OpenBMC Web server https://git.raptorcs.com/git/bmcweb/atom?h=master 2020-01-09T16:41:07+00:00 2020-01-09T16:41:07+00:00 Jan Sowinski jan.sowinski@intel.com 2020-01-09T16:16:02+00:00 urn:sha1:2b5e08e2915d886655a78aaabff40745dca6b517 This commit fixes timeout issues when transfering bigger payloads like update image. Tested by uploading image: curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \ -X POST -T test.tar https://$bmc/upload/image # slow connection upload (~10kB/s) curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \ -X POST -T test.tar https://$bmc/upload/image --limit-rate 10k Signed-off-by: Jan Sowinski <jan.sowinski@intel.com> Change-Id: I913136013afb58c97071819288460f4cb64d0d83 2020-01-09T16:28:32+00:00 Jan Sowinski jan.sowinski@intel.com 2020-01-09T16:28:32+00:00 urn:sha1:ee52ae1013244b73d8312d5f7e795bb01f3c1089 This reverts commit a8086647b103f55116ce4c872e1455ebf1f3e346. Reason for revert: Restoring commit c00500b as base for upload image issue fix Change-Id: I1dd5d3fda2d1ee6f4027193a0506d5ca764b01e4 Signed-off-by: Jan Sowinski <jan.sowinski@intel.com> 2020-01-08T17:20:15+00:00 James Feist james.feist@linux.intel.com 2020-01-07T17:53:20+00:00 urn:sha1:a8086647b103f55116ce4c872e1455ebf1f3e346 This reverts commit c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a. Reason: Makes image upload fail Tested: Image upload works again requests.post( 'https://{}/redfish/v1/UpdateService'.format(args.address), data=file.read(), verify=False, auth=(args.username, args.password)) Change-Id: Iaf780d052d98accdead32e87f468002f5141b19a Signed-off-by: James Feist <james.feist@linux.intel.com> 2019-12-19T14:30:48+00:00 Adriana Kobylak anoo@us.ibm.com 2019-12-05T19:57:57+00:00 urn:sha1:0e1cf26b1cd98e0ec069e6187434fcabf1e9c200 OpenBMC supports "System" or "bundled" images that contain two or more firmware images, such as BMC and Host or PSU firmware, making the resulting image file greater than the current limit of 30MB. Make the http request body size configurable to allow bigger files to be uploaded. Tested: - Upload a regular BMC image still works. - Uploading a 50MB firmware image that contains the host fw fails: $ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image curl: (52) Empty reply from server - With the "-DBMCWEB_HTTP_REQ_BODY_LIMIT_MB=128" compile option works: $ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image { "data": "19e6fe13", "message": "200 OK", "status": "ok" } Change-Id: I0b0e1032c9daf00a01e42ac5ee1c0d979f857d5e Signed-off-by: Adriana Kobylak <anoo@us.ibm.com> 2019-12-19T13:01:38+00:00 Jan Sowinski jan.sowinski@intel.com 2019-12-03T09:37:06+00:00 urn:sha1:c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a This commit fixes issue around Connection class and websockets - controlling connection lifetime by shared_ptr instead of manual new/delete - fixed memory leak when upgrading connection to websockets - removed dangling reference to conn.req in websockets - fixed lack of reponse for invalid websockets URLs - fixed not working connections deadline timer There is no noticable performance impact after switching connection management to shared pointers. Benchmark results using: wrk https://${bmc} shared_ptr: 144.29 Requests/sec new/delete: 144.41 Requests/sec Tested manually: performance: wrk https://${bmc} memory leaks: top websockets: webui- KVM and VirtualMedia HTTP GET on random Redfish schemas: postman Signed-off-by: Jan Sowinski <jan.sowinski@intel.com> Change-Id: I63f7395ba081a68e7900eae2ed204acd50f58689 2019-12-19T07:52:01+00:00 Zbigniew Kurzynski zbigniew.kurzynski@intel.com 2019-11-07T11:55:04+00:00 urn:sha1:cac94c55c59a397524a04786f4d699e2bd7f21bf This commit sets the mutual TLS option to ON by default. Core mTLS implementation was accepted under this commit: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23588 where by default the mTLS was disabled. Tested: Manual tests were made to verify if this option turns the mTLS ON. Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: I3bc5f5453d4c4df1cd7ecb0b8868423285b6ab83 2019-12-18T23:45:31+00:00 Ed Tanous ed.tanous@intel.com 2019-10-23T18:49:06+00:00 urn:sha1:b28eb8ed4a1d5f05aa9911e94e53f261add4bb65 I now understand the router properly (as I did a while back). This call is correct, as "/" and "" are considered the same by the router. Tested: Comment change, no impact to code. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: Ic6fc17f0e7137bbc3674c2290d10dcdba9b4ed18 2019-12-17T19:00:58+00:00 Jason M. Bills jason.m.bills@linux.intel.com 2019-12-11T22:32:14+00:00 urn:sha1:a6e2f1c4cba5f3b19d7c039f52d6598b129b5b10 We currently use multiple regex calls to convert specific fields to links. Rather than continuing to add new regex calls for individual link types, we can use one regex to convert all '/redfish/' paths to links. Tested: Checked that all provided redfish paths are converted to links: odata.id, odata.context, nextLink, Uri, etc. Change-Id: I2f06e2d5ee9b3d88141f1629f168b3667669d93f Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com> 2019-12-17T05:06:45+00:00 RAJESWARAN THILLAIGOVINDAN rajeswgo@in.ibm.com 2019-12-13T10:26:54+00:00 urn:sha1:61dbeef97168db1a1f7a351c5f95e09afd361e48 Modified the code to make an asynchronous call to GetUserInfo to get the user role for authorization. For local users, DBus matches are used to store user role map hot in memory. Hence, bmcweb has to know whether a user is a local user or LDAP user to get the role. To avoid this, removed the existing DBus matches and modified the code to call GetUserInfo to get the role of local users as well as LDAP users. Tested: - Created a local user having admin privilege and verified that he is able to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a local user having user privilege and verified that he is unauthorized to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a remote user having admin privilege and verified that he is able to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a remote user having user privilege and verified that he is unauthorized to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Tested Redfish ConfigureSelf privilege Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com> Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57 2019-12-16T08:08:16+00:00 Zbigniew Kurzynski zbigniew.kurzynski@intel.com 2019-12-11T18:11:18+00:00 urn:sha1:26139a5a651dcca88d1d40cac5e1e106285c1271 This new value will be used by javascript in phosphor-webui to perform login-less authentication. Tested: Manually tests were performed on Chrome browser. Having enabled and configured mTLS user is able to authenticate with proper certificates. The login page is not displayed unless user logs out. Appropriate phosphor-webui changes can be found here: https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-webui/+/27851 Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: Iac76459e1843a5c8bd2287c6e078319aebedfdcc