Add support for systemd service watchdog

Systemd has support for enabling service level watchdog. The MR enables
this support for bmcweb daemon. Request for watchdog monitor from
systemd is added in

Add support for systemd service watchdog

Systemd has support for enabling service level watchdog. The MR enables
this support for bmcweb daemon. Request for watchdog monitor from
systemd is added in bmcweb.service.in. From the event loop a timer is
registered to kick the watchdog periodically

The default watchdog timeout is set at 120 seconds and the timer is set
to kick it at a quarter of the interval (every 30 seconds).
This timeout is set somewhat arbitrarily based on the longest blocking
call that could occur and still give a valid HTTP response. Suspect
lower values could work equally as well.

Benefits of Service Watchdog
- Bmcweb route handlers should not make any blocking IO calls which
block the event loop for considerable amount of time and slowdown the
response of other URI requests in the queue. Watchdog can help to detect
such issues.
- Watchdog can help restart the service if any route handler code has
uncaught bugs resulting from system API errors (this is in theory,
currently we don't have any use case).

Tested
1. UT is passing
2. Service validator is passing
3. Fw upgrade POST requests are working

Change-Id: If62397d8836c942fdcbc0618810fe82a8b248df8
Signed-off-by: rohitpai <ropai@nvidia.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Move io context to singleton

The way we pass around io contexts is somewhat odd. Boost maintainers
in slack recommended that we just have a method that returns an io
context, and from there we can

Move io context to singleton

The way we pass around io contexts is somewhat odd. Boost maintainers
in slack recommended that we just have a method that returns an io
context, and from there we can control this (context link lost years
ago).

The new version of clang claims the singleton pattern of passing in an
io_context pattern is a potential nullptr dereference. It's technically
correct, as calling the singleton without immediately initializing the
io context will lead to a crash.

This commit implements what the boost maintainers suggested, having a
single method that returns "the context" that should be used. This also
helps to maintain isolation, as some pieces are no longer tied directly
to dbus to get their reactor.

Tested: WIP

Change-Id: Ifaa11335ae00a3d092ecfdfb26a38380227e8576
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This pa

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.

[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects

Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

event service: dbus log: enable event subscription

enable the event subscriptions

/redfish/v1/EventService/Subscriptions/

to work for the dbus event log.

So if you are enabling redfish-dbus-log o

event service: dbus log: enable event subscription

enable the event subscriptions

/redfish/v1/EventService/Subscriptions/

to work for the dbus event log.

So if you are enabling redfish-dbus-log option,
event subscriptions should work similar to when
this option is disabled, with one difference:

- 'MessageArgs' property is currently not implemented and cannot be
found in the returned json.

Tested:
- Using Redfish Event Listener, test subscriptions and eventing.
- Manual Test below with the Redfish Event Listener:

1. Created a maximal Event Log Subscription

redfish
{
"@odata.id": "/redfish/v1/EventService/Subscriptions/2023893979",
"@odata.type": "#EventDestination.v1_8_0.EventDestination",
"Context": "EventLogSubscription",
"DeliveryRetryPolicy": "TerminateAfterRetries",
"Destination": "http://${ip}:5000/event-receiver",
"EventFormatType": "Event",
"HttpHeaders": [],
"Id": "2023893979",
"MessageIds": [],
"MetricReportDefinitions": [],
"Name": "Event Destination 2023893979",
"Protocol": "Redfish",
"RegistryPrefixes": [],
"ResourceTypes": [],
"SubscriptionType": "RedfishEvent",
"VerifyCertificate": true
}

which matches on all registries and all message ids.

2. created a new phosphor-logging entry

busctl call xyz.openbmc_project.Logging \
/xyz/openbmc_project/logging \
xyz.openbmc_project.Logging.Create \
Create 'ssa{ss}' \
OpenBMC.0.1.PowerButtonPressed \
xyz.openbmc_project.Logging.Entry.Level.Error 0

3. bmcweb picks up this new entry via the dbus match, this can be
verified by putting bmcweb in debug logging mode.

4. the event log entry makes it through the filtering code

5. the POST request is sent to the subscribed server as expected,
and contains the same properties as with the file-based backend.

Change-Id: I122e1121389f72e67a998706aeadd052ae607d60
Signed-off-by: Alexander Hansen <alexander.hansen@9elements.com>

show more ...

Break out Dbus events into class

EventServiceManager is already too large. Implement the TODO from run
that these should be classes, and fix the issue where events are being
registered on startup,

Break out Dbus events into class

EventServiceManager is already too large. Implement the TODO from run
that these should be classes, and fix the issue where events are being
registered on startup, not on a subscription being created.

To accomplish this, this patch takes global state and breaks them out
into RAII classes from EventServiceManager, one for monitoring DBus
matches, and one for monitoring filesystem log events using inotify.
Each of these connect to static methods on EventService that can send
the relevant events to the user.

Fundamentally, no code within the two new classes is changed, and the
only changes to event service are made to support creation and
destruction of the RAII classes.

There are a number of call sites, like cacheRedfishLogFile, that are
obsoleted when the class is raii. The file will be re-cached on
creation.

Tested: WIP
No TelemetryService tests exist in Redfish.

Change-Id: Ibc91cd1496edf4a080e2d60bfc1a32e00a6c74b8
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Break out filesystem watcher into separate file

EventServiceManager is very large. Break out two of the functions, and
the global variables into a separate compile unit.

Code is copied as-is, with

Break out filesystem watcher into separate file

EventServiceManager is very large. Break out two of the functions, and
the global variables into a separate compile unit.

Code is copied as-is, with no improvements made in this patch.

Tested: At end of series.

Change-Id: I89a3605885e5bafa86a6083f1ff8c5db3bb8daf9
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix includes

This commit is automatically generated by enabling clang-include-fixer.

Tested: Code compiles.

Change-Id: I475d7b9d43e95bbdeeaadf11905d3b2a60aa8ef3
Signed-off-by: Ed Tanous <etanous@n

Fix includes

This commit is automatically generated by enabling clang-include-fixer.

Tested: Code compiles.

Change-Id: I475d7b9d43e95bbdeeaadf11905d3b2a60aa8ef3
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Enable bmcweb dynamic logging

Create a CLI app called "bmcweb" that can set logging levels on
"bmcwebd", the new bmcweb daemon. Create a dbus connection to set log
level using the CLI app Define th

Enable bmcweb dynamic logging

Create a CLI app called "bmcweb" that can set logging levels on
"bmcwebd", the new bmcweb daemon. Create a dbus connection to set log
level using the CLI app Define the "setLogLevel" method on dbus to
control logging level in bmcwebd Add logic to move logging level from
build option to dynamic overloading

Reason: bmcweb picks up logging level as a compile flag. We want it to
be more flexible to debug errors in the field. Using the bmcweb CLI
app, we can set log levels on the bmcweb daemon during runtime.
Splitting bmcweb.

For example, to set logging level to INFO on the target:
bmcweb -l INFO

Change-Id: I7192e4d0ac7aa3a91babecc473521be27ea8acd1
Signed-off-by: Aushim Nagarkatti <anagarkatti@nvidia.com>

show more ...

Fix crash on subscriptions

When the subscription limit is hit, there is Subscription events
generated when Subscription objects are constructed. Unfortunately, we
make an accidental copy of the Sub

Fix crash on subscriptions

When the subscription limit is hit, there is Subscription events
generated when Subscription objects are constructed. Unfortunately, we
make an accidental copy of the Subscription object in
include/persistent_data.hpp

https://gerrit.openbmc.org/c/openbmc/bmcweb/+/72670

Is lined up to fix that issue, but we need to fix the underlying problem
where we have memory safety issues in global variables.

This commit is something to fix the issue, by simply destroying the
object causing the problem before more events can be received.

Tested:
Followed instructions on the aforementioned commit to create the max
number of subscriptions.
Called systemctl restart bmcweb

Observed no more crash on shutdown.

Change-Id: Ie52545f5cb8a044c186d0e9db47362e170b1fdb5
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix Redfish Event monitor issue in listener

Issue: Listener not receiving the events generated. SubmitTestEvent
directly writes a test event to the HttpClient and listener sees it.
But, in the case

Fix Redfish Event monitor issue in listener

Issue: Listener not receiving the events generated. SubmitTestEvent
directly writes a test event to the HttpClient and listener sees it.
But, in the case of services generated events, redfish event logs are
written to /var/log/redfish. iNotify is used to determine if any new
Redfish event log is generated.

Below patch causing this issue not to notify the redfish event log to
listener.
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70915

Fix: Code changes made to get iNotify properly so that listener receives
the events generated by server once subscription is successful.

Tested:
- Once subscription generated successfully. Tested client receiving
events successfully by running command on BMC console

Signed-off-by: poram srinivasa rao <poramx.srinivasa.rao@intel.com>
Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Id6ff5236eb57ba861210696e41caa838ab78034e

show more ...

Bring consistency to config options

The configuration options that exist in bmcweb are an amalgimation of
CROW options, CMAKE options using #define, pre-bmcweb ifdef mechanisms
and meson options usi

Bring consistency to config options

The configuration options that exist in bmcweb are an amalgimation of
CROW options, CMAKE options using #define, pre-bmcweb ifdef mechanisms
and meson options using a config file. This history has led to a lot of
different ways to configure code in the codebase itself, which has led
to problems, and issues in consistency.

ifdef options do no compile time checking of code not within the branch.
This is good when you have optional dependencies, but not great when
you're trying to ensure both options compile.

This commit moves all internal configuration options to:
1. A namespace called bmcweb
2. A naming scheme matching the meson option. hyphens are replaced with
underscores, and the option is uppercased. This consistent transform
allows matching up option keys with their code counterparts, without
naming changes.
3. All options are bool true = enabled, and any options with _ENABLED or
_DISABLED postfixes have those postfixes removed. (note, there are
still some options with disable in the name, those are left as-is)
4. All options are now constexpr booleans, without an explicit compare.

To accomplish this, unfortunately an option list in config/meson.build
is required, given that meson doesn't provide a way to dump all options,
as is a manual entry in bmcweb_config.h.in, in addition to the
meson_options. This obsoletes the map in the main meson.build, which
helps some of the complexity.

Now that we've done this, we have some rules that will be documented.
1. Runtime behavior changes should be added as a constexpr bool to
bmcweb_config.h
2. Options that require optionally pulling in a dependency shall use an
ifdef, defined in the primary meson.build. (note, there are no
options that currently meet this class, but it's included for
completeness.)

Note, that this consolidation means that at configure time, all options
are printed. This is a good thing and allows direct comparison of
configs in log files.

Tested: Code compiles
Server boots, and shows options configured in the default build. (HTTPS,
log level, etc)

Change-Id: I94e79a56bcdc01755036e4e7278c7e69e25809ce
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Consolidate Vm implementations

As much as the two vm implementations SEEM different, the differences
largely lie in how we're getting the nbd proxy socket. One is relying
on launching a process (nb

Consolidate Vm implementations

As much as the two vm implementations SEEM different, the differences
largely lie in how we're getting the nbd proxy socket. One is relying
on launching a process (nbd-proxy), the other is getting the fd from
dbus. Given [1] exists and is in process, we need to have a plan for
getting these two VM implementations into one, once that patchset is
complete.

This commit: Splits the vm-websocket option into vm-websocket-provider,
providing two options, nbd-proxy, and virtual-media (the names of the
respective apps). To accomplish this, it moves the contents of
nbd-proxy into include/vm-websocket, so we can compare the similarities
and start consolidating.

The longer term intent is that the nbd-proxy option will be completely
removed, and the code deleted. This has the additional advantage that
we will no longer require the boost::process dependency, as all info
will be available on dbus.

As part of this, the nbd proxy websocket is also registered at /vm/0/0,
to be backward compatible with the old interfaces.

Tested: Code compiles. Need some help here.

[1] https://gerrit.openbmc.org/c/openbmc/jsnbd/+/49944

Change-Id: Iedbca169ea40d45a8775f843792b874a248bb594
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove XSS prevention code

This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a m

Remove XSS prevention code

This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a much better way, by proxying everything.

This commit is one piece in the solving a use after free bug. Removing
this allows us to no longer have to cache the origin header [1], which
is only used in this mode.

Tested: Code compiles.

[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70850

Change-Id: I01d67006e217c0c9fd2db7526c0ec34b0da068f3
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Add missing headers

Most of these were found by breaking every redfish class handler into
its own compile unit:

When that's done, these missing headers become compile errors. We
should just fix the

Add missing headers

Most of these were found by breaking every redfish class handler into
its own compile unit:

When that's done, these missing headers become compile errors. We
should just fix them.

In addition, this allows us to enable automatic header checking in
clang-tidy using misc-header-cleaner. Because the compiler can now
"see" all the defines, it no longer tries to remove headers that it
thinks are unused.

[1] https://github.com/openbmc/bmcweb/commit/4fdee9e39e9f03122ee16a6fb251a380681f56ac

Tested: Code compiles.

Change-Id: Ifa27ac4a512362b7ded7cc3068648dc4aea6ad7b
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove ibm locks feature

This feature was introduced to manage the operation sync at BMC while
multiple clients manage the BMC.

This feature scope has gone away and it is not a simple code to maint

Remove ibm locks feature

This feature was introduced to manage the operation sync at BMC while
multiple clients manage the BMC.

This feature scope has gone away and it is not a simple code to maintain
as per the growing standards of bmcweb.

This commit removes the feature from this repo.

Tested by: Locks routes are not available anymore

Change-Id: I257225cfb1f43d7d5dadb21a28a2ee5345c5112a
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Clean up BMCWEB_ENABLE_SSL

This macro came originally from CROW_ENABLE_SSL, and was used as a macro
to optionally compile without openssl being required.

OpenSSL has been pulled into many other dep

Clean up BMCWEB_ENABLE_SSL

This macro came originally from CROW_ENABLE_SSL, and was used as a macro
to optionally compile without openssl being required.

OpenSSL has been pulled into many other dependencies, and has been
functionally required to be included for a long time, so there's no
reason to hold onto this macro.

Remove most uses of the macro, and for the couple functional places the
macro is used, transition to a constexpr if to enable the TLS paths.

This allows a large simplification of code in some places.

Tested: Redfish service validator passes.

Change-Id: Iebd46a68e5e417b6031479e24be3c21bef782f4c
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Move run and redfish to compile units

Meson supports unity builds[1] natively. There's no reason to continue
with the pseudo unity build we've been using by putting implementations
in header files.

Move run and redfish to compile units

Meson supports unity builds[1] natively. There's no reason to continue
with the pseudo unity build we've been using by putting implementations
in header files.

This commit is the first in a long series of starting to break this up
into smaller compile units, in the hopes of dropping incremental compile
times for developers, and reduce the total per-core memory usage that
gcc requires.

This commit breaks out the run() function from main() and the
constructor of RedfishService from redfish.hpp into their own compile
units. According to tracing, even after broken out, these are still by
far the two longest to compile units in the build.

Tested: Code compiles. Debug build on a 24 core build server results in
a decrease in compile time for compiling just bmcweb from 1m38s to
1m22s.

[1] https://mesonbuild.com/Unity-builds.html

Change-Id: Ibf352e8aba61d64c9a41a7a76e94ab3b5a0dde4b
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...