BMC redundancy

Deepak Kodihalli dkodihal at linux.vnet.ibm.com
Sat Feb 3 19:08:47 AEDT 2018 

On 03/02/18 2:40 am, Vernon Mauery wrote:
> On 02-Feb-2018 11:18 AM, Andrew Jeffery wrote:
>> Hi Deepak,
>>
>>> So several of the existing OpenBMC apps implement specific D-Bus
>>> services. What does it take to make remote D-Bus calls to such apps?
>>> - It doesn't look like the D-Bus spec or libdbus officially has anything
>>> for D-Bus across computers. There are some good notes at
>>> https://www.freedesktop.org/wiki/Software/DBusRemote/.
>>
>> Applications can cannect to remote dbus servers; the --address option 
>> to dbus-daemon allows it to listen on a TCP socket and setting 
>> DBUS_SESSION_BUS_ADDRESS will point applications in the right 
>> direction. So there are probably two ways we could do this:
> 
> Putting DBus on an externally-available TCP socket is a security 
> architect's nightmare. All command and control of the entire BMC is done 
> over DBus; we cannot put that on an externally-available address. I 
> suppose if you have an internal connection and switching fabric between 
> the nodes, this would be possible.

This shouldn't be a problem though with SSH forwarding, with a proxy 
D-Bus daemon for example. 
https://www.freedesktop.org/wiki/Software/DBusRemote/ talks about 
another issue with SSH forwarding D-Bus, which I haven't fully 
understood. I know that the Gabriel project took the SSH forwarding route.

Regards,
Deepak

> --Vernon
> 
>> 1. Slave BMCs connect to the master's DBus daemon, and applications 
>> namespace their objects appropriately. Multi-BMC aware applications on 
>> the master access the namespaced objects as required
>> 2. Slave BMCs are willfully ignorant of their role, with the master 
>> connecting to the slaves' DBus daemons to form a coherent global view 
>> of the bus for its multi-BMC aware applications, which access the 
>> remote objects as required.
>>
>> Given the support DBus has today it might be easier to go for 1 than 
>> for 2, if we go down this path at all.
>>
>> [1] https://dbus.freedesktop.org/doc/dbus-daemon.1.html
>>
>>> - There are ways to achieve this via Qt D-Bus, but it would involve some
>>> amount tweaking with the D-Bus configs.
>>> - I'm not aware of any open/active project implementing remote D-Bus.
>>
>> Here is someone's attempt at making it easier: 
>> http://gabriel.sourceforge.net/howto.html though you would struggle to 
>> say it's active given the last contribution was 2013-05-14.
>>
>>> - Thoughts on doing remote D-Bus over WebSockets?
>>
>> How do websockets come into the picture? Why do we need the extra 
>> complication vs normal sockets?
>>
>> Cheers,
>>
>> Andrew
>

More information about the openbmc mailing list