The second invocation shows two active sessions. In the following screenshot, we removed the logout command and launched the script twice. As a result, the previous session is still active in the iLO and present in the Redfish web server although not used by anybody anymore! During the next invocation of the script, ilorest login will ask again for a session creation and will overwrite the token generated during the first invocation with the new one and then perform the requested GET operations with this new token. In that case, the opened session will stay active in the iLO and in Redfish. What happens if we omit this last logout command in a script using the Token authentication method? Among other things explained further, ilorest logout asks the Redfish server to disconnect its iLO session and to delete the corresponding Redfish record in the Redfish session manager. The last command of the previous script is an ilorest logout operation. Reaching the iLO maximum number of connections with OOB scripts This is the proof that both ilorest calls used the same token to authenticate. It appears that both lists contains one identical record. The script starts with a login command and then retrieves twice the session list. The following script illustrates the different behavior in terms of session management between the OAuth 2.0 protocol and the Basic Authentication processes. The HPE ilorest interface tool uses this token session mechanism and stores the token somewhere in the file system of the Redfish client.
Subsequent HTTP operations will be authorized using the session token. In return the Redfish server sends a unique session token and associated session location to the Redfish client. A successful Redfish session creation is synonym of the creation of an iLO session. OOB management with OAuth 2.0 authenticationįor more complex operations, a better way to connect to a Redfish server is to use the OAuth 2.0 mechanism to create a session object in the Redfish session manager. However, basic authentication does not suite all the needs of server management. Said differently, the risk of reaching the maximum number of iLO sessions with this technique is very low. This is due to the Basic Authentication mechanism which deletes automatically the session after completion of the HTTP GET request.Īs a conclusion, the basic authentication mechanism, no matter the used tool, has the advantage of self-cleaning the session list. However, they don't interact with our demonstration.Įach invocation of the script returns a list composed of a single but different iLO session. For clarity reasons, we use as well the -silent and -insecure options. In the following screenshot we use the popular curl tool and its Basic Authentication mechanism ( -user user:password) to login and retrieve the active iLO session list. Each and every iLO successful login creates an entry at this URI. When this service is enabled, iLO active sessions are listed below the Sessions sub-tree of the service. Session management using the Redfish RESTful API is performed with the /redfish/v1/SessionService Redfish object. This method suits perfectly in Chef or Puppet management infrastructures. The application reaches the iLO through an internal path in the server (i.e. With the in-band management technique, you start the management application in the operating system of the managed server.
Server management and deployment using Ansible scripts is a typical use case of OOB. Using the IP address of the managed server (or its iLO) and privileged credentials, the remote application is able to connect and perform management tasks.
Out-of-band (OOB) management consists of starting a management application on a system different from the managed server.
#Hp ilo 4 sample scripts manual#
Reaching the maximum number of sessions can lead to embarrassing situations where server management operations are impossible until active connections are automatically disconnected after the pre-defined timeout or a manual / physical iLO reset is performed.Īs a companion document to a Customer Advisory notification published earlier this year, we'd like to explain the typical contexts generating this problem as well as best practices to prevent it using the Redfish RESTful API.įor reaching this goal, we need first to explain the two common management techniques as well as the session management object in Redfish. HPE Integrated Lights-Out (iLO) accepts a limited number of HTTP sessions.
0 kommentar(er)
