New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redfish: Allow disabling SSH and HTTP (the redirect) #1763
Comments
This is similar to #612 |
@joseph-reynolds This is assigned to epic #612.. If you want to close this and track this someother way. feel free. |
We probably won't need disabling HTTPS but @nicoleconser can you do user research on? |
Is this for HTTP (redirect) or HTTPS (disable BMCWeb including all REST APIs)? |
This is for HTTP (redirect)
No |
@zhanghaodi , according to the status I saw recently, it sounds like there is a commit up for review for this Issue. Can you post that commit in this issue? Thanks. |
Is for disabling HTTPS. |
We don't have a use case for disabling HTTPS but we are fine either way if it goes in. That doesn't resolve the issue though. |
@gtmills I am currently experiencing a problem, there is no D-Bus API related to SSH in |
@joseph-reynolds Any thoughts here? |
Here are my ideas how to debug:
|
@zhanghaodi I added a comment to https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39006 asking what problem you are trying to solve. Did @gtmills already answer this question? We want to allow the BMC admin to control SSH and HTTP. |
@mzipse @joseph-reynolds I have tried the above Debug method, this is the result I got : |
@zhanghaodi I have some time to work on this issue. What is blocking this? In your most recent post dated Feb 23, you indicate the D-Bus API is showing dropbear and its current Enabled property (as true or false). Then when you "Set" the Enabled property, it has no effect. Is that correct? I do not fully understand how this is supposed to work.
|
@mzipse @joseph-reynolds Exactly,currently it is like this.According to
There are other processes affecting Running,I am looking for the reasons for this phenomenon, can you provide some ideas? |
I sounds like you made a lot of progress already and got stuck on the service-config-manager implementation. Let's work on that. Your command output shows the dropbear
I think the next step is to change service-config-manager so it understands how work with socket activation. I have no experience in that area, so I cannot offer help. We may want to ask for help from the maintainers. It would help me and other members of the OpenBMC community to see the code for this. Can you push your code to gerrit review? Please mark it work-in-progress (WIP) so reviewers will know the code is not yet finished. |
Below are my service-config-manager changes, |
I emailed details about the problem to the openbmc email list and mentioned it on Discord, but I have not gotten any response. |
@mzipse @joseph-reynolds |
@zhanghaodi , Joseph has reached out to the community and maintainers for help on this issue but unfortunately after a couple of weeks, we have not yet received any response. So, at this point, I would like to ask you or someone on your team to dig a little deeper into the Service Config Manager code to understand why it is failing. It appears that there is a bug in this code. I would suggest opening a github issue against https://github.com/openbmc/service-config-manager/issues and track and progress there. Joseph has provided some guidance 16 days earlier (above) that might shed some light on this problem. If you are unable to figure this out, we'll have to put this on hold for a while until someone from our team frees up to be able to dig into this. Any help you can provide would be much appreciated. |
There is discussion in the gerrit review about this: https://gerrit.openbmc-project.xyz/c/openbmc/service-config-manager/+/42072 |
@mzipse @joseph-reynolds |
@mzipse @joseph-reynolds
@joseph-reynolds Around this issue, I have a question: Note: Waiting for your reply, Thanks :) |
I believe the direction is: all existing connections are dropped when a service is disabled. |
For SSH:
|
@joseph-reynolds |
@gtmills @joseph-reynolds @mzipse
|
@joseph-reynolds @mzipse Should we close this and track the HTTP redirect separately? |
Yes. Adriana is pulling in Milton's http redirect work downstream sometime in the next week. This is tracked under #895. |
@mzipse @joseph-reynolds Does #895 include a way to disable/enable the direct? Do we need that? |
There's a bmcweb change almost ready to be merged that would implement http redirect: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/35265 This can be used instead of pulling in the phosphor-misc redirect package. We can track which one we'll be using under #895 |
This story is to enhance BMCWeb to allow the SSH interface to be disabled. The existing Redfish REST API
GET
/redfish/v1/Managers/bmc/NetworkProtocol
shows theSSH.ProtocolEnabled
property. This must be enhanced to allow PATCH. The underlying D-Bus interface is https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Control/Service/README.mdThis is similar to #513.
The original story also included the need to disable HTTP (the redirect). If we have the redirect we should be able to disable it.
The text was updated successfully, but these errors were encountered: