1f6ebb02fSPatrick Williams# Virtual Media (a.k.a. Remote Media) 2f6ebb02fSPatrick Williams 3*f4febd00SPatrick WilliamsAuthor: Pawel Rapkiewicz <pawel.rapkiewicz@intel.com> <pawelr> 4f6ebb02fSPatrick Williams 5*f4febd00SPatrick WilliamsOther contributors: Przemyslaw Czarnowski 6*f4febd00SPatrick Williams<przemyslaw.hawrylewicz.czarnowski@intel.com> Anna Platash 7*f4febd00SPatrick Williams<anna.platash@intel.com> 8f6ebb02fSPatrick Williams 9*f4febd00SPatrick WilliamsCreated: 6/4/2019 10f6ebb02fSPatrick Williams 11f6ebb02fSPatrick Williams## Problem Description 12f6ebb02fSPatrick Williams 13f6ebb02fSPatrick WilliamsVirtual Media allows users to remotely mount given ISO/IMG drive images through 14f6ebb02fSPatrick WilliamsBMC to Server HOST. The Remote drive is visible in HOST as USB storage device, 15*f4febd00SPatrick Williamsand operates in RO mode, or RW mode (keeping in mind container limitations, and 16*f4febd00SPatrick Williamswrite protection switches). This can even be used to install OS on bare metal 17*f4febd00SPatrick Williamssystem. This document focuses on few redirection options, like in-browser 18f6ebb02fSPatrick WilliamsISO/IMG image mounting, and remote CIFS/HTTPS image mounting. 19f6ebb02fSPatrick Williams 20f6ebb02fSPatrick Williams## References 21f6ebb02fSPatrick Williams 22*f4febd00SPatrick Williams- Virtual Media is going to use Network Block Device as primary disk image 23f6ebb02fSPatrick Williams forwarder. 24*f4febd00SPatrick Williams- NBDkit is being used, to serve images from remote storages over HTTPS/CIFS. 25f6ebb02fSPatrick Williams USBGadget as way to expose Media Storage Device to HOST. 26f6ebb02fSPatrick Williams 27f6ebb02fSPatrick Williams## Requirements 28*f4febd00SPatrick Williams 29f6ebb02fSPatrick WilliamsNone 30f6ebb02fSPatrick Williams 31f6ebb02fSPatrick Williams## Proposed Design 32f6ebb02fSPatrick Williams 33f6ebb02fSPatrick WilliamsVirtual Media splits into two modes of operation, lets call it Proxy, and 34f6ebb02fSPatrick WilliamsLegacy. 35f6ebb02fSPatrick Williams 36*f4febd00SPatrick Williams- Proxy mode - works directly from browser and uses JavaScript/HTML5 to 37f6ebb02fSPatrick Williams communicate over Secure WebSockets directly to HTTPS endpoint hosted by bmcweb 38f6ebb02fSPatrick Williams on BMC. 39*f4febd00SPatrick Williams- Legacy mode - is initiated from browser using Redfish defined VirtualMedia 40f6ebb02fSPatrick Williams schemas, then BMC process connects to external CIFS/HTTPS image pointed during 41f6ebb02fSPatrick Williams initialization. 42f6ebb02fSPatrick Williams 43f6ebb02fSPatrick WilliamsBoth methods inherit from default Redfish/BMCWeb authentication and privileges 44f6ebb02fSPatrick Williamsmechanisms. 45f6ebb02fSPatrick Williams 46f6ebb02fSPatrick WilliamsThe component diagram below shows Virtual Media high-level overview 47f6ebb02fSPatrick Williams 48f6ebb02fSPatrick Williams```ascii 49f6ebb02fSPatrick Williams+------------------+ +----------------------------------+ +-----------------------+ 50f6ebb02fSPatrick Williams|Remote Device| | |BMC| +------------+ | |HOST| | 51f6ebb02fSPatrick Williams+-------------/ | +---/ +--Dbus----->+VirtualMedia| | +----/ | 52f6ebb02fSPatrick Williams| | | v +------------+ | | | 53f6ebb02fSPatrick Williams| +------------+ | | +-+--------+ | | | 54f6ebb02fSPatrick Williams| |WebBrowser +<----HTTPS------->+BMCWeb | +---------+ | | +----------+ | 55f6ebb02fSPatrick Williams| +------------+ | | +-+--------+ |USBGadget+<--------->+USB Device| | 56f6ebb02fSPatrick Williams+------------------+ | ^ +----+----+ | | +----------+ | 57f6ebb02fSPatrick Williams | | ^ | | | 58f6ebb02fSPatrick Williams | | +------+ v | | | 59f6ebb02fSPatrick Williams | +--->+UNIX | +----+----+ | | | 60f6ebb02fSPatrick Williams | |SOCKET+<->+NBDClient| | | | 61f6ebb02fSPatrick Williams+------------------+ | +--->+ | +---------+ | | | 62f6ebb02fSPatrick Williams|Remote Storage| | | | +------+ | | | 63f6ebb02fSPatrick Williams+--------------/ | | | | | | 64f6ebb02fSPatrick Williams| | | v | | | 65f6ebb02fSPatrick Williams| +-----------+ | | +-+-------+ | | | 66f6ebb02fSPatrick Williams| |ISO/IMG +<---CIFS/HTTPS+-->+NBDkit | | | | 67f6ebb02fSPatrick Williams| +-----------+ | | +---------+ | +-----------------------+ 68f6ebb02fSPatrick Williams| | | | 69f6ebb02fSPatrick Williams+------------------+ +----------------------------------+ 70f6ebb02fSPatrick Williams``` 71f6ebb02fSPatrick Williams 72*f4febd00SPatrick WilliamsVirtual Media feature supports multiple, simultaneous connections in both modes. 73f6ebb02fSPatrick Williams 749de2f4eeSPrzemyslaw Czarnowski### Asynchronicity 759de2f4eeSPrzemyslaw Czarnowski 76*f4febd00SPatrick WilliamsMounting and unmounting of remote device could be time consuming. Virtual Media 77*f4febd00SPatrick Williamsshall support asynchronicity at the level of DBus and optionally Redfish API. 789de2f4eeSPrzemyslaw Czarnowski 799de2f4eeSPrzemyslaw CzarnowskiDefault timeouts for DBus (25 seconds) and for Redfish (60 seconds) may be 809de2f4eeSPrzemyslaw Czarnowskiinsufficient to perform mounting and unmounting in some cases. 819de2f4eeSPrzemyslaw Czarnowski 829de2f4eeSPrzemyslaw CzarnowskiAsynchronous responses will be described later on in appropriate sections. 839de2f4eeSPrzemyslaw Czarnowski 84f6ebb02fSPatrick Williams### Network Block Device (NBD) 85f6ebb02fSPatrick Williams 86f6ebb02fSPatrick WilliamsReader can notice that most connections on diagram are based on Network Block 87f6ebb02fSPatrick WilliamsDevice. After Sourceforge project description: 88f6ebb02fSPatrick Williams 89f6ebb02fSPatrick Williams> With this compiled into your kernel, Linux can use a remote server as one of 90*f4febd00SPatrick Williams> its block devices. Every time the client computer wants to read /dev/nbd0, it 91*f4febd00SPatrick Williams> will send a request to the server via TCP, which will reply with the data 92f6ebb02fSPatrick Williams> requested. This can be used for stations with low disk space (or even 93f6ebb02fSPatrick Williams> diskless - if you use an initrd) to borrow disk space from other computers. 94f6ebb02fSPatrick Williams> Unlike NFS, it is possible to put any file system on it. But (also unlike 95f6ebb02fSPatrick Williams> NFS), if someone has mounted NBD read/write, you must assure that no one else 96f6ebb02fSPatrick Williams> will have it mounted. 97f6ebb02fSPatrick Williams> 98f6ebb02fSPatrick Williams> -- [https://nbd.sourceforge.io/](https://nbd.sourceforge.io/) 99f6ebb02fSPatrick Williams 100f6ebb02fSPatrick WilliamsIn Virtual Media use case, it's being used to pull data from remote client, and 101f6ebb02fSPatrick Williamspresent it into non BMC mounted `/dev/nbdXX` device. Then the block device is 102f6ebb02fSPatrick Williamsbeing provided to Host through USB Gadget. 103f6ebb02fSPatrick Williams 104f6ebb02fSPatrick Williams### USB Gadget 105f6ebb02fSPatrick Williams 106*f4febd00SPatrick WilliamsPart of Linux kernel that makes _emulation_ of certain USB device classes 107f6ebb02fSPatrick Williamspossible through USB "On-The-Go", if connect appropriately to Host. In Virtual 108f6ebb02fSPatrick WilliamsMedia case it emulates USB mass storage connected to HOST. The source or 109f6ebb02fSPatrick Williamsredirection is block device created by nbd-client `/dev/nbdXX` 110f6ebb02fSPatrick Williams 111f6ebb02fSPatrick Williams### Proxy Mode 112f6ebb02fSPatrick Williams 113f6ebb02fSPatrick WilliamsProxy Mode uses browser JavaScript and WebSockets support, to create JS NBD 114f6ebb02fSPatrick WilliamsServer. Browser is responsible for create HTTPS session, authenticate user, and 115f6ebb02fSPatrick Williamsreceive given privileges, then upgrade HTTPS session to WSS, through mechanisms 116f6ebb02fSPatrick Williamsdescribed by [RFC6455](HTTPS://tools.ietf.org/html/rfc6455). Since WSS upgrade, 117f6ebb02fSPatrick WilliamsJS application is responsible for handling all required by specification NBD 118f6ebb02fSPatrick WilliamsServer commands. 119f6ebb02fSPatrick Williams 120f6ebb02fSPatrick WilliamsMultiple, simultaneous connections are supported per opening connections on 121f6ebb02fSPatrick Williamsdifferent URIs in HTTPS server. Number of available simultaneous connections is 122f6ebb02fSPatrick Williamsbeing defined in configuration file described in next chapter. 123f6ebb02fSPatrick Williams 124f6ebb02fSPatrick WilliamsEncryption for proxy is supported through HTTPS/WSS channel and inherits 125f6ebb02fSPatrick Williamsencryption mechanisms directly from HTTPS server, all data transactions go 126f6ebb02fSPatrick Williamsthrough bmcweb. 127f6ebb02fSPatrick Williams 128f6ebb02fSPatrick WilliamsThe initialization of connection will look as on diagram: 129f6ebb02fSPatrick Williams 130f6ebb02fSPatrick Williams```ascii 131f6ebb02fSPatrick Williams┌───────┐ ┌──────┐ ┌────────────┐ ┌─────────┐ ┌────┐ ┌─────────┐ 132f6ebb02fSPatrick Williams│Browser│ │bmcweb│ │VirtualMedia│ │NBDClient│ │uDEV│ │USBGadget│ 133f6ebb02fSPatrick Williams└───┬───┘ └──┬───┘ └─────┬──────┘ └────┬────┘ └─┬──┘ └────┬────┘ 134f6ebb02fSPatrick Williams │ establish HTTPS session │ │ │ │ │ 135f6ebb02fSPatrick Williams │─────────────────────────> │ │ │ │ 136f6ebb02fSPatrick Williams │ │ │ │ │ │ 137f6ebb02fSPatrick Williams │ upgrade to WSS on │ │ │ │ │ 138f6ebb02fSPatrick Williams │ /nbd/X endpoint │ ╔══════════════╧════╗ │ │ │ 139f6ebb02fSPatrick Williams │─────────────────────────> ║* bmcweb creates ░║ │ │ │ 140f6ebb02fSPatrick Williams │ │ ║ /tmp/nbd.X.sock ║ │ │ │ 141f6ebb02fSPatrick Williams │ │ ║* bmcweb locks new ║ │ │ │ 142f6ebb02fSPatrick Williams │ │ ║ connections on ║ │ │ │ 143f6ebb02fSPatrick Williams │ │ ║ endpoint /nbd/X ║ │ │ │ 144f6ebb02fSPatrick Williams │ │ ╚══════════════╤════╝ │ │ │ 145f6ebb02fSPatrick Williams │ │ Mount from: │ │ │ │ 146f6ebb02fSPatrick Williams │ │ /tmp/nbd.X.sock │ │ │ │ 147f6ebb02fSPatrick Williams │ │ ────────────────> │ │ │ 148f6ebb02fSPatrick Williams │ │ │ │ │ │ 149f6ebb02fSPatrick Williams │ │ │ Spawn NBDClient from │ │ │ 150f6ebb02fSPatrick Williams │ │ │ /tmp/nbd.x.sock │ │ │ 151f6ebb02fSPatrick Williams │ │ │ to /dev/nbdX ┌┴┐ │ │ 152f6ebb02fSPatrick Williams │ │ │ ──────────────────> │ │ │ │ 153f6ebb02fSPatrick Williams │ │ │ │ │ │ │ 154f6ebb02fSPatrick Williams │ │ │ Block Device │ │ │ │ 155f6ebb02fSPatrick Williams │ │ │ properties changed │ │ │ │ 156f6ebb02fSPatrick Williams │ │ │ <───────────────────────────────│ │ 157f6ebb02fSPatrick Williams │ │ │ │ │ │ │ 158f6ebb02fSPatrick Williams │ │ │ Configure USB mass │ │ 159f6ebb02fSPatrick Williams │ │ │ storage from /dev/nbd/X │ │ 160f6ebb02fSPatrick Williams │ │ │ ─────────────────────────────────────────>│ 161f6ebb02fSPatrick Williams │ │ │ │ │ │ │ 1629de2f4eeSPrzemyslaw Czarnowski │ │ Completion │ | | │ │ 1639de2f4eeSPrzemyslaw Czarnowski │ │ signal │ | | │ │ 1649de2f4eeSPrzemyslaw Czarnowski │ │ <───────────────│ │ │ │ │ 1659de2f4eeSPrzemyslaw Czarnowski │ │ │ │ │ │ │ 166f6ebb02fSPatrick Williams │ │ │ Data │ │ │ │ 167f6ebb02fSPatrick Williams │<─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─>│ 168f6ebb02fSPatrick Williams │ │ │ │ │ │ │ 169f6ebb02fSPatrick Williams``` 170f6ebb02fSPatrick Williams 171f6ebb02fSPatrick Williams### Legacy Mode 172f6ebb02fSPatrick Williams 173f6ebb02fSPatrick WilliamsLegacy Mode uses VirtualMedia schema, defined by DMTF, for mounting external 174*f4febd00SPatrick WilliamsCIFS/HTTPS images. The current implementation supports only stream mounting as 175*f4febd00SPatrick Williamsfor now. In this case Redfish is only used as mechanism for Virtual Media 176*f4febd00SPatrick Williamsinitialization, and is not responsible for data transmission. For data there is 177*f4febd00SPatrick Williamsa separate component responsible for handling CIFS/HTTPS traffic called NBDkit. 178f6ebb02fSPatrick Williams 179f6ebb02fSPatrick WilliamsMultiple, simultaneous connections are supported through spawning additional 180f6ebb02fSPatrick Williamsnbkit instances, the number of available instances for CIFS/HTTPS is configured 181f6ebb02fSPatrick Williamsand described in details in next chapter. 182f6ebb02fSPatrick Williams 183f6ebb02fSPatrick WilliamsEncryption is based on remote storage connection, and follows Intel's Best 184f6ebb02fSPatrick Williamssecurity practices, as remote server support such (i.e. HTTPS requires SSL, and 185f6ebb02fSPatrick Williamspure HTTP is not supported, for CIFS protocol version 3.0 allows enabling 186f6ebb02fSPatrick Williamsencryption and that will be provided). 187f6ebb02fSPatrick Williams 188f6ebb02fSPatrick WilliamsThe flow looks like below: 189f6ebb02fSPatrick Williams 190f6ebb02fSPatrick Williams```ascii 191f6ebb02fSPatrick Williams┌───────┐ ┌──────────┐ ┌──────┐ ┌────────────┐ ┌──────┐┌─────────┐┌────┐ ┌─────────┐ 192f6ebb02fSPatrick Williams│Browser│ │CIFS/HTTPS│ │bmcweb│ │VirtualMedia│ │NBDkit││NBDClient││uDEV│ │USBGadget│ 193f6ebb02fSPatrick Williams└───┬───┘ └────┬─────┘ └──┬───┘ └─────┬──────┘ └──┬───┘└────┬────┘└─┬──┘ └────┬────┘ 194f6ebb02fSPatrick Williams │establish HTTPS session│ │ │ │ │ │ 195f6ebb02fSPatrick Williams │───────────────────────> │ │ │ │ │ 196f6ebb02fSPatrick Williams │ │ │ │ │ │ │ │ 197f6ebb02fSPatrick Williams │Create new VirtualMedia│ │ │ │ │ │ 198f6ebb02fSPatrick Williams │ mountpoint via POST │ │ │ │ │ │ 199f6ebb02fSPatrick Williams │───────────────────────> │ │ │ │ │ 200f6ebb02fSPatrick Williams │ │ │ │ │ │ │ │ 201f6ebb02fSPatrick Williams │ │ │ Mount from │ │ │ │ │ 202f6ebb02fSPatrick Williams │ │ │ CIFS/HTTPS │ │ │ │ │ 203f6ebb02fSPatrick Williams │ │ │ location │ │ │ │ │ 204f6ebb02fSPatrick Williams │ │ │────────────> │ │ │ │ 205f6ebb02fSPatrick Williams │ │ │ │ │ │ │ │ 206f6ebb02fSPatrick Williams │ │ │ │Spawn NBDKit mounting│ │ │ │ 207f6ebb02fSPatrick Williams │ │ │ │ given location │ │ │ │ 208f6ebb02fSPatrick Williams │ │ │ │ appropriate │ │ │ │ 209f6ebb02fSPatrick Williams │ │ │ │ /tmp/nbd.X.sock ┌┴┐ │ │ │ 210f6ebb02fSPatrick Williams │ │ │ │ ──────────────────>│ │ │ │ │ 211f6ebb02fSPatrick Williams │ │ │ │ │ │ │ │ │ 212f6ebb02fSPatrick Williams │ │ │ │ Spawn NBDClient from │ │ │ 213f6ebb02fSPatrick Williams │ │ │ │ /tmp/nbd.X.sock to /dev/nbdX ┌┴┐ │ │ 214f6ebb02fSPatrick Williams │ │ │ │ ────────────────────────────>│ │ │ │ 215f6ebb02fSPatrick Williams │ │ │ │ │ │ │ │ │ │ 216f6ebb02fSPatrick Williams │ │ │ │ Block Device properties changed │ │ 217f6ebb02fSPatrick Williams │ │ │ │ <────────────────────────────────────── │ 218f6ebb02fSPatrick Williams │ │ │ │ │ │ │ │ │ │ 219f6ebb02fSPatrick Williams │ │ │ │ Configure USB mass storage from /dev/nbd/X │ 220f6ebb02fSPatrick Williams │ │ │ │ ───────────────────────────────────────────────>│ 221f6ebb02fSPatrick Williams │ │ │ │ │ │ │ │ │ │ 2229de2f4eeSPrzemyslaw Czarnowski │ │ │ Completion │ │ │ │ │ │ │ 2239de2f4eeSPrzemyslaw Czarnowski │ │ │ signal │ │ │ │ │ │ │ 2249de2f4eeSPrzemyslaw Czarnowski │ │ |<───────────│ │ │ │ │ │ │ 2259de2f4eeSPrzemyslaw Czarnowski │ │ │ │ │ │ │ │ │ │ 226f6ebb02fSPatrick Williams │ │ │ │ Data │ │ │ │ │ │ 227f6ebb02fSPatrick Williams │ │ <─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─>│ 228f6ebb02fSPatrick Williams``` 229f6ebb02fSPatrick Williams 230f6ebb02fSPatrick Williams### Redfish support 231f6ebb02fSPatrick Williams 232f6ebb02fSPatrick WilliamsVirtual Media Service will be exposed as Redfish VirtualMedia endpoint as 233f6ebb02fSPatrick Williamsdefined by DMTF. Here are some examples. 234f6ebb02fSPatrick Williams 235f6ebb02fSPatrick Williams#### Virtual Media Collection schema 236*f4febd00SPatrick Williams 237f6ebb02fSPatrick WilliamsMembers in collection will be defined based on configuration file described in 238f6ebb02fSPatrick Williamsnext sections. And will be visible despite media is inserted or not. 239f6ebb02fSPatrick Williams 240f6ebb02fSPatrick Williams```json 241f6ebb02fSPatrick Williams{ 242f6ebb02fSPatrick Williams "@odata.type": "#VirtualMediaCollection.VirtualMediaCollection", 243f6ebb02fSPatrick Williams "Name": "Virtual Media Services", 244f6ebb02fSPatrick Williams "Description": "Redfish-BMC Virtual Media Service Settings", 245f6ebb02fSPatrick Williams "Members@odata.count": 2, 246f6ebb02fSPatrick Williams "Members": [ 247f6ebb02fSPatrick Williams { 248f6ebb02fSPatrick Williams "@odata.id": "/redfish/v1/Managers/BMC/VirtualMedia/ISO0" 249f6ebb02fSPatrick Williams }, 250f6ebb02fSPatrick Williams { 251f6ebb02fSPatrick Williams "@odata.id": "/redfish/v1/Managers/BMC/VirtualMedia/1" 252f6ebb02fSPatrick Williams } 253f6ebb02fSPatrick Williams ], 254f6ebb02fSPatrick Williams "@odata.context": "/redfish/v1/$metadata#VirtualMediaCollection.VirtualMediaCollection", 255f6ebb02fSPatrick Williams "@odata.id": "/redfish/v1/Managers/BMC/VirtualMedia" 256f6ebb02fSPatrick Williams} 257f6ebb02fSPatrick Williams``` 258f6ebb02fSPatrick Williams 259f6ebb02fSPatrick Williams#### Virtual Media schema 260f6ebb02fSPatrick Williams 261f6ebb02fSPatrick Williams```json 262f6ebb02fSPatrick Williams{ 263f6ebb02fSPatrick Williams "@odata.type": "#VirtualMedia.v1_1_0.VirtualMedia", 264f6ebb02fSPatrick Williams "Id": "ISO0", 265f6ebb02fSPatrick Williams "Name": "Virtual Removable Media", 2669de2f4eeSPrzemyslaw Czarnowski "Actions": { 2679de2f4eeSPrzemyslaw Czarnowski "#VirtualMedia.InsertMedia": { 2689de2f4eeSPrzemyslaw Czarnowski "target": "/redfish/v1/Managers/bmc/VirtualMedia/ISO0/Actions/VirtualMedia.InsertMedia" 2699de2f4eeSPrzemyslaw Czarnowski }, 2709de2f4eeSPrzemyslaw Czarnowski "#VirtualMedia.EjectMedia": { 2719de2f4eeSPrzemyslaw Czarnowski "target": "/redfish/v1/Managers/bmc/VirtualMedia/ISO0/Actions/VirtualMedia.EjectMedia" 2729de2f4eeSPrzemyslaw Czarnowski } 2739de2f4eeSPrzemyslaw Czarnowski }, 274*f4febd00SPatrick Williams "MediaTypes": ["CD", "USBStick"], 275f6ebb02fSPatrick Williams "Image": "https://192.168.0.1/Images/os.iso", 276f6ebb02fSPatrick Williams "ImageName": "Os", 277f6ebb02fSPatrick Williams "ConnectedVia": "URI", 278f6ebb02fSPatrick Williams "Inserted": true, 279f6ebb02fSPatrick Williams "WriteProtected": false, 280f6ebb02fSPatrick Williams "@odata.context": "/redfish/v1/$metadata#VirtualMedia.VirtualMedia", 281f6ebb02fSPatrick Williams "@odata.id": "/redfish/v1/Managers/BMC/VirtualMedia/ISO0", 282f6ebb02fSPatrick Williams "Oem": { 283f6ebb02fSPatrick Williams "OpenBMC": { 284f6ebb02fSPatrick Williams "@odata.type": "#OemVirtualMedia.v1_0_0.VirtualMedia", 285f6ebb02fSPatrick Williams "WebSocketEndpoint": "/nbd/0" 286f6ebb02fSPatrick Williams } 287*f4febd00SPatrick Williams } 288f6ebb02fSPatrick Williams} 289f6ebb02fSPatrick Williams``` 290f6ebb02fSPatrick Williams 291*f4febd00SPatrick WilliamsSchema will look similar for both Proxy and Legacy Mode. Some key differences as 292*f4febd00SPatrick Williamsfollows: 293f6ebb02fSPatrick Williams 294f6ebb02fSPatrick Williams| Field Name | Proxy Mode | Legacy Mode | Comment | 295*f4febd00SPatrick Williams| -------------------- | ---------- | -------------------------------- | --------------------------------------------------------------- | 2969de2f4eeSPrzemyslaw Czarnowski| InsertMedia | N/A | action as described by DMTF spec | Action can return Task object if<br> process is time consumming | 297f6ebb02fSPatrick Williams| Image | N/A | image location | | 298f6ebb02fSPatrick Williams| ImageName | N/A | image name | | 299f6ebb02fSPatrick Williams| ConnectedVia | "Applet" | as described by DMTF spec | applies only for connected media | 300f6ebb02fSPatrick Williams| TransferMethod | "Stream" | "Stream" | "upload" is not supported by design | 301f6ebb02fSPatrick Williams| TransferProtocolType | "OEM" | as described by DMTF spec | | 302f6ebb02fSPatrick Williams 303f6ebb02fSPatrick Williams#### Virtual Media OEM Extension 304f6ebb02fSPatrick Williams 305f6ebb02fSPatrick WilliamsVirtual Media schema is adapted to Legacy Mode where image is given by user 306f6ebb02fSPatrick Williamsdirectly via Redfish action and whole connection is processed between service 307f6ebb02fSPatrick Williamsand web server. 308f6ebb02fSPatrick Williams 309*f4febd00SPatrick WilliamsFor [Proxy Mode](#Proxy-Mode) nbd data is served by client web browser. Having 310*f4febd00SPatrick Williamsmultiple connections, in order to setup connection, client needs the information 311*f4febd00SPatrick Williamsabout the location of websocket created by web server. This value is exposed as 312*f4febd00SPatrick WilliamsOEM `WebSocketEndpoint` property for each item. 313f6ebb02fSPatrick Williams 314f6ebb02fSPatrick Williams### Inactivity timeout 315f6ebb02fSPatrick Williams 316f6ebb02fSPatrick WilliamsVirtual Media supports inactivity timeout, which will break Virtual Media 317f6ebb02fSPatrick Williamsconnection after certain number of seconds of inactivity. Because nbdclient has 318f6ebb02fSPatrick Williamsmechanism for caching image, also kernel has home buffer mechanisms for block 319f6ebb02fSPatrick Williamsdevice, the idea is to prepare a patch on USBGadget driver, that will write USB 320f6ebb02fSPatrick Williamsgadget statistics under /proc/USBGadget/lun.X file. Those statistics will be 321f6ebb02fSPatrick Williamsobserved by Virtual Media application. 322f6ebb02fSPatrick Williams 323f6ebb02fSPatrick Williams### Virtual Media Service 324f6ebb02fSPatrick Williams 325*f4febd00SPatrick WilliamsVirtual Media Service is separate application that will coexist on DBus. It will 326*f4febd00SPatrick Williamsbe initialized from configuration json file, and expose all available for 327*f4febd00SPatrick Williamsprovisioning VirtualMedia objects. Virtual Media is responsible for: 328f6ebb02fSPatrick Williams 329*f4febd00SPatrick Williams- Exposing current Virtual Media configuration to DBus user. 330*f4febd00SPatrick Williams- Spawning nbdclient, and monitor its lifetime, for Proxy connections. 331*f4febd00SPatrick Williams- Spawning nbdkit, and monitor its lifetime, for CIFS/HTTPS connections. 332*f4febd00SPatrick Williams- Monitoring uDEV for all NBD related block device changes, and 333f6ebb02fSPatrick Williams configure/de-configure USB Gadget accordingly. 334*f4febd00SPatrick Williams- Monitor NBD device inactivity period to support inactivity timeout. 335f6ebb02fSPatrick Williams 336f6ebb02fSPatrick Williams### Configuration 337f6ebb02fSPatrick Williams 338f6ebb02fSPatrick WilliamsUpon process startup, Virtual Media reads its config file, with the following 339f6ebb02fSPatrick Williamsstructure: 340f6ebb02fSPatrick Williams 341f6ebb02fSPatrick Williams```json 342f6ebb02fSPatrick Williams"InactivityTimeout": 1800, # Timeout of inactivity on device in seconds, that will lead to automatic disconnection 343f6ebb02fSPatrick Williams"MountPoints": { 344f6ebb02fSPatrick Williams "ISO0": { 345f6ebb02fSPatrick Williams "EndpointId": "/nbd/0", # bmcweb endpoint (URL) configured for this type of connection 346f6ebb02fSPatrick Williams "Mode": 0, # 0 - Proxy Mode, 1 - Legacy Mode 347f6ebb02fSPatrick Williams "NBDDevice": "/dev/nbd0", # nbd endpoint on device usually matches numeric value with EndpointId 348f6ebb02fSPatrick Williams "UnixSocket": "/tmp/nbd.sock", # defines which Unix socket will be occupied by connection 349f6ebb02fSPatrick Williams "Timeout": 30, # timeout in seconds passed to nbdclient 350f6ebb02fSPatrick Williams "BlockSize": 512, # Block size passed to nbdclient 351f6ebb02fSPatrick Williams } 352f6ebb02fSPatrick Williams}, 353f6ebb02fSPatrick Williams``` 354f6ebb02fSPatrick Williams 355f6ebb02fSPatrick Williams### DBus Interface 356f6ebb02fSPatrick Williams 357*f4febd00SPatrick WilliamsVirtual Media will expose the following object structure. All object paths are 358*f4febd00SPatrick Williamsrepresentation of configuration file described above 359f6ebb02fSPatrick Williams 360f6ebb02fSPatrick Williams```ascii 361f6ebb02fSPatrick Williams/xyz/openbmc_project/VirtualMedia/Proxy/ISO0 362f6ebb02fSPatrick Williams/xyz/openbmc_project/VirtualMedia/Proxy/1 363f6ebb02fSPatrick Williams/xyz/openbmc_project/VirtualMedia/Legacy/0 364f6ebb02fSPatrick Williams/xyz/openbmc_project/VirtualMedia/Legacy/1 365f6ebb02fSPatrick Williams``` 366f6ebb02fSPatrick Williams 367*f4febd00SPatrick WilliamsEach of object will implement `xyz.openbmc_project.VirtualMedia.Process` 368f6ebb02fSPatrick Williamsinterface, which will be defined as follow: 369f6ebb02fSPatrick Williams 370f6ebb02fSPatrick Williams| Name | type | input | return | description | 371f6ebb02fSPatrick Williams| -------- | -------- | ----- | ------- | ------------------------------------------------------------------- | 372f6ebb02fSPatrick Williams| Active | Property | - | BOOLEAN | `True`, if object is occupied by active process, `False` otherwise | 373f6ebb02fSPatrick Williams| ExitCode | Property | - | INT32 | If process terminates this property will contain returned exit code | 374f6ebb02fSPatrick Williams 375f6ebb02fSPatrick WilliamsEach object will also expose configuration of its own under 376*f4febd00SPatrick Williams`xyz.openbmc_project.VirtualMedia.MountPoint` (all properties are RO) 377f6ebb02fSPatrick Williams 378f6ebb02fSPatrick Williams| Name | type | input | return | description | 379d2616a95SAnna Platash| -------------------------- | -------- | ----- | ------- | ------------------------------------------------------------------------- | 380f6ebb02fSPatrick Williams| EndPointId | Property | - | STRING | As per configuration | 381f6ebb02fSPatrick Williams| Mode | Property | - | BYTE | As per configuration | 382f6ebb02fSPatrick Williams| Device | Property | - | STRING | As per configuration | 383f6ebb02fSPatrick Williams| Socket | Property | - | STRING | As per configuration | 384f6ebb02fSPatrick Williams| Timeout | Property | - | UINT16 | As per configuration | 385f6ebb02fSPatrick Williams| BlockSize | Property | - | UINT16 | As per configuration | 386f6ebb02fSPatrick Williams| RemainingInactivityTimeout | Property | - | UINT16 | Seconds to drop connection by server, for activated endpoint, 0 otherwise | 387f6ebb02fSPatrick Williams| ImageURL | Property | - | STRING | URL to mounted image | 388d2616a95SAnna Platash| WriteProtected | Property | - | BOOLEAN | 'True', if the image is mounted as read only, 'False' otherwise | 389f6ebb02fSPatrick Williams 390f6ebb02fSPatrick WilliamsAnother interface exposed by each object are stats under 391*f4febd00SPatrick Williams`xyz.openbmc_project.VirtualMedia.Stats` (all properties are RO): 392f6ebb02fSPatrick Williams 393f6ebb02fSPatrick Williams| Name | type | input | return | description | 394f6ebb02fSPatrick Williams| ------- | -------- | ----- | ------ | ---------------------------------------- | 395f6ebb02fSPatrick Williams| ReadIO | Property | - | UINT64 | Number of read IOs since image mounting | 396f6ebb02fSPatrick Williams| WriteIO | Property | - | UINT64 | Number of write IOs since image mounting | 397f6ebb02fSPatrick Williams 398*f4febd00SPatrick WilliamsDepends on object path, object will expose different interface for mounting 399*f4febd00SPatrick Williamsimage. 400f6ebb02fSPatrick Williams 401fd991943SGeorge KeishingMounting can be a time consuming task, so event driven mechanism has to be 4029de2f4eeSPrzemyslaw Czarnowskiintroduced. Mount and Unmount calls will trigger asynchronous action and will 403*f4febd00SPatrick Williamsend immediately, giving appropriate signal containing status on task completion. 4049de2f4eeSPrzemyslaw Czarnowski 405*f4febd00SPatrick WilliamsFor Proxy its `xyz.openbmc_project.VirtualMedia.Proxy`, defined as follow: 406f6ebb02fSPatrick Williams 407f6ebb02fSPatrick Williams| Name | type | input | return | description | 408*f4febd00SPatrick Williams| ---------- | ------ | ----- | ------- | ------------------------------------------------------------------------------ | 409a3d68704SPrzemyslaw Czarnowski| Mount | Method | - | BOOLEAN | Perform an asynchronous operation of mounting to HOST on given object. | 410a3d68704SPrzemyslaw Czarnowski| Unmount | Method | - | BOOLEAN | Perform an asynchronous operation of unmount from HOST on given object | 411a3d68704SPrzemyslaw Czarnowski| Completion | Signal | - | INT32 | Returns 0 for success or errno on failure after background operation completes | 412f6ebb02fSPatrick Williams 413*f4febd00SPatrick WilliamsFor Legacy its `xyz.openbmc_project.VirtualMedia.Legacy`, defined as follow: 414f6ebb02fSPatrick Williams 415f6ebb02fSPatrick Williams| Name | type | input | return | description | 416*f4febd00SPatrick Williams| ---------- | ------ | ----------------------------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | 417a3d68704SPrzemyslaw Czarnowski| Mount | Method | STRING | BOOLEAN | Perform an asynchronous operation of mounting to HOST on given object, with location given as STRING parameter | 418a3d68704SPrzemyslaw Czarnowski| Mount | Method | STRING<br>BOOLEAN<br>VARIANT<UNIX_FD,INT> | BOOLEAN | Perform an asynchronous operation of mounting to HOST on given object, with parameters:<br><br>`STRING` : url to image. It should start with either `smb://` or `https://` prefix<br>`BOOLEAN` : RW flag for mounted gadget (should be consistent with remote image capabilities)<br>`VARIANT<UNIX_FD,INT>` : file descriptor of named pipe used for passing null-delimited secret data (username and password). When there is no data to pass `-1` should be passed as `INT` | 419a3d68704SPrzemyslaw Czarnowski| Unmount | Method | - | BOOLEAN | Perform an asynchronous operation of unmounting from HOST on given object | 420a3d68704SPrzemyslaw Czarnowski| Completion | Signal | - | INT32 | Returns 0 for success or errno on failure after background operation completes | 421a3d68704SPrzemyslaw Czarnowski 422*f4febd00SPatrick WilliamsMount and unmount operation return true if async operation is started and false 423*f4febd00SPatrick Williamswhen preliminary check encountered an error. They may also indicate appropriate 424*f4febd00SPatrick Williamsdbus error. 425f6ebb02fSPatrick Williams 426f6ebb02fSPatrick Williams## Alternatives Considered 427*f4febd00SPatrick Williams 428f6ebb02fSPatrick WilliamsExisting implementation in OpenBMC 429f6ebb02fSPatrick Williams 430f6ebb02fSPatrick Williams## Impact 431*f4febd00SPatrick Williams 432f6ebb02fSPatrick WilliamsShall not affect usability of current Virtual Media implementation 433f6ebb02fSPatrick Williams 434f6ebb02fSPatrick Williams## Testing 435*f4febd00SPatrick Williams 436f6ebb02fSPatrick WilliamsTBD 437