Age | Commit message (Collapse) | Author | Files | Lines |
|
REST D-Bus, while providing useful functionality, also allows
authenticated users access to privileged information that may be above
their permission level. This change sets the default to disabled. Users
if they wish can turn it back on in their own layers.
A lot of functionality previously provided by REST D-Bus is now
available on Redfish with more coming all the time.
Note: phosphor-webui uses the REST D-Bus so a user of that will have to
enable this in their layer. webui-vue, the replacement for
phosphor-webui, uses Redfish. See here [1].
Resolves openbmc/bmcweb/issues/114
[1] https://github.com/openbmc/webui-vue
Tested: Rest D-Bus was disabled
Change-Id: I35682b113287b3be4e19b033d0296790b204d8e0
Signed-off-by: James Feist <james.feist@linux.intel.com>
Signed-off-by: Ali Ahmed <ama213000@gmail.com>
|
|
Implemented the disable-auth option.
This patch also removed the pam option which never worked.
Tested:
With disable-auth,
```
~# wget -qO- http://localhost/redfish/v1/Systems/
{
"@odata.id": "/redfish/v1/Systems",
"@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system"
}
],
"Members@odata.count": 1,
"Name": "Computer System Collection"
}
```
Without disable-auth,
```
~# wget -qO- http://localhost/redfish/
{
"v1": "/redfish/v1/"
}
~# wget -qO- http://localhost/redfish/v1/Systems/system
wget: server returned error: HTTP/1.1 401 Unauthorized
```
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I88e4e6fa6ed71096bc866b42b9af283645a65988
|
|
This commit is designing and implementing a new logging service in
Redfish to expose host serial console logs.The goal is that clients
can talk to bmc via Redfish and get a real-time console. It will improve
the debuggability of BMCs.
We will add three paths to redfish tree to implement the feature:
1. /redfish/v1/Systems/system/LogServices/HostLogger
2. /redfish/v1/Systems/system/LogServices/HostLogger/Entries
3. /redfish/v1/Systems/system/LogServices/HostLogger/Entries/<str>
To use this feature, we expect to use phosphor-hostlogger(stream mode)
+ rsyslog + bmcweb. Phosphor-hostlooger in stream mode forwards the byte
stream into rsyslog via the imuxsock module. The log is persisted via
the omfile module as soon as collected. It makes Host Logger leverage
exsisting tools (rsyslog and logrotate). Then we can expose host serial
console logs via bmcweb.
This feature can be enabled or disabled by setting the option
"redfish-host-logger", and the default value is "enabled". If you don't
want to expose host serial console logs, you need to turn the value to
"disabled".
Sample Output:
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger",
"@odata.type": "#LogService.v1_1_0.LogService",
"Description": "Host Logger Service",
"Entries": {
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries"
},
"Id": "HostLogger",
"Name": "Host Logger Service"
}
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/Entries
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Collection of HostLogger Entries",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries/0",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"EntryType": "Oem",
"Id": "0",
"Message": "123123",
"Name": "Host Logger Entry",
"OemRecordFormat": "Host Logger Entry",
"Severity": "OK"
}
],
"Members@odata.count": 1,
"Name": "HostLogger Entries"
}
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/Entries/0
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries/0",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"EntryType": "Oem",
"Id": "0",
"Message": "123123",
"Name": "Host Logger Entry",
"OemRecordFormat": "Host Logger Entry",
"Severity": "OK"
}
Signed-off-by: Spencer Ku <Spencer.Ku@quantatw.com>
Change-Id: I4ad2652a80fb1c441a25382b7d422ecd7ffc8557
|
|
This commit appears to cause 500 errors on systems that don't have
host-logger installed. Reverting for now to get the codebase back to
stable; To the author, please fix the error and resubmit.
The bump that failed is here:
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/47933
This reverts commit bf888502a247d8374c70e7ceddc9862bf0ad88bd.
Change-Id: I346178f079245f96e2c1e03720490dcbcf19427b
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This commit is designing and implementing a new logging service in
Redfish to expose host serial console logs.The goal is that clients
can talk to bmc via Redfish and get a real-time console. It will improve
the debuggability of BMCs.
We will add three paths to redfish tree to implement the feature:
1. /redfish/v1/Systems/system/LogServices/HostLogger
2. /redfish/v1/Systems/system/LogServices/HostLogger/Entries
3. /redfish/v1/Systems/system/LogServices/HostLogger/Entries/<str>
To use this feature, we expect to use phosphor-hostlogger(stream mode)
+ rsyslog + bmcweb. Phosphor-hostlooger in stream mode forwards the byte
stream into rsyslog via the imuxsock module. The log is persisted via
the omfile module as soon as collected. It makes Host Logger leverage
exsisting tools (rsyslog and logrotate). Then we can expose host serial
console logs via bmcweb.
This feature can be enabled or disabled by setting the option
"redfish-host-logger", and the default value is "enabled". If you don't
want to expose host serial console logs, you need to turn the value to
"disabled".
RedfishServiceValidator results:
/redfish/v1/Systems/system/LogServices/HostLogger
pass: 4
passGet: 1
skipOptional: 9
/redfish/v1/Systems/system/LogServices/HostLogger/Entries
pass: 24
passGet: 1
skipOptional: 1
/redfish/v1/Systems/system/LogServices/HostLogger/Entries/<str>
pass: 7
passGet: 1
skipOptional: 15
Sample Output:
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/HostLogger/Entries
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Collection of HostLogger Entries",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/HostLogger/Entries/1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"EntryType": "Event",
"Id": "1",
"Message": "[ 57.061546] gq 0000:16:00.0 eth0: link up, 100 Gbps, no PAUSE",
"MessageArgs": [
"[ 57.061546] gq 0000:16:00.0 eth0: link up, 100 Gbps, no PAUSE"
],
"MessageId": "OpenBMC.0.1.SerialLogAdded",
"Name": "HostLogger Entries",
"Severity": "OK"
},
...
],
"Members@odata.count": 22,
"Name": "HostLogger Entries"
}
Signed-off-by: SpencerKu <Spencer.Ku@quantatw.com>
Change-Id: I5a7873caa117400fb0a737588a50bd743e8b5063
|
|
The original code said we'd remove this in Q4 2021, and it's now Q4
2021. So far as I've heard, no user has reported this, and no system
has needed to enable this for backward compatibility. The original
author of the patch has stated that it's no longer used, so this is
effectively dead code, lets remove it.
Also, added a missing return in what was previously a #ifdef
Tested:
Code builds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1d58efb92ed06b7632d57440072834a1d02e87dd
|
|
Redfish's thinking on what sensors should be included in the sensor
collection has changed. Roughly two years ago their thinking was
"for sensors that are not covered elsewhere in the model-meaning do
not duplicate Power and Thermal" and that is what OpenBMC implemented.
Today, as described in the new thermalSubsystem and powerSubsystem doc
the sensor collection should contain all sensors that are associated
with that chassis.
Link with: https://redfishforum.com/thread/190/sensorcollection-contain-all-sensors-chassis
All things considered as "sensors" should be included in the Sensor
collection.
To make this transition as easy as possible for clients, create a new
meson option, new-powersubsystem-thermalsubsystem. This "all sensors in
the sensor collection" behavior as well as the new ThermalSubsystem,
PowerSubsystem, Fans, and Power Supplies schemas will be under this
option. This option is defaulted to disabled. At a later time, the
default will move to enabled.
Move Redfish SensorCollection to show all sensors from
/xyz/openbmc_project/sensors with the "all_sensors" association for that
chassis if this option is enabled.
The SensorCollection is found at /redfish/v1/Chassis/<Id>/Sensors.
Tested:
1. Enabled redfish-new-powersubsystem-thermalsubsystem and
validator passes.
2. Performance testing (average of 5 times):
a. Redfish validator time:
without this patch: 71.375s
with this patch: 71.763s
b. Number of sensors tested:
without this patch: 8
with this patch: 63
c. Run `https://${bmc}/redfish/v1/Chassis/chassis/Sensors`:
without this patch: 0.197s
with this patch: 0.228s
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I2bdddcf616dc72cf0683515c9ab8453bd35eee09
|
|
This commit introduces the following
=> Service root for Google
=> compiler option for the Google Root of Trust specific functionalities
Tested:
curl -vvvv --insecure --user $user_pass https://${bmc}/google/v1
Desing Doc can be found here https://github.com/openbmc/docs/blob/master/designs/oem/google/root_of_trust.md
Change-Id: I941b5cab55179279d0eff18aa29df62c3f226e47
Signed-off-by: Feras Aldahlawi <faldahlawi@gmail.com>
|
|
Make the https port number configurable through meson option
"https_port".
It will have a default value of 443.
Need the port to be configurable because on some setups the allowed
ports for BMC's network are limited. 443 is not one of the open ports.
Tested:
Tested default option and also explicitly setting to a specific
port.
Signed-off-by: Vivekanand Veeracholan <vveerach@google.com>
Change-Id: I8e9675865812da6f6ebcd121e87efab840b9dd33
|
|
The compile flag should initially be enable(allowing the old
Power/Thermal). At a later date,we can move this flag to
defaulted off. At an even later date we can remove the old
Power/Thermal implementation.
Test:
1. Validator passed.
2.The default value is enable, so old Power/Thermal can be used
normally.Use the curl commond, old Power/Thermal still exists.
~$ curl -i -k -H "X-Auth-Token: $token" -X GET
"https://${bmc}/redfish/v1/Chassis/chassis"
{
"@odata.id": "/redfish/v1/Chassis/chassis",
"@odata.type": "#Chassis.v1_15_0.Chassis",
"Actions": {
"#Chassis.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Chassis/chassis/ResetActionInfo",
"target": "/redfish/v1/Chassis/chassis/Actions/Chassis.Reset"
}
},
"ChassisType": "RackMount",
"Id": "chassis",
"Links": {
"ComputerSystems": [
{
"@odata.id": "/redfish/v1/Systems/system"
}
],
"ManagedBy": [
{
"@odata.id": "/redfish/v1/Managers/bmc"
}
]
},
"Name": "chassis",
"PCIeDevices": {
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices"
},
"PCIeSlots": {
"@odata.id": "/redfish/v1/Chassis/chassis/PCIeSlots"
},
"Power": {
"@odata.id": "/redfish/v1/Chassis/chassis/Power"
},
"PowerState": "Off",
"PowerSubsystem": {
"@odata.id": "/redfish/v1/Chassis/chassis/PowerSubsystem"
},
"Sensors": {
"@odata.id": "/redfish/v1/Chassis/chassis/Sensors"
},
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "StandbyOffline"
},
"Thermal": {
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal"
}
}
Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: Id3556c18dc6aac95fd5aa02cdf2983378c01fb68
|
|
Remove checkAndDoSensorsOverride function, this will be handled via dbus-sensor when the user set-value from external.
This is unlikely to break any users because the Intel special mode function is no change, only move to dbus-sensor to handle, "busctl" command also belongs to the external setting, so move to dbus-sensor is more suitable, this will including users to set value use busctl command and Redfish from external.
Dbus-sensor needs to be merged at the same time.
Dbus-sensor changes are pushed to Gerrit:
https://gerrit.openbmc-project.xyz/c/openbmc/dbus-sensors/+/42453
The mailing list discussion links:
https://lists.ozlabs.org/pipermail/openbmc/2021-March/025597.html
Signed-off-by: Bruce Lee <Bruce_Lee@quantatw.com>
Change-Id: I74356f2b65e41cc0e9d8947c160f313334b78331
|
|
The raw PECI command is recommended not to include in a standard
build, so removing it from the bmcweb to avoid accidental
inclusion.
Tested:
Confirmed that the raw PECI command is gone.
Change-Id: I2b52e0ede089da6df6ca3ad304194de8af27b709
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
The ManagerNetworkProtocol schema defines the HostName entry to be
read-only. Change the doPatch code to prevent updating the hostname
attribute.
The DMTF redfish/v1/Managers/bmc/NetworkProtocol is a read-only
location.
The DMTF approved location for changing the HostName is:
redfish/v1/Managers/bmc/EthernetInterfaces/<str>
This change does not impact phosphor-webui, as it uses D-Bus to
perform all of its work.
This change does not impact webui-vue, as it is using the DMTF
approved API.
This commit deprecates allowing Read/Write access to the Hostname in
the ManagersNetworkProtocol URI. To reduce the impact to Redfish
clients that rely upon Read/Write access a Meson compile time flag has
been added to allow Read/Write access to be restored. The Meson build
flag, redfish-allow-deprecated-hostname-patch, can be enabled to
restore Read/Write access. The Meson build flag is slated to be
removed in Q4 2021 enforcing the read-only state.
Tested:
Explicitly PATCH'd HostName to confirm it cannot be modified.
Enabled the HostName feature, and confirmed the HostName accepted a
PATCH command.
Ran Redfish_Service_Validator (deprecated, and re-enabled).
Change-Id: If7f2148d8bbb8a7b420c4abde086272c4320977a
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
The inline comment mostly describes this patchset. As far as OpenBMC is
concerned, no platforms or distros implement a backend for this code,
therefore this is dead "unused" code. Clearly the authors intended to
use it, but haven't been able to upstream anything.
For the moment, this patchset makes the nbd proxy option unenablable.
This will have no impact to any OpenBMC platforms, as there are no
implementations of this API in OpenBMC itself, only in downstream forks.
It's not clear what the intentions are with this code, so hopefully this
disabling and comment encourages those that care about it to interact
and add some details around how this was designed, and the plans to
upstream it into OpenBMC. If not, presumably the code can be deleted
without any harm.
For timelines, this was checked in Jul 12, 2019, so we're now 20 months
past its initial entry. This seems like enough time for the dust to
have settled on getting the appropriate things upstreamed.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I217493b97d62282b8781608805bcfe319e6f7d85
|
|
Add meson options to enabled/disabled authentication methods:
- basic-auth : For enable basic authentication, default is enabled
- session-auth : For enable session token authentication, default is
enabled
- xtoken-auth : For enable x-token authentication, default is enabled
- cookie-auth : For enabled cookie authentication, default is enabled
Signed-off-by: Alan Kuo <Alan_Kuo@quantatw.com>
Change-Id: I52e636f2534a14897cb57d35e563ea8841cc68b9
|
|
Currently 'redfish-sysdump-log' flag does not compiling Dump
LogServices code.
to fix compilation this commit uses 'BMCWEB_ENABLE_REDFISH_DUMP_LOG'
Modified redfish-sysdump-log to redfish-dump-log as both BMC and System
dump are enabled using this flag.
Tested by:
Compiled bmcweb with compilation flag with 'redfish-dump-log'
Verfied Dump Logservices on bmc.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: Iaecad125d8a0acfda0b4357534a19580544b15e1
|
|
It's probably not a great idea to allow that big of a payload on the
BMC, but it was supported before, so lets push that discussion to
another time.
Tested:
code builds. Attempting to resolve CI, which will test itself.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I1f9e489075857621f5295d4870dea9f5767666f0
|
|
- This commit enables the support for meson build system for
bmcweb and also remove the cmake support
- The inital thought of migrating to meson build system was based
on [link](https://mesonbuild.com/Simple-comparison.html)
- Other things to praise about meson are its simplicity and userfriendly ness.
It also have native support for modern tools such as precompiled headers,
coverage, Valgrind , unity builds e.t.c
- This commit also support the automatic download and setup of dependencies
if they are not found in usual places using meson wraps that are already
available in [wrap db](https://wrapdb.mesonbuild.com/)
- For few dependencies like boost, boost-url which does not have meson
wrap support yet, i have misused the meson subproject command to download
boost & boot-url and build against them if they are not found in usual
places.
- For boost & boost-url the subproject command will always fail as meson
supports other meson projects as subprojects but it will always download
the source, and since we dont actually build boost/boost-url but just use
the the source headers this should not be a problem.
- Cmake options removed:
- BUILD_STATIC_LIBS has been removed as it is not being used any where as per the
review comments.
- By default the meson wraps are enabled and it downloads the dependencies if they
are not found, and via bitbake this behaviour is disabled by default as download
fallback feature is disabled.
- This commit also adds the README, changes for bmcweb as well.
- The meta-* layer changes are also pushed and marked as WIP under bmcweb_meson_port
topic.
Tested By :
===========
1. Compilation is passed without error or warning in both arm & x86 sdks that
are populated by yocto.
2. The unittests are also passed on both x86 & arm machines.
3. Compilation passed with various build types supported by meson (debug,debugoptimized,
relase)
4. modified the meta-phosphor & meta-ibm to leverage meson build for bmcweb, and loaded
the resulted image on qemu & real machine, checked the bmcweb status and was also able
to pull the web-gui on both.
5. Tested few common commands related to session service & network service manually on a
real machine and also also had run a CT regression bucket, and it looked clean.
The binary sizes when bmcweb is compiled via bitbake(using meta-ibm) are :
cmake: 3100080 bytes approx (3 MB)
meson: 2822596 bytes approx (2.7 MB)
1:1 equivalent hash is not possible due to couple of things:
1. The build types in meson does not have a 1:1 mapping with cmake build types.
2. Meson adds below mentioned compiler & linker flags than cmake as a part of
warning_level & build types
CXXFLAGS :' -O2 -pipe -g -feliminate-unused-debug-types -fdiagnostics-color=always
-D_FILE_OFFSET_BITS=64 -Winvalid-pch -DNDEBUG'
LDFLAGS : ' -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,--no-undefined,-Wl,--end-group'
Tried to match the compile commands in both cmake & meson as much as possible and this
is what i could get.I have attached the compile_commands.json for both duing an yocto
full build in the [link](https://gofile.io/d/gM80fw) for reference.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ia65689fdacb8c398dd0a019258369b2442fad2f3
|