summaryrefslogtreecommitdiffstats
path: root/redfish-core/include
Commit message (Collapse)AuthorAgeFilesLines
* Add message entry for BMC kernel panic eventHEADmasterYong Li2020-02-111-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | Log the BMC kernel panic event into redfish. Tested: Trigger a kernel panic by "echo c > /proc/sysrq-trigger", After BMC reboot, check the below message entry in redfish/v1/Systems/system/LogServices/EventLog/Entries: { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/68627", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T19:03:47+00:00", "EntryType": "Event", "Id": "68627", "Message": "BMC rebooted due to kernel panic.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.BMCKernelPanic", "Name": "System Event Log Entry", "Severity": "OK" } Signed-off-by: Yong Li <yong.b.li@linux.intel.com> Change-Id: Ibc3075a48514b3288ba1a1b1fbe716f5e9deeb26
* Add support to fetch the 'Updateable' componentsAppaRao Puli2020-02-031-6/+55
| | | | | | | | | | | | | | | | Currently 'Updateable' property value in SoftwareInventory schema is hardcoded. Added support to look through the updateable software associations objects and use it for 'Updateable' Redfish property in SoftwareInventory. Tested: - Checked 'Updateable' Property value for both programmable and non-programmable firmware inventory components and it works as expected. - Ran the Redfish validator and no new issues found. Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: Ia24f942f3afe49674ec3628cac0356a5496ef337
* InsertMedia and EjectMedia actions added to VirtualMedia schemaPrzemyslaw Czarnowski2020-01-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | As continuation for VirtualMedia Redfish support, this patch adds insertion and eject actions into existing VirtualMedia code base. Testing: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, with logs enabled and Valgrind) - Manual result validation * Tests run: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item - GET/PUT/DELETE on action - POST on action - EjectMedia/InsertMedia, legacy mode - POST on action - InsertMedia, proxy mode - POST on action - input validation (empty, invalid URL), legacy mode * Redfish Service Validator tested, no new issues found. Change-Id: Icccc433c1e84bc2ac37d9c295fe72749187fb735 Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
* Add VirtualMedia schema to RedfishPrzemyslaw Czarnowski2020-01-271-0/+7
| | | | | | | | | | | | | | | | | | | | | | | This change adds VirtualMedia scheme to Redfish. Implementation is based on input from virtual-media module and nbd proxy which is a bmcweb part. The code is used only in case ndb-proxy is supported in bmcweb (BMCWEB_ENABLE_VM_NBDPROXY compilation flag). Tested: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, started with logs enabled and Valgrind - Manual result validation * Tests ran: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item * Redfish Service Validator tested, no new issues found. Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> Change-Id: I5415dc0ffe52069fd35bc614b0378bbc4ad41ff6
* Correct Redfish message severity valuesJason M. Bills2020-01-221-20/+20
| | | | | | | | | | | | | | | Redfish specifies only "OK", "Warning", and "Critical" as valid values for message severity, but some messages have a severity of "Error". This changes the incorrect "Error" severity values to "Critical". Tested: Checked that all severity values are "OK", "Warning", or "Critical". Passed the Redfish service validator. Change-Id: If65665c76915e1730e6ae12c36003242aa9a85c6 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* msg_registry: updated MemoryThermTrip msg entryjayaprakash Mutyala2020-01-171-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated "MemoryThermTrip" message entry for CPU Memory Thermal Trip events. Tested: 1. Redfish validator - passed for this new addition 2. Verified in Redfish, MemoryThermTrip message populated properly Redfish URI: GET: https://<BMC IP>/redfish/v1/Systems/system/LogServices/EventLog /Entries { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/ Entries/506", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:08:26+00:00", "EntryType": "Event", "Id": "506", "Message": "Memory ThermTrip asserted: CPU 1.", "MessageArgs": [ "CPU 1" ], "MessageId": "OpenBMC.0.1.MemoryThermTrip", "Name": "System Event Log Entry", "Severity": "Critical" } { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/ Entries/506_2", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:08:26+00:00", "EntryType": "Event", "Id": "506_2", "Message": "Memory ThermTrip asserted: CPU 2.", "MessageArgs": [ "CPU 2" ], "MessageId": "OpenBMC.0.1.MemoryThermTrip", "Name": "System Event Log Entry", "Severity": "Critical" } Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Signed-off-by: Chalapathi <chalapathix.venkataramashetty@intel.com> Change-Id: I89271d28012c7f01a6cc37e1ef35c7e15f5e9965
* bmcweb: Message entry for user security EventSuryakanth Sekar2020-01-081-1/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Message entry for BMC should detect the following intrusion or non-allowed configuration and log the security event with description. 1. Password storing hash algo changes from SHA2-256 to MD5 in Linux pwd file 2. When any user other than root has its UID set to 0 in Linux pwd file 3. When any unsupported shells (not bash or sh) are present in Linux pwd file 4. When the root user is assigned a password in Linux password file Tested: 1. Ran Redfish validator - passed for this new addition. { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75_1", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:01:15+00:00", "EntryType": "Event", "Id": "75_1", "Message": "weak password computing hash algorithm is enabled = MD5 Hash algorithm .", "MessageArgs": [ "MD5 Hash algorithm" ], "MessageId": "OpenBMC.0.1.SecurityUserWeakHashAlgoEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/240", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:04:00+00:00", "EntryType": "Event", "Id": "240", "Message": "other than /bin/bash,/bin/sh, Unsupported shell is enabled", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/246", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:04:06+00:00", "EntryType": "Event", "Id": "246", "Message": "Unsupported shell is removed", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellRemoved", "Name": "System Event Log Entry", "Severity": "OK" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/604", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:10:04+00:00", "EntryType": "Event", "Id": "604", "Message": "password computing hash algorithm is changed to sha256/sha512.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserHashAlgoChanged", "Name": "System Event Log Entry", "Severity": "OK" } { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:01:15+00:00", "EntryType": "Event", "Id": "75", "Message": "root user is enabled.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserRootEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1153", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:19:13+00:00", "EntryType": "Event", "Id": "1153", "Message": "uid Zero is assigned with non-root user", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SecurityUserNonRootUidZeroAssigned", "Name": "System Event Log Entry", "Severity": "Critical" } Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com> Change-Id: I8a3a10be2cc85614baa7b0d2f56b3376c3301e01
* msg_registry:Added PowerSupplyConfigErrRecoveredjayaprakash Mutyala2019-12-201-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added PowerSupplyConfigurationErrorRecovered message entry in openbmc_message_registry as it is required when PSU deassert event occurred. This is continuation of below patch. https://gerrit.openbmc-project.xyz/#/c/openbmc/dbus-sensors/+/27701/ Tested: 1. Verified redfish validator passed 2. verified in Redfish, PowerSupplyConfigurationErrorRecovered message populated properly Get: https://<BMC IP>/redfish/v1/Systems/system/LogServices/ EventLog/Entries { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/42519", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T11:48:39+00:00", "EntryType": "Event", "Id": "42519", "Message": "Power supply PSU2 configuration error recovered.", "MessageArgs": [ "PSU2" ], "MessageId": "OpenBMC.0.1.PowerSupplyConfigurationErrorRecovered", "Name": "System Event Log Entry", "Severity": "OK" }, Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: Ifef9d323241f49124df7b85f85d42041e7ecdf83
* Adjust the PSU related log levelYong Li2019-12-201-4/+4
| | | | | | | | | | | | Based on the spec, these PSU related logs should be warning. Tested: With two PSUs, remove one AC cable, and then remove the PSU, Check the PSU related log in https://$BMCIP/redfish/v1/Systems/system/LogServices/EventLog/Entries Signed-off-by: Yong Li <yong.b.li@linux.intel.com> Change-Id: Iebce710d7d003731cbb956738d8be212bf04ad0b
* Fix: bug fixes in readJsonAppaRao Puli2019-12-171-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit contains bug fixes in readJson function call 1) Handled invalid double value which is leading to crash bmcweb. If user give string for double value key, its not handled in readJson which intern causes exception and crash. 2) If any of input types of floating_point, signed or unsigned int type values are provided with wrong type, it should return error, instead its returning 200 success response. Added code to return proper error response. Tested: - Tested invalid case by giving wrong type values in PATCH. URI: /redfish/v1/Chassis/WC_Baseboard/Thermal METHOD: Patch REQUEST: { "Fans": [ { "MemberId": "Fan_1a", "Reading": "200" } ] } RESPONSE: { "Reading@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The value \"200\" for the property Reading is of a different type than the property can accept.", "MessageArgs": [ "\"200\"", "Reading" ], "MessageId": "Base.1.4.0.PropertyValueTypeError", "Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.", "Severity": "Warning" } ] } - Also performed some positive and negative tests with other URI's. - Redfish validator ran successfully without any issue(No impact though) Change-Id: Ie98384e67a863ab96aa537f492a686b2c7ebb3a2 Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
* Fix authorization for LDAP usersRAJESWARAN THILLAIGOVINDAN2019-12-171-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Modified the code to make an asynchronous call to GetUserInfo to get the user role for authorization. For local users, DBus matches are used to store user role map hot in memory. Hence, bmcweb has to know whether a user is a local user or LDAP user to get the role. To avoid this, removed the existing DBus matches and modified the code to call GetUserInfo to get the role of local users as well as LDAP users. Tested: - Created a local user having admin privilege and verified that he is able to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a local user having user privilege and verified that he is unauthorized to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a remote user having admin privilege and verified that he is able to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a remote user having user privilege and verified that he is unauthorized to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Tested Redfish ConfigureSelf privilege Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com> Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57
* Redfish: Support health status of firmware inventory objectsCarol Wang2019-12-121-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support health status of firmware inventory objects based on the mapping relationship: [dbus status] [redfish state] [redfish health] Ready Disabled OK Activating Updating OK Active Enabled OK NotReady Disabled Warning Invalid Disabled Warning Failed Disabled Warning Tested: [dbus status] --> [redfish state] --> [redfish health] 1. Ready --> Disabled --> OK $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/9557fe67": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Ready", ... } $curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67", ... "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Disabled" }, ... } 2. Activating --> Updating --> OK $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/9557fe67": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Activating", ... } $curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67", ... "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Updating" }, ... } 3. Active --> Enabled --> OK $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { "data": { "/xyz/openbmc_project/software/9557fe67": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Active", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67", ... "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Enabled" }, ... } 4. Invalid --> Disabled --> Warning # busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \ org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \ xyz.openbmc_project.Software.Activation.Activations.Invalid $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/c0bbba12": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Invalid", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12", ... "Status": { "Health": "Warning", "HealthRollup": "OK", "State": "Disabled" }, ... } 5. NotReady --> Disabled --> Warning # busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \ org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \ xyz.openbmc_project.Software.Activation.Activations.NotReady $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/c0bbba12": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.NotReady", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12", ... "Status": { "Health": "Warning", "HealthRollup": "OK", "State": "Disabled" }, ... } 6. Failed --> Disabled --> Warning # busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \ org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \ xyz.openbmc_project.Software.Activation.Activations.Failed $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/c0bbba12": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Failed", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12", ... "Status": { "Health": "Warning", "HealthRollup": "OK", "State": "Disabled" }, ... } Validator tool result: Counter({'pass': 2992, 'skipOptional': 2470, 'metadataNamespaces': 1605, 'passGet': 189, 'serviceNamespaces': 71, 'invalidPropertyValue': 10, 'warningPresent': 6, 'passAction': 6, 'optionalAction': 5, 'warnDeprecated': 2, 'unverifiedComplexAdditional': 1}) Validation has succeeded. Change-Id: Ic475f56d19c0be01ca7aebf67a3f6814d35bcacd Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
* bmcweb: Message entry for At-Scale Debug EventSuryakanth Sekar2019-12-101-1/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Message entry for 1. At-Scale Debug session established and closed. 2. Whenever At-Scale Debug user is enabled or disabled 3. At-scalde Debug feature is enabled or disabled in platform 4. At-sclde Debug service is enabled or disabled Tested: 1. Ran Redfish validator - passed for this new addition. Log will be shown as below: { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:04:14+00:00", "EntryType": "Event", "Id": "254", "Message": "At-Scale Debug Feature is enabled in hardware.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabledAtHardware", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254_1", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:04:14+00:00", "EntryType": "Event", "Id": "254_1", "Message": "At-Scale Debug service is started.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_2", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T08:30:30+00:00", "EntryType": "Event", "Id": "30630_2", "Message": "At-scale-debug service is now connected 198.164.11.12", "MessageArgs": [ "198.164.11.12" ], "MessageId": "OpenBMC.0.1.AtScaleDebugConnected", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_3", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T08:30:30+00:00", "EntryType": "Event", "Id": "30630_3", "Message": "At-scale-debug connection aborted/failed", "MessageArgs": [], "MessageId": "OpenBMC.0.1.AtScaleDebugConnectionFailed", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30629_2", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T08:30:29+00:00", "EntryType": "Event", "Id": "30629_2", "Message": "At-scale-debug service is now disconnected", "MessageArgs": [], "MessageId": "OpenBMC.0.1.AtScaleDebugDisconnected", "Name": "System Event Log Entry", "Severity": "OK" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/262", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:04:22+00:00", "EntryType": "Event", "Id": "262", "Message": "At-Scale Debug special user is disabled", "MessageArgs": [], "MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserDisabled", "Name": "System Event Log Entry", "Severity": "OK" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/154", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:02:34+00:00", "EntryType": "Event", "Id": "154", "Message": "At-Scale Debug special user is enabled", "MessageArgs": [], "MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserEnabled", "Name": "System Event Log Entry", "Severity": "Critical" }, Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com> Change-Id: Id5369c36547c4a5d7ae6f1f1dbd4dae8317a26d7
* Adding StandBySpare state for firmware inventoryVikram Bodireddy2019-12-061-0/+5
| | | | | | | | | | | | | | | | | | | | | | | Added new state 'StandBySpare' for firmware inventory objects. With this change firmware inventory ["Status"]["State"] will be set to "StandBySpare" if the inventory item is BackUp/Recovery image. Tested: - Did the GET on "/redfish/v1/UpdateService/FirmwareInventory/<backup image>" Response: .... "Status": { "Health": "OK", "HealthRollup": "OK", "State": "StandbySpare" } ..... - Verifed GET on other inventory and works fine - Successfully ran the Redfish validator. Change-Id: I7094bb3a60a7fb8dc6564ee1d7a67480249423ac Signed-off-by: Vikram Bodireddy <vikram.bodireddy@linux.intel.com>
* bmcweb: Handle ConfigureSelf privilegeJoseph Reynolds2019-12-062-15/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege. Redfish document DSP2046 defines the ConfigureSelf privilege as "Can change the password for the current user account and log out of their own sessions." This notion is formalized in the Redfish DSP8011 PrivilegeRegistry where ConfigureSelf appears in three operations: - ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation. - ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH Password property override. - Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation. Tested: Yes, tested the above operations using users with various Roles to determine which operations are allowed. ReadOnly users (privileges: Login, ConfigureSelf): - Can GET their own account. - Can change their password. - Can log out. - Cannot change any other properties of their own account. - Cannot change anyone else's password. - Cannot GET someone else's account. - Cannot log out anyone else. Operator users (privileges: Login, ConfigureComponents, ConfigureSelf): - Same access as a ReadOnly user. Administrator users (all privileges): - Can do everything Operator can do. - Can change one or more properties of their account - Can GET and change properties of someone else's account. - Can logoff any session. Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
* privileges: Added noAccess privilege checkjayaprakash Mutyala2019-12-061-1/+7
| | | | | | | | | | | | | | | | Issue: NoAccess user able to get the Systems/system in Redfish Fix: Added privilege check for NoAccess Tested: 1. Verified redfish validator passed 2. Verified NoAccess privilege user on Redfish for /Systems/system url GET: https://<BMC IP>/redfish/v1/Systems/system Result: Status is 403 Forbidden Body log: Forbidden Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: Ib0ccb3382a9c33608ef354f1e545c328aec40179
* Redfish: Implement ResetBios actionCarol Wang2019-12-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This action resets the BIOS attributes to default. Tested: GET test: 1. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system { ... "Bios": { "@odata.id": "/redfish/v1/Systems/system/Bios" }, ... } 2. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/Bios { "@odata.id": "/redfish/v1/Systems/system/Bios", "@odata.type": "#Bios.v1_1_0.Bios", "Actions": { "#Bios.ResetBios": { "target": "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios" } }, "Description": "BIOS Configuration Service", "Id": "BIOS", "Name": "BIOS Configuration" } POST test: 1. Change gard list: # ./gard list No GARD entries to display # ./gard create /Sys0/Node0/Proc1/EQ1/EX1/Core0 # ./gard list ID | Error | Type | Path ----------------------------------------------------------------------- 00000001 | 00000000 | Manual | /Sys0/Node0/Proc1/EQ1/EX1/Core0 ======================================================================= 2. Reset bios: # curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios 3. Check gard list again: # ./gard list No GARD entries to display Validator tool test: Counter({'pass': 3001, 'skipOptional': 2475, 'metadataNamespaces': 1605, 'passGet': 191, 'serviceNamespaces': 72, 'invalidPropertyValue': 10, 'passAction': 7, 'optionalAction': 6, 'warningPresent': 6, 'warnDeprecated': 2, 'unverifiedComplexAdditional': 1}) Validation has succeeded. Signed-off-by: Carol Wang <wangkair@cn.ibm.com> Change-Id: I0cba966bfde04566001b6df07ad15217f627c327
* Add constexpr to registriesEd Tanous2019-11-122-2/+2
| | | | | | | | | | | Because these structures are known at compile time, they can be constexpr with no ill effect. Tested: Code compiles, clang-tidy checks pass no functional change. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Signed-off-by: James Feist <james.feist@linux.intel.com> Change-Id: Id78e3638b3dddd740f1a22e22d17fb0d6f8437d3
* Register redfish logChen,Yugang2019-11-071-1/+28
| | | | | | | | | | | | | Need to Log security event for enabling uart-port-debug, P2A-bridge and BMC 2nd boot flash to redfish. tested: By settng the SCU registers for uart-port-debug disable bit, P2A-bridge enable bit and BMC 2nd boot flash enable bit, trigger security events, can see their redfish log. Change-Id: I75a7ed679c6b20d454a831e52d96dea30eea22bd Signed-off-by: Chen,Yugang <yugang.chen@linux.intel.com>
* Add Drive Error Registry MessageJames Feist2019-11-061-1/+11
| | | | | | | | | | | | | | | | | | | | This allows logging of drive errors. Tested: "DriveError": { "Description": "Indicates that a Drive Error occurred of the specified type or cause.", "Message": "Drive Error Occurred: %1.", "NumberOfArgs": 1, "ParamTypes": [ "string" ], "Resolution": "None.", "Severity": "Warning" } Change-Id: Ic97611e26710f57b09a7f89e0470f1277f710d5d Signed-off-by: James Feist <james.feist@linux.intel.com>
* Added registry entries for Platform firmware eventAppaRao Puli2019-11-041-2/+133
| | | | | | | | | | | | | | | | | | | Added message registry entries for logging platform firmware error, panic events and recovery events w.r.t specific components like BMC, BIOS, ME and CPLD ROT. These are useful for logging error/events, when the platform firmware components Like BMC, BIOS, ME and CPLD are compromised and automatic recovery actions are triggered. E.g: Can be used if BIOS/BMC or any platform firmware primary image boot failed, and secondary image is loaded. Tested: Using below URI and Method, verified the registry entries. URI: /redfish/v1/Registries/OpenBMC/OpenBMC METHOD: GET Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: Id797dafe6b88ac69ea0fde27ae45980610e29620
* bmcweb: Message entry for system interface modesRichard Marian Thomaiyar2019-10-301-1/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Message entry added for system interface mode (restriction mode), which is part of xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml. These message entries are used to indicate system interface restricted command excecution after BIOS POST. Tested: 1. Redfish validator - passed for this new addition 2. Log will be as below { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/184", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:03:04+00:00", "EntryType": "Event", "Id": "184", "Message": "The system interface is in the unprovisioned state.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SystemInterfaceUnprovisioned", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/198", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:03:18+00:00", "EntryType": "Event", "Id": "198", "Message": "The system interface is in the whitelist provisioned state.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SystemInterfaceWhitelistProvisioned", "Name": "System Event Log Entry", "Severity": "Warning" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/204", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:03:24+00:00", "EntryType": "Event", "Id": "204", "Message": "The system interface is in the disabled provisioned state.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.SystemInterfaceDisabledProvisioned", "Name": "System Event Log Entry", "Severity": "OK" } Change-Id: I0e5496c50280f4614d08182b7b13136d254e1d40 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
* Update to Chassis 1.10 and add PCIeDeviceCollection supportJason M. Bills2019-10-291-0/+1
| | | | | | | | | | | | v1.10 of Chassis adds a PCIeDeviceCollection. This change adds support for the PCIeDeviceCollection and references it from Chassis. Tested: Passed the Redfish Service Validator. Change-Id: If3bb75f4fa90a9df4a2a94a7c7e0bcaf37673723 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Add support for LogService.ClearLog to CrashdumpJason M. Bills2019-10-291-0/+1
| | | | | | | | | | | | Tested: Used Postman to send the LogService.ClearLog action on Crashdump and verified that the existing logs were cleared and the next new log started at ID 0. Passed the Redfish Service Validator. Change-Id: I9b895b3d2e1865add42e4c35c77f55c8832385da Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Enable autoexpand on the Crashdump LogEntryCollectionJason M. Bills2019-10-291-0/+1
| | | | | | | | | | | | | | | The current Crashdump LogEntry contains non-standard properties and could be very large causing problems for autoexpand. This change uses a LogEntry OEM type to specify a URI where the full log can be retrieved and enables autoexpand on the LogEntryCollection. Tested: Passed the Redfish Service Validator. Change-Id: I6a402d216e6d8228ea2825ab4c6d02b9c8023fc5 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* bmcweb: Message entry for Manufacturing modeRichard Marian Thomaiyar2019-10-291-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Message entry added for manufacturing mode entry and exit, which is part of special mode property as defined in xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml. These message entries are used to indicate whenever SpecialMode state of the BMC is updated from normal value and manufacturing mode and vice versa Tested: 1. Redfish validator - passed for this new addition 2. Log will be as below { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/317", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:05:17+00:00", "EntryType": "Event", "Id": "317", "Message": "Entered Manufacturing Mode.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.ManufacturingModeEntered", "Name": "System Event Log Entry", "Severity": "Critical" }, { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/899", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "1970-01-01T00:14:59+00:00", "EntryType": "Event", "Id": "899", "Message": "Exited Manufacturing Mode.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.ManufacturingModeExited", "Name": "System Event Log Entry", "Severity": "OK" } Change-Id: I182eeedb6860a3abcd4054caa431150ed073fbad Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
* Add Storage SchemaNikhil Potade2019-10-231-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This takes the original commit below and updates it so that it passes the validatior, and provides the Status attribute in redfish when appropriate. Tested: Passed the validator { "@odata.context": "/redfish/v1/$metadata#Drive.Drive", "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_2", "@odata.type": "#Drive.v1_2_0.Drive", "Id": "Drive_2", "Manufacturer": "INTEL", "Model": "P4800X", "Name": "Drive_2", "PartNumber": "INTEL SSDPE21K375GA", "SerialNumber": "PHKE722600NL375AGN", "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Enabled" } } Original Commit Message: ------------------------------------------------------------------- Add Storage Schema for NVMe on Redfish This provides an implementation for the Get methods for the Storage schemas using following classes : - StorageCollection - Storage Tested: - Ran Redfish Service Validator to verify no issues are reported. - Tested that the NVMe drives in the system show up and proper fields are populated with appropriate data. - Tested with no drives present. Made sure the Storage interface shows no drives and Drive interface returns error message. Change-Id: Id0306ea413ac16a993110bb1a36cd95d939cff71 Signed-off-by: Nikhil Potade <nikhil.potade@linux.intel.com> Signed-off-by: James Feist <james.feist@linux.intel.com>
* Update to PCIeDevices 1.4 and add PCIeFunctionCollection supportJason M. Bills2019-10-221-0/+1
| | | | | | | | | | | | v1.4 of PCIe Devices changed from an array of Links to PCIeFunctions to a PCIeFunctionCollection. This change adds support for the PCIeFunctionCollection and references it from the PCIeDevices. Tested: Passed the Redfish Service Validator. Change-Id: I76f0265c588b52bd02a35bf669ae6edacfb6c2a4 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* bmcweb: fix "Clear Event Logs" functionality behavior in System logs page on ↵Tim Lee2019-10-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | WebUI When BMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES option set to ON that means bmcweb will look to phosphor-logging for any D-Bus log entries. These will then be translated to Redfish EventLog Entries. Thus, we can see those Redfish Eventlog Entries when select "Event" system log type in System logs page. However, when this option set to ON, the "Clear Event Logs" functionality still clear /var/log/redfish file instead of clear log through xyz.openbmc_project.Collection.DeleteAll interface by DeleteAll action. It should to clear D-Bus log entries when BMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES option is ON. Thus, we provide our modification for correct this functionality behavior. Tested by: Nuvoton NPCM750 EVB and RunBMC Olympus platforms in WebUI. when BMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES option is ON to clear D-Bus log entries, and when option is OFF to clear /var/log/redfish log entries. Signed-off-by: Tim Lee <timlee660101@gmail.com> Change-Id: I71445806ae5a79c2c0622908f7ac60daaa2119b8 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Make references to crow less obviousEd Tanous2019-10-184-6/+6
| | | | | | | | | | | | | | | | | Recently, a number of people in the community have made the (admittedly easy) mistake that we use a significant portion of crow. Today, we use crow for the router, and the "app" structure, and even those have been significantly modified to meet the bmc needs. All other components have been replaced with Boost beast. This commit removes the crow mentions from the Readme, and moves the crow folder to "http" to camouflage it a little. No code content has changed. Tested: Code compiles. No functional change made to any executable code. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: Iceb57b26306cc8bdcfc77f3874246338864fd118
* Correct message entry orderQiang XU2019-10-181-45/+43
| | | | | | | | | | | All messages are ordered in alphabetical with MessageID. Correct message of physical security to right place. Tested: The LAN lost message is correct when unplug network cable of dedicate NIC Change-Id: If1e2c6aca45f393690de743acbe927957ecedee3 Signed-off-by: Qiang XU <qiang.xu@linux.intel.com>
* Fix state property on firmware propertiesEd Tanous2019-10-111-0/+1
| | | | | | | | | | | | | In the case of non-updatable firmware entities, the State variable was not getting populated due to a poorly handled error condition. This resolves it, and assumes non-updatable entities are just "Enabled" Tested: Need help here. I'm not able to reproduce the original issue on my system, so need someone else to test that this resolves it. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: Ibd5db741cb8b0b2451a04fe14157dc1d3cbbcc03
* Fix a bunch of warningsEd Tanous2019-10-107-2160/+1941
| | | | | | | | | | | | | | | using the list of warnings from here: https://github.com/lefticus/cppbestpractices/blob/e73393f25a85f83fed7399d8b65cb117d00b2231/02-Use_the_Tools_Available.md#L100 Seems like a good place to start, and would improve things a bit type-wise. This patchset attempts to correct all the issues in one shot. Tested: It builds. Will test various subsystems that have been touched Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: I588c26440e5a97f718a0f0ea74cc84107d53aa1e
* SoftwareInventory: Catch more interfacesJames Feist2019-10-101-4/+1
| | | | | | | | | | Expand the path to a larger namespace, and allow non updateable interfaces to not error out. Tested: More interfaces appeared without error Change-Id: I4a6e3092c868cb5f3fe66401269d5c99f69328c8 Signed-off-by: James Feist <james.feist@linux.intel.com>
* Revert "Add Storage Schema for NVMe on Redfish"Ed Tanous2019-10-021-4/+0
| | | | | | | | | | This reverts commit e56c7b7092298c609831a65bcc8c21e62d422ba7. Reason for revert: /redfish/v1/Systems/1 returns no result. This should've been flagged in service validator, but the commit mentions that test was run, so it's not clear how this was missed. Reverting for a moment until we can determine what happened. Change-Id: I276d4cd239adb87b77264bc65ab4856705274ff0
* Add Storage Schema for NVMe on RedfishNikhil Potade2019-09-301-0/+4
| | | | | | | | | | | | | | | | | This provides an implementation for the Get methods for the Storage schemas using following classes : - StorageCollection - Storage Tested: - Ran Redfish Service Validator to verify no issues are reported. - Tested that the NVMe drives in the system show up and proper fields are populated with appropriate data. - Tested with no drives present. Made sure the Storage interface shows no drives and Drive interface returns error message. Signed-off-by: Nikhil Potade <nikhil.potade@linux.intel.com> Change-Id: I9fa9f4cd69fe07cde15604c5405a6987774065fd
* bmcweb: Implement SensorCollectionAnthony Wilson2019-09-241-0/+4
| | | | | | | | | | | Add collection of all power and current sensors. Testing: Verified SensorCollection and Sensor output on a Witherspoon system. Verified no errors from RedfishServiceValidator. Change-Id: Icfdc14d738bf037d5d599a3c6fc0be5ea0919929 Signed-off-by: Anthony Wilson <wilsonan@us.ibm.com>
* Add Power Unit Redundancy LogCheng C Yang2019-09-231-0/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add Power Unit Redundancy Redfish Log. Tested: Tested: When there are two PSU on the sytem, remove one AC cable on PSU. Then bellow Redfish log will be created. { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/ 1568504619_1", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "2019-09-14T23:43:39+00:00", "EntryType": "Event", "Id": "1568504619_1", "Message": "Power Unit Nonredundant but has sufficient resource.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.PowerUnitNonRedundantSufficient", "Name": "System Event Log Entry", "Severity": "Warning" }, Plug in the AC cable again, the Redfish log will show { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/ 1568504628", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "2019-09-14T23:43:48+00:00", "EntryType": "Event", "Id": "1568504628", "Message": "Power Unit Redundancy regained.", "MessageArgs": [], "MessageId": "OpenBMC.0.1.PowerUnitRedundancyRegained", "Name": "System Event Log Entry", "Severity": "OK" } Signed-off-by: Cheng C Yang <cheng.c.yang@linux.intel.com> Change-Id: I4f2d12e0dbc02f13062ea8e524b37248acf9c662
* Add message entry for physical security eventQiang XU2019-09-231-0/+47
| | | | | | | | | | | | | | | | | | | Log the LAN link status and chassis intrusion status change. Tested: Unplug network cable of dedicate NIC Check the below log message in https://$bmcip/redfish/v1/Systems/system/LogServices/EventLog/Entries { "Message": "eth0(Dedicated Management NIC) LAN leash lost.", "MessageArgs": [ "eth0(Dedicated Management NIC)", ], "MessageId": "OpenBMC.0.1.LanLost", } Change-Id: I5c04f0314363de473ff92ff8bd3225c064aba547 Signed-off-by: Qiang XU <qiang.xu@linux.intel.com>
* Revert "Fix remove callback user privilege access to login"Ed Tanous2019-09-181-7/+1
| | | | | | | | | | This reverts commit 8e69d148249f6a45cea10e988ec03430a5932784. Reason for revert: This causes service validator failures. I missed the fact that despite being asked a couple times, the service validator wasn't run. Please run it, resolve your bug, and resubmit as a new review. Change-Id: I0bb61ab1a618a96b2ed2c600825ec72b8d020ec0
* Add CPU and voltage regulator thermal messagesJason M. Bills2019-09-181-0/+21
| | | | | | | | | Tested: Used a heat gun to heat the CPU and voltage regulator and checked that the message is logged correctly. Change-Id: I4d73a9ad12691b364a33faf036a60f36bab0ac93 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Fix remove callback user privilege access to loginanil kumar appana2019-09-161-1/+7
| | | | | | | | | | | | | | | | | | | Callback privilege user must not be allowed to login,similar to IPMI. This user is used for callback purpose from IPMI point of it, and must be maintained in bmcweb to be consistent with IPMI, Hence removing the access to login for callback user Tested: 1.Create a user with username 'test1' and privilege - "Callback" via Redfish. 2.Using that Callback level credentials, try to do "Get" at this URI https://<ip-addr>/redfish/v1/Systems/system 3.output: Forbidden 4.use same URL to login from webUI with callback privilege https://<ip-addr>/redfish/v1/Systems/system 5.output: Forbidden Signed-off-by: anil kumar appana <anil.kumarx.appana@intel.com> Change-Id: I86dac565fc874e5d0fe033640ffc3de576a1f693
* Add PSU Deassert EventCheng C Yang2019-09-101-10/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | Add PSU Deassert Event for AC Lost, Predictive Failure, Failure, Fan Fault. Tested: Create a Fan Fault and then recover the Fan, check redfish log: { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/ 1566427122_10", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "2019-08-21T22:38:42+00:00", "EntryType": "Event", "Id": "1566427122_10", "Message": "Power supply PSU1 fan fan1 recovered.", "MessageArgs": [ "PSU1" ], "MessageId": "OpenBMC.0.1.PowerSupplyFanRecovered", "Name": "System Event Log Entry", "Severity": "OK" }, Signed-off-by: Cheng C Yang <cheng.c.yang@linux.intel.com> Change-Id: I224510c56ad87d1a2fc8e7ae5b3546fc34243d12
* Fix readJson to allow null as a complex typeEd Tanous2019-09-041-1/+2
| | | | | | | | | | | | | | | | | Given that very few people have actually needed to unpack a null value with readJson, it's not surprising that there are bugs there. the simplest case that failed was attempting to unpack an array which might contain null values, which should be allowed to be unpacked with a nlohmann::json object, to allow error handling and the new delete cases, but were rejected. Tested: Reran the unit test here, which succeeded. https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23954/2 Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: I50ae26645ad16f6a6228c27e6d501c08de4c622b
* cleanup: Move a pointer to a referenceEd Tanous2019-09-041-15/+7
| | | | | | | | | | Minor cleanup to a routine that allows us to drop one nullptr check. Tested: Will test shortly. Code should be no-op. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: I592dc0a9a311d6dd885cdd6289f343dd4b9b0567
* Add messages for power supply and system power good failuresJason M. Bills2019-08-281-0/+24
| | | | | | | | | Tested: Confirmed that the messages appear correctly in the registry under "/redfish/v1/Registries/OpenBMC/OpenBMC". Change-Id: Id730e6a1c14cbcbd74fc3310a1a41b557f93cb35 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Add Service Failure to registryJames Feist2019-08-271-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Allow logging when a service exits. Tested: killed an application and saw: { "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry", "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1565496588", "@odata.type": "#LogEntry.v1_4_0.LogEntry", "Created": "2019-08-11T04:09:48+00:00", "EntryType": "Event", "Id": "1565496588", "Message": "Service xyz.openbmc_project.adcsensor.service has exited unsuccessfully.", "MessageArgs": [ "xyz.openbmc_project.adcsensor.service" ], "MessageId": "OpenBMC.0.1.ServiceFailure", "Name": "System Event Log Entry", "Severity": "Warning" }, Change-Id: I45c764986f0e99426ee9087245498d020c6508cb Signed-off-by: James Feist <james.feist@linux.intel.com>
* Fix an Intel copyright that was missed in CREd Tanous2019-08-161-1/+1
| | | | | | | | | | There's lots of companies implementing OpenBMC, and we don't want the main MessageRegistry to be Copyright Intel, given its namespace and heritage. It looks like this snuck in when we moved it to the std::array based stuff. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: I18c0705dc7fea8566bd2627f1d6a8fc0ec7ccd51
* Redfish: Add TrustStore certificate supportMarri Devender Rao2019-08-161-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Implements CertificateCollection schema to upload CA certificates and to list existing CA certificates 2) Modified CertificateLocatons schema to list CA certificates 3) Modified ReplaceCertificate action of CertificateService schema to cater for replacing existing CA certificate Tested: 1) No validation failure 2) Truststore CertificateCollection curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/redfish/v1/Managers/bmc/Truststore/Certificates/ { "@odata.context": "/redfish/v1/$metadata#CertificateCollection.CertificateCollection", "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/", "@odata.type": "#CertificateCollection.CertificateCollection", "Description": "A Collection of TrustStore certificate instances", "Members": [], "Members@odata.count": 0, "Name": "TrustStore Certificates Collection" } 3) Upload certificate curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X POST -T cert.pem https://${bmc}/redfish/v1/Managers/bmc/Truststore/Certificates { "@odata.context": "/redfish/v1/$metadata#Certificate.Certificate", "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1", "@odata.type": "#Certificate.v1_0_0.Certificate", "CertificateString": ----\n", "Id": "1", "Issuer": { "CommonName": "localhost", "Organization": "openbmc-project.xyz" }, } 4) Certificate Locations curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/redfish/v1/CertificateService/CertificateLocations/ { "@odata.context": "/redfish/v1/$metadata#CertificateLocations.CertificateLocations", "@odata.id": "/redfish/v1/CertificateService/CertificateLocations", "@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations", "Description": "Defines a resource that an administrator can use in order tolocate all certificates installed on a given service", "Id": "CertificateLocations", "Links": { "Certificates": [ { "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1" }, { "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1" }, { "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1" } ], "Certificates@odata.count": 3 }, "Name": "Certificate Locations" } 5)Replace certificate curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST https://${bmc}/redfish/v1/CertificateService/Actions/Certificateervice.ReplaceCertificate/ -d @data_auth.json { "@odata.context": "/redfish/v1/$metadata#Certificate.Certificate", "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1", "@odata.type": "#Certificate.v1_0_0.Certificate", "CertificateString": "-----BEGIN CERTIFICATE--------\n", "Id": "1", "Issuer": { "CommonName": "localhost", "Organization": "openbmc-project.xyz" }, 6)List CertificateCollection curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/redfish/v1/Managers/bmc/Truststore/Certificates/ { "@odata.context": "/redfish/v1/$metadata#CertificateCollection.CertificateCollection", "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/", "@odata.type": "#CertificateCollection.CertificateCollection", "Description": "A Collection of TrustStore certificate instances", "Members": [ { "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1" } ], "Members@odata.count": 1, "Name": "TrustStore Certificates Collection" } Change-Id: Ic9644fadfe6fe89b529e16336cc6bcd804810b3a Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
* Redfish: GenerateCSR action for HTTPS certificateMarri Devender Rao2019-08-161-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implemented GenerateCSR action of CertificateService for generating CSR of HTTPS certificate CSR requests initiated through D-Bus are time-consuming and might result D-Bus time-out error GenerateCSR request is performed in child process in the backend so that caller is returned immediately. Caller need to register for "InterfacesAdded" signal generated when a new CSR object is creatd by backend after completion of the CSR request. Caller initiates read on the CSR object created to read the CSR string. Timer is added to cancel the operation if "Interfaces Added" signal is not received in a specified time. Modified to support only 2048 keybit length due to time taken in private key generation. Tested 1) Tested schema with validator and no issues 2) curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/ -d @generate_https.json { "CSRString": "-----BEGIN CERTIFICATE ..." "CertificateCollection": { "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" } } 3. generate_https.json { "City": "Austin", "CertificateCollection": { "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" }, "CommonName": "www.ibm.com", "ContactPerson":"myname", "AlternativeNames":["www.ibm.com"], "ChallengePassword":"", "Email":"openbmc@in.ibm.com", "GivenName":"", "Initials":"", "Country": "US", "KeyCurveId":"", "KeyUsage":["KeyAgreement"], "KeyBitLength": 1024, "KeyPairAlgorithm": "RSA", "Organization": "IBM", "OrganizationalUnit": "ISL", "State": "AU", "Surname": "", "UnstructuredName": "" } 4) Verified Required and Optional parameters 5) Generate EC CSR with curve ID secp224r1 curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/ -d @generate_https.json { "CSRString": "-----BEGIN CERTIFICATE REQUEST-----\nMIIBQzCB8wIBATCBmzEUMBIGA1UdEQwLd3d3LmlibS5jb20xDzANBgNVBAcMBkF1\nc3RpbjEUMBIGA1UEAwwLd3d3LmlibS5jb20xDzANBgNVBCkMBm15bmFtZTELMAkG\nA1UEBhMCVVMxDDAKBgQrDgMCDAJFQzEVMBMGA1UdDwwMS2V5QWdyZWVtZW50MQww\nCgYDVQQKDANJQk0xCzAJBgNVBAgMAkFVME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE\n7hyL8FWmeCBRpCxWKjlce9nRghwS0lBrBdslOZ+n9+hFD+0KD8L+BORwm7dfzGlG\nTblh2G6cQ8KgADAKBggqhkjOPQQDAgM/ADA8Ahw1nlGdEFfnb+2zxdfVeTQYgCTw\nNos0t2rsGc/zAhxS9/paXZtVqR+WzdQVsjSLC/BedbXv1EmW52Uo\n-----END CERTIFICATE REQUEST-----\n", "CertificateCollection": { "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" } } Change-Id: I2528c802ff3c6f63570cdb355b9c1195797a0e53 Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
OpenPOWER on IntegriCloud