Discussion on IPMI provider libraries

tomjose tomjose at linux.vnet.ibm.com
Tue Nov 8 21:09:13 AEDT 2016 


On Tuesday 08 November 2016 01:55 AM, Brendan Higgins wrote:
> Sharing the provider libraries makes sense; my first area of concern 
> is the API; I am currently working on a change to the API (see 
> https://gerrit.openbmc-project.xyz/#/c/841/ 
> <https://gerrit.openbmc-project.xyz/#/c/841/> for details); I would 
> prefer you do not make any changes to the current API, but understand 
> if the need arises before my change is ready.
 From what i have noticed in the patch, there is support for 
ipmid_callback_t handlers  as it is now. So the change in API is to 
accommodate the OEM group ?
So do you have plans to change the callback signatures for the standard 
commands already implemented in host-ipmid?

>
> Could you elaborate on how you plan on enforcing privilege? Having 
> each provider check privilege level seems like a leaky abstraction to 
> me; I think it would make more sense to have privilege managed by the 
> host-ipmid and the net-ipmid.
Table G - Command Number Assignments and Privilege Levels in the IPMI 
specification gives more details on this.

Each command is assigned a privilege level( Callback, User, Operator, 
Admin) which means that the command can be executed only on a session 
with this privilege or higher.
So if a command needs be executed on net-ipmid path, one of the 
attribute needed for net-ipmid is the command's privilege level.
The privilege provided by each command is a registration parameter and 
it is consumed only by net-ipmid.

As part of the same issue, i am separating commands that need to be 
executed from system interface as a separate library.

The provider libraries is now copied into /usr/lib/host-ipmid. The plan 
is to have the /usr/lib/ipmid-providers as the default install location 
for all providers
and then symlink into /usr/lib/host-ipmid and /usr/lib/net-ipmid 
depending on whether the provider library is needed in out-of-band or 
in-band path.
>
> As far as the actual details concerning phosphor-net-ipmid: I do not 
> have strong opinions on the matter as Google has no intention of using 
> IPMI over LAN at this time, but would welcome discussion on the matter 
> nonetheless.
>
> Cheers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20161108/bba8af7f/attachment.html>

More information about the openbmc mailing list