Age | Commit message (Collapse) | Author | Files | Lines |
|
Redfish made odata.context optional (1.6.0 of DSP0266) and
has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: I262f21aac32634f8e87863cca7816e4b9236227a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: Iffc75a7cb68f22d67548e5632d7ebfbdd67d6598
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: Ic267d8c9f1fbbec6087e61edf16e6bffe11c927e
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
Change-Id: I8d1c91460ea5836cb793ba1a2774a97649da208a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
Change-Id: I94bac092a3abfec59721eed2c8f10371624dacb3
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
Change-Id: I16b95a4923f4b764d82cf3bc71b2ca51896822ef
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
Change-Id: Iee73d72d56237e8787e839ed06b979779c97d2f3
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
Change-Id: I0dbf424c8fb91f448da19ce12b0dadb512880204
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
Change-Id: I3972fea43d89267ba91f5a0f7c0aac00a18e0f6c
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Per discussion with DMTF and clarification of InTest state within
http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Status
it was determined that this would represent the situation where the host
is collecting diagnostic data. This maps to the new DiagnosticMode
state added to the xyz.openbmc_project.State.Host.HostState namespace.
Tested:
Verified that Redfish API returned expected result when in
DiagnosticMode:
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "InTest"
},
Change-Id: I1c5deb5fdc251a5dcd4d1d01f4eedb6c507ded0a
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Launching a KVM session on the KVM page stopped working. The websocket
connection request began returning connection failure error
codes. This change fixes the asynchronous connection request to allow
it to succeed, and in turn display the KVM session.
Tested:
Connect to BMC using Chrome (FC31), selected Control->KVM sidebar.
Witnessed the KVM session started, and interacted with the SUT while
it was in UEFI.
Connect to BMC using Chrome (Windows 10), selected Control->KVM
sidebar. Witnessed the KVM session started, and interacted with the
SUT while it was in UEFI. Events performed from the Windows browser were
duplicated in the FC31 browser.
Change-Id: Ib3721990dce2e2ba71235371d903fbf508075077
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
The InterfaceEnabled property for an EthernetInterfaces element was
hardcoded to "true". This change gets the actual state of the NIC. It
also permits the NIC to be enabled or disabled.
Tested:
GET sut_ip/redfish/v1/Managers/bmc/EthernetInterfaces/eth0 (and eth1)
PATCH InterfaceEnabled to false
GET sut_ip/redfish/v1/Managers/bmc/EthernetInterfaces/eth0 (and eth1)
PATCH InterfaceEnabled to true
GET sut_ip/redfish/v1/Managers/bmc/EthernetInterfaces/eth0 (and eth1)
Confirmed the NIC was disabled from the BMC console using "ip link"
Confirmed the Get NIC status reported the correct enabled state.
Performed the tests above on a different network to confirm the second
NIC can be controlled orthogonally.
Passed service validator.
Change-Id: I09b703118fe71765c7b1020688a803c74648c7c4
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
From the Redfish issue removing it:
"@odata.context provides little/no value. The common format we use
provides no value/guidance. A generic odata client cannot use it
because we don't return the specific version nor do we require it
be changed with a query parameter. Between @odata.type and the
metadata document and service document/service root, clients get
all of the information they need. And the case where it is
helpful (joins, etc) is something we never do."
https://github.com/DMTF/Redfish-Service-Conformance-Check/pull/171
removes from Redfish-Service-Conformance-Check.
Tested: Ran service validator. No errors.
Ran Redfish-Service-Conformance-Check. No additional errors.
Change-Id: Ic2c33080604ea275cf487e5cd5b9f7948af07db9
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Tested: Built this commit and the commits under it.
Loaded on a Witherspoon and ran validator.
No errors.
Change-Id: Id54bc61319f500c4122213bd0e0d6ba140c7c690
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266),
has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: I5a78856c510f063df67999bb8196e77401c56aac
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266) and
has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: I96e8908f07d27696aaf2e2ba33f49411b8e51ec5
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266) and
has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: I4f9ce00b8cc6f413896879d8c8ec6e093279bd47
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
The reason for making optional and removing from mockups/examples,
"no one could figure out how to use it and it did not add value".
Don't see value in it for our implementation.
Change-Id: I3d634aa1a58072589e565f2361e010b459bfd3f5
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
The latest version of the Redfish Service is 1.9.0.
Nothing preventing us from moving to it.
Find the Redfish Specification (DSP0266) here:
https://www.dmtf.org/dsp/DSP0266
Looks like code is already trying to use some of the 1.7.0
features:
"Added "Password Management" clause to describe functional behavior
for restricting access when an account requires a password change."
Eventing mechanism and ApplyTime.
Will want to use features like:
odata.context optional, query parameter clarification, and eventing
clarification.
Tested: Redfish Validator. Not really a valid test though.
Ran Redfish-Service-Conformance-Check, didn't see
additional errors.
Note: bmcweb still has a lot of Conformance Checker errors,
we are not in 100% complicance with Redfish specification.
Change-Id: I0acd28efa2aaa91149f53efddae530816fd41fff
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Update Redfish to use a DBus boolean value specifically intended for
communicating the NIC link state. Existing Intel server boards have a
NCSI channel with a speed value always assigned to 100Mbps. This makes
identifying link state impossible via the network speed value. The
DBus boolean uses the netlink carrier on/off state which is more
accurate.
Tested:
BMC Console commands:
ip link set down dev eth0
Get managers/bmc/eth0 state ;; LinkStatus is LinkDown
ip link set up dev eth0
Get managers/bmc/eth0 state ;; LinkStatus is LinkUp
Remove NIC cable from RJ45 connector
Get managers/bmc/eth0 state ;; LinkStatus is LinkDown
Insert NIC cable into RJ45 connector
Get managers/bmc/eth0 state ;; LinkStatus is LinkUp
Change-Id: I93d3f716a0afc563e3312e99b4a4163187985521
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
i can increment > qs_kv_size with some inputs. Fix this
by incrementing earlier in the loop instead so we don't
have to increment after the loop and possibly go past
max.
Tested: Used bad string and no longer saw segfault
Change-Id: Ia68cd9b24e9a0b16646197983c513d78df2239ed
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
In 2019.4 was a new 1.7.0 Processor schema that included
PartNumber, SerialNumber, and Version.
Tested: Ran validator.
curl -k https://${bmc}/redfish/v1/Systems/system/Processors/cpu0
{
"@odata.context": "/redfish/v1/$metadata#Processor.Processor",
"@odata.id": "/redfish/v1/Systems/system/Processors/cpu0",
"@odata.type": "#Processor.v1_7_0.Processor",
"Id": "cpu0",
"InstructionSet": "PowerISA",
"Manufacturer": "IBM",
"Model": "",
"Name": "Processor",
"PartNumber": "02CY102",
"ProcessorArchitecture": "Power",
"ProcessorType": "CPU",
"SerialNumber": "YA1934292547",
"Status": {
"Health": "OK",
"State": "Enabled"
},
"TotalCores": 18,
"Version": "22"
}
Change-Id: I6ad02eacf77640965d126a9db6c51cdfdb691978
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Make changes to update_schemas.py needed for the move and run
update_schemas.py.
To see an overview of 2019.4 see
https://www.dmtf.org/sites/default/files/Redfish_Release_2019.4_Overview.pdf
Tested: Built bmcweb, loaded on a Witherspoon, and ran
the validator. No errors.
See new schemas:
curl -k https://${bmc}/redfish/v1/JsonSchemas/VCATEntry
{
"@odata.context": "/redfish/v1/$metadata#JsonSchemaFile.JsonSchemaFile",
"@odata.id": "/redfish/v1/JsonSchemas/VCATEntry",
"@odata.type": "#JsonSchemaFile.v1_0_2.JsonSchemaFile",
"Name": "VCATEntry Schema File",
"Schema": "#VCATEntry.VCATEntry",
Change-Id: I5ae6e3c655e44c82c4457515555bdb934dfb7763
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This updates Redfish ResetType with the new states added in the
document below:
ref: https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/28706
Tested:
Sent a POST with the updated ResetType values and confirmed the correct
behavior:
ForceRestart: host restarted using Host.ForceWarmReboot
GracefulRestart: host restarted using Host.GracefulWarmReboot
PowerCycle: host restarted using Host.Reboot
Change-Id: I053919f2aaa709ba92685d67c1692bfc88b10d39
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Code added that deleted configurations was needed to
get the chassis data. Instead just count the number
of configurations to not allow posting more.
Tested: Creating new PIDs worked again
Change-Id: Ieb7ff7d16967402da64faf6a5cb2d0989af36d23
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Log the BMC kernel panic event into redfish.
Tested:
Trigger a kernel panic by "echo c > /proc/sysrq-trigger",
After BMC reboot, check the below message entry in
redfish/v1/Systems/system/LogServices/EventLog/Entries:
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/68627",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T19:03:47+00:00",
"EntryType": "Event",
"Id": "68627",
"Message": "BMC rebooted due to kernel panic.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.BMCKernelPanic",
"Name": "System Event Log Entry",
"Severity": "OK"
}
Signed-off-by: Yong Li <yong.b.li@linux.intel.com>
Change-Id: Ibc3075a48514b3288ba1a1b1fbe716f5e9deeb26
|
|
Right now there is no limit, so someone could attack
the bmc by adding a very large number of controllers.
Create a limit so this isn't possible.
Tested: Add / Remove functionality still works
Change-Id: Ib408293431250d93b0af71616a1668f6a3d0904a
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This puts a block in to return early if we are asked
to delete something we can't find on D-Bus. This code
path was creating a segfault, but theres no reason to
continue after we can't find an object we are asked to
delete, so we can just avoid it. Also clean up the end
iterator dereference so it doesn't happen in any other
path.
Tested: Segfault goes away
Change-Id: I33622e5e8ab09fba0681e4f86f4a7068f6ef0be7
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
"GET" should be a "Login" Privilege for the AccountService
resource. This makes sense, a "Readonly" and "Operator" user
should be able to see properties like MaxPasswordLength and
MinPasswordLength since they are allowed to change their own
password.
This was changed in Redfish 2019.3, redfish issue 1914 explains
more.
From Redfish_1.0.4_PrivilegeRegistry.json:
"Entity": "AccountService",
"OperationMap": {
"GET": [
{
"Privilege": [
"Login"
]
}
],
"HEAD": [
{
"Privilege": [
"Login"
]
}
],
"PATCH": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"PUT": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"DELETE": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"POST": [
{
"Privilege": [
"ConfigureUsers"
]
}
]
Change-Id: Iab8acbac97a58aed865bf94f665d6c9a32de81dd
Tested: Build for Witherspoon and AccountService looks good.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Make changes to update_schemas.py needed for the move and run
update_schemas.py.
old path (2019.2)
DSP8010_2019.2/DSP8010_2019.2/json-schema/MemoryMetrics.v1_1_2.json
DSP8010_2019.2/DSP8010_2019.2/openapi/Memory.v1_0_3.yaml
DSP8010_2019.2/DSP8010_2019.2/csdl/AccelerationFunction_v1.xml
new path (2019.3)
DSP8010_2019.3/csdl/Memory_v1.xml
DSP8010_2019.3/json-schema/UpdateService.v1_1_2.json
DSP8010_2019.3/openapi/Zone.v1_3_1.yaml
To see an overview of 2019.3 see
https://www.dmtf.org/sites/default/files/Redfish_Release_2019.3_Overview.pdf
Tested: Built bmcweb, loaded on a Witherspoon, and ran
the validator. No errors.
Change-Id: I0deaf88b884d65fffa31fcf66183ed61a930a073
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Map DeratingFactor from PowerSupplyAttributes.interface.yaml
to the Redfish property PowerSupply "EfficiencyPercent".
Only do this call when the "Power" schema is called.
Use the InventoryItem class introduced in
adc4f0db57568c5e5d2a3398fce00dbb050a3b72
Tested: Power, Thermal, all look good.
Passed the Redfish Validator.
"PowerSupplies": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerSupplies/0",
"EfficiencyPercent": 90,
"IndicatorLED": "Off",
"Manufacturer": "",
"MemberId": "powersupply0",
"Model": "2B1D",
"Name": "powersupply0",
"PartNumber": "01KL471",
"PowerInputWatts": 12.0,
"SerialNumber": "71G370",
"Status": {
"Health": "OK",
"State": "Enabled"
}
},
Change-Id: I344577a7a3d72cd37d5f6bab03edbdce13b9f764
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Several Oem schemas have been added but the update_schemas.py
has not been updated. Added them to the update_schemas.py so
the static/redfish/v1/$metadata/index.xml is correctly
built by update_schemas.py.
This is needed to move us to 2019.3 and eventually 2019.4.
Ideally, we would not just have a bunch of
metadata_index.write to write the Oem schemas to
$metadata/index.xml but this will do for now.
https://github.com/openbmc/bmcweb/issues/32
is to improve this.
Tested: Ran update_schemas.py and loaded that image on a
Witherspoon and ran the validator. No errors.
Change-Id: Iade028e690c31e25a72503d9352bc75eb7ee58dc
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
All other Oem Schemas start with Oem.
This is used by the update_schemas.py to determine an Oem
schema and is a reasonable requirement for Oem schemas.
https://github.com/openbmc/bmcweb/blob/a3268f98f308ca7c8660b1ace44d5b9a40be204b/scripts/update_schemas.py#L43
Tested: Ran the validator against this change on a Witherspoon
with BMCWEB_ENABLE_REDFISH_CPU_LOG enabled and OemCheck
true. Validator passed. Might be worth running on a
system that actually uses BMCWEB_ENABLE_REDFISH_CPU_LOG.
curl -k https://${bmc}/redfish/v1/Systems/system/LogServices/Crashdump
{
"@odata.context": "/redfish/v1/$metadata#LogService.LogService",
"@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump",
"@odata.type": "#LogService.v1_1_0.LogService",
"Actions": {
"#LogService.ClearLog": {
"target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/LogService.ClearLog"
},
"Oem": {
"#Crashdump.OnDemand": {
"target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/Crashdump.OnDemand"
}
}
},
"Description": "Oem Crashdump Service",
"Entries": {
"@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump/Entries"
},
"Id": "Oem Crashdump",
"MaxNumberOfRecords": 3,
"Name": "Open BMC Oem Crashdump Service",
"OverWritePolicy": "WrapsWhenFull"
}
Change-Id: Iacc11be1284b99c2ed9a6c2ca0a936bd97855afb
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Restrict bmcweb authentication to redfish group only. This
change makes sure that user without having redfish group user
is not authenticated to query the details, and login will fail.
Tested:
1.Verified by removing the redfish group role for a valid user
and confirmed redfish session establishment fails using postman.
Change-Id: Ie0c1c94a7ac4d218a502faba1d80c7b9fc2a7ca0
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
Currently 'Updateable' property value in SoftwareInventory schema
is hardcoded. Added support to look through the updateable
software associations objects and use it for 'Updateable'
Redfish property in SoftwareInventory.
Tested:
- Checked 'Updateable' Property value for both
programmable and non-programmable firmware inventory
components and it works as expected.
- Ran the Redfish validator and no new issues found.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: Ia24f942f3afe49674ec3628cac0356a5496ef337
|
|
Considering that the webui is no longer an "IBM" specific entity, and is
now the standard for the project, there's no need for this variable to
call it out explicitly. Update comment and variable name to be more
correct.
Tested: No functional change, only comments.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I2169876c38ccd558a3cfcfc61637720bd290b3ee
|
|
This enhances the return value from the pamAuthenticateUser function so
callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which
means the credentials are correct, but the password must be changed.
Tested: Yes, scenarios via both Redfish login and Basic Auth:
- correct username and password, password is not expired
- correct username and password, password is expired
- correct username and incorrect password, password is not expired
- correct username and incorrect password, password is expired
- non-existent user (passsword is not relevant)
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
|
|
OEM Schema for VirtualMedia added.
Also OpenBMC level has been added to OEM field in the code to
conform to schema standard.
Tested:
Manually using full stack of VirtualMedia.
* Inserting/ejecting media in both legacy and proxy mode
* Redfish Service Validator 1.3.2 ran
Change-Id: Iaa87dd767a4bf2062bd4e74dd790a2496aca96de
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
As continuation for VirtualMedia Redfish support, this patch adds
insertion and eject actions into existing VirtualMedia code base.
Testing:
* Manual tests together with nbd proxy and virtual media app
- For requests: Postman and/or HTTPie, with logs enabled and Valgrind)
- Manual result validation
* Tests run:
- GET on collection with manual validation
- PUT/POST/DELETE on collection
- GET on item/nonexistent item
- PUT/POST/DELETE on item
- GET/PUT/DELETE on action
- POST on action - EjectMedia/InsertMedia, legacy mode
- POST on action - InsertMedia, proxy mode
- POST on action - input validation (empty, invalid URL), legacy mode
* Redfish Service Validator tested, no new issues found.
Change-Id: Icccc433c1e84bc2ac37d9c295fe72749187fb735
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
This change adds VirtualMedia scheme to Redfish.
Implementation is based on input from virtual-media module
and nbd proxy which is a bmcweb part. The code is used
only in case ndb-proxy is supported in bmcweb
(BMCWEB_ENABLE_VM_NBDPROXY compilation flag).
Tested:
* Manual tests together with nbd proxy and virtual media app
- For requests: Postman and/or HTTPie, started with logs
enabled and Valgrind
- Manual result validation
* Tests ran:
- GET on collection with manual validation
- PUT/POST/DELETE on collection
- GET on item/nonexistent item
- PUT/POST/DELETE on item
* Redfish Service Validator tested, no new issues found.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Change-Id: I5415dc0ffe52069fd35bc614b0378bbc4ad41ff6
|
|
Redfish specifies only "OK", "Warning", and "Critical" as valid
values for message severity, but some messages have a severity
of "Error".
This changes the incorrect "Error" severity values to "Critical".
Tested:
Checked that all severity values are "OK", "Warning", or "Critical".
Passed the Redfish service validator.
Change-Id: If65665c76915e1730e6ae12c36003242aa9a85c6
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
At present, the Crashdump.SendRawPeci redfish interface accepts one
PECI command at a time. Changed it to accept array of PECI commands
through which multiple PECI commands can be aggregated into one redfish
call. Also provided backward compatibility for existing single PECI
command input format.
Tested:
Tested by aggregating 1000 PECI commands in one redfish call.
Tested by giving single PECI command with the existing format.
Change-Id: I05c547438ce9833519807b39347223183bdfb4ed
Signed-off-by: Karthick Sundarrajan <karthick.sundarrajan@intel.com>
|
|
Updated "MemoryThermTrip" message entry for CPU Memory
Thermal Trip events.
Tested:
1. Redfish validator - passed for this new addition
2. Verified in Redfish, MemoryThermTrip message populated properly
Redfish URI:
GET: https://<BMC IP>/redfish/v1/Systems/system/LogServices/EventLog
/Entries
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/
Entries/506",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:08:26+00:00",
"EntryType": "Event",
"Id": "506",
"Message": "Memory ThermTrip asserted: CPU 1.",
"MessageArgs": [
"CPU 1"
],
"MessageId": "OpenBMC.0.1.MemoryThermTrip",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/
Entries/506_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:08:26+00:00",
"EntryType": "Event",
"Id": "506_2",
"Message": "Memory ThermTrip asserted: CPU 2.",
"MessageArgs": [
"CPU 2"
],
"MessageId": "OpenBMC.0.1.MemoryThermTrip",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: Chalapathi <chalapathix.venkataramashetty@intel.com>
Change-Id: I89271d28012c7f01a6cc37e1ef35c7e15f5e9965
|
|
This commit fixes timeout issues when transfering bigger payloads
like update image.
Tested by uploading image:
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \
-X POST -T test.tar https://$bmc/upload/image
# slow connection upload (~10kB/s)
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \
-X POST -T test.tar https://$bmc/upload/image --limit-rate 10k
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: I913136013afb58c97071819288460f4cb64d0d83
|
|
This reverts commit a8086647b103f55116ce4c872e1455ebf1f3e346.
Reason for revert: Restoring commit c00500b as base for upload image issue fix
Change-Id: I1dd5d3fda2d1ee6f4027193a0506d5ca764b01e4
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
|
|
This reverts commit c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a.
Reason: Makes image upload fail
Tested: Image upload works again
requests.post(
'https://{}/redfish/v1/UpdateService'.format(args.address),
data=file.read(), verify=False,
auth=(args.username, args.password))
Change-Id: Iaf780d052d98accdead32e87f468002f5141b19a
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Message entry for
BMC should detect the following intrusion or non-allowed configuration and
log the security event with description.
1. Password storing hash algo changes from SHA2-256 to MD5 in Linux pwd file
2. When any user other than root has its UID set to 0 in Linux pwd file
3. When any unsupported shells (not bash or sh) are present in Linux pwd file
4. When the root user is assigned a password in Linux password file
Tested:
1. Ran Redfish validator - passed for this new addition.
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75_1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:01:15+00:00",
"EntryType": "Event",
"Id": "75_1",
"Message": "weak password computing hash algorithm is enabled = MD5 Hash algorithm .",
"MessageArgs": [
"MD5 Hash algorithm"
],
"MessageId": "OpenBMC.0.1.SecurityUserWeakHashAlgoEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/240",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:00+00:00",
"EntryType": "Event",
"Id": "240",
"Message": "other than /bin/bash,/bin/sh, Unsupported shell is enabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/246",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:06+00:00",
"EntryType": "Event",
"Id": "246",
"Message": "Unsupported shell is removed",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellRemoved",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/604",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:10:04+00:00",
"EntryType": "Event",
"Id": "604",
"Message": "password computing hash algorithm is changed to sha256/sha512.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserHashAlgoChanged",
"Name": "System Event Log Entry",
"Severity": "OK"
}
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:01:15+00:00",
"EntryType": "Event",
"Id": "75",
"Message": "root user is enabled.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserRootEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1153",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:19:13+00:00",
"EntryType": "Event",
"Id": "1153",
"Message": "uid Zero is assigned with non-root user",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserNonRootUidZeroAssigned",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: I8a3a10be2cc85614baa7b0d2f56b3376c3301e01
|
|
Some systems create a xyz.openbmc_project.Software.Version D-bus object
for reasons other then storing a FirmwareInventory object. For example
the phosphor-logging code can add it to a log to track what level of
code was running when a log was created. These should not show up in the
Redfish FirmwareInventory API.
Tested:
Before this change, 3 and 4 correlated to phosphor-logs on system
curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory",
"@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection",
"Members": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/4"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3b296352"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/e9b7a436"
}
],
"Members@odata.count": 5,
"Name": "Software Inventory Collection"
}
After:
Verified 3 and 4 were no longer returned in FirmwareInventory
curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory",
"@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection",
"Members": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/2d556644"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/7432374c"
}
],
"Members@odata.count": 3,
"Name": "Software Inventory Collection"
}
Ran Redfish validator and ensured no errors
Change-Id: I3e99fe7570b87b83f75918873267fb1587add182
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
This adds the indicator property to Chassis Schema,
and moves the logic from systems.hpp to a common header
to share the code.
Tested: Passed the validator, was able to turn LED on
Change-Id: I79458a2a4656d7ddf2939bb9f56845eb6d9a27ca
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This commit fixes:
- handling of virtual media unmount method
- cancels unix socket async accept upon early websocket closing
(reproduction with rapid start/stop button pressing or closing
websocket just after negotation msg from NBD server)
Tested:
- unmount method via WebUI
- unix socket accept cancellation - modified NBD server to close
websocket after sending negotation message & rapid start/stop button
pressing
Signed-off-by: Iwona Winiarska <iwona.winiarska@intel.com>
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: Ibcbb87a7e35cfbee8c8b4686f64c9090c66f0c17
|