1# OpenBMC Webserver Development 2 31. ### Performance targets 4 As OpenBMC is intended to be deployed on an embedded system, care should be 5 taken to avoid expensive constructs, and memory usage. In general, our 6 performance and metric targets are: 7 8 - Binaries and static files should take up < 1MB of filesystem size 9 - Memory usage should remain below 10MB at all times 10 - Application startup time should be less than 1 second on target hardware 11 (AST2500) 12 132. ### Asynchronous programming 14 Care should be taken to ensure that all code is written to be asynchronous in 15 nature, to avoid blocking methods from stopping the processing of other 16 tasks. At this time the webserver uses boost::asio for it async framework. 17 Threads should be avoided if possible, and instead use async tasks within 18 boost::asio. 19 203. ### Secure coding guidelines 21 Secure coding practices should be followed in all places in the webserver 22 23 In general, this means: 24 - All buffer boundaries must be checked before indexing or using values 25 - All pointers and iterators must be checked for null before dereferencing 26 - All input from outside the application is considered untrusted, and should 27 be escaped, authorized and filtered accordingly. This includes files in 28 the filesystem. 29 - All error statuses are checked and accounted for in control flow. 30 - Where applicable, noexcept methods should be preferred to methods that use 31 exceptions 32 - Explicitly bounded types should be preferred over implicitly bounded types 33 (like std::array<int, size> as opposed to int[size]) 34 - no use of [Banned 35 functions](https://github.com/intel/safestringlib/wiki/SDL-List-of-Banned-Functions 36 "Banned function list") 37 384. ### Error handling 39 Error handling should be constructed in such a way that all possible errors 40 return valid HTTP responses. The following HTTP codes will be used commonly 41 - 200 OK - Request was properly handled 42 - 201 Created - Resource was created 43 - 401 Unauthorized - Request didn't posses the necessary authentication 44 - 403 Forbidden - Request was authenticated, but did not have the necessary 45 permissions to accomplish the requested task 46 - 404 Not found - The url was not found 47 - 500 Internal error - Something has broken within the OpenBMC web server, 48 and should be filed as a bug 49 50 Where possible, 307 and 308 redirects should be avoided, as they introduce 51 the possibility for subtle security bugs. 52 535. ### Startup times 54 Given that the most common target of OpenBMC is an ARM11 processor, care 55 needs to be taken to ensure startup times are low. In general this means: 56 57 - Minimizing the number of files read from disk at startup. Unless a 58 feature is explicitly intended to be runtime configurable, its logic 59 should be "baked in" to the application at compile time. For cases where 60 the implementation is configurable at runtime, the default values should 61 be included in application code to minimize the use of nonvolatile 62 storage. 63 - Avoid excessive memory usage and mallocs at startup. 64 656. ### Compiler features 66 - At this point in time, the webserver sets a number of security flags in 67 compile time options to prevent misuse. The specific flags and what 68 optimization levels they are enabled at are documented in the 69 CMakeLists.txt file. 70 - Exceptions are currently enabled for webserver builds, but their use is 71 discouraged. Long term, the intent is to disable exceptions, so any use 72 of them for explicit control flow will likely be rejected in code review. 73 Any use of exceptions should be cases where the program can be reasonably 74 expected to crash if the exception occurs, as this will be the future 75 behavior once exceptions are disabled. 76 - Run time type information is disabled 77 - Link time optimization is enabled 78 797. ### Authentication 80 The webserver shall provide the following authentication mechanisms. 81 - Basic authentication 82 - Cookie authentication 83 - Token authentication 84 85 There shall be connection between the authentication mechanism used and 86 resources that are available over it. The webserver shall employ an 87 authentication scheme that is in line with the rest of OpenBMC, and allows 88 users and privileges to be provisioned from other interfaces. 89 908. ### Web security 91 The OpenBMC webserver shall follow the latest OWASP recommendations for 92 authentication, session management, and security. 93 949. ### Performance 95 The performance priorities for the OpenBMC webserver are (in order): 96 1. Code is readable and clear 97 2. Code follows secure guidelines 98 3. Code is performant, and does not unnecessarily abstract concepts at the 99 expense of performance 100 4. Code does not employ constructs which require continuous system 101 resources, unless required to meet performance targets. (example: 102 caching sensor values which are expected to change regularly) 103 10410. ### Abstraction/interfacing 105 In general, the OpenBMC webserver is built using the data driven design. 106 Abstraction and Interface guarantees should be used when multiple 107 implementations exist, but for implementations where only a single 108 implementation exists, prefer to make the code correct and clean rather than 109 implement a concrete interface. 110 11111. ### phosphor webui 112 The webserver should be capable of hosting phosphor-webui, and implementing 113 the required flows to host the application. In general, all access methods 114 should be available to the webui. 115 11612. ### Redfish 117 bmcweb's Redfish implementation, including Redfish OEM Resources, shall 118 conform to the Redfish specification. Please keep bmcweb's [Redfish support 119 document](https://github.com/openbmc/bmcweb/blob/master/Redfish.md) updated. 120 Before adding a Redfish OEM schema or property first engage the DMTF's 121 Redfish working group to see if they are interested in adding the new 122 feature. The [Redfish Specification Forum](https://redfishforum.com/) is a 123 public Redfish forum to ask questions and request features. Redfish 124 "Supporter" and "Promoter" companies, which many companies working on OpenBMC 125 are, can request features via the Redfish code repository or via Redfish 126 meetings. For more information on Redfish and supported schemas visit 127 [Redfish.md](https://github.com/openbmc/bmcweb/blob/master/Redfish.md). 128 12913. ### Common errors 130 A number of examples of common errors are captured in the common errors doc. 131 It is recommended that developers read and understand all of them before 132 starting any openbmc development. 133 [Common Errors](https://github.com/openbmc/bmcweb/blob/master/COMMON_ERRORS.md). 134 13514. ### Developing and Testing 136 There are a variety of ways to develop and test bmcweb software changes. 137 Here are the steps for using the SDK and QEMU. 138 139 - Follow all [development environment setup](https://github.com/openbmc/docs/blob/master/development/dev-environment.md) 140 directions in the development environment setup document. This will get 141 QEMU started up and you in the SDK environment. 142 - Follow all of the [gerrit setup](https://github.com/openbmc/docs/blob/master/development/gerrit-setup.md) 143 directions in the gerrit setup document. 144 - Clone bmcweb from gerrit 145 ``` 146 git clone ssh://openbmc.gerrit/bmcweb/ 147 ``` 148 149 - Ensure it compiles 150 ``` 151 cmake ./ && make 152 ``` 153 **Note:** If you'd like to enable debug traces in bmcweb, use the 154 following command for cmake 155 ``` 156 cmake ./ -DCMAKE_BUILD_TYPE:type=Debug 157 ``` 158 159 - Make your changes as needed, rebuild with `make` 160 161 - Reduce binary size by stripping it when ready for testing 162 ``` 163 arm-openbmc-linux-gnueabi-strip bmcweb 164 ``` 165 **Note:** Stripping is not required and having the debug symbols could be 166 useful depending on your testing. Leaving them will drastically increase 167 your transfer time to the BMC. 168 169 - Copy your bmcweb you want to test to /tmp/ in QEMU 170 ``` 171 scp -P 2222 bmcweb root@127.0.0.1:/tmp/ 172 ``` 173 **Special Notes:** 174 The address and port shown here (127.0.0.1 and 2222) reaches the QEMU session 175 you set up in your development environment as described above. 176 177 - Stop bmcweb service within your QEMU session 178 ``` 179 systemctl stop bmcweb 180 ``` 181 **Note:** bmcweb supports being started directly in parallel with the bmcweb 182 running as a service. The standalone bmcweb will be available on port 18080. 183 An advantage of this is you can compare between the two easily for testing. 184 In QEMU you would need to open up port 18080 when starting QEMU. Your curl 185 commands would need to use 18080 to communicate. 186 187 - If running within a system that has read-only /usr/ filesystem, issue 188 the following commands one time per QEMU boot to make the filesystem 189 writeable 190 ``` 191 mkdir -p /var/persist/usr 192 mkdir -p /var/persist/work/usr 193 mount -t overlay -o lowerdir=/usr,upperdir=/var/persist/usr,workdir=/var/persist/work/usr overlay /usr 194 ``` 195 196 - Remove the existing bmcweb from the filesystem in QEMU 197 ``` 198 rm /usr/bin/bmcweb 199 ``` 200 201 - Link to your new bmcweb in /tmp/ 202 ``` 203 ln -sf /tmp/bmcweb /usr/bin/bmcweb 204 ``` 205 206 - Test your changes. bmcweb will be started automatically upon your 207 first REST or Redfish command 208 ``` 209 curl -c cjar -b cjar -k -X POST https://127.0.0.1:2443/login -d "{\"data\": [ \"root\", \"0penBmc\" ] }" 210 curl -c cjar -b cjar -k -X GET https://127.0.0.1:2443/xyz/openbmc_project/state/bmc0 211 ``` 212 213 - Stop the bmcweb service and scp new file over to /tmp/ each time you 214 want to retest a change. 215 216 See the [REST](https://github.com/openbmc/docs/blob/master/REST-cheatsheet.md) 217 and [Redfish](https://github.com/openbmc/docs/blob/master/REDFISH-cheatsheet.md) cheatsheets for valid commands. 218 219 Please test all Redfish changes with the 220 [Redfish Service Validator](https://github.com/DMTF/Redfish-Service-Validator). 221 Your change should not introduce any new validator errors. Please include 222 the Redfish Service Validator results as part of the commit message 223 ["Tested" field](https://github.com/openbmc/docs/blob/master/CONTRIBUTING.md#testing). 224 225## clang-tidy 226 227clang-tidy is a tool that can be used to identify coding style violations, bad 228design patterns, and bug prone constructs. The checks are implemented in the 229.clang-tidy file in the root of bmcweb, and are expected to be passing. To 230run, the best way is to run the checks in yocto. 231 232``` 233# check out meta-clang in your openbmc root 234cd openbmc 235git clone https://github.com/kraj/meta-clang 236 237# add the meta-clang layer to BBLAYERS in $BBPATH/conf/bblayers.conf 238<path_to_your_build_dir>/meta-clang 239 240# Add this line to $BBPATH/conf/local.conf to build bmcweb with clang 241TOOLCHAIN_pn-bmcweb = "clang" 242 243# and build 244bitbake bmcweb 245 246# Open devshell (this will open a shell) 247bitbake -c devshell bmcweb 248 249# cd into the work dir 250cd oe-workdir/bmcweb-1.0+git999 251# run clang tidy 252clang-tidy --header-filter=".*" -p . $BBPATH/workspace/sources/bmcweb/src/webserver_main.cpp 253``` 254