| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This commit adds two core features to bmcweb:
1. A multipart mime parser that can read multipart form requests into
bmcweb. This is implemented as a generic parser that identifies the
content-type strings and parses them into structures.
2. A /login route that can be logged into with a multipart form. This
is to allow changing the login screen to a purely forms based
implementation, thus removing the very large whitelist we currently have
to maintain, and removing javascript from our threat envelope.
More testing is still needed, as this is a parser that exists outside of
the secured areas, but in this simple example, it seems to work well.
Tested: curl -vvvvv --insecure -X POST -F 'username=root' -F
'password=0penBmc' https://<bmc ip address>:18080/login
Returned; { "data": "User 'root' logged in", "message": "200 OK",
"status": "ok" }
Change-Id: Icc3f4c082d584170b65b9e82f7876926cd38035d
Signed-off-by: Ed Tanous<ed@tanous.net>
Signed-off-by: George Liu <liuxiwei@inspur.com>
|
|
Alphabetize all lists. Being alphabetical allows us to be more
consistent, improves readability for some of the larger lists, and
decreases the likelihood that patches conflict when doing inserts into
lists.
At the same time, some elements were duplicated between the lists, so
deduplicate them.
Note, for lists where order matters, like the c++ warnings, -Wno-* are
put in the lists after the -W* options.
Tested:
Code builds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1fe715c412d3b49bee58d0269a415bf919d62064
|
|
Current HTTP server creates an IPv6 acceptor to accept both IPv4 and
IPv6 connections. In this way, IPv4 address will be presented as IPv6
address in IPv4-mapped format. This patch converts it back to IPv4.
Tested:
Verified the ClientOriginIP in Session is shown in native IPv4 format
instead of IPv4-mapped IPv6 format.
Change-Id: Icd51260b2d4572d52f5c670128b7f07f6b5e6912
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
The bug mentioned in the meson file has long since been closed, so
reenable the compiler option.
Tested:
Code builds without warnings.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie88b7e40d7a56718b9be29a6bfccf2b9a0831b30
|
|
* SYSTEM_NO_DEPRECATED no longer exists and was replaced by the opposite
option SYSTEM_ENABLE_DEPRECATED
* ERROR_CODE_HEADER_ONLY no longer exists.
* NO_RTTI and NO_TYPEID are auto-detected and should not be set by user.
* COROUTINES_NO_DEPRECATION_WARNING no longer exists.
* URL_STANDALONE no longer exists.
* URL_HEADER_ONLY no longer exists.
Tested: compiled bmcweb binary is exactly the same before and after
change, both built within OpenBMC yocto and externally.
Signed-off-by: Jonathan Doman <jonathan.doman@intel.com>
Change-Id: I09fcab614452b9f011e84e4f7fa57908f57057a6
|
|
Implemented the disable-auth option.
This patch also removed the pam option which never worked.
Tested:
With disable-auth,
```
~# wget -qO- http://localhost/redfish/v1/Systems/
{
"@odata.id": "/redfish/v1/Systems",
"@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system"
}
],
"Members@odata.count": 1,
"Name": "Computer System Collection"
}
```
Without disable-auth,
```
~# wget -qO- http://localhost/redfish/
{
"v1": "/redfish/v1/"
}
~# wget -qO- http://localhost/redfish/v1/Systems/system
wget: server returned error: HTTP/1.1 401 Unauthorized
```
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I88e4e6fa6ed71096bc866b42b9af283645a65988
|
|
This reverts commit d8f8b2ef4c73f38ec466861b753b71eaabae271c.
Reason for revert: Broke the build. Other patches got reverted.
Change-Id: I4922f516ca08660f5fdc725b2c3ec8831386b4dd
|
|
This type of testing can validate bmcwebs generated redfish. The ability
to validate the output of bmcweb is extremely useful because it will
guarantee correctness in certain cases.
This is an example of redfish unit testing. The long term goal is to
apply this type of testing to several other redfish responses.
To make this change many previous changes were needed
* Break serviceroot callback into the free function.
* Change ownership of the request and response objects.
* Change setCompleteRequestHandler logic
Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I560cbb0309c25670cacd81c32bccae3445ccca7b
|
|
This commit is designing and implementing a new logging service in
Redfish to expose host serial console logs.The goal is that clients
can talk to bmc via Redfish and get a real-time console. It will improve
the debuggability of BMCs.
We will add three paths to redfish tree to implement the feature:
1. /redfish/v1/Systems/system/LogServices/HostLogger
2. /redfish/v1/Systems/system/LogServices/HostLogger/Entries
3. /redfish/v1/Systems/system/LogServices/HostLogger/Entries/<str>
To use this feature, we expect to use phosphor-hostlogger(stream mode)
+ rsyslog + bmcweb. Phosphor-hostlooger in stream mode forwards the byte
stream into rsyslog via the imuxsock module. The log is persisted via
the omfile module as soon as collected. It makes Host Logger leverage
exsisting tools (rsyslog and logrotate). Then we can expose host serial
console logs via bmcweb.
This feature can be enabled or disabled by setting the option
"redfish-host-logger", and the default value is "enabled". If you don't
want to expose host serial console logs, you need to turn the value to
"disabled".
Sample Output:
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger",
"@odata.type": "#LogService.v1_1_0.LogService",
"Description": "Host Logger Service",
"Entries": {
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries"
},
"Id": "HostLogger",
"Name": "Host Logger Service"
}
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/Entries
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Collection of HostLogger Entries",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries/0",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"EntryType": "Oem",
"Id": "0",
"Message": "123123",
"Name": "Host Logger Entry",
"OemRecordFormat": "Host Logger Entry",
"Severity": "OK"
}
],
"Members@odata.count": 1,
"Name": "HostLogger Entries"
}
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/Entries/0
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries/0",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"EntryType": "Oem",
"Id": "0",
"Message": "123123",
"Name": "Host Logger Entry",
"OemRecordFormat": "Host Logger Entry",
"Severity": "OK"
}
Signed-off-by: Spencer Ku <Spencer.Ku@quantatw.com>
Change-Id: I4ad2652a80fb1c441a25382b7d422ecd7ffc8557
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I69230cf0772a2e49b46930fa5a94ac342041baa4
|
|
The feature map is written in such a way that, it can
dynamically add the feature flags to the compiler arguemnts
and also add's the description to the Summary section.
This commit also sorts the features in the feature list.
Tested By:
1. Enabled the added feature flags, and checked the generated
compile_commands.json in the build to make sure the respective
compiler flags are added during build.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I6ec0d0510a832d5bc0ddb78df581b2bd88ff6768
|
|
Currently, we build several test binaries. This gives a pattern that
every time we add a new test suite, we add a new binary, which doesn't
scale all that well as we start getting more unit tests.
This commit moves all unit tests into a single binary called
"bmcweb_unit_tests", which also allows simplifying some logic around
dependencies and src files.
Tested:
Code builds as it did before, unit tests run and pass, and show the same
number of atoms tested.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I95aba1a351ee6a94d7ecc6e1401e35ce2c696e49
|
|
This commit enables separate compilation for asio and beast. Details on
how this option works are here:
https://www.boost.org/doc/libs/1_77_0/doc/html/boost_asio/using.html
This allows separating out the build of the boost components from the
rest of the components, which should decrease our intermediate build
times in the future as we start breaking things up better.
Tested:
Code builds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1614bb4ccddebcf1d4858112a25a870378497ecc
|
|
This is done to match yocto.
Tested:
meson build
cd build
ninja
Compiles properly.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic0d9ffbb9e6d243dd3f929f880dbeead63114a7a
|
|
When saving the set NTPServers values from webUI, NTPServer may contain
duplicate values and null values and update them to D-Bus.
Now, need to parse and verify the value of the ntpServers attribute,and
remove duplicate values and null values.
Tested:save NTP and check it via D-Bus
without this patch:
NTPServers property as 3 "" "10.164.29.2" "10.164.29.2"
with this patch:
NTPServers property as 2 "" "10.164.29.2"
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I52291e4608efd635b179f3934c3d3e805afd2209
|
|
This commit appears to cause 500 errors on systems that don't have
host-logger installed. Reverting for now to get the codebase back to
stable; To the author, please fix the error and resubmit.
The bump that failed is here:
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/47933
This reverts commit bf888502a247d8374c70e7ceddc9862bf0ad88bd.
Change-Id: I346178f079245f96e2c1e03720490dcbcf19427b
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This commit is designing and implementing a new logging service in
Redfish to expose host serial console logs.The goal is that clients
can talk to bmc via Redfish and get a real-time console. It will improve
the debuggability of BMCs.
We will add three paths to redfish tree to implement the feature:
1. /redfish/v1/Systems/system/LogServices/HostLogger
2. /redfish/v1/Systems/system/LogServices/HostLogger/Entries
3. /redfish/v1/Systems/system/LogServices/HostLogger/Entries/<str>
To use this feature, we expect to use phosphor-hostlogger(stream mode)
+ rsyslog + bmcweb. Phosphor-hostlooger in stream mode forwards the byte
stream into rsyslog via the imuxsock module. The log is persisted via
the omfile module as soon as collected. It makes Host Logger leverage
exsisting tools (rsyslog and logrotate). Then we can expose host serial
console logs via bmcweb.
This feature can be enabled or disabled by setting the option
"redfish-host-logger", and the default value is "enabled". If you don't
want to expose host serial console logs, you need to turn the value to
"disabled".
RedfishServiceValidator results:
/redfish/v1/Systems/system/LogServices/HostLogger
pass: 4
passGet: 1
skipOptional: 9
/redfish/v1/Systems/system/LogServices/HostLogger/Entries
pass: 24
passGet: 1
skipOptional: 1
/redfish/v1/Systems/system/LogServices/HostLogger/Entries/<str>
pass: 7
passGet: 1
skipOptional: 15
Sample Output:
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/Entries
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Collection of HostLogger Entries",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries/1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"EntryType": "Event",
"Id": "1",
"Message": "[ 57.061546] gq 0000:16:00.0 eth0: link up, 100 Gbps, no PAUSE",
"MessageArgs": [
"[ 57.061546] gq 0000:16:00.0 eth0: link up, 100 Gbps, no PAUSE"
],
"MessageId": "OpenBMC.0.1.SerialLogAdded",
"Name": "HostLogger Entries",
"Severity": "OK"
},
...
],
"Members@odata.count": 22,
"Name": "HostLogger Entries"
}
Signed-off-by: SpencerKu <Spencer.Ku@quantatw.com>
Change-Id: I5a7873caa117400fb0a737588a50bd743e8b5063
|
|
This commit attempts to optimize some code and reduce our dependence on
boost libraries, as the coding standard recommends. It does this by
introducing a new method, intToHexString, which is a greatly simplified
"to hex" converter that doesn't require std::locale, or stream buffers,
and is very efficient. This deletes our need for boost::format, as well
as our need for boost::lexical_cast, both of which are fairly heavy
libraries.
Tested:
Unit tests pass.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I3b0f6eeb10256f87320adcc0ae9396f6bcbc8740
|
|
Use `meson wrap update tinyxml` to get the latest version (9.0.0)
and simplify the corresponding meson directives.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7513c2dca11ad9728c530e2f44986916594b2407
|
|
Current versions of meson warn about the use of a deprecated API and
suggest a replacement. Follow the advice.
WARNING: Project targeting '>=0.57.0' but tried to use feature
deprecated since '0.56.0': Dependency.get_pkgconfig_variable.
use Dependency.get_variable(pkgconfig : ...) instead
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I3aa4de97cae02cf7691adf4dd5a19e257914d9cc
|
|
This commit implements the ability to sort lists of strings that might
include numbers into "human" ordered lists. As an example of a problem
this solves, imagine a system with 12 dimms, today std::sort would net
you:
Dimm1
Dimm11
Dimm12
Dimm2
Dimm3
.....
This method breaks apart that string and sorts them in a way humans
would expect.
This code is originally inspired by the algorithm defined here:
http://www.davekoelle.com/alphanum.html. The site does include c++ code
that is MIT licensed, but is significantly more complex than what is
present in this commit. This commit also takes advantages in the form
of std::string_view to deduplicate overloads, as well as other c++17
features.
Tested:
Unit tests pass
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iac54c2e0d9998d4d622d74049b1dd957e4b3ca75
|
|
As recommended by the warning message that appears from Meson, picking
up the include directory from the nlohmann_json package itself, as it
exports the nlohmann_json_dep Meson variable, instead of having to
hardcode the directory paths here.
Tested: Works for me, warning message goes away
Change-Id: Ifaf10dc8ac45566c509c3ba80ba7b338bc8fe44c
Signed-off-by: Josh Lehan <krellan@google.com>
|
|
The original code said we'd remove this in Q4 2021, and it's now Q4
2021. So far as I've heard, no user has reported this, and no system
has needed to enable this for backward compatibility. The original
author of the patch has stated that it's no longer used, so this is
effectively dead code, lets remove it.
Also, added a missing return in what was previously a #ifdef
Tested:
Code builds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1d58efb92ed06b7632d57440072834a1d02e87dd
|
|
Update to the latest version of boost::uri
The newest version of boost uri makes some breaking changes that we need
to account for. At the same time, we take the opportunity to move to
the error code based parse methods that don't rely on exceptions.
The biggest changes are:
The standalone build is no longer present. A discussion with the
boost::url maintainers shows that our best option is to do a simple
copy of the headers, and compile boost/url/src.hpp in a separate file.
This is intended to allow people to pull the library in "standalone" and
not have to rely on the build machinery in boost-url, which we don't
really need. Interestingly, this file doesn't have a newline at the
end, which clang correctly flags. OpenBMC doesn't really need that
warning, as we rely on clang-format to do that, so we add
-Wno-newline-eof clang to get the code to compile there.
All url parsers are moved to the parse_uri, or parse_relative_uri
equivalents. This slightly tightens the requirements around what URLs
are accepted, but in no ways that should break anything. (Ie,
"/redfish/v1" is no longer accepted for a virtual media endpoint.
boost::urls::url_view::params_type has been renamed to
query_params_type, and the relevant methods have been updated.
Because of the missing standalone mode, we now need to use
boost::string_view which doesn't implicitly construct from
std::string_view. Some discussion on the boost list shows that this is
coming soon, so that cruft can eventually be cleaned up, but for now we
need the construction.
Tested:
Loaded in qemu, and ran some URLs (/redfish/v1 and /redfish/v1/Chassis)
to ensure that the url handler functions as intended.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I5843776d4ec01b4d92af2ee3a9cf1ebb1d920ae7
|
|
This commit trys to clean up our meson formatting a little for easier
readability. it does this by making every multi-item list pick
consistent formatting, tabbing in the appropriate amount on the newline.
This makes the file more readable, and lines less likely to have
conflicts between patches.
Tested:
Code builds (whitespace changes only)
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id4c89a980e468ea0cefad2e78f2ccfa0043aef67
|
|
Somehow the endif got messed up in our meson file, and seems to be
causing problems for clang builds. It seems that all of our configure
option checking got put under the "if gcc" branch, which it really
shouldn't be, as options apply to all compilers.
This commit simply moves all the debug, and option logic out into the
primary scope, which makes things build correctly.
Tested:
Built with gcc in yocto, and gave the same expected options as
previously (I specifically tested logging).
Tested compiling in yocto with every combination of:
DEBUG_BUILD_pn-bmcweb = "1"
TOOLCHAIN:pn-bmcweb = "clang"
All builds succeed
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9b9da321615920942489d1b2f070b011b01b5efe
|
|
- Add a GET method /redfish/v1/Systems/system/LogServices/PostCodes
/Entries/<str>/attachment/, Get the attribute value through the
getPostCodes method and encode it as base64, and send it off.
- This allows the use to offload error logs for analysis and further
parsing if needed. An http header of "Accept:
application/octet-stream" or the default "*/*" is expected.
Tested:
- Ran Redfish validator.
- Before, It broke post JSON content as HTTP
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/44660
Now, I tested it passed.
- pldmtool raw --data 0x80 0x3F 0xC 0x0A 0x00 0x00 0x00 0x00 0x00 0x07 0x00 0x00 0x00 0x48 0x00 0x00 0x00 0x02 0x00 0x00 0x01 0x00 0x00 0x00 0x48 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x53 0x54 0x41 0x4e 0x44 0x42 0x59 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20
$curl -k https://127.0.0.1:2443/redfish/v1/Systems/system/LogServices/PostCodes/Entries/B1-1/attachment/
output:
AgAAAQAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFNUQU5EQlkgICAgICAgICAgICAgICAgICAgICAgICAg
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: Ide684146a4ae9d55dc95fb765927867b042fc27c
|
|
Nlohmann json gives the option to disable exceptions through a flag
documented here: https://json.nlohmann.me/home/exceptions/
While we don't really use nlohmann exceptions in practice, disabling
this flag saves us about 5k in compressed binary size, for probably no
impact.
Tested:
Code compiles, binary size change seen locally.
redfishtool -S Always -A Session -u root -p 0penBmc -vvvvvvvvv -r 192.168.7.2 raw GET /redfish/v1/Managers/bmc
Returns the managers resource. Given that it both parses and encodes
json, that would prove that nlohmann is working properly.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I68cba1628434d050379daca9bc39e4c3d724012b
|
|
In practice, adding the include_type: 'system' causes the imports for
these dependencies to be included in gcc as -Isystem instead of -I. In
practice, this doesn't have much effect, but allows clang-tidy to
correctly not flag errors in headers from system libraries, which causes
the clang-tidy checks to succeed when run from within devshell.
Tested:
ran "bitbake -c devshell bmcweb"
From within the shell, ran:
cd oe-workdir/bmcweb-1.0+git999
ninja clang-tidy
And observed that header errors no longer present.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6f24f061a3f8a58c07ae64ebc82ffefe11c469a2
|
|
Redfish's thinking on what sensors should be included in the sensor
collection has changed. Roughly two years ago their thinking was
"for sensors that are not covered elsewhere in the model-meaning do
not duplicate Power and Thermal" and that is what OpenBMC implemented.
Today, as described in the new thermalSubsystem and powerSubsystem doc
the sensor collection should contain all sensors that are associated
with that chassis.
Link with: https://redfishforum.com/thread/190/sensorcollection-contain-all-sensors-chassis
All things considered as "sensors" should be included in the Sensor
collection.
To make this transition as easy as possible for clients, create a new
meson option, new-powersubsystem-thermalsubsystem. This "all sensors in
the sensor collection" behavior as well as the new ThermalSubsystem,
PowerSubsystem, Fans, and Power Supplies schemas will be under this
option. This option is defaulted to disabled. At a later time, the
default will move to enabled.
Move Redfish SensorCollection to show all sensors from
/xyz/openbmc_project/sensors with the "all_sensors" association for that
chassis if this option is enabled.
The SensorCollection is found at /redfish/v1/Chassis/<Id>/Sensors.
Tested:
1. Enabled redfish-new-powersubsystem-thermalsubsystem and
validator passes.
2. Performance testing (average of 5 times):
a. Redfish validator time:
without this patch: 71.375s
with this patch: 71.763s
b. Number of sensors tested:
without this patch: 8
with this patch: 63
c. Run `https://${bmc}/redfish/v1/Chassis/chassis/Sensors`:
without this patch: 0.197s
with this patch: 0.228s
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I2bdddcf616dc72cf0683515c9ab8453bd35eee09
|
|
This commit introduces the following
=> Service root for Google
=> compiler option for the Google Root of Trust specific functionalities
Tested:
curl -vvvv --insecure --user $user_pass https://${bmc}/google/v1
Desing Doc can be found here https://github.com/openbmc/docs/blob/master/designs/oem/google/root_of_trust.md
Change-Id: I941b5cab55179279d0eff18aa29df62c3f226e47
Signed-off-by: Feras Aldahlawi <faldahlawi@gmail.com>
|
|
Make the https port number configurable through meson option
"https_port".
It will have a default value of 443.
Need the port to be configurable because on some setups the allowed
ports for BMC's network are limited. 443 is not one of the open ports.
Tested:
Tested default option and also explicitly setting to a specific
port.
Signed-off-by: Vivekanand Veeracholan <vveerach@google.com>
Change-Id: I8e9675865812da6f6ebcd121e87efab840b9dd33
|
|
The compile flag should initially be enable(allowing the old
Power/Thermal). At a later date,we can move this flag to
defaulted off. At an even later date we can remove the old
Power/Thermal implementation.
Test:
1. Validator passed.
2.The default value is enable, so old Power/Thermal can be used
normally.Use the curl commond, old Power/Thermal still exists.
~$ curl -i -k -H "X-Auth-Token: $token" -X GET
"https://${bmc}/redfish/v1/Chassis/chassis"
{
"@odata.id": "/redfish/v1/Chassis/chassis",
"@odata.type": "#Chassis.v1_15_0.Chassis",
"Actions": {
"#Chassis.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Chassis/chassis/ResetActionInfo",
"target": "/redfish/v1/Chassis/chassis/Actions/Chassis.Reset"
}
},
"ChassisType": "RackMount",
"Id": "chassis",
"Links": {
"ComputerSystems": [
{
"@odata.id": "/redfish/v1/Systems/system"
}
],
"ManagedBy": [
{
"@odata.id": "/redfish/v1/Managers/bmc"
}
]
},
"Name": "chassis",
"PCIeDevices": {
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices"
},
"PCIeSlots": {
"@odata.id": "/redfish/v1/Chassis/chassis/PCIeSlots"
},
"Power": {
"@odata.id": "/redfish/v1/Chassis/chassis/Power"
},
"PowerState": "Off",
"PowerSubsystem": {
"@odata.id": "/redfish/v1/Chassis/chassis/PowerSubsystem"
},
"Sensors": {
"@odata.id": "/redfish/v1/Chassis/chassis/Sensors"
},
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "StandbyOffline"
},
"Thermal": {
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal"
}
}
Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: Id3556c18dc6aac95fd5aa02cdf2983378c01fb68
|
|
Remove checkAndDoSensorsOverride function, this will be handled via dbus-sensor when the user set-value from external.
This is unlikely to break any users because the Intel special mode function is no change, only move to dbus-sensor to handle, "busctl" command also belongs to the external setting, so move to dbus-sensor is more suitable, this will including users to set value use busctl command and Redfish from external.
Dbus-sensor needs to be merged at the same time.
Dbus-sensor changes are pushed to Gerrit:
https://gerrit.openbmc-project.xyz/c/openbmc/dbus-sensors/+/42453
The mailing list discussion links:
https://lists.ozlabs.org/pipermail/openbmc/2021-March/025597.html
Signed-off-by: Bruce Lee <Bruce_Lee@quantatw.com>
Change-Id: I74356f2b65e41cc0e9d8947c160f313334b78331
|
|
The raw PECI command is recommended not to include in a standard
build, so removing it from the bmcweb to avoid accidental
inclusion.
Tested:
Confirmed that the raw PECI command is gone.
Change-Id: I2b52e0ede089da6df6ca3ad304194de8af27b709
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Added POST action in MetricReportDefinitions node to allow user
to add new MetricReportDefinition. Using minimal set of
MetricReportDefinition parameters from user bmcweb converts it to
DBus call "AddReport" to Telemetry that serves as a backend
for Redfish TelemetryService.
Added DELETE request in MetricReportDefinitions node to allow user
to remove report from Telemetry.
Added conversion from string that represents duration format into
its numeric equivalent.
Added unit tests for conversion from and to Duration format.
Tested:
- Tested using witherspoon image on QEMU
- Verified POST action in different cases:
- all parameters are provided, new report is added to collection
- some parameters are missing or invalid, user gets response with
description of the issue
- Verified that reports are removed on DELETE request
- Verified that on invalid DELETE request user receives response
with error
- Verified time_utils::fromDurationString()
- Succesfully passed RedfishServiceValidator.py
Signed-off-by: Wludzik, Jozef <jozef.wludzik@intel.com>
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Change-Id: I2fed96848594451e22fde686f8c066d7770cc65a
|
|
The ManagerNetworkProtocol schema defines the HostName entry to be
read-only. Change the doPatch code to prevent updating the hostname
attribute.
The DMTF redfish/v1/Managers/bmc/NetworkProtocol is a read-only
location.
The DMTF approved location for changing the HostName is:
redfish/v1/Managers/bmc/EthernetInterfaces/<str>
This change does not impact phosphor-webui, as it uses D-Bus to
perform all of its work.
This change does not impact webui-vue, as it is using the DMTF
approved API.
This commit deprecates allowing Read/Write access to the Hostname in
the ManagersNetworkProtocol URI. To reduce the impact to Redfish
clients that rely upon Read/Write access a Meson compile time flag has
been added to allow Read/Write access to be restored. The Meson build
flag, redfish-allow-deprecated-hostname-patch, can be enabled to
restore Read/Write access. The Meson build flag is slated to be
removed in Q4 2021 enforcing the read-only state.
Tested:
Explicitly PATCH'd HostName to confirm it cannot be modified.
Enabled the HostName feature, and confirmed the HostName accepted a
PATCH command.
Ran Redfish_Service_Validator (deprecated, and re-enabled).
Change-Id: If7f2148d8bbb8a7b420c4abde086272c4320977a
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
The inline comment mostly describes this patchset. As far as OpenBMC is
concerned, no platforms or distros implement a backend for this code,
therefore this is dead "unused" code. Clearly the authors intended to
use it, but haven't been able to upstream anything.
For the moment, this patchset makes the nbd proxy option unenablable.
This will have no impact to any OpenBMC platforms, as there are no
implementations of this API in OpenBMC itself, only in downstream forks.
It's not clear what the intentions are with this code, so hopefully this
disabling and comment encourages those that care about it to interact
and add some details around how this was designed, and the plans to
upstream it into OpenBMC. If not, presumably the code can be deleted
without any harm.
For timelines, this was checked in Jul 12, 2019, so we're now 20 months
past its initial entry. This seems like enough time for the dust to
have settled on getting the appropriate things upstreamed.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I217493b97d62282b8781608805bcfe319e6f7d85
|
|
The router has an old sanity check in it to verify that nodes are
simple. This is no longer the case, as we can have multiple,
overlapping routes between different handlers, so non-simple root nodes
are allowed.
The commit here broke a couple things.
0260d9d6b252d5fef81a51d4797e27a6893827f4
First, when that route gets injected, the root node is no longer simple,
as the first root in the trie can be a complex node. This should be ok,
and this commit comments out the check.
Also, because the meson node for the option was loaded directly into
set10, instead of the boolean equivalent, the XSS feature always gets
enabled, regardless of whether or not that's what the user wanted. The
fix to this was to simply include a .enabled(), which correctly calls
the bool.
Tested:
Built with insecure-disable-xss set, and observed crash was removed.
Tried several routes including /redfish/v1 and observed them working.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib9fb55a61796ddbda65b7ee5d2803a5cbd2ae75f
|
|
Clang tidy 11 got some really neat checks that do a much better job.
Unfortunately, this, combined with the change in how std::executors has
defined how callbacks should work differently in the past, which we
picked up in 1.73, and now in theory we have recursion in a bunch of our
IO loops that we have to break manually. In practice, this is unlikely
to matter, as there's almost a 0% chance that we go through N thousand
requests without ever starving the IO buffer.
Other changes to make this build include:
1. Adding inline on the appropriate places where declared in a header.
2. Removing an Openssl call that did nothing, as the result was
immediately overwritten.
3. Declaring the subproject dependencies as system dependencies, which
silences the clang-tidy checks for those projects.
Tested:
Code builds again, clang-tidy passes
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic11b1002408e8ac19a17a955e9477cac6e0d7504
|
|
config.h is a generic filename, unprefixed by any sort of name, that
other dependencies could use. Namely, nghttp2 uses an identical
filename, which can cause issues with getting the right one. This
commit renames that file to bmcweb_config.h to disambiguate it from
generic config.h files.
Tested:
Compiled bmcweb and observed compile time params get applied. There are
no defaults on any of this stuff, so there's no way to silently miss the
config file.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9a3e73c37161fa438c5612344dfb01f1f19aff2c
|
|
Fixes #178
Every few months, this option breaks because of some combination of
compiler options. I'm hoping that this is a more permenant fix, and
will keep it working forever.
Functionally, this commit changes a couple things.
1. It fixes the regression that snuck into this option, by making the
req variable optional using the c++17 [[maybe_unused]] syntax.
2. It promotes the BMCWEB_INSECURE_DISABLE_XSS_PREVENTION into the
config.h file, and a constexpr variable rather than a #define. This has
the benefit that both the code paths in question will compiled
regardless of whether or not they're used, thus ensuring they stay
buildable forever. The optimization path will still delete the code
later, but we won't have so many one-off build options breaking. We
should move all the other feature driven #ifdefs to this pattern in the
future.
3. As a mechnaical change to #2, this adds a config.h.in, which delcares
the various variables as their respective constexpr types. This allows
the constants to be used in a cleaner way.
As an aside, at some point, DISABLE_XSS_PREVENTION should really move to
a non-persistent runtime option rather than a compile time option. Too
many people get hung up on having to recompile their BMC, and moving it
to runtime under admin credentials is no more a security risk.
As another aside, we should move all the other #ifdef style options to
this pattern. It seems like it would help with keeping all options
buildable, and is definitely more modern than #ifdefs for features,
especially if they don't require #include changes or linker changes.
Tested:
enabled meson option insecure-disable-xss, and verified code builds and
works again.
Change-Id: Id03faa17cffdbabaf4e5b0d46b24bb58b7f44669
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
- With meson 0.57.0 released yesterday, we now have meson
support to automatically deduce the number of threads that
can be used for link time optimization.This would add flto=[n],
where n is the number of threads to be used while linking.
- For more details, check the below meson issue:
https://github.com/mesonbuild/meson/issues/7820
Tested By:
- Downladed meson 0.57.0, and compiled bmcweb using that and
observed the improvement in compilation time.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ifcbc2f56d4a1ad9d30e59c8ac008d658fefefdfe
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
The bug mentioned in the comment has been resolved in boost 1.75.
Reenable this to drop our binary size again. As a consequence of this,
this commit also upgrades the subproject dependencies to 1.75 from 1.73.
They technically weren't updated to 1.74, so I'm not sure if anyone
really uses these anymore.
Tested:
Code builds with this enabled.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id86a6358dc5a73a8b5e386661f9317f24cdbe21c
|
|
The IBM management console usecase - ConfigFile upload was allowing
to create or modify any file at the BMC when the path url is given
as below.
PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../../../<any file under root dir> --data-binary "junk data"
This commit adds validation to the "path" variable after the "ConfigFiles/"
in the url - so that only the ConfigFiles are created or modified.
The filename validation includes:
Restrict the maximum filename length to 20 characters
Restrict the allowed charaters to [A-Za-z0-9-]
The minimum size of the file allowed is 100 bytes
The maximum size of the file allowed is 500KB
Maximum total size of the ConfigFile directory at BMC file system allowed is 10MB
Tested by:
1. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../../../etc/p2 --data-binary "some data"
Bad Request
2. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../etc/p2 --data-binary "some data"
Bad Request
3. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../etc/p2 --data-binary "some data"
Bad Request
4. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/etc/p2 --data-binary "some data"
{
"Description": "Error while creating the file"
}
5. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/mydir/p2 --data-binary "some data"
{
"Description": "Error while creating the file"
}
6. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/ --data-binary "some data"
Not Found
7. PUT https://${bmc}/ibm/v1/Host/ConfigFiles --data-binary "some data"
Method Not Allowed
8. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/../p2 --data-binary "some data"
Bad Request
9. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/p2 --data-binary "some data"
{
"Description": "Error while creating the file"
}
10. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/../../../p2 --data-binary "some data"
Bad Request
11. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/./../../p2 --data-binary "some data"
Bad Request
12. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/. --data-binary "some data"
Bad Request
13. PUT https://${bmc}/ibm/v1/Host/../ConfigFiles/p2 --data-binary "some data"
Not Found
14. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2 --data-binary "some data"
{
"Description": "File Created"
}
15. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2 --data-binary "some data"
{
"Description": "File Updated"
}
16. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2.ext --data-binary "some data"
{
"Description": "File Created"
}
17. Tested sending filename greater than 20 charaters
Bad Request
18. Tested sending filename with special charaters
Bad Request
19. Tested sending filesize less than 100bytes
Bad request
20. Tested sending filesize greater than 500KB
Bad request
21. Tested uploading the file when the directory size is nearly full
Bad request
22. Added unit test for isValidConfigFileName
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: I838d39d5765ddc8701f7e5c533a93eebde021cbf
|
|
Dead code elimation gives us a way to reduce our binary size for "free"
with basically no downsides. While the wins are relatively small given
how little dead code we actually have, they're worth it for the low cost
of a single extra CXXFLAG.
Tested:
Enabled this option, and compared pre-compression binary size. Build of
current master 3399816 bytes, build with this change 3428488 bytes means
28672 bytes saved. Not a lot, but everything helps, and this option is
more or less "free".
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I78b76ed631b8ddc45c9338ac8d04a76cb7441035
|
|
The management console is enabling itself in CI arbitrarily. CI should
be running on default parameters, as that's the most common config, and
the config we want tested the best.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie8748676b17df56d3cff35a4b40c9ff5561ede6d
|
|
Boost itself uses deprecated headers within its own dependency tree.
This largely doesn't effect bmcweb, and rarely (if ever) has been a
problem, so enable BOOST_ALLOW_DEPRECATED_HEADERS which suppresses the
internal warnings in boost.
Tested:
Built with option enabled, and saw no deprecated header warnings.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib371084463e4b2fb661c226a81c466121cf1f2dd
|
|
Add meson options to enabled/disabled authentication methods:
- basic-auth : For enable basic authentication, default is enabled
- session-auth : For enable session token authentication, default is
enabled
- xtoken-auth : For enable x-token authentication, default is enabled
- cookie-auth : For enabled cookie authentication, default is enabled
Signed-off-by: Alan Kuo <Alan_Kuo@quantatw.com>
Change-Id: I52e636f2534a14897cb57d35e563ea8841cc68b9
|
|
Fixes openbmc/bmcweb#162
Signed-off-by: Sathish V <sathish.v@saankhyalabs.com>
Change-Id: If0c226dd8d5cf6f4524604977041d3b88844db24
|
