diff options
author | Chris Austen <austenc@us.ibm.com> | 2017-09-29 18:30:03 -0500 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-05-04 02:54:40 +0000 |
commit | 7584d4373bd46d7c391f499808fba730796c7d33 (patch) | |
tree | c802572ad29c6a4cd0bfd1f7d0e8c0070ff695cd | |
parent | 13cd0ca77e25735c1188bba55b3c7f5d735951fb (diff) | |
download | talos-openbmc-7584d4373bd46d7c391f499808fba730796c7d33.tar.gz talos-openbmc-7584d4373bd46d7c391f499808fba730796c7d33.zip |
Move phosphor-gevent to http and enable nginx on 443
phosphor-gevent will be moved to internal http,
nginx will be the front end web server, and will
redirect all traffic internally to gevent.
test cases passed with...
tox -e palmetto -- tests/test_rest_interfaces.robot
Testing:
- Before testing suite completed in 1:18
After nginx control 443 suite finished in 0:45 seconds
- Also verified web interface still loads when going
to system name in web browser (http and https)
- Verified code update with full 20MB image still works
- Verified dump can be generated and retrieved
- Verified that when the same IP requests 2 image uploads
at same time, Nginx serializes them
Change-Id: Ifcd61cf22bd8f6ea0536fe706eba8e45ec85e7c3
Signed-Off-by: Chris Austen <austenc@us.ibm.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
6 files changed, 39 insertions, 5 deletions
diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf index 516973c12..d788fd2ec 100644 --- a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf @@ -42,8 +42,16 @@ http { client_header_buffer_size 1k; large_client_header_buffers 4 8k; + # redirect all http traffic to https server { - listen 8081 ssl; + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; server_name 127.0.0.1; ssl on; @@ -61,7 +69,7 @@ http { # is not listening on. This generates an error msg to # the journal. Nginx then uses the 127.0.0.1 and everything # works fine but want to avoid the error msg to the log. - proxy_pass https://127.0.0.1:443/; + proxy_pass http://127.0.0.1:8081/; } location ~ (/org/openbmc/control/flash/bmc/action/update|/upload/image|/download/dump) { # Marked as 32MB to allow for firmware image updating and dump @@ -71,7 +79,7 @@ http { # Only 1 connection at a time here from an IP limit_conn addr 1; - proxy_pass https://127.0.0.1:443; + proxy_pass http://127.0.0.1:8081; } include /etc/nginx/sites-enabled/443_*.conf; diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service index 587349127..3f9dd3de6 100644 --- a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service @@ -4,6 +4,7 @@ After=network.target [Service] Type=forking +SyslogIdentifier=nginx ExecStartPre=/usr/bin/env gen-cert.sh ExecStartPre=-/usr/bin/env mkdir /var/volatile/nginx/ ExecStartPre=/usr/bin/env nginx -t -p /var/volatile/nginx @@ -11,6 +12,9 @@ ExecStart=/usr/bin/env nginx -p /var/volatile/nginx ExecReload=/usr/bin/env kill -s HUP $MAINPID ExecStop=/usr/bin/env kill -s QUIT $MAINPID PrivateTmp=true +# First time on system takes longer for initial setup so +# give double normal timeout +TimeoutStartSec=180 [Install] WantedBy={SYSTEMD_DEFAULT_TARGET} diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent.bbappend b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent.bbappend new file mode 100644 index 000000000..6dd263b79 --- /dev/null +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent.bbappend @@ -0,0 +1,4 @@ +SUMMARY = "Modifications to support Nginx" + +# override service and socket file to use nginx +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.service b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.service new file mode 100644 index 000000000..6b4e77ffe --- /dev/null +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.service @@ -0,0 +1,11 @@ +[Unit] +Description=Phosphor REST Server +After=network.target +After=obmc-webserver-pre.target + +[Service] +Restart=always +ExecStart=/usr/bin/env phosphor-gevent $APPLICATION --no-ssl +SyslogIdentifier=phosphor-gevent +Environment="PYTHONUNBUFFERED=1" +EnvironmentFile={envfiledir}/obmc/wsgi_app diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.socket b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.socket new file mode 100644 index 000000000..f7fde31be --- /dev/null +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.socket @@ -0,0 +1,8 @@ +[Unit] +Description=Phosphor Webserver socket + +[Socket] +ListenStream=127.0.0.1:8081 + +[Install] +WantedBy=sockets.target diff --git a/meta-phosphor/common/recipes-phosphor/interfaces/phosphor-gevent.bb b/meta-phosphor/common/recipes-phosphor/interfaces/phosphor-gevent.bb index 16aac078b..015057120 100644 --- a/meta-phosphor/common/recipes-phosphor/interfaces/phosphor-gevent.bb +++ b/meta-phosphor/common/recipes-phosphor/interfaces/phosphor-gevent.bb @@ -16,7 +16,6 @@ RDEPENDS_${PN} += " \ " RRECOMMENDS_${PN} += "python-gevent-websocket" - S = "${WORKDIR}/git/servers/gevent" -SYSTEMD_SERVICE_${PN} += "${PN}.service ${PN}.socket" +SYSTEMD_SERVICE_${PN} += " ${PN}.service ${PN}.socket" |