| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Map DeratingFactor from PowerSupplyAttributes.interface.yaml
to the Redfish property PowerSupply "EfficiencyPercent".
Only do this call when the "Power" schema is called.
Use the InventoryItem class introduced in
adc4f0db57568c5e5d2a3398fce00dbb050a3b72
Tested: Power, Thermal, all look good.
Passed the Redfish Validator.
"PowerSupplies": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerSupplies/0",
"EfficiencyPercent": 90,
"IndicatorLED": "Off",
"Manufacturer": "",
"MemberId": "powersupply0",
"Model": "2B1D",
"Name": "powersupply0",
"PartNumber": "01KL471",
"PowerInputWatts": 12.0,
"SerialNumber": "71G370",
"Status": {
"Health": "OK",
"State": "Enabled"
}
},
Change-Id: I344577a7a3d72cd37d5f6bab03edbdce13b9f764
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
All other Oem Schemas start with Oem.
This is used by the update_schemas.py to determine an Oem
schema and is a reasonable requirement for Oem schemas.
https://github.com/openbmc/bmcweb/blob/a3268f98f308ca7c8660b1ace44d5b9a40be204b/scripts/update_schemas.py#L43
Tested: Ran the validator against this change on a Witherspoon
with BMCWEB_ENABLE_REDFISH_CPU_LOG enabled and OemCheck
true. Validator passed. Might be worth running on a
system that actually uses BMCWEB_ENABLE_REDFISH_CPU_LOG.
curl -k https://${bmc}/redfish/v1/Systems/system/LogServices/Crashdump
{
"@odata.context": "/redfish/v1/$metadata#LogService.LogService",
"@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump",
"@odata.type": "#LogService.v1_1_0.LogService",
"Actions": {
"#LogService.ClearLog": {
"target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/LogService.ClearLog"
},
"Oem": {
"#Crashdump.OnDemand": {
"target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/Crashdump.OnDemand"
}
}
},
"Description": "Oem Crashdump Service",
"Entries": {
"@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump/Entries"
},
"Id": "Oem Crashdump",
"MaxNumberOfRecords": 3,
"Name": "Open BMC Oem Crashdump Service",
"OverWritePolicy": "WrapsWhenFull"
}
Change-Id: Iacc11be1284b99c2ed9a6c2ca0a936bd97855afb
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Currently 'Updateable' property value in SoftwareInventory schema
is hardcoded. Added support to look through the updateable
software associations objects and use it for 'Updateable'
Redfish property in SoftwareInventory.
Tested:
- Checked 'Updateable' Property value for both
programmable and non-programmable firmware inventory
components and it works as expected.
- Ran the Redfish validator and no new issues found.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: Ia24f942f3afe49674ec3628cac0356a5496ef337
|
|
This enhances the return value from the pamAuthenticateUser function so
callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which
means the credentials are correct, but the password must be changed.
Tested: Yes, scenarios via both Redfish login and Basic Auth:
- correct username and password, password is not expired
- correct username and password, password is expired
- correct username and incorrect password, password is not expired
- correct username and incorrect password, password is expired
- non-existent user (passsword is not relevant)
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
|
|
OEM Schema for VirtualMedia added.
Also OpenBMC level has been added to OEM field in the code to
conform to schema standard.
Tested:
Manually using full stack of VirtualMedia.
* Inserting/ejecting media in both legacy and proxy mode
* Redfish Service Validator 1.3.2 ran
Change-Id: Iaa87dd767a4bf2062bd4e74dd790a2496aca96de
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
As continuation for VirtualMedia Redfish support, this patch adds
insertion and eject actions into existing VirtualMedia code base.
Testing:
* Manual tests together with nbd proxy and virtual media app
- For requests: Postman and/or HTTPie, with logs enabled and Valgrind)
- Manual result validation
* Tests run:
- GET on collection with manual validation
- PUT/POST/DELETE on collection
- GET on item/nonexistent item
- PUT/POST/DELETE on item
- GET/PUT/DELETE on action
- POST on action - EjectMedia/InsertMedia, legacy mode
- POST on action - InsertMedia, proxy mode
- POST on action - input validation (empty, invalid URL), legacy mode
* Redfish Service Validator tested, no new issues found.
Change-Id: Icccc433c1e84bc2ac37d9c295fe72749187fb735
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
This change adds VirtualMedia scheme to Redfish.
Implementation is based on input from virtual-media module
and nbd proxy which is a bmcweb part. The code is used
only in case ndb-proxy is supported in bmcweb
(BMCWEB_ENABLE_VM_NBDPROXY compilation flag).
Tested:
* Manual tests together with nbd proxy and virtual media app
- For requests: Postman and/or HTTPie, started with logs
enabled and Valgrind
- Manual result validation
* Tests ran:
- GET on collection with manual validation
- PUT/POST/DELETE on collection
- GET on item/nonexistent item
- PUT/POST/DELETE on item
* Redfish Service Validator tested, no new issues found.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Change-Id: I5415dc0ffe52069fd35bc614b0378bbc4ad41ff6
|
|
Redfish specifies only "OK", "Warning", and "Critical" as valid
values for message severity, but some messages have a severity
of "Error".
This changes the incorrect "Error" severity values to "Critical".
Tested:
Checked that all severity values are "OK", "Warning", or "Critical".
Passed the Redfish service validator.
Change-Id: If65665c76915e1730e6ae12c36003242aa9a85c6
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
At present, the Crashdump.SendRawPeci redfish interface accepts one
PECI command at a time. Changed it to accept array of PECI commands
through which multiple PECI commands can be aggregated into one redfish
call. Also provided backward compatibility for existing single PECI
command input format.
Tested:
Tested by aggregating 1000 PECI commands in one redfish call.
Tested by giving single PECI command with the existing format.
Change-Id: I05c547438ce9833519807b39347223183bdfb4ed
Signed-off-by: Karthick Sundarrajan <karthick.sundarrajan@intel.com>
|
|
Updated "MemoryThermTrip" message entry for CPU Memory
Thermal Trip events.
Tested:
1. Redfish validator - passed for this new addition
2. Verified in Redfish, MemoryThermTrip message populated properly
Redfish URI:
GET: https://<BMC IP>/redfish/v1/Systems/system/LogServices/EventLog
/Entries
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/
Entries/506",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:08:26+00:00",
"EntryType": "Event",
"Id": "506",
"Message": "Memory ThermTrip asserted: CPU 1.",
"MessageArgs": [
"CPU 1"
],
"MessageId": "OpenBMC.0.1.MemoryThermTrip",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/
Entries/506_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:08:26+00:00",
"EntryType": "Event",
"Id": "506_2",
"Message": "Memory ThermTrip asserted: CPU 2.",
"MessageArgs": [
"CPU 2"
],
"MessageId": "OpenBMC.0.1.MemoryThermTrip",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: Chalapathi <chalapathix.venkataramashetty@intel.com>
Change-Id: I89271d28012c7f01a6cc37e1ef35c7e15f5e9965
|
|
Message entry for
BMC should detect the following intrusion or non-allowed configuration and
log the security event with description.
1. Password storing hash algo changes from SHA2-256 to MD5 in Linux pwd file
2. When any user other than root has its UID set to 0 in Linux pwd file
3. When any unsupported shells (not bash or sh) are present in Linux pwd file
4. When the root user is assigned a password in Linux password file
Tested:
1. Ran Redfish validator - passed for this new addition.
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75_1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:01:15+00:00",
"EntryType": "Event",
"Id": "75_1",
"Message": "weak password computing hash algorithm is enabled = MD5 Hash algorithm .",
"MessageArgs": [
"MD5 Hash algorithm"
],
"MessageId": "OpenBMC.0.1.SecurityUserWeakHashAlgoEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/240",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:00+00:00",
"EntryType": "Event",
"Id": "240",
"Message": "other than /bin/bash,/bin/sh, Unsupported shell is enabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/246",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:06+00:00",
"EntryType": "Event",
"Id": "246",
"Message": "Unsupported shell is removed",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellRemoved",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/604",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:10:04+00:00",
"EntryType": "Event",
"Id": "604",
"Message": "password computing hash algorithm is changed to sha256/sha512.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserHashAlgoChanged",
"Name": "System Event Log Entry",
"Severity": "OK"
}
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:01:15+00:00",
"EntryType": "Event",
"Id": "75",
"Message": "root user is enabled.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserRootEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1153",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:19:13+00:00",
"EntryType": "Event",
"Id": "1153",
"Message": "uid Zero is assigned with non-root user",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserNonRootUidZeroAssigned",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: I8a3a10be2cc85614baa7b0d2f56b3376c3301e01
|
|
Some systems create a xyz.openbmc_project.Software.Version D-bus object
for reasons other then storing a FirmwareInventory object. For example
the phosphor-logging code can add it to a log to track what level of
code was running when a log was created. These should not show up in the
Redfish FirmwareInventory API.
Tested:
Before this change, 3 and 4 correlated to phosphor-logs on system
curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory",
"@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection",
"Members": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/4"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3b296352"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/e9b7a436"
}
],
"Members@odata.count": 5,
"Name": "Software Inventory Collection"
}
After:
Verified 3 and 4 were no longer returned in FirmwareInventory
curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory",
"@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection",
"Members": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/2d556644"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/7432374c"
}
],
"Members@odata.count": 3,
"Name": "Software Inventory Collection"
}
Ran Redfish validator and ensured no errors
Change-Id: I3e99fe7570b87b83f75918873267fb1587add182
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
This adds the indicator property to Chassis Schema,
and moves the logic from systems.hpp to a common header
to share the code.
Tested: Passed the validator, was able to turn LED on
Change-Id: I79458a2a4656d7ddf2939bb9f56845eb6d9a27ca
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Added PowerSupplyConfigurationErrorRecovered message entry in
openbmc_message_registry as it is required when PSU deassert event
occurred.
This is continuation of below patch.
https://gerrit.openbmc-project.xyz/#/c/openbmc/dbus-sensors/+/27701/
Tested:
1. Verified redfish validator passed
2. verified in Redfish, PowerSupplyConfigurationErrorRecovered message populated
properly
Get: https://<BMC IP>/redfish/v1/Systems/system/LogServices/
EventLog/Entries
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/42519",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T11:48:39+00:00",
"EntryType": "Event",
"Id": "42519",
"Message": "Power supply PSU2 configuration error recovered.",
"MessageArgs": [
"PSU2"
],
"MessageId": "OpenBMC.0.1.PowerSupplyConfigurationErrorRecovered",
"Name": "System Event Log Entry",
"Severity": "OK"
},
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ifef9d323241f49124df7b85f85d42041e7ecdf83
|
|
Based on the spec, these PSU related logs should be warning.
Tested:
With two PSUs, remove one AC cable, and then remove the PSU,
Check the PSU related log in
https://$BMCIP/redfish/v1/Systems/system/LogServices/EventLog/Entries
Signed-off-by: Yong Li <yong.b.li@linux.intel.com>
Change-Id: Iebce710d7d003731cbb956738d8be212bf04ad0b
|
|
This commit contains bug fixes in readJson function call
1) Handled invalid double value which is leading to crash
bmcweb. If user give string for double value key, its
not handled in readJson which intern causes exception
and crash.
2) If any of input types of floating_point, signed or unsigned
int type values are provided with wrong type, it should
return error, instead its returning 200 success response.
Added code to return proper error response.
Tested:
- Tested invalid case by giving wrong type values in PATCH.
URI: /redfish/v1/Chassis/WC_Baseboard/Thermal
METHOD: Patch
REQUEST:
{
"Fans": [
{
"MemberId": "Fan_1a",
"Reading": "200"
}
]
}
RESPONSE:
{
"Reading@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"200\" for the property Reading is of a different type than the property can accept.",
"MessageArgs": [
"\"200\"",
"Reading"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
- Also performed some positive and negative tests with other URI's.
- Redfish validator ran successfully without any issue(No impact though)
Change-Id: Ie98384e67a863ab96aa537f492a686b2c7ebb3a2
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Tested Redfish ConfigureSelf privilege
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57
|
|
Support health status of firmware inventory objects based on the mapping
relationship:
[dbus status] [redfish state] [redfish health]
Ready Disabled OK
Activating Updating OK
Active Enabled OK
NotReady Disabled Warning
Invalid Disabled Warning
Failed Disabled Warning
Tested:
[dbus status] --> [redfish state] --> [redfish health]
1. Ready --> Disabled --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Ready",
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
2. Activating --> Updating --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Activating",
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Updating"
},
...
}
3. Active --> Enabled --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
"data": {
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Active",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
...
}
4. Invalid --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.Invalid
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Invalid",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
5. NotReady --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.NotReady
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.NotReady",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
6. Failed --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.Failed
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Failed",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
Validator tool result:
Counter({'pass': 2992, 'skipOptional': 2470, 'metadataNamespaces': 1605,
'passGet': 189, 'serviceNamespaces': 71, 'invalidPropertyValue': 10,
'warningPresent': 6, 'passAction': 6, 'optionalAction': 5, 'warnDeprecated':
2, 'unverifiedComplexAdditional': 1})
Validation has succeeded.
Change-Id: Ic475f56d19c0be01ca7aebf67a3f6814d35bcacd
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
|
|
Message entry for
1. At-Scale Debug session established and closed.
2. Whenever At-Scale Debug user is enabled or disabled
3. At-scalde Debug feature is enabled or disabled in platform
4. At-sclde Debug service is enabled or disabled
Tested:
1. Ran Redfish validator - passed for this new addition.
Log will be shown as below:
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:14+00:00",
"EntryType": "Event",
"Id": "254",
"Message": "At-Scale Debug Feature is enabled in hardware.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabledAtHardware",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254_1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:14+00:00",
"EntryType": "Event",
"Id": "254_1",
"Message": "At-Scale Debug service is started.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:30+00:00",
"EntryType": "Event",
"Id": "30630_2",
"Message": "At-scale-debug service is now connected 198.164.11.12",
"MessageArgs": [
"198.164.11.12"
],
"MessageId": "OpenBMC.0.1.AtScaleDebugConnected",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_3",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:30+00:00",
"EntryType": "Event",
"Id": "30630_3",
"Message": "At-scale-debug connection aborted/failed",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugConnectionFailed",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30629_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:29+00:00",
"EntryType": "Event",
"Id": "30629_2",
"Message": "At-scale-debug service is now disconnected",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugDisconnected",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/262",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:22+00:00",
"EntryType": "Event",
"Id": "262",
"Message": "At-Scale Debug special user is disabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserDisabled",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/154",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:02:34+00:00",
"EntryType": "Event",
"Id": "154",
"Message": "At-Scale Debug special user is enabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: Id5369c36547c4a5d7ae6f1f1dbd4dae8317a26d7
|
|
Exceptions are compiled out, and json.get throws, change
it to get_ptr.
Tested: no functional change
Change-Id: Ie2db7285b89b45b1fd61d8526561b772c85151b3
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Added new state 'StandBySpare' for firmware inventory
objects. With this change firmware inventory ["Status"]["State"]
will be set to "StandBySpare" if the inventory item is
BackUp/Recovery image.
Tested:
- Did the GET on "/redfish/v1/UpdateService/FirmwareInventory/<backup image>"
Response:
....
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "StandbySpare"
}
.....
- Verifed GET on other inventory and works fine
- Successfully ran the Redfish validator.
Change-Id: I7094bb3a60a7fb8dc6564ee1d7a67480249423ac
Signed-off-by: Vikram Bodireddy <vikram.bodireddy@linux.intel.com>
|
|
Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege.
Redfish document DSP2046 defines the ConfigureSelf privilege as
"Can change the password for the current user account and log out of
their own sessions." This notion is formalized in the Redfish DSP8011
PrivilegeRegistry where ConfigureSelf appears in three operations:
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation.
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH
Password property override.
- Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation.
Tested: Yes, tested the above operations using users with various Roles to
determine which operations are allowed.
ReadOnly users (privileges: Login, ConfigureSelf):
- Can GET their own account.
- Can change their password.
- Can log out.
- Cannot change any other properties of their own account.
- Cannot change anyone else's password.
- Cannot GET someone else's account.
- Cannot log out anyone else.
Operator users (privileges: Login, ConfigureComponents, ConfigureSelf):
- Same access as a ReadOnly user.
Administrator users (all privileges):
- Can do everything Operator can do.
- Can change one or more properties of their account
- Can GET and change properties of someone else's account.
- Can logoff any session.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
|
|
Issue: NoAccess user able to get the Systems/system in Redfish
Fix: Added privilege check for NoAccess
Tested:
1. Verified redfish validator passed
2. Verified NoAccess privilege user on Redfish for /Systems/system url
GET: https://<BMC IP>/redfish/v1/Systems/system
Result: Status is 403 Forbidden
Body log: Forbidden
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ib0ccb3382a9c33608ef354f1e545c328aec40179
|
|
Tested by:
Request: Creating session with wrong credential.
curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions
-d '{"UserName":"root", "Password":"penBmc"}'
Resonse Error code: HTTP/1.1 401 Unauthorized
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I9c7b0af644f1e3d987b4f76e4206bbb276aba035
|
|
This action resets the BIOS attributes to default.
Tested:
GET test:
1. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system
{
...
"Bios": {
"@odata.id": "/redfish/v1/Systems/system/Bios"
},
...
}
2. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/Bios
{
"@odata.id": "/redfish/v1/Systems/system/Bios",
"@odata.type": "#Bios.v1_1_0.Bios",
"Actions": {
"#Bios.ResetBios": {
"target": "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios"
}
},
"Description": "BIOS Configuration Service",
"Id": "BIOS",
"Name": "BIOS Configuration"
}
POST test:
1. Change gard list:
# ./gard list
No GARD entries to display
# ./gard create /Sys0/Node0/Proc1/EQ1/EX1/Core0
# ./gard list
ID | Error | Type | Path
-----------------------------------------------------------------------
00000001 | 00000000 | Manual | /Sys0/Node0/Proc1/EQ1/EX1/Core0
=======================================================================
2. Reset bios:
# curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios
3. Check gard list again:
# ./gard list
No GARD entries to display
Validator tool test:
Counter({'pass': 3001, 'skipOptional': 2475, 'metadataNamespaces': 1605,
'passGet': 191, 'serviceNamespaces': 72, 'invalidPropertyValue': 10,
'passAction': 7, 'optionalAction': 6, 'warningPresent': 6, 'warnDeprecated':
2, 'unverifiedComplexAdditional': 1})
Validation has succeeded.
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
Change-Id: I0cba966bfde04566001b6df07ad15217f627c327
|
|
This change is to GET and PATCH the ApplyTime property using the
UpdateServce redfish schema. GET request can be used to check the value
before initiating the BMC image upload and activation. PATCH request
can be used to update the ApplyTime value.
If the ApplyTime value is Immediate, force-reboot.service gets called
which reboots the BMC. If the ApplyTime value is OnReset, no force reboot
will be triggered and the new BMC image will be functional till the user
decideds to reboot the BMC manually.
Tested:
Changes passed the Redfish-Service-Validator test.
Success Scenarios:
1. If the value of ApplyTime is Immediate (GET request)
GET https://$bmc/redfish/v1/UpdateService
{
"@odata.context": "/redfish/v1/$metadata#UpdateService.UpdateService",
"@odata.id": "/redfish/v1/UpdateService",
"@odata.type": "#UpdateService.v1_2_0.UpdateService",
"ApplyTime": "Immediate",
"Description": "Service for Software Update",
"FirmwareInventory": {
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory"
},
"HttpPushUri": "/redfish/v1/UpdateService",
"Id": "UpdateService",
"Name": "Update Service",
"ServiceEnabled": true
}
2. PATCH request to change value to OnReset:
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime""OnReset"}}}' https://${bmc}/redfish/v1/UpdateService
{
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.4.0.Success",
"Resolution": "None",
"Severity": "OK"
}
]
}
Error Scenarios:
1. Test by giving wrong HttpPushUriOptions name
[Given as "HttpPushUriOptions1"]
PATCH -d '{ "HttpPushUriOptions1": { "HttpPushUriApplyTime":
{ "ApplyTime":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"HttpPushUriOptions1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property HttpPushUriOptions1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"HttpPushUriOptions1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
2. Test by giving wrong HttpPushUriApplyTime name
[Given as "HttpPushUriApplyTime1"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime1":
{ "ApplyTime:"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"HttpPushUriApplyTime1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property HttpPushUriApplyTime1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"HttpPushUriApplyTime1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
3. Test by giving wrong ApplyTime name [Given as "ApplyTime1"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime1":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property ApplyTime1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"ApplyTime1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
4. Giving wrong ApplyTime value ["Immediat" instead of "Immediate"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime":"Immediat"}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value Immediat for the property ApplyTime is not in the list of acceptable values.",
"MessageArgs": [
"Immediat",
"ApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueNotInList",
"Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
5. NULL value given for "HttpPushUriOptions"
PATCH -d '{ "HttpPushUriOptions": ""}' https://${bmc}/redfish/v1/UpdateSrvice
{
"HttpPushUriOptions@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"\" for the property HttpPushUriOptions is of a different type than the property can accept.",
"MessageArgs": [
"\"\"",
"HttpPushUriOptions"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
6. NULL value given for "HttpPushUriApplyTime"
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":""}}' https:/${bmc}/redfish/v1/UpdateService
{
"HttpPushUriApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"\" for the property HttpPushUriApplyTime is of a different type than the property can accept.",
"MessageArgs": [
"\"\"",
"HttpPushUriApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
7. NULL value given for "HttpPushUriApplyTime"
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":{ "ApplyTime":""}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value for the property ApplyTime is not in the list of acceptable values.",
"MessageArgs": [
"",
"ApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueNotInList",
"Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
Signed-off-by: Jayashankar Padath <jayashankar.padath@in.ibm.com>
Change-Id: Icd01bb6c102c0a24285c79ccf4d41fd5fe53f0ed
|
|
Total Memory in redfish is always 0, fix the problem.
Tested:
After DC cycle the system. TotalSystemMemoryGiB in Redfish system page should
not be zero.
"MemorySummary": {
"Status": {
"State": "Enabled"
},
"TotalSystemMemoryGiB": 16
},
Signed-off-by: Cheng C Yang <cheng.c.yang@linux.intel.com>
Change-Id: I89ad8ed1cf5f9ca9589db444740167645dab9a6e
|
|
Since an OnDemand crashdump could take some time it may cause
the request to time out before the response can be sent.
The correct fix for this is to implement the Redfish Task Monitor
service to handle all asynchronous tasks. Until then, this
change will return 204 (no content) and add the OnDemand log to
the Entries list.
When Task Monitor is implemented it can return 202 (accepted) with
the location of the Task to poll.
Tested:
Used Postman to trigger the OnDemand action and immediately got a
204 response. Polled the Entries list and saw the OnDemand entry
after it was ready.
Change-Id: I3e2692ec5d377823072e0d610fa3ca17a9259a37
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Tested:
Used Postman to send the OnDemand action twice and got a 503 with
a retry message on the second attempt.
Change-Id: I319a6318ee57e504a54b3fdb6894a5aeb43af203
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Tested:
Used a browser to request an invalid Crashdump URI and got a
404 with a resource not found error.
Change-Id: Idcac7868bb1f3b4c0248926b46be2cf4fce05328
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Whenever the Redfish response is that a service is temporarily
unavailable, the "Retry-After" header is added with the same
value, so just set the header automatically with the response.
Tested:
Confirmed that the "Retry-After" header is set correctly with
the Redfish temporarily unavailable message.
Change-Id: I9c940be94d9d284b9633c5caa2ce71ade76d22d5
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
This interface doesn't have to exist
Change-Id: If0ea4e3c201c80c25e825f64ba3601685ef9ed95
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This adds support for Storage Controllers.
Tested: Validator passed
{
"@odata.context": "/redfish/v1/$metadata#Storage.Storage",
"@odata.id": "/redfish/v1/Systems/system/Storage/1",
"@odata.type": "#Storage.v1_7_1.Storage",
"Drives": [
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_1"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_2"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_3"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_4"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_5"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_6"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_7"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_8"
}
],
"Drives@odata.count": 8,
"Id": "1",
"Name": "Storage Controller",
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
"StorageControllers": [
{
"@odata.context": "/redfish/v1/$metadata#Storage.StorageController",
"@odata.id": "/redfish/v1/Systems/system/Storage/1#/StorageControllers/0",
"@odata.type": "#Storage.v1_7_0.StorageController",
"Manufacturer": "$BOARD_MANUFACTURER",
"MemberId": "HSBP_1",
"Model": "$BOARD_PRODUCT_NAME",
"Name": "HSBP_1",
"PartNumber": "$BOARD_PART_NUMBER",
"SerialNumber": "$BOARD_SERIAL_NUMBER",
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
}
}
]
}
Change-Id: I9d956343daa74ddfa912e3cbe0d38b0e42a4859f
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Populate does a mapper call and a get managed objects
and should only be called once. Enforce it.
Tested: No actual change, it is currently never called
twice, this is just for future protection with multiple
async calls.
Change-Id: I8fb9d8d19b2aa2a1c957a0ac8b609adf5e6ba6d0
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
std::strtol() expects null-terminated string. This means that passing
string_view.data() to it may cause undefined behaviour.
Let's fix it by using boost::convert instead.
Tested: Manually by sending valid requests and looking for empty
responses.
Change-Id: I319277551b5e85586783afdc8c86e4a7d8db876e
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
|
|
Set the PowerCap with redfish patch.
Tested:
Case 1: PowerCapEnable is false
$ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":false}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": null
}
}
],
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "PowerCapEnable is false, can't set the PowerCap.",
"MessageArgs": [],
"MessageId": "Base.1.4.0.UnableToSetPowerCap",
"Resolution": "Set PowerCapEnable to be true before setting PowerCap.",
"Severity": "Warning"
}
],
"code": "Base.1.4.0.UnableToSetPowerCap",
"message": "PowerCapEnable is false, can't set the PowerCap."
}
}
Case 2: PowerCapEnable is true, PowerControl json only
$ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":true}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": 2001.0
}
}
],
...
}
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}' -v
...
< HTTP/1.1 204 No Content
...
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": 2004.0
}
}
],
...
}
Case 3: PowerCapEnable is true, PowerControl and Voltages json
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit"{"LimitInWatts":2001}}], "Voltages": [{"MemberId" : "p0_vcs_voltage", "ReadingVolts":8}]}' -v
...
< HTTP/1.1 204 No Content
...
Case 4: Wrong chassis path
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassi/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2001}}]}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The requested resource of type Chassis named chassi was not found.",
"MessageArgs": [
"Chassis",
"chassi"
],
"MessageId": "Base.1.4.0.ResourceNotFound",
"Resolution": "Provide a valid resource identifier and resubmit the request.",
"Severity": "Critical"
}
],
"code": "Base.1.4.0.ResourceNotFound",
"message": "The requested resource of type Chassis named chassi was not found."
}
}
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
Change-Id: Ifabdf053005b31cf3e3539009a1ec20ce4d46d5b
|
|
Added support for the IndicatorLED property for physical leds
associated with Thermal and Power sensors.
Testing: Verified output on a witherspoon.
No new errors in redfish validation.
Change-Id: I4e49b3c1769742e49f57c6c1b77a82511cdc8b99
Signed-off-by: Anthony Wilson <wilsonan@us.ibm.com>
|
|
Currently some systems doesn't have enclosure_identity_blink
object for supporting blinking feature which are leading
to systems/system uri failing with 500 error.
Corrected the code to make enclosure_identity_blink object
get/set as optional.
Tested:
Tested IndicatorLED for all 3 cases and it works fine.
Simulated case to not have enclosure_identity_blink object
and teste all 3 InidicatorLED value set and get.
Ran the redfish validator with success results.
Change-Id: I310fb71269aae6d36ea025556ad3b1d87b0acb39
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Updated get and set of IndicatorLED state
to use the correct d-bus service. Added code to
support LED blinking state.
Tested:
- Using PATCH method on below URI, changed "IndicatorLed"
to multiple states like 'Lit', 'Off', 'Blinking' and
verified correct response using GET method.
URI: /redfish/v1/Systems/system
- Ran the Redfish validator and no new issues observed.
Change-Id: I40f103b1cb0190c48605f60bfca39ba1d20a28ec
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
Because these structures are known at compile time, they can be
constexpr with no ill effect.
Tested: Code compiles, clang-tidy checks pass no functional change.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
Change-Id: Id78e3638b3dddd740f1a22e22d17fb0d6f8437d3
|
|
User is now able to turn on and off the TLS authentication method.
Tested:
No regression found in manual testing. By default everything works
as before, and disabling TLS method prevents user to authenticate
by it.
Tested with Redfish Service Validator, version 1.2.8
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7be1af659db568caa7e5b97e3844617586d7754
|
|
Added NoAccess role to the Redfish, to properly show
users created using IPMI with NoAccess privilege.
This patch will add NoAccess role & will use the same
when the user privilege is empty.
Note: This code was reverted due to redfish validator failure
and the same has been fixed in this patch, by creating
proper json array empty object.
Tested:
1. Verified redfish validator passed and the earlier issue of
failNullCollection for the NoAccess role is resolved.
2. Verified NoAccess role is listed properly
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
"@odata.type": "#Role.v1_2_2.Role",
"AssignedPrivileges": [],
"Description": "NoAccess User Role",
"Id": "NoAccess",
"IsPredefined": true,
"Name": "User Role",
"OemPrivileges": [],
"RoleId": "NoAccess"
}
3. Verified user with No Privilege is listed without any error.
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.
ManagerAccount",
"@odata.id": "/redfish/v1/AccountService/Accounts/user6",
"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
"Description": "User Account",
"Enabled": false,
"Id": "user6",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"RoleId": "NoAccess",
"UserName": "user6"
}
Change-Id: If9577598e0a6215cf76f5db031ad5f8bcf2387a7
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
This was an automatic change made by clang-tidy. It moves all uses of
NULL to nullptr, which are equivalent, but nullptr is prefered.
Tested: Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9526599b222693c9723a69934b599c7a5b5d1fbf
|
|
priv-callback is valid only for IPMI modem callback, which
was never used, and it's decided to deprecate the same
https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/26839/
Removing the support in redfish now.
Tested:
1. Verified callback role was not in list in Get of
https://<BMC IP>/redfish/v1/AccountService/Roles/
2. Redfish validator passed for this change.
Change-Id: Ia16fb584a07bbdf29197cd5dd54e7a9682627c19
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
This reverts commit 27c10d2ee746b85e9463efb0fc6773c209b2f5ba.
Reason for revert: <Makes the validator fail>
Change-Id: I379d9eda57416476ff1cc17e594c55dedd0bc4eb
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Issue: With IPMI command- If New user created, by defualt created with
"NO ACCESS" Channel priv Limit. But same role is not populating from
Redfish.
This test can be done only with below patch being merged.
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/
+/24784/
Tested:
Added "NoAccess" Role to Redfish(if Channel privilege Limit is empty in
userlist).
Below is Snapshot from Redfish:
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
"@odata.type": "#Role.v1_2_2.Role",
"AssignedPrivileges": null,
"Description": "NoAccess User Role",
"Id": "NoAccess",
"IsPredefined": true,
"Name": "User Role",
"OemPrivileges": [],
"RoleId": "NoAccess"
}
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.
ManagerAccount",
"@odata.id": "/redfish/v1/AccountService/Accounts/user6",
"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
"Description": "User Account",
"Enabled": false,
"Id": "user6",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"RoleId": "NoAccess",
"UserName": "user6"
}
Redfish validator test results:
Counter({'skipOptional': 31791, 'pass': 22397, 'passGet': 2293,
'metadataNamespaces': 1047, 'warningPresent': 70,
'serviceNamespaces': 68, 'invalidPropertyValue': 67,
'err.LogEntry.v1_0_0.EventSeverity': 64, 'failProp': 64,
'repeat': 14, 'reflink': 9, 'passAction': 7, 'optionalAction': 6,
'failErrorPresent': 1, 'unverifiedComplexAdditional': 1,
'warnTrailingSlashLink': 1})
Validation has failed: 65 problems found
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibc74e2fe4519ec6160dd516893d5e542feeabb0d
|
|
Need to Log security event for enabling uart-port-debug, P2A-bridge and
BMC 2nd boot flash to redfish.
tested:
By settng the SCU registers for uart-port-debug disable bit, P2A-bridge
enable bit and BMC 2nd boot flash enable bit, trigger security events, can
see their redfish log.
Change-Id: I75a7ed679c6b20d454a831e52d96dea30eea22bd
Signed-off-by: Chen,Yugang <yugang.chen@linux.intel.com>
|
|
Updated the NetworkProtocol GET method code
to lookup the service names and socket paths
directly fetched from System control ListenSockets.
Tested:
- Performed GET on NetworkProtocol URI and validated
all responses.
- Stopped services(ssh) and validated Enabled status.
- Successfully ran Redfish validator without any issues.
URI: /redfish/v1/Managers/bmc/NetworkProtocol
Response:
............
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
"HTTPS": {
.....
"Port": 443,
"ProtocolEnabled": true
},
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
..........
Change-Id: I047910d3e6430a2779b3803a0f1e836104e2bda3
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
Modified POST method to handle redfish user creation
error codes.
Tested:
Tested user creation with below test cases
1)Already user exists
2)Max users reached
3)Username is NULL
4)Username is not starting with alphabet
5)Username exceed more than 16 characters
6)Invalid Password
Redfish validator test results: Passed
Signed-off-by: anil kumar appana <anil.kumarx.appana@intel.com>
Change-Id: I58361ddd4dfd067802f805f9d870b2bc1692ea1d
|
|
Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.
Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.
This change is a fix for this request:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23590/18
which was revert here:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/26869
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I66b5ad423746f1992070a14f2983a07b1320190e
|
