| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log the BMC kernel panic event into redfish.
Tested:
Trigger a kernel panic by "echo c > /proc/sysrq-trigger",
After BMC reboot, check the below message entry in
redfish/v1/Systems/system/LogServices/EventLog/Entries:
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/68627",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T19:03:47+00:00",
"EntryType": "Event",
"Id": "68627",
"Message": "BMC rebooted due to kernel panic.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.BMCKernelPanic",
"Name": "System Event Log Entry",
"Severity": "OK"
}
Signed-off-by: Yong Li <yong.b.li@linux.intel.com>
Change-Id: Ibc3075a48514b3288ba1a1b1fbe716f5e9deeb26
|
| |
|
|
|
|
|
|
|
|
|
| |
Right now there is no limit, so someone could attack
the bmc by adding a very large number of controllers.
Create a limit so this isn't possible.
Tested: Add / Remove functionality still works
Change-Id: Ib408293431250d93b0af71616a1668f6a3d0904a
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This puts a block in to return early if we are asked
to delete something we can't find on D-Bus. This code
path was creating a segfault, but theres no reason to
continue after we can't find an object we are asked to
delete, so we can just avoid it. Also clean up the end
iterator dereference so it doesn't happen in any other
path.
Tested: Segfault goes away
Change-Id: I33622e5e8ab09fba0681e4f86f4a7068f6ef0be7
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"GET" should be a "Login" Privilege for the AccountService
resource. This makes sense, a "Readonly" and "Operator" user
should be able to see properties like MaxPasswordLength and
MinPasswordLength since they are allowed to change their own
password.
This was changed in Redfish 2019.3, redfish issue 1914 explains
more.
From Redfish_1.0.4_PrivilegeRegistry.json:
"Entity": "AccountService",
"OperationMap": {
"GET": [
{
"Privilege": [
"Login"
]
}
],
"HEAD": [
{
"Privilege": [
"Login"
]
}
],
"PATCH": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"PUT": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"DELETE": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"POST": [
{
"Privilege": [
"ConfigureUsers"
]
}
]
Change-Id: Iab8acbac97a58aed865bf94f665d6c9a32de81dd
Tested: Build for Witherspoon and AccountService looks good.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make changes to update_schemas.py needed for the move and run
update_schemas.py.
old path (2019.2)
DSP8010_2019.2/DSP8010_2019.2/json-schema/MemoryMetrics.v1_1_2.json
DSP8010_2019.2/DSP8010_2019.2/openapi/Memory.v1_0_3.yaml
DSP8010_2019.2/DSP8010_2019.2/csdl/AccelerationFunction_v1.xml
new path (2019.3)
DSP8010_2019.3/csdl/Memory_v1.xml
DSP8010_2019.3/json-schema/UpdateService.v1_1_2.json
DSP8010_2019.3/openapi/Zone.v1_3_1.yaml
To see an overview of 2019.3 see
https://www.dmtf.org/sites/default/files/Redfish_Release_2019.3_Overview.pdf
Tested: Built bmcweb, loaded on a Witherspoon, and ran
the validator. No errors.
Change-Id: I0deaf88b884d65fffa31fcf66183ed61a930a073
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Map DeratingFactor from PowerSupplyAttributes.interface.yaml
to the Redfish property PowerSupply "EfficiencyPercent".
Only do this call when the "Power" schema is called.
Use the InventoryItem class introduced in
adc4f0db57568c5e5d2a3398fce00dbb050a3b72
Tested: Power, Thermal, all look good.
Passed the Redfish Validator.
"PowerSupplies": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerSupplies/0",
"EfficiencyPercent": 90,
"IndicatorLED": "Off",
"Manufacturer": "",
"MemberId": "powersupply0",
"Model": "2B1D",
"Name": "powersupply0",
"PartNumber": "01KL471",
"PowerInputWatts": 12.0,
"SerialNumber": "71G370",
"Status": {
"Health": "OK",
"State": "Enabled"
}
},
Change-Id: I344577a7a3d72cd37d5f6bab03edbdce13b9f764
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several Oem schemas have been added but the update_schemas.py
has not been updated. Added them to the update_schemas.py so
the static/redfish/v1/$metadata/index.xml is correctly
built by update_schemas.py.
This is needed to move us to 2019.3 and eventually 2019.4.
Ideally, we would not just have a bunch of
metadata_index.write to write the Oem schemas to
$metadata/index.xml but this will do for now.
https://github.com/openbmc/bmcweb/issues/32
is to improve this.
Tested: Ran update_schemas.py and loaded that image on a
Witherspoon and ran the validator. No errors.
Change-Id: Iade028e690c31e25a72503d9352bc75eb7ee58dc
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All other Oem Schemas start with Oem.
This is used by the update_schemas.py to determine an Oem
schema and is a reasonable requirement for Oem schemas.
https://github.com/openbmc/bmcweb/blob/a3268f98f308ca7c8660b1ace44d5b9a40be204b/scripts/update_schemas.py#L43
Tested: Ran the validator against this change on a Witherspoon
with BMCWEB_ENABLE_REDFISH_CPU_LOG enabled and OemCheck
true. Validator passed. Might be worth running on a
system that actually uses BMCWEB_ENABLE_REDFISH_CPU_LOG.
curl -k https://${bmc}/redfish/v1/Systems/system/LogServices/Crashdump
{
"@odata.context": "/redfish/v1/$metadata#LogService.LogService",
"@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump",
"@odata.type": "#LogService.v1_1_0.LogService",
"Actions": {
"#LogService.ClearLog": {
"target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/LogService.ClearLog"
},
"Oem": {
"#Crashdump.OnDemand": {
"target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/Crashdump.OnDemand"
}
}
},
"Description": "Oem Crashdump Service",
"Entries": {
"@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump/Entries"
},
"Id": "Oem Crashdump",
"MaxNumberOfRecords": 3,
"Name": "Open BMC Oem Crashdump Service",
"OverWritePolicy": "WrapsWhenFull"
}
Change-Id: Iacc11be1284b99c2ed9a6c2ca0a936bd97855afb
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Restrict bmcweb authentication to redfish group only. This
change makes sure that user without having redfish group user
is not authenticated to query the details, and login will fail.
Tested:
1.Verified by removing the redfish group role for a valid user
and confirmed redfish session establishment fails using postman.
Change-Id: Ie0c1c94a7ac4d218a502faba1d80c7b9fc2a7ca0
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently 'Updateable' property value in SoftwareInventory schema
is hardcoded. Added support to look through the updateable
software associations objects and use it for 'Updateable'
Redfish property in SoftwareInventory.
Tested:
- Checked 'Updateable' Property value for both
programmable and non-programmable firmware inventory
components and it works as expected.
- Ran the Redfish validator and no new issues found.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: Ia24f942f3afe49674ec3628cac0356a5496ef337
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Considering that the webui is no longer an "IBM" specific entity, and is
now the standard for the project, there's no need for this variable to
call it out explicitly. Update comment and variable name to be more
correct.
Tested: No functional change, only comments.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I2169876c38ccd558a3cfcfc61637720bd290b3ee
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enhances the return value from the pamAuthenticateUser function so
callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which
means the credentials are correct, but the password must be changed.
Tested: Yes, scenarios via both Redfish login and Basic Auth:
- correct username and password, password is not expired
- correct username and password, password is expired
- correct username and incorrect password, password is not expired
- correct username and incorrect password, password is expired
- non-existent user (passsword is not relevant)
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OEM Schema for VirtualMedia added.
Also OpenBMC level has been added to OEM field in the code to
conform to schema standard.
Tested:
Manually using full stack of VirtualMedia.
* Inserting/ejecting media in both legacy and proxy mode
* Redfish Service Validator 1.3.2 ran
Change-Id: Iaa87dd767a4bf2062bd4e74dd790a2496aca96de
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As continuation for VirtualMedia Redfish support, this patch adds
insertion and eject actions into existing VirtualMedia code base.
Testing:
* Manual tests together with nbd proxy and virtual media app
- For requests: Postman and/or HTTPie, with logs enabled and Valgrind)
- Manual result validation
* Tests run:
- GET on collection with manual validation
- PUT/POST/DELETE on collection
- GET on item/nonexistent item
- PUT/POST/DELETE on item
- GET/PUT/DELETE on action
- POST on action - EjectMedia/InsertMedia, legacy mode
- POST on action - InsertMedia, proxy mode
- POST on action - input validation (empty, invalid URL), legacy mode
* Redfish Service Validator tested, no new issues found.
Change-Id: Icccc433c1e84bc2ac37d9c295fe72749187fb735
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds VirtualMedia scheme to Redfish.
Implementation is based on input from virtual-media module
and nbd proxy which is a bmcweb part. The code is used
only in case ndb-proxy is supported in bmcweb
(BMCWEB_ENABLE_VM_NBDPROXY compilation flag).
Tested:
* Manual tests together with nbd proxy and virtual media app
- For requests: Postman and/or HTTPie, started with logs
enabled and Valgrind
- Manual result validation
* Tests ran:
- GET on collection with manual validation
- PUT/POST/DELETE on collection
- GET on item/nonexistent item
- PUT/POST/DELETE on item
* Redfish Service Validator tested, no new issues found.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Change-Id: I5415dc0ffe52069fd35bc614b0378bbc4ad41ff6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redfish specifies only "OK", "Warning", and "Critical" as valid
values for message severity, but some messages have a severity
of "Error".
This changes the incorrect "Error" severity values to "Critical".
Tested:
Checked that all severity values are "OK", "Warning", or "Critical".
Passed the Redfish service validator.
Change-Id: If65665c76915e1730e6ae12c36003242aa9a85c6
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present, the Crashdump.SendRawPeci redfish interface accepts one
PECI command at a time. Changed it to accept array of PECI commands
through which multiple PECI commands can be aggregated into one redfish
call. Also provided backward compatibility for existing single PECI
command input format.
Tested:
Tested by aggregating 1000 PECI commands in one redfish call.
Tested by giving single PECI command with the existing format.
Change-Id: I05c547438ce9833519807b39347223183bdfb4ed
Signed-off-by: Karthick Sundarrajan <karthick.sundarrajan@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated "MemoryThermTrip" message entry for CPU Memory
Thermal Trip events.
Tested:
1. Redfish validator - passed for this new addition
2. Verified in Redfish, MemoryThermTrip message populated properly
Redfish URI:
GET: https://<BMC IP>/redfish/v1/Systems/system/LogServices/EventLog
/Entries
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/
Entries/506",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:08:26+00:00",
"EntryType": "Event",
"Id": "506",
"Message": "Memory ThermTrip asserted: CPU 1.",
"MessageArgs": [
"CPU 1"
],
"MessageId": "OpenBMC.0.1.MemoryThermTrip",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/
Entries/506_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:08:26+00:00",
"EntryType": "Event",
"Id": "506_2",
"Message": "Memory ThermTrip asserted: CPU 2.",
"MessageArgs": [
"CPU 2"
],
"MessageId": "OpenBMC.0.1.MemoryThermTrip",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: Chalapathi <chalapathix.venkataramashetty@intel.com>
Change-Id: I89271d28012c7f01a6cc37e1ef35c7e15f5e9965
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes timeout issues when transfering bigger payloads
like update image.
Tested by uploading image:
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \
-X POST -T test.tar https://$bmc/upload/image
# slow connection upload (~10kB/s)
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \
-X POST -T test.tar https://$bmc/upload/image --limit-rate 10k
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: I913136013afb58c97071819288460f4cb64d0d83
|
| |
|
|
|
|
|
|
|
| |
This reverts commit a8086647b103f55116ce4c872e1455ebf1f3e346.
Reason for revert: Restoring commit c00500b as base for upload image issue fix
Change-Id: I1dd5d3fda2d1ee6f4027193a0506d5ca764b01e4
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a.
Reason: Makes image upload fail
Tested: Image upload works again
requests.post(
'https://{}/redfish/v1/UpdateService'.format(args.address),
data=file.read(), verify=False,
auth=(args.username, args.password))
Change-Id: Iaf780d052d98accdead32e87f468002f5141b19a
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Message entry for
BMC should detect the following intrusion or non-allowed configuration and
log the security event with description.
1. Password storing hash algo changes from SHA2-256 to MD5 in Linux pwd file
2. When any user other than root has its UID set to 0 in Linux pwd file
3. When any unsupported shells (not bash or sh) are present in Linux pwd file
4. When the root user is assigned a password in Linux password file
Tested:
1. Ran Redfish validator - passed for this new addition.
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75_1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:01:15+00:00",
"EntryType": "Event",
"Id": "75_1",
"Message": "weak password computing hash algorithm is enabled = MD5 Hash algorithm .",
"MessageArgs": [
"MD5 Hash algorithm"
],
"MessageId": "OpenBMC.0.1.SecurityUserWeakHashAlgoEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/240",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:00+00:00",
"EntryType": "Event",
"Id": "240",
"Message": "other than /bin/bash,/bin/sh, Unsupported shell is enabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/246",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:06+00:00",
"EntryType": "Event",
"Id": "246",
"Message": "Unsupported shell is removed",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellRemoved",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/604",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:10:04+00:00",
"EntryType": "Event",
"Id": "604",
"Message": "password computing hash algorithm is changed to sha256/sha512.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserHashAlgoChanged",
"Name": "System Event Log Entry",
"Severity": "OK"
}
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:01:15+00:00",
"EntryType": "Event",
"Id": "75",
"Message": "root user is enabled.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserRootEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1153",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:19:13+00:00",
"EntryType": "Event",
"Id": "1153",
"Message": "uid Zero is assigned with non-root user",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.SecurityUserNonRootUidZeroAssigned",
"Name": "System Event Log Entry",
"Severity": "Critical"
}
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: I8a3a10be2cc85614baa7b0d2f56b3376c3301e01
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some systems create a xyz.openbmc_project.Software.Version D-bus object
for reasons other then storing a FirmwareInventory object. For example
the phosphor-logging code can add it to a log to track what level of
code was running when a log was created. These should not show up in the
Redfish FirmwareInventory API.
Tested:
Before this change, 3 and 4 correlated to phosphor-logs on system
curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory",
"@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection",
"Members": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/4"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3b296352"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/e9b7a436"
}
],
"Members@odata.count": 5,
"Name": "Software Inventory Collection"
}
After:
Verified 3 and 4 were no longer returned in FirmwareInventory
curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory",
"@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection",
"Members": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/2d556644"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/7432374c"
}
],
"Members@odata.count": 3,
"Name": "Software Inventory Collection"
}
Ran Redfish validator and ensured no errors
Change-Id: I3e99fe7570b87b83f75918873267fb1587add182
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds the indicator property to Chassis Schema,
and moves the logic from systems.hpp to a common header
to share the code.
Tested: Passed the validator, was able to turn LED on
Change-Id: I79458a2a4656d7ddf2939bb9f56845eb6d9a27ca
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes:
- handling of virtual media unmount method
- cancels unix socket async accept upon early websocket closing
(reproduction with rapid start/stop button pressing or closing
websocket just after negotation msg from NBD server)
Tested:
- unmount method via WebUI
- unix socket accept cancellation - modified NBD server to close
websocket after sending negotation message & rapid start/stop button
pressing
Signed-off-by: Iwona Winiarska <iwona.winiarska@intel.com>
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: Ibcbb87a7e35cfbee8c8b4686f64c9090c66f0c17
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added PowerSupplyConfigurationErrorRecovered message entry in
openbmc_message_registry as it is required when PSU deassert event
occurred.
This is continuation of below patch.
https://gerrit.openbmc-project.xyz/#/c/openbmc/dbus-sensors/+/27701/
Tested:
1. Verified redfish validator passed
2. verified in Redfish, PowerSupplyConfigurationErrorRecovered message populated
properly
Get: https://<BMC IP>/redfish/v1/Systems/system/LogServices/
EventLog/Entries
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/42519",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T11:48:39+00:00",
"EntryType": "Event",
"Id": "42519",
"Message": "Power supply PSU2 configuration error recovered.",
"MessageArgs": [
"PSU2"
],
"MessageId": "OpenBMC.0.1.PowerSupplyConfigurationErrorRecovered",
"Name": "System Event Log Entry",
"Severity": "OK"
},
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ifef9d323241f49124df7b85f85d42041e7ecdf83
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Based on the spec, these PSU related logs should be warning.
Tested:
With two PSUs, remove one AC cable, and then remove the PSU,
Check the PSU related log in
https://$BMCIP/redfish/v1/Systems/system/LogServices/EventLog/Entries
Signed-off-by: Yong Li <yong.b.li@linux.intel.com>
Change-Id: Iebce710d7d003731cbb956738d8be212bf04ad0b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenBMC supports "System" or "bundled" images that contain two or more
firmware images, such as BMC and Host or PSU firmware, making the
resulting image file greater than the current limit of 30MB.
Make the http request body size configurable to allow bigger files to
be uploaded.
Tested:
- Upload a regular BMC image still works.
- Uploading a 50MB firmware image that contains the host fw fails:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
curl: (52) Empty reply from server
- With the "-DBMCWEB_HTTP_REQ_BODY_LIMIT_MB=128" compile option works:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
{
"data": "19e6fe13",
"message": "200 OK",
"status": "ok"
}
Change-Id: I0b0e1032c9daf00a01e42ac5ee1c0d979f857d5e
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes issue around Connection class and websockets
- controlling connection lifetime by shared_ptr instead of manual new/delete
- fixed memory leak when upgrading connection to websockets
- removed dangling reference to conn.req in websockets
- fixed lack of reponse for invalid websockets URLs
- fixed not working connections deadline timer
There is no noticable performance impact after switching connection management
to shared pointers. Benchmark results using: wrk https://${bmc}
shared_ptr: 144.29 Requests/sec
new/delete: 144.41 Requests/sec
Tested manually:
performance: wrk https://${bmc}
memory leaks: top
websockets: webui- KVM and VirtualMedia
HTTP GET on random Redfish schemas: postman
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: I63f7395ba081a68e7900eae2ed204acd50f58689
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit sets the mutual TLS option to ON by default.
Core mTLS implementation was accepted under this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23588
where by default the mTLS was disabled.
Tested:
Manual tests were made to verify if this option turns the
mTLS ON.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I3bc5f5453d4c4df1cd7ecb0b8868423285b6ab83
|
| |
|
|
|
|
|
|
|
|
| |
I now understand the router properly (as I did a while back). This call
is correct, as "/" and "" are considered the same by the router.
Tested: Comment change, no impact to code.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Ic6fc17f0e7137bbc3674c2290d10dcdba9b4ed18
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Through one of the refactors, webserver_common.hpp picked up an include
to itself, presumably when code was moved. This doesn't cause any ill
effects, but is cruft that can be cleaned up.
Tested:
Code compiles. No functional change to verify.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Ie901baa3cfd88decdbecbad01c6b577d92d2441b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use multiple regex calls to convert specific
fields to links. Rather than continuing to add new regex
calls for individual link types, we can use one regex to
convert all '/redfish/' paths to links.
Tested:
Checked that all provided redfish paths are converted to
links: odata.id, odata.context, nextLink, Uri, etc.
Change-Id: I2f06e2d5ee9b3d88141f1629f168b3667669d93f
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
Tested:
Can successfully load /redfish/v1/$metadata in Chrome.
Change-Id: Id591ae3c03ffe3889d7f61299454407a9e9f1c23
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit contains bug fixes in readJson function call
1) Handled invalid double value which is leading to crash
bmcweb. If user give string for double value key, its
not handled in readJson which intern causes exception
and crash.
2) If any of input types of floating_point, signed or unsigned
int type values are provided with wrong type, it should
return error, instead its returning 200 success response.
Added code to return proper error response.
Tested:
- Tested invalid case by giving wrong type values in PATCH.
URI: /redfish/v1/Chassis/WC_Baseboard/Thermal
METHOD: Patch
REQUEST:
{
"Fans": [
{
"MemberId": "Fan_1a",
"Reading": "200"
}
]
}
RESPONSE:
{
"Reading@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"200\" for the property Reading is of a different type than the property can accept.",
"MessageArgs": [
"\"200\"",
"Reading"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
- Also performed some positive and negative tests with other URI's.
- Redfish validator ran successfully without any issue(No impact though)
Change-Id: Ie98384e67a863ab96aa537f492a686b2c7ebb3a2
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Tested Redfish ConfigureSelf privilege
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57
|
| |
|
|
|
|
|
|
|
|
| |
redfish-logging-in-bmcweb.md is moving under architecture/ as part of
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/27960
27960 should merge before this is merged.
Change-Id: I761c6ad49d1838160371c46d8503b2e33d6bad4c
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new value will be used by javascript in phosphor-webui
to perform login-less authentication.
Tested:
Manually tests were performed on Chrome browser.
Having enabled and configured mTLS user is able
to authenticate with proper certificates.
The login page is not displayed unless user logs out.
Appropriate phosphor-webui changes can be found here:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-webui/+/27851
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Iac76459e1843a5c8bd2287c6e078319aebedfdcc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is a fix for revert:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27205
The mTLS will work only when:
* Compilation flag BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION is
enabled and,
* AccountService->Oem->OpenBMC->AuthMethods->TLS is set and,
* at least one certificate is uploaded to TrustStore.
To enforce a new mTLS settings after switching AuthMethods->TLS
all awaiting for acceptance connections are dropped.
In case of authorized mTLS requests a cookie with XSRF-TOKEN entry
and SESSION is added to response. It will force the X-XSRF-TOKEN
challenge in case of applications supporting cookies like web
browsers.
Also some minor log messages changes were made in this commit.
Tested:
validator_service run with status: 'Validation has succeeded'.
Tests were made with Chrome browser Version 78.0.3904.108.
The certificate popup appears only when mTLS is enabled in CMake,
the TLS option is set and at least one CA certificate is present.
In other cases mTLS is not active and there is no popup for certs.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I778b848b767356b60386694f802a89b3c1f6cb14
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support health status of firmware inventory objects based on the mapping
relationship:
[dbus status] [redfish state] [redfish health]
Ready Disabled OK
Activating Updating OK
Active Enabled OK
NotReady Disabled Warning
Invalid Disabled Warning
Failed Disabled Warning
Tested:
[dbus status] --> [redfish state] --> [redfish health]
1. Ready --> Disabled --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Ready",
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
2. Activating --> Updating --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Activating",
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Updating"
},
...
}
3. Active --> Enabled --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
"data": {
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Active",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
...
}
4. Invalid --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.Invalid
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Invalid",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
5. NotReady --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.NotReady
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.NotReady",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
6. Failed --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.Failed
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Failed",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
Validator tool result:
Counter({'pass': 2992, 'skipOptional': 2470, 'metadataNamespaces': 1605,
'passGet': 189, 'serviceNamespaces': 71, 'invalidPropertyValue': 10,
'warningPresent': 6, 'passAction': 6, 'optionalAction': 5, 'warnDeprecated':
2, 'unverifiedComplexAdditional': 1})
Validation has succeeded.
Change-Id: Ic475f56d19c0be01ca7aebf67a3f6814d35bcacd
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BMCWeb was using the "passwd" command PAM configuration settings when changing
the password. This changes it to use PAM service_name="webserver", the same
name it already uses for PAM authentication and account management functions.
Doing so allows the BMC system administrator to provide separate PAM config
files for the "passwd" command and BMCWeb's password changing function, and
for these activities to be correctly identified in the system logs.
Here is a sample incorrect log message (truncated & wrapped):
bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok]
flags=0xc000 service=[passwd] terminal=[<unknown>] user=[testuser]
ruser=[<unknown>] rhost=[<unknown>]
The "service" should be "webserver".
Tested: yes, password change successful
Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 5e931ae994307babe6c3520cbaca6a7139acc81d.
Reason for revert: Causing build failures
/bmcweb/redfish-core/include/node.hpp: In member function ‘bool redfish::Node::isAllowedWithoutConfigureSelf(const crow::Request&)’:
/bmcweb/redfish-core/include/node.hpp:182:36: error: ‘crow::persistent_data::UserRoleMap’ has not been declared
crow::persistent_data::UserRoleMap::getInstance().getUserRole(
When 900f949773795141266271107219ea019f2839cd was merged first
this patch was not successfully rebased.
Change-Id: I947d96362c7dadea5572888468a11fac5ee361d4
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Message entry for
1. At-Scale Debug session established and closed.
2. Whenever At-Scale Debug user is enabled or disabled
3. At-scalde Debug feature is enabled or disabled in platform
4. At-sclde Debug service is enabled or disabled
Tested:
1. Ran Redfish validator - passed for this new addition.
Log will be shown as below:
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:14+00:00",
"EntryType": "Event",
"Id": "254",
"Message": "At-Scale Debug Feature is enabled in hardware.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabledAtHardware",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254_1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:14+00:00",
"EntryType": "Event",
"Id": "254_1",
"Message": "At-Scale Debug service is started.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:30+00:00",
"EntryType": "Event",
"Id": "30630_2",
"Message": "At-scale-debug service is now connected 198.164.11.12",
"MessageArgs": [
"198.164.11.12"
],
"MessageId": "OpenBMC.0.1.AtScaleDebugConnected",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_3",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:30+00:00",
"EntryType": "Event",
"Id": "30630_3",
"Message": "At-scale-debug connection aborted/failed",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugConnectionFailed",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30629_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:29+00:00",
"EntryType": "Event",
"Id": "30629_2",
"Message": "At-scale-debug service is now disconnected",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugDisconnected",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/262",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:22+00:00",
"EntryType": "Event",
"Id": "262",
"Message": "At-Scale Debug special user is disabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserDisabled",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/154",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:02:34+00:00",
"EntryType": "Event",
"Id": "154",
"Message": "At-Scale Debug special user is enabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: Id5369c36547c4a5d7ae6f1f1dbd4dae8317a26d7
|
| |
|
|
|
|
|
|
|
|
| |
Exceptions are compiled out, and json.get throws, change
it to get_ptr.
Tested: no functional change
Change-Id: Ie2db7285b89b45b1fd61d8526561b772c85151b3
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Added a Redfish section about engaging the DMTF's Redfish working group
before adding a Redfish OEM schema or property.
See https://lists.ozlabs.org/pipermail/openbmc/2019-November/019571.html
Tested: https://jbt.github.io/markdown-editor/ and grammarly.com
Change-Id: I946483a90e34f63930a2cba047d14226d2da7583
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ifd813e1af4dfcb7aeaba18e04b6c9767d2a5e95a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added new state 'StandBySpare' for firmware inventory
objects. With this change firmware inventory ["Status"]["State"]
will be set to "StandBySpare" if the inventory item is
BackUp/Recovery image.
Tested:
- Did the GET on "/redfish/v1/UpdateService/FirmwareInventory/<backup image>"
Response:
....
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "StandbySpare"
}
.....
- Verifed GET on other inventory and works fine
- Successfully ran the Redfish validator.
Change-Id: I7094bb3a60a7fb8dc6564ee1d7a67480249423ac
Signed-off-by: Vikram Bodireddy <vikram.bodireddy@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege.
Redfish document DSP2046 defines the ConfigureSelf privilege as
"Can change the password for the current user account and log out of
their own sessions." This notion is formalized in the Redfish DSP8011
PrivilegeRegistry where ConfigureSelf appears in three operations:
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation.
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH
Password property override.
- Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation.
Tested: Yes, tested the above operations using users with various Roles to
determine which operations are allowed.
ReadOnly users (privileges: Login, ConfigureSelf):
- Can GET their own account.
- Can change their password.
- Can log out.
- Cannot change any other properties of their own account.
- Cannot change anyone else's password.
- Cannot GET someone else's account.
- Cannot log out anyone else.
Operator users (privileges: Login, ConfigureComponents, ConfigureSelf):
- Same access as a ReadOnly user.
Administrator users (all privileges):
- Can do everything Operator can do.
- Can change one or more properties of their account
- Can GET and change properties of someone else's account.
- Can logoff any session.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issue: NoAccess user able to get the Systems/system in Redfish
Fix: Added privilege check for NoAccess
Tested:
1. Verified redfish validator passed
2. Verified NoAccess privilege user on Redfish for /Systems/system url
GET: https://<BMC IP>/redfish/v1/Systems/system
Result: Status is 403 Forbidden
Body log: Forbidden
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ib0ccb3382a9c33608ef354f1e545c328aec40179
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Tested by:
Request: Creating session with wrong credential.
curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions
-d '{"UserName":"root", "Password":"penBmc"}'
Resonse Error code: HTTP/1.1 401 Unauthorized
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I9c7b0af644f1e3d987b4f76e4206bbb276aba035
|
