commit	8de054255f8758a7ed6af0a2594ba0b623e43b65	[log] [tgz]
author	Alexander Hansen <alexander.hansen@9elements.com>	Wed Aug 06 18:47:41 2025 +0200
committer	Ed Tanous <ed@tanous.net>	Thu Sep 18 15:13:13 2025 +0000
tree	349c6b380a541593158a2794f1dc2c295e6c2a2e
parent	740fea16c78835219d872fe78d9984527e2fbe6f [diff]

merge binaries bmcweb and bmcwebd

Solution to reduce compressed rofs size.

Conclusion: The compiler is better at reducing binary size than the rofs
compression is at deduplicating sections of already compiled binaries,
in the case of bmcweb.

What's been changed?

`bmcweb` and `bmcwebd` have been merged into `bmcweb`.
The webserver can be started with `bmcweb daemon`.

Commands used to check size

```
wc -c build/s8030/tmp/work/*-openbmc-linux-gnueabi/obmc-phosphor-image/1.0/obmc-phosphor-image-1.0/static/image-rofs

wc -c build/s8030/tmp/deploy/images/s8030/image-rofs

xz -c build/s8030/tmp/work/*-openbmc-linux-gnueabi/obmc-phosphor-image/1.0/rootfs/bin/bmcweb | wc -c

xz -c build/s8030/tmp/work/*-openbmc-linux-gnueabi/obmc-phosphor-image/1.0/rootfs/usr/libexec/bmcwebd | wc -c
```

Base commit used for testing:
`2169e896448fac1b59c57516b381492e4b2161c7`

Results:

Before patch:
```
image-rofs compressed size:
25526272 build/s8030/tmp/work/s8030-openbmc-linux-gnueabi/obmc-phosphor-image/1.0/obmc-phosphor-image-1.0/static/image-rofs
rootfs
25526272 build/s8030/tmp/deploy/images/s8030/image-rofs
bmcweb cli
95424
bmcwebd
1016004
```

After patch:
```
image-rofs compressed size:
25477120 build/s8030/tmp/work/s8030-openbmc-linux-gnueabi/obmc-phosphor-image/1.0/obmc-phosphor-image-1.0/static/image-rofs
rootfs
25477120 build/s8030/tmp/deploy/images/s8030/image-rofs
bmcweb cli
96
bmcwebd
1059556
```

Calculating the difference in compressed rofs

25526272 - 25477120 = 49152

which is around 0.2% in terms of the total image but around 4.6% in
terms of bmcwebd binary.

Tested: on yosemite4 qemu

`bmcweb` cli interactions work as before.

```
root@yosemite4:~# bmcweb --help
BMCWeb CLI
Usage: bmcweb [OPTIONS] SUBCOMMAND

Options:
  -h,--help                   Print this help message and exit

Subcommands:
  loglevel                    Set bmcweb log level
  daemon                      Run webserver
root@yosemite4:~# bmcweb loglevel info
<6>[webserver_cli.cpp:97] logging level changed to: INFO
root@yosemite4:~# bmcweb loglevel
level is required
Run with --help for more information.
root@yosemite4:~# bmcweb loglevel debug
<6>[webserver_cli.cpp:97] logging level changed to: DEBUG
```

systemd service still working
```
root@yosemite4:~# systemctl status bmcweb
● bmcweb.service - Start bmcweb server
     Loaded: loaded (/usr/lib/systemd/system/bmcweb.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-04-03 13:35:45 PDT; 5 months 15 days ago
```

Change-Id: Ib5dde568ac1c12c5414294ed96404c6a69417424
Signed-off-by: Alexander Hansen <alexander.hansen@9elements.com>

6 files changed

tree: 349c6b380a541593158a2794f1dc2c295e6c2a2e

README.md

OpenBMC webserver

This component attempts to be a "do everything" embedded webserver for OpenBMC.

Features

The webserver implements a few distinct interfaces:

DBus event websocket. Allows registering on changes to specific dbus paths, properties, and will send an event from the websocket if those filters match.
OpenBMC DBus REST api. Allows direct, low interference, high fidelity access to dbus and the objects it represents.
Serial: A serial websocket for interacting with the host serial console through websockets.
Redfish: A protocol compliant, DBus to Redfish translator.
KVM: A websocket based implementation of the RFB (VNC) frame buffer protocol intended to mate to webui-vue to provide a complete KVM implementation.

Protocols

bmcweb at a protocol level supports http and https. TLS is supported through OpenSSL. Http1 and http2 are supported using ALPN registration for TLS connections and h2c upgrade header for http connections.

AuthX

Authentication

Bmcweb supports multiple authentication protocols:

Basic authentication per RFC7617
Cookie based authentication for authenticating against webui-vue
Mutual TLS authentication based on OpenSSL
Session authentication through webui-vue
XToken based authentication conformant to Redfish DSP0266

Each of these types of authentication is able to be enabled or disabled both via runtime policy changes (through the relevant Redfish APIs) or via configure time options. All authentication mechanisms supporting username/password are routed to libpam, to allow for customization in authentication implementations.

Authorization

All authorization in bmcweb is determined at routing time, and per route, and conform to the Redfish PrivilegeRegistry.

*Note: Non-Redfish functions are mapped to the closest equivalent Redfish privilege level.

Configuration

bmcweb is configured per the meson build files. Available options are documented in meson_options.txt

Compile bmcweb with default options

meson setup builddir
ninja -C builddir

If any of the dependencies are not found on the host system during configuration, meson will automatically download them via its wrap dependencies mentioned in bmcweb/subprojects.

Use of persistent data

bmcweb relies on some on-system data for storage of persistent data that is internal to the process. Details on the exact data stored and when it is read/written can seen from the persistent_data namespace.

TLS certificate generation

When SSL support is enabled and a usable certificate is not found, bmcweb will generate a self-signed a certificate before launching the server. Please see the bmcweb source code for details on the parameters this certificate is built with.

Compression

bmcweb supports various forms of http compression, including zstd and gzip. Client headers are observed to determine whether compressed payloads are supported.

Redfish Aggregation

bmcweb is capable of aggregating resources from satellite BMCs. Refer to AGGREGATION.md for more information on how to enable and use this feature.