| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The recent change to NetworkProtocols has now made particular services
"required" to exist in an image. This corrects it to properly check for
the "process doesn't exist" error code, and bail out early without
setting an internal error.
As pointed out in one of the early reviews, this logic can also be
simplified and moved, so this code also moves the early property filling
code.
This allows deploying systems without IPMI, and have them function
correctly.
Tested:
Loaded in qemu without IPMI present, did not receive 500 on:
curl -vvvv --insecure --user root:0penBmc
"https://192.168.7.2/redfish/v1/Managers/bmc/NetworkProtocol"
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I0a8eb687826d055b4eb43ca53120f39c21934b36
|
|
Plan to use getPortInfo() to get the SSH SerialConsole in the
ComputerSystem.
This commit moves the getPortInfo functionality into the redfish
utility.
Tested: manually tested on Witherspoon system, there is no change in
output. Run Redfish validator, no error found.
Before:
"HTTPS": {
"Certificates": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/
Certificates"
},
"Port": 443,
"ProtocolEnabled": true
},
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
"SSH": {
"Port": 22,
"ProtocolEnabled": true
}
After:
"HTTPS": {
"Certificates": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/
Certificates"
},
"Port": 443,
"ProtocolEnabled": true
},
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
"SSH": {
"Port": 22,
"ProtocolEnabled": true
}
Change-Id: I126827fbbecec59adcf630b88e31bc5ff8151588
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
|
|
Clang-13 rightfully warns that the hasWebuiRoute variable isn't declared
as static. This commit resolves that, and adds the static keyword so it
can be used in multiple compile units. It also adds the static keyword
to the privilege registry, and the inline keyword to many methods that
now need it.
clang-format is also updated to version 12 in parse_registies.py, as
that's what CI uses, and what most people have installed.
Tested:
Followed clang-tidy instructions in README.md
"bitbake bmcweb" step now succeeds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id43b13606754cb37a404799fce155599ac3a3240
|
|
This commit attempts to automate the creation of our privileges
structures from the redfish privilege registry. It accomplishes this by
updating parse_registries.py to also pull down the privilege registry
from DMTF.
The script then generates privilege_registry.hpp, which include const
defines for all the privilege registry entries in the same format that
the Privileges struct accepts. This allows new clients to simply
reference the variable to these privilege structures, instead of having
to manually (ie error pronely) put the privileges in themselves.
This commit updates all the routes.
For the moment, override and OEM schemas are not considered. Today we
don't have any OEM-specific Redfish routes, so the existing ones inherit
their parents schema. Overrides have other issues, and are already
incorrect as Redfish defines them.
Binary size remains unchanged after this patchset.
Tested:
Ran redfish service validator
Ran test case from f9a6708c4c6490257e2eb6a8c04458f500902476 to ensure
that the new privileges constructor didn't cause us to regress the brace
construction initializer.
Checked binary size with:
gzip -c
$BBPATH/tmp/work/s7106-openbmc-linux-gnueabi/obmc-phosphor-image/1.0-r0/rootfs/usr/bin/bmcweb
| wc -c
1244048
(tested on previous patchset)
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ideede3d5b39d50bffe7fe78a0848bdbc22ac387f
|
|
DMTF published new entity privileges for certificate service classes
which modify entity privilege Certificate, CertificateCollection,
CertificateLocations, and CertificateService on bmcweb. Modification
restricts a user without "ConfigureManager" from accessing the
CertificateCollection and Certificate scehamas
Redfish is a hypermedia API where the parent URI describes sub-URI.
Thus, restricting sub-URI in a parent-URI data helps to forbidden user
access, stricken the rule. So sub-URI only gets display if a user has
access to that URI.
Restricting the link allows the Redfish Validator to pass.
These impact roles without ConfigureManager, which include operator
and read-only. No access is not impacted since it already did not
have access.
The following are bmcweb user consequences:
1. ReadOnly and Operator role users are no longer able to view
certificates or the certificate collection (LDAP, HTTPS, TrustStore)
2. Operator role users are no longer able to replace the certificates
(LDAP, HTTPS, TrustStore), Install certificates (LDAP, HTTPS,
TrustStore) or delete the Truststore Certificate. HTTPS and LDAP
certificates do not have delete methods.
Resolves openbmc/bmcweb#61
Tested: manually tested on Witherspoon system and run Redfish-Service-
Validator with all roles root, operator, read-only, and No access. Test
pass for root, operator, and read-only roles, And new errors get
introduced for no access role.
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Change-Id: Ibc5eed7db7e224e46f8572df8bcfba2a1ff47644
|
|
This patch adds support for disabling and enabling SSH using
Redfish API.
Tested:Validator passes
1.Disabled SSH from Redfish and verified cannot open a new SSH
connection to the machine, but the original SSH connection still
takes effect and verified ProtocolEnabled is false for SSH.
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
...
}
curl -k -H "X-Auth-Token: $token" -X PATCH '-d
{"SSH": {"ProtocolEnabled": false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
Open a new SSH connection:
sudo ssh username@<IP>
ssh: connect to host <IP> port 22: Connection refused
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": false
},
...
}
D-bus has changed to :
busctl introspect xyz.openbmc_project.Control.Service.Manager
/xyz/openbmc_project/control/service/dropbear
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
... ... ...
xyz.openbmc_project.Control.Service.Attributes interface
.Enabled property b false emits-change writable
.Masked property b false emits-change writable
.Running property b false emits-change writable
...
2.Abled SSH from Redfish, verified can open a new SSH
connection to the machine and ProtocolEnabled is true for SSH.
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": false
},
...
}
curl -k -H "X-Auth-Token: $token" -X PATCH '-d
{"SSH": {"ProtocolEnabled": false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
Open a new SSH connection:
sudo ssh username@<IP>
Successfully connected
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
...
}
D-bus has changed to :
busctl introspect xyz.openbmc_project.Control.Service.Manager
/xyz/openbmc_project/control/service/dropbear
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
... ... ...
xyz.openbmc_project.Control.Service.Attributes interface
.Enabled property b true emits-change writable
.Masked property b false emits-change writable
.Running property b true emits-change writable
...
Signed-off-by: Albert Zhang <zhanghaodi@inspur.com>
Change-Id: Ifd80db4d33934e83d4e5f337e5dfd02b4ba39018
|
|
There are a number of endpoints that assume that a given routes
privileges are governed by a single set of privileges, instead of
multiple sets ORed together. To handle this, there were two overloads
of the privileges() method, one that took a vector of Privileges, and
one that took an initializer_list of const char*. Unfortunately, this
leads some code in AccountService to pick the wrong overload when it's
called like this
.privileges( {{"ConfigureUsers"}, {"ConfigureManager"},
{"ConfigureSelf"}})
This is supposed to be "User must have ConfigureUsers, or
ConfigureManager, or ConfigureSelf". Currently, because it selects the
wrong overload, it computes to "User must have ConfigureUsers AND
ConfigureManager AND ConfigureSelf.
The double braces are supposed to cause this to form a vector of
Privileges, but it appears that the initializer list gets consumed, and
the single invocation of initializer list is called. Interestingly,
trying to put in a privileges overload of
intializer_list<initializer_list<const char*>> causes the compilation to
fail with an ambiguous call error, which is what I would've expected to
see previously in this case, but alas, I'm only a novice when it comes
to how the C++ standard works in these edge cases. This is likely due
in part to the fact that they were templates of an unused template param
(seemingly copied from the previous method) and SFINAE rules around
templates.
This commit functionally removes one of the privileges overloads, and
adds a second set of braces to every privileges call that previously had
a single set of braces. Previous code will not compile now, which is
IMO a good thing.
This likely popped up in the Node class removal, because the Node class
explicitly constructs a vector of Privilege objects, ensuing it can hit
the right overload
Tested:
Ran Redfish service validator
Tested the specific use case outlined on discord with:
Creating a new user with operator privilege:
```
redfishtool -S Always -u root -p 0penBmc -vvvvvvvvv -r 192.168.7.2
AccountService adduser foo mysuperPass1 Operator
```
Then attempting to list accounts:
```
curl -vvvv --insecure --user foo:mysuperPass1
https://192.168.7.2/redfish/v1/AccountService/Accounts/foo
```
Which succeeded and returned the account in question.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I83e62b70e97f56dc57d43b9081f333a02fe85495
|
|
Reduces the total number of lines and will allow for easier testing of
the redfish responses.
A main purpose of the node class was to set app.routeDynamic(). However
now app.routeDynamic can handle the complexity that was once in critical
to node. The macro app.routeDynamic() provides a shorter cleaner
interface to the unerlying app.routeDyanic call. The old pattern set
permissions for 6 interfaces (get, head, patch, put, delete_, and post)
even if only one interface is created. That pattern creates unneeded
code that can be safely removed with no effect.
Unit test for the responses would have to mock the node the class in
order to fully test responses.
see https://github.com/openbmc/bmcweb/issues/181
The following files still need node to be extracted.
virtual_media.hpp
account_service.hpp
redfish_sessions.hpp
ethernet.hpp
The files above use a pattern that is not trivial to address. Often their
responses call an async lambda capturing the inherited class. ie
(https://github.com/openbmc/bmcweb/blob/ffed87b5ad1797ca966d030e7f979770
28d258fa/redfish-core/lib/account_service.hpp#L1393)
At a later point I plan to remove node from the files above.
Tested:
I ran the docker unit test with the following command.
WORKSPACE=$(pwd) UNIT_TEST_PKG=bmcweb
./openbmc-build-scripts/run-unit-test-docker.sh
I ran the validator and this change did not create any issues.
python3 RedfishServiceValidator.py -c config.ini
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I147a0289c52cb4198345b1ad9bfe6fdddf57f3df
|
|
Get the core using AsyncResp everywhere, and not have each individual handler
creating its own object.We can call app.handle() without fear of the response
getting ended after the first tree is done populating.
Don't use res.end() anymore.
Tested:
1. Validator passed.
Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: I867367ce4a0caf8c4b3f4e07e06c11feed0782e8
|
|
The ManagerNetworkProtocol schema defines the HostName entry to be
read-only. Change the doPatch code to prevent updating the hostname
attribute.
The DMTF redfish/v1/Managers/bmc/NetworkProtocol is a read-only
location.
The DMTF approved location for changing the HostName is:
redfish/v1/Managers/bmc/EthernetInterfaces/<str>
This change does not impact phosphor-webui, as it uses D-Bus to
perform all of its work.
This change does not impact webui-vue, as it is using the DMTF
approved API.
This commit deprecates allowing Read/Write access to the Hostname in
the ManagersNetworkProtocol URI. To reduce the impact to Redfish
clients that rely upon Read/Write access a Meson compile time flag has
been added to allow Read/Write access to be restored. The Meson build
flag, redfish-allow-deprecated-hostname-patch, can be enabled to
restore Read/Write access. The Meson build flag is slated to be
removed in Q4 2021 enforcing the read-only state.
Tested:
Explicitly PATCH'd HostName to confirm it cannot be modified.
Enabled the HostName feature, and confirmed the HostName accepted a
PATCH command.
Ran Redfish_Service_Validator (deprecated, and re-enabled).
Change-Id: If7f2148d8bbb8a7b420c4abde086272c4320977a
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
Another clang-tidy warning about global construction of things that
could throw. Considering we don't actually use this as a map anywhere,
move to a constexpr array of values.
Tested: Clang-tidy now passes cert-* check.
curl --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Managers/bmc/NetworkProtocol
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
"@odata.type": "#ManagerNetworkProtocol.v1_5_0.ManagerNetworkProtocol",
"Description": "Manager Network Service",
"FQDN": "qemux86",
"HTTP": {
"Port": 0,
"ProtocolEnabled": false
},
"HTTPS": {
"Certificates": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"
},
"Port": 443,
"ProtocolEnabled": true
},
"HostName": "qemux86",
"IPMI": {
"Port": null,
"ProtocolEnabled": false
},
"Id": "NetworkProtocol",
"NTP": {
"NTPServers": [],
"ProtocolEnabled": true
},
"Name": "Manager Network Protocol",
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
}
}%
Change-Id: I2bdae321fc1cbb418ed302453ec6109ee2ed32c1
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
camelLower is not a type, camelBack is.
Changes were made automatically with clang-tidy --fix-errors
To be able to apply changes automatically, the only way I've found that
works was to build the version of clang/clang-tidy that yocto has, and
run the fix script within bitbake -c devshell bmcweb. Unfortunately,
yocto has clang-tidy 11, which can apparently find a couple extra errors
in tests we already had enabled. As such, a couple of those are also
included.
Tested:
Ran clang-tidy-11 and got a clean result.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I9d1080b67f0342229c2f267160849445c065ca51
|
|
1st, alphabetize the tidy-list for good housekeeping.
Next, enable all the clang-tidy performance checks, and resolve all the
issues. most of the issues boil down to:
1. Using std::move on const variables. This does nothing.
2. Passing big variables (like std::string) by value.
3. Using double quotes on a find call, which constructs an intermediate
string, rather than using the character overload.
Tested
Loaded on system, logged in successfully and pulled down webui-vue. No
new errors.
Walked the Redfish tree a bit, and observed no new problems.
Ran redfish service validator. Got no new failures (although there are
a lot of log service deprecation warnings that we should look at).
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I2238958c4b22c1e554e09a0a1787c744bdbca43e
|
|
Now that CI can handle clang-tidy, and a lot of the individual fixes
have landed for the various static analysis checks, lets see how close
we are.
This includes bringing a bunch of the code up to par with the checks
that require. Most of them fall into the category of extraneous else
statements, const correctness problems, or extra copies.
Tested:
CI only. Unit tests pass.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I9fbd346560a75fdd3901fa40c57932486275e912
|
|
Lots of code has been checked in that doesn't match the naming
conventions. Lets fix that.
Tested:
Code compiles. Variable/function renames only.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I6bd107811d0b724f1fad990016113cdf035b604b
|
|
This should be the configuration information of snmpagent. Now
we have "snmp trap" functionality in openbmc,we don't have SNMP
agent functionality. So the parameters belonging to the agent
such as port are removed here.
Signed-off-by: Xiaochao Ma <maxiaochao@inspur.com>
Change-Id: I2d684b63d79ac1dc00bce0d2e0bd48e5a315f258
|
|
This commit enables the "unused variables" warning in clang. Throughout
this, it did point out several issues that would've been functional
bugs, so I think it was worthwhile. It also cleaned up several unused
variable from old constructs that no longer exist.
Tested:
Built with clang. Code no longer emits warnings.
Downloaded bmcweb to system and pulled up the webui, observed webui
loads and logs in properly.
Change-Id: I51505f4222cc147d6f2b87b14d7e2ac4a74cafa8
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This commit enables clang warnings, and fixes all warnings that were
found. Most of these fall into a couple categories:
Variable shadow issues were fixed by renaming variables
unused parameter warnings were resolved by either checking error codes
that had been ignored, or removing the name of the variable from the
scope.
Other various warnings were fixed in the best way I was able to come up
with.
Note, the redfish Node class is especially insidious, as it causes all
imlementers to have variables for parameters, regardless of whether or
not they are used. Deprecating the Node class is on my list of things
to do, as it adds extra overhead, and in general isn't a useful
abstraction. For now, I have simply fixed all the handlers.
Tested:
Added the current meta-clang meta layer into bblayers.conf, and added
TOOLCHAIN_pn-bmcweb = "clang" to my local.conf
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Ia75b94010359170159c703e535d1c1af182fe700
|
|
Middlewares, while kinda cool from an academic standpoint, make our
build times even worse than they already are. Given that we only really
use 1 real middleware today (token auth) and it needs to move into the
parser mode anyway (for security limiting buffer sizes), we might as well
use this as an opportunity to delete some code.
Some other things that happen:
1. Persistent data now moves out of the crow namespace
2. App is no longer a template
3. All request_routes implementations no longer become templates. This
should be a decent (unmeasured) win on compile times.
This commit was part of a commit previously called "various cleanups".
This separates ONLY the middleware deletion part of that.
Note, this also deletes about 400 lines of hard to understand code.
Change-Id: I4c19e25491a153a2aa2e4ef46fc797bcb5b3581a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Issue: As per the OCP Redfish Profile v1.0 specification, SSH read only
parameter. By default SSH is disable, but ProtocolEnabled and Port
attributes are mandatory to display in Redfish. But Port property is not
displayed in Redfish URI.
Fix: As Port attribute is mandatory for SSH property, initialized with
null.
Tested:
1. Verified redfish validator passed
2. Verified details from Redfish
GET: https://<BMC-IP>/redfish/v1/Managers/bmc/NetworkProtocol
Before:
Response:
"SSH": {
"ProtocolEnabled": false
},
After:
"SSH": {
"Port": null,
"ProtocolEnabled": false
},
Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I203b321c3b41bab2017e7c6b5e55aa3463ea6e83
|
|
This patch adds support for enabling and disabling IPMI-over-LAN using
Redfish API. If there are multiple instances of phosphor-ipmi-net
service, then the PATCH action applies to all the instances. This patch
does not add support for configuring the port of IPMI-over-LAN.
Tested:
1) Ran the Redfish Validator.
2) Disabled IPMI-over-LAN from Redfish and verified network IPMI
stopped and verified ProtocolEnabled is false for IPMI.
3) Enabled IPMI-over-LAN from Redfish and verified network IPMI is
running and verified ProtocolEnabled is true for IPMI.
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
Change-Id: Ie9b00c8195bbfea14a69cbe9a73492187e6b4e1c
|
|
This is from openbmc/docs/style/cpp/.clang-format
Other OpenBMC repos are doing the same.
Tested: Built and validator passed.
Change-Id: Ief26c755c9ce012823e16a506342b0547a53517a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Duplicate NTP servers value should not be patch.
Tested:
1. Patch duplicate NTP servers
curl -k -H "X-Auth-Token: $bmc_token" -XPATCH https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol -d '{"NTP":{"NTPServers":["9.9.9.9","9.9.9.9","1.1.1.1","9.9.9.9"]}}'
2. GET NTP servers information
curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
"@odata.type": "#ManagerNetworkProtocol.v1_5_0.ManagerNetworkProtocol",
"Description": "Manager Network Service",
"FQDN": "",
"HTTP": {
"Port": 0,
"ProtocolEnabled": false
},
"HTTPS": {
"Certificates": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"
},
"Port": 443,
"ProtocolEnabled": true
},
"HostName": "",
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
"Id": "NetworkProtocol",
"NTP": {
"NTPServers": [
"1.1.1.1",
"9.9.9.9"
],
"ProtocolEnabled": false
},
Signed-off-by: Tony Lee <tony.lee@quantatw.com>
Change-Id: Idb63cf5e28d36a5df1aae9b0a7d53a1b7a9c8d91
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I86e11299512704fa1df1e5f6517ea25cc6eced8f
|
|
Add SNMP infomation in NetworkProtocol, contains version information, etc.
Teseted:
Tested on fp5280g2 (meta-inspur/meta-fp5280g2).
Currently only the SNMPv2 version is supported in the community,
so only v2 is set to true.
Ran Redfish validator successfully.
Signed-off-by: Xiaochao Ma <maxiaochao@inspur.com>
Change-Id: I983add2e24f16ea362d413a4fd3577ccfc2911d2
|
|
This is defined in the Redfish protocol.
Easiest way to allow this is to end the Node URL with "/", which most
Nodes in bmcweb already had.
Before:
curl -k https://${bmc}/redfish/v1/TaskService/
Not Found
After both /redfish/v1/TaskService/ and /redfish/v1/TaskService
return the Task Service.
Tested:
Validator passed.
Change-Id: Ic806dc5c91f631b87642e49b486a6b6da7fdf955
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Making HTTP protocolEnabled as false in Manager Network Protocol Schema
to make it OCP compliant and security-wise compliant as it is not
recommended to use from security perspective.
Tested:
1. Tested using GET:
- https://bmc-ip/redfish/v1/Managers/bmc/NetworkProtocol
"HTTP": {
"Port": 0,
"ProtocolEnabled": false
}
2. Ran the Redfish validator and no new issues found.
Signed-off-by: Joshi-Mansi <mansi.joshi@linux.intel.com>
Change-Id: I5af368f4c87665ab827d99336aebf64bc351c4d1
|
|
Redfish made odata.context optional (1.6.0 of DSP0266) and
has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: I1c4db167ba90f46e2b0ab1c1973d3323e233322a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Updated the NetworkProtocol GET method code
to lookup the service names and socket paths
directly fetched from System control ListenSockets.
Tested:
- Performed GET on NetworkProtocol URI and validated
all responses.
- Stopped services(ssh) and validated Enabled status.
- Successfully ran Redfish validator without any issues.
URI: /redfish/v1/Managers/bmc/NetworkProtocol
Response:
............
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
"HTTPS": {
.....
"Port": 443,
"ProtocolEnabled": true
},
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
..........
Change-Id: I047910d3e6430a2779b3803a0f1e836104e2bda3
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
Trailing slash warnings now show up in the validator report, so
fix this one.
Tested:
Passed the Redfish Service Validator.
Change-Id: I8db7eb488b44eba9510ae4e1071b2da15eaa22c1
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
using the list of warnings from here:
https://github.com/lefticus/cppbestpractices/blob/e73393f25a85f83fed7399d8b65cb117d00b2231/02-Use_the_Tools_Available.md#L100
Seems like a good place to start, and would improve things a bit
type-wise. This patchset attempts to correct all the issues in one
shot.
Tested:
It builds. Will test various subsystems that have been touched
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I588c26440e5a97f718a0f0ea74cc84107d53aa1e
|
|
If the ethernet interface is having the domain
name entry then Redfish GET request on network
manager protocol was crashing the bmcweb.
This commit fixes this behaviour.
Tested By:
Configure the Domain Name and run the GET request
on the network protocol: PASS
GET request on the network protocol even the
domain name was not configured : PASS
Redfish Validator: PASS
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I1e6cd6e3fe507ff375463ece1f6f10bae4d4fb6a
|
|
The Managers NTP node did not get implemented correctly. The first
level parsing did not search for "NTP" as the base entry, nor did it
correctly attempt to acquire the NTPServers, NTPEnabled sub-nodes.
Removed the data response as it was returning a string vector instead
of a json::array. The original code caused a seg fault. Instead of
returning a carbon copy of the values sent, the return is a 204 code,
indicating success and returning no data.
Change-Id: Ifb82855e1cd143e3cf2cb8979531b01b27d32234
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
FQDN and IPv6Address are mandatory properties in OCP profile.
Tested:
GET /redfish/v1/Managers/bmc/NetworkProtocol HTTP/1.1
Response:
{
"@odata.context": "/redfish/v1/$metadata#ManagerNetworkProtocol.ManagerNetworkProtocol",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
"@odata.type": "#ManagerNetworkProtocol.v1_4_0.ManagerNetworkProtocol",
"Description": "Manager Network Service",
"FQDN": <host name>.<domain name>,
"HTTPS": {
"Port": 443,
"ProtocolEnabled": true
},
"HostName": <host name>,
...
}
GET /redfish/v1/Managers/bmc/EthernetInterfaces/eth0 HTTP/1.1
Response:
{
"@odata.context": "/redfish/v1/$metadata#EthernetInterface.EthernetInterface",
"@odata.id": "/redfish/v1/Managers/bmc/EthernetInterfaces/eth0",
"@odata.type": "#EthernetInterface.v1_4_1.EthernetInterface",
...
"FQDN": <host name>.<domain name>,
"HostName": <host name>,
...
"IPv6Addresses": [],
...
}
Signed-off-by: Jennifer Lee <jennifer1.lee@intel.com>
Change-Id: I0ca8f98523cbcfc935e0ac3bbf93f87762ff183b
|
|
Implements CertificateService schema to list the actions
available.
Implements CertificateLocations schema to list the
certificates present in the system.
Implements CertificateCollection schema to upload/list
existing HTTPS certificates
Implements Certificate schema to view existing HTTPS
certificate
Cater for reloading the SSL context after a certificate
is uploaded.
Fix Certificate signature validation failure
At present bmcweb uses the certificate from "/home/root/server.pem"
the same is modified to "/etc/ssl/certs/https/server.pem" as
phosphor-certificate-manager uses the specified path to
install/replace certificates.
Bmcweb creates a self-signed certificate when certificate is not
present. Catered for creating "/etc/ssl/certs/https/" direcotry
structure so that self signed certificate is created in the path.
Implements ReplaceCertificate action of Certificate
Service for replacing existing HTTPS certificates
Cleanup of older self-signed certificate at /home/root/server.pem
1. Tested schema with validator and no issues
2. Privilege map for certificate service is not yet pubished
2. GET on /redfish/v1/CertificateService/
"CertificateService": {
"@odata.id": "/redfish/v1/CertificateService"
},
3. GET on /redfish/v1/CertificateService/CertificateLocations/
"@odata.context":
"/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
"@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
"Description": "Defines a resource that an administrator can use in order to
locate all certificates installed on a given service",
"Id": "CertificateLocations",
"Name": "Certificate Locations"
4.POST on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates
{
Returns contents of certificate
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
"@odata.type": "#Certificate.v1A_0_0.Certificate",
"Id": "1",
"Issuer": {
...
...
}
5.GET on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateCollection.CertificateCollection",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates",
"@odata.type": "#CertificateCollection.CertificatesCollection",
"Description": "A Collection of HTTPS certificate instances",
"Members": [
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
],
"Members@odata.count": 1,
"Name": "HTTPS Certificate Collection"
}
6.GET on /redfish/v1/CertificateService/CertificateLocations/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
"@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
"Description": "Defines a resource that an administrator can use in order to
locate all certificates installed on a given service",
"Id": "CertificateLocations",
"Links": {
"Certificates": [
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
],
"Certificates@odata.count": 1
},
"Name": "Certificate Locations"
}
7.GET on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString":
"-----BEGINCERTIFICATE-----\n....\n-----ENDCERTIFICATE-----\n",
"CertificateType": "PEM",
"Description": "HTTPS Certificate",
"Id": "1",
"Issuer": {
}
8. Verified SSL context is reloaded after a certificate is installed.
9.curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate/
-d @data_https.json
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString": "-----BEGIN CERTIFICATE----END CERTIFICATE-----\n",
"Description": "HTTPS certificate",
"Id": "1",
"Issuer": {
}
4. data_https.json file contents
{
"CertificateString": "-----BEGIN PRIVATE
KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDClW1COSab2O0W\nW0SgTzLxQ1Igl4EpbEmTK8CAQ+wI7loTDZ7sZwYdf6yc9TAs/yNKjlJljgedGszv\nbC7sPNpH4FA63kaM6TbBBKTRshwZ3myXiBOOkOBs6w6V7+c7uEPcMFge6/4W1VXD\nReMi016cnPWZsmQyGzpmPM49YNEDZBfdKZ/pLuCYc9L9t706U7FrUSGfM7swB+mC\n8NH9qMixMuWAV9SBvzUWI6p4OCmN8a/F+4lOdbPMVEUqQ0hCBCjGM4qmiy/5Ng6y\n6rKeJlUdmOSTk8ojrNGcOXKh0nRafNEQFkIuoPHt8k5B/Yw2CX6s2BoGwvF+hS03\n+z3qVSw3AgMBAAECggEBAKpe92kybRGr3/rhMrdCYRJJpZEP1nGUdN89QbGMxxAS\n0h84n9vRYNNXRKWxMNtVEWtoLdDpiNUP8Dv59yO1LFIen2DL2e3rDJv4Gu/YCS7F\nR0NuS+FaDIaRURYLFeV+MzyJv75jVvhbFlqByJxngcGS1KAcSApvOLTnrJSlPpy9\n8ec5gnDhdOUND9PaQt8xCqMs1RPpjqvrgRzMEodZoqT5v+b0K1GmsAdbSHNP2mLM\nrqtpFDefiM1YfsTHUtxQykxG2Ipd2jzJ0a8O0qmVqdXcP9J9aqLcmD/2/r96GEV6\n/5qvIBj3SRFobxCiCwfys2XOXfjz2J+BUZzGoZvKeRECgYEA518hT6mn46LhwrTI\nW+Qpi7iTJgOfeLC+Ng855VHVQFED1P3T2lfyfGDyqKI/wV1DJIJmO8iOXerSPnhi\nb7reQkyHj6ERUtuE+6BQ9oTw2QD3EEvzOK2PEH5UipbhVTDnC3fT62Vz2yb3tR8D\n2h0XVJkj/dng9p1Td5aDGMriRRMCgYEA10vTyYqBPjDIEYw/Sc9aQk2kT6x3hrRQ\ngR4xyuI31RTCRD/KpLh/7z4s11Wkr+F9CyASeLbqu6zymlLOlS5p7IUkJ/x2X027\nJWVY1SR+oF3iF3SHiP4XkOVvWOKwIVUhgTjK1+Di6i3AlwIeAOS7VCCP6W0gbnwJ\nyyAAHZ30NM0CgYAqTur4dj2NEqvVvtkkdIRkWEwQF3mByE//8qjTljM4n5fjysaC\nlrJwrAmzbHfcFAHDG1U2eWYPJnFrmvflFnauCPCBAyL308xtdtNXQNgJ1nNXN4wy\nQQp4KaGr9gseWOLm5fKKiPK2kFmbdSBvMgKiJZ6/PKg2cG5i39L5JaBaoQKBgApw\nqOJ7Du1fHDSNonwHzA6vCSq76Efl8olwV2XJNn/ks87vcPov4DRPxYjjpErLGm8x\nrPOhmxxitJj7Lv1Y9NX9VtWBjpPshwi3M2mSjXllVBNjGTdxat8h4RZkV7omEKvd\nfyicxSQp987a0W2lqdfYhGIDYrE43pi1AoxtHmx5AoGBAJSoRy62oZbW6vjfdkuf\nvVnjNfFZwuiPV/X2NT+BhNPe5ZKFtC6gGedHLaIBBD3ItRhGuHZxgWXccPjGHofi\n6DlPdp2NePJgDT2maSjGSiAcHxyXdmW+Ev27NblvAxktoTUcVqSENrKFb+Fh4FXN\nlXiJzOEwAXiP2ZFbMRyNF/MI\n-----END
PRIVATE KEY-----\n-----BEGIN
CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIJAI1Wr/fK5F0GMA0GCSqGSIb3DQEBCwUAMDIxHDAaBgNV\nBAoME29wZW5ibWMtcHJvamVjdC54eXoxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x\nOTAyMDExMzIyMDhaFw0yOTAxMjkxMzIyMDhaMDIxHDAaBgNVBAoME29wZW5ibWMt\ncHJvamVjdC54eXoxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAMKVbUI5JpvY7RZbRKBPMvFDUiCXgSlsSZMrwIBD7Aju\nWhMNnuxnBh1/rJz1MCz/I0qOUmWOB50azO9sLuw82kfgUDreRozpNsEEpNGyHBne\nbJeIE46Q4GzrDpXv5zu4Q9wwWB7r/hbVVcNF4yLTXpyc9ZmyZDIbOmY8zj1g0QNk\nF90pn+ku4Jhz0v23vTpTsWtRIZ8zuzAH6YLw0f2oyLEy5YBX1IG/NRYjqng4KY3x\nr8X7iU51s8xURSpDSEIEKMYziqaLL/k2DrLqsp4mVR2Y5JOTyiOs0Zw5cqHSdFp8\n0RAWQi6g8e3yTkH9jDYJfqzYGgbC8X6FLTf7PepVLDcCAwEAAaNQME4wHQYDVR0O\nBBYEFDDohRZ1+QlC3WdIkOAdBHXVyW/SMB8GA1UdIwQYMBaAFDDohRZ1+QlC3WdI\nkOAdBHXVyW/SMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFN0DWy6\nYPXHzidWMKKyQiJ5diqUv6LbujKOHUk+/LGSoCqcUp8NvmFDKWYP9MxjOAi9TVbs\nRGlIHBl38oSwKUayXBTY/vVeSLls90giUAOjswoRbBBQZvKyfEuFpc1zUsrhGLDC\n/6DuRt9l0DWcMcmP6Yh3jePIIwTr3bpxBGrwNLly8fPf16q4bWRIAcI3ZgLOhsrN\nLfD2kf56oYViM44d54Wa0qjuCfeTnJ46x/lo6w2kB9IzF7lwpipMU7+AG8ijDdaQ\nn8t0nADpv6tNNargLcOTTfJ0/P2PaKxwA1B88NhjlymBnNbz4epIn4T3KyysgS62\nzwqs66LPWoDerzc=\n-----END
CERTIFICATE-----",
"CertificateType": "PEM",
"CertificateUri":
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
}
Change-Id: I2acbf8afa06bbf7d029d4971f7ab3b3988f5f060
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
The RedfishServiceValidator throws the following error:
"ERROR - Verifying property that does not belong to this
version: ManagerNetworkProtocol.v1_2_0.ManagerNetworkProtocol:NTP"
NTP was added in version 1_2_0. Bumped to latest, 1_4_0.
Tested: Ran RedfishServiceValidator and no longer observe the
error.
Change-Id: Ia9fb2e789593c28f776928d94094204725f5b1ce
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Testing:
GET
PATCH {"NTPServers": ["7.7.7.7"]}
PATCH {"NTPServers": ["7.7.7.7","4.4.4.4"]}
PATCH {"NTPEnabled": true, "NTPServers": ["1.1.1.1"]}
PATCH {"NTPEnabled": false}
Change-Id: I324e8779d84b368ada78541596946a23f42ef785
Signed-off-by: raviteja-b <raviteja28031990@gmail.com>
|
|
- Protocol HTTPS was missing the property "Port"
- The property "ProtocolEnabled" was showing incorrect data for each protocol
Signed-off-by: Jennifer Lee <jennifer1.lee@intel.com>
Change-Id: Ibaa7b81845714ad13b2b44d6af033df98da236e2
|
|
TestedBy:
PATCH '{"HostName": "bmcbmc"}'
Tested with validator and no errors.
Change-Id: I610dcda7b8c56486f22214e177b4dc6ad7018e7c
Signed-off-by: raviteja-b <raviteja28031990@gmail.com>
|
|
This patchset attempts to fix all compiler warnings in bmcweb owned
files. There are 2 warnings left, both in sdbusplus, which will be
resolved in a patchset there.
Tested By:
Recompiled, observed warning count went from 30, to zero.
Change-Id: Ife90207aa5773bc28faa8b04c732cafa5a56e4e4
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Change-Id: I9d7069668f91f2ac72d2f4a440f63e0e85dd5269
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Now that sdbusplus variant supports std::get_if, we can remove our
custom, mapbox namespaced implementation that does the same thing.
Change-Id: I854c473003e28e41dd45dba08ca683433f1c1774
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
In the original incarnation of bmcweb, route registration was done
automatically. This has proved to be a terrible idea, wraught with
corner cases and issues.
The route registration is currently the only user of the
redfish::Node::json element. Unfortunately, as written, this structure
consumes a lot of memory that's duplicated and not very useful. From a
performance perspective, there is almost no difference between
rebuilding the structure for each GET request, and having the "cache"
that needs to be copied into the response and modified before it can be
useful.
In the programming tradeoffs for bmc, lower memory usage is more important
than latency, especially at these levels.
Change-Id: I785e8352123e5e886acf05cd59cb23648f93839d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
The error message code used a json_pointer object which must
begin with a '/' character and had to be sent as an extra
parameter. This change simplifies the interface by using a
string so there doesn't have to be a '/'. This allowed the
same property argument passed for the message to be used
for the property field path.
Tested: Sent an error with a property and verified that it is
correctly displayed.
Change-Id: I0571e2eee627cedf29d751588a4f1bceee66f084
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Makes the Redfish error reporting interface automatically handle
setting the http status and JSON content in the response object.
When using an AsyncResp object, this allows for simply calling
the Redfish error and returning.
Change-Id: Icfdce2de763225f070e8dd61e591f296703f46bb
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Rename openbmc to bmc in one spot.
The initial code review to change this missed one spot in network
protocol. Make sure it's renamed everywhere.
Change-Id: I43f60038bb560924ce7544d3e0cb006339660bd9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit moves the codebase to the lastest clang-format file from
upstream, as well as clang-format-6.0.
Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
1. remove providers interface
2. Move the static structures to globals, and make them const char* to
avoid construction on startup.
3. Explicitly capture all variables
Change-Id: I4a79d6f94e38c1a0ea0002b584c30ca02f5a930f
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
ManagerNetworkProtocol schema now operates on data fetched from D-Bus
instead of netstat. This also prepares it for PATCH implementation that
will allow services ports & state manipulation.
Does not break other components. ManagerNetworkProtocol however will
display only services available on D-Bus. Tested on platform and x86
machine.
Change-Id: Id693dfbdd870801feb06d08833a261bdbb4285e6
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset moves bmcweb over to the upstream style naming
conventions for variables, classes, and functions, as well as imposes
the latest clang-format file.
This changeset was mostly built automatically by the included
.clang-tidy file, which has the ability to autoformat and auto rename
variables. At some point in the future I would like to see this in
greater use, but for now, we will impose it on bmcweb, and see how it
goes.
Tested: Code still compiles, and appears to run, although other issues
are possible and likely.
Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
