| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Our includes haven't been enforced by tidy in a while. Run the script,
check in the result, minus the false positives.
Change-Id: I6a6da26f5ba5082d9b4aa17cdc9f55ebd8cd41a6
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
The previous commit 90cd2e1 [1] causes WebUI to fail to load and
connect. It is because a global static var (`hasWebuiRoute`) is
instantiated per compile unit and it ends up causing the inconsistency
of the value of it.
Tested:
- Verify WebUI to load successful
- Redfish Service Validator passes
[1] https://github.com/openbmc/bmcweb/commit/90cd2e1d2e2228b0c575c9a3b6b2dc75eac9eb68
Change-Id: I09c3a9a831528e25c09299b0ee15993974d94d88
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
Http2 support in bmcweb has been relatively stable for a while. The
http2 implementation passes all known Redfish tests (some of which
require ported to httpx to support http2), the UI loads, and so far as
the project is concerned, is a complete improvement over the existing
http1 stack.
This commit removes the experimental classification from http2, and
declares it ready for production use, while enabling it by default.
note, that enabling this by default only makes the server advertise that
http2 is available. Http2 must still be supported by the client to
enable ALPN negotiation, so existing http1 clients that only support
http1 will continue to function as they did before.
Tested: Enabled http option and saw http2 advertised, http2 now takes
effect.
Change-Id: I92843a3afc532f0b2a64904bb872e5d84a1a54fe
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
The backends are different things compared to generic code. Today,
these are all included in the /include folder, but it's not very clear
what options control which backends, or how things map together. This
also means that we can't separate ownership between the various
companies.
This commit is a proposal to try to create a features folder,
separated by the code for the various backends, to make interacting
with this easier. It takes the form
features/<option name>/files.hpp
features/<option name>/files_test.hpp
Note, redfish-core was already at top level, and contains lots of code,
so to prevent lots of conflicts, it's simply symlinked into that folder
to make clear that it is a backend, but not to move the implementation
and cause code conflicts.
Tested: Unit tests pass. Code compiles.
Change-Id: Idcc80ffcfd99c876734ee41d53f894ca5583fed5
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
Meta does not use TLSStrict, due to wanting optional password
authentication, but does need mTLS support. 463a0e3 broke this
functionality in order to fix asking for client certificates on the
webui side. Revert to the old behavior only if the webui is not
installed.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Change-Id: Iae2e62faa5e8341c0422ab0521dea340d4e927b2
|
|
Since 2020, nlohmann has recognized that implicit conversions to and
from json are an issue. Many bugs have been caused at both development
time and runtime due to unexpected implicit conversions from json to
std::string/int/bool. This commit disables implicit conversions using
JSON_USE_IMPLICIT_CONVERSIONS [1]. This option will become the default
in the future. That comment was written 3 years ago at this point, so
we should prepare.
Tested:
Redfish service validator passes.
[1] https://json.nlohmann.me/api/macros/json_use_implicit_conversions/
Change-Id: Id6cc47b9bbf8889e4777fd6d77ec992f3139962c
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
When BMC reboots or bmcweb restarts, the persistent subscriptions may
not be loaded properly but they may still be in the file.
Later on if BMC reboots or bmcweb restarts, those unloaded subscriptions
may potentially and unexpectedly cause the reload into the active
subscriptions.
The key cause is due to the compiler evaluation order for the function
arguments where the last argument is evaluated and pushed into the stack
first. As the result, the first argument `newSub->id` may already be
invalid after the last argument `std::make_shared<>(std::move(*newSub))`
is evaluated and pushed into the parameter stack [1].
This may cause the failure of `subscriptionsConfigMap.emplace()` and
results in the missing instantiation of the persistent subscriptions.
Tested:
- Create many subscriptions
- GET subscriptions
```
curl -k -X GET https://${bmc}/redfish/v1/EventService/Subscriptions
{
"@odata.id": "/redfish/v1/EventService/Subscriptions",
"@odata.type": "#EventDestinationCollection.EventDestinationCollection",
"Members": [
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/1187258741"
},
...
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/949306789"
}
],
"Members@odata.count": 6,
"Name": "Event Destination Collections"
}
```
- Restart bmcweb
- GET subscriptions again and check whether they are the same.
- Sometimes, none or only a few may be instantiated like
```
curl -k -X GET https://${bmc}/redfish/v1/EventService/Subscriptions
{
"@odata.id": "/redfish/v1/EventService/Subscriptions",
"@odata.type": "#EventDestinationCollection.EventDestinationCollection",
"Members": [
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/1187258741"
}
],
"Members@odata.count": 1,
"Name": "Event Destination Collections"
}
```
- However, the file `/home/root/bmcweb_persistent_data.json` still has
the old entries.
- Also verify Redfish Service Validator to pass
[1] https://github.com/openbmc/bmcweb/blob/0c814aa604b36cff01b495f9c335f981c7be83be/include/persistent_data.hpp#L184
Change-Id: Ia8a3c1bd3d4f4e479b599077ba8f26e47f8d22ef
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
This commit is fixing coverity issues reported for copy in stead of
move.
Tested: redfish service validator passes
Change-Id: I97e755830f28390e7c4bfaba6f3f947898a21423
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Replace use_certificate with use_certificate_chain to properly handle
both single certificates and certificate chains. This allows loading
and sending the complete certificate chain during TLS handshake,
improving client validation.
Tested with generate_user_auth.py
Change-Id: I8ef1665307ee2e401901a662ac9ee6df7b50937d
Signed-off-by: Ben Peled <bpeled@nvidia.com>
|
|
Adding async_method_call in dbus utility gives us a place where we can
intercept method call requests from dbus to potentially add
logging/caching.
An example of logging is in the later commit:
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/78265/
We already do this for setProperty, this moves the method calls to
follow a similar pattern.
Tested: Redfish service validator passes.
Change-Id: I6d2c96e2b6b6a023ed2138106a55faebca161592
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
Goal of the MR is to provide infrastructure support in bmcweb to manage
the OEM fragment handling separately. OEM schema are vendor defined and
per DMTF resource we could have multiple vendor defined OEM schema to be
enabled.
The feature allows registration of route handler per schema per OEM
namespace.
Example
```
REDFISH_SUB_ROUTE<"/redfish/v1/Managers/<str>/#/Oem/OpenBmc">(service,
HttpVerb::Get)(oemOpenBmcCallback);
REDFISH_SUB_ROUTE<"/redfish/v1/Managers/<str>/#/Oem/Nvidia">(service,
HttpVerb::Get)(oemNidiaCallback);
```
We can have separate vendor defined route handlers per resource. Each of
these route handlers can populate their own vendor specific OEM data.
The OEM code can be better organized and enabled/disabled as per the
platform needs. The current MR has the code changes related to handling
GET requests alone. The feature only supports requests
where the response payload is JSON.
Tests
- All UT cases passes
- New UT added for RF OEM router passes
- Service Validator passes on qemu
- GET Response on Manager/bmc resource contains the OEM fragment
```
curl -c cjar -b cjar -k -X GET https://127.0.0.1:2443/redfish/v1/Managers/bmc
{
"@odata.id": "/redfish/v1/Managers/bmc",
"@odata.type": "#Manager.v1_14_0.Manager",
"Oem": {
"OpenBmc": {
"@odata.id": "/redfish/v1/Managers/bmc#/Oem/OpenBmc",
"@odata.type": "#OpenBMCManager.v1_0_0.Manager",
"Certificates": {
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates"
}
}
},
"UUID": "40575e98-90d7-4c10-9eb5-8d8a7156c9b9"
}
```
Change-Id: Ic82aa5fe760eda31e2792fbdfb6884ac3ea613dc
Signed-off-by: Rohit PAI <rohitpai77@gmail.com>
|
|
Systemd has support for enabling service level watchdog. The MR enables
this support for bmcweb daemon. Request for watchdog monitor from
systemd is added in bmcweb.service.in. From the event loop a timer is
registered to kick the watchdog periodically
The default watchdog timeout is set at 120 seconds and the timer is set
to kick it at a quarter of the interval (every 30 seconds).
This timeout is set somewhat arbitrarily based on the longest blocking
call that could occur and still give a valid HTTP response. Suspect
lower values could work equally as well.
Benefits of Service Watchdog
- Bmcweb route handlers should not make any blocking IO calls which
block the event loop for considerable amount of time and slowdown the
response of other URI requests in the queue. Watchdog can help to detect
such issues.
- Watchdog can help restart the service if any route handler code has
uncaught bugs resulting from system API errors (this is in theory,
currently we don't have any use case).
Tested
1. UT is passing
2. Service validator is passing
3. Fw upgrade POST requests are working
Change-Id: If62397d8836c942fdcbc0618810fe82a8b248df8
Signed-off-by: rohitpai <ropai@nvidia.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
ClangBuildAnalyzer shows that each of these dbus calls is relatively
expensive to compile, so put them in their own compile unit so they can
be compiled separately.
Tested: Redfish service validator passes
Change-Id: Ia383611182d8bc93c125248c4196898cb51fd807
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
This commit attempts to add the concept of an SSL detector from beast,
and add the capability into bmcweb. This allows directing multiple
socket files to the bmcweb instance, and bmcweb will automatically sort
out whether or not they're SSL, and give the correct response. This
allows users to plug in erroneous urls like "https://mybmc:80" and they
will forward and work correctly.
Some key design points:
The HTTP side of bmcweb implements the exact same http headers as the
HTTPS side, with the exception of HSTS, which is explicitly disallowed.
This is for consistency and security.
The above allows bmcweb builds to "select" the appropriate security
posture (http, https, or both) for a given channel using the
FileDescriptorName field within a socket file. Items ending in:
both: Will support both HTTPS and HTTP redirect to HTTPS
https: Will support HTTPS only
http: will support HTTP only
Given the flexibility in bind statements, this allows administrators to
support essentially any security posture they like. The openbmc
defaults are:
HTTPS + Redirect on both ports 443 and port 80 if http-redirect is
enabled
And HTTPS only if http-redirect is disabled.
This commit adds the following meson options that each take an array of
strings, indexex on the port.
additional-ports
Adds additional ports that bmcweb should listen to. This is always
required when adding new ports.
additional-protocol
Specifies 'http', 'https', or 'both' for whether or not tls is enfoced
on this socket. 'both' allows bmcweb to detect whether a user has
specified tls or not on a given connection and give the correct
response.
additional-bind-to-device
Accepts values that fill the SO_BINDTODEVICE flag in systemd/linux,
and allows binding to a specific device
additional-auth
Accepts values of 'auth' or 'noauth' that determines whether this
socket should apply the normal authentication routines, or treat the
socket as unauthenticated.
Tested:
Previous commits ran the below tests.
Ran the server with options enabled. Tried:
```
curl -vvvv --insecure --user root:0penBmc http://192.168.7.2/redfish/v1/Managers/bmc
* Trying 192.168.7.2:80...
* Connected to 192.168.7.2 (192.168.7.2) port 80 (#0)
* Server auth using Basic with user 'root'
> GET /redfish/v1/Managers/bmc HTTP/1.1
> Host: 192.168.7.2
> Authorization: Basic cm9vdDowcGVuQm1j
> User-Agent: curl/7.72.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.7.2
< X-Frame-Options: DENY
< Pragma: no-cache
< Cache-Control: no-Store,no-Cache
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
< Date: Fri, 08 Jan 2021 01:43:49 GMT
< Connection: close
< Content-Length: 0
<
* Closing connection 0
```
Observe above:
webserver returned 301 redirect.
webserver returned the appropriate security headers
webserver immediately closed the connection.
The same test above over https:// returns the values as expected
Loaded the webui to test static file hosting. Webui logs in and works
as expected.
Used the scripts/websocket_test.py to verify that websockets work.
Sensors report as expected.
Change-Id: Ib5733bbe5473fed6e0e27c56cdead0bffedf2993
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Copy the latest format file from the docs repository and apply.
Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
The way we pass around io contexts is somewhat odd. Boost maintainers
in slack recommended that we just have a method that returns an io
context, and from there we can control this (context link lost years
ago).
The new version of clang claims the singleton pattern of passing in an
io_context pattern is a potential nullptr dereference. It's technically
correct, as calling the singleton without immediately initializing the
io context will lead to a crash.
This commit implements what the boost maintainers suggested, having a
single method that returns "the context" that should be used. This also
helps to maintain isolation, as some pieces are no longer tied directly
to dbus to get their reactor.
Tested: WIP
Change-Id: Ifaa11335ae00a3d092ecfdfb26a38380227e8576
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.
This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.
[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects
Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
Boost seems to have changed to not directly expose
basic_random_generator. This results in an error.
```
../src/ossl_random.cpp:15:1: error: included header random_generator.hpp is not used directly [misc-include-cleaner,-warnings-as-errors]
```
Tested: Code builds. #include only change.
Change-Id: Ib17a3520b8207e6e4de5aa7a3807bd6cec6d4e25
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
enable the event subscriptions
/redfish/v1/EventService/Subscriptions/
to work for the dbus event log.
So if you are enabling redfish-dbus-log option,
event subscriptions should work similar to when
this option is disabled, with one difference:
- 'MessageArgs' property is currently not implemented and cannot be
found in the returned json.
Tested:
- Using Redfish Event Listener, test subscriptions and eventing.
- Manual Test below with the Redfish Event Listener:
1. Created a maximal Event Log Subscription
redfish
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/2023893979",
"@odata.type": "#EventDestination.v1_8_0.EventDestination",
"Context": "EventLogSubscription",
"DeliveryRetryPolicy": "TerminateAfterRetries",
"Destination": "http://${ip}:5000/event-receiver",
"EventFormatType": "Event",
"HttpHeaders": [],
"Id": "2023893979",
"MessageIds": [],
"MetricReportDefinitions": [],
"Name": "Event Destination 2023893979",
"Protocol": "Redfish",
"RegistryPrefixes": [],
"ResourceTypes": [],
"SubscriptionType": "RedfishEvent",
"VerifyCertificate": true
}
which matches on all registries and all message ids.
2. created a new phosphor-logging entry
busctl call xyz.openbmc_project.Logging \
/xyz/openbmc_project/logging \
xyz.openbmc_project.Logging.Create \
Create 'ssa{ss}' \
OpenBMC.0.1.PowerButtonPressed \
xyz.openbmc_project.Logging.Entry.Level.Error 0
3. bmcweb picks up this new entry via the dbus match, this can be
verified by putting bmcweb in debug logging mode.
4. the event log entry makes it through the filtering code
5. the POST request is sent to the subscribed server as expected,
and contains the same properties as with the file-based backend.
Change-Id: I122e1121389f72e67a998706aeadd052ae607d60
Signed-off-by: Alexander Hansen <alexander.hansen@9elements.com>
|
|
EventServiceManager is already too large. Implement the TODO from run
that these should be classes, and fix the issue where events are being
registered on startup, not on a subscription being created.
To accomplish this, this patch takes global state and breaks them out
into RAII classes from EventServiceManager, one for monitoring DBus
matches, and one for monitoring filesystem log events using inotify.
Each of these connect to static methods on EventService that can send
the relevant events to the user.
Fundamentally, no code within the two new classes is changed, and the
only changes to event service are made to support creation and
destruction of the RAII classes.
There are a number of call sites, like cacheRedfishLogFile, that are
obsoleted when the class is raii. The file will be re-cached on
creation.
Tested: WIP
No TelemetryService tests exist in Redfish.
Change-Id: Ibc91cd1496edf4a080e2d60bfc1a32e00a6c74b8
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
EventServiceManager is very large. Break out two of the functions, and
the global variables into a separate compile unit.
Code is copied as-is, with no improvements made in this patch.
Tested: At end of series.
Change-Id: I89a3605885e5bafa86a6083f1ff8c5db3bb8daf9
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
As reported, there are cases where a valid certificate isn't present,
but a browser still prompts for an MTLS cert. Fix that by explicitly
setting verify_none if strict tls isn't enabled. Unclear what impacts
this will have elsewhere:
Tested (not yet done on this patch): with a self-signed certificate,
logging into chrome no longer prompts the certificate screen.
Change-Id: Iaf7d25fec15ad547a6c741c9410995e19ba22016
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
Enhance bmcweb CLI app error messages. Replace the loglevel flag with a
subcommand called "loglevel". Handle case where empty log levels were
being propagated to bmcwebd.
Invalid logging values are handled by the CLI. List of available states
can be determined by using the command:
bmcweb loglevel -h
Example:
bmcweb loglevel DEBUG
bmcweb loglevel debug
Change-Id: Iaac3f674109e5d86f6c0cd7c1b930ee1c9c594e2
Signed-off-by: Aushim Nagarkatti <anagarkatti@nvidia.com>
|
|
This commit is automatically generated by enabling clang-include-fixer.
Tested: Code compiles.
Change-Id: I475d7b9d43e95bbdeeaadf11905d3b2a60aa8ef3
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
These files were checked in during the clang-18 merge. Update them.
Change-Id: I857a87dac29469a4c24e83c6ee8b7c8461002f04
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
Create a CLI app called "bmcweb" that can set logging levels on
"bmcwebd", the new bmcweb daemon. Create a dbus connection to set log
level using the CLI app Define the "setLogLevel" method on dbus to
control logging level in bmcwebd Add logic to move logging level from
build option to dynamic overloading
Reason: bmcweb picks up logging level as a compile flag. We want it to
be more flexible to debug errors in the field. Using the bmcweb CLI
app, we can set log levels on the bmcweb daemon during runtime.
Splitting bmcweb.
For example, to set logging level to INFO on the target:
bmcweb -l INFO
Change-Id: I7192e4d0ac7aa3a91babecc473521be27ea8acd1
Signed-off-by: Aushim Nagarkatti <anagarkatti@nvidia.com>
|
|
clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.
See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.
Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
Catching exceptions in main is annoying, because it prevents core dumps
from happening in systemd. We initially did this so we could enable
the bugprone-exception-escape check [1]. That documentation shows
that
"Functions declared explicitly with noexcept(false) or throw(exception)
will be excluded from the analysis,"
This seems like a better idea than catching all exceptions and printing.
Tested: bmcweb launches normally. clang-tidy passes.
[1] https://clang.llvm.org/extra/clang-tidy/checks/bugprone/exception-escape.html
Change-Id: I943b3b1c13bcbc21cd18f392cdc7574edf2f809e
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
nghttp2 has added a new callback[1] which solves the issue we were
seeing previously with const. This cleans up some NOLINT markers, but
should have no functional changes
[1] https://nghttp2.org/documentation/nghttp2_select_alpn.html#c.nghttp2_select_alpn
Tested:
Curl shows HTTP2 upgrade works properly.
* ALPN, offering h2
* ALPN, offering http/1.1
* ALPN, server accepted to use h2
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
Change-Id: Ic41754c58e6166aac22ed5afca5371661db959da
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
This commit allows for no code to have to pull in openssl headers
directly. All openssl code is now included in compile units, or
transitively from boost.
Because http2 is optional, no-unneeded-internal-declaration is needed to
prevent clang from marking the functions as unused. Chromium has
disabled this as well[1]
Tested:
Redfish service validator passes.
[1] https://issues.chromium.org/issues/40340369
Change-Id: I327e8ffa45941c2282db804d0be56cf64155e67d
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
When the subscription limit is hit, there is Subscription events
generated when Subscription objects are constructed. Unfortunately, we
make an accidental copy of the Subscription object in
include/persistent_data.hpp
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/72670
Is lined up to fix that issue, but we need to fix the underlying problem
where we have memory safety issues in global variables.
This commit is something to fix the issue, by simply destroying the
object causing the problem before more events can be received.
Tested:
Followed instructions on the aforementioned commit to create the max
number of subscriptions.
Called systemctl restart bmcweb
Observed no more crash on shutdown.
Change-Id: Ie52545f5cb8a044c186d0e9db47362e170b1fdb5
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.
It does it in several ways, first, the code for generating
JsonSchemaFile resources has been changed to be generated at runtime,
based on files on disk. This is slightly slower, but allows installing
schemas from anywhere, and matches the CSDL handling.
Next, the schema folders are separated into two sets
csdl -> This includes the complete schema pack from dmtf
installed -> this includes only the schemas the bmc includes
Similar folders exist for json-schema and json-schema-installed.
This allows any additional schemas to be a single symlink addition.
Note, this also checks in all of the dmtf json schemas, not just the
versions we use. This allows us to update the schema pack without
needing to break our versions we ship.
Because the static files are now selectable, all files need to be in a
folder. This forces the css and image for the redfish built-in gui to
be moved.
Tested:
/redfish/v1/JsonSchemas returns the correct result
/redfish/v1/JsonSchemas/UpdateService returns a JsonSchemaFile instance
/redfish/v1/JsonSchemas/UpdateService/UpdateService<version>json returns
the JsonSchemaFile contents.
Redfish service validator passes.
Change-Id: Ie96b2e4b623788dc2ec94eb40fcfd80325f0d826
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Issue: Listener not receiving the events generated. SubmitTestEvent
directly writes a test event to the HttpClient and listener sees it.
But, in the case of services generated events, redfish event logs are
written to /var/log/redfish. iNotify is used to determine if any new
Redfish event log is generated.
Below patch causing this issue not to notify the redfish event log to
listener.
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70915
Fix: Code changes made to get iNotify properly so that listener receives
the events generated by server once subscription is successful.
Tested:
- Once subscription generated successfully. Tested client receiving
events successfully by running command on BMC console
Signed-off-by: poram srinivasa rao <poramx.srinivasa.rao@intel.com>
Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Id6ff5236eb57ba861210696e41caa838ab78034e
|
|
The method of creating a random ID from an openssl random generator of a
particular length is something that is generally useful, and something
we can write unit tests for. Add it.
Tested:
Redfish service validator login flows work correctly in redfish service
validator.
Change-Id: Ic3b58d33f1421f3eb39e2d57585958f87f6fb8ea
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
When run from a development PC, we shouldn't REQUIRE that the cert
directory exists or is writable.
This commit reworks the SSL cert generation to generate a string with
the certification info, instead of writing it to disk and reading it
back. This allows bmcweb to start up in read-only environments, or
environments where there isn't access to the key information.
Tested: Launching the application on a dev desktop without an ssl
directory present no longer crashes.
Change-Id: I0d44eb1ce8d298986c5560803ca2d72958d3707c
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
The configuration options that exist in bmcweb are an amalgimation of
CROW options, CMAKE options using #define, pre-bmcweb ifdef mechanisms
and meson options using a config file. This history has led to a lot of
different ways to configure code in the codebase itself, which has led
to problems, and issues in consistency.
ifdef options do no compile time checking of code not within the branch.
This is good when you have optional dependencies, but not great when
you're trying to ensure both options compile.
This commit moves all internal configuration options to:
1. A namespace called bmcweb
2. A naming scheme matching the meson option. hyphens are replaced with
underscores, and the option is uppercased. This consistent transform
allows matching up option keys with their code counterparts, without
naming changes.
3. All options are bool true = enabled, and any options with _ENABLED or
_DISABLED postfixes have those postfixes removed. (note, there are
still some options with disable in the name, those are left as-is)
4. All options are now constexpr booleans, without an explicit compare.
To accomplish this, unfortunately an option list in config/meson.build
is required, given that meson doesn't provide a way to dump all options,
as is a manual entry in bmcweb_config.h.in, in addition to the
meson_options. This obsoletes the map in the main meson.build, which
helps some of the complexity.
Now that we've done this, we have some rules that will be documented.
1. Runtime behavior changes should be added as a constexpr bool to
bmcweb_config.h
2. Options that require optionally pulling in a dependency shall use an
ifdef, defined in the primary meson.build. (note, there are no
options that currently meet this class, but it's included for
completeness.)
Note, that this consolidation means that at configure time, all options
are printed. This is a good thing and allows direct comparison of
configs in log files.
Tested: Code compiles
Server boots, and shows options configured in the default build. (HTTPS,
log level, etc)
Change-Id: I94e79a56bcdc01755036e4e7278c7e69e25809ce
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
As much as the two vm implementations SEEM different, the differences
largely lie in how we're getting the nbd proxy socket. One is relying
on launching a process (nbd-proxy), the other is getting the fd from
dbus. Given [1] exists and is in process, we need to have a plan for
getting these two VM implementations into one, once that patchset is
complete.
This commit: Splits the vm-websocket option into vm-websocket-provider,
providing two options, nbd-proxy, and virtual-media (the names of the
respective apps). To accomplish this, it moves the contents of
nbd-proxy into include/vm-websocket, so we can compare the similarities
and start consolidating.
The longer term intent is that the nbd-proxy option will be completely
removed, and the code deleted. This has the additional advantage that
we will no longer require the boost::process dependency, as all info
will be available on dbus.
As part of this, the nbd proxy websocket is also registered at /vm/0/0,
to be backward compatible with the old interfaces.
Tested: Code compiles. Need some help here.
[1] https://gerrit.openbmc.org/c/openbmc/jsnbd/+/49944
Change-Id: Iedbca169ea40d45a8775f843792b874a248bb594
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a much better way, by proxying everything.
This commit is one piece in the solving a use after free bug. Removing
this allows us to no longer have to cache the origin header [1], which
is only used in this mode.
Tested: Code compiles.
[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70850
Change-Id: I01d67006e217c0c9fd2db7526c0ec34b0da068f3
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Most of these were found by breaking every redfish class handler into
its own compile unit:
When that's done, these missing headers become compile errors. We
should just fix them.
In addition, this allows us to enable automatic header checking in
clang-tidy using misc-header-cleaner. Because the compiler can now
"see" all the defines, it no longer tries to remove headers that it
thinks are unused.
[1] https://github.com/openbmc/bmcweb/commit/4fdee9e39e9f03122ee16a6fb251a380681f56ac
Tested: Code compiles.
Change-Id: Ifa27ac4a512362b7ded7cc3068648dc4aea6ad7b
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This feature was introduced to manage the operation sync at BMC while
multiple clients manage the BMC.
This feature scope has gone away and it is not a simple code to maintain
as per the growing standards of bmcweb.
This commit removes the feature from this repo.
Tested by: Locks routes are not available anymore
Change-Id: I257225cfb1f43d7d5dadb21a28a2ee5345c5112a
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This macro came originally from CROW_ENABLE_SSL, and was used as a macro
to optionally compile without openssl being required.
OpenSSL has been pulled into many other dependencies, and has been
functionally required to be included for a long time, so there's no
reason to hold onto this macro.
Remove most uses of the macro, and for the couple functional places the
macro is used, transition to a constexpr if to enable the TLS paths.
This allows a large simplification of code in some places.
Tested: Redfish service validator passes.
Change-Id: Iebd46a68e5e417b6031479e24be3c21bef782f4c
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Change-Id: If511f1210cca7bd1da3a8c5152688487d3036e2f
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Meson supports unity builds[1] natively. There's no reason to continue
with the pseudo unity build we've been using by putting implementations
in header files.
This commit is the first in a long series of starting to break this up
into smaller compile units, in the hopes of dropping incremental compile
times for developers, and reduce the total per-core memory usage that
gcc requires.
This commit breaks out the run() function from main() and the
constructor of RedfishService from redfish.hpp into their own compile
units. According to tracing, even after broken out, these are still by
far the two longest to compile units in the build.
Tested: Code compiles. Debug build on a 24 core build server results in
a decrease in compile time for compiling just bmcweb from 1m38s to
1m22s.
[1] https://mesonbuild.com/Unity-builds.html
Change-Id: Ibf352e8aba61d64c9a41a7a76e94ab3b5a0dde4b
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
clang-18 improves this check so that we can actually use it. Enable it
and fix all violations.
Change-Id: Ibe4ce19c423d447a4cbe593d1abba948362426af
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
And fix the includes that are wrong.
Note, there is a very large ignore list included in the .clang-tidy
configcfile. These are things that clang-tidy doesn't yet handle
well, like knowing about a details include.
Change-Id: Ie3744f2c8cba68a8700b406449d6c2018a736952
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
As is, it reads the whole file into memory before sending it. While
fairly fast for the user, this wastes ram, and makes bmcweb less useful
on less capable systems.
This patch enables using the boost::beast::http::file_body type, which
has more efficient serialization semantics than using a std::string. To
do this, it adds a openFile() handler to http::Response, which can be
used to properly open a file. Once the file is opened, the existing
string body is ignored, and the file payload is sent instead.
openFile() also returns success or failure, to allow users to properly
handle 404s and other errors.
To prove that it works, I moved over every instance of direct use of the
body() method over to using this, including the webasset handler. The
webasset handler specifically should help with system load when doing an
initial page load of the webui.
Tested:
Redfish service validator passes.
Change-Id: Ic7ea9ffefdbc81eb985de7edc0fac114822994ad
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
In boost 1.83.0, the boost::url maintainers deprecated the header only
usage of the library without warning. A discussion with the
maintainers[1] made it clear that they removed the abiliy on purpose,
and they're not going to add it back or add a deprecation strategy (they
did say they would update the documentation to actually match the
intent), and that from here on in we should be using the cmake boost
project to pull in the non-header-only boost libraries we use (which at
this point is ONLY boost url).
This commit updates to remove the usage of boost::urls::result typedef,
which was deprecated in this release (which causes a compile error) and
moves it to boost::system::result.
In addition, it updates our meson files to pull in the boost project as
a cmake dependency.
[1] https://cpplang.slack.com/archives/C01JR6C9C4U/p1696441238739129
Tested: Not yet.
Change-Id: Ia7adfc0348588915440687c3ab83a1de3e6b845a
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This reverts commit 8ed41c35a314580bb794fa0fff2e01b0bf7efcf7.
In discord, it was posted 2 systems are hitting 403 Forbidden for all
endpoints.
Reverting fixed the problem, until time is given to dive into this,
just revert.
One of the things wrong is this is missing an After/Want
xyz.openbmc_project.User.Manager.service.
Change-Id: I1766a6ec2dbc9fb52da3940b07ac002a1a6d269a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
There is an async call within the router that leads to a small, but
pervasive performance issue for all queries. Removing that call from the
router has the potential to increase the performance of every
authenticated query, and significantly reduce our dbus traffic for
"simple" operations.
This commit re-implements the role cache in session object that existed
previously many years ago. Each users role is fetched during
authentication and persisted in session object. Each successive request
can then be matched against the privilege which is there in the
in-memory session object.
This was discussed on below commit
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39756
Tested by:
```
POST /redfish/v1/SessionService/Sessions {"UserName":"root", "Password": “0penBmc”}
```
Followed by redfish queries
Get /redfish/v1/AccountService
Tested user role persistency
Redfish service validator passes.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I575599c29358e32849446ce6ee7f62c8eb3885f6
|
|
std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.
Unfortunately, given its level of compile time checks, it needs to be a
method, instead of the stream style logging we had before. This
requires a pretty substantial change. Fortunately, this change can be
largely automated, via the script included in this commit under
scripts/replace_logs.py. This is to aid people in moving their
patchsets over to the new form in the short period where old patches
will be based on the old logging. The intention is that this script
eventually goes away.
The old style logging (stream based) looked like.
BMCWEB_LOG_DEBUG << "Foo " << foo;
The new equivalent of the above would be:
BMCWEB_LOG_DEBUG("Foo {}", foo);
In the course of doing this, this also cleans up several ignored linter
errors, including macro usage, and array to pointer deconstruction.
Note, This patchset does remove the timestamp from the log message. In
practice, this was duplicated between journald and bmcweb, and there's
no need for both to exist.
One design decision of note is the addition of logPtr. Because the
compiler can't disambiguate between const char* and const MyThing*, it's
necessary to add an explicit cast to void*. This is identical to how
fmt handled it.
Tested: compiled with logging meson_option enabled, and launched bmcweb
Saw the usual logging, similar to what was present before:
```
[Error include/webassets.hpp:60] Unable to find or open /usr/share/www/ static file hosting disabled
[Debug include/persistent_data.hpp:133] Restored Session Timeout: 1800
[Debug redfish-core/include/event_service_manager.hpp:671] Old eventService config not exist
[Info src/webserver_main.cpp:59] Starting webserver on port 18080
[Error redfish-core/include/event_service_manager.hpp:1301] inotify_add_watch failed for redfish log file.
[Info src/webserver_main.cpp:137] Start Hostname Monitor Service...
```
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I86a46aa2454be7fe80df608cb7e5573ca4029ec8
|
