Use cases: what interface should admins be allowed to disable?

[Joseph Reynolds]

What network interfaces does your BMC support?  Do you want to allow the 
BMC admin to disable them?
Please help provide use cases and guidance.  This is for current work in 
this area: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39006

Discussion:

OpenBMC provides several network interfaces including:
  - HTTP - either as access to BMCWeb without transport layer security, 
or as a redirect to HTTPS (pending review)
  - HTTPS - access to the BMCWeb server
  - SSH - access to both the BMC's command shell (port 22) and the 
host's console (port 2200)
  - IPMI (RAKP)
  - NTP

See detailed interface discussion here: 
https://github.com/openbmc/docs/blob/master/architecture/interface-overview.md


BMCWeb currently implements a Redfish API (ManagerNetworkProtocol) for 
the BMC admin to enable and disable network interfaces.  This interface 
is being enhanced by the gerrit review linked above.  We are trying to 
determine how this should work.

I wrote down my preferences here: 
https://github.com/ibm-openbmc/dev/issues/1763  and I understand others 
will have different use cases.  So, the purpose of this email is to 
understand how to move forward.  I also understand some use cases will 
completely disable various interfaces.  For example, some users may 
completely remove IPMI functions from the firmware image.

For each interface, I see three possible configurations:
1. The interface is not present in the image.  Naturally, the admin 
shall have no way to enable this interface (because it is not present).  
For example, we want IPMI eventually to be configured out of the image.
2. The interface is present in the image but the admin shall have no way 
to disable it.  For example, SSH is present and the admin has no API to 
disable it.  Another example, disabling HTTPS would prevent Redfish 
access, and then the admin may lock themselves out of the BMC.  This is 
not a desirable situation.
3. The interface is present in the image and the admin shall have a way 
to enable and disable it.  For example, this capability already exists 
in BMCWeb for IPMI and NTP.  The case for SSH is discussed in issue 1763 
linked above.

How can these configurations be implemented?
1. When the interface is not present in the image -- Write bitbake 
recipes to configure/build the feature out of the image, and also 
configure BMCWeb so it cannot enable/disable that interface.
2. When the interface is present and should always remain enabled -- 
Configure BMCWeb so it cannot enable/disable the interface.
3. When the interface is present and the admin shall have a way to 
enable and disable it -- First, if needed, enhance the BMCWeb Redfish 
API to allow the admin to enable and disable the interface. Then 
configure BMCWeb to allow that.

I propose project defaults as follows:
  - HTTP - interface present and redirects to HTTP / admin allowed to 
enable and disable.
  - HTTPS - always enabled (the admin is not allowed to disable it)
  - SSH - present in the image & admin allowed to enable and disable
  - IPMI - present in the image & admin allowed to enable and disable
  - NTP - present in the image & admin allowed to enable and disable

Oops, I wrote too much!  Feedback here or in the gerrit review is 
appreciated.

- Joseph