Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / 669f3182ab0001f6812875b884ecfbfbd1c8ae2c^! / .
commit669f3182ab0001f6812875b884ecfbfbd1c8ae2c[log] [tgz]
authorMatt Spinler <spinler@us.ibm.com>Mon Jun 02 10:37:39 2025 -0500
committerMatt Spinler <spinler@us.ibm.com>Mon Nov 10 19:47:32 2025 +0000
tree7de5184547230104d7c8c8a9017dba15278f0bff
parent0814d6a59fbe7c7a3f7c3e4657441be3bcaa7d20 [diff]
State: Redundancy interface updates

Make the following changes:
1. Change 'FailoversPaused' to 'FailoversAllowed'.  Changed to 'Allowed'
   as it can actually be a long lasting condition, such as if only 1 BMC
   is present.
2. Add 'FailoverImminent'.  This will be available on the BMC being
   failed away from so it can do anything it needs to.  At the very
   least it can do a journal sync before it is reset, assuming it is
   alive.
3. Add 'FailoverInProgress'.  This indicates that a failover is in
   progress.
4. Add an entry to the 'segments' YAML for the sibling BMC, as this
   interface will be used on that object path as well.

Change-Id: I56602323097b4c8ab90c076928c5e05db75b99c4
Signed-off-by: Matt Spinler <spinler@us.ibm.com>

diff --git a/yaml/xyz/openbmc_project/State/BMC/Redundancy.interface.yaml b/yaml/xyz/openbmc_project/State/BMC/Redundancy.interface.yaml
index bfa8d91..6b56b7c 100644
--- a/yaml/xyz/openbmc_project/State/BMC/Redundancy.interface.yaml
+++ b/yaml/xyz/openbmc_project/State/BMC/Redundancy.interface.yaml

@@ -1,6 +1,5 @@
 description: >
-    This interface holds redundant BMC related information.  There would be
-    instance of this interface on each BMC.
+    This interface holds redundant BMC related information.
 
 properties:
     - name: Role
@@ -34,21 +33,32 @@
 
           This can only be changed on the active BMC and when power is off,
           otherwise it will throw the Unavailable error.
-    - name: FailoversPaused
+    - name: FailoversAllowed
       type: boolean
       flags:
           - readonly
       default: false
       description: >
-          When redundancy is enabled, there may be periods when either failovers
-          are not allowed, such as in the middle of a code update, or won't work
-          because the passive BMC is temporarily offline, such as when the
-          passive BMC reboots. A timer would be put on how long redundancy could
-          still be considered enabled in this latter case in case the passive
-          BMC never comes back.  Redundancy is left enabled initially so as to
-          not trigger any intervention that could be necessary when redundancy
-          is lost just due to a BMC reboot.  Any time the passive BMC goes
-          offline a full file sync would be necessary when it comes back.
+          States if failovers are currently allowed. Even when redundancy is
+          enabled, a failover may not be allowed because there are periods when
+          doing a failover could cause issues, such as in the middle of a boot
+          or code update.
+    - name: FailoverImminent
+      type: boolean
+      flags:
+          - readonly
+      default: false
+      description: >
+          There can be a grace period between a failover being requested and the
+          failover actually starting where this will be asserted to allow for
+          any preparation or tracing on the other BMC.
+    - name: FailoverInProgress
+      type: boolean
+      default: false
+      flags:
+          - readonly
+      description: >
+          Indicates that a failover is in progress.
     - name: RedundancyMinimum
       type: size
       flags:
@@ -96,3 +106,8 @@
             description: >
                 The object representing _this_ BMC is always at bmc0.
             value: bmc0
+          - name: SiblingBMC
+            description: >
+                The object representing _the sibling_ BMC is always at bmc1 in a
+                2 BMC system.
+            value: bmc1