search

openbmc / bmcweb

A do everything Redfish, KVM, GUI, and DBus webserver for OpenBMC
Apache License 2.0
156 stars 131 forks source link

Redfish GracefulRestart flushes out bmc web session on reset #158

Closed gkeishin closed 3 years ago

gkeishin commented 3 years ago

The new BMC web bump / recent broke the Session persistency on BMC reset. It flushes out the existing valid session from the BMC. This is a new regression here.

Test:

$ curl -k -H "Content-Type: application/json" -X POST https://${BMC_IP}/login -d '{"username" :  "root", "password" :  "xxxxxxxx"}'
{
  "token": "LYlONP1b7XU0yCdyEOZ0"
}

Just to check the session 

$ redfishtool -r xx.xx.xx.xx -u root -p xxxxxxxx -S Always raw GET /redfish/v1/SessionService/Sessions/
{
    "@odata.id": "/redfish/v1/SessionService/Sessions/",
    "@odata.type": "#SessionCollection.SessionCollection",
    "Description": "Session Collection",
    "Members": [
        {
            "@odata.id": "/redfish/v1/SessionService/Sessions/QyTokLECPB"
        }
    ],
    "Members@odata.count": 1,
    "Name": "Session Collection"
}
$ export bmc_token=LYlONP1b7XU0yCdyEOZ0
$ curl -k -H "X-Auth-Token: $bmc_token" -X POST https://${BMC_IP}/redfish/v1/Managers/bmc/Actions/Manager.Reset -d '{"ResetType": "GracefulRestart"}'
{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_0_0.Message",
      "Message": "Successfully Completed Request",
      "MessageArgs": [],
      "MessageId": "Base.1.8.1.Success",
      "MessageSeverity": "OK",
      "Resolution": "None"
    }
  ]
}

Once BMC reboots to standby

$  curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${BMC_IP}/redfish/v1/Managers/bmc/ -vv
* About to connect() to xx.xx.xx.xx port 443 (#0)
*   Trying 9.41.165.233...
* Connected to xx.xx.xx.xx (9.41.165.233) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=testhost,O=OpenBMC,C=US
*       start date: Oct 21 13:42:38 2020 GMT
*       expire date: Oct 19 13:42:38 2030 GMT
*       common name: testhost
*       issuer: CN=testhost,O=OpenBMC,C=US
> GET /redfish/v1/Managers/bmc/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xx.xx.xx.xx
> Accept: */*
> X-Auth-Token: LYlONP1b7XU0yCdyEOZ0
>
< HTTP/1.1 401 Unauthorized
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: DENY
< Pragma: no-cache
< Cache-Control: no-Store,no-Cache
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
< Date: Wed, 21 Oct 2020 16:34:40 GMT
< Content-Length: 12
<
* Connection #0 to host xx.xx.xx.xx left intact
Unauthorized

We can see there is NO Session.. So it looks like the new reset flush out the valid sessions without explicitly clearing it out. 

$ redfishtool -r xx.xx.xx.xx -u root -p xxxxxxxx -S Always raw GET /redfish/v1/SessionService/Sessions/
{
    "@odata.id": "/redfish/v1/SessionService/Sessions/",
    "@odata.type": "#SessionCollection.SessionCollection",
    "Description": "Session Collection",
    "Members": [],
    "Members@odata.count": 0,
    "Name": "Session Collection"
}
gkeishin commented 3 years ago 
10:12:26 pm - gkeishin1: looks like the new bmcweb regressed during bmc reset..
10:12:52 pm - edtanous: what's it doing?
10:12:53 pm - gkeishin1: on BMC GracefulRestart it  flushes out all the existing session from the bmc
10:12:56 pm - gkeishin1: https://github.com/openbmc/bmcweb/issues/158
10:14:35 pm - edtanous: how long has it been since you last tested?
10:14:52 pm - edtanous: the most suspicious change is one of mine: https://github.com/openbmc/bmcweb/commit/5fb91ba400e0482813cf5e1a86fdca17468d0a6a#diff-4552ac9850dd8ba081a8e8b6af18777bdc54d11a412902186871f3b28a3884ce
10:15:26 pm - edtanous: that was merged a couple weeks ago
10:16:30 pm - bjwyman [~bjwyman@199-48-94-80.rochmnaa.metronetinc.net] entered the room.
10:17:17 pm - gkeishin1: On master it been sometime since I ran test.. I just saw this morning when running test on latest master to verify certain things.. while i was debugging other things..
10:26:25 pm - edtanous: if it's easy to reproduce, would you mind trying to revert that commit, and see if that fixes it?
10:32:49 pm - gkeishin1: yeah.. sure.. will try that..
gkeishin commented 3 years ago

looks working with the revert.