Redfish on OpenBMC
Yugi Mani
yupalani at microsoft.com
Tue Feb 6 14:39:43 AEDT 2018
Hi All,
Here are some more requirements based on our experience with Redfish:
1. Concurrency
Web Server and Framework should be able to serve multiple GET requests at a time. POST/PATCH/PUT/DELETE requests can be sequential.
2. Deterministic
Service should be time deterministic, both boot time and run time. Concurrency shall not impact deterministic property of the service. All requests shall be responded (success/failure) within acceptable time limits. Where some requests cannot be completed within time limits, service shall respond with status and expected time to complete.
3. Cached Data
Data shall be cached by Redfish service and updated on dbus signals. Collecting required information on demand adversely impacts performance. Redfish should rather cache the information and keep updating its cache on notification from dbus that the property(ies) of interest has been modified.
4. Platform dependent/independent layer
Shall provide a clear isolation between core vs platform properties. Can consider object oriented approach for platform & oem layer to override core methods and objects. Customized hooks and handlers can be provided by platform layer while the data model between layers is maintained consistent across platforms.
5. DMTF Support
Redfish have quite a lot of gaps in some of the basic requirements of a BMC.
1. FRU & FRU Collection Schema
2. Sensor & Sensor Collection Schema
3. Component Firmware Update (PSU, BIOS, CPLD, etc)
4. Master Write-Read
5. Clear PSU Faults
We need DMTF to actively add/update Redfish schemas that are fundamental to any BMC
7. Error Codes
Redfish LogEntry schema doesn’t offer a placeholder for error codes that automation tools can read to categorize the events and trigger actuators. One option is to reuse OEM field.
8. Pagination
Event logs can get too big and paginated view is helpful
1. Filtering
Query parameter to filter the response limited to certain criteria
1. Anchors
Schemas like Chassis and Manager have a bunch of properties that not all requests might be interested in. It is better to be able to request just a fragment of a resource using ‘#’.
1. Rate Limiting
Server shall return HTTP 429 when number of requests cross max limit permissible from a client. We need some protection against Denial of Service.
Here’s our response to questions
Do you have a redfish server implementation?
[MSFT] Yes
Is it Open Source?
[MSFT] Not yet, but will be open sourced after LF transfer
If not, are you planning on open sourcing it?
[MSFT] Yes
What is the license?
[MSFT] MIT
Is it posted to github or other public source control?
[MSFT] Not yet, after LF transfer
Does it pass the DMTF redfish service validator?
[MSFT] In progress. Validator tool ran but didn’t generate a report and conformance tool need to be ported to Python 2.7.
What language is it written in?
[MSFT] Python 2.7
How big is it?
[MSFT] Size is approximately 650KB (CherryPy + Bottle), not including python, schema and templates
Can it be easily extended/re-used by anybody else shipping compliant openbmc implementations?
[MSFT] It is integrated with a fork of OpenBMC and being shipped in few expansion box products at Microsoft.
Can you add OEM extensions to existing Redfish Resources without "forking" the codebase?
[MSFT} No, it is a flat structure now and any customization would require forking
Can you change the implementation for a single Redfish Resource Property without forking?
[MSFT] No
Can you add new Redfish Resources without forking?
[MSFT] No
Performance, How fast is it?
[MSFT] Attached are some preliminary benchmarking results from one of our Redfish implementations using uwsgi as web server. We can also share similar results for another implementation with cherrypy.
Does it implement SSL?
[MSFT] Yes
What is the security model?
[MSFT] Basic authentication (user/pwd)
Non-root support? Can it run as a non-privileged user?
[MSFT] Good question. Currently it is running as root, we haven’t tried non-root though.
Does it implement basic authentication and the redfish spec x-auth-token authentication?
[MSFT] Basic auth only
Does it implement the redfish standard privilege map model?
[MSFT] We have one user only. We don’t have account service, role and privilege.
For writing a UI on top of redfish, something like SSE is a nice-to-have to avoid polling in the browser. There are a couple of proposed SSE extensions that have not yet been approved.
How much work to implement SSE support to do things like watch Property changes?
Is the standard redfish eventing model supported?
Security model integrated with eventing? Do eventing records get the same security treatment as GET requests?
[MSFT] EventService, Server-Sent Event and UI are not a requirement for us. If those were to be supported, an option to enable/disable these features as needed at build-time would be better.
Development: can it run outside of openbmc?
[MSFT] Implemented using Python 2.7, so should run on any platform. But it also tries to access local files and dbus objects. It likely would require some changes to run outside of openbmc.
Thanks,
Yugi
From: Ali Larijani
Sent: Thursday, February 1, 2018 10:29 AM
To: Paul.Vancil at dell.com; hramasub at in.ibm.com; Michael.E.Brown at dell.com
Cc: Balaji.B.Rao at dell.com; bradleyb at fuzziesquirrel.com; ed.tanous at intel.com; jwcarman at us.ibm.com; openbmc at lists.ozlabs.org; pradeep.kumar36 at tcs.com; rolfb at us.ibm.com; Yugi Mani <yupalani at microsoft.com>; Chris Ong <Chris.Ong at microsoft.com>
Subject: RE: Redfish on OpenBMC
+MSFT: Chris Ong and Yugi Mani
From: Paul.Vancil at dell.com<mailto:Paul.Vancil at dell.com> [mailto:Paul.Vancil at dell.com]
Sent: Thursday, February 1, 2018 10:09 AM
To: hramasub at in.ibm.com<mailto:hramasub at in.ibm.com>; Michael.E.Brown at dell.com<mailto:Michael.E.Brown at dell.com>
Cc: Ali Larijani <alirhas at microsoft.com<mailto:alirhas at microsoft.com>>; Balaji.B.Rao at dell.com<mailto:Balaji.B.Rao at dell.com>; bradleyb at fuzziesquirrel.com<mailto:bradleyb at fuzziesquirrel.com>; ed.tanous at intel.com<mailto:ed.tanous at intel.com>; jwcarman at us.ibm.com<mailto:jwcarman at us.ibm.com>; openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>; pradeep.kumar36 at tcs.com<mailto:pradeep.kumar36 at tcs.com>; rolfb at us.ibm.com<mailto:rolfb at us.ibm.com>
Subject: RE: Redfish on OpenBMC
Michael, Brad, all,
Hello. This is a good list of attributes and agree with Hari’s additions…
Balaji and I are in final phase of pushing our ‘RedDrum’ python Redfish service into open source with the openBMC recipes.
Im expecting to have the python code open by Mon and then next week will get the openBMC recipe in. We are manually copying over the files now.
Next week we should be able to answer the initial list of questions for RedDrum.
Nice to see there is a lot of interest and multiple implementations coming!
Thanks
paulv
From: Hariharasubramanian Ramasubramanian [mailto:hramasub at in.ibm.com]
Sent: Thursday, February 1, 2018 3:09 AM
To: Brown, Michael E <Michael_E_Brown at Dell.com<mailto:Michael_E_Brown at Dell.com>>
Cc: alirhas at microsoft.com<mailto:alirhas at microsoft.com>; Rao, Balaji B <Balaji_B_Rao at dell.com<mailto:Balaji_B_Rao at dell.com>>; bradleyb at fuzziesquirrel.com<mailto:bradleyb at fuzziesquirrel.com>; ed.tanous at intel.com<mailto:ed.tanous at intel.com>; jwcarman at us.ibm.com<mailto:jwcarman at us.ibm.com>; openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>; Vancil, Paul <Paul_Vancil at Dell.com<mailto:Paul_Vancil at Dell.com>>; pradeep.kumar36 at tcs.com<mailto:pradeep.kumar36 at tcs.com>; rolfb at us.ibm.com<mailto:rolfb at us.ibm.com>
Subject: RE: Redfish on OpenBMC
Hi Michael,
Thanks for enumerating the attributes for comparison.
I want to list down a few additional criteria that may be evaluated:
1) Data-Driven Resource Discovery:
- The Redfish server should ideally build it's resource model from a "config file". This config file could potentially be hand-coded or built out of a "system definition file". The following are examples of system definition files for 2 of the systems currently running OpenBMC firmware.
https://raw.githubusercontent.com/open-power/zaius-xml/master/zaius.xml<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fraw.githubusercontent.com%2Fopen-power%2Fzaius-xml%2Fmaster%2Fzaius.xml&data=02%7C01%7Calirhas%40microsoft.com%7C6b626a275d0b4901593508d5699ee11f%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C0%7C636531053471617424&sdata=TehYNgGzaVh62ZXIryh9kaZb9ZzX37zL7%2FKats9Lu0U%3D&reserved=0>
https://raw.githubusercontent.com/open-power/witherspoon-xml/master/witherspoon.xml<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fraw.githubusercontent.com%2Fopen-power%2Fwitherspoon-xml%2Fmaster%2Fwitherspoon.xml&data=02%7C01%7Calirhas%40microsoft.com%7C6b626a275d0b4901593508d5699ee11f%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C0%7C636531053471617424&sdata=TivQgnXdZSJ9HoxcMjdFSDOBjCKeecvAkZHADiYuTbg%3D&reserved=0>
The system architecture (sled vs blade etc.), number of processors, number of fans etc. can be determined from the system definition file to generate the config file.
The intent is to make the redfish implementation as system agnostic as possible.
2) Separation of the Redfish front-end (view) and back-end (infrastructure) layers. The infrastructure API exposed as dbus services would be one of the means to make this separation of concerns.
3) Performance :
- Runtime memory foot print.This could potentially have a negative impact on "how fast" the server is. Hence the trade-off should consider what can be cached vs what needs to be queried from the infrastructure.
- Michael, why did you consider SSL being separately implemented by the Redfish server? Would this be in the scope of the webserver ?
4) Eventing: Current version of the Redfish spec has left it open for the OEMs to define the specific Event Messages. i.e. there is no standard / common Event Registry. Redfish server implementation on the OpenBMC should define this common Event Registry and perhaps accepted by DMTF. Does the Eventing support filtering of events based on the event type, source resource and the message Id ?
5) Leverage existing open source projects:
- Does the implementation compose existing services and frameworks ? Such as a webserver(say, nginx) and a rest framework (flask).
regards,
Hari !
[Inactive hide details for ---01/31/2018 10:17:36 PM---So, I think that the first thing we ought to do is get a survey of the di]---01/31/2018 10:17:36 PM---So, I think that the first thing we ought to do is get a survey of the different implementations tha
From: <Michael.E.Brown at dell.com<mailto:Michael.E.Brown at dell.com>>
To: <bradleyb at fuzziesquirrel.com<mailto:bradleyb at fuzziesquirrel.com>>
Cc: <alirhas at microsoft.com<mailto:alirhas at microsoft.com>>, <Balaji.B.Rao at dell.com<mailto:Balaji.B.Rao at dell.com>>, <Paul.Vancil at dell.com<mailto:Paul.Vancil at dell.com>>, <ed.tanous at intel.com<mailto:ed.tanous at intel.com>>, <rolfb at us.ibm.com<mailto:rolfb at us.ibm.com>>, <jwcarman at us.ibm.com<mailto:jwcarman at us.ibm.com>>, <hramasub at in.ibm.com<mailto:hramasub at in.ibm.com>>, <pradeep.kumar36 at tcs.com<mailto:pradeep.kumar36 at tcs.com>>, <openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>>
Date: 01/31/2018 10:17 PM
Subject: RE: Redfish on OpenBMC
________________________________
So, I think that the first thing we ought to do is get a survey of the different implementations that are out there, and establish criteria for judging different implementations.
Here would be a list of questions I would have for everybody on the list. I think it would probably be best to compile all of these into a wiki page somewhere.
- Do you have a redfish server implementation?
- Is it Open Source?
- If not, are you planning on open sourcing it?
- What is the license?
- Is it posted to github or other public source control?
- Does it pass the DMTF redfish service validator?
- What language is it written in?
- How big is it?
- Can it be easily extended/re-used by anybody else shipping compliant openbmc implementations?
- Can you add OEM extensions to existing Redfish Resources without "forking" the codebase?
- Can you change the implementation for a single Redfish Resource Property without forking?
- Can you add new Redfish Resources without forking?
- Performance
- How fast is it?
- Does it implement SSL?
- Security
- What is the security model?
- Non-root support? Can it run as a non-privileged user?
- Does it implement basic authentication and the redfish spec x-auth-token authentication?
- Does it implement the redfish standard privilege map model?
- Eventing:
- For writing a UI on top of redfish, something like SSE is a nice-to-have to avoid polling in the browser. There are a couple of proposed SSE extensions that have not yet been approved.
- How much work to implement SSE support to do things like watch Property changes?
- Is the standard redfish eventing model supported?
- Security model integrated with eventing? Do eventing records get the same security treatment as GET requests?
- Development: can it run outside of openbmc?
- Special sauce: is there anything not captured above that makes the implementation special in any way?
--
Michael
-----Original Message-----
From: Brad Bishop [mailto:bradleyb at fuzziesquirrel.com]
Sent: Tuesday, January 30, 2018 7:30 PM
To: Brown, Michael E <Michael_E_Brown at Dell.com<mailto:Michael_E_Brown at Dell.com>>
Cc: alirhas at microsoft.com<mailto:alirhas at microsoft.com>; Rao, Balaji B <Balaji_B_Rao at dell.com<mailto:Balaji_B_Rao at dell.com>>; Vancil, Paul <Paul_Vancil at Dell.com<mailto:Paul_Vancil at Dell.com>>; Tanous, Ed <ed.tanous at intel.com<mailto:ed.tanous at intel.com>>; rolfb at us.ibm.com<mailto:rolfb at us.ibm.com>; jwcarman at us.ibm.com<mailto:jwcarman at us.ibm.com>; Hariharasubramanian Ramasubramanian <hramasub at in.ibm.com<mailto:hramasub at in.ibm.com>>; pradeep.kumar36 at tcs.com<mailto:pradeep.kumar36 at tcs.com>; OpenBMC Maillist <openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>>
Subject: Redfish on OpenBMC
Hi Michael
The project could really use someone to get everyone that has expressed interest in the future of Redfish support in OpenBMC rowing in the same direction. So thank you for volunteering to lead that conversation at the community call yesterday.
I’ve CC’ed everyone that I know of that has expressed an interest.
OpenBMC community: feel free to speak up if you’d like to be involved and I forgot you.
The only thing I’d ask is to please post links to any meetings, minutes, or correspondence here on the list, so everyone can easily keep up with how things are going or jump in to provide feedback.
thanks again
-brad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180206/96bd0709/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 105 bytes
Desc: image001.gif
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180206/96bd0709/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Redfish benchmarking.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 24332 bytes
Desc: Redfish benchmarking.docx
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180206/96bd0709/attachment-0001.docx>
More information about the openbmc
mailing list