cc67d0a0 | 01-Feb-2025 |
rohitpai <rohitpai77@gmail.com> |
Migration of OpenBMC Manager OEM schema
With the support of OEM route infrastructure each OEM implementation can be separated into an OEM route handler. The MR migrates OEM resource of manager resou
Migration of OpenBMC Manager OEM schema
With the support of OEM route infrastructure each OEM implementation can be separated into an OEM route handler. The MR migrates OEM resource of manager resource into new files and route handlers
Tested - All unit tests are passing - GET request on /redfish/v1/Managers/<bmcid> has OpenBMC OEM properties
Change-Id: I935524dcdad6a6cc38a5532b6e7e7ffa1cb0369f Signed-off-by: rohitpai <rohitpai77@gmail.com> Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
178c55a5 | 11-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Fix generate auth certificates script
pyCrypto has removed support for the PKCS12 certificates this script generates, so this script is broken as-is on any distro from the last year or two.
Rewrite
Fix generate auth certificates script
pyCrypto has removed support for the PKCS12 certificates this script generates, so this script is broken as-is on any distro from the last year or two.
Rewrite the script to target python-cryptography instead. While there, implement TODOs around code formatting, using EC keys, removing the dependency on the redfish library, using the service root to determine the correct manager instance to update, and cleaning up the redfish session after a crash.
Tested: running this script targeting redfish instance shows it runs to completion and test passes.
Change-Id: Ie1ee1a6f0a548258fe7b7d4c9678a9d55c8b71d1 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
c35475f9 | 17-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Fix tidy misc-include issue
Fix minor #include regression caused by ee993dc84b1e9917b545fdd7367f1127a358084a
Change-Id: Ieda0205a4a4faf877a4f2298e6935bc3aa506fde Signed-off-by: Ed Tanous <etanous@n
Fix tidy misc-include issue
Fix minor #include regression caused by ee993dc84b1e9917b545fdd7367f1127a358084a
Change-Id: Ieda0205a4a4faf877a4f2298e6935bc3aa506fde Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
ee993dc8 | 19-Nov-2024 |
Ed Tanous <etanous@nvidia.com> |
Use systemd logging levels
Systemd has an option[1] that allows it to interpret our log levels directly. This allows for journald to sort/filter/colorize our logs better than it was able to previou
Use systemd logging levels
Systemd has an option[1] that allows it to interpret our log levels directly. This allows for journald to sort/filter/colorize our logs better than it was able to previously. Its indexes don't map perfectly to bmcwebs, so come up with a constexpr lookup table to map the two values across.
Tested: Enabled logging, and dumped journal logs. Observed colorized output.
[1] https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#SyslogLevelPrefix=
Change-Id: I7722ae86e114daec88709b68405498eeb8164c07 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
27f5ecf7 | 09-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Make code compile with latest clang
The latest clang and boost include a number of warnings that need to be explicitly handled to get code to compile. Namely: -Wno-c++26-extensions given we use some
Make code compile with latest clang
The latest clang and boost include a number of warnings that need to be explicitly handled to get code to compile. Namely: -Wno-c++26-extensions given we use some parts of c++26 -Wno-c++23-extensions out of consistency (warning isn't yet needed). -Wno-missing-include-dirs, because without it nghttp2 fails to find a missing include dir (used for windows vs linux handling) which is expected.
Change-Id: I28eda6662c95c331fffc4e3bb9c415b7947520b9 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
ebe4c574 | 08-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Implement http2 TODO
To support HTTP2 simultaneously on http and https connections, the HTTP connection classes formerly took the socket as a template option, allowing passing ssl::stream<tcp::socke
Implement http2 TODO
To support HTTP2 simultaneously on http and https connections, the HTTP connection classes formerly took the socket as a template option, allowing passing ssl::stream<tcp::socket> or simply tcp socket. With the addition of the multiple-sockets option, this would cause two copies of the template to be instantiated, increasing both compile times and binary size.
This commit applies the same logic to http2connection as was applied to HTTPConnection, adding an http type parameter to the constructor, which allows switching between adapter and adapter.next_level() on each read or write operation. In compiled code, this means that the connection classes are only specialized once.
Tested: When configured for one of each http and https socket and http2 curl --http2 http://<ip>/redfish/v1 succeeds curl --http2 https://<ip>/redfish/v1 succeeds
Change-Id: I8f33796edd5874d5b93d10a3f253cfadd4f6d7a4 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
bb1c7d30 | 09-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Break out dbus utilities into compile unit
ClangBuildAnalyzer shows that each of these dbus calls is relatively expensive to compile, so put them in their own compile unit so they can be compiled se
Break out dbus utilities into compile unit
ClangBuildAnalyzer shows that each of these dbus calls is relatively expensive to compile, so put them in their own compile unit so they can be compiled separately.
Tested: Redfish service validator passes
Change-Id: Ia383611182d8bc93c125248c4196898cb51fd807 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
9a560319 | 17-Apr-2024 |
Ed Tanous <ed@tanous.net> |
Remove nlohmann::json::object helpers
readJsonHelper existed back before the distinction between nlohmann::json and nlohmann::json::object_t was understood. This commit cleans up our sub-value pars
Remove nlohmann::json::object helpers
readJsonHelper existed back before the distinction between nlohmann::json and nlohmann::json::object_t was understood. This commit cleans up our sub-value parsing by removing readJsonHelper that accepts a nlohmann::json overload, and always accepting via an object_t overload. Functionally, these two are identical, given that readJsonHelper only did a type check that was redundant.
Tested: Unit tests pass. Good coverage of these methods.
Change-Id: I734d956dd4bc2ddb14f6e3c735e15adf1f7e00a0 Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
57d0f5c1 | 10-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Fix websocket test script
Unclear when or why this changed in python, but doesn't really matter. Fix the script.
Tested: Script now succeeds with rest option enabled.
Change-Id: I3e548aad03c6150f4
Fix websocket test script
Unclear when or why this changed in python, but doesn't really matter. Fix the script.
Tested: Script now succeeds with rest option enabled.
Change-Id: I3e548aad03c6150f404d5fddc742f8baa5274a83 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
beb96b0b | 09-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Break out websockets
When running clang build analyzer it shows that one of the largest templates in the Redfish compile unit (which is also the slowest compile unit) is actually the beast websocket
Break out websockets
When running clang build analyzer it shows that one of the largest templates in the Redfish compile unit (which is also the slowest compile unit) is actually the beast websocket instantiations, taking about 6 seconds to compile on their own.
Luckily, the websocket layer is already split into Websocket and WebsocketImpl classes that we inherited from crow. Unfortunately, crow puts these two classes into the same file. So.
1. Move the WebSocketImpl class into its own header. 2. Move the websocket() upgrade routes in the websocket routing rule into their own compile unit to take advantage of only needing WebsocketImpl in this compile unit.
Tested: Drops build time by several seconds depending on what other level of optimizations are present (1:15 -> 1:00)
[1] https://github.com/aras-p/ClangBuildAnalyzer
Change-Id: Ia0445eae4a793bb4ccb28136f30d2a05662c529c Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
d98a2f93 | 06-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Remove getIoContext from Request object
At one point it was thought that we could pass the io_context object through the request object, and have the potential to run multiple io_context instances (
Remove getIoContext from Request object
At one point it was thought that we could pass the io_context object through the request object, and have the potential to run multiple io_context instances (one per connection).
Given the safety refactoring we had to do in 9838eb20341568971b9543c2187372d20daf64aa that idea is on ice for the moment, and would need a major rethink of code to be viable. For the moment, and in prep for https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75668
make sure all calls are pulling from the same io object.
Tested: Unit tests pass. Redfish service validator passes.
Change-Id: I877752005c4ce94efbc13ce815f3cd0d99cc3d51 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
bb456a6d | 15-Mar-2024 |
Ed Tanous <etanous@nvidia.com> |
Remove the last memcpy
This is the last memcpy in bmcweb. Remove it in leui of std::bit_cast
Tested: Need help.
Change-Id: Ibd6fbc1a8fa9e80cd7e7edf356f8a45448c16189 Signed-off-by: Ed Tanous <etan
Remove the last memcpy
This is the last memcpy in bmcweb. Remove it in leui of std::bit_cast
Tested: Need help.
Change-Id: Ibd6fbc1a8fa9e80cd7e7edf356f8a45448c16189 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
46f780f7 | 09-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Move chassis and trigger to dbus utility
Using the utility classes reduces compile times and reduces the number of template specializations that get generated. These are the last two left in the co
Move chassis and trigger to dbus utility
Using the utility classes reduces compile times and reduces the number of template specializations that get generated. These are the last two left in the codebase for getProperty, so fix them.
Tested: On Last commit.
Change-Id: I0ca8411b74b58dbeb42587b88cfd66c0e674b8c8 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
9e2d2033 | 02-Feb-2025 |
rohitpai <rohitpai77@gmail.com> |
Update common error doc
Update common error doc related to D-Bus utility functions usage and usage of redfish schema generated enumerations in implementation
Change-Id: I7284bc28af73dc0036c7a24fb6b
Update common error doc
Update common error doc related to D-Bus utility functions usage and usage of redfish schema generated enumerations in implementation
Change-Id: I7284bc28af73dc0036c7a24fb6bddb4441892122 Signed-off-by: rohitpai <rohitpai77@gmail.com>
show more ...
|
796ba93b | 01-Aug-2020 |
Ed Tanous <ed@tanous.net> |
Enable HTTP additional sockets
This commit attempts to add the concept of an SSL detector from beast, and add the capability into bmcweb. This allows directing multiple socket files to the bmcweb i
Enable HTTP additional sockets
This commit attempts to add the concept of an SSL detector from beast, and add the capability into bmcweb. This allows directing multiple socket files to the bmcweb instance, and bmcweb will automatically sort out whether or not they're SSL, and give the correct response. This allows users to plug in erroneous urls like "https://mybmc:80" and they will forward and work correctly.
Some key design points: The HTTP side of bmcweb implements the exact same http headers as the HTTPS side, with the exception of HSTS, which is explicitly disallowed. This is for consistency and security.
The above allows bmcweb builds to "select" the appropriate security posture (http, https, or both) for a given channel using the FileDescriptorName field within a socket file. Items ending in: both: Will support both HTTPS and HTTP redirect to HTTPS https: Will support HTTPS only http: will support HTTP only
Given the flexibility in bind statements, this allows administrators to support essentially any security posture they like. The openbmc defaults are: HTTPS + Redirect on both ports 443 and port 80 if http-redirect is enabled
And HTTPS only if http-redirect is disabled.
This commit adds the following meson options that each take an array of strings, indexex on the port. additional-ports Adds additional ports that bmcweb should listen to. This is always required when adding new ports.
additional-protocol Specifies 'http', 'https', or 'both' for whether or not tls is enfoced on this socket. 'both' allows bmcweb to detect whether a user has specified tls or not on a given connection and give the correct response.
additional-bind-to-device Accepts values that fill the SO_BINDTODEVICE flag in systemd/linux, and allows binding to a specific device
additional-auth Accepts values of 'auth' or 'noauth' that determines whether this socket should apply the normal authentication routines, or treat the socket as unauthenticated.
Tested: Previous commits ran the below tests. Ran the server with options enabled. Tried: ``` curl -vvvv --insecure --user root:0penBmc http://192.168.7.2/redfish/v1/Managers/bmc * Trying 192.168.7.2:80... * Connected to 192.168.7.2 (192.168.7.2) port 80 (#0) * Server auth using Basic with user 'root' > GET /redfish/v1/Managers/bmc HTTP/1.1 > Host: 192.168.7.2 > Authorization: Basic cm9vdDowcGVuQm1j > User-Agent: curl/7.72.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Location: https://192.168.7.2 < X-Frame-Options: DENY < Pragma: no-cache < Cache-Control: no-Store,no-Cache < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss: < Date: Fri, 08 Jan 2021 01:43:49 GMT < Connection: close < Content-Length: 0 < * Closing connection 0 ```
Observe above: webserver returned 301 redirect. webserver returned the appropriate security headers webserver immediately closed the connection.
The same test above over https:// returns the values as expected
Loaded the webui to test static file hosting. Webui logs in and works as expected.
Used the scripts/websocket_test.py to verify that websockets work. Sensors report as expected.
Change-Id: Ib5733bbe5473fed6e0e27c56cdead0bffedf2993 Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
cd7dbb30 | 01-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Support h2c upgrade
h2c upgrade is a mechanism for supporting http/2 on connections that might not support alpn [1]. This is done by the client specifying Connection: upgrade Upgrade: h2c
This loo
Support h2c upgrade
h2c upgrade is a mechanism for supporting http/2 on connections that might not support alpn [1]. This is done by the client specifying Connection: upgrade Upgrade: h2c
This looks very similar to a websocket upgrade, which h2c replacing websocket. Because of this, the existing upgrade code needs some upgrades to avoid parsing twice.
Tested: ``` curl -u root:0penBmc --http2 -k http://192.168.7.2:443/redfish/v1/SessionService/Sessions ```
Succeeds and verbose logging shows that http upgrade succeeded
websocket_test.py in the scripts directory connects and reports events
[1] https://datatracker.ietf.org/doc/html/rfc7540#section-11.8
Change-Id: I8f76e355f99f21337d310ef2f345e6aaa253b48b Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
b5edf03c | 09-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Sort compiler args
For all of our -Wno-* compiler args, sort them alphabetically.
Tested: Code compiles.
Change-Id: I119a8107aa5629fdc4b8c0d535a04a4c58be96ce Signed-off-by: Ed Tanous <etanous@nvid
Sort compiler args
For all of our -Wno-* compiler args, sort them alphabetically.
Tested: Code compiles.
Change-Id: I119a8107aa5629fdc4b8c0d535a04a4c58be96ce Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
3d21c59f | 08-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Update boost to 1.87
Subproject seems to build. No need to hold this back.
Change-Id: I415c736af512d951278a252329028870c051bbbf Signed-off-by: Ed Tanous <etanous@nvidia.com> |
f2cd7665 | 08-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Add missing pragma once
This was found when running gcc -ftime-report, which at the end flags this as possibly missing include header.
This appears to have been missed in f51d863523b7bfec5c45b0a847
Add missing pragma once
This was found when running gcc -ftime-report, which at the end flags this as possibly missing include header.
This appears to have been missed in f51d863523b7bfec5c45b0a847178b5d853404d9 where this was initially added. Add it.
Tested: code compiles
Change-Id: I31e0ea55c080c239edcd366627ce0829ef9ac41b Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
80d2ef31 | 04-Feb-2025 |
Ed Tanous <etanous@nvidia.com> |
Implement urlsafe base64 decode
base64 decoding comes in two flavors, "normal" which we already implement, and "url safe" which modifies the alphabet to create base64 encodings that are safe to use
Implement urlsafe base64 decode
base64 decoding comes in two flavors, "normal" which we already implement, and "url safe" which modifies the alphabet to create base64 encodings that are safe to use in filenames and urls. Functionally this just involves swapping two characters with underscore and minus in the encode/decode table. To avoid duplicating a lot of code, this commit refactors the base64 tables to be generated at compile time.
Tested: Included unit tests pass. No usage until next commit.
Change-Id: I71724fd2e04000f115c22a40d382d411986d7b39 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
4a19a7b5 | 27-Jan-2025 |
Ed Tanous <etanous@nvidia.com> |
Deduplicate event ids
Redfish specification states: ``` The value of the id field shall be the same as the Id property in the event payload. The value of the Id property in the event payload should
Deduplicate event ids
Redfish specification states: ``` The value of the id field shall be the same as the Id property in the event payload. The value of the Id property in the event payload should be the same as the EventId property of the last event record in the Events array. The value of the EventId property for an event record should be a positive integer value and should be generated in a sequential manner. ```
The event service code did not implement that correctly. So: 1. Add ID fields for all events. 2. Remove the per-sse connection id field and rely solely on EventServiceManager. 3. Make sure all paths, (including metric report) are generating an event id that's based on the eventservice event id
Tested: Redfish event listener now sees events populated. LastEventId when sent to the SSE socket now sees a contiguous id.
``` uri=$(curl -s --user "root:0penBmc" -k "https://192.168.7.2/redfish/v1/EventService" | jq -r .ServerSentEventUri) curl -u root:0penBmc -vvv -k -N -H "Accept: text/event-stream" -H "Last-Event-Id: 0" "https://192.168.7.2$uri" ```
Change-Id: Ic32e036f40a53a9b2715639ae384d7891c768260 Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
8b078385 | 31-Jan-2025 |
rohitpai <rohitpai77@gmail.com> |
Fix Message arg error in JSON Patch
When array/vector object is expected in JSON patch the error info does not contain the actual wrong property instead shows "null". Fix is to correct the value in
Fix Message arg error in JSON Patch
When array/vector object is expected in JSON patch the error info does not contain the actual wrong property instead shows "null". Fix is to correct the value in the error info.
Tested - add new test case to verify this - unit tests are passing.
Change-Id: Ica26ac9e501b5a34a5b118769cc1917eeab30524 Signed-off-by: rohitpai <rohitpai77@gmail.com>
show more ...
|
504af5a0 | 03-Feb-2025 |
Patrick Williams <patrick@stwcx.xyz> |
clang-format: update latest spec and reformat
Copy the latest format file from the docs repository and apply.
Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1 Signed-off-by: Patrick Williams <p
clang-format: update latest spec and reformat
Copy the latest format file from the docs repository and apply.
Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1 Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
show more ...
|
92e11bf8 | 31-Jan-2025 |
Myung Bae <myungbae@us.ibm.com> |
Use specific misc-include-cleaner statement
There are a few places that which clang-tidy seems reporting false-positives and which can be suppressed either via using `modernize-deprecated-headers`
Use specific misc-include-cleaner statement
There are a few places that which clang-tidy seems reporting false-positives and which can be suppressed either via using `modernize-deprecated-headers` or more targeted inline `misc-include-cleaner` statement.
Tested: Compiles
Change-Id: Ib609adbe8619f4b9a84e08388eea1e7cee58aa54 Signed-off-by: Myung Bae <myungbae@us.ibm.com>
show more ...
|
1e4bc6ff | 03-Feb-2025 |
Patrick Williams <patrick@stwcx.xyz> |
meson: reformat with meson formatter
Apply the `meson format` results.
Change-Id: I76fbfada6f32c42209409e46aaa02b03b106416b Signed-off-by: Patrick Williams <patrick@stwcx.xyz> |