OpenBMC Web server https://git.raptorcs.com/git/bmcweb/atom?h=master 2020-02-11T05:00:01+00:00 2020-02-11T05:00:01+00:00 Yong Li yong.b.li@linux.intel.com 2020-02-10T07:15:21+00:00 urn:sha1:bd5db5221f1a295da61a3e4dba0c48724e090825 Log the BMC kernel panic event into redfish. Tested: Trigger a kernel panic by "echo c > /proc/sysrq-trigger", After BMC reboot, check the below message entry in redfish/v1/Systems/system/LogServices/EventLog/Entries: { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/68627", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T19:03:47+00:00", "EntryType": "Event", "Id": "68627", "Message": "BMC rebooted due to kernel panic.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.BMCKernelPanic", "Name": "System Event Log Entry", "Severity": "OK" } Signed-off-by: Yong Li <yong.b.li@linux.intel.com> Change-Id: Ibc3075a48514b3288ba1a1b1fbe716f5e9deeb26 2020-02-03T17:57:27+00:00 AppaRao Puli apparao.puli@linux.intel.com 2020-01-28T21:06:32+00:00 urn:sha1:3f8a743a5179eb618518ff04b98202a997342bb0 Currently 'Updateable' property value in SoftwareInventory schema is hardcoded. Added support to look through the updateable software associations objects and use it for 'Updateable' Redfish property in SoftwareInventory. Tested: - Checked 'Updateable' Property value for both programmable and non-programmable firmware inventory components and it works as expected. - Ran the Redfish validator and no new issues found. Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: Ia24f942f3afe49674ec3628cac0356a5496ef337 2020-01-27T09:53:00+00:00 Przemyslaw Czarnowski przemyslaw.hawrylewicz.czarnowski@intel.com 2019-09-02T15:32:43+00:00 urn:sha1:e13c27606f49f70910eca01f0ee496e7e9a6b330 As continuation for VirtualMedia Redfish support, this patch adds insertion and eject actions into existing VirtualMedia code base. Testing: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, with logs enabled and Valgrind) - Manual result validation * Tests run: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item - GET/PUT/DELETE on action - POST on action - EjectMedia/InsertMedia, legacy mode - POST on action - InsertMedia, proxy mode - POST on action - input validation (empty, invalid URL), legacy mode * Redfish Service Validator tested, no new issues found. Change-Id: Icccc433c1e84bc2ac37d9c295fe72749187fb735 Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> 2020-01-27T09:52:18+00:00 Przemyslaw Czarnowski przemyslaw.hawrylewicz.czarnowski@intel.com 2019-07-11T08:16:43+00:00 urn:sha1:107077def176ad4a29557fae353de9bb00381ca9 This change adds VirtualMedia scheme to Redfish. Implementation is based on input from virtual-media module and nbd proxy which is a bmcweb part. The code is used only in case ndb-proxy is supported in bmcweb (BMCWEB_ENABLE_VM_NBDPROXY compilation flag). Tested: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, started with logs enabled and Valgrind - Manual result validation * Tests ran: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item * Redfish Service Validator tested, no new issues found. Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> Change-Id: I5415dc0ffe52069fd35bc614b0378bbc4ad41ff6 2020-01-22T21:33:26+00:00 Jason M. Bills jason.m.bills@linux.intel.com 2020-01-13T22:48:50+00:00 urn:sha1:4228a1609a9f9751604a1e636de11a34ed58b840 Redfish specifies only "OK", "Warning", and "Critical" as valid values for message severity, but some messages have a severity of "Error". This changes the incorrect "Error" severity values to "Critical". Tested: Checked that all severity values are "OK", "Warning", or "Critical". Passed the Redfish service validator. Change-Id: If65665c76915e1730e6ae12c36003242aa9a85c6 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com> 2020-01-17T17:45:52+00:00 jayaprakash Mutyala mutyalax.jayaprakash@intel.com 2019-12-24T19:15:58+00:00 urn:sha1:bc6be2376b4a5407e51deab72b1a4c8a1b7fd425 Updated "MemoryThermTrip" message entry for CPU Memory Thermal Trip events. Tested: 1. Redfish validator - passed for this new addition 2. Verified in Redfish, MemoryThermTrip message populated properly Redfish URI: GET: https://<BMC IP>/redfish/v1/Systems/system/LogServices/EventLog /Entries { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/ Entries/506", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:08:26+00:00", "EntryType": "Event", "Id": "506", "Message": "Memory ThermTrip asserted: CPU 1.", "MessageArgs": [ "CPU 1" ], "MessageId": "OpenBMC.0.1.MemoryThermTrip", "Name": "System Event Log Entry", "Severity": "Critical" } { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/ Entries/506_2", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:08:26+00:00", "EntryType": "Event", "Id": "506_2", "Message": "Memory ThermTrip asserted: CPU 2.", "MessageArgs": [ "CPU 2" ], "MessageId": "OpenBMC.0.1.MemoryThermTrip", "Name": "System Event Log Entry", "Severity": "Critical" } Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Signed-off-by: Chalapathi <chalapathix.venkataramashetty@intel.com> Change-Id: I89271d28012c7f01a6cc37e1ef35c7e15f5e9965 2020-01-08T03:53:10+00:00 Suryakanth Sekar suryakanth.sekar@linux.intel.com 2019-12-12T16:09:14+00:00 urn:sha1:8988dda41319950476ebb146df06c2e7b3fbf44d Message entry for BMC should detect the following intrusion or non-allowed configuration and log the security event with description. 1. Password storing hash algo changes from SHA2-256 to MD5 in Linux pwd file 2. When any user other than root has its UID set to 0 in Linux pwd file 3. When any unsupported shells (not bash or sh) are present in Linux pwd file 4. When the root user is assigned a password in Linux password file Tested: 1. Ran Redfish validator - passed for this new addition. { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75_1", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:01:15+00:00", "EntryType": "Event", "Id": "75_1", "Message": "weak password computing hash algorithm is enabled = MD5 Hash algorithm .", "MessageArgs": [ "MD5 Hash algorithm" ], "MessageId": "OpenBMC.0.1.SecurityUserWeakHashAlgoEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/240", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:04:00+00:00", "EntryType": "Event", "Id": "240", "Message": "other than /bin/bash,/bin/sh, Unsupported shell is enabled", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/246", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:04:06+00:00", "EntryType": "Event", "Id": "246", "Message": "Unsupported shell is removed", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellRemoved", "Name": "System Event Log Entry", "Severity": "OK" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/604", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:10:04+00:00", "EntryType": "Event", "Id": "604", "Message": "password computing hash algorithm is changed to sha256/sha512.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserHashAlgoChanged", "Name": "System Event Log Entry", "Severity": "OK" } { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:01:15+00:00", "EntryType": "Event", "Id": "75", "Message": "root user is enabled.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserRootEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1153", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:19:13+00:00", "EntryType": "Event", "Id": "1153", "Message": "uid Zero is assigned with non-root user", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserNonRootUidZeroAssigned", "Name": "System Event Log Entry", "Severity": "Critical" } Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com> Change-Id: I8a3a10be2cc85614baa7b0d2f56b3376c3301e01 2019-12-20T19:21:53+00:00 jayaprakash Mutyala mutyalax.jayaprakash@intel.com 2019-12-19T12:15:43+00:00 urn:sha1:7f68549fe40af716551e6de7db90bfb9fb5b8dd6 Added PowerSupplyConfigurationErrorRecovered message entry in openbmc_message_registry as it is required when PSU deassert event occurred. This is continuation of below patch. https://gerrit.openbmc-project.xyz/#/c/openbmc/dbus-sensors/+/27701/ Tested: 1. Verified redfish validator passed 2. verified in Redfish, PowerSupplyConfigurationErrorRecovered message populated properly Get: https://<BMC IP>/redfish/v1/Systems/system/LogServices/ EventLog/Entries { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/42519", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T11:48:39+00:00", "EntryType": "Event", "Id": "42519", "Message": "Power supply PSU2 configuration error recovered.", "MessageArgs": [ "PSU2" ], "MessageId": "OpenBMC.0.1.PowerSupplyConfigurationErrorRecovered", "Name": "System Event Log Entry", "Severity": "OK" }, Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: Ifef9d323241f49124df7b85f85d42041e7ecdf83 2019-12-20T03:02:40+00:00 Yong Li yong.b.li@linux.intel.com 2019-12-19T09:57:49+00:00 urn:sha1:9c6b0159a6d9f71d0bbc1301d1f605add3f91da3 Based on the spec, these PSU related logs should be warning. Tested: With two PSUs, remove one AC cable, and then remove the PSU, Check the PSU related log in https://$BMCIP/redfish/v1/Systems/system/LogServices/EventLog/Entries Signed-off-by: Yong Li <yong.b.li@linux.intel.com> Change-Id: Iebce710d7d003731cbb956738d8be212bf04ad0b 2019-12-17T18:57:38+00:00 AppaRao Puli apparao.puli@linux.intel.com 2019-12-16T14:05:39+00:00 urn:sha1:5eb2bef287eff01515671f07148393ceb9c5cad6 This commit contains bug fixes in readJson function call 1) Handled invalid double value which is leading to crash bmcweb. If user give string for double value key, its not handled in readJson which intern causes exception and crash. 2) If any of input types of floating_point, signed or unsigned int type values are provided with wrong type, it should return error, instead its returning 200 success response. Added code to return proper error response. Tested: - Tested invalid case by giving wrong type values in PATCH. URI: /redfish/v1/Chassis/WC_Baseboard/Thermal METHOD: Patch REQUEST: { "Fans": [ { "MemberId": "Fan_1a", "Reading": "200" } ] } RESPONSE: { "Reading@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The value \"200\" for the property Reading is of a different type than the property can accept.", "MessageArgs": [ "\"200\"", "Reading" ], "MessageId": "Base.1.4.0.PropertyValueTypeError", "Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.", "Severity": "Warning" } ] } - Also performed some positive and negative tests with other URI's. - Redfish validator ran successfully without any issue(No impact though) Change-Id: Ie98384e67a863ab96aa537f492a686b2c7ebb3a2 Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>