diff options
68 files changed, 2157 insertions, 49 deletions
diff --git a/MAINTAINERS b/MAINTAINERS new file mode 100644 index 0000000..7966c18 --- /dev/null +++ b/MAINTAINERS @@ -0,0 +1,47 @@ +How to use this list: + Find the most specific section entry (described below) that matches where + your change lives and add the reviewers (R) and maintainers (M) as + reviewers. You can use the same method to track down who knows a particular + code base best. + + Your change/query may span multiple entries; that is okay. + + If you do not find an entry that describes your request at all, someone + forgot to update this list; please at least file an issue or send an email + to a maintainer, but preferably you should just update this document. + +Description of section entries: + + Section entries are structured according to the following scheme: + + X: NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!> + X: ... + . + . + . + + Where REPO_NAME is the name of the repository within the OpenBMC GitHub + organization; FILE_PATH is a file path within the repository, possibly with + wildcards; X is a tag of one of the following types: + + M: Denotes maintainer; has fields NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!>; + if omitted from an entry, assume one of the maintainers from the + MAINTAINERS entry. + R: Denotes reviewer; has fields NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!>; + these people are to be added as reviewers for a change matching the repo + path. + F: Denotes forked from an external repository; has fields URL. + + Line comments are to be denoted "# SOME COMMENT" (typical shell style + comment); it is important to follow the correct syntax and semantics as we + may want to use automated tools with this file in the future. + + A change cannot be added to an OpenBMC repository without a MAINTAINER's + approval; thus, a MAINTAINER should always be listed as a reviewer. + +START OF MAINTAINERS LIST +------------------------- + +M: Brad Bishop <bradleyb@fuzziesquirrel.com> <radsquirrel!> +R: Brad Bishop <bradleyb@fuzziesquirrel.com> <radsquirrel!> +R: Deepak Kodihalli <dkodihal@linux.vnet.ibm.com> <dkodihal!> diff --git a/Makefile.am b/Makefile.am index 2570163..933e339 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,7 @@ nobase_include_HEADERS = ## These get filled in by Makefile.interfaces libphosphor_dbusdir = ${libdir} libphosphor_dbus_LTLIBRARIES = libphosphor_dbus.la libphosphor_dbus_la_LDFLAGS = $(SYSTEMD_LIBS) $(SDBUSPLUS_LIBS) -version-info 0:0:0 -shared -libphosphor_dbus_la_CXXFLAGS = $(SYSTEMD_CFLAGS) $(SDBUSPLUS_CFLAGS) +libphosphor_dbus_la_CXXFLAGS = $(SYSTEMD_CFLAGS) $(SDBUSPLUS_CFLAGS) -flto BUILT_SOURCES = libphosphor_dbus.cpp CLEANFILES = libphosphor_dbus.cpp diff --git a/configure.ac b/configure.ac index 92b9b73..9d57adc 100644 --- a/configure.ac +++ b/configure.ac @@ -28,11 +28,11 @@ AS_IF([test "x$enable_libphosphor_dbus" != "xno"], [ AC_MSG_ERROR([Cannot find sdbus++])) # Checks for libraries. - AX_PKG_CHECK_MODULES([SYSTEMD], [], [libsystemd >= 221], [], [AC_MSG_ERROR(["systemd required and not found."])]) - AX_PKG_CHECK_MODULES([SDBUSPLUS], [], [sdbusplus], [], [AC_MSG_ERROR(["sdbusplus required and not found."])]) + AX_PKG_CHECK_MODULES([SYSTEMD], [], [libsystemd >= 221]) + AX_PKG_CHECK_MODULES([SDBUSPLUS], [], [sdbusplus]) # Checks for typedefs, structures, and compiler characteristics. - AX_CXX_COMPILE_STDCXX_14([noext]) + AX_CXX_COMPILE_STDCXX_17([noext]) AX_APPEND_COMPILE_FLAGS([-Wall -Werror], [CFLAGS]) AX_APPEND_COMPILE_FLAGS([-Wall -Werror], [CXXFLAGS]) diff --git a/xyz/openbmc_project/Association/Definitions.interface.yaml b/xyz/openbmc_project/Association/Definitions.interface.yaml new file mode 100644 index 0000000..80cdee8 --- /dev/null +++ b/xyz/openbmc_project/Association/Definitions.interface.yaml @@ -0,0 +1,12 @@ +description: > + This interface is used to tell the mapper to create + xyz.openbmc_project.Association interfaces on <this path>/forward and + endpoint/reverse. +properties: + - name: Associations + type: array[struct[string,string,string]] + description: > + An array of forward, reverse, endpoint tuples where: + forward - The type of the association. + reverse - The type of the association to create for the endpoint. + endpoint - The association endpoint. diff --git a/xyz/openbmc_project/Certs/Certificate.interface.yaml b/xyz/openbmc_project/Certs/Certificate.interface.yaml new file mode 100644 index 0000000..5bddd3b --- /dev/null +++ b/xyz/openbmc_project/Certs/Certificate.interface.yaml @@ -0,0 +1,94 @@ +description: > + Implement to provide certificate management features. + + An OpenBMC implementation providing installed certificate management + functions. An implementation service should additionally implement + xyz.openbmc_project.Object.Delete to allow the deletion of individual + certificate objects. +properties: + - name: CertificateString + type: string + description: > + The string for the certificate. + + This is a X.509 public certificate in PEM format. + PEM wiki - https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail + + An X.509 certificate contains a public key, validity, and an + identity (a hostname, or an organization, or an individual), + and is either signed by a certificate authority or self-signed. + Refer https://en.wikipedia.org/wiki/X.509 for details. + - name: KeyUsage + type: array[string] + description: > + Key usage extensions define the purpose of the public key contained + in a certificate. + + Valid Key usage extensions and its usage description is based on + Redfish Resource and Schema Guide 2018.3 version. + https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf + + ClientAuthentication: The public key is used for TLS WWW client + authentication. + CodeSigning: The public key is used for the signing of executable code. + CRLSigning: The public key is used for verifying signatures on + certificate revocation lists (CLRs). + DataEncipherment: The public key is used for directly enciphering + raw user data without the use of an intermediate + symmetric cipher. + DecipherOnly: The public key could be used for deciphering data + while performing key agreement. + DigitalSignature: The public key is used for verifying digital + signatures, other than signatures on certificates + and CRLs. + EmailProtection: The public key is used for email protection. + EncipherOnly: The public key could be used for enciphering data + while performing key agreement. + KeyCertSign: The public key is used for verifying signatures on + public key certificates. + KeyEncipherment: The public key is used for enciphering private or + secret keys. + NonRepudiation: The public key is used to verify digital signatures, + other than signatures on certificates and CRLs, + and used to provide a non- repudiation service that + protects against the signing entity falsely denying + some action. + OCSPSigning: The public key is used for signing OCSP responses. + ServerAuthentication: The public key is used for TLS WWW server + authentication. + Timestamping: The public key is used for binding the hash of an + object to a time. + + - name: Issuer + type: string + description: > + The issuer of the certificate. + + Refer X.509 certificate wiki for the "Issuer" Key and value details. + + Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA + Here C = country, O=organization, CN= common name. + + - name: Subject + type: string + description: > + The subject of the certificate + + Refer X.509 certificate wiki for the "Subject" Key and value details. + Refer https://en.wikipedia.org/wiki/X.509 + + Example: Subject: C=US, ST=New York, L=Armonk, + O=International Business Machines Corporation, + OU=research, CN=www.research.ibm.com + Here C=country, ST=state, L=locality, O=organization, CN= common name. + OU= organizational unit + + - name: ValidNotAfter + type: uint64 + description: > + The certificate expiry date and time, in epoch time, in milliseconds + - name: ValidNotBefore + type: uint64 + description: > + The certificate validity start date and time, + in epoch time, in milliseconds. diff --git a/xyz/openbmc_project/Certs/Install.errors.yaml b/xyz/openbmc_project/Certs/Install.errors.yaml new file mode 100644 index 0000000..5381de0 --- /dev/null +++ b/xyz/openbmc_project/Certs/Install.errors.yaml @@ -0,0 +1,3 @@ +# xyz.openbmc_project.Certs.Install.Error.InvalidCertificate + - name: InvalidCertificate + description: Invalid certificate file. diff --git a/xyz/openbmc_project/Certs/Install.interface.yaml b/xyz/openbmc_project/Certs/Install.interface.yaml new file mode 100644 index 0000000..8781834 --- /dev/null +++ b/xyz/openbmc_project/Certs/Install.interface.yaml @@ -0,0 +1,16 @@ +description: > + Certificate management interface to install server and client certificates. +methods: + - name: Install + description: > + Install the certificate and restart the associated services. + parameters: + - name: Path + type: string + description: > + Path of file that contains both the certificate public and + private key. (Example: a .PEM file containing both signed + certificate and private key). + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Certs.Install.Error.InvalidCertificate diff --git a/xyz/openbmc_project/Certs/Install.metadata.yaml b/xyz/openbmc_project/Certs/Install.metadata.yaml new file mode 100644 index 0000000..1d36c14 --- /dev/null +++ b/xyz/openbmc_project/Certs/Install.metadata.yaml @@ -0,0 +1,4 @@ +- name: InvalidCertificate + meta: + - str: "REASON = %s" + type: string diff --git a/xyz/openbmc_project/Certs/README.md b/xyz/openbmc_project/Certs/README.md new file mode 100644 index 0000000..d438faa --- /dev/null +++ b/xyz/openbmc_project/Certs/README.md @@ -0,0 +1,94 @@ +# BMC Certificate management + +Certificate management allows to replace the existing certificate and private +key file with another (possibly certification Authority (CA) signed) +certificate and private key file. Certificate management allows the user to +install both the server and client certificates. The REST interface allows to +update the certificate, using an unencrypted certificate and private key file +in .pem format, which includes both private key and signed certificate. + +### Signed Certificate upload Design flow: + +- The REST Server copies the certificate and private key file to a temporary + location. +- REST server should map the URI to the target DBus application (Certs) object. + The recommendation for the D-Bus application implementing certificate D-Bus + objects is to use the same path structure as the REST endpoint. + e.g.: + - The URI /xyz/openbmc_project/certs/Server/Https maps to instance + of the certificate application handling Https server certificate. + - The URI /xyz/openbmc_project/certs/Client/LDAP maps to instance + of the certificate application handling LDAP client certificate. +- REST server should call the install method of the certificate application + instance. +- Certificate manager application also implements d-bus object + xyz.openbmc_project.Certs.Manager. This includes the collection of + "certificates specific d-bus objects" installed in the system. This d-bus + provide option to view the certificate on PEM format and delete the same. + Refer https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail for details. + e.g. for Certificate specific d-bus path + - /xyz/openbmc_project/certs/Server/<unique-id> maps to + instance of the server types certificate. + - /xyz/openbmc_project/certs/Client/<unique-id> maps to + instance of the client type certificate. + note: unique id is the hash value of certificate issuer and serial number. + +- Applications should subscribe the xyz.openbmc_project.Certs.Manager + to see any new certificate is uploaded or change in the existing + certificates. +- Certificate manager scope is limited to manage the certificate and impacted + application is responsible for application specific changes. +- Incase of delete action, certificate manager creates a new self signed + certificate after successful delete. + +### REST interface details: + + ``` + url: /xyz/openbmc_project/certs/Server/Https + Description: Update https server signed certificate and the private key. + Method: PUT + + url: /xyz/openbmc_project/certs/Server/Https + Description: Delete https server signed certificate and the private key. + Method: DELETE + + url: /xyz/openbmc_project/certs/Client/LDAP + Description: Update ldap client certificate and the private key. + Method: PUT + + url: /xyz/openbmc_project/certs/Client/LDAP + Description: Delete ldap client certificate and the private key. + Method: DELETE + + Return codes + + 200 Success + 400 Invalid certificate and private key file. + 405 Method not supported. + 500 Internal server error + + ``` +#### d-bus interface to install certificate and private Key +- Certs application must: + - validate the certificate and Private key file by checking, if the Private + key matches the public key in the certificate file. + - copy the certificate and Public Key file to the service specific path + based on a configuration file. + - Reload the listed service(s) for which the certificate is updated. + +#### d-bus interface to Delete certificate and Private Key + +- certificate manager should provide interface to delete the existing + certificate. +- Incase of server type certificate deleting a signed certificate will + create a new self signed certificate and will install the same. + +### Boot process +- certificate management instances should be created based on the system + configuration. + +- Incase of no Https certificate or invalid Https certificate, certificate + manager should update the https certificate with self signed certificate. + +### Repository: + phosphor-certificate-manager diff --git a/xyz/openbmc_project/Channel/ChannelAccess.interface.yaml b/xyz/openbmc_project/Channel/ChannelAccess.interface.yaml new file mode 100644 index 0000000..715fdec --- /dev/null +++ b/xyz/openbmc_project/Channel/ChannelAccess.interface.yaml @@ -0,0 +1,13 @@ +description: > + This interface defines channel specific privilege access information + which is used for channel authorization. Application must determine + channel level privilege restriction based on this property. + +properties: + - name: MaxPrivilege + type: string + description: > + Maximum privilege associated with specific channel. + errors: + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.Common.Error.InternalFailure diff --git a/xyz/openbmc_project/Chassis/Buttons/ID.interface.yaml b/xyz/openbmc_project/Chassis/Buttons/ID.interface.yaml new file mode 100644 index 0000000..0751ca4 --- /dev/null +++ b/xyz/openbmc_project/Chassis/Buttons/ID.interface.yaml @@ -0,0 +1,20 @@ +description: > + ID button is the system identification button, that allows the server to be + located in a rack, and can be enabled remotely via WebUI; + user can press ID button on the front panel and then walk around to the back + and quickly identify the rear bulkhead of the same server unit. +methods: + - name: simPress + description: > + Emulate ID button press. + errors: + - xyz.openbmc_project.Chassis.Common.Error.UnsupportedCommand + - xyz.openbmc_project.Chassis.Common.Error.IOError + +signals: + - name: Released + description: > + ID button released signal + - name: Pressed + description: > + ID button pressed signal diff --git a/xyz/openbmc_project/Chassis/Buttons/Power.interface.yaml b/xyz/openbmc_project/Chassis/Buttons/Power.interface.yaml new file mode 100644 index 0000000..466fc03 --- /dev/null +++ b/xyz/openbmc_project/Chassis/Buttons/Power.interface.yaml @@ -0,0 +1,39 @@ +description: > + Power button control service +methods: + - name: simPress + description: > + Emulate power button press. + errors: + - xyz.openbmc_project.Chassis.Common.Error.UnsupportedCommand + - xyz.openbmc_project.Chassis.Common.Error.IOError + + - name: simLongPress + description: > + Emulate power button long press. + errors: + - xyz.openbmc_project.Chassis.Common.Error.UnsupportedCommand + - xyz.openbmc_project.Chassis.Common.Error.IOError + +properties: + - name: Enabled + type: boolean + default: true + description: > + Enable/disable power button. + false means power button is disabled + true means power button is enabled + errors: + - xyz.openbmc_project.Chassis.Common.Error.UnsupportedCommand + - xyz.openbmc_project.Chassis.Common.Error.IOError + +signals: + - name: Released + description: > + Power button released signal + - name: Pressed + description: > + Power button pressed signal + - name: PressedLong + description: > + Power button long pressed signal diff --git a/xyz/openbmc_project/Chassis/Buttons/Reset.interface.yaml b/xyz/openbmc_project/Chassis/Buttons/Reset.interface.yaml new file mode 100644 index 0000000..7db8bd5 --- /dev/null +++ b/xyz/openbmc_project/Chassis/Buttons/Reset.interface.yaml @@ -0,0 +1,29 @@ +description: > + Reset button control service +methods: + - name: simPress + description: > + Emulate reset button press. + errors: + - xyz.openbmc_project.Chassis.Common.Error.UnsupportedCommand + - xyz.openbmc_project.Chassis.Common.Error.IOError + +properties: + - name: Enabled + type: boolean + default: true + description: > + Enable/disable reset button. + false means reset button is disabled + true means reset button is enabled + errors: + - xyz.openbmc_project.Chassis.Common.Error.UnsupportedCommand + - xyz.openbmc_project.Chassis.Common.Error.IOError + +signals: + - name: Released + description: > + Reset button released signal + - name: Pressed + description: > + Reset button pressed signal diff --git a/xyz/openbmc_project/Chassis/Common.errors.yaml b/xyz/openbmc_project/Chassis/Common.errors.yaml new file mode 100644 index 0000000..2df3649 --- /dev/null +++ b/xyz/openbmc_project/Chassis/Common.errors.yaml @@ -0,0 +1,6 @@ +- name: UnsupportedCommand + description: > + An unsupported command was attempted. +- name: IOError + description: > + An IO error occurred. diff --git a/xyz/openbmc_project/Chassis/Control/Power.interface.yaml b/xyz/openbmc_project/Chassis/Control/Power.interface.yaml new file mode 100644 index 0000000..082586f --- /dev/null +++ b/xyz/openbmc_project/Chassis/Control/Power.interface.yaml @@ -0,0 +1,31 @@ +description: > + Power control service +methods: + - name: forcePowerOff + description: > + Force power off the host. + returns: + - name: status + type: boolean + description: > + The result of power off command. + errors: + - xyz.openbmc_project.Chassis.Common.Error.UnsupportedCommand + - xyz.openbmc_project.Chassis.Common.Error.IOError + +properties: + - name: PGood + type: boolean + default: false + description: > + PSU Power good property + It is a read-only property. + - name: State + type: int32 + default: 0 + description: > + System power status + 0: power is off + 1: power is on + Setting its value to change the system state + Read its value to get the system state.
\ No newline at end of file diff --git a/xyz/openbmc_project/Chassis/Intrusion.interface.yaml b/xyz/openbmc_project/Chassis/Intrusion.interface.yaml new file mode 100644 index 0000000..b3fba48 --- /dev/null +++ b/xyz/openbmc_project/Chassis/Intrusion.interface.yaml @@ -0,0 +1,10 @@ +description: > + Interface to query intrusion detector status. + +properties: + - name: Status + type: string + description: > + Status string of chassis intrusion detector. + The value is defined in chassis redfish schema. + Can be "Normal" or "HardwareIntrusion". diff --git a/xyz/openbmc_project/Chassis/README.md b/xyz/openbmc_project/Chassis/README.md new file mode 100644 index 0000000..d07a939 --- /dev/null +++ b/xyz/openbmc_project/Chassis/README.md @@ -0,0 +1,39 @@ +# Chassis Power Control + +## Overview +Chassis Power Control service exposes D-Bus methods for chassis power operations + +### Power Button Interface +Power button interface `xyz.openbmc_project.Chassis.Buttons.Power` +provides following methods, signals. + +#### methods +* simPress - To emulate physical power button press. +* simLongPress - To emulate physical power button long press. + +#### signals +* Released - Power button released signal. +* Pressed - Power button pressed signal. +* PressedLong - Power button long pressed signal. + +### ID Button Interface +ID button interface `xyz.openbmc_project.Chassis.Buttons.ID` +provides following methods, signals. + +#### methods +* simPress - To emulate ID button press. + +#### signals +* Released - ID button released signal. +* Pressed - ID button pressed signal. + +### Reset Button Interface +ID button interface `xyz.openbmc_project.Chassis.Buttons.Reset` +provides following methods, signals. + +#### methods +* simPress - To emulate reset button press. + +#### signals +* Released - Reset button released signal. +* Pressed - Reset button pressed signal.
\ No newline at end of file diff --git a/xyz/openbmc_project/Common.errors.yaml b/xyz/openbmc_project/Common.errors.yaml index f6b2734..e5d8421 100644 --- a/xyz/openbmc_project/Common.errors.yaml +++ b/xyz/openbmc_project/Common.errors.yaml @@ -6,3 +6,7 @@ description: Invalid argument was given. - name: InsufficientPermission description: Insufficient permission to perform operation +- name: NotAllowed + description: The operation is not allowed +- name: NoCACertificate + description: Server's CA certificate has not been provided. diff --git a/xyz/openbmc_project/Common.metadata.yaml b/xyz/openbmc_project/Common.metadata.yaml index e2b76cc..36b407c 100644 --- a/xyz/openbmc_project/Common.metadata.yaml +++ b/xyz/openbmc_project/Common.metadata.yaml @@ -12,3 +12,10 @@ level: ERR - name: InsufficientPermission level: INFO +- name: NotAllowed + level: INFO + meta: + - str: "REASON=%s" + type: string +- name: NoCACertificate + level: ERR diff --git a/xyz/openbmc_project/Common/ObjectPath.interface.yaml b/xyz/openbmc_project/Common/ObjectPath.interface.yaml new file mode 100644 index 0000000..ad3a410 --- /dev/null +++ b/xyz/openbmc_project/Common/ObjectPath.interface.yaml @@ -0,0 +1,12 @@ +description: > + An interface which contains a D-Bus object path. + + This may be used along with other interfaces when a particular + D-Bus object needs to show information about another object + and using associations is not possible. + +properties: + - name: Path + type: string + description: > + The object path of a D-Bus object. diff --git a/xyz/openbmc_project/Control/CFMLimit.interface.yaml b/xyz/openbmc_project/Control/CFMLimit.interface.yaml new file mode 100644 index 0000000..5946f3c --- /dev/null +++ b/xyz/openbmc_project/Control/CFMLimit.interface.yaml @@ -0,0 +1,10 @@ +description: > + Implement to provide a CFM upper limit for fan control. + This can be used with a CFM algorithm to calculate the + maximum allowed fan speed for a system. + +properties: + - name: Limit + type: double + description: > + The CFM limit, 0 means disabled. diff --git a/xyz/openbmc_project/Control/ChassisCapabilities.interface.yaml b/xyz/openbmc_project/Control/ChassisCapabilities.interface.yaml new file mode 100644 index 0000000..2bfe620 --- /dev/null +++ b/xyz/openbmc_project/Control/ChassisCapabilities.interface.yaml @@ -0,0 +1,28 @@ +description: > + An interface for chassis capabilities defined in IPMI spec. +properties: + - name: CapabilitiesFlags + type: byte + description: > + Chassis capabilities flags. bit1= Provides front panel lockout, + bit0 = Provides intrusion. All other bits reserved. + - name: FRUDeviceAddress + type: byte + description: > + Chassis FRU device address. + - name: SDRDeviceAddress + type: byte + description: > + Chassis SDR device address. + - name: SELDeviceAddress + type: byte + description: > + Chassis SEL device address. + - name: SMDeviceAddress + type: byte + description: > + Chassis SM device address. + - name: BridgeDeviceAddress + type: byte + description: > + Chassis Bridge device address. diff --git a/xyz/openbmc_project/Control/FanRedundancy.interface.yaml b/xyz/openbmc_project/Control/FanRedundancy.interface.yaml new file mode 100644 index 0000000..50ae5bc --- /dev/null +++ b/xyz/openbmc_project/Control/FanRedundancy.interface.yaml @@ -0,0 +1,37 @@ +description: > + An interface to set whether fans are redundant. +properties: + - name: AllowedFailures + type: byte + flags: + - const + description: > + Number of fans in error state before redundancy is lost. + - name: Collection + type: array[path] + flags: + - const + description: > + The group of fans tracked by this redundancy object. + - name: Status + type: enum[self.State] + flags: + - const + description: > + The current redundancy status. + +enumerations: + - name: State + description: > + Possible redundancy states. + values: + - name: Full + description: > + System is in a fully redundant state. + - name: Degraded + description: > + Redundancy is in a degraded state. + - name: Failed + description: > + System has lost redundancy. + diff --git a/xyz/openbmc_project/Control/Mode.interface.yaml b/xyz/openbmc_project/Control/Mode.interface.yaml new file mode 100644 index 0000000..ff7e0b0 --- /dev/null +++ b/xyz/openbmc_project/Control/Mode.interface.yaml @@ -0,0 +1,19 @@ +description: > + Implement to provide manual control for an object. Also provides + for the notion of a fail-safe mode. + + Control.Mode.Manual is read/write. + Control.Mode.FailSafe is read/write, however not all implementations + may respect having this property set externally. + +properties: + - name: Manual + type: boolean + description: > + Whether the object should be in manual or automatic mode. + - name: FailSafe + type: boolean + description: > + Whether the object is in fail-safe mode or not. + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Control/Power/ACPIPowerState.interface.yaml b/xyz/openbmc_project/Control/Power/ACPIPowerState.interface.yaml new file mode 100644 index 0000000..c8a3349 --- /dev/null +++ b/xyz/openbmc_project/Control/Power/ACPIPowerState.interface.yaml @@ -0,0 +1,62 @@ +description: > + Implement to set/get ACPI power status + +properties: + - name: SysACPIStatus + type: enum[self.ACPI] + description: > + The ACPI system power status. + + - name: DevACPIStatus + type: enum[self.ACPI] + description: > + The ACPI device power status. + +enumerations: + - name: ACPI + description: > + Possible ACPI status. + values: + - name: S0_G0_D0 + description: > + Working, the system is running + - name: S1_D1 + description: > + Hardware context maintained, typically equates to proc/chip + set clocks stopped. + - name: S2_D2 + description: > + Typically equates to stopped clocks with proc/cache context lost. + - name: S3_D3 + description: > + Typically equates to "suspend-to-RAM". + - name: S4 + description: > + Typically equates to "suspend-to-disk". + - name: S5_G2 + description: > + Soft off. + - name: S4_S5 + description: > + Sent when message source cannot differentiate between S4 and S5. + - name: G3 + description: > + Mechanical off. + - name: SLEEP + description: > + Sleeping - cannot differentiate between S1-S3. + - name: G1_SLEEP + description: > + Sleeping - cannot differentiate between S1-S4. + - name: OVERRIDE + description: > + S5 entered by override. + - name: LEGACY_ON + description: > + Legacy On - used when ACPI mode is disabled. + - name: LEGACY_OFF + description: > + Legacy Off - used when ACPI mode is disabled. + - name: Unknown + description: > + System power state has not been initialized. diff --git a/xyz/openbmc_project/Control/PowerSupplyAttributes.interface.yaml b/xyz/openbmc_project/Control/PowerSupplyAttributes.interface.yaml new file mode 100644 index 0000000..1e8f1b3 --- /dev/null +++ b/xyz/openbmc_project/Control/PowerSupplyAttributes.interface.yaml @@ -0,0 +1,10 @@ +description: > + An interface to set control characteristics for an individual power supply. +properties: + - name: DeratingFactor + type: uint32 + flags: + - const + description: > + The power supply derating factor, which is the percentage to multiply + the input power by to get the output power. diff --git a/xyz/openbmc_project/Control/PowerSupplyRedundancy.interface.yaml b/xyz/openbmc_project/Control/PowerSupplyRedundancy.interface.yaml index b99d51b..bf36a77 100644 --- a/xyz/openbmc_project/Control/PowerSupplyRedundancy.interface.yaml +++ b/xyz/openbmc_project/Control/PowerSupplyRedundancy.interface.yaml @@ -3,5 +3,7 @@ description: > properties: - name: PowerSupplyRedundancyEnabled type: boolean + flags: + - const description: > When true, the power supplies are redundant. diff --git a/xyz/openbmc_project/Control/Service/Attributes.interface.yaml b/xyz/openbmc_project/Control/Service/Attributes.interface.yaml new file mode 100644 index 0000000..e9bfc92 --- /dev/null +++ b/xyz/openbmc_project/Control/Service/Attributes.interface.yaml @@ -0,0 +1,36 @@ +description: > + This interface exposes properties for service objects like + SSH, web, RMCP+ etc. under the service configuration manager. + This interface can be used to get/set of service properties. + +properties: + - name: State + type: enum[self.SupportedStates] + description: > + Specifies the state of the service. + - name: Port + type: uint32 + description: > + Specifies the listening port number of service. + This property is used to get or set the service + listening port number. + - name: Channel + type: array[string] + description: > + Specifies the channel on which service allows client + connections. This property is used to get or set the + allowed channel interfaces in array of strings. It accepts + the interface names, which are created as objects in + network service and returns error if not found. + +enumerations: + - name: SupportedStates + description: > + State values. + values: + - name: 'enabled' + description: > + Service is enabled. + - name: 'disabled' + description: > + Service is disabled. diff --git a/xyz/openbmc_project/Control/Service/README.md b/xyz/openbmc_project/Control/Service/README.md new file mode 100644 index 0000000..fd9f92c --- /dev/null +++ b/xyz/openbmc_project/Control/Service/README.md @@ -0,0 +1,36 @@ +# Service Management + +## Overview +Applications must use service manager daemon to configure services like +phosphor-ipmi-net, web, SSH etc. service in the system, instead of +directly controlling the same using 'systemd' or 'iptables'. This way client +applications doesn't need to change to configure services, when the +implementations differ. + +### Attributes Interface +Service manager daemon, will create objects for configurable service +in the system under object path `/xyz/openbmc_project/Control/Service/<object>`. +Each service object can be handled through 'org.freedesktop.DBus.ObjectManager'. +Service object will expose following properties. + +#### xyz.openbmc_project.Control.Service.Attributes interface +##### properties +* State - State of the service. Enabled / Disabled. +* Port - Port number to which the service is configured to listen. +* Channel - Supported network interface objects, to which port has to bind. + +## Note +Implementations can elect to implement service manager daemon either through +'systemctl' (override.conf) or implement the same through 'iptables' logic, of +disabling the port, updating the port etc. + +## Example usage: +Webserver can update the RMCP+ port number from default 623 to different one, +by updating the `Port` property value under path `/xyz/openbmc_project/Control/ +Service/netipmid` through interface `xyz.openbmc_project.Control.Service. +Attributes`. + +## Systemd (override.conf) implementation +In order to update the property value, `override.conf` file under `/etc/systemd +/system/<Service unit name>/` has to be updated and service unit has to be +restarted through `org.freedesktop.systemd1`. diff --git a/xyz/openbmc_project/Control/ThermalMode.interface.yaml b/xyz/openbmc_project/Control/ThermalMode.interface.yaml new file mode 100644 index 0000000..8ec8eba --- /dev/null +++ b/xyz/openbmc_project/Control/ThermalMode.interface.yaml @@ -0,0 +1,26 @@ +description: > + Implement to provide alternative thermal control modes of a system + that can be enabled, overriding the system defaults. + + Control.ThermalMode.Supported is read only. + Implementation of this interface populates the list of supported modes. + Control.ThermalMode.Current is read/write. + Implementation specific mode for the thermal control application + to run in. + +properties: + - name: Supported + type: array[string] + flags: + - const + description: > + An implemention specific list of supported modes that the thermal + control application can be configured to provide for a platform. + - name: Current + type: string + default: "Default" + description: > + The current mode the thermal control application should execute in + selected from the supported modes provided. + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Inventory/Decorator/AssetTag.interface.yaml b/xyz/openbmc_project/Inventory/Decorator/AssetTag.interface.yaml index 2c674cc..3b3e047 100644 --- a/xyz/openbmc_project/Inventory/Decorator/AssetTag.interface.yaml +++ b/xyz/openbmc_project/Inventory/Decorator/AssetTag.interface.yaml @@ -1,5 +1,6 @@ description: > - Implement to provide Asset Tag. + Implement to provide Asset Tag. The asset tag is used to uniquely identify + the object. properties: - name: AssetTag type: string diff --git a/xyz/openbmc_project/Inventory/Decorator/VendorInformation.interface.yaml b/xyz/openbmc_project/Inventory/Decorator/VendorInformation.interface.yaml index 6b6a131..a31e671 100644 --- a/xyz/openbmc_project/Inventory/Decorator/VendorInformation.interface.yaml +++ b/xyz/openbmc_project/Inventory/Decorator/VendorInformation.interface.yaml @@ -1,5 +1,14 @@ description: > Implement to provide custom properties added to an item by the item vendor. +properties: + - name: CustomField1 + type: string + description: > + The custom field 1 of the item. + - name: CustomField2 + type: string + description: > + The custom field 2 of the item. # vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Inventory/Item/Accelerator.interface.yaml b/xyz/openbmc_project/Inventory/Item/Accelerator.interface.yaml new file mode 100644 index 0000000..5a44913 --- /dev/null +++ b/xyz/openbmc_project/Inventory/Item/Accelerator.interface.yaml @@ -0,0 +1,5 @@ +description: > + Implement to provide hardware accelerator attributes. A hardware + accelerator used to perform some functions more efficiently than is + possible in software running on a general-purpose CPU. Examples of + possible hardware accelerators include: GPUs, FPGAs, and ASICs. diff --git a/xyz/openbmc_project/Inventory/Item/Chassis.interface.yaml b/xyz/openbmc_project/Inventory/Item/Chassis.interface.yaml index 6542cc0..3320ea1 100644 --- a/xyz/openbmc_project/Inventory/Item/Chassis.interface.yaml +++ b/xyz/openbmc_project/Inventory/Item/Chassis.interface.yaml @@ -1,4 +1,10 @@ description: > Implement to provide Chassis attributes. +properties: + - name: Type + type: string + description: > + The type of physical form factor of the chassis. + # vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Inventory/Item/PCIeDevice.interface.yaml b/xyz/openbmc_project/Inventory/Item/PCIeDevice.interface.yaml new file mode 100644 index 0000000..a8b1865 --- /dev/null +++ b/xyz/openbmc_project/Inventory/Item/PCIeDevice.interface.yaml @@ -0,0 +1,279 @@ +description: > + This defines a PCIe device to be exposed for system management. It + includes the device properties and function properties for all 8 + possible functions that are needed for the device identification. + +properties: + - name: DeviceType + type: string + description: > + Indicates if the device is MultiFunction or SingleFunction. + + - name: Function0ClassCode + type: string + description: > + The Class Code for this function. + - name: Function0DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function0DeviceId + type: string + description: > + The Device ID for this function. + - name: Function0FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function0RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function0SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function0SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function0VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Function1ClassCode + type: string + description: > + The Class Code for this function. + - name: Function1DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function1DeviceId + type: string + description: > + The Device ID for this function. + - name: Function1FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function1RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function1SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function1SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function1VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Function2ClassCode + type: string + description: > + The Class Code for this function. + - name: Function2DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function2DeviceId + type: string + description: > + The Device ID for this function. + - name: Function2FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function2RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function2SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function2SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function2VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Function3ClassCode + type: string + description: > + The Class Code for this function. + - name: Function3DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function3DeviceId + type: string + description: > + The Device ID for this function. + - name: Function3FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function3RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function3SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function3SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function3VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Function4ClassCode + type: string + description: > + The Class Code for this function. + - name: Function4DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function4DeviceId + type: string + description: > + The Device ID for this function. + - name: Function4FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function4RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function4SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function4SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function4VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Function5ClassCode + type: string + description: > + The Class Code for this function. + - name: Function5DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function5DeviceId + type: string + description: > + The Device ID for this function. + - name: Function5FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function5RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function5SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function5SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function5VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Function6ClassCode + type: string + description: > + The Class Code for this function. + - name: Function6DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function6DeviceId + type: string + description: > + The Device ID for this function. + - name: Function6FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function6RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function6SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function6SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function6VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Function7ClassCode + type: string + description: > + The Class Code for this function. + - name: Function7DeviceClass + type: string + description: > + The Device Class for this function. + - name: Function7DeviceId + type: string + description: > + The Device ID for this function. + - name: Function7FunctionType + type: string + description: > + Indicates if the function is Physical or Virtual + - name: Function7RevisionId + type: string + description: > + The Revision ID for this function. + - name: Function7SubsystemId + type: string + description: > + The Subsystem ID for this function. + - name: Function7SubsystemVendorId + type: string + description: > + The Subsystem Vendor ID for this function. + - name: Function7VendorId + type: string + description: > + The Vendor ID for this function. + + - name: Manufacturer + type: string + description: > + The name of the Manufacturer for this device. diff --git a/xyz/openbmc_project/Inventory/Item/Tpm.interface.yaml b/xyz/openbmc_project/Inventory/Item/Tpm.interface.yaml new file mode 100644 index 0000000..2414830 --- /dev/null +++ b/xyz/openbmc_project/Inventory/Item/Tpm.interface.yaml @@ -0,0 +1,4 @@ +description: > + Implement to provide Trusted Platform Module(TPM) attributes. + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Ipmi/SOL.interface.yaml b/xyz/openbmc_project/Ipmi/SOL.interface.yaml new file mode 100644 index 0000000..94db59f --- /dev/null +++ b/xyz/openbmc_project/Ipmi/SOL.interface.yaml @@ -0,0 +1,43 @@ +description: > + SOL properties use for Get/Set SOL config parameter command in host-ipmid + sending config to SOL process in net-ipmid. + Since some platforms need to access Get/Set SOL config parameter command + through KCS, and current sol manager is implemented in net-ipmid and + cannot be accessed by host-ipmid, add a dbus interface for host-ipmid + command to transfer properties to net-ipmid. + This interface will be implemented in phosphor-settings. +properties: + - name: Progress + type: byte + description: > + Set In Progress property, indicate when any parameters are being + updated. + - name: Enable + type: boolean + description: > + SOL Enable property, this controls whether the SOL payload type + can be activated. + - name: Authentication + type: byte + description: > + If SOL enable Force Payload Encryption and Authenticaton. + And the minimun operating privilege level SOL required. + - name: Accumulate + type: byte + description: > + Character Accumulate Interval in 5ms increments. + BMC will wait this time before transmitting a packet. + - name: Threshold + type: byte + description: > + BMC will automatically send an SOL character data packet containing + this number of characters. + - name: RetryCount + type: byte + description: > + Packet will be dropped if no ACK/NACK received by time retries + expire. + - name: RetryInterval + type: byte + description: > + Retry Interval in 10ms increments. diff --git a/xyz/openbmc_project/Logging/IPMI.interface.yaml b/xyz/openbmc_project/Logging/IPMI.interface.yaml new file mode 100644 index 0000000..2b2e393 --- /dev/null +++ b/xyz/openbmc_project/Logging/IPMI.interface.yaml @@ -0,0 +1,77 @@ +description: > + Implement to provide an IPMI System Event Log (SEL) logging interface + under the path /xyz/openbmc_project/Logging/IPMI. + + SEL records store system event information and will contain a record ID + and type followed by type-specific information. The type-specific + information includes a timestamp, generator ID (used to identify the + component that is adding the SEL record), sensor number, event + direction and event-specific data for system type events; or timestamp + and OEM data for OEM type events. + + The interface allows adding system or OEM type events. For system type + events it requires a generator ID (0x20 for BMC), sensor D-Bus path, + event direction (assertion or de-assertion), and event specific data. + For OEM type events, it requires the record type and OEM data. + + It will assign a record ID and timestamp automatically and return the + assigned record ID. +methods: + - name: IpmiSelAdd + description: > + Log a system event record type SEL entry. + parameters: + - name: Message + type: string + description: > + The text to log for the event. + - name: Path + type: path + description: > + The object path that is generating the SEL entry. + - name: SELData + type: array[byte] + description: > + An array of up to 3 bytes of SEL event data. + - name: Assert + type: boolean + description: > + An indicator if the SEL event is asserting or de-asserting. + - name: GeneratorID + type: uint16 + description: > + The Generator ID of the component requesting the new SEL entry. + In most cases this will be 0x20 (the BMC Generator ID). + returns: + - name: RecordID + type: uint16 + description: > + The Record ID of the new SEL entry. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + + - name: IpmiSelAddOem + description: > + Log an OEM record type SEL entry requested from external to the BMC. + parameters: + - name: Message + type: string + description: > + The text to log for the event. + - name: SELData + type: array[byte] + description: > + An array of up to 13 bytes of SEL event data. + - name: RecordType + type: byte + description: > + The OEM record type for the SEL entry. + returns: + - name: RecordID + type: uint16 + description: > + The Record ID of the new SEL entry. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument diff --git a/xyz/openbmc_project/Memory/MemoryECC.errors.yaml b/xyz/openbmc_project/Memory/MemoryECC.errors.yaml new file mode 100644 index 0000000..9c2f4b9 --- /dev/null +++ b/xyz/openbmc_project/Memory/MemoryECC.errors.yaml @@ -0,0 +1,8 @@ +- name: isLoggingLimitReached + description: ECC collection limit is reached. + +- name: ceCount + description: Correctable ECC/other correctable memory error. + +- name: ueCount + description: Uncorrectable ECC/other uncorrectable memory error.
\ No newline at end of file diff --git a/xyz/openbmc_project/Memory/MemoryECC.interface.yaml b/xyz/openbmc_project/Memory/MemoryECC.interface.yaml new file mode 100644 index 0000000..32c23bb --- /dev/null +++ b/xyz/openbmc_project/Memory/MemoryECC.interface.yaml @@ -0,0 +1,38 @@ +description: > + Implement to provide memory ECC attributes. +properties: + - name: isLoggingLimitReached + type: boolean + description: > + ECC logging limit reached. + - name: ceCount + type: int64 + description: > + A correctable ECC event has been detected on a read operation. + - name: ueCount + type: int64 + description: > + An uncorrectable ECC event has been detected on a read operation. + - name: state + type: enum[self.ECCStatus] + default: ok + description: > + The state is described in ECC status. + +enumerations: + - name: ECCStatus + description: > + The operating system statuses. + values: + - name: ok + description: > + There is no ECC error occurred. + - name: CE + description: > + correctable ECC detected. + - name: UE + description: > + uncorrectable ECC detected. + - name: LogFull + description: > + ECC logging reach limits. diff --git a/xyz/openbmc_project/Network/Client.interface.yaml b/xyz/openbmc_project/Network/Client.interface.yaml new file mode 100644 index 0000000..8c8eaeb --- /dev/null +++ b/xyz/openbmc_project/Network/Client.interface.yaml @@ -0,0 +1,19 @@ +description: > + This defines the network endpoint. + Application which wants to keep the network endpoint info + can use this interface. + e.g: Network endpoint could be SNMP mangers or LDAP servers etc. +properties: + - name: Address + type: string + description: > + The value of this property can be IP/hostname of the network endpoint. + errors: + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.Common.Error.InternalFailure + - name: Port + type: uint16 + description: > + The value of this property is the network port number. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure diff --git a/xyz/openbmc_project/Network/MACAddress.interface.yaml b/xyz/openbmc_project/Network/MACAddress.interface.yaml index 5585338..df092f2 100644 --- a/xyz/openbmc_project/Network/MACAddress.interface.yaml +++ b/xyz/openbmc_project/Network/MACAddress.interface.yaml @@ -6,4 +6,6 @@ properties: type: string description: > MAC address of the ethernet interface. - + errors: + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.Common.Error.InternalFailure diff --git a/xyz/openbmc_project/Network/Neighbor.interface.yaml b/xyz/openbmc_project/Network/Neighbor.interface.yaml new file mode 100644 index 0000000..a2c4161 --- /dev/null +++ b/xyz/openbmc_project/Network/Neighbor.interface.yaml @@ -0,0 +1,30 @@ +description: > + This defines a network Neighbor mapping. + +# TODO Fix it through https://github.com/openbmc/openbmc/issues/1438 +# creatable: true + +properties: + - name: IPAddress + type: string + description: > + The IP Address of the neighbor. + - name: MACAddress + type: string + description: > + The low level mac address that the IP maps to. + - name: State + type: enum[self.State] + description: > + State the neighbor is in. + +enumerations: + - name: State + description: > + The internal state of the neighbor entry. + values: + - name: Incomplete + - name: Reachable + - name: Stale + - name: Invalid + - name: Permanent diff --git a/xyz/openbmc_project/Network/README.md b/xyz/openbmc_project/Network/README.md index 9391c65..100ae86 100644 --- a/xyz/openbmc_project/Network/README.md +++ b/xyz/openbmc_project/Network/README.md @@ -16,39 +16,225 @@ physical/virtual interface object. ## Interfaces -1. SystemConfiguration: This describes the system specific parameters. +1. SystemConfiguration: This describes the system-specific parameters. 2. EthernetInterface: This describes the interface specific parameters. -3. IP: This describes the ip address specific parameters. +3. IP: This describes the IP address specific parameters. 4. IPProtocol: This describes the IP protocol type(IPv4/IPv6). 5. VLANInterface: This describes the VLAN specific properties. 6. Bond: This describes the interface bonding parameters. -# DbusObjects +## D-Bus Objects -## Interface Objects +#### Interface Objects Interface objects can be physical as well as virtual. -If the object is physical interface, it can't be deleted, +If the object is a physical interface, it can't be deleted, but if it is a virtual interface object it can be deleted. -eg: `/xyz/openbmc_project/network/<interfacename>` +E.g. `/xyz/openbmc_project/network/<interfacename>` -## IPAddress Objects +#### IP Address Objects -There can be multiple ip address objects under an interface object. +There can be multiple IP address objects under an interface object. These objects can be deleted by the delete function. -IPv4 object will have the following dbus object path. +IPv4 objects will have the following D-Bus object path: -eg: `/xyz/openbmc_project/network/<interface>/<ipv4>/<id>/` +`/xyz/openbmc_project/network/<interface>/ipv4/<id>` -IPv6 object will have the following dbus object path. +IPv6 objects will have the following D-Bus object path: -eg: `/xyz/openbmc_project/network/<interface>/<ipv6>/<id>/` +`/xyz/openbmc_project/network/<interface>/ipv6/<id>` -## Conf Object +#### Network Configuration Object -This object will have the system configuration related parameters. +The network configuration object will have system configuration parameters: -eg: `/xyz/openbmc_project/network/conf` +`/xyz/openbmc_project/network/conf` + +## Commands + +#### Create Static IPv4 Address + +``` +busctl call xyz.openbmc_project.Network /xyz/openbmc_project/network/<interface> xyz.openbmc_project.Network.IP.Create IP ssys "xyz.openbmc_project.Network.IP.Protocol.IPv4" "<IP Address>" <Netmask Prefix> "<Network Gateway>" +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d '{"data":["xyz.openbmc_project.Network.IP.Protocol.IPv4","<IP Address>", <Netmask Prefix>, "<Network Gateway>"] +}' https://${bmc}/xyz/openbmc_project/network/<interface>/action/IP +``` + +E.g. +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d '{"data":["xyz.openbmc_project.Network.IP.Protocol.IPv4","8.8.8.8", 24, "8.8.8.0"]}' https://${bmc}/xyz/openbmc_project/network/eth0/action/IP +``` + +Note: After creating the IP address object enumerate the network interface object to get the IPv4 id. + +#### Delete IPv4 Address + +``` +busctl call xyz.openbmc_project.Network /xyz/openbmc_project/network/<interface>/ipv4/<id> xyz.openbmc_project.Object.Delete Delete +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X DELETE https://${bmc}/xyz/openbmc_project/network/<interface>/ipv4/<id> +``` + +#### Default Gateway + +##### Get + +``` +busctl get-property xyz.openbmc_project.Network /xyz/openbmc_project/network/config xyz.openbmc_project.Network.SystemConfiguration DefaultGateway +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" https://${bmc}/xyz/openbmc_project/network/config/attr/DefaultGateway +``` + +##### Set + +``` +busctl set-property xyz.openbmc_project.Network /xyz/openbmc_project/network/config xyz.openbmc_project.Network.SystemConfiguration DefaultGateway s "<DefaultGateway>" +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data": "<DefaultGateway>"}' https://${bmc}/xyz/openbmc_project/network/config/attr/DefaultGateway +``` + +NOTE: The default gateway must be pingable, if not 0.0.0.0 will be used. + +#### HostName + +##### Get + +``` +busctl get-property xyz.openbmc_project.Network /xyz/openbmc_project/network/config xyz.openbmc_project.Network.SystemConfiguration HostName +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" https://${bmc}/xyz/openbmc_project/network/config/attr/HostName +``` + +##### Set + +``` +busctl set-property xyz.openbmc_project.Network /xyz/openbmc_project/network/config xyz.openbmc_project.Network.SystemConfiguration HostName s "<HostName>" +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data": "<HostName>"}' https://${bmc}/xyz/openbmc_project/network/config/attr/HostName +``` + +#### DHCP + +##### Get + +``` +busctl get-property xyz.openbmc_project.Network /xyz/openbmc_project/network/eth0 xyz.openbmc_project.Network.EthernetInterface DHCPEnabled +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" https://${bmc}/xyz/openbmc_project/network/eth0/attr/DHCPEnabled +``` + +##### Enable + +``` +busctl set-property xyz.openbmc_project.Network /xyz/openbmc_project/network/eth0 xyz.openbmc_project.Network.EthernetInterface DHCPEnabled b 1 +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data": 1}' https://${bmc}/xyz/openbmc_project/network/eth0/attr/DHCPEnabled +``` + +#### MAC Address + +##### Get + +``` +busctl get-property xyz.openbmc_project.Network /xyz/openbmc_project/network/eth0 xyz.openbmc_project.Network.MACAddress MACAddress +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" https://${bmc}/xyz/openbmc_project/network/<interface>/attr/MACAddress +``` + +##### Set + +``` +busctl set-property xyz.openbmc_project.Network /xyz/openbmc_project/network/<interface> xyz.openbmc_project.Network.MACAddress MACAddress s "<MAC Address>" +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/jon" -X PUT -d '{"data": "<MAC Address>" }' https://${bmc}/xyz/openbmc_project/network/<interface>/attr/MACAddress +``` + +NOTE: MAC address should be a local admin MAC (2nd bit of first byte should be on). + +#### Network Factory Reset + +``` +busctl call xyz.openbmc_project.Network /xyz/openbmc_project/network xyz.openbmc_project.Common.FactoryReset Reset +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d '{"data":[] }' https://${bmc}/xyz/openbmc_project/network/action/Reset +``` + +#### VLAN + +##### Create + +``` +busctl call xyz.openbmc_project.Network /xyz/openbmc_project/network xyz.openbmc_project.Network.VLAN.Create VLAN su "<interface>" <VLAN id> +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d '{"data":["<interface>", <VLAN id>] }' https://${bmc}/xyz/openbmc_project/network/action/VLAN +``` + +E.g. +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d '{"data":["eth0",50] }' https://${bmc}/xyz/openbmc_project/network/action/VLAN +``` + +##### Delete + +``` +busctl call xyz.openbmc_project.Network /xyz/openbmc_project/network/<VLAN interface> xyz.openbmc_project.Object.Delete Delete +``` +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X DELETE https://${bmc}/xyz/openbmc_project/network/<VLAN interface> +``` + +E.g. +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" -X DELETE https://${bmc}/xyz/openbmc_project/network/eth0_50 +``` + +##### Enumerate + +``` +curl -c cjar -b cjar -k -H "Content-Type: application/json" https://${bmc}/xyz/openbmc_project/network/<VLAN interface>/enumerate +``` + +#### IPMI VLAN and IP + +##### Create + +``` +ipmitool -I dbus lan set 1 ipsrc static + +ipmitool -I dbus lan set 1 ipaddr <IP address> + +ipmitool -I dbus lan set 1 netmask <mask> + +ipmitool -I dbus lan set 1 defgw ipaddr <IP address> + +ipmitool -I dbus lan set 1 vlan id <id> + +ipmitool -I dbus raw 0x06 0x40 // To the save settings +``` + +NOTE: It takes 4-5 seconds to create the VLAN and configure the IP. +If a VLAN interface is not desired don't set the VLAN id above. + +##### Delete + +``` +ipmitool -I dbus lan set 1 vlan id off + +ipmitool -I dbus raw 0x06 0x40 // To the save settings +``` diff --git a/xyz/openbmc_project/Network/SystemConfiguration.interface.yaml b/xyz/openbmc_project/Network/SystemConfiguration.interface.yaml index 346f53e..917a5d6 100644 --- a/xyz/openbmc_project/Network/SystemConfiguration.interface.yaml +++ b/xyz/openbmc_project/Network/SystemConfiguration.interface.yaml @@ -8,4 +8,12 @@ properties: - name: DefaultGateway type: string description: > - default gateway of the system. + default IPv4 gateway of the system. + errors: + - xyz.openbmc_project.Common.Error.InvalidArgument + - name: DefaultGateway6 + type: string + description: > + default IPv6 gateway of the system. + errors: + - xyz.openbmc_project.Common.Error.InvalidArgument diff --git a/xyz/openbmc_project/Object/Delete.interface.yaml b/xyz/openbmc_project/Object/Delete.interface.yaml index bcddbeb..fa84e9c 100644 --- a/xyz/openbmc_project/Object/Delete.interface.yaml +++ b/xyz/openbmc_project/Object/Delete.interface.yaml @@ -4,5 +4,7 @@ methods: - name: Delete description: > Delete the object implementing Delete. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure # vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Sensor/Value.interface.yaml b/xyz/openbmc_project/Sensor/Value.interface.yaml index 5e1b345..a792d77 100644 --- a/xyz/openbmc_project/Sensor/Value.interface.yaml +++ b/xyz/openbmc_project/Sensor/Value.interface.yaml @@ -40,6 +40,7 @@ properties: For objects in the current namespace, Unit must be "Amperes". For objects in the power namespace, Unit must be "Watts". For objects in the energy namespace, Unit must be "Joules". + For objects in the frequency namespace, Unit must be "MHz". - name: Scale type: int64 description: > @@ -72,6 +73,9 @@ enumerations: - name: Joules description: > Energy transfer as Joules. + - name: MHz + description: > + Frequency as MHz. # vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Software/ApplyTime.interface.yaml b/xyz/openbmc_project/Software/ApplyTime.interface.yaml new file mode 100644 index 0000000..0fff06a --- /dev/null +++ b/xyz/openbmc_project/Software/ApplyTime.interface.yaml @@ -0,0 +1,22 @@ +description: > + To implement the apply time of a newly updated software image. + The apply time property is global to all firmware update packages + and the default value of the property is OnReset. +properties: + - name: RequestedApplyTime + type: enum[self.RequestedApplyTimes] + description: > + This property indicates when the software image update should be + applied. +enumerations: + - name: RequestedApplyTimes + description: > + The possible values of this property indicate when the newly + updated software image will be activated. + values: + - name: Immediate + description: > + Apply immediately. + - name: OnReset + description: > + Apply on a reset. diff --git a/xyz/openbmc_project/Software/README.md b/xyz/openbmc_project/Software/README.md index 65c8a38..89077ca 100644 --- a/xyz/openbmc_project/Software/README.md +++ b/xyz/openbmc_project/Software/README.md @@ -93,6 +93,20 @@ be in the following states: 6. *Failed* - The `Software.Version` or the storage medium on which it is stored has failed. An event may be recorded with additional details. +### Image Apply Time + +`xyz.openbmc_project.Software.ApplyTime` has a property called +RequestedApplyTime that indicates when the newly applied software image will +be activated. RequestedApplyTime is a D-Bus property that maps to the +"ApplyTime" property in the Redfish UpdateService schema. Below are the +currently supported values and the value can be supplied through +HttpPushUriApplyTime object: + +1. *Immediate* - Indicating that the `Software.Version` needs to be activated + immediately. +2. *OnReset* - Indicating that the `Software.Version` needs to be activated + on the next reset. + ### Blocking State Transitions It is sometimes useful to block a system state transition while activations diff --git a/xyz/openbmc_project/Software/Version.errors.yaml b/xyz/openbmc_project/Software/Version.errors.yaml new file mode 100644 index 0000000..4d63a57 --- /dev/null +++ b/xyz/openbmc_project/Software/Version.errors.yaml @@ -0,0 +1,7 @@ +- name: Incompatible + description: > + A system component has a software version that is incompatible as determined + by the implementation and needs to be updated. Some usage examples for this + error include creating logging events and providing information on + implementation reactions such as when the system is prevented from powering + on if a minimum version level is not met. diff --git a/xyz/openbmc_project/Software/Version.metadata.yaml b/xyz/openbmc_project/Software/Version.metadata.yaml new file mode 100644 index 0000000..155e91d --- /dev/null +++ b/xyz/openbmc_project/Software/Version.metadata.yaml @@ -0,0 +1,9 @@ +- name: Incompatible + level: ERR + meta: + - str: "MIN_VERSION=%s" + type: string + - str: "ACTUAL_VERSION=%s" + type: string + - str: "VERSION_PURPOSE=%s" + type: string diff --git a/xyz/openbmc_project/State/BMC.interface.yaml b/xyz/openbmc_project/State/BMC.interface.yaml index 45dbc48..2cb7c66 100644 --- a/xyz/openbmc_project/State/BMC.interface.yaml +++ b/xyz/openbmc_project/State/BMC.interface.yaml @@ -16,6 +16,12 @@ properties: description: > The current state of the BMC and is a read-only property. + - name: LastRebootTime + type: uint64 + description: > + The last time at which the BMC came out of a reboot as + determined by its uptime, in epoch time, in milliseconds. + enumerations: - name: Transition description: > diff --git a/xyz/openbmc_project/State/Chassis.interface.yaml b/xyz/openbmc_project/State/Chassis.interface.yaml index 42c8f71..4ae6274 100644 --- a/xyz/openbmc_project/State/Chassis.interface.yaml +++ b/xyz/openbmc_project/State/Chassis.interface.yaml @@ -16,6 +16,14 @@ properties: A user can determine if a chassis is in transition by comparing the CurrentPowerState and RequestedPowerTransition properties. + - name: LastStateChangeTime + type: uint64 + description: > + The last time at which the chassis power changed state, as + tracked by the CurrentPowerState property, in epoch time, + in milliseconds. This can be used to tell when the chassis + was last powered on or off. + enumerations: - name: Transition description: > diff --git a/xyz/openbmc_project/State/Watchdog.interface.yaml b/xyz/openbmc_project/State/Watchdog.interface.yaml index 960b2b0..da95d4c 100644 --- a/xyz/openbmc_project/State/Watchdog.interface.yaml +++ b/xyz/openbmc_project/State/Watchdog.interface.yaml @@ -1,6 +1,22 @@ description: > Implement the watchdog function. +methods: + - name: ResetTimeRemaining + description: > + Resets the time remaining to the configured interval. + This is equivalent to reading the Interval and writing it + into the TimeRemaining. Optionally the watchdog can be enabled + during the reset process. + parameters: + - name: EnableWatchdog + type: boolean + description: > + If true the watchdog will be enabled when the reset + is performed. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + properties: - name: Initialized type: boolean @@ -28,6 +44,16 @@ properties: Time remaining before timeout, in milli-second. Setting this property can re-arm the watchdog. default: 0 + - name: CurrentTimerUse + type: enum[self.TimerUse] + description: > + The host defined user of this timer. + default: 'Reserved' + - name: ExpiredTimerUse + type: enum[self.TimerUse] + description: > + The timer user at the time of expiration. + default: 'Reserved' enumerations: - name: Action @@ -47,4 +73,27 @@ enumerations: description: > Perform a power cycle of the system. + - name: TimerUse + description: > + The type of timer use. + values: + - name: 'Reserved' + description: > + Reserved. + - name: 'BIOSFRB2' + description: > + BIOS FRB2. + - name: 'BIOSPOST' + description: > + BIOS POST. + - name: 'OSLoad' + description: > + OS Load. + - name: SMSOS + description: > + SMS OS. + - name: 'OEM' + description: > + OEM. + # vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/Time.errors.yaml b/xyz/openbmc_project/Time.errors.yaml new file mode 100644 index 0000000..9bff979 --- /dev/null +++ b/xyz/openbmc_project/Time.errors.yaml @@ -0,0 +1,4 @@ +- name: NotAllowed + description: The operation is not allowed +- name: Failed + description: The operation failed diff --git a/xyz/openbmc_project/Time.metadata.yaml b/xyz/openbmc_project/Time.metadata.yaml new file mode 100644 index 0000000..cfef584 --- /dev/null +++ b/xyz/openbmc_project/Time.metadata.yaml @@ -0,0 +1,14 @@ +- name: NotAllowed + inherits: + - xyz.openbmc_project.Common.NotAllowed + meta: + - str: "OWNER=%s" + type: string + - str: "SYNC_METHOD=%s" + type: string +- name: Failed + inherits: + - xyz.openbmc_project.Common.InternalFailure + meta: + - str: "REASON=%s" + type: string diff --git a/xyz/openbmc_project/Time/EpochTime.interface.yaml b/xyz/openbmc_project/Time/EpochTime.interface.yaml index 243802a..26f7b3a 100644 --- a/xyz/openbmc_project/Time/EpochTime.interface.yaml +++ b/xyz/openbmc_project/Time/EpochTime.interface.yaml @@ -7,4 +7,12 @@ properties: Time elpased since the Epoch(1 Jan 1970 00:00:00 UTC), in microseconds. + On setting this property, errors may be thrown. + InternalFailure means BMC fails to set the time. + InsufficientPermission means it is not allowed to set time depend + on the time settings. + errors: + - xyz.openbmc_project.Time.Error.NotAllowed + - xyz.openbmc_project.Time.Error.Failed + # vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/AccountPolicy.interface.yaml b/xyz/openbmc_project/User/AccountPolicy.interface.yaml new file mode 100644 index 0000000..9e81b08 --- /dev/null +++ b/xyz/openbmc_project/User/AccountPolicy.interface.yaml @@ -0,0 +1,41 @@ +description: > + Provides global user account policy related management. + +properties: + - name: MaxLoginAttemptBeforeLockout + type: uint16 + description: > + Configures the maximum permissible attempt before locking + out the user. Value of 0 indicates that account lockout + feature is disabled. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + + - name: AccountUnlockTimeout + type: uint32 + description: > + Configures timeout needed (in seconds) to unlock the account + after a lockout. Value of 0 indicates that account must be + unlocked manually. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + + - name: MinPasswordLength + type: byte + description: > + Configures the minimum password length. Minimum password length + specified in build time is marked as default value. This property + cannot be configured below the build time default value but can be + set to higher one for security reasons. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + + - name: RememberOldPasswordTimes + type: byte + description: > + Configures the number of times old password shouldn't be allowed + when trying to update new password. Value of 0 (by default) indicates + this feature is not enforced. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/Attributes.interface.yaml b/xyz/openbmc_project/User/Attributes.interface.yaml new file mode 100644 index 0000000..c4f18ad --- /dev/null +++ b/xyz/openbmc_project/User/Attributes.interface.yaml @@ -0,0 +1,39 @@ +description: > + Provides user objects, their properties. + As communication to this service is done through authenticated + & authorized session, there won't be any validation for the both. + +properties: + - name: UserGroups + type: array[string] + description: > + Groups to which the user belong. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + + - name: UserPrivilege + type: string + description: > + Privilege of the user. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + + - name: UserEnabled + type: boolean + description: > + Enabled or disabled state of the user. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + + - name: UserLockedForFailedAttempt + type: boolean + description: > + Locked or unlocked state of the user. After repeated failed + login attempt (configured through MaxLoginAttemptBeforeLockout), + locked out user can be unlocked manually by setting false to + this property. This property will return true if user is locked + out user. AccountUnlockTimeout property can be configured to unlock + the user after a timeout. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/Common.errors.yaml b/xyz/openbmc_project/User/Common.errors.yaml new file mode 100644 index 0000000..2bcfb38 --- /dev/null +++ b/xyz/openbmc_project/User/Common.errors.yaml @@ -0,0 +1,18 @@ +# xyz.openbmc_project.User.Common.Error.UserNameExists +- name: UserNameExists + description: Specified user name already exists. +# xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist +- name: UserNameDoesNotExist + description: Specified user name does not exist. +# xyz.openbmc_project.User.Common.Error.UserNameGroupFail +- name: UserNameGroupFail + description: Specified Group related restriction failure for user name. +# xyz.openbmc_project.User.Common.Error.UserNamePrivFail +- name: UserNamePrivFail + description: Specified privilege related restriction failure for user name. +# xyz.openbmc_project.User.Common.Error.NoResource +- name: NoResource + description: No resource available. +# xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists +- name: PrivilegeMappingExists + description: Specified privilege mapping already exists.
\ No newline at end of file diff --git a/xyz/openbmc_project/User/Common.metadata.yaml b/xyz/openbmc_project/User/Common.metadata.yaml new file mode 100644 index 0000000..49ef492 --- /dev/null +++ b/xyz/openbmc_project/User/Common.metadata.yaml @@ -0,0 +1,19 @@ +- name: UserNameExists + level: ERR +- name: UserNameDoesNotExist + level: ERR +- name: UserNameGroupFail + level: ERR + meta: + - str: "REASON = %s" + type: string +- name: UserNamePrivFail + level: ERR + meta: + - str: "REASON = %s" + type: string +- name: NoResource + level: ERR + meta: + - str: "REASON = %s" + type: string diff --git a/xyz/openbmc_project/User/Ldap/Config.interface.yaml b/xyz/openbmc_project/User/Ldap/Config.interface.yaml new file mode 100644 index 0000000..42c7126 --- /dev/null +++ b/xyz/openbmc_project/User/Ldap/Config.interface.yaml @@ -0,0 +1,83 @@ +description: > + Implement to update LDAP mandatory properties. + +properties: + - name: LDAPServerURI + type: string + description: > + Specifies the LDAP URI of the server to connect to. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.Common.Error.NoCACertificate + - name: LDAPBindDN + type: string + description: > + Specifies the distinguished name with which to bind to the directory + server for lookups. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - name: LDAPBindDNPassword + type: string + description: > + Specifies the credentials with which to bind,Implementation should + consider changing the permissions of the underlying file to + only grant access to the root user. + This property value should not be reflected on the D-bus object itself. + Implementation can use the given value and update the service + implementing the LDAP client.This is just to facilitate the support + for changing the bin dn password if needed. + Currently this property is over D-bus, There are security concerns + for the same, but once we find better way to update the ldap password + we would fix it. + - name: LDAPBaseDN + type: string + description: > + Specifies the base distinguished name to use as search base. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - name: LDAPSearchScope + type: enum[self.SearchScope] + description: > + Specifies the search scope:subtree, one level or base object. + default: sub + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - name: LDAPType + type: enum[self.Type] + description: > + Specifies the the configured server is ActiveDirectory(AD) or + OpenLdap. It's just an indication for the LDAP stack running on + the BMC, in case the app is implemented in such a way that it has + to react differently for AD vs openldap. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - name: GroupNameAttribute + type: string + description: > + The value of this property shall be the attribute name + that contains the name of the Group in the LDAP server. + - name: UserNameAttribute + type: string + description: > + The value of this property shall be the attribute name + that contains the username in the LDAP server. +enumerations: + - name: SearchScope + description: > + Possible base scopes. + values: + - name: sub + - name: one + - name: base + + - name: Type + description: > + Possible LDAP Types. + values: + - name: ActiveDirectory + - name: OpenLdap + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/Ldap/Create.interface.yaml b/xyz/openbmc_project/User/Ldap/Create.interface.yaml new file mode 100644 index 0000000..69c03e6 --- /dev/null +++ b/xyz/openbmc_project/User/Ldap/Create.interface.yaml @@ -0,0 +1,79 @@ +description: > + Implement to create LDAP name service daemon configuration file. + +methods: + - name: CreateConfig + description: > + This method always creates a new config file as well as a D-Bus + object to represent the config, it will destroy an existing one, + if found. In other words, this is not an update API. Individual + properties can be updated as per the + xyz/openbmc_project/User/Ldap/Config.interface.yaml. + parameters: + - name: LDAPServerURI + type: string + description: > + Specifies the LDAP URI of the server to connect to. + - name: LDAPBindDN + type: string + description: > + Specifies the distinguished name with which to bind to the + directory server for lookups. + - name: LDAPBaseDN + type: string + description: > + Specifies the base distinguished name to use as search base. + - name: LDAPBINDDNpassword + type: string + description: > + Specifies the clear text credentials with which to bind. This + option is only applicable when used with LDAPBindDN. + - name: LDAPSearchScope + type: enum[self.SearchScope] + description: > + Specifies the search scope:subtree, one level or base object. + - name: LDAPType + type: enum[self.Type] + description: > + Specifies the the configured server is ActiveDirectory(AD) or + OpenLdap. It's just an indication for the LDAP stack running on + the BMC, in case the app is implemented in such a way that it has + to react differently for AD vs openldap. + - name: GroupNameAttribute + type: string + description: > + Specifies the attribute name that contains the name + of the Group in the LDAP server. + - name: UsernameAttribute + type: string + description: > + Specifies the attribute name that contains + the username in the LDAP server. + returns: + - name: path + type: string + description: > + The object path of the D-Bus object representing the config. + + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.Common.Error.NoCACertificate + +enumerations: + - name: SearchScope + description: > + Possible base scopes. + values: + - name: sub + - name: one + - name: base + + - name: Type + description: > + Possible LDAP Types. + values: + - name: ActiveDirectory + - name: OpenLdap + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/Manager.interface.yaml b/xyz/openbmc_project/User/Manager.interface.yaml new file mode 100644 index 0000000..3874071 --- /dev/null +++ b/xyz/openbmc_project/User/Manager.interface.yaml @@ -0,0 +1,124 @@ +description: > + Provides user management functionality. + As communication to this service is done through authenticated + & authorized session, there won't be any validation for both. + +methods: + - name: CreateUser + description: > + Creates a new user. If the user already exists, then it will throw + an error. + parameters: + - name: UserName + type: string + description: > + User name which has to be created. + - name: GroupNames + type: array[string] + description: > + List of groups to which the user has to be added. + - name: Privilege + type: string + description: > + Privilege of the user to be added. + - name: Enabled + type: boolean + description: > + User enabled / disabled. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InsufficientPermission + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.User.Common.Error.UserNameExists + - xyz.openbmc_project.User.Common.Error.UserNameGroupFail + - xyz.openbmc_project.User.Common.Error.UserNamePrivFail + - xyz.openbmc_project.User.Common.Error.NoResource + + - name: RenameUser + description: > + Rename's existing user to new one. All other properties of the + user will remain same. + parameters: + - name: UserName + type: string + description: > + User name which has to be updated. + - name: NewUserName + type: string + description: > + New User name to which user has to be updated. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InsufficientPermission + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist + - xyz.openbmc_project.User.Common.Error.UserNameExists + - xyz.openbmc_project.User.Common.Error.UserNameGroupFail + - xyz.openbmc_project.User.Common.Error.UserNamePrivFail + - xyz.openbmc_project.User.Common.Error.NoResource + + - name: GetUserInfo + description: > + Get user properites. + If its local user, method returns + -user privilege + -user groups + -user enabled state + -user locked state + -remote user flag + If its ldap user, method returns + -user privilege + -remote user flag + parameters: + - name: UserName + type: string + description: > + User name whose properties have to be returned. + returns: + - name: UserInfo + type: dict[string,variant[string,array[string],boolean]] + description: > + Dictionary of user properties. + List of key name and data type of properties below. + UserPrivilege -> privilege of the user(string) + UserGroups -> list of groups user belongs to(array[string]) + UserEnabled -> user enabled state(boolean) + UserLockedForFailedAttempt -> user locked state(boolean) + RemoteUser -> remote or local user(boolean) + + For detailed documentation of user properties refer + Attributes.interface.yaml + examples: + 1.UserInfo["RemoteUser"] returns true for ldap user + and false for local user. + 2.UserInfo["UserGroups"] gets list of groups of user. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InsufficientPermission + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist + +properties: + - name: AllPrivileges + type: array[string] + description: > + Lists all available user privileges in the system. + + - name: AllGroups + type: array[string] + description: > + Lists all available groups in the system. + +signals: + - name: UserRenamed + description: > + Signal indicating user's name is updated. + properties: + - name: UserName + type: string + description: Name of the user which got renamed. + - name: NewUserName + type: string + description: New name of the user. + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/Password.interface.yaml b/xyz/openbmc_project/User/Password.interface.yaml deleted file mode 100644 index 24697a3..0000000 --- a/xyz/openbmc_project/User/Password.interface.yaml +++ /dev/null @@ -1,27 +0,0 @@ -description: > - Implement to provide user password set functionality. Since this - needs an authenticated session, there is no need of old password. - User ID is part of the dbus object. -methods: - - name: SetPassword - description: > - Set the user password. If the user already had a password, it will - be updated, else sets the password. - - InsufficientPermission error doing so would mean that, the caller - does not have required permission to update the password. - - InternalFailure error would mean that, caller had required - permissions, but, there was a software error. - Errorlog metadata would need to be looked into when this happens. - Re-try once on this error and if that fails, do not try anymore. - parameters: - - name: NewPassword - type: string - description: > - new password string - errors: - - xyz.openbmc_project.Common.Error.InternalFailure - - xyz.openbmc_project.Common.Error.InsufficientPermission - -# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml new file mode 100644 index 0000000..aac9fc0 --- /dev/null +++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml @@ -0,0 +1,46 @@ +description: > + Implement this interface to set the privilege of the user based on the + group name. The users in the group will inherit the privilege mapping of + the group. The Create method on success creates the object which implements + xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of + LDAP, the object path will be + /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be + a unique number generated by the application. If the privilege mapping + already exists then it throws the exception + xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the + privilege for a mapping which already exists, the Privilege property in the + xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set. + Any application consuming the privilege mapping should not cache the object + path and use the GetManagedObjects method on the + org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object + path associated with the group name. + +methods: + - name: Create + description: > + Creates a mapping for the group to the privilege. + parameters: + - name: GroupName + type: string + description: > + Group Name to which the privilege is to be assigned. In the case + of LDAP, the GroupName will be the LDAP group the user is part of. + - name: Privilege + type: string + description: > + The privilege associated with the group. The set of available + privileges are xyz.openbmc_project.User.Manager.AllPrivileges. + xyz.openbmc_project.Common.Error.InvalidArgument exception will + be thrown if the privilege is invalid. Additional documentation + on privilege is available here. + https://github.com/openbmc/docs/blob/master/user_management.md + returns: + - name: Path + type: path + description: > + The path for the created privilege mapping object. + + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
\ No newline at end of file diff --git a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml new file mode 100644 index 0000000..cea3ca2 --- /dev/null +++ b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml @@ -0,0 +1,26 @@ +description: > + Implement to provide privilege for the group. + +properties: + - name: GroupName + type: string + description: > + Group Name to which the privilege is to be assigned. In the case of + LDAP, the GroupName will be the LDAP group the user is part of. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists + - name: Privilege + type: string + description: > + One of the privilege as defined by + xyz.openbmc_project.User.Manager.AllPrivileges. + xyz.openbmc_project.Common.Error.InvalidArgument exception will be + thrown if the privilege is invalid. Additional documentation + on privilege is available here. + https://github.com/openbmc/docs/blob/master/user_management.md + + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument
\ No newline at end of file diff --git a/xyz/openbmc_project/User/README.md b/xyz/openbmc_project/User/README.md new file mode 100644 index 0000000..1ce17e0 --- /dev/null +++ b/xyz/openbmc_project/User/README.md @@ -0,0 +1,52 @@ +# User Management + +## Overview +User Manager service exposes D-Bus methods for user management operations. + +### User Manager Interface +User manager interface `xyz.openbmc_project.User.Manager` provides following +methods, properties and signals. + +#### xyz.openbmc_project.User.Manager interface +##### methods +* CreateUser - To create new user to the system. +* RenameUser - To rename existing user to new name in the system. + +##### properties +* AllGroups - To list all the groups supported in the system. +* AllPrivileges - To list all the privileges supported in the system. + +##### signals +* UserRenamed - Signal sent out when user is renamed in the system. + +#### xyz.openbmc_project.User.AccountPolicy interface +##### properties +* MaxLoginAttemptBeforeLockout - Permissible attempt before locking out the +user for failed login attempts. +* AccountUnlockTimeout - Timeout (in seconds) to unlock the account after a +lockout. +* MinPasswordLength - Minimum password length, which can be set. +* RememberOldPasswordTimes – Number of times old password shouldn’t be allowed +when updating password for the user. + +### Users Interface +User manager daemon, will create user objects for every user existing +in the system under object path `/xyz/openbmc_project/user/<user name>`. +Each user object can be handled through 'org.freedesktop.DBus.ObjectManager'. +User object will expose following properties and methods. + +#### xyz.openbmc_project.User.Attributes interface +##### properties +* UserPrivilege - Privilege of the user. +* UserGroups - Groups to which the user belongs. +* UserEnabled - User enabled state. +* UserLockedForFailedAttempt - Locked or unlocked state of the user account. + +#### xyz.openbmc_project.Object.Delete +#### methods +* Delete - To delete the user object in the system. + +##Note +This interface doesn't provide ways to set / update password. The same must +be set / updated through pam_chauthtok() (PAM modules). This is to avoid +sending out password through D-Bus. |