Age | Commit message (Collapse) | Author | Files | Lines |
|
Since the getAssociationEndPoints method has been implemented in
dbus_utility and this commit is to integrate all the places where the
endpoints attribute is obtained, and use the method in dbus_utility
uniformly.
Tested:
1. Redfish Validator Passed
2. For all the endpoints we changed, we got the same result as before
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I91a5e80de5bc3b5712c2d5b81f2f8b982d1c884e
|
|
As-written, the nbd (and all websocket daemons) suffer from a problem
where there is no way to apply socket backpressure, so in certain
conditions, it's trivial to run the BMC out of memory on a given
message. This is a problem.
This commit implements the idea of an incremental callback handler, that
accepts a callback function to be run when the processing of the message
is complete. This allows applying backpressure on the socket, which in
turn, should provide pressure back to the client, and prevent buffering
crashes on slow connections, or connections with high latency.
Tested: NBD proxy not upstream, no way to test. No changes made to
normal websocket flow.
Signed-off-by: Michal Orzel <michalx.orzel@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I3f116cc91eeadc949579deacbeb2d9f5e0f4fa53
|
|
Tested: No way to test. Non-upstream backend, inspection only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib2593b66407e0f102f543777ecf907b434acac52
|
|
nbd proxy should not have its own authorization checks, as these are
now handled in the core as of 7e9093e625961f533250a6c193c1a474e98007c4
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8874d8a09278ba21d2acfdf076cb76dee718ecf4
|
|
Prior commit missed adding a required property to a rewrite using
sdbusplus::unpackProperties()
Fixes a regression introduced in commit
bc1d29de81216e99d0a73c5fd3b6bb7fd2194ba8
Validator passed:
IdlePowerSaver [JSON Object] ComputerSystem.v1_16_0.IdlePowerSaver Yes complex
IdlePowerSaver.Enabled False boolean Yes PASS
IdlePowerSaver.EnterUtilizationPercent 8 number Yes PASS
IdlePowerSaver.EnterDwellTimeSeconds 240 number Yes PASS
IdlePowerSaver.ExitUtilizationPercent 12 number Yes PASS
IdlePowerSaver.ExitDwellTimeSeconds 10 number Yes PASS
Change-Id: I345c714b71d50d6c8c03120c54bdabe0bd5d0714
Signed-off-by: Chris Cain <cjcain@us.ibm.com>
|
|
Partial revert of 915d2d4e59be56958b04a79ba96e0242ef735f44
Request object was being moved out of the owning Connection object,
which would then try to use the Request again in completeRequest(). Just
pass around a reference instead of taking ownership.
The obvious symptom was that Redfish pages were served as json in the
browser instead of HTML, because the headers in the Request were no
longer valid after being moved.
Tested: /redfish/v1 is served as HTML in the browser again.
Change-Id: Iae68a68817146c28377bbcade04716725e4a6096
Signed-off-by: Jonathan Doman <jonathan.doman@intel.com>
|
|
Querying CollectDiagnosticData Action results in a crash if there is
not an active user session. Fixes the null pointer dereferencing
introduced by https://gerrit.openbmc.org/c/openbmc/bmcweb/+/58688.
Tested:
Queried the Action URI and received a response instead of bmcweb
crashing
curl -X POST -H 'Content-Type: application/json' \
localhost/redfish/v1/Managers/bmc/LogServices/Dump/Actions/LogService.CollectDiagnosticData/ \
-d '{"DiagnosticDataType": "Manager"}'
{
"@odata.id": "/redfish/v1/TaskService/Tasks/0",
"@odata.type": "#Task.v1_4_3.Task",
"Id": "0",
"TaskState": "Running",
"TaskStatus": "OK"
}
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: Ic46ece84598613e4bbe51f4188a623ba857c18a0
|
|
Update the schema pack to include ComponentIntegrity resources.
ComponentIntegrity is used for representing roots of trust, and
conveying attestation parameters forward.
Tested: Automated change
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1c62ddeeb9151bfe2852199a9ebb12a6636e6262
|
|
Network backend does not return the AddressState and its currently displayed as null. This is misleading the user.
This commit removes this property until backend supports.
Tested by:
Verify ethernet interface does not return AddressState for IPv6
Change-Id: I5489f57ce3d50d1480033f27adf1bc95153fdd18
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
|
|
With Redfish aggregation, responses from satellite BMCs can be on the
order of MBs due to use cases like logging or binary payloads.
Offloading $expand could similar result in responses that exceed the
current read limit of 128 KB.
Splits the connection pools used for aggregation and EventService so
that the response read limit is 50MB for responses associated with
aggregation. Pools used by EventService keep the current limit of 2^17
bytes or 128 KB. It also propogates a ConnectionPolicy object that gets
instantiated within HttpClient, which allows per-client policies for
retry/byte limits. This allows EventService and aggregation to have
different policies.
Tested:
With aggregation enabled I was able to return a response from a
satellite BMC which was than 2MB. Ran the Redfish Mockup Creator and it
was able to successfully query all aggregated resources as part of
walking the tree. Also verified that HTTP push events still work with
EventListener.
Change-Id: I91de6f82aadf8ad6f7bc3f58dfa0d14c0759dd47
Signed-off-by: Carson Labrado <clabrado@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Adds an AggregationSource resource for each satellite config present on
dbus.
Adds the AggregationSource schema which we had previously ignored.
Tested:
Querying an AggregationSource returned the expected information.
curl localhost/redfish/v1/AggregationService/AggregationSources/5B247A
{
"@odata.id": "/redfish/v1/AggregationService/AggregationSources/5B247A",
"@odata.type": "#AggregationSource.v1_3_1.AggregationSource",
"HostName": "http://122.111.11.1:80",
"Id": "5B247A",
"Name": "Aggregation source",
"Password": null,
}
Service Validator passed. The Service Validator also passed after
removing the satellite config from the system such that
/redfish/v1/AggregationService/AggregationSources returns an empty
Members array.
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I88b5fbc15f27cddd330ec22a25427fd8b18cf766
|
|
When we have 2 or more netdevs, if eth0 configured the StaticNTPServers
and eth1 not by default, the NTPServers will be empty.
We could merge all the NTPServers from all the interfaces, and remove
the duplicate ones(Already have).
Limitations(not this patch):
When setting the NTPServers, will set all the interfaces, cannot be
set individually.
Tested:
Only config the eth0's NTPServers, keep eth1's NTPServers empty.
```
~# curl -k -H "X-Auth-Token: $token" https://$bmc/redfish/v1/Managers/bmc/NetworkProtocol
{
...
"NTP": {
"NTPServers": [
"fdbd:dc00::10:8:8:14",
"fdbd:dc00::10:8:8:15",
"fdbd:dc00::10:8:8:16",
"10.8.8.14",
"10.8.8.15",
"10.8.8.16"
],
"ProtocolEnabled": true
},
}
```
Change-Id: Ie181bb117577bc46f87e714b87dcb7cd8f5145a8
Signed-off-by: Jian Zhang <zhangjian.3032@bytedance.com>
|
|
The openbmc_dbus_reset was holding reference of `crow::Response`, set
the response in `~InProgressActionData()`, and call res.end() to
complete the result of the response.
The bmcweb code now uses `std::shared_ptr<AsyncResp>` for the response
and the `res.end()` is handled in `~AsyncResp()`.
By using the reference of `crow::Response`, the `InProgressActionData`
is actually using a dangling reference because the
`std::shared_ptr<AsyncResp>` is already destructed, and bmcweb will
crash on `action` calls, or not crash but get invalid response, as it's
undefined behavior.
Fix the above issue by using `std::shared_ptr<AsyncResp>` to make sure
the response is correctly handled.
Tested:
1. Without the fix, bmcweb crashes, or get no json output response on
the below method call, be noted that it's an invalid call:
```
$ curl -k -H "X-Auth-Token: $token" -x POST -d '{"data": []}' https://${bmc}/xyz/openbmc_project/logging/action/deleteAll
```
2. With the fix, bmcweb gives expected response:
```
$ curl -k -H "X-Auth-Token: $token" -x POST -d '{"data": []}' https://${bmc}/xyz/openbmc_project/logging/action/deleteAll
{
"data": {
"description": "The specified method cannot be found"
},
"message": "404 Not Found",
"status": "error"
}
$ curl -k -H "X-Auth-Token: $token" -x POST -d '{"data": []}' https://${bmc}/xyz/openbmc_project/logging/action/DeleteAll
{
"data": null,
"message": "200 OK",
"status": "ok"
}
```
Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: I38ef34fe8ff18e4e127664c853c6792461f6edf8
|
|
There are currently many files that use the GetManagedObjects method.
Since they are a general method, they are defined in the
dbus_utility.hpp file and refactors them.
Tested:
1. Built bmcweb successfully and Validator passes.
2. We got the same result as previously in the ethernet schema.
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I0c25b7b6b9421bea46ff0afadbaa4783b704e664
|
|
This code is doing some copy operations instead of moves. This commit
moves to passing a Request&& through the validate function, so that we
don't have to split the usage of req between the two paths.
Ideally someday we'd run Request as a shared_ptr like we do with
Response and remove the possibility of this, but that's a longer term
thing.
This fixes a regression introduced in
7e9093e625961f533250a6c193c1a474e98007c4
Tested:
Redfish service validator passes.
/redfish/v1/Systems/system passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib6d99726a64326b7c8bad15bc9d4ca774ab6256d
|
|
This change corrects the event type when a resource is
removed.
Tested By:
Tested in the client side - resource removed events are received
Change-Id: Ib7b017c58401b9be674d330bc476d8c30d3721d6
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
|
|
Similar to the code we've been building elsewhere, move
PCIeDeviceCollection system to a separate method, and use
getCollectionMembers.
Tested: Validator passed
```
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices",
"@odata.type": "#PCIeDeviceCollection.PCIeDeviceCollection",
"Description": "Collection of PCIe Devices",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/dp0_drive2"
},
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/dp0_drive3"
},
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card0"
},
{
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices/pcie_card1"
},
.....
.....
],
"Members@odata.count": 20,
"Name": "PCIe Device Collection"
}
```
Change-Id: Ib8d468f9163e49fc3767dd92b81e70b4d48e8867
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
|
|
Any of our things taking URLs should be taking url_view by value,
similar to how we take string_view.
From the beast documentation:
"...it acts like a string_view in terms of ownership." [1]
Therefore, we should treat it like we treat string_view, and take by value, not reference.
[1] https://www.boost.org/doc/libs/master/libs/url/doc/html/url/ref/boost__urls__url_view.html
Tested:
Stacked these patches. Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I696b495f4aa04984225853f653cc175c0eaad79d
|
|
Currently code search for underscore and replace space in the
dbus object path , which construct invalid object path.This
Patch construct proper dbus object path by replacing space
with underscore.
Tested:
Verified that object path is created in proper format.
Change-Id: Ibdf18c13ce30aa007f165e1ccfe7f68e86d50c32
Signed-off-by: Yaswanth Reddy M <yaswanthx.reddy.munukuru@intel.com>
|
|
This commit enables privilege check for user(s) in case of upgraded
connections.
Currently users with no privileges will also be able to access
Websockets connections (Ex: KVM).
The privilege check was already in place for normal connections (i.e.
router->handle()). This commit lifts off the privilege check code and
moves it into a common function (validatePrivilege()), which can be used
both by handle() and handleUpgrade() and register required callback to
be called.
Also, the const qualifier for Request in the handleUpgrade() function's
signature is removed to enable setting "isConfigureSelf" field of
request. The signature of handleUpgrade() is made identical to handle()
Tested:
- websocket_test.py Passed
- Admin and Operator users are able to access KVM on WebUI
- Readonly User was unable to access KVM on WebUI
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I6f743c27e7e6077f1c6c56e6958922027e4404e8
|
|
handleUpgrade is pretty simple, and has no methods that can throw. This
was there previously because of handling exceptions in handle() and was
copied to handleUpgrade(), even though it doesn't make a ton of sense to
do so, given the throw conditions don't really exist, and start()
doesn't call path handlers directly anymore.
Tested: Code compiles. Only affects error conditions.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iedd7e42b7e908282ab2c2d698e9f6c815b88e857
|
|
Tested: Tested in 46991
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia714c7de02d714e636d5624ea884dbb6633baee5
|
|
This lambda was very large, and needs broken into a method.
Tested: Tested in 46991
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I86c1ac749580eb5b42c347808b4660c894a9bb9b
|
|
This commit enables passing down the asyncResp (of the connection) to
the handler of upgraded connections. This is already in place for normal
requests (i.e. Class Router -> handle())
This change would enable any async calls that would be required before
upgrade of the connection. For example, as on today, we have only
Authentication of user in place for upgraded connection, but not
Authorization. So, this asyncResp could further be used for such dbus
calls to return informative response.
This commit updates the signature of all the handleUpgrade() functions
present in router.hpp to take in asyncResp object instead of normal
response.
Tested :
- websocket_test.py Passed
- KVM was functional in WebUI.
Change-Id: I1c6c91f126b734e1b5573d5ef204fe2bf6ed6c26
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
|
|
There are cases in aggregation where an expand parameter might get
forwarded to a client. Because our previous expand algorithm assumed
that any endpoint within bmcweb would only produce "depth=1" responses,
it was reasonable to assume that the pre-response could not contain
expanded content. Aggregated resources can't make that assumption.
This commit attempts to pass through depth through the request, to
ensure that we only expand the level that the user requested, and not
any level returned by the request. This is done by using the existence
of the resource identifer "@odata.id" to indicate each level in an
expanded response. This should be fine since the Redfish spec requires
that property to exist.
Added unit tests to cover aggregation scenarios. Modified existing
$expand tests to comply with the resource identifier dependency.
Tested:
New unit tests pass
Queried '/redfish/v1/Systems?$expand=.($levels=2)' on an aggregated
system whose satellite BMC supported $expand. The overall response was
correctly expanded for both resources on the aggregating BMC as well as
on the satellite BMC. Expanding the satellite resources did not require
sending multiple queries to the satellite.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I20ba60ee39bac11ffb3fe1768cec6299cf9ee13e
Signed-off-by: Carson Labrado <clabrado@google.com>
|
|
This is an intermediate step in setting up aggregation sources. A
future patch will add aggregation sources based on the existence of
satellite configs. For now the collection will always return as 0
members.
Adds the AggregationSourceCollection schema which we previously
ignored.
Tested:
Service Validator passes
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I65c9231289bf0a9b6392696d55bc3feb0023c694
|
|
If reading a particular property failed, it hits the UnpackErrorPrinter.
The error was captured as a debug message(BMCWEB_LOG_DEBUG).
As it is important to capture these traces on a release image,
the log level is raised to BMCWEB_LOG_ERROR
Change-Id: I14b8d6d48e3354beb317f6380b2f746cad151168
Signed-off-by: Deepa Karthikeyan <deepakala.karthikeyan@ibm.com>
|
|
The test using the latest Redfish verifier found the following errors
```
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/
Temperatures/0
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/
Temperatures/1
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/
Temperatures/2
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/0
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/1
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/2
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/3
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/4
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/5
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/6
1 badMemberId errors in /redfish/v1/Chassis/chassis/Thermal#/Fans/7
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/0
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/1
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/2
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/3
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/4
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/5
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/6
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/7
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/8
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/Voltages/9
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/
Voltages/10
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/
Voltages/11
1 badMemberId errors in /redfish/v1/Chassis/chassis/Power#/
Voltages/12
```
Because the Redfish verifier checks whether the MemberId matches the
last part of the URL [1]
```
Added validation of the last segment of the URI to ensure it matches
the Id property or MemberId property where appropriate.
```
[1] https://github.com/DMTF/Redfish-Service-Validator/blob/master/CHANGELOG.md#224---2023-02-05
Tested: Validator passes
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Chassis/chassis/Thermal
{
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal",
"@odata.type": "#Thermal.v1_4_0.Thermal",
"Fans": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal#/Fans/0",
"@odata.type": "#Thermal.v1_3_0.Fan",
"MemberId": "0",
...
},
{
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal#/Fans/1",
"@odata.type": "#Thermal.v1_3_0.Fan",
"MemberId": "1",
...
},
{
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal#/Fans/2",
"@odata.type": "#Thermal.v1_3_0.Fan",
"MemberId": "2",
...
},
{
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal#/Fans/3",
"@odata.type": "#Thermal.v1_3_0.Fan",
"MemberId": "3",
...
},
...
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I12151a2b20475071ea9b3ed3296754d56a0fed53
|
|
There's some tough-to-track-down safety problems in http Request. This
commit is an attempt to make things more safe, even if it isn't clear
how the old code was wrong.
Previously, the old code took a url_view from the target() string for a
given URI. This was effectively a pointer, and needed to be updated in
custom move/copy constructors that were error prone to write.
This commit moves to taking the URI by non-view, which involves a copy,
but allows us to use the default move and copy constructors, as well as
have no internal references within Request, which should improve the
safety and reviewability.
There's already so many string copies in bmcweb, that this is unlikely
to show up as any sort of performance regression, and simple code is
much better in this case.
Note, because of a bug in boost::url, we have to explicitly construct a
url_view in any case where we want to use segments() or query() on a
const Request. This has been reported to the boost maintainers, and is
being worked for a long term solution.
https://github.com/boostorg/url/pull/704
Tested: Redfish service validator passed on last commit in series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I49a7710e642dff624d578ec1dde088428f284627
|
|
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de
|
|
Per cpp core guidelines, we should be returning this via a function
call, not a direct member variable. Doing this also improves the
safety, as we don't have to remember to move the references over in a
move.
Tested: Tested as part of top patch in series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I837d6fd277ffa076ba5425003d6e6ee79204d014
|
|
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61237/3 merged. hypervisor
is no longer in its own namespace.
Tested: None.
Change-Id: I3dc3e01a0c3bcfd9a00a060f04505a6bc70860e6
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
The reason for this change is that there are two routes defined:
[1] /redfish/v1/Systems/<str> in systems.hpp
[2] /redfish/v1/Systems/hypervisor in hypervisor_system.hpp
Whenever a user does a get on /redfish/v1/Systems/hypervisor, the first
route is hit and that checks if <str> is "system" and if not, bmcweb
returns resource not found error.
```
Error:
ERROR - Members: GET of resource at URI /redfish/v1/Systems/hypervisor returned HTTP error. Check URI.
ERROR - URI did not return resource /redfish/v1/Systems/hypervisor
GET Failure HTTP Code (404)
```
The below upstream commit is causing this issue:
[1] openbmc/bmcweb@22d268c#diff-cddfc26fddb6ba29f3fd81ecf5840fc6d9a8554bbca92f578d81b97db8b14895
To resolve this issue, an if hypervisor is inserted in the
/redfish/v1/Systems/<str> and that calls handleHypervisorSystemGet. The
/redfish/v1/Systems/hypervisor in redfish-core/lib/hypervisor_system.hpp
is removed.
Also fix /redfish/v1/Systems/hypervisor/ResetActionInfo/.
Redfish validator passed.
redfish/v1/Systems/hypervisor looks good.
/redfish/v1/Systems/hypervisor/ResetActionInfo/ looks good.
Change-Id: Ie2d9d19c258236ce86d6552ae4a3bd486e02de01
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
These are 4xx errors, 404 not found. Move the logging to WARNING so they
don't log unless WARNING level is enabled. This follows the guidance in
the commit below.
Tested: None.
Change-Id: I38b2bec64507d75286f79d61acf7a96226598e0b
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
List the 5 logging levels. Attempt to document what each does and some
example use cases.
We have a use case where we want to log internal bmcweb errors. debug is
way too chatty. Want to be able to select the logging level. This is the
documentation for that end goal.
These are loosely followed today and more patches will come to move some
traces to the appropriate level.
In our use case, we don't want to be blown up by a fuzz tester but do
want internal errors. This is the difference between error logging level
and warning logging level. Warning is used for 4xx (e.g. 404) and error
is used for 5xx.
Plan to write a tool to walk the redfish tree and try random Redfish ids
and/or try a open source fuzzing tool. The logging for these 404s should
be warning.
Moved the ## Debug logging section from the README.md to this
DEVELOPING.md. Wanted the logging all together but didn't think we had
enough for a LOGGING.md and README seems too high level for this detail.
Tested: Pushed to my fork and formatting looked good.
Change-Id: I9713a4e674b3f519fec3f3caac0178af8d8d73a8
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Similar to the code we've been building elsewhere, move Hypervisor
system to a separate method, and avoid lambdas.
Tested: Code compiles. Tested as part of top patch.
Change-Id: Iac49b1d2e216bf785aa0b0aced6d169457ef5a3c
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Similar to the code we've been building elsewhere, move ethernet Hypervisor
to separate methods, and avoid lambdas.
Tested: Code compiles. Tested as part of top patch.
Change-Id: I3f49b3824c212a9b1e8129b99265ed7a470b3e18
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Similar to the code we've been building elsewhere, move Reset Hypervisor
to separate methods, and avoid lambdas.
Tested: Code compiles. Tested as part of top patch.
Change-Id: I19ee473908fac42e69985d406c34cdd6da44c2c6
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
The LogEntry schema has the below properties to store the
originator (or the source) of the dump log entry and type of
originator data:
* Originator
* OriginatorType
The above properties are used for all the user trigerred dumps,
where ip of the dump originator will be stored in the originatorId
field. The same is stored in the backend (phosphor-debug-collector).
phosphor-debug-collector orchestrates the collection and offload of
dumps. It now implements the OriginatedBy interface for dumps. The below
change is upstreamed:
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-debug-collector/+/48337
Reference:
[1] https://redfish.dmtf.org/schemas/v1/LogEntry_v1.xml
Redfish Validator passed.
Tested By:
* Created bmc dump
* Get on the created bmc dump lists the newly added properties in
the redfish response
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: I473eabb81db7511f064904120992ed5449d323e5
|
|
This namespace was created due to some conflicts between these two
namespaces. This commit renames the function that's overloaded and
removes the namespace, along with the TODO.
Tested: No access to hypervisor to test. Inspection only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib94fc23571660fdb74ca90c58f7ab729bced544f
|
|
When If-Match header is provided, calling the HEAD handler in GET
handler will not break the execution flow if Etag does not match.
This patch fixes it by calling setUpRedfishRoute() in GET handlers.
Tested:
GET /redfish/v1/AccountService/Accounts/root with an invalid If-Match,
only the PreconditionFailed error message is in the respose body.
Change-Id: I0bbec820a1d62503db721d8bf620a81bd7c6a92e
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
Id42ea4a90b6685a84818b87d1506c11256b3b9ae missed in couple of files
Tested: None.
Change-Id: I6cbd404132c34168cbc5901c9124ecc6ae6caacb
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
|
|
Error message:
redfish-core/lib/virtual_media.hpp:308:72: style: Parameter 'item'
can be declared as reference to const. However it seems that
'afterGetVmData' is a callback function, if 'item' is declared with
const you might also need to cast function pointer(s).
[constParameterCallback]
dbus::utility::DBusInteracesMap>& item)
^
redfish-core/lib/virtual_media.hpp:346:41: note: You might need to
cast the function pointer here
std::bind_front(&afterGetVmData, name));
^
redfish-core/lib/virtual_media.hpp:308:72: note: Parameter 'item' can
be declared as reference to const
dbus::utility::DBusInteracesMap>& item)
^
This regressed in commit: 79fdf63e2c4148593bb7aec4a3f471ade4c5cba0
Tested: Local CI passes
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: Ia68e63ccaa069aedda01a11ce02aa2ef41021a07
|
|
In a similar way we've transformed code in bmcweb, move these callbacks
to use non-lambdas, to simplify their use.
Tested: No good test harness here. Inspection only, mechanical
transform.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic5c2c86fef0abfaadb07022123ad93914d5ddf69
|
|
404/405 which are part of 4xx errors are client-side errors. These might
be server errors, e.g. a client is walking the redfish tree and had a id
that no longer exists but they could also be the client tried an id or
URL that isn't there, e.g. a fuzz tester. Due to this, use WARNING log
level.
A future commit attempts to better clarify our log levels.
Saw "404 on path v1/badinput/badinput"
Tested: None.
Change-Id: I4f056754638ef2d640615e9fcc74a7a68a767593
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
CableType and LengthMeters were missing in Redfish.md. Added here:
9c929bea78857633f2b71b356abf4aa4b1ac56d2
Tested: None, document.
Change-Id: I7f705fcbf93bdd975d284700a63bc1fa8abe26d9
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This commit fixes IP address object paths in IP address patch/delete
functions as per new networkd d-bus object paths
Tested By:
Delete IPv4/IPv6 IP addresses
PATCH IPv4/IPv6 IP addresses
Change-Id: Ia5a9db763a9ce7a2964f4e07cf8ecb85f04d374f
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
There are use cases where logged in users might want to upload a large
file over a slow connection, and would exceed the 60 second timeout that
bmcweb has. This commit would theoretically allow the user timer to be
per-segment, allowing very long timeouts in the case of slow
connections, so long as some progress was made within the 15 second
window, which seems reasonable.
If user authentication is disabled then there is no user session active
in this case timer will be refreshed as long as progress was made.
This seems like a better alternative compared to setting a very long
(5-20 minute) timeout.
Testing:
- Loaded image on the system
$ curl -k -H 'X-Auth-Token: <token>' -H 'Content-Type: application/octet-stream' -X POST -T ./obmc-phosphor-image-p10bmc.ext4.mmc.tar https://${bmc}:443/redfish/v1/UpdateService/update
{
"@odata.id": "/redfish/v1/TaskService/Tasks/0",
"@odata.type": "#Task.v1_4_3.Task",
"Id": "0",
"TaskState": "Running",
"TaskStatus": "OK"
}
- Tested image load using disable authentication and insecure http
connections.
- Ran few querries and those are fine.
* curl -s -k https://${bmc}:443/redfish/v1/Managers
* curl -s -k https://${bmc}:443/redfish/v1/Managers/bmc
* curl -s -k https://${bmc}:443/redfish/v1/AccountService/Accounts
* curl -s -k https://${bmc}:443/redfish/v1/Systems/system
* curl -s -k https://${bmc}:443/redfish/v1/Chassis/chassis
* curl -s -k https://${bmc}:443/redfish/v1/AccountService/LDAP/Certificates
* curl -k -X POST https://${bmc}:443/redfish/v1/AccountService/Accounts -d '{"UserName": "user99", "Password": "pass123", "RoleId": "Administrator"}'
* curl -k https://${bmc}:443/redfish/v1/AccountService/Accounts/user99
* curl -k -X DELETE https://${bmc}:443/redfish/v1/AccountService/Accounts/user99
* curl -k -H 'Content-Type: application/json' -X POST https://${bmc}:443/login -d '{"username" : "admin", "password" : "newpas1"}'
* curl -k -H 'X-Auth-Token: ' -X PATCH https://${bmc}:443/redfish/v1/AccountService/Accounts/admin -d '{"Password":"newpas2"}'
* curl -k -H 'X-Auth-Token: ' -X POST https://${bmc}:443/logout
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I579c86defdd199c140891a986d70ae2eca63b2aa
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
|
|
There are currently many files that use the get endpoints methods[1].
Since they are general methods, they are defined in the
dbus_utility.hpp file and will be further refactored in subsequent
patches.
Since the current endpoints of phosphor-objmgr do not support
object_path and fails in romulus CI[2], so we should revert to
std::string.
Also, Updated the populateSoftwareInformation method of sw_utils.hpp
[1] https://github.com/openbmc/docs/blob/master/architecture/object-mapper.md#associations
[2] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/58924/22/include/dbus_utility.hpp#98
When an object with, for example, an object path of pathA uses
the following values:
["foo", "bar", "pathB"]
The mapper will create 2 new objects:
pathA/foo
pathB/bar
Tested: Built bmcweb successuflly and Validator passes
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc
{
"@odata.id": "/redfish/v1/Managers/bmc",
"@odata.type": "#Manager.v1_14_0.Manager",
...
"FirmwareVersion": "2.14.0-dev-95-gea3949e76-dirty",
...
}
Tested: Validator passes
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I32a2c663bf2b8c84517bd0ecb4ccba61ce87c7e2
|
|
nlohmann::json::dump() calls are very wordy, have a lot of code to them,
and have some odd usages in exception safety (that are documented in
COMMON_ERRORS.md). Therefore, we should minimize how many places we
call it.
This file dumped the json values to the console for logging, which no
other handler does, and if we want, we have generic ways to do it.
readJson these days has quite a bit of built-in logging that should
cover all of these cases for debug.
Remove the logging, and make managers take on the style of the other
code around it.
Tested: Debug logging deletes only. Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I019dd0549d65e4698e2cee863d9815ca7ddae5a2
|