| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This unit test currently only tests a simple connect and settings frame
transfer, but should form the basis for more complex testing in the
future.
Tested: Unit tests pass
Change-Id: Ieb803dbe490129ec5fe99fb3d4505a06202e282e
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Using the mem_send methods of nghttp2 can reduce the amount of buffering
we need to do. This is recommended by the nghttp2 docs.
Tested: Enabled experimental-http. Curl succeeds on /redfish/v1, and
shows:
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://localhost:18080/redfish/v1
Change-Id: I287d8c956f064d244116fac853055a17fca915a2
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Now that we have a custom boost http body class, we can use it in more
cases. There's some significant overhead and code when switching to a
file body, namely removing all the headers. Making the body class
support strings would allow us to completely avoid that inefficiency.
At the same time, it would mean that we can now use that class for all
cases, including HttpClient, and http::Request. This leads to some code
reduction overall, and means we're reliant on fewer beast structures.
As an added benefit, we no longer have to take a dependency on
boost::variant2.
Tested: Redfish service validator passes, with the exception of
badNamespaceInclude, which is showing warnings prior to this commit.
Change-Id: I061883a73230d6085d951c15891465c2c8445969
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
The muitipart test interacts with some significant details of the
response class. This was largely only done because Request lacked an
addHeader method that Request already had.
Add addHeader() method to the Request class, and adapt multipart unit
tests to use it.
Tested: Unit tests pass. Unit test only changes.
Change-Id: Icb3b92dce6d17011ae0063a962678173b1b01a87
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Logservice has been rewritten to use file_body to offload dump files
from BMC.
There are two kind of dump files, BMC dump and System dump.While BMC
dump just requires default support from beast::file_body, System dump
requires base64 encoding support from beast. But beast::file_body do not
have ready-made support for base64 encoding. So a custom file_body has
been written for the base64 encoding.
The openFile apis in crow::Response do not have support for unix file
descriptor. Since dump files are accesses via descriptors, added new
openFile api that accepts descriptors.
Tested:
Functionality test have been executed to verify the bmc dump offload.
Did sanity test by invoking bmcweb pages via browser.
Change-Id: I24192657c03d8b2f0394d31e7424c6796ba3227a
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>
|
|
As part of https://gerrit.openbmc.org/c/openbmc/bmcweb/+/67667, it would
be desirable if we could incrementally encode base64 in chunks. Given
that base64 encoding requires encoding 3 characters to 4, there's a
possibility that a chunk might not be mod 3 length.
This commit moves the base64 encoder into a class that can run
incrementally.
Tested: Unit tests pass. More tests in next commit.
Change-Id: Ic7da3fd4db865c99fcbd96ae06fdecb87628f94c
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
The less we rely on boost, and more on std algorithms, the less people
have to look up, and the more likely that our code will deduplicate.
Replace all uses of boost::algorithms with std alternatives.
Tested: Redfish Service Validator passes.
Change-Id: I8a26f39b5709adc444b4178e92f5f3c7b988b05b
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")
At some point in the future, we might want to get this enabled in CI.
Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
http_client is not handling connection termination by server due to
keep alive timeout. At present client is not aware of connection
termination from server. So whenever next redfish is event ready to be
sent, the client will try send/receives data over broken connection.
After failed operation the client will try to restart the connection
by closing the current connection.
Problems:
1) Restart is not attempted on all failure paths.
Eg: stream_truncated error was ignored, which usually happens when try
to read from broken connection, due to which retry is never performed.
2) Ssl shutdown over broken connection often fails to call the shutdown
callback
3) ssl session was reused for new connection attempt. Which is wrong
Solution:
This patch will try to reattempt the connection in all failure cases.
It uses new socket object and new ssl session for the retries
Tested by:
Test normal event flow between redfish-event clients and the BMC
Test failure event flow between redfish-event clients and the BMC
Tested the bad path by keeping the setup idle for 3 hours on the above
two setups. Verified the events flow after this idle time
Change-Id: I3d725b9d77bea22e2e8860e01ee0dfc971789008
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
When we call a null weakptr, it will cause a crash.
Add nullptr check for weakptr can avoid this situation.
Tested:
bmcweb.service did not experience core-dump.
Change-Id: I4490d68c70ea5d43681f4fb18b3859afb01ed70a
Signed-off-by: Zhao Gang <zhaogang.0108@bytedance.com>
|
|
Meta Inc's client certificates use an internal Subject CN format
which AFAIK is specific to Meta and don't adhere to a known standard:
Subject: CN = <type>:<entity>/<hostname>
Commit adds the `mutual-tls-common-name-parsing=meta` option to, on
Meta builds, parse the Subject CN field and map either the <entity>
to a local user.
The <type> field determines what kind of client identity the cert
represents. Only type="user" is supported for now with <entity> being
the unixname of a Meta employee. For example, the Subject CN string
below maps to a local BMC user named "kawmarco":
Subject CN = "user:kawmarco/dev123.facebook.com"
Tested: Unit tests, built and tested on romulus using the script below:
https://gist.github.com/kawmarco/87170a8250020023d913ed5f7ed5c01f
Flags used in meta-ibm/meta-romulus/conf/layer.conf :
```
-Dbmcweb-logging='enabled'
-Dmutual-tls-common-name-parsing='meta'
```
Change-Id: I35ee9b92d163ce56815a5bd9cce5296ba1a44eef
Signed-off-by: Marco Kawajiri <kawajiri@meta.com>
|
|
bmcweb should be using the openssl primitives for these checks. There
are examples where we've known to have gotten the behavior incorrect, so
given that OpenSSL clearly should know these things better than we do,
use it.
Tested: unit tests pass.
Change-Id: I0bcd381a9e3c9a1e8e6dc39534e81fa698570689
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Write function in http_response.hpp missing implementation for first
write after changing from filebody.
Usecase:
Current resonse type is filebody. Developer tries to change the body
type to stringbody by calling write function.
Observed:
The write fails to update the body type.
Expected:
Write should succeed and body should change to string body.
Tested:
Unit test has been added for crow::Response.
Manual sanity test done for file offloads using curl.
Change-Id: Icbf8585b5b04c3ac5120d7b334c13d89ed3eb4aa
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>
|
|
At some point, the date got removed from http1 requests. HTTP2 does not
show this issue, but this showed up in unit tests (which is why the
prior commit is adding unit tests).
The Date Header is useful for synchronizing things like
Cache-Control-Policy, with the actual server time, instead of the local
system time.
Tested: Unit tests pass.
Change-Id: I8f105f0cbb6c816c5ec6b14cbeae587d728a20d2
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Boost asio provides a test stream object that we can use to begin unit
testing the connection object. This patchset uses it to re-enable
some simple http1.1 tests. There's some features that have snuck into
the connection class that aren't compatible with a stream (like ip
address getting), so unfortunately we do need the connection class to
be aware if it's in test mode, but that tradeoff seems worthwhile.
Tested: Unit test pass.
Change-Id: Id8b1f8866582b58502dbafe6139f841bf64b8ef3
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
As is, it reads the whole file into memory before sending it. While
fairly fast for the user, this wastes ram, and makes bmcweb less useful
on less capable systems.
This patch enables using the boost::beast::http::file_body type, which
has more efficient serialization semantics than using a std::string. To
do this, it adds a openFile() handler to http::Response, which can be
used to properly open a file. Once the file is opened, the existing
string body is ignored, and the file payload is sent instead.
openFile() also returns success or failure, to allow users to properly
handle 404s and other errors.
To prove that it works, I moved over every instance of direct use of the
body() method over to using this, including the webasset handler. The
webasset handler specifically should help with system load when doing an
initial page load of the webui.
Tested:
Redfish service validator passes.
Change-Id: Ic7ea9ffefdbc81eb985de7edc0fac114822994ad
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.
Change-Id: I2f9540cf0d545a2da4d6289fc87b754f684bc9a7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
These variables don't need propagated to handlers. Any usage of them is
incorrect.
This makes Websocket once again a pure virtual class, which is desired.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id1ecc3911fc502d436a3e6aa29024628fc51aff4
|
|
Response and Request are now movable, so lets use that to our advantage
and make this no longer require a pointer. This removes a couple NOLINT
exceptions in our code, and cleans up a lot of places where we could
potentially get a nullptr.
Tested:
enabled http2-experimental option.
Loaded service root from redfish in curl with logging enabled, logging
verified http/2 was being used.
Redfish service validator passes.
Curl compiled with http returns service root correctly.
Change-Id: I65e11a2311be982df594086413d52838235e1a0c
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This call was neccesary back when we were doing moves of a url_view, but
because this constructor doesn't use a url_view anymore, this isn't
neccesary.
Functionally, this clears up a strange unit test failure that occured in
some cases where this consturctor is used. This constructor is not used
for anything but unit tests.
Tested: Unit tests pass.
Change-Id: I034a69d3a6b6aeada2460bb39f3518846b39f817
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
ssl_handshake fails while establishing connection to IPv6 destination
address, as IPv6 addresses considered as invalid value for SNI hostname
due to special characters.
SNI allows valid HostName which allows characters are only {alphabetic
characters (A-Z), numeric characters (0-9), the minus sign
This commit adds check to avoid setting SNI hostname if its an IP
address
Tested By: Verified redfish events 1. Subscribing Destination with IPv6
address. 2. Subscribing Destination with IPv4 address.
Change-Id: I32d30292bbc29c753f1c1815c66fcc93e8074eaa
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
|
|
Type safety is a good thing. In:
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/65606
It was found that splitting out the URI into encoded pieces in the early
phase removed some information we needed, namely whether or not a URI
was ipv6. This commit changes http client such that it passes all the
information through, with the correct type, rather than passing in
hostname, port, path, and ssl separately.
Opportunistically, because a number of log lines are changing, this uses
the opportunity to remove a number of calls to std::to_string, and rely
on std::format instead.
Now that we no longer use custom URI splitting code, the
ValidateAndSplitUrl() method can be removed, given that our validation
now happens in the URI class.
Tested: Aggregation works properly when satellite URIs are queried.
Change-Id: I9f605863179af54c5af2719bc5ce9d29cbfffab7
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Change introduced in [1] has exposed significant problem in mTLS
verification process, during which an attempt to an uninitialized object
was made. This change removes that attempt and replaces it with resource
that is available at this specific moment of connection lifetime.
Tested:
1. Created and uploaded a set of certificates by following instructions
from TLS Configuration guide [2].
2. Attempted to access /redfish/v1/SessionService/Sessions endpoint
using mTLS authentication method.
With this fix connection has been successful.
[1] https://github.com/openbmc/bmcweb/commit/e01d0c36af115ed46d54b5dbbacfe3ad92226bd3
[2] https://github.com/openbmc/docs/blob/master/security/TLS-configuration.md
Change-Id: I434dbf27169d7ea0207dfd139868d5bf398d24b0
Signed-off-by: Michal Orzel <michalx.orzel@intel.com>
|
|
cout is usually buffered, so make sure that every log message gets
individually flushed. This is especially important when relying on the
systemd journal for timestamping of messages.
Change-Id: I28f6f46978c2fad7855f819b04df964ab3c51351
Signed-off-by: Jonathan Doman <jonathan.doman@intel.com>
|
|
There are instances of ERROR logs that would work better as WARNING or
DEBUG since they do not actually result in bailing early and returning
an error response.
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I1e7bca0bb38487b26a4642ab72ce475170bb53c6
|
|
Clang-tidy has the aforementioned check, which shows a few places in the
core where we ignored the required optional checks. Fix all uses.
Note, we cannot enable the check that this time because of some weird
code in health.hpp that crashes tidy[1]. That will need to be a future
improvement.
There are tests that call something like
ASSERT(optional)
EXPECT(optional->foo())
While this isn't an actual violation, clang-tidy doesn't seem to be
smart enough to deal with it, so add some explicit checks.
[1] https://github.com/llvm/llvm-project/issues/55530
Tested: Redfish service validator passes.
Change-Id: Ied579cd0b957efc81aff5d5d1091a740a7a2d7e3
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
The log entries with the meson configured log level are
currently missing.
Tested:
- Add the logging level to debug to local.conf
```
conf/local.conf:
EXTRA_OEMESON:pn-bmcweb:append = "-Dbmcweb-logging='debug'"
```
- Run the current bmcweb and check bmcweb DEBUG logs which won't be shown.
- With the fix, do the same test and check the DEBUG logs.
```
Aug 02 00:07:52 p10bmc bmcweb[229]: [INFO http_connection.hpp:229] Request: 0x1759d10 HTTP/1.1 GET /redfish ::ffff:127.0.0.1
Aug 02 00:07:52 p10bmc bmcweb[229]: [DEBUG http_connection.hpp:260] Setting completion handler
Aug 02 00:07:52 p10bmc bmcweb[229]: [DEBUG http_response.hpp:238] 0x16d2540 setting completion handler
Aug 02 00:07:52 p10bmc bmcweb[229]: [DEBUG routing.hpp:669] Matched rule '/redfish/' 1 / 2
Aug 02 00:07:52 p10bmc bmcweb[229]: [DEBUG query.hpp:121] setup redfish route
```
Similar tests can be done with the other logging level.
Change-Id: Ifd6dac5b734363fbad70bc62f3dd03a5053ed2fd
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
This reverts commit 8ed41c35a314580bb794fa0fff2e01b0bf7efcf7.
In discord, it was posted 2 systems are hitting 403 Forbidden for all
endpoints.
Reverting fixed the problem, until time is given to dive into this,
just revert.
One of the things wrong is this is missing an After/Want
xyz.openbmc_project.User.Manager.service.
Change-Id: I1766a6ec2dbc9fb52da3940b07ac002a1a6d269a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
There is an async call within the router that leads to a small, but
pervasive performance issue for all queries. Removing that call from the
router has the potential to increase the performance of every
authenticated query, and significantly reduce our dbus traffic for
"simple" operations.
This commit re-implements the role cache in session object that existed
previously many years ago. Each users role is fetched during
authentication and persisted in session object. Each successive request
can then be matched against the privilege which is there in the
in-memory session object.
This was discussed on below commit
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39756
Tested by:
```
POST /redfish/v1/SessionService/Sessions {"UserName":"root", "Password": “0penBmc”}
```
Followed by redfish queries
Get /redfish/v1/AccountService
Tested user role persistency
Redfish service validator passes.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I575599c29358e32849446ce6ee7f62c8eb3885f6
|
|
The recent change to logging has caused a couple of bugs. First, when
building within yocto, the complete path is now returned on log
messages. This is wasteful of speed, and not super helpful to
developers to have a full path. Per the discussion on the original
patchset, drop this down to just the filename.
2, because of it's use as a pseudo log level, "enabled" is in the list
of strings. This causes an index mismatch, which causes logs to be
logged at the wrong level beyond debug. Move the entry to the end to
fix this.
Third, move the logging of level to upper case, to follow the old
convention.
Tested:
Enabled meson option for logging, observed logs like:
```
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG query.hpp:121] setup redfish route
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:248] 0x561bc11a7a40 releasing ce
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:238] 0x561bc11a7a40 setting comr
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:223] 0x561bc11a7a40 calling comr
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:226] 0x561bc11a7a40 completion d
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG query_param.hpp:1019] Processing query params
```
Change-Id: I4ac506c623a17f81ae83545e59291d2729dc82cb
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Currently while parsing destination URL, host address enclosed in [] braces for IPv6 addresses, so Resolve hostname fails for IPv6 addresses because of this invalid hostname which is enclosed in [] braces.
This commit uses encoded_host_address() method to fix this parsing hostname for IPv6 address.
Tested By: Configured redfish event subscription with IPv6 destination URI verified parsing logic of destination URI with IPv6 addresses.
Change-Id: I0e43468086ae0b961eb724de30e211d61ccda2d8
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
|
|
std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.
Unfortunately, given its level of compile time checks, it needs to be a
method, instead of the stream style logging we had before. This
requires a pretty substantial change. Fortunately, this change can be
largely automated, via the script included in this commit under
scripts/replace_logs.py. This is to aid people in moving their
patchsets over to the new form in the short period where old patches
will be based on the old logging. The intention is that this script
eventually goes away.
The old style logging (stream based) looked like.
BMCWEB_LOG_DEBUG << "Foo " << foo;
The new equivalent of the above would be:
BMCWEB_LOG_DEBUG("Foo {}", foo);
In the course of doing this, this also cleans up several ignored linter
errors, including macro usage, and array to pointer deconstruction.
Note, This patchset does remove the timestamp from the log message. In
practice, this was duplicated between journald and bmcweb, and there's
no need for both to exist.
One design decision of note is the addition of logPtr. Because the
compiler can't disambiguate between const char* and const MyThing*, it's
necessary to add an explicit cast to void*. This is identical to how
fmt handled it.
Tested: compiled with logging meson_option enabled, and launched bmcweb
Saw the usual logging, similar to what was present before:
```
[Error include/webassets.hpp:60] Unable to find or open /usr/share/www/ static file hosting disabled
[Debug include/persistent_data.hpp:133] Restored Session Timeout: 1800
[Debug redfish-core/include/event_service_manager.hpp:671] Old eventService config not exist
[Info src/webserver_main.cpp:59] Starting webserver on port 18080
[Error redfish-core/include/event_service_manager.hpp:1301] inotify_add_watch failed for redfish log file.
[Info src/webserver_main.cpp:137] Start Hostname Monitor Service...
```
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I86a46aa2454be7fe80df608cb7e5573ca4029ec8
|
|
The Async DBus resolver really has nothing to do with crow, which is our
core http library namespace and has some opportunistic cleanups that can
be done.
This commit moves it into the bmcweb namespace (unimportantly) and
breaks out one of the larger functions such that it can be unit tested,
and unit tests it.
Tested: Unit tests pass.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie3cfbb0ef81a027a1ad42358c04967a517471117
|
|
This commit adds the host and port data to the existing error messages
that are hit during redfish event
Tested by:
Checked the traces on BMC when there is a bad subscriber
Change-Id: I3f18bc3b999c136c42c4c0021c5fcadddb9e4bff
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
|
|
readability-container-data-pointer flags one error in our codebase, but
can definitely find issues in patchsets. Fix the one error (that came
from crow), and enable the check.
Change-Id: I3045ec9a58d80300c90921dda1a2fe3859ffed7b
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This class is no longer really used or needed, and previously was
largely replaced with boost::callable_traits. This moves the last usage
of arg_t over to callable_traits.
Tested: Redfish service validator passes
This series of commits drops ~5 seconds from the bmcweb compile times in
my testing.
Change-Id: I2d0ac728d282e876232f5379f3bd6ff1ddede2ba
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
HTTP/2 gives a number of optimizations, while keeping support for the
protocol. HTTP/2 support was recently added to the Redfish
specification. The largest performance increase in bmc usage is likely
header compression. Almost all requests reuse the same header values,
so the hpack based compression scheme in HTTP/2 allows OpenBMC to be
more efficient as a transport, and has the potential to significantly
reduce the number of bytes we're sending on the wire.
This commit adds HTTP2 support to bmcweb through nghttp2 library. When
static linked into bmcweb, this support adds 53.4KB to the bmcweb binary
size. nghttp2 is available in meta-oe already.
Given the experimental nature of this option, it is added under the
meson option "experimental-http2" and disabled by default. The hope is
to enable it at some point in the future.
To accomplish the above, there a new class, HTTP2Connection is created.
This is intended to isolate HTTP/2 connections code from HttpConnection
such that it is far less likely to cause bugs, although it does
duplicate about 20 lines of code (async_read_some, async_write_some,
buffers, etc). This seems worth it for the moment.
In a similar way to Websockets, when an HTTP/2 connection is detected
through ALPN, the HTTP2Connection class will be instantiated, and the
socket object passed to it, thus allowing the Connection class to be
destroyed, and the HTTP2Connection to take over for the user.
Tested: Redfish service validator passes with option enabled
With option disabled
GET /redfish/v1 in curl shows ALPN non negotiation, and fallback to
http1.1
With the option enable
GET /redfish/v1 in curl shows ALPN negotiates to HTTP2
Change-Id: I7839e457e0ba918b0695e04babddd0925ed3383c
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
The black_magic namespace has been eradicated of what most would call
"black magic" and while there's some non-trivial stuff in there, it's
far from the most complicated part of this stack.
This commit takes the two remaining things in the black_magic namespace,
namely the parameter tagging functionality, and moves them into the
utility namespace.
Tested: Redfish service validator passes
Change-Id: I9e2686fff5ef498cafc4cb83d4d808ea849f7737
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
There's a lot of complexity left in the router. The recent decision to
only support string arguments means that this can be significantly
cleaned up.
In some cases, this is done to simply expand the variadic template and
handle all parameter cases up to 5 (which should be the max we ever
see). While this might seem like it's not very DRY friendly (Don't
repeat yourself) this is significantly better than what we had, which
was very tough to deciper.
Tested: Redfish service validator passes
Change-Id: Ic72e54cffd7b9f4a85e6c9d143c45fa20530a2cd
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This is no longer required, and was used previously when the router was
more complex. Remove the unused methods.
Usage of this was removed in:
15a42df0 Remove number support from the router
Tested: Code compiles.
Change-Id: Idd8b3e928077efc929b951f3bf520105ceea72e3
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Now that we only accept string-like arguments, as of the commit:
15a42df0 Remove number support from the router
This function is no longer used or required.
Tested: Code compiles.
Change-Id: If5eedd9f5903db01b403c4e5b23fceb23d0d10e6
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
There's a large part of the http::Connection class that has nothing to
do with the connection at all, and is all about parsing, and finalizing
the response. Break that portion out into its own method that can (in
the future) be unit tested.
Tested: Redfish service validator passes
Change-Id: Ic608d432e69e25c0e0a1555ecc24ed62adba2664
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Implement SNMPTrap in EventDestination of Redfish. We can use
this Redfish interface to add/get/delete the SNMPTrap port and
destination address. When the error
log is generated, phosphor-snmp
will send SNMPTrap messages to our configured SNMPTrap destination.
The MIB is here:
[1] https://github.com/openbmc/phosphor-snmp/blob/master/mibs/NotificationMIB.txt
Refer:
[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0268_2019.3.pdf
SNMPTrap test: Tested ok on the Witherspoon machine.
Steps are as follows:
1. Use this Redfish interface to configure the port and
destination address:
curl -k -H "X-Auth-Token: $token" -X POST
https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination": "snmp://192.168.31.89:162",
"SubscriptionType": "SNMPTrap", "Protocol": "SNMPv2c"}'
2. Run the SNMPTrap receiver tool in the destination
computer(192.168.31.89),I used iReasoning MIB Browser as the
SNMPTrap receiving tool.
3. Trigger error logs such as power supply AC Lost. We will see
the error log under /xyz/openbmc_project/logging.
4. The SNMPTrap receiver tool in the destination computer received
the SNMPTrap sent by OpenBMC.
Tested: Validator passes
1. Add snmp client:
curl -k -H "X-Auth-Token: $token" -X POST
https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination": "snmp://192.168.31.89:162",
"SubscriptionType": "SNMPTrap", "Protocol": "SNMPv2c",
"Context": "testContext"}'
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"Message": "The resource has been created successfully",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Created",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
2. Get snmp trap client configurations:
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/EventService/Subscriptions/snmp1
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/snmp1",
"@odata.type": "#EventDestination.v1_7_0.EventDestination",
"Context": "testContext",
"Destination": "snmp://192.168.31.89:162",
"EventFormatType": "Event",
"Id": "snmp1",
"Name": "Event Destination snmp1",
"Protocol": "SNMPv2c",
"SubscriptionType": "SNMPTrap"
}
Reboot the BMC, and get the snmp trap client again:
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/EventService/Subscriptions/snmp1
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/snmp1",
"@odata.type": "#EventDestination.v1_7_0.EventDestination",
"Context": "testContext",
"Destination": "snmp://192.168.31.89:162",
"EventFormatType": "Event",
"Id": "snmp1",
"Name": "Event Destination snmp1",
"Protocol": "SNMPv2c",
"SubscriptionType": "SNMPTrap"
}
3. Delete snmp client:
curl -k -H "X-Auth-Token: $token" -X DELETE
https://${bmc}/redfish/v1/EventService/Subscriptions/snmp1
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Success",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
4. After we have added some SNMP clients using Redfish, we can see them
in Dbus:
busctl tree xyz.openbmc_project.Network.SNMP
`-/xyz
`-/xyz/openbmc_project
`-/xyz/openbmc_project/network
`-/xyz/openbmc_project/network/snmp
`-/xyz/openbmc_project/network/snmp/manager
|-/xyz/openbmc_project/network/snmp/manager/1
busctl introspect xyz.openbmc_project.Network.SNMP
/xyz/openbmc_project/network/snmp/manager/1
xyz.openbmc_project.Network.Client
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
.Address property s "192.168.31.89" emits-change writable
.Port property q 162 emits-change writable
5. Use "busctl call" add client
busctl call xyz.openbmc_project.Network.SNMP
/xyz/openbmc_project/network/snmp/manager
xyz.openbmc_project.Network.Client.Create
Client sq 192.168.31.90 162
s "/xyz/openbmc_project/network/snmp/manager/2"
We will see it use the redfish url:
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/EventService/Subscriptions/snmp2
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/snmp2",
"@odata.type": "#EventDestination.v1_7_0.EventDestination",
"Context": "",
"Destination": "snmp://192.168.31.90:162",
"EventFormatType": "Event",
"Id": "snmp2",
"Name": "Event Destination snmp2",
"Protocol": "SNMPv2c",
"SubscriptionType": "SNMPTrap"
}
6. Deleting snmp client using "busctl"
First, we use redfish to add some SNMP clients:
curl -k -H "X-Auth-Token: $token" -X POST
https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination": "snmp://192.168.31.90:162",
"SubscriptionType": "SNMPTrap", "Protocol": "SNMPv2c",
"Context": "testContext0"}'
curl -k -H "X-Auth-Token: $token" -X POST
https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination": "snmp://192.168.31.91:162",
"SubscriptionType": "SNMPTrap", "Protocol": "SNMPv2c",
"Context": "testContext1"}'
Then we can use redfish to get the subscriptions:
curl -k -H "X-Auth-Token: $token" -XGET
https://${bmc}/redfish/v1/EventService/Subscriptions
{
"@odata.id": "/redfish/v1/EventService/Subscriptions",
"@odata.type":"#EventDestinationCollection.EventDestinationCollection",
"Members": [
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/snmp1"
},
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/snmp2"
}
],
"Members@odata.count": 2,
"Name": "Event Destination Collections"
}
Now we use busctl to delete SNMP client 2:
busctl call xyz.openbmc_project.Network.SNMP
/xyz/openbmc_project/network/snmp/manager/2
xyz.openbmc_project.Object.Delete Delete
Then we won't see snmp2 in the subscriptions of redfish:
curl -k -H "X-Auth-Token: $token" -XGET
https://${bmc}/redfish/v1/EventService/Subscriptions
{
"@odata.id": "/redfish/v1/EventService/Subscriptions",
"@odata.type":"#EventDestinationCollection.EventDestinationCollection",
"Members": [
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/snmp1"
}
],
"Members@odata.count": 1,
"Name": "Event Destination Collections"
}
7. Test the generic event subscription to make sure it didn't impacted
Add Redfish subscription:
curl -k -H "X-Auth-Token: $token" -X POST
https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination": "https://192.168.31.189:443",
"SubscriptionType": "RedfishEvent", "Protocol": "Redfish",
"Context": "testContext"}'
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The resource has been created successfully.",
"MessageArgs": [],
"MessageId": "Base.1.13.0.Created",
"MessageSeverity": "OK",
"Resolution": "None."
}
]
Get Redfish subscription:
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/EventService/Subscriptions/1358109191
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/1358109191",
"@odata.type": "#EventDestination.v1_8_0.EventDestination",
"Context": "testContext",
"DeliveryRetryPolicy": "TerminateAfterRetries",
"Destination": "https://192.168.31.189:443",
"EventFormatType": "Event",
"HttpHeaders": [],
"Id": "1358109191",
"MessageIds": [],
"MetricReportDefinitions": [],
"Name": "Event Destination 1358109191",
"Protocol": "Redfish",
"RegistryPrefixes": [],
"ResourceTypes": [],
"SubscriptionType": "RedfishEvent"
}
Signed-off-by: Chicago Duan <duanzhijia01@inspur.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie589b3934ee749c7e0add35e3ed1b0b7e817c557
|
|
This reverts commit e628df8658c57f6943b6d3612e1077618e5a168a.
This appears to cause problems with non-cookie login of the console
websocket. This appears to be a gap in both our testing, and things
that we have scripting to do, but clearly it's a change in behavior, so
if we want to change the behavior, we should do it intentionally, and
clearly, ideally with a path to make clients work, or an explicit
documentation that the webui is the only supported client.
Change-Id: I334257e1355a5b8431cb7ecfe58ef8a942f4981c
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we want in this case.
This allows us to call the actual methods several times, instead of
essentially string injecting our own code, which should make it clearer.
At the same time, there was one unit test that was structured such that
it was using addHeader to clear a header, so this commit adds an
explicit "clearHeader()" method, so we can be explicit.
Tested:
Logging into the webui in chrome (which uses POST /login) shows:
401 with no cookie header if the incorrect password is used
200 with 2 Set-Cookie headers set:
Set-Cookie:
SESSION=<session tag>; SameSite=Strict; Secure; HttpOnly
Set-Cookie:
XSRF-TOKEN=<token tag>; SameSite=Strict; Secure
Change-Id: I9b87a48ea6ba892fc08e66940563dea86edb9a65
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
The router is a giant behemoth. Start breaking it down into pieces.
Tested: Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9d04f53a58ffce3ecbd88dded1aa6e9648d2a762
|
|
All new uses should be using boost::urls::url now. This was the last
usage.
Tested: Logged into webui, and observed the correct URL behavior.
In browser window /foobar
Forwarded to /?next=/foobar#/login
Which is correct.
Note, this is different behavior slightly than before. It was found
that the URI precedence goes query string THEN fragment, rather than the
other way around that we had it. This was flagged when moving over to
boost url structures.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifb354537d71a43c531d7d380dd889cf646731e39
|
|
this-> is redundant when operating within a class member scope. We
should aim to be consistent.
This change was done automatically with sed replace
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If791e83e0bd5f84031e65156b7ea082ded8e158c
|
|
This drop adds support for multiple consoles. The following changes are
made to achieve this.
- Kept the "/console0" route for backward compatibility
- Added a new route "/console/<str>" to support multiple consoles. All
new consoles must use this route string.
Testing:
- Make sure that old console path /console0 is working.
[INFO "http_connection.hpp":209] Request: 0x1bc2e60 HTTP/1.1
GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1bdb67c opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/default service =
xyz.openbmc_project.Console.default Request target = /console0
[DEBUG "obmc_console.hpp":198] Console web socket path: /console0
Console unix FD: 12 duped FD: 13
[DEBUG "obmc_console.hpp":82] Reading from socket
[DEBUG "obmc_console.hpp":162] Remove connection 0x1bdb67c from
obmc console
- Make sure that new path for default console working
[INFO "http_connection.hpp":209] Request: 0x1bd76a8 HTTP/1.1
GET /console/default ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console/<str>'
1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1baf82c opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/default service =
xyz.openbmc_project.Console.default Request
target = /console/default
[DEBUG "obmc_console.hpp":198] Console web socket path:
/console/default Console unix FD: 12 duped FD: 13
[DEBUG "obmc_console.hpp":82] Reading from socket
[INFO "obmc_console.hpp":154] Closing websocket. Reason:
[DEBUG "obmc_console.hpp":162] Remove connection 0x1baf82c from
obmc console
- Make sure that path for hypervisor console is working.
[INFO "http_connection.hpp":209] Request: 0x1bc2e60 HTTP/1.1
GET /console/hypervisor ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console/<str>'
1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1bc5234 opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/hypervisor service =
xyz.openbmc_project.Console.hypervisor Request
target = /console/hypervisor
[DEBUG "obmc_console.hpp":198] Console web socket path:
/console/hypervisor Console unix FD: 12 duped FD: 13
[DEBUG "obmc_console.hpp":82] Reading from socket
[INFO "obmc_console.hpp":154] Closing websocket. Reason:
[DEBUG "obmc_console.hpp":162] Remove connection 0x1bc5234 from
obmc console
- Make sure that bad console path is failing properly due to DBUS error.
[INFO "http_connection.hpp":209] Request: 0x1bd76a8 HTTP/1.1
GET /console/badconsoleid ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1240] Matched rule (upgrade) '/console/<str>'
1 / 2
[DEBUG "obmc_console.hpp":212] Connection 0x1bdb67c opened
[DEBUG "obmc_console.hpp":241] Console Object path =
/xyz/openbmc_project/console/badconsoleid service =
xyz.openbmc_project.Console.badconsoleid Request
target = /console/badconsoleid
[ERROR "obmc_console.hpp":174] Failed to call console Connect()
method DBUS error: No route to host
Change-Id: I9b617bc51e3ddc605dd7f4d213c805d05d2cfead
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This commit is entirely just moving code, such that not all compile
units need to pull in the full html serializer.
Tested: Unit tests pass. Pretty good coverage.
Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifaebe9534c0693dc678fd994517563b89aca0cc5
|
