Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / e4588158c0ccc2b3b7af459b262e8eaefaf8f985
commite4588158c0ccc2b3b7af459b262e8eaefaf8f985[log] [tgz]
authorJishnu CM <jishnunabiarcm@duck.com>Thu May 11 00:04:40 2023 -0500
committerJishnu C M <jishnunambiarcm@duck.com>Fri Feb 16 14:57:35 2024 +0000
treefc244eee2b3ff1fd831435a450718111df5f9e2c
parentb66551019cf3c31186877c30a91ff8622454f342 [diff]
Configure DHCP4 and DHCP6 parameters independently

At present, DHCP parameters like DNSEnabled, NTPEnabled and
HostNameEnabled are at the system level at the network backend. It is
common across both IPv4 and IPv6 network types. Thus when a redfish
command is sent to enable the DNSEnabled property for IPv4 on eth0
interface, it internally sets the DNSEnabled to true for both IPv4 and
IPv6 on eth0 and eth1.

Here the change in parameter value for a non-requested network type in
the non-requested interface might be an unexpected behaviour for the
user. Also, with the current implementation in bmcweb and networkd, the
user has no option to configure DHCP parameters differently for
different interfaces and network types though it is supported by the
redfish.

With this change, the Redfish query for updating DHCP parameters will
only modify the requested parameter for the specified network type and
interface. User must make separate requests to modify the DHCP
parameters as per the DMTF schema

Current behavior: Request: curl -k -H "X-Auth-Token: $bmc_token" -X
PATCH -d '{"DHCPv4":{"UseDNSServers":false}}'
https://${bmc}/redfish/v1/Managers/bmc/EthernetInterfaces/eth0

Result: UseDNSServers value is set to false for DHCPv4 and DHCPv6 for
all interfaces.

After this commit: Request: curl -k -H "X-Auth-Token: $bmc_token" -X
PATCH -d '{"DHCPv4":{"UseDNSServers":false}}'
https://${bmc}/redfish/v1/Managers/bmc/EthernetInterfaces/eth0

Result: UseDNSServers value is set to false only for DHCPv4 only in eth0
as mentioned in the redfish request.

The DHCP configuration was in the network manager level earlier, it has
been moved to interface level with
https://gerrit.openbmc.org/c/openbmc/phosphor-networkd/+/63124.  This
bmcweb change is to separate out the values for IPv4 and IPv6 and to
move the dbus object to the interface level.

Tested by:

Patching the DHCP parameters with redfish request:

 curl -k -H "X-Auth-Token: $bmc_token" -X  PATCH -d
'{"<network_type>":{"<DHCP_param>":<value>}}'
https://${bmc}/redfish/v1/Managers/bmc/EthernetInterfaces/<interface_id>

Verify the value is updated in the network configuration.

Retrieve the DHCP parametrer value with the Get Request: curl -k -H
"X-Auth-Token: $bmc_token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/EthernetInterfaces/<interface_id>

Change-Id: I5db29b6dfc8966ff5af51041da11e5b79da7d1dd
Signed-off-by: Jishnu CM <jishnunambiarcm@duck.com>
1 file changed
tree: fc244eee2b3ff1fd831435a450718111df5f9e2c
  1. .github/
  2. config/
  3. http/
  4. include/
  5. redfish-core/
  6. scripts/
  7. src/
  8. static/
  9. subprojects/
  10. test/
  11. .clang-format
  12. .clang-tidy
  13. .codespell-ignore
  14. .dockerignore
  15. .gitignore
  16. .markdownlint.yaml
  17. .openbmc-enforce-gitlint
  18. .prettierignore
  19. .shellcheck
  20. AGGREGATION.md
  21. CLIENTS.md
  22. COMMON_ERRORS.md
  23. DBUS_USAGE.md
  24. DEVELOPING.md
  25. HEADERS.md
  26. LICENSE
  27. meson.build
  28. meson_options.txt
  29. OEM_SCHEMAS.md
  30. OWNERS
  31. README.md
  32. Redfish.md
  33. run-ci
  34. setup.cfg
  35. TESTING.md
README.md

OpenBMC webserver

This component attempts to be a "do everything" embedded webserver for OpenBMC.

Features

The webserver implements a few distinct interfaces:

  • DBus event websocket. Allows registering on changes to specific dbus paths, properties, and will send an event from the websocket if those filters match.
  • OpenBMC DBus REST api. Allows direct, low interference, high fidelity access to dbus and the objects it represents.
  • Serial: A serial websocket for interacting with the host serial console through websockets.
  • Redfish: A protocol compliant, DBus to Redfish translator.
  • KVM: A websocket based implementation of the RFB (VNC) frame buffer protocol intended to mate to webui-vue to provide a complete KVM implementation.

Protocols

bmcweb at a protocol level supports http and https. TLS is supported through OpenSSL.

AuthX

Authentication

Bmcweb supports multiple authentication protocols:

  • Basic authentication per RFC7617
  • Cookie based authentication for authenticating against webui-vue
  • Mutual TLS authentication based on OpenSSL
  • Session authentication through webui-vue
  • XToken based authentication conformant to Redfish DSP0266

Each of these types of authentication is able to be enabled or disabled both via runtime policy changes (through the relevant Redfish APIs) or via configure time options. All authentication mechanisms supporting username/password are routed to libpam, to allow for customization in authentication implementations.

Authorization

All authorization in bmcweb is determined at routing time, and per route, and conform to the Redfish PrivilegeRegistry.

*Note: Non-Redfish functions are mapped to the closest equivalent Redfish privilege level.

Configuration

bmcweb is configured per the meson build files. Available options are documented in meson_options.txt

Compile bmcweb with default options

meson setup builddir
ninja -C builddir

If any of the dependencies are not found on the host system during configuration, meson will automatically download them via its wrap dependencies mentioned in bmcweb/subprojects.

Use of persistent data

bmcweb relies on some on-system data for storage of persistent data that is internal to the process. Details on the exact data stored and when it is read/written can seen from the persistent_data namespace.

TLS certificate generation

When SSL support is enabled and a usable certificate is not found, bmcweb will generate a self-signed a certificate before launching the server. Please see the bmcweb source code for details on the parameters this certificate is built with.

Redfish Aggregation

bmcweb is capable of aggregating resources from satellite BMCs. Refer to AGGREGATION.md for more information on how to enable and use this feature.