socket path:
/console/hypervisor Console unix FD: 12 duped FD: 13
[DEBUG "obmc_console.hpp":82] Reading from socket
[INFO "obmc_console.hpp":154] Closing websocket. Reason:
[DEBUG "obmc_console.hpp":162] Remove connection 0x1bc5234 from
obmc console
- Make sure that bad console path is failing properly due to DBUS error.
[INFO "http_connection.hpp":209] Request: 0x1bd76a8 HTTP/1.1
GET /console/badconsoleid ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console/<str>'
1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1bdb67c opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/badconsoleid service =
xyz.openbmc_project.Console.badconsoleid Request
target = /console/badconsoleid
[ERROR "obmc_console.hpp":174] Failed to call console Connect()
method DBUS error: No route to host
Change-Id: I9b617bc51e3ddc605dd7f4d213c805d05d2cfead
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This commit is entirely just moving code, such that not all compile
units need to pull in the full html serializer.
Tested: Unit tests pass. Pretty good coverage.
Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifaebe9534c0693dc678fd994517563b89aca0cc5
|
|
This commit adds the SSE style eventservice subscription style event
Using this, end user can subscribe for Redfish event logs using GET
on SSE uris from browser.
Tested:
- From Browser did GET on above SSE URI and
generated some Redfish event logs(power cycle)
and saw redfish event logs streaming on browser.
- After SSE registration, Check Subscription collections
and GET on individual subscription and saw desired
response.
- Ran RedfishValidation and its passed.
Change-Id: I7f4b7a34974080739c4ba968ed570489af0474de
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Like the other dependencies, we should support auto download of these
packages through subproject.
Tested:
meson build
ninja -C build
Succeeded when tinyxml2 and nlohmann were not installed on the host
system.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iad3769c6d8377f6eff78c34b98ca80da5e4fa187
|
|
These got missed in the initial patchset. Add them
Tested: At the end of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I120986fb0afc34d5e0572d2cc2e1d8ff6994ee3c
|
|
In the same way we're doing other places.
Tested: THe last commit of the series will be tested.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I177e61dd3741f3885516a2f645a7039d274786cb
|
|
Currently, getPCIeDeviceList is only used by systems.hpp to obtain the
list of PCIe devices. However, there are plans to use this function in
other parts of the PCIe code as well. To better organize our code and
make the function more reusable, this commit moves getPCIeDeviceList to
pcie_util.hpp, a common location for PCIe-related utilities.
Tested:
'''
curl -k https://$bmc/redfish/v1/Systems/system
{
"@odata.id": "/redfish/v1/Systems/system",
"@odata.type": "#ComputerSystem.v1_16_0.ComputerSystem",
"Actions": {
"#ComputerSystem.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Systems/system/ResetActionInfo",
"target": "/redfish/v1/Systems/system/Actions/ComputerSystem.Reset"
}
},
.....
.....
"PCIeDevices": [
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/dp0_drive2"
},
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/dp0_drive3"
},
.....
.....
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card0"
},
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card1"
},
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card10"
},
.....
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card9"
}
],
"PCIeDevices@odata.count": 20,
.....
.....
'''
Change-Id: I3aaa5b55e8574929154ffd743db53da6fbaeb75d
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
|
|
This prototype got added twice, once with int as a value, and once with
size_t. This builds fine in 64 bit, but in 32 bit, fails.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie3de779330d768cdd84d5647d242d5fe447d2a85
|
|
This makes several changes to server-sent events to allow it to merge
to master. The routing system has been removed in leiu of using
content-type eventstream detection. Timers have been added to the
sse connections, and sse connections now rely on async_wait, rather
than a full read.
Tested: WIP
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id0ff0ebc2b3a795b3dba008e440556a9fdd882c2
|
|
Server-Sent-Event is a standard describing how servers can initiate
data transmission towards clients once an initial client connection has
been established. Unlike websockets (which are bidirectional),
Server-Sent-Events(SSE) are unidirectional and commonly used to send
message updates or continuous data streams to a browser client.
This is base patch for adding Server-Sent-Events routing support to
bmcweb. Redfish EventService SSE style subscription uses SSE route for
sending the Events/MetricReports to client which establishes the
connection.
Tested this patch with along with EventService SSE support patches and
verified the functionalty on browser.
Tested:
- Tested using follow-up patches on top which adds
support for Redfish EventService SSE style subscription
and observed events are getting sent periodically.
- Created SSE subscription from the browser by visiting
https://<BMC IP>/redfish/v1/EventService/SSE
Change-Id: I36956565cbba30c2007852c9471f477f6d1736e9
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Signed-off-by: V-Sanjana <sanjana.v@intel.com>
|
|
User input must be validated to avoid the out-of-memory issue. This
commit adds the size check on input parameters such as Context,
Destination and Header field while create or update the
EventDestination.
Added a generic error message "PropertySizeExceeded" in message registry
which is used as response when size limit is exceeded.
Tested
- Validated using POST on Event Subscription.
- When Context, Destination and Headers were too long,
received a error message denoting the same.
Change-Id: Ibab847ce0c99f445a76e6d3aee8074428bb7d30f
Signed-off-by: AppaRao Puli <apparao.puli@intel.com>
Signed-off-by: Ayushi Smriti <smriti.ayushi@intel.com>
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Update Base registry to 1.16.0, and Resource Event registry to 1.3.0
Patch was generated automatically.
Tested: Code builds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie9c15a657459cf7ec7fa5b4bf89460049fbce554
|
|
Debugging internalError responses from bmcweb has been a consistent
pain point for us. It does help to at least have the boost error code
logged to the journal. Ensure the error code is logged to the journal
consistently within the chassis file.
If this commit makes sense to the maintainers then I will work on making
this consistent in other files at a later date.
Tested:
- Verified it compiled and one of the error paths traced the appropriate
boost error code.
Change-Id: I76b7644bc18e76fff69595fb5f1bc23d257563e9
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Backpressure on incoming bytes helps both to simplify the layering of
the console, as well as prevent some cases of OOM crashes.
Similar to what we did with nbd_proxy, move obmc console over to the new
sendEx interface, allowing for backpressure, and fixed size std::array
buffers.
Tested:
Made sure single console can see the data.
Made sure two consoles can see the data.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I63d142fc5e8f8a734f3a7b8d0aa3f0d8c263d5ba
|
|
I jumped the gun a little on merging this. This commit moves the
health-populate option to be called redfish-health-populate
and disables it by default
Tested: Code compiles
Change-Id: I9b2ffef828ec912e011d5d82fbfeaae5fb66ff2a
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
When a non-existent PCIeFunctionId is queried, bmcweb
returns the success but with the incorrect output.
```
curl -k -X GET https://${bmc}:18080/redfish/v1/Systems/system/PCIeDevices/pcie_card1/PCIeFunctions/12
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card1/PCIeFunctions/12",
"@odata.type": "#PCIeFunction.v1_2_3.PCIeFunction",
"FunctionId": 12,
"Id": "12",
"Links": {
"PCIeDevice": {
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card1"
}
},
"Name": "PCIe Function"
}%
```
This should be resulted as
```
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type PCIeFunction named '12' was not found.",
```
Change-Id: If6a1453e3e549e07b6961ff80ebf37b0537e2b7c
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Atoi has the potential to cause crashes if users request non-integer
pcie function numbers. Replace with functional code.
Tested: WIP
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6742ff6b69e6df4a4afae26610effa01f2450b1b
|
|
Sensors that are not found are incorrectly reported as internal Server error
and its logging is done as Error.
.
It will be changed to 404 - Not found and its logging will be WARNING.
```
redfishtool raw GET -r ${bmc} -u admin -p 0penBmc0 -S Always /redfish/v1/Chassis/chassis/Sensors/temperature_PCIE_1_Temp_invalid
redfishtool: Transport: Response Error: status_code: 500 -- Internal Server Error
redfishtool: raw: Error getting response
curl -k -X GET https://${bmc}/redfish/v1/Chassis/chassis/Sensors/temperature_PCIE_1_Temp_invalid
{
"@odata.id": "/redfish/v1/Chassis/chassis/Sensors/temperature_PCIE_1_Temp_invalid",
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request failed due to an internal service error. The service is still operational.",
"MessageArgs": [],
"MessageId": "Base.1.13.0.InternalError",
"MessageSeverity": "Critical",
"Resolution": "Resubmit the request. If the problem persists, consider resetting the service."
}
],
"code": "Base.1.13.0.InternalError",
"message": "The request failed due to an internal service error. The service is still operational."
}
}%
```
Its logging is
```
redfishtool: Transport: Response Error: status_code: 500 -- Internal Server Error(2023-05-31 15:16:43) [CRITICAL "error_messages.cpp":282] Internal Error ../../../../../../../../../bmcweb/redfish-core/lib/sensors.hpp(2928:36) `redfish::sensors::handleSensorGet(App&, const crow::Request&, const std::shared_ptr<bmcweb::AsyncResp>&, const std::string&, const std::string&)::<lambda(const boost::system::error_code&, const dbus::utility::MapperGetObject&)>`:
(2023-05-31 15:16:43) [ERROR "sensors.hpp":2929] Sensor getSensorPaths resp_handler: Dbus error generic:5
```
The expected behavior will be
```
redfishtool raw GET -r ${bmc} -u admin -p 0penBmc0 -S Always /redfish/v1/Chassis/chassis/Sensors/temperature_PCIE_1_Temp_invalid
redfishtool: Transport: Response Error: status_code: 404 -- Not Found
curl -k -X GET https://${bmc}/redfish/v1/Chassis/chassis/Sensors/temperature_PCIE_1_Temp_invalid
{
"@odata.id": "/redfish/v1/Chassis/chassis/Sensors/temperature_PCIE_1_Temp_invalid",
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type temperature_PCIE_1_Temp_invalid named 'Sensor' was not found.",
"MessageArgs": [
"temperature_PCIE_1_Temp_invalid",
"Sensor"
],
"MessageId": "Base.1.13.0.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.13.0.ResourceNotFound",
"message": "The requested resource of type temperature_PCIE_1_Temp_invalid named 'Sensor' was not found."
}
}%
```
Its logging will be:
```
(2023-05-31 20:17:55) [WARNING "sensors.hpp":2928] Sensor not found from getSensorPaths
```
Change-Id: I5a51c1b5c0125b5396068311602964d4e249e297
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
Redfish deprecated the Processor/Memory Summary Status (state, health,
healthrollup) attributes. Please refer to redfish spec for more details:
https://redfish.dmtf.org/schemas/v1/ComputerSystem.v1_20_0.json
Initially I tried to fix the summary status issues,
(https://gerrit.openbmc.org/c/openbmc/bmcweb/+/60663)
But later it was decided that we should also remove these attributes
from the bmcweb code. Here is a link to discussion on discord:
https://discord.com/channels/775381525260664832/855566794994221117/1093939076710793296
This drop hides these attributes under defined
BMCWEB_ENABLE_PROC_MEM_STATUS. This option is disabled by default.
These attributes will be permanently removed from code in 1Q 2024
(in 8-9 months).
Testing:
- Redfish validator passed excepted couple of failures but those are
failing without my changes too.
- Make sure that summary status for memory and processor is not seen
in the output.
Without fix:
------------
'''
$ curl -s -k https://${bmc}/redfish/v1/Systems/system
.....
"MemorySummary": {
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
"TotalSystemMemoryGiB": 256
},
.....
"ProcessorSummary": {
"CoreCount": 20,
"Count": 4,
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
}
},
.....
''''
With fix:
---------
'''
"MemorySummary": {
"TotalSystemMemoryGiB": 256
},
.....
"ProcessorSummary": {
"CoreCount": 20,
"Count": 4
},
.....
''''
- Turned on BMCWEB_ALLOW_DEPRECATED_PROC_MEM_STATUS flag and made sure
that properties are shown again.
Change-Id: I1e0ee386bd4f365599afcf46e5d587285af635ad
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
The Health populate calls GetManagedObjects at `/` which can take a lot
of time. Add the option to disable to improve performance if it is not
needed.
Tested:
```
$ meson build -Dhealth-populate=disabled
...
User defined options
backend : ninja
health-populate : disabled
```
Build passed.
Health Status removed. Some resource still create HealthPopulate, but
does not populate. It will require further refactoring to clean it out.
Testing on `/redfish/v1/Chassis?$expand=.($levels=1)`
On 14 chassis, from about 2.5 seconds to 400 ms. :)
Before:
```
Getting times for chassis
Getting good line count with wget -q -O- localhost:80/redfish/v1/Chassis?$expand=.($levels=1)
Line count: 980
17:05:56: real 0m2.908s user 0m0.000s sys 0m0.030s
17:05:59: real 0m2.414s user 0m0.010s sys 0m0.010s
17:05:03: real 0m3.410s user 0m0.000s sys 0m0.020s
17:05:09: real 0m2.372s user 0m0.000s sys 0m0.010s
17:05:13: real 0m3.407s user 0m0.010s sys 0m0.000s
17:05:19: real 0m2.420s user 0m0.010s sys 0m0.000s
17:05:23: real 0m3.463s user 0m0.010s sys 0m0.000s
17:05:29: real 0m2.414s user 0m0.000s sys 0m0.010s
17:05:33: real 0m2.843s user 0m0.010s sys 0m0.010s
17:05:38: real 0m2.512s user 0m0.000s sys 0m0.020s
17:05:42: real 0m2.474s user 0m0.000s sys 0m0.010s
17:05:47: real 0m2.557s user 0m0.010s sys 0m0.010s
17:05:52: real 0m2.439s user 0m0.020s sys 0m0.000s
17:05:56: real 0m3.127s user 0m0.010s sys 0m0.000s
17:05:01: real 0m2.563s user 0m0.020s sys 0m0.000s
17:05:06: real 0m2.392s user 0m0.020s sys 0m0.020s
17:05:10: real 0m2.405s user 0m0.020s sys 0m0.000s
17:05:15: real 0m2.514s user 0m0.010s sys 0m0.010s
17:05:19: real 0m2.809s user 0m0.020s sys 0m0.010s
17:05:24: real 0m2.944s user 0m0.010s sys 0m0.010s
17:05:29: real 0m2.537s user 0m0.010s sys 0m0.000s
17:05:34: real 0m3.290s user 0m0.000s sys 0m0.000s
17:05:39: real 0m2.601s user 0m0.040s sys 0m0.000s
17:05:43: real 0m2.398s user 0m0.010s sys 0m0.040s
17:05:48: real 0m2.664s user 0m0.000s sys 0m0.020s
17:05:53: real 0m2.323s user 0m0.010s sys 0m0.000s
17:05:57: real 0m3.033s user 0m0.000s sys 0m0.010s
17:05:02: real 0m3.243s user 0m0.000s sys 0m0.010s
17:05:07: real 0m2.604s user 0m0.010s sys 0m0.010s
17:05:12: real 0m2.813s user 0m0.010s sys 0m0.010s
17:05:17: real 0m2.325s user 0m0.020s sys 0m0.000s
17:05:21: real 0m2.577s user 0m0.010s sys 0m0.000s
17:05:26: real 0m2.882s user 0m0.030s sys 0m0.000s
17:05:31: real 0m2.572s user 0m0.000s sys 0m0.020s
17:05:35: real 0m2.678s user 0m0.010s sys 0m0.010s
17:05:40: real 0m2.656s user 0m0.010s sys 0m0.010s
17:05:45: real 0m2.921s user 0m0.020s sys 0m0.000s
17:05:49: real 0m2.723s user 0m0.000s sys 0m0.020s
17:05:54: real 0m2.910s user 0m0.010s sys 0m0.010s
17:05:59: real 0m2.601s user 0m0.020s sys 0m0.000s
17:05:04: real 0m2.615s user 0m0.000s sys 0m0.000s
```
After:
```
Getting times for chassis
Getting good line count with wget -q -O- localhost:80/redfish/v1/Chassis?$expand=.($levels=1)
Line count: 980
16:04:43: real 0m0.188s user 0m0.020s sys 0m0.000s
16:04:43: real 0m0.195s user 0m0.010s sys 0m0.000s
16:04:45: real 0m0.219s user 0m0.010s sys 0m0.000s
16:04:48: real 0m0.226s user 0m0.020s sys 0m0.000s
16:04:50: real 0m0.208s user 0m0.020s sys 0m0.010s
16:04:52: real 0m0.226s user 0m0.010s sys 0m0.010s
16:04:54: real 0m0.419s user 0m0.000s sys 0m0.010s
16:04:57: real 0m0.222s user 0m0.010s sys 0m0.020s
16:04:59: real 0m0.194s user 0m0.000s sys 0m0.010s
16:04:01: real 0m0.191s user 0m0.010s sys 0m0.010s
16:04:04: real 0m0.276s user 0m0.010s sys 0m0.020s
16:04:06: real 0m0.183s user 0m0.020s sys 0m0.000s
16:04:08: real 0m0.193s user 0m0.040s sys 0m0.000s
16:04:10: real 0m0.406s user 0m0.020s sys 0m0.010s
16:04:13: real 0m0.317s user 0m0.000s sys 0m0.000s
16:04:15: real 0m0.442s user 0m0.005s sys 0m0.005s
16:04:18: real 0m0.226s user 0m0.010s sys 0m0.000s
16:04:20: real 0m0.217s user 0m0.020s sys 0m0.000s
16:04:22: real 0m0.200s user 0m0.010s sys 0m0.030s
16:04:24: real 0m0.423s user 0m0.010s sys 0m0.010s
16:04:27: real 0m0.203s user 0m0.020s sys 0m0.010s
16:04:29: real 0m0.433s user 0m0.000s sys 0m0.000s
16:04:31: real 0m0.318s user 0m0.020s sys 0m0.000s
16:04:34: real 0m1.206s user 0m0.000s sys 0m0.010s
16:04:37: real 0m0.403s user 0m0.000s sys 0m0.020s
16:04:39: real 0m0.353s user 0m0.010s sys 0m0.000s
16:04:42: real 0m0.291s user 0m0.000s sys 0m0.030s
16:04:44: real 0m0.742s user 0m0.020s sys 0m0.010s
16:04:47: real 0m0.369s user 0m0.010s sys 0m0.000s
16:04:49: real 0m0.215s user 0m0.020s sys 0m0.000s
16:04:52: real 0m0.204s user 0m0.000s sys 0m0.010s
16:04:54: real 0m0.418s user 0m0.000s sys 0m0.000s
16:04:56: real 0m0.215s user 0m0.000s sys 0m0.010s
16:04:58: real 0m0.202s user 0m0.010s sys 0m0.010s
16:04:01: real 0m0.202s user 0m0.010s sys 0m0.010s
16:04:03: real 0m0.212s user 0m0.010s sys 0m0.000s
16:04:05: real 0m0.694s user 0m0.010s sys 0m0.010s
16:04:08: real 0m0.201s user 0m0.010s sys 0m0.010s
16:04:10: real 0m0.230s user 0m0.000s sys 0m0.020s
16:04:12: real 0m0.206s user 0m0.010s sys 0m0.010s
16:04:15: real 0m0.446s user 0m0.010s sys 0m0.010s
```
Change-Id: I90b242e2cd24973420de871fedf9793dd1e310f3
Signed-off-by: Willy Tu <wltu@google.com>
|
|
Added new ConsoleHandler class to prepare for the multiple consoles
support. All global fields are moved to the ConsoleHandler class and a
new global map added to remember the ConsoleHandler for each console
path. There is single ConsoleHandler per connection so we don't need
session map per route. There is a limit added for max number of
connection allowed to avoid any service attacks.
Testing:
- Make sure that single console works fine and data is seen on the
console.
- Make sure that multiple consoles of type host console are created
and data is seen on all consoles. Also using traces made sure
that new handlers are destroyed.
Traces: Traces shows that multiple consoles active and later destroyed.
[INFO "http_connection.hpp":209] Request: 0x24bb790 HTTP/1.1 GET
/console0 ::ffff:x.xx.xxx.xx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "obmc_console.hpp":238] Connection 0x24eb424 opened
[DEBUG "obmc_console.hpp":150] Obmc handler 0x24c18fc added 1 for path
0x24eb424
[DEBUG "obmc_console.hpp":257] Console Object path =
/xyz/openbmc_project/console/default service =
xyz.openbmc_project.Console.default Request target = /console0
[DEBUG "obmc_console.hpp":224] Console web socket path: /console0
Console unix FD: 13 duped FD: 14
[DEBUG "obmc_console.hpp":44] Outbuffer empty. Bailing out
[INFO "http_connection.hpp":209] Request: 0x265d740 HTTP/1.1 GET
/console0 ::ffff:x.xx.xxx.xx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "obmc_console.hpp":238] Connection 0x2661de4 opened
[DEBUG "obmc_console.hpp":150] Obmc handler 0x25e69ac added 1 for path
0x2661de4
[DEBUG "obmc_console.hpp":257] Console Object path =
/xyz/openbmc_project/console/default service =
xyz.openbmc_project.Console.default Request target = /console0
[DEBUG "obmc_console.hpp":224] Console web socket path: /console0
Console unix FD: 19 duped FD: 20
[DEBUG "obmc_console.hpp":44] Outbuffer empty. Bailing out
[INFO "http_connection.hpp":209] Request: 0x265d740 HTTP/1.1 GET
/console0 ::ffff:x.xx.xxx.xx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "obmc_console.hpp":238] Connection 0x25f1fdc opened
[DEBUG "obmc_console.hpp":150] Obmc handler 0x26ff22c added 1 for path
0x25f1fdc
[DEBUG "obmc_console.hpp":257] Console Object path =
/xyz/openbmc_project/console/default service =
xyz.openbmc_project.Console.default Request target = /console0
[DEBUG "obmc_console.hpp":224] Console web socket path: /console0
Console unix FD: 19 duped FD: 21
[DEBUG "obmc_console.hpp":44] Outbuffer empty. Bailing out
[INFO "obmc_console.hpp":177] Closing websocket. Reason:
[DEBUG "obmc_console.hpp":184] Remove connection 0x25f1fdc from obmc
handler 0x26ff22c for path /console0
[INFO "obmc_console.hpp":177] Closing websocket. Reason:
[DEBUG "obmc_console.hpp":184] Remove connection 0x2661de4 from obmc
handler 0x25e69ac for path /console0
[INFO "obmc_console.hpp":177] Closing websocket. Reason:
[DEBUG "obmc_console.hpp":184] Remove connection 0x24eb424 from obmc
handler 0x24c18fc for path /console0
Change-Id: I77a58a3a186e87611219aed90b221f9b8be7fa2f
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
|
|
This commit adds a meson option to allow selecting which dns resolver
bmcweb uses. There are use cases, like Open Compute Project Inband
Management Agent, that would require not using dbus, which would require
us to fall back to the asio resolver. This commit makes the existing
asio resolver constructor, and async_resolve methods match the
equivalents in asio (which we intended to do anyway), then adds a macro
and configure option for being able to select which resolver backend to
rely on.
Tested: Code can now compile without sdbusplus.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I3220214367179f131a60082bdfaf7e725d35c125
|
|
"Like we do other places.. blah"
Tested: Top commit was tested.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8a254067f97569a4d07817796b89a95cd768ff18
|
|
Added POST method on /redfish/v1/TelemetryService/Triggers uri, which
creates new trigger in telemetry service, by using dbus call AddTrigger.
By DMTF, most of the properties are not required, and as such are
treated as optional. Some values can be deduced from others (like
'MetricType', depending on 'DiscreteTriggers' or 'NumericThresholds').
All properties provided in POST body by user will be verified against
each other, and errors will be raised. Few examples of such situations:
- 'MetricType' is set to 'Discrete' but 'NumericThresholds' was passed.
- 'MetricType' is set to 'Numeric' but "DiscreteTriggers' or
'DiscreteTriggerCondition' were passed
- 'DiscreteTriggerCondition' is set to 'Specified' but
'DiscreteTriggers' is an empty array or was not passed.
- 'DiscreteTriggerCondition' is set to 'Changed' but 'DiscreteTriggers'
is passed and is not an empty array.
Example 1 – Trigger with discrete values:
```
{
"Id": "TestTrigger",
"MetricType": "Discrete",
"TriggerActions": [
"RedfishEvent"
],
"DiscreteTriggerCondition": "Specified",
"DiscreteTriggers": [
{
"Value": "55.88",
"DwellTime": "PT0.001S",
"Severity": "Warning"
},
{
"Name": "My discrete trigger",
"Value": "55.88",
"DwellTime": "PT0.001S",
"Severity": "OK"
},
{
"Value": "55.88",
"DwellTime": "PT0.001S",
"Severity": "Critical"
}
],
"MetricProperties": [
"/redfish/v1/Chassis/AC_Baseboard/Thermal#/Fans/0/Reading"
],
"Links": {
"MetricReportDefinitions": []
}
}
Example 2 – trigger with numeric threshold:
{
"Id": "TestTrigger2",
"Name": "My Numeric Trigger",
"MetricType": "Numeric",
"TriggerActions": [
"RedfishEvent",
"RedfishMetricReport"
],
"NumericThresholds": {
"UpperCritical": {
"Reading": 50,
"Activation": "Increasing",
"DwellTime": "PT0.001S"
},
"UpperWarning": {
"Reading": 48.1,
"Activation": "Increasing",
"DwellTime": "PT0.004S"
}
},
"MetricProperties": [
"/redfish/v1/Chassis/AC_Baseboard/Thermal#/Fans/0/Reading",
"/redfish/v1/Chassis/AC_Baseboard/Thermal#/Fans/17/Reading"
],
"Links": {
"MetricReportDefinitions": [
"/redfish/v1/TelemetryService/MetricReportDefinitions/PowerMetrics",
"/redfish/v1/TelemetryService/MetricReportDefinitions/PowerMetricStats",
"/redfish/v1/TelemetryService/MetricReportDefinitions/PlatformPowerUsage"
]
}
}
```
Tested:
- Triggers were successfully created with above example message bodies.
This can be checked by calling:
'busctl tree xyz.openbmc_project.Telemetry'.
- Expected errors were returned for messages with incorrect or mutually
exclusive properties and incorrect values.
- Redfish service validator is passing.
Signed-off-by: Szymon Dompke <szymon.dompke@intel.com>
Change-Id: Ief8c76de8aa660ae0d2dbe4610c26a28186a290a
|
|
The task payload object can be null in certain cases. As per the schema
for Task, there is a standard property Hidepayload which can be set to
true at this case. Setting this property as true in the response body
when Payload is nil.
Tested: Created a task without creating the task payload object and able
to see Hidepayload as true in response body.
Change-Id: I370d1eb9b5b96adb56cff2216b467357b0b34b42
Signed-off-by: Arun Thomas Baby <arunx.thomas.baby.baby.mathew@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
There are cases in this method where if CSRF protection is disabled,
this argument will not be used, and will trigger a compile error. This
commit fixes the compile error.
Tested: Code compiles with CSRF disabled option set.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6daa5193fa162c73c57991600058c198dc38a418
|
|
This commit adds a utility function |sortJsonArrayByKey|. It can sort an
json array by value of a given key of each element.
Use cases includes:
1. sort the MemberCollection by @odata.id
Tested:
1. unit test passed;
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Idc175fab3af5c6102a5a3439b712b659ecb76468
|
|
Per [1] we really shouldn't be using regex. In the cases we do, it's a
HUUUUUGE performance benefit to be compiling the regex ONCE.
The only downside is a slight increase in memory usage.
[1]: https://github.com/openbmc/bmcweb/issues/176
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8644b8a07810349fb60bfa0258a13e815912a38e
|
|
Redfish Sensor schema is based around Edm.Number, which doesn't have an
allowance for things like infinity, -infinity, or NAN. Because these
are theoretically possible in the dbus interfaces, we need to omit the
properties if they are set to anything that Redfish doesn't support.
Because the DBus sensor Value interface relies on NAN to represent
unavailable, this is explicitly set to null in the json response. This
behavior was discussed with DMTF in a forum meeting, and is the
protocol-correct behavior for handling unavailable numbers. All other
number-assigning dbus properties are omitted from the response, to show
that they are "not supported" if they produce out-of-range values.
Tested: Unclear if there are any implementations that do this to test
against. Code inspection only.
Redfish-service-validator passes (on previous patchset).
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia3dde24cd604b0bb5dc596e7b8a6461a4b339b71
|
|
Currently LDAP configuration D-bus errors are not mapped to Redfish
Errors, so returing internalError irrespective of D-bus error.
This commit handles InvalidArgument D-bus error for LDAP config
Tested By:
Configure LDAP with various invalid arguments.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: I6adaedd936fb3d9d906750649792a4d414b54b73
|
|
There are some cases that getCollectionMembers can be leveraged
Tested:
GET https://127.0.0.1:443/redfish/v1/UpdateService/FirmwareInventory/
Returns the same result.
Redfish service validator passes.
Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I417bc08cffd24c6c95abaf86013002ce705d20a4
|
|
System includes should be included with <>, in-tree includes should be
included with "". This was found manually, with the help of the
following grep statement[1].
git grep -o -h "#include .*" | sort | uniq
Tested:
Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1a6b2a5ba35ccbbb61c67b7c4b036a2d7b3a36a3
|
|
- Moved code around to bring state related code close to each other
- Separated long memory lambda function.
Tested:
- Ran: Compared output of following command before and after change
and it matched.
$ curl -s -k https://${bmc}/redfish/v1/Systems/system
{
"@odata.id": "/redfish/v1/Systems/system",
"@odata.type": "#ComputerSystem.v1_16_0.ComputerSystem",
"Actions": {
"#ComputerSystem.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Systems/system/ResetActionInfo",
"target": "/redfish/v1/Systems/system/Actions/ComputerSystem.Reset"
}
},
|
|
"Manufacturer": "",
"Memory": {
"@odata.id": "/redfish/v1/Systems/system/Memory"
},
"MemorySummary": {
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
"TotalSystemMemoryGiB": 0
},
|
|
"ProcessorSummary": {
"CoreCount": 32,
"Count": 4,
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
}
},
"Processors": {
"@odata.id": "/redfish/v1/Systems/system/Processors"
},
Change-Id: Ib72f272eca4ff79e26fe29033c989896a5b9154d
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
|
|
This commit fixes the problem that Redfish Validator has not passed
because of the analytical URL failure
(Redfish/V1/Systems/System/System/Storage/1/Drives/Media0).
Redfish validator error message:
```
*** /redfish/v1/Systems/system/Storage/1
INFO - Type (Storage.v1_7_1.Storage), GET SUCCESS \
(time: 0:00:00.184274)
INFO - Attempt 1 of /redfish/v1/Systems/system/Storage/1/ \
Drives/media0
INFO - Response Time for GET to /redfish/v1/Systems/system/Storage/ \
1/Drives/media0: 0.15951547500117158 seconds.
ERROR - Drives: GET of resource at URI /redfish/v1/Systems/system/ \
Storage/1/Drives/media0 returned HTTP error. Check URI.
INFO - FAIL...
INFO -
*** /redfish/v1/Systems/system/Storage/1/Drives/media0
ERROR - URI did not return resource /redfish/v1/Systems/system/ \
Storage/1/Drives/media0
```
Tested: Redfish validator passes.
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I1c7ff0e8103ce2e65cd3d73f6ef20abfe70a01b5
|
|
This drop is a preparation of supporting multiple consoles in bmcweb.
In this drop we will hook up the new DBUS interface to get the unix
socket file descriptor for existing host console. At this time bmcweb
only allows host console.
This drop includes following bmcweb changes:
- The default console leaf node is set to "default" by the obmc-console
- Currently the URL is still maintained to /console0 for GUI
compatibility. In future, it will be changed to /console/<str>
where <str> could be any string which represents the console id.
- In the obmc routing function, query the console DBUS interface for
all available consoles. If the object leaf matches with the target
string, then create socket and assign the file descriptor returned
by the DBUS console.
[INFO "http_connection.hpp":209] Request: 0x1b8c608 HTTP/1.1 GET /console0
::ffff:x.xxx.xx.xxx
|
[DEBUG "routing.hpp":1440] Matched rule (upgrade) '/console0' 1 / 2
|
[DEBUG "obmc_console.hpp":247] Connection 0x13e3c8c opened
[DEBUG "obmc_console.hpp":268] Console Object path = \
/xyz/openbmc_project/console/default Request target = /console0
[DEBUG "obmc_console.hpp":230] Looking up unixFD for Service \
xyz.openbmc_project.Console.default Path /xyz/openbmc_project/console/default
[DEBUG "obmc_console.hpp":157] Console web socket path: /console0 Console\
unix FD: 12 duped FD: 13
Testing:
Make sure that console open is working for /console0 on rainier machine
Related commits:
1) phosphor-dbus-interface: https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/61486
2) obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/62496
3) bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/62525
Change-Id: I476f1bb3e3be384ab09802340a59ffa036ca0278
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
|
|
- Update Processor Schema to 18.0
- Add processor throttle status and cause
https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/63063
Throttled: An indication of whether the processor is throttled.
ThrottledCauses: An array of reasons that the processor is throttled.
Ran validator and no new errors were found.
Change-Id: Ia4a58ae0f26ffc6177f418420ba45063471323da
Signed-off-by: Chris Cain <cjcain@us.ibm.com>
|
|
Following the changes in
https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/41870
where `MemorySizeInKB` type changed from `uint32` to `size`.
Tested:
On a 64-bit system, MemorySizeInKB has type `t`, which is uint64.
```
.MemorySizeInKB property t 33554432 emits-change writable
```
Before:
```
[ERROR "dbus_utils.hpp":21] DBUS property error in property: MemorySizeInKB, reason: 1
---
~# curl localhost/redfish/v1/Systems/system -s \
| grep -A7 MemorySummary
"MemorySummary": {
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Disabled"
},
"TotalSystemMemoryGiB": 0
},
```
After:
```
~# curl localhost/redfish/v1/Systems/system -s \
| grep -A7 MemorySummary
"MemorySummary": {
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
"TotalSystemMemoryGiB": 64
},
```
Change-Id: Ifc66d4cf78ea81629957091bc4f3b407aa96355a
Signed-off-by: Anthony <anthonyhkf@google.com>
|
|
The current version of nlohmann is not able to compile
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/62278. This is supported
in the latest version of the library.
Tested:
Was able to locally build bmcweb after the bump.
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I6820c3678a0ec23854b8db55a39fd802dc461793
|
|
This change is adding Triggers property to Links when GET is called on
MetricReportDefinition. It contains array of @odata.id pointing to
Trigger resource if it is also linking to given MRD.
Testing done:
- Links/Trigger property is returned by GET request on
/redfish/v1/TelemetryService/MetricReportDefinitions/<str>/
Signed-off-by: Szymon Dompke <szymon.dompke@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I5accf4b50324437b0b185003200078ad2c7020b0
|
|
The bmc now supports the Quiesced state, which is tracked using systemd
targets. Previously, the bmc startup state was determined by systemd
alone. The old systemd startup behavior is retained, but if the bmc is
found to be started, this commit also check the quiesced target to
determine if we should set that state as well. This allows
phosphor-state-manager users to have a state that works for the quiesced
use case, while avoiding race conditions on startup, or having to impose
a hard dependency on phosphor-state-manager, which we know some users
do not use. The reasons for not using phosphor-state-manager are
outside of the scope of this commit.
In comparison to the alternative:
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50318
This actually seems to have a smaller diff, so while there's some
concern about adding complexity to bmcweb, this seems like this patch
gets us the same behavior with slightly less code.
Tested: Loaded onto a p10bmc and see this new state.
systemctl start obmc-bmc-service-quiesce@0.target
root@xxx:~# obmcutil state
CurrentBMCState : xyz.openbmc_project.State.BMC.BMCState.Quiesced
curl -k https://$bmc/redfish/v1/Managers/bmc
...
"Status": {
"Health": "Critical",
"State": "Quiesced"
},
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I718b8ad0a43327051cb5fdf0da59a1ccfbde9940
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Added support for multiple MetricProperties. Added support for new
parameters: CollectionTimeScope, CollectionDuration. ReadingParameters
was not yet changed in telemetry backend, instead temporary property
ReadingParametersFutureVersion was introduced. Once bmcweb is adapted to
use ReadingParametersFutureVersion this property will be renamed in
backend to ReadingParameters. Then bmcweb will change to use
ReadingParameters. Then ReadingParametersFutureVersion will be removed
from backend and everything will be exactly like described in
phosphor-dbus-interfaces without introducing breaking changes.
Related change in phosphor-dbus-interfaces [1], [2]. This change needs
to be bumped together with [3].
Tested:
- It is possible to create MetricReportDefinitions with multiple
MetricProperties.
- Stub values for new parameters are correctly passed to telemetry
service.
- All existing telemetry service functionalities remain unchanged.
[1]: https://github.com/openbmc/phosphor-dbus-interfaces/commit/4f9c09144b60edc015291d2c120fc5b33aa0bec2
[2]: https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/60750
[3]: https://gerrit.openbmc.org/c/openbmc/telemetry/+/58229
Change-Id: I2cd17069e3ea015c8f5571c29278f1d50536272a
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Signed-off-by: Lukasz Kazmierczak <lukasz.kazmierczak@intel.com>
|
|
Much like we've done for the other collections, we should be sorting
these such that humans can use them.
This commit reorders the EthernetInterfacesCollection to report in
numerical order. In redfish, these collections are considered sets, so
therefore order is irrelevant to software, but keeping these things
useful for humans is important, therefore it's a pretty trivial change
to order them in a way that humans expect (1, 2, 3, etc).
Tested:
GET /redfish/v1/Managers/bmc/EthernetInterfaces
Returns interfaces in eth0 then eth1.
Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic48f9be5366afee49fc9fec77a3bb194ab25577d
|
|
Redfish just released 2023.1, pull it in and update the packs.
This commit was generated automatically using update_schemas.py
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8faad8392af88aa7fc3a4fd73c8e0ec3bede56e5
|
|
The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group and they are in an administrator role.
Note: The changes are spread across multiple repositories listed under
"Related commits:"
The bmcweb changes to incorporate new group are as follows:
- The new user is added in the hostconsole group only if it has an
administrative role.
- The ssh usergroup is only translated to ManagerConsole redfish group
and hostconsole usergroup is translated to HostConsole redfish group.
- The following changes are made to check the privileges for host console
access
- The new OEM privilege "OpenBMCHostConsole" added for host console
access. This privilege is not shared externally hence it is not
documented.
- Updated obmc_console BMCWEB_ROUTE to use the new privilege.
- Router functions now save user role and user groups in the session
- getUserPrivileges() function now takes session reference instead
of user role. This function now also checks for the user group
"hostconsole" and add the new privilege if user is member of this
group.
- Updated all callers of the getUserPrivileges to pass session
reference.
- Added test to validate that new privilege is set correctly.
Tested:
Loaded code on the system and validated that;
- New user gets added in hostconsole group. NOTE: Prior to this commit
all groups are assigned to new user. This drop does not change that
behavior.
- Access from the web gui is only available for users in hostconsole
group. Used IBM internal simulator called simics to test this. This
simulator allows accessing openbmc from GUI.
- Checked the role collection and there is no change.
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Administrator
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/ReadOnly
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Operator
- HostConsole is in AccountType when hostconsole group is present in
UserGroups D-Bus property
$ id user99
uid=1006(user99) gid=100(users) groups=1000(priv-admin),1005(web),\
1006(redfish),1013(hostconsole),100(users)
$ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"HostConsole",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Administrator",
"UserName": "user99"
- The hostconsole group is not present for readonly or operator users
and also made sure that console access is not provided. This testing
is done one the system and console access was tried by modifying the
https://github.com/openbmc/bmcweb/blob/master/scripts/websocket_test.py
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "ReadOnly",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x150ac38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-user
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Operator",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x21c7c38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-operator
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureComponents
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
Related commits:
NOTE: docs, openbmc, obmc-console changes are already merged. bmcweb
and phosphor-user-manager will be merged together.
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580
Change-Id: Ia5a33dafc9a76444e6a8e74e752f0f90cb0a31c8
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
|
|
This commit is to fix the faliures seen when redfish validator script is
run on the following URLs
/redfish/v1/Systems/system/LogServices/Crashdump
Error:
The Id property does not match the last segment of the URI
/redfish/v1/Managers/bmc/VirtualMedia/Slot_x
Error:
OpenBMC: EntityType resource does not contain required @odata.id
property, attempting default /OpenBMC
Tested:
Build successful.
Redfish validator passed for Virual Media URI.
Change-Id: I0b84a84140e8404babbf60ce4dba098ec5f05e73
Signed-off-by: V-Sanjana <sanjana.v@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This change takes the locked, and EncryptionStatus properties from
Drives interfaces, and creates the redfish property EncryptionStatus.
Tested:
$ wget -qO- \
http://localhost:80/redfish/v1/Chassis/AgoraV2/Drives/mmcblk0
{
"@odata.context": "/redfish/v1/$metadata#Drive.Drive",
"@odata.id": "/redfish/v1/Chassis/Drives/mmcblk0",
"@odata.type": "#Drive.v1_7_0.Drive",
"CapacityBytes": 15634268160,
"EncryptionStatus": "Unencrypted",
"Id": "mmcblk0",
"Links": {
"Chassis": "Enabled"
},
"Name": "mmcblk0",
"Status": {
"State": "Enabled"
}
}
Running the redfish Validator did not show any errors from this change.
Change-Id: Ic7b58614466535b3fd6b8c097050d3e9c8de8203
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
The code logic currently calls the systemd 'ListUnits' interface and
then compares the returned services and sockets with a predefined map
that associates the systemd units with specific protocols. The
appropriate 'Port' and 'ProtocolEnabled' properties are then filled into
the Redfish response to a redfish/v1/Managers/bmc/NetworkProtocol query.
The issue is that when certain services like IPMI or SSH are disabled,
the systemd unit will no longer be returned by the 'ListUnits' d-bus
interface. This results in the IPMI and SSH protocols not showing up in
the Redfish query. This commit ensures if a feature like IPMI or SSH is
disabled, the user will still see it in the Redfish query and it will
shows false for 'ProtocolEnabled'.
Looked into calling 'ListUnitFiles' which sounds like it returns all
possible units in the system, but that consistently timed out when
calling in a witherspoon qemu session (vs. the instant response to
`ListUnits` in the same session).
Prior to commit 5c3e927 the code operated differently and would look up
each individual protocol. If it didn't find it, then it would fill in
defaults. The change caused us to no longer put a default in for the
protocols when they are disabled.
Tested:
- Confirmed when IPMI was disabled that a query to NetworkProtocol
returned with IPMI in its response and 'ProtocolEnabled' was false
- Basic testing to ensure IPMI could be enabled/disabled and Redfish
responses were as expected
- Ran redfish validator when NetworkProtocol was returning IPMI disabled
Change-Id: I476361413fdb508c93aea88ca6142bc649562c56
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|