Google Git
Sign in
gbmc / gbmcweb / 95ee3314562764a5770d151c42e1c566aa8d527c / . / include / webserver_main_setup.hpp
blob: 359b90ae37e3517b9ec552afd41b08a379e53350 [file] [log] [blame]
#pragma once
#include "bmcweb_config.h"
#include "g3/event_store.h"
#include "g3/subscription.h"
#include "g3/subscription_impl.h"
#include "g3/subscription_store_impl.h"
#include "tlbmc/central_config/config.h"
#include "tlbmc/configs/entity_config_json_impl.h"
#include "tlbmc/hal/fru_scanner_i2c.h"
#include "tlbmc/hal/sysfs/i2c.h"
#include "tlbmc/redfish/app.h"
#include "tlbmc/redfish/routes/all_routes.h"
#include "tlbmc/store/store_impl.h"
#include "tlbmc/trace/tracer.h"
#include "app.hpp"
#include "app_singleton.hpp"
#include "boost/asio/thread_pool.hpp"
#include "cors_preflight.hpp"
#include "dbus_monitor.hpp"
#include "hostname_monitor.hpp"
#include "ibm/management_console_rest.hpp"
#include "image_upload.hpp"
#include "kvm_websocket.hpp"
#include "login_routes.hpp"
#include "managed_store.hpp"
#include "obmc_console.hpp"
#include "openbmc_dbus_rest.hpp"
#include "plugins/interface.hpp"
#include "redfish.hpp"
#include "redfish_aggregator.hpp"
#include "security_headers.hpp"
#include "ssl_key_handler.hpp"
#include "subscription_backend_impl.hpp"
#include "user_monitor.hpp"
#include "vm_websocket.hpp"
#include "webassets.hpp"
#include <systemd/sd-daemon.h>
#ifdef BMCWEB_ENABLE_GRPC
#include "absl/flags/flag.h"
#include "absl/flags/parse.h"
#include "absl/log/globals.h"
#include "absl/log/initialize.h"
#include "absl/log/log.h"
#include "server.h"
#include "tlbmc/hal/shared_mem/server.h"
// See absl/log/globals.h for detailed instructions
ABSL_FLAG(
int, stderrthreshold, 1,
"Messages logged at or above this level are directed to stderr in addition to other registered log sinks; default to >= absl::LogSeverity::kWarning");
ABSL_FLAG(
int, minloglevel, 1,
"Messages logged at or above this severity are directed to all registered log sinks or skipped otherwise; default to >= absl::LogSeverity::kWarning");
ABSL_FLAG(absl::optional<int>, httpport, absl::nullopt,
"http port to listen on");
ABSL_FLAG(int, mtls_grpc_port, mTlsGrpcPort, "The secure gRPC port to listen on. Overwrites the compile time flag.");
ABSL_FLAG(int, insecure_grpc_port, insecureGrpcPort, "the insecure gRPC port to listen on. Overwrites the compile time flag.");
// BMCWEB_ENABLE_STATEFUL_BMCWEB:
ABSL_FLAG(
absl::optional<bool>, stateful, absl::nullopt,
"enable stateful bmcweb (stateful-bmcweb) execution of incoming redfish requests");
ABSL_FLAG(absl::optional<int>, stateful_pending_max, absl::nullopt,
"stateful - pendingDbusResponsesMax");
ABSL_FLAG(absl::optional<int>, stateful_tfixed_sec, absl::nullopt,
"stateful - tfixedThreshold");
ABSL_FLAG(absl::optional<int>, stateful_tgrace_sec, absl::nullopt,
"stateful - tgraceThreshold");
ABSL_FLAG(absl::optional<int>, stateful_tlru_sec, absl::nullopt,
"stateful - tLRUThreshold");
ABSL_FLAG(absl::optional<bool>, request_stats, absl::nullopt,
"enable request stats aggregation & collection");
ABSL_FLAG(absl::optional<bool>, timetrace, absl::nullopt,
"enable time tracing of requests");
ABSL_FLAG(absl::optional<uint64_t>, timetrace_size_max, absl::nullopt,
"Maximum number of requests stored in the timetrace in ManagedStore");
ABSL_FLAG(absl::optional<bool>, stateful_logs, absl::nullopt,
"enable managedStore logs");
ABSL_FLAG(bool, redfish_events, false, "enable redfish-events feature");
ABSL_FLAG(bool, testing_events, false, "enable testing events for Redfish event");
ABSL_FLAG(absl::optional<size_t>, redfish_event_store_size, absl::nullopt,
"Number of redfish events to store");
ABSL_FLAG(absl::optional<bool>, rde_ratelimit, absl::nullopt,
"enable rde request rate limiting");
ABSL_FLAG(absl::optional<int>, rde_errors_max, absl::nullopt,
"Rde dbus error threshold");
ABSL_FLAG(absl::optional<int>, rde_skips_max, absl::nullopt,
"Number of requests skipped when rate limiting enabled");
ABSL_FLAG(bool, multi_thread_get, enableMultiThreadGet, "Enable multi-thread for Redfish GET");
ABSL_FLAG(bool, enable_tlbmc, enableTlbmc, "Enable tlBMC features");
ABSL_FLAG(bool, enable_tlbmc_trace, enableTlbmcTrace, "Enable tlBMC tracer");
ABSL_FLAG(bool, enable_fast_sanity, enableFastSanity, "Enable Fast-Sanity features");
ABSL_FLAG(std::string, entity_config_location, entityConfigLocation,
"Entity configuration location.");
ABSL_FLAG(bool, tlbmc_allow_sensor_creation_failure, tlbmcAllowSensorCreationFailure,
"If tlBMC is enabled, then cause sensor creation failure to be fatal. ");
ABSL_FLAG(std::string, tlbmc_disable_file, "/var/google/tlbmc/disable_tlbmc",
"Disable tlBMC on disasters");
#endif // BMCWEB_ENABLE_GRPC
#include <boost/asio/io_context.hpp>
#include <google/google_service_nvme.hpp>
#include <google/google_service_root.hpp>
#include <sdbusplus/asio/connection.hpp>
#include <sdbusplus/bus.hpp>
#include <sdbusplus/server.hpp>
#include <exception>
#include <memory>
#include <string>
// Default number of Redfish Events stored.
constexpr size_t defaultRedfishEventStoreSize = 1000;
inline void setupSocket(crow::App& app)
{
constexpr uint16_t defaultPort = 18080;
int listenFd = sd_listen_fds(0);
uint16_t portNumber = defaultPort;
#ifdef BMCWEB_ENABLE_GRPC
portNumber = static_cast<uint16_t>(
absl::GetFlag(FLAGS_httpport).value_or(defaultPort));
#endif
BMCWEB_LOG_ALWAYS << "setupSocket: defaultPort: " << defaultPort
<< " portNumber: " << portNumber
<< " listenFd: " << listenFd;
if (1 == listenFd)
{
BMCWEB_LOG_INFO << "attempting systemd socket activation";
if (sd_is_socket_inet(SD_LISTEN_FDS_START, AF_UNSPEC, SOCK_STREAM, 1,
0) != 0)
{
BMCWEB_LOG_INFO << "Starting webserver on socket handle "
<< SD_LISTEN_FDS_START;
app.socket(SD_LISTEN_FDS_START);
}
else
{
BMCWEB_LOG_ERROR
<< "bad incoming socket, starting webserver on port "
<< portNumber;
app.port(portNumber);
}
}
else
{
BMCWEB_LOG_INFO << "Starting webserver on port: " << portNumber;
app.port(portNumber);
}
}
inline int run()
{
#ifdef BMCWEB_ENABLE_GRPC
absl::InitializeLog();
auto crowLogLevel = crow::LogLevel::Debug;
crow::Logger::setLogLevel(crowLogLevel);
const auto minAbslLogLevel =
static_cast<absl::LogSeverity>(absl::GetFlag(FLAGS_minloglevel));
BMCWEB_LOG_ALWAYS << "=> minAbslLogLevel: "
<< static_cast<int>(minAbslLogLevel);
switch (minAbslLogLevel)
{
// unfortunately there is no: absl::LogSeverity::kInfo; so kInfo ->
// Debug for now.
case absl::LogSeverity::kInfo:
crowLogLevel = crow::LogLevel::Debug;
break;
case absl::LogSeverity::kWarning:
crowLogLevel = crow::LogLevel::Warning;
break;
case absl::LogSeverity::kError:
crowLogLevel = crow::LogLevel::Error;
break;
case absl::LogSeverity::kFatal:
crowLogLevel = crow::LogLevel::Critical;
break;
default:
crowLogLevel = crow::LogLevel::Error;
break;
}
BMCWEB_LOG_ALWAYS << "=> crowLogLevel: " << static_cast<int>(crowLogLevel);
crow::Logger::setLogLevel(crowLogLevel);
#else
crow::Logger::setLogLevel(crow::LogLevel::Debug);
#endif
// This has to be outside the ifdef because its used in app
// Regardless of whether it is initialized.
std::unique_ptr<milotic_tlbmc::RedfishApp> tlbmc_app = nullptr;
#ifdef BMCWEB_ENABLE_GRPC
// Initialize tlbmc
if (absl::GetFlag(FLAGS_enable_tlbmc_trace))
{
milotic_tlbmc::Tracer::Initialize(true);
}
milotic_tlbmc::I2cSysfs i2c_sysfs(milotic_tlbmc::I2cSysfsConfig{});
std::unique_ptr<milotic_tlbmc::FruScannerI2c> fru_scanner =
milotic_tlbmc::FruScannerI2c::Create({});
bool enable_tlbmc = absl::GetFlag(FLAGS_enable_tlbmc);
std::string disable_tlbmc_file_path = absl::GetFlag(FLAGS_tlbmc_disable_file);
if (std::filesystem::exists(disable_tlbmc_file_path)) {
LOG(WARNING) << "Forcefully disable tlbmc";
enable_tlbmc = false;
}
if (enable_tlbmc)
{
milotic_tlbmc::StoreImpl::Options options;
options.fru_scanners = {fru_scanner.get()};
options.i2c_sysfs = &i2c_sysfs;
options.config_location = absl::GetFlag(FLAGS_entity_config_location);
milotic_tlbmc::SharedMemoryServer::Initialize();
absl::StatusOr<std::unique_ptr<milotic_tlbmc::StoreImpl>> tlbmc_store =
milotic_tlbmc::StoreImpl::Create(options);
if (tlbmc_store.ok())
{
tlbmc_app = std::make_unique<milotic_tlbmc::RedfishApp>(
std::move(*tlbmc_store));
milotic_tlbmc::RegisterAllRoutes(*tlbmc_app);
tlbmc_app->Validate();
}
else
{
LOG(ERROR) << "Cannot create tlBMC store!! Error: "
<< tlbmc_store.status() << " - Disabling tlBMC.";
tlbmc_app = nullptr;
enable_tlbmc = false;
}
}
LOG(WARNING) << "tlbmc enabled: " << (enable_tlbmc ? "true" : "false");
#endif
auto io = std::make_shared<boost::asio::io_context>();
bool allowSessionEmpty = false;
#ifdef BMCWEB_INSECURE_DISABLE_AUTHX
allowSessionEmpty = true;
#endif
App app(allowSessionEmpty, io, tlbmc_app.get());
crow::globalBmcWebApp = &app;
std::shared_ptr<sdbusplus::asio::connection> systemBusPtr =
std::make_shared<sdbusplus::asio::connection>(*io);
#ifdef BMCWEB_ENABLE_GRPC
BMCWEB_LOG_STATEFUL_ALWAYS << "=> stateful: "
<< absl::GetFlag(FLAGS_stateful).value_or(false);
#endif
managedStore::ManagedObjectStoreConfig config;
// default to the compiler flag:
#ifdef BMCWEB_ENABLE_STATEFUL_BMCWEB
config.isEnabled = true;
#else
config.isEnabled = false;
#endif
// request stats config:
#ifdef BMCWEB_ENABLE_GRPC
{
const auto& persistentDataConfig = persistent_data::getConfig();
managedStore::RequestStatsStoreConfig requestStatsConfig;
requestStatsConfig.enable = false;
requestStatsConfig.enableRdeRateLimit = false;
// command line first:
if (absl::GetFlag(FLAGS_request_stats).has_value())
{
requestStatsConfig.enable =
absl::GetFlag(FLAGS_request_stats).value_or(false);
}
// enable rde rate limiter
if (absl::GetFlag(FLAGS_rde_ratelimit).has_value())
{
requestStatsConfig.enableRdeRateLimit =
absl::GetFlag(FLAGS_rde_ratelimit).value_or(false);
}
if (absl::GetFlag(FLAGS_rde_errors_max).has_value())
{
requestStatsConfig.rdeDbusErrorThreshold =
absl::GetFlag(FLAGS_rde_errors_max).value_or(10);
}
if (absl::GetFlag(FLAGS_rde_skips_max).has_value())
{
requestStatsConfig.rdeMaxSkips =
absl::GetFlag(FLAGS_rde_skips_max).value_or(30);
}
// persistent config:
else if (persistentDataConfig.isStatefulEnabled.has_value())
{
requestStatsConfig.enable =
persistentDataConfig.isRequestStatsEnabled.value();
}
BMCWEB_LOG_STATEFUL_ALWAYS << "=> request_stats: "
<< requestStatsConfig.toJson();
managedStore::RequestStatsStore::initialize(requestStatsConfig);
}
#endif
// stateful logs:
#ifdef BMCWEB_ENABLE_GRPC
{
const auto& persistentDataConfig = persistent_data::getConfig();
bool enable_stateful_logs = false;
// command line first:
if (absl::GetFlag(FLAGS_stateful_logs).has_value())
{
enable_stateful_logs =
absl::GetFlag(FLAGS_stateful_logs).value_or(false);
}
// persistent config:
else if (persistentDataConfig.isStatefulLogsEnabled.has_value())
{
enable_stateful_logs =
persistentDataConfig.isStatefulLogsEnabled.value();
}
BMCWEB_LOG_STATEFUL_ALWAYS << "=> stateful_logs flag: "
<< enable_stateful_logs;
if (enable_stateful_logs)
{
crow::Logger::enableStatefulLogs();
}
}
#endif
// stateful config:
#ifdef BMCWEB_ENABLE_GRPC
// command line is always higher priority if set:
if (absl::GetFlag(FLAGS_stateful).has_value())
{
config.isEnabled = absl::GetFlag(FLAGS_stateful).value();
}
else
#endif
{
// read the persistent data config:
const auto& persistentDataConfig = persistent_data::getConfig();
if (persistentDataConfig.isStatefulEnabled.has_value())
{
config.isEnabled = persistentDataConfig.isStatefulEnabled.value();
}
}
#ifdef BMCWEB_ENABLE_GRPC
// other flags:
if (absl::GetFlag(FLAGS_stateful_pending_max).has_value())
{
config.pendingDbusResponsesMax = static_cast<uint64_t>(
absl::GetFlag(FLAGS_stateful_pending_max).value());
}
if (absl::GetFlag(FLAGS_stateful_tfixed_sec).has_value())
{
config.tfixedThreshold = std::chrono::seconds(
absl::GetFlag(FLAGS_stateful_tfixed_sec).value());
}
if (absl::GetFlag(FLAGS_stateful_tgrace_sec).has_value())
{
config.tgraceThreshold = std::chrono::seconds(
absl::GetFlag(FLAGS_stateful_tgrace_sec).value());
}
if (absl::GetFlag(FLAGS_stateful_tlru_sec).has_value())
{
config.tLRUThreshold = std::chrono::seconds(
absl::GetFlag(FLAGS_stateful_tlru_sec).value());
}
if (absl::GetFlag(FLAGS_timetrace).has_value())
{
config.timetrace = absl::GetFlag(FLAGS_timetrace).value();
}
if (absl::GetFlag(FLAGS_timetrace_size_max).has_value())
{
config.timetrace_size_max =
absl::GetFlag(FLAGS_timetrace_size_max).value();
}
#endif
BMCWEB_LOG_STATEFUL_ALWAYS << "=> ManagedObjectStoreConfig: "
<< config.toString();
#ifndef BMCWEB_ENABLE_STATEFUL_BMCWEB
if (config.isEnabled)
{
BMCWEB_LOG_WARNING
<< "ManagedObjectStore can't be enabled without "
<< "BMCWEB_ENABLE_STATEFUL_BMCWEB; reverting to stateful=0";
config.isEnabled = false;
}
#endif // BMCWEB_ENABLE_STATEFUL_BMCWEB
// Static assets need to be initialized before Authorization, because auth
// needs to build the whitelist from the static routes
#ifdef BMCWEB_ENABLE_STATIC_HOSTING
crow::webassets::requestRoutes(app);
#endif
#ifdef BMCWEB_ENABLE_KVM
crow::obmc_kvm::requestRoutes(app);
#endif
#ifdef BMCWEB_ENABLE_REDFISH
redfish::RedfishService redfish(app);
// Create EventServiceManager instance and initialize Config
redfish::EventServiceManager::getInstance();
#ifdef BMCWEB_ENABLE_REDFISH_AGGREGATION
// Create RedfishAggregator instance and initialize Config
// Instantiate RedfishAggregator instance when needed,
// no need at the bootup. So commenting out
// redfish::RedfishAggregator::getInstance();
#endif
#endif
#ifdef BMCWEB_ENABLE_DBUS_REST
crow::dbus_monitor::requestRoutes(app);
crow::image_upload::requestRoutes(app);
crow::openbmc_mapper::requestRoutes(app);
#endif
#ifdef BMCWEB_ENABLE_HOST_SERIAL_WEBSOCKET
crow::obmc_console::requestRoutes(app);
#endif
#ifdef BMCWEB_ENABLE_VM_WEBSOCKET
crow::obmc_vm::requestRoutes(app);
#endif
#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
crow::ibm_mc::requestRoutes(app);
crow::ibm_mc_lock::Lock::getInstance();
#endif
#ifdef BMCWEB_ENABLE_GOOGLE_API
crow::google_api::requestRoutes(app);
crow::google_api::requestGoogleNVMeCollection(app);
crow::google_api::requestGoogleNVMe(app);
crow::google_api::requestGoogleNVMeController(app);
crow::google_api::requestGoogleNVMeControllerCollection(app);
crow::google_api::setupGoogleNVMeFdFetchIOContext(io);
crow::google_api::requestGoogleNVMeControllerActionIdentify(app);
crow::google_api::requestGoogleNVMeControllerActionLog(app);
crow::google_api::requestGoogleNVMeControllerActionCustomNVMeIdentify(app);
crow::google_api::requestGoogleNVMeControllerActionAdminNonData(app);
#endif
if (bmcwebInsecureDisableXssPrevention != 0)
{
cors_preflight::requestRoutes(app);
}
crow::login_routes::requestRoutes(app);
setupSocket(app);
#ifndef BMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES
int rc = redfish::EventServiceManager::startEventLogMonitor(*io);
if (rc != 0)
{
BMCWEB_LOG_ERROR << "Redfish event handler setup failed...";
return rc;
}
#endif
std::unique_ptr<ecclesia::SubscriptionService> subscriptionService =
nullptr;
#ifdef BMCWEB_ENABLE_GRPC
bool enableRedfishEvents = absl::GetFlag(FLAGS_redfish_events);
size_t number_of_events_stored = defaultRedfishEventStoreSize;
if (absl::GetFlag(FLAGS_redfish_event_store_size).has_value())
{
number_of_events_stored =
absl::GetFlag(FLAGS_redfish_event_store_size).value();
}
using ::milotic::GrpcRedfishService;
using ::milotic::RedfishServiceConfig;
bool generate_testing_events = absl::GetFlag(FLAGS_testing_events);
if (enableRedfishEvents)
{
BMCWEB_LOG_ALWAYS << "Redfish events enabled\n";
subscriptionService = CreateSubscriptionService(
milotic::BmcWebBackend::Create(&app),
ecclesia::CreateSubscriptionStore(),
ecclesia::CreateEventStore(number_of_events_stored));
}
#endif
// ManagedStore should be initialized regardless of whether grpc is enabled
auto io_worker_threads = std::make_shared<boost::asio::io_context>();
uint num_workers = std::thread::hardware_concurrency();
boost::asio::thread_pool worker_threads(num_workers);
boost::asio::executor_work_guard<boost::asio::io_context::executor_type>
work_guard_worker_threads(
boost::asio::make_work_guard(*io_worker_threads));
boost::asio::executor_work_guard<boost::asio::io_context::executor_type>
work_guard_main_thread(
boost::asio::make_work_guard(*io));
for (uint i = 0; i < num_workers; ++i)
{
boost::asio::post(worker_threads, [io_worker_threads]() {
io_worker_threads->run();
});
}
managedStore::InitializeManagedStore(&config, io.get(),
io_worker_threads,
subscriptionService.get(),
systemBusPtr.get());
#ifdef BMCWEB_ENABLE_GRPC
bool multi_thread_get = absl::GetFlag(FLAGS_multi_thread_get);
LOG(WARNING) << "multi_thread_get enabled: " <<
(multi_thread_get ? "true" : "false");
RedfishServiceConfig secure_service_config{
.port = absl::GetFlag(FLAGS_mtls_grpc_port),
.multi_thread_get = multi_thread_get,
.enable_tlbmc = enable_tlbmc,
.generate_testing_events = generate_testing_events,
.enable_fast_sanity = absl::GetFlag(FLAGS_enable_fast_sanity),
.tlbmc_allow_sensor_creation_failure = absl::GetFlag(FLAGS_tlbmc_allow_sensor_creation_failure),
};
#ifdef ENABLE_LOAS3_VALIDATION
secure_service_config.check_loas3_policy = true;
LOG(WARNING) << "check_loas3_policy is enabled";
#endif
GrpcRedfishService grpc_service(&app, tlbmc_app.get(), io,
io_worker_threads, secure_service_config,
subscriptionService.get());
#ifdef BMCWEB_ENABLE_INSECURE_GRPC
std::cerr << "insecure grpc opened!\n";
RedfishServiceConfig insecure_config{
.port = absl::GetFlag(FLAGS_insecure_grpc_port),
.self_signed_key_cert_path = "/var/volatile/self_signed_key_cert2.pem",
.multi_thread_get = multi_thread_get,
.enable_tlbmc = enable_tlbmc,
.enable_insecure_server = true,
.enable_fast_sanity = absl::GetFlag(FLAGS_enable_fast_sanity),
};
GrpcRedfishService insecure_grpc_service(
&app, tlbmc_app.get(), io, io_worker_threads, insecure_config, nullptr);
#endif
#endif
// These have to be registered after managedStore initialization
#ifdef BMCWEB_ENABLE_SSL
BMCWEB_LOG_INFO << "Start Hostname Monitor Service...";
crow::hostname_monitor::registerHostnameSignal();
#endif
bmcweb::registerUserRemovedSignal();
#ifdef PLATFORM_PLUGINS_ENABLED
redfish_plugin::loadPlatformPlugins();
#endif
#ifdef GOOGLE_COMMON_PLUGINS_ENABLED
redfish_plugin::loadGooglePlugins();
#endif
#ifdef GOOGLE_PLUGINS_INTERNAL_ENABLED
redfish_plugin::loadGooglePluginsInternal();
#endif
app.validate();
app.run();
// This will block forever, so skipping these in unit test builds
#ifndef UNIT_TEST_BUILD
io->run();
io_worker_threads->stop();
worker_threads.join();
#endif
return 0;
}