Clean up meson summary

Make the meson summary better by:
Adding new sections for each value type (this implicitly sorts each
section, making the pattern more clear)
Remove the generated messon messa

Clean up meson summary

Make the meson summary better by:
Adding new sections for each value type (this implicitly sorts each
section, making the pattern more clear)
Remove the generated messon message, where we print the values of
ifdefs.
Enable bool_yn for feature options, which allows us to pass the feature
in directly, and print and colorize yes/no answers

Tested: meson setup builddir

Results in no messages printed for the ifdefs, and colorized output,
with yes/no answers, summarized below.

Feature Options
basic-auth : YES

String Options
dns-resolver : systemd-dbus

Numeric Options
http-body-limit : 30

Change-Id: I13f003846edaa355090c14113b61aacb05cbeb9a
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add support for systemd service watchdog

Systemd has support for enabling service level watchdog. The MR enables
this support for bmcweb daemon. Request for watchdog monitor from
systemd is added in

Add support for systemd service watchdog

Systemd has support for enabling service level watchdog. The MR enables
this support for bmcweb daemon. Request for watchdog monitor from
systemd is added in bmcweb.service.in. From the event loop a timer is
registered to kick the watchdog periodically

The default watchdog timeout is set at 120 seconds and the timer is set
to kick it at a quarter of the interval (every 30 seconds).
This timeout is set somewhat arbitrarily based on the longest blocking
call that could occur and still give a valid HTTP response. Suspect
lower values could work equally as well.

Benefits of Service Watchdog
- Bmcweb route handlers should not make any blocking IO calls which
block the event loop for considerable amount of time and slowdown the
response of other URI requests in the queue. Watchdog can help to detect
such issues.
- Watchdog can help restart the service if any route handler code has
uncaught bugs resulting from system API errors (this is in theory,
currently we don't have any use case).

Tested
1. UT is passing
2. Service validator is passing
3. Fw upgrade POST requests are working

Change-Id: If62397d8836c942fdcbc0618810fe82a8b248df8
Signed-off-by: rohitpai <ropai@nvidia.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Sort the config list

Keep the list sorted.

Change-Id: I208ee3b388dc48b52c15d7ff6534e1f0af300bbf
Signed-off-by: Ed Tanous <etanous@nvidia.com>

Enable port 18080

The commit [1] altered how sockets are created and inadvertently removed
the default port 18080. We use this port extensively in development.
The bmcweb documentation describes the

Enable port 18080

The commit [1] altered how sockets are created and inadvertently removed
the default port 18080. We use this port extensively in development.
The bmcweb documentation describes the port 18080 for this use. [2]
Adding back the default port 18080.

The commit [1] added meson build options for adding additional ports.
In attempting to enable port 18080 using that mechanism I ran into
various build errors when additional-ports has a value. I've corrected
the config/meson.build file to address those errors. These changes are
not necessary to re-enable port 18080 but worth fixing anyway.

Note: Meson defines arrays as containing strings so there is no
to_string() method for the array member. [3]
```
../../../../../../workspace/sources/bmcweb/config/meson.build:137:39: ERROR: Unknown method "to_string" in object <[StringHolder] holds [str]: '18080'> of type StringHolder.
```

Tested:
- Started bmcweb from /tmp and was able to connect through port 18080.
Log shows:
```
[DEBUG app.hpp:111] Got 0 sockets to open
[INFO app.hpp:150] Starting webserver on port 18080
```

[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/35265
[2] https://github.com/openbmc/bmcweb/blob/cc67d0a0fed101c930b334a583d9ca9b222ceb77/TESTING.md?plain=1#L57
[3] https://mesonbuild.com/Build-options.html#arrays

Change-Id: Ia1b326bedca808e43e73ce2b241178bc4bfab23c
Signed-off-by: Janet Adkins <janeta@us.ibm.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Enable HTTP additional sockets

This commit attempts to add the concept of an SSL detector from beast,
and add the capability into bmcweb. This allows directing multiple
socket files to the bmcweb i

Enable HTTP additional sockets

This commit attempts to add the concept of an SSL detector from beast,
and add the capability into bmcweb. This allows directing multiple
socket files to the bmcweb instance, and bmcweb will automatically sort
out whether or not they're SSL, and give the correct response. This
allows users to plug in erroneous urls like "https://mybmc:80" and they
will forward and work correctly.

Some key design points:
The HTTP side of bmcweb implements the exact same http headers as the
HTTPS side, with the exception of HSTS, which is explicitly disallowed.
This is for consistency and security.

The above allows bmcweb builds to "select" the appropriate security
posture (http, https, or both) for a given channel using the
FileDescriptorName field within a socket file. Items ending in:
both: Will support both HTTPS and HTTP redirect to HTTPS
https: Will support HTTPS only
http: will support HTTP only

Given the flexibility in bind statements, this allows administrators to
support essentially any security posture they like. The openbmc
defaults are:
HTTPS + Redirect on both ports 443 and port 80 if http-redirect is
enabled

And HTTPS only if http-redirect is disabled.

This commit adds the following meson options that each take an array of
strings, indexex on the port.
additional-ports
Adds additional ports that bmcweb should listen to. This is always
required when adding new ports.

additional-protocol
Specifies 'http', 'https', or 'both' for whether or not tls is enfoced
on this socket. 'both' allows bmcweb to detect whether a user has
specified tls or not on a given connection and give the correct
response.

additional-bind-to-device
Accepts values that fill the SO_BINDTODEVICE flag in systemd/linux,
and allows binding to a specific device

additional-auth
Accepts values of 'auth' or 'noauth' that determines whether this
socket should apply the normal authentication routines, or treat the
socket as unauthenticated.

Tested:
Previous commits ran the below tests.
Ran the server with options enabled. Tried:
```
curl -vvvv --insecure --user root:0penBmc http://192.168.7.2/redfish/v1/Managers/bmc
* Trying 192.168.7.2:80...
* Connected to 192.168.7.2 (192.168.7.2) port 80 (#0)
* Server auth using Basic with user 'root'
> GET /redfish/v1/Managers/bmc HTTP/1.1
> Host: 192.168.7.2
> Authorization: Basic cm9vdDowcGVuQm1j
> User-Agent: curl/7.72.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.7.2
< X-Frame-Options: DENY
< Pragma: no-cache
< Cache-Control: no-Store,no-Cache
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
< Date: Fri, 08 Jan 2021 01:43:49 GMT
< Connection: close
< Content-Length: 0
<
* Closing connection 0
```

Observe above:
webserver returned 301 redirect.
webserver returned the appropriate security headers
webserver immediately closed the connection.

The same test above over https:// returns the values as expected

Loaded the webui to test static file hosting. Webui logs in and works
as expected.

Used the scripts/websocket_test.py to verify that websockets work.
Sensors report as expected.

Change-Id: Ib5733bbe5473fed6e0e27c56cdead0bffedf2993
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Put simple update behind an option

4e338b2313f9f2a91aa1fb36693e36a328d58933 Removed tftp update support
from the codebase, but left SimpleUpdate in a non functional state.

Given that a number of fo

Put simple update behind an option

4e338b2313f9f2a91aa1fb36693e36a328d58933 Removed tftp update support
from the codebase, but left SimpleUpdate in a non functional state.

Given that a number of forks have implemented the HTTPS/SCP versions of
simple update, we don't want to fully delete the code at this time, so
for the moment put it behind an option flag.

Tested: WIP

Change-Id: Ibab1e3a48ff640787eabf8ed5f7a5c08e3381307
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Make message registries use 2 digit versions

Redfish specification, section 9.5.11.2 says:

The MessageId property value shall be in the format:
<MessageRegistryPrefix>.<MajorVersion>.<MinorVersion>

Make message registries use 2 digit versions

Redfish specification, section 9.5.11.2 says:

The MessageId property value shall be in the format:
<MessageRegistryPrefix>.<MajorVersion>.<MinorVersion>.<MessageKey>

bmcweb in certain places has incorrectly used the 3 digit version
instead of the 2 digit version. This commit fixes that by modifying the
parse_registries script to generate 3 separate struct entries to
represent the registry version, and parse them where appropriate.

MessageRegistryFileCollection uses the 3 digit version. No behavior
changes.
Message/event log entries use the 2 digit version. This will cause a
MessageId change from:
Base.1.19.0.InternalError
to
Base.1.19.InternalError

This is a breaking change, so a new option to allow the old behavior is
provided.

Tested: Redfish Service validator passes.
Heartbeat events on EventService show 2 digit versions.

Change-Id: I4165e994f73e200f13bed8ea76cb58bee2b69faa
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

event service: dbus log: enable event subscription

enable the event subscriptions

/redfish/v1/EventService/Subscriptions/

to work for the dbus event log.

So if you are enabling redfish-dbus-log o

event service: dbus log: enable event subscription

enable the event subscriptions

/redfish/v1/EventService/Subscriptions/

to work for the dbus event log.

So if you are enabling redfish-dbus-log option,
event subscriptions should work similar to when
this option is disabled, with one difference:

- 'MessageArgs' property is currently not implemented and cannot be
found in the returned json.

Tested:
- Using Redfish Event Listener, test subscriptions and eventing.
- Manual Test below with the Redfish Event Listener:

1. Created a maximal Event Log Subscription

redfish
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/2023893979",
"@odata.type": "#EventDestination.v1_8_0.EventDestination",
"Context": "EventLogSubscription",
"DeliveryRetryPolicy": "TerminateAfterRetries",
"Destination": "http://${ip}:5000/event-receiver",
"EventFormatType": "Event",
"HttpHeaders": [],
"Id": "2023893979",
"MessageIds": [],
"MetricReportDefinitions": [],
"Name": "Event Destination 2023893979",
"Protocol": "Redfish",
"RegistryPrefixes": [],
"ResourceTypes": [],
"SubscriptionType": "RedfishEvent",
"VerifyCertificate": true
}

which matches on all registries and all message ids.

2. created a new phosphor-logging entry

busctl call xyz.openbmc_project.Logging \
/xyz/openbmc_project/logging \
xyz.openbmc_project.Logging.Create \
Create 'ssa{ss}' \
OpenBMC.0.1.PowerButtonPressed \
xyz.openbmc_project.Logging.Entry.Level.Error 0

3. bmcweb picks up this new entry via the dbus match, this can be
verified by putting bmcweb in debug logging mode.

4. the event log entry makes it through the filtering code

5. the POST request is sent to the subscribed server as expected,
and contains the same properties as with the file-based backend.

Change-Id: I122e1121389f72e67a998706aeadd052ae607d60
Signed-off-by: Alexander Hansen <alexander.hansen@9elements.com>

show more ...

Reformat meson files with meson format

Meson recently got a new format command in 1.5.0 [1]. It makes slightly
different formatting decisions compared to muon (what we used
previously) but given it

Reformat meson files with meson format

Meson recently got a new format command in 1.5.0 [1]. It makes slightly
different formatting decisions compared to muon (what we used
previously) but given it's the official tool, we should switch to it.

There is one bug resolved recently that requires this format be done
using the meson from master.

Ideally this would be enforced by CI in the future, but that's WIP.

Tested: Whitespace only, code compiles.

[1] https://mesonbuild.com/Commands.html#format
[2] https://github.com/mesonbuild/meson/commit/df706807239095ddbbfd2975b3fe067ad6b5d535

Change-Id: I91506efb659c431e913c717d8a26aa349fccbd75
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add a Hypervisor Computer System Option

Today to determine if the hypervisor computer system resource should be
added to the System Collection a call to the Settings Manager is made.

Based on discu

Add a Hypervisor Computer System Option

Today to determine if the hypervisor computer system resource should be
added to the System Collection a call to the Settings Manager is made.

Based on discussion in
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/73203 and to help the
multihost stuff move forward, lets move this hypervisor under a meson
option which any company that needs can enable. I think IBM is the only
one who uses this so the risk of breaking someone should be small.

One day hope to converge at some point, this probably doesn't happen
until after the multihost stuff goes in.

This is also better for implementations that don't have this backend
because now routes like
/redfish/v1/Systems/hypervisor/EthernetInterfaces/ aren't put out. I.e.
a call to /redfish/v1/Systems/hypervisor/EthernetInterfaces/ is now
going to return 404 instead of 500 on systems without this backend
support.

Tested: Enabled this and see the hypervisor system. Without this enabled
do not see the hypervisor system. No new validator errors either way.

Change-Id: Ie05e6644dd6f640cf8225f96becb99b9c2d0de20
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

update service: remove tftp simple update flow

Remove the flow for tftp simple update as this is an insecure method and
there is no active user for this.

Redfish service validator passing:
```
Elap

update service: remove tftp simple update flow

Remove the flow for tftp simple update as this is an insecure method and
there is no active user for this.

Redfish service validator passing:
```
Elapsed time: 0:04:33
metadataNamespaces: 3727
pass: 5184
passAction: 16
passGet: 213
passRedfishUri: 205
skipNoSchema: 3
skipOptional: 3535
unvalidated: 1
warnDeprecated: 5
warningPresent: 6
```

Change-Id: I466dcb09be4ee806451abe91ab86d8b3b001a333
Signed-off-by: Jagpal Singh Gill <paligill@gmail.com>

show more ...

Mutual TLS parsing change at runtime

Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user. These are intended to be a
patch parameter.

Th

Mutual TLS parsing change at runtime

Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user. These are intended to be a
patch parameter.

This commit implements the Redfish defined schemas; The parsing mode is
stored in the bmcweb persistent configuration file as an integer enum,
with Mapping to the Redfish schema.

To handle OEM specific parsing modes, an enum value of 100+ is defined
to allow the additional OEM parameters. Unfortunately, Redfish doesn't
have a way to represent these today, so those modes are currently not
selectable at runtime.

Now that things are runtime selectable, this obsoletes the option
mutual-tls-common-name-parsing, as it is not longer required at compile
time.

Tested:
GET /redfish/v1/AccountService

returns MultiFactorAuth/ClientCertificate/CertificateMappingAttribute

PATCH /redfish/v1/AccountService
```
{"MultiFactorAuth": {"ClientCertificate": {"CertificateMappingAttribute":"CommonName"}}}
```

Returns 200

[1] https://github.com/DMTF/Redfish-Publications/blob/5b217908b5378b24e4f390c063427d7a707cd308/csdl/AccountService_v1.xml#L1631

Change-Id: I67db0dfa5245a9da973320aab666d12dbd9229e4
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Allow configuring "bmc" and "system"

In the early days of bmcweb, we made two pretty critical assumptions;
First, is that a given platform would only have a single BMC instance
(represented as "bmc"

Allow configuring "bmc" and "system"

In the early days of bmcweb, we made two pretty critical assumptions;
First, is that a given platform would only have a single BMC instance
(represented as "bmc") and a single host instance (represented as
"system").
Second we assumed that, given that Redfish suggests against hardcoding
URIs in client implementation and leaves them freeform, clients would
code to the standard.

Our own webui-vue hardcodes Redfish URIs [1], and the documentation is
littered with examples of hardcoded curl examples of hardcoding these
URIs. That bug was filed in 2020, and the issue has only gotten worse
over time.

This patchset is an attempt to give a target that we can start solving
these issues, without trying to boil the ocean and fix all clients in
parallel.

This commit adds the meson options
redfish-manager-uri-name
and
redfish-system-uri-name

These are used to control the "name" that bmcweb places in the fixed
locations in the ManagerCollection and ComputerSystemCollection schemas.

Note, managers is added, but is not currently testable. It will be
iterated on over time.

Tested:
Changed the URL options to "edsbmc" and "edssystem" in meson options.

Redfish service validator passes.
URLs appear changed when walking the tree.

[1] https://github.com/openbmc/webui-vue/issues/43

Change-Id: I4b44685067051512bd065da8c2e3db68ae5ce23a
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove options from configure file

Ideally, we should only have to declare meson options in one place, in
the meson_options.txt, and have all files generate from that list. This
patchset gets us on

Remove options from configure file

Ideally, we should only have to declare meson options in one place, in
the meson_options.txt, and have all files generate from that list. This
patchset gets us one step closer, where we have to list options in 2
places, whereas previously it was 3.

Tested:

Code compiles. Manual inspection of generated bmcweb_config.h shows
only minor differences in generated file.

Change-Id: I4a4f863c95463e3cdf8b629de5a0a73f74cf001e
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

updateservice: add start-update meson option

Add the meson option for the start-update D-Bus interface feature to be
used in UpdateService. More more details refer to -
https://gerrit.openbmc.org/c/

updateservice: add start-update meson option

Add the meson option for the start-update D-Bus interface feature to be
used in UpdateService. More more details refer to -
https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/65738
https://gerrit.openbmc.org/c/openbmc/docs/+/65739

Tested: Build passes.

Change-Id: I594ddc0d2df6c032823eaeba9429cf50047d5dcd
Signed-off-by: Jagpal Singh Gill <paligill@gmail.com>

show more ...

Bring consistency to config options

The configuration options that exist in bmcweb are an amalgimation of
CROW options, CMAKE options using #define, pre-bmcweb ifdef mechanisms
and meson options usi

Bring consistency to config options

The configuration options that exist in bmcweb are an amalgimation of
CROW options, CMAKE options using #define, pre-bmcweb ifdef mechanisms
and meson options using a config file. This history has led to a lot of
different ways to configure code in the codebase itself, which has led
to problems, and issues in consistency.

ifdef options do no compile time checking of code not within the branch.
This is good when you have optional dependencies, but not great when
you're trying to ensure both options compile.

This commit moves all internal configuration options to:
1. A namespace called bmcweb
2. A naming scheme matching the meson option. hyphens are replaced with
underscores, and the option is uppercased. This consistent transform
allows matching up option keys with their code counterparts, without
naming changes.
3. All options are bool true = enabled, and any options with _ENABLED or
_DISABLED postfixes have those postfixes removed. (note, there are
still some options with disable in the name, those are left as-is)
4. All options are now constexpr booleans, without an explicit compare.

To accomplish this, unfortunately an option list in config/meson.build
is required, given that meson doesn't provide a way to dump all options,
as is a manual entry in bmcweb_config.h.in, in addition to the
meson_options. This obsoletes the map in the main meson.build, which
helps some of the complexity.

Now that we've done this, we have some rules that will be documented.
1. Runtime behavior changes should be added as a constexpr bool to
bmcweb_config.h
2. Options that require optionally pulling in a dependency shall use an
ifdef, defined in the primary meson.build. (note, there are no
options that currently meet this class, but it's included for
completeness.)

Note, that this consolidation means that at configure time, all options
are printed. This is a good thing and allows direct comparison of
configs in log files.

Tested: Code compiles
Server boots, and shows options configured in the default build. (HTTPS,
log level, etc)

Change-Id: I94e79a56bcdc01755036e4e7278c7e69e25809ce
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Consolidate Vm implementations

As much as the two vm implementations SEEM different, the differences
largely lie in how we're getting the nbd proxy socket. One is relying
on launching a process (nb

Consolidate Vm implementations

As much as the two vm implementations SEEM different, the differences
largely lie in how we're getting the nbd proxy socket. One is relying
on launching a process (nbd-proxy), the other is getting the fd from
dbus. Given [1] exists and is in process, we need to have a plan for
getting these two VM implementations into one, once that patchset is
complete.

This commit: Splits the vm-websocket option into vm-websocket-provider,
providing two options, nbd-proxy, and virtual-media (the names of the
respective apps). To accomplish this, it moves the contents of
nbd-proxy into include/vm-websocket, so we can compare the similarities
and start consolidating.

The longer term intent is that the nbd-proxy option will be completely
removed, and the code deleted. This has the additional advantage that
we will no longer require the boost::process dependency, as all info
will be available on dbus.

As part of this, the nbd proxy websocket is also registered at /vm/0/0,
to be backward compatible with the old interfaces.

Tested: Code compiles. Need some help here.

[1] https://gerrit.openbmc.org/c/openbmc/jsnbd/+/49944

Change-Id: Iedbca169ea40d45a8775f843792b874a248bb594
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove XSS prevention code

This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a m

Remove XSS prevention code

This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a much better way, by proxying everything.

This commit is one piece in the solving a use after free bug. Removing
this allows us to no longer have to cache the origin header [1], which
is only used in this mode.

Tested: Code compiles.

[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70850

Change-Id: I01d67006e217c0c9fd2db7526c0ec34b0da068f3
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Clean up BMCWEB_ENABLE_SSL

This macro came originally from CROW_ENABLE_SSL, and was used as a macro
to optionally compile without openssl being required.

OpenSSL has been pulled into many other dep

Clean up BMCWEB_ENABLE_SSL

This macro came originally from CROW_ENABLE_SSL, and was used as a macro
to optionally compile without openssl being required.

OpenSSL has been pulled into many other dependencies, and has been
functionally required to be included for a long time, so there's no
reason to hold onto this macro.

Remove most uses of the macro, and for the couple functional places the
macro is used, transition to a constexpr if to enable the TLS paths.

This allows a large simplification of code in some places.

Tested: Redfish service validator passes.

Change-Id: Iebd46a68e5e417b6031479e24be3c21bef782f4c
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Reformat meson files

Meson has a style guide, we should follow it. This includes:
4 space indents on new scopes.
Trailing commas on the final entry in a list/array

Tested: Whitespace only. Code c

Reformat meson files

Meson has a style guide, we should follow it. This includes:
4 space indents on new scopes.
Trailing commas on the final entry in a list/array

Tested: Whitespace only. Code compiles.

Change-Id: Ib7f96a2bd722b55410818c766c0261f5d44cb84d
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove redfish-health-populate

The redfish-health-populate option was scheduled to be removed in 1Q
2024. It is now 2Q, so remove the option. No upstream layers enabled it
and did not find a downstr

Remove redfish-health-populate

The redfish-health-populate option was scheduled to be removed in 1Q
2024. It is now 2Q, so remove the option. No upstream layers enabled it
and did not find a downstream layer that did either.

This was always limited to a few resources. Overall this design was only
half done. A future "HealthRollup" can be proposed.

Some discord discussion:
[1]: https://discord.com/channels/775381525260664832/855566794994221117/1110728560819327069

Commit disabling this (merged 10 months ago):
[2]: https://github.com/openbmc/bmcweb/commit/6f8273e49cffdd347c223b9538558edfb05e818a

Tested: Code compiles

Change-Id: I4d33c1e674ecdb0fd256df62f3795073454ae7a1
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Remove redfish-enable-proccessor-memory-status

The redfish-enable-proccessor-memory-status option was scheduled to be
removed in 1Q 2024. It is now 2Q, so remove the option. No upstream
layers enabl

Remove redfish-enable-proccessor-memory-status

The redfish-enable-proccessor-memory-status option was scheduled to be
removed in 1Q 2024. It is now 2Q, so remove the option. No upstream
layers enabled it and I could not find a downstream layer that did
either.

Redfish deprecated the Processor/Memory Summary Status (state, health,
healthrollup) attributes.

Discussion on discord, when disabling:
[1]: https://discord.com/channels/775381525260664832/855566794994221117/1093939076710793296

Commit disabling this (merged 10 months ago):
[2]: https://github.com/openbmc/bmcweb/commit/5fd0aafb0f14fb3011970e8575647bb608688c7c

Tested: Code builds.

Change-Id: I539cd5f384633afa7badf1cecfc6c7a87062f672
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

mutual-tls: Add support for Meta certificates

Meta Inc's client certificates use an internal Subject CN format
which AFAIK is specific to Meta and don't adhere to a known standard:

Subject: CN =

mutual-tls: Add support for Meta certificates

Meta Inc's client certificates use an internal Subject CN format
which AFAIK is specific to Meta and don't adhere to a known standard:

Subject: CN = <type>:<entity>/<hostname>

Commit adds the `mutual-tls-common-name-parsing=meta` option to, on
Meta builds, parse the Subject CN field and map either the <entity>
to a local user.

The <type> field determines what kind of client identity the cert
represents. Only type="user" is supported for now with <entity> being
the unixname of a Meta employee. For example, the Subject CN string
below maps to a local BMC user named "kawmarco":

Subject CN = "user:kawmarco/dev123.facebook.com"

Tested: Unit tests, built and tested on romulus using the script below:
https://gist.github.com/kawmarco/87170a8250020023d913ed5f7ed5c01f

Flags used in meta-ibm/meta-romulus/conf/layer.conf :
```
-Dbmcweb-logging='enabled'
-Dmutual-tls-common-name-parsing='meta'
```

Change-Id: I35ee9b92d163ce56815a5bd9cce5296ba1a44eef
Signed-off-by: Marco Kawajiri <kawajiri@meta.com>

show more ...

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer retur

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer return true for auto features. Instead, the
expectation is to use `allowed()` which is true for both enabled and auto.

Switch all uses of `enabled` to `allowed`.

Change-Id: Ia40b13fdce7af88085cf23a4a87d9be939edd1e3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix logging

The recent change to logging has caused a couple of bugs. First, when
building within yocto, the complete path is now returned on log
messages. This is wasteful of speed, and not super

Fix logging

The recent change to logging has caused a couple of bugs. First, when
building within yocto, the complete path is now returned on log
messages. This is wasteful of speed, and not super helpful to
developers to have a full path. Per the discussion on the original
patchset, drop this down to just the filename.

2, because of it's use as a pseudo log level, "enabled" is in the list
of strings. This causes an index mismatch, which causes logs to be
logged at the wrong level beyond debug. Move the entry to the end to
fix this.

Third, move the logging of level to upper case, to follow the old
convention.

Tested:
Enabled meson option for logging, observed logs like:
```
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG query.hpp:121] setup redfish route
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:248] 0x561bc11a7a40 releasing ce
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:238] 0x561bc11a7a40 setting comr
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:223] 0x561bc11a7a40 calling comr
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG http_response.hpp:226] 0x561bc11a7a40 completion d
Jul 25 18:39:20 qemux86-64 bmcweb[209]: [DEBUG query_param.hpp:1019] Processing query params
```

Change-Id: I4ac506c623a17f81ae83545e59291d2729dc82cb
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...