2021年7月18日 星期日

Redfishtool 的安裝和使用


redfishtool is a commandline tool that implements the client side of the Redfish RESTful API for Data Center Hardware Management.
redfishtool是一個命令行工具,用於實現用於數據中心硬件管理的 Redfish RESTful API 的客戶端。

Redfishtool,是DMTF用python3來開發的,我們可以透過redfishtool來下指令給redfish,但通常很少會用到這個tool,因為postman和curl其實就很好用了,但基於好奇,我在自己的模擬器裡面安裝來玩看看,安裝指令

Update the package ind
$ sudo apt-get update

Install redfishtool deb package:
$ sudo apt-get install redfishtool

安裝成功後,可以下"redfishtool -V"來查看版本

$ redfishtool -V
redfishtool Version: 1.1.5

查看有哪些指令可以使用

$ redfishtool -h
   Usage:
     redfishtool:    {} [OPTIONS]  <SubCommand> <operation> [<args>]...
     redfishtool:    {} [OPTIONS]  hmraw  <method> <hmUrl> [<data>]
 
  Common OPTIONS:
   -V,          --version           -- show redfishtool version, and exit
   -h,          --help              -- show Usage, Options, and list of subCommands, and exit
   -v,          --verbose           -- verbose level, can repeat up to 5 times for more verbose output
                              -v(header), -vv(+addl info), -vvv(Request trace), -vvvv(+subCmd dbg), -vvvvv(max dbg)
   -s,          --status            -- status level, can repeat up to 5 times for more status output
                               -s(http_status),
                               -ss(+r.url, +r.elapsed executionTime ),
                               -sss(+request hdrs,data,authType, +response status_code, +response executionTime,
                                    +login auth token/sessId/sessUri)
                               -ssss(+response headers), -sssss(+response data
   -u <user>,   --user=<usernm>     -- username used for remote redfish authentication
   -p <passwd>, --password=<passwd> -- password used for remote redfish authentication
   -r <rhost>,  --rhost=<rhost>     -- remote redfish service hostname or IP:port
   -t <token>,  --token=<token>     -- redfish auth session token-for sessions across multiple calls
   -q,          --quiet             -- quiet mode--suppress error, warning, and diagnostic messages
   -c <cfgFile>,--config=<cfgFile>  -- read options (including credentials) from file <cfgFile>
   -T <timeout>,--Timeout=<timeout> -- timeout in seconds for each http request.  Default=10
 
   -P <property>, --Prop=<property> -- return only the specified property. Applies only to all "get" operations
   -E, --Entries                    -- Fetch the Logs entries. Applies to Logs sub-command of Systems, Chassis and Managers
 
  Options used by "raw" subcommand:
   -d <data>    --data=<data>       -- the http request "data" to send on PATCH,POST,or PUT requests
 
  Options to specify top-level collection members: eg: Systems -I <sysId>
   -I <Id>, --Id=<Id>               -- Use <Id> to specify the collection member
   -M <prop>:<val> --Match=<prop>:<val>-- Use <prop>=<val> search to find the collection member
   -F,  --First                     -- Use the 1st link returned in the collection or 1st "matching" link if used with -M
   -1,  --One                       -- Use the single link returned in the collection. Return error if more than one member exists
   -a,  --all                       -- Returns all members if the operation is a Get on a top-level collection like Systems
   -L <Link>,  --Link=<Link>        -- Use <Link> (eg /redfish/v1/Systems/1) to reference the collection member.
                                    --   If <Link> is not one of the links in the collection, and error is returned.
  Options to specify 2nd-level collection members: eg: Systems -I<sysId> Processors -i<procId>
   -i <id>, --id=<id>               -- use <id> to specify the 2nd-level collection member
   -m <prop>:<val> --match=<prop>:val>--use <prop>=<val> search of 2nd-level collection to specify member
   -l <link>  --link=<link>         -- Use <link> (eg /redfish/v1/SYstems/1/Processors/1) to reference a 2nd level resource
                                    --   A -I|M|F|1|L option is still required to specify the link to the top-lvl collection
   -a,  --all                       -- Returns all members of the 2nd level collection if the operation is a Get on the
                                    --   2nd level collection (eg Processors). -I|M|F|1|L still specifies the top-lvl collection.
 
  Additional OPTIONS:
   -W <num>:<connTimeout>,          -- Send up to <num> {GET /redfish} requests with <connTimeout> TCP connection timeout
         --Wait=<num>:<ConnTimeout> --   before sending subcommand to rhost.  Default is -W 1:3
   -A <Authn>,   --Auth <Authn>     -- Authentication type to use:  Authn={None|Basic|Session}  Default is Basic
   -S <Secure>,  --Secure=<Secure>  -- When to use https: (Note: doesn't stop rhost from redirect http to https)
                                       <Secure>={Always | IfSendingCredentials | IfLoginOrAuthenticatedApi(default) }
   -R <ver>,  --RedfishVersion=<ver>-- The Major Redfish Protocol version to use: ver={v1(dflt), v<n>, Latest}
   -C         --CheckRedfishVersion -- tells Redfishtool to execute GET /redfish to verify that the rhost supports
                                       the specified redfish protocol version before executing a sub-command.
                                       The -C flag is auto-set if the -R Latest or -W ... options are selected
   -N,        --NonBlocking         -- Do not wait for asynchronous requests to complete.
   -n,        --no-proxy            -- Ignore any PROXY environment variables.
   -H <hdrs>, --Headers=<hdrs>      -- Specify the request header list--overrides defaults. Format "{ A:B, C:D...}"
   -D <flag>,  --Debug=<flag>       -- Flag for dev debug. <flag> is a 32-bit uint: 0x<hex> or <dec> format
 
  Subcommands:
     hello                 -- redfishtool hello world subcommand for dev testing
     about                 -- display version and other information about this version of redfishtool
     versions              -- get redfishProtocol versions supported by rhost: GET ^/redfish
     root   |  serviceRoot -- get serviceRoot resouce: GET ^/redfish/v1/
     Systems               -- operations on Computer Systems in the /Systems collection
     Chassis               -- operations on Chassis in the /Chassis collection
     Managers              -- operations on Managers in the /Managers collection
     AccountService        -- operations on AccountService including user administration
     SessionService        -- operations on SessionService including Session login/logout
     odata                 -- get the Odata Service document: GET ^/redfish/v1/odata
     metadata              -- get the CSDL metadata document: GET ^/redfish/v1/$metadata
     raw                   -- subcommand to execute raw http methods(GET,PATCH,POST...) and URIs
 
  For Subcommand usage, options, operations, help:
     redfishtool <SubCommand> -h  -- usage and options for specific subCommand

我覺得redfishtool最特別的地方是它有支援很多基本的subcommand,大概可分為基本的root/odata/metadata,raw,和常用指令system, managers,account, session...等

 Subcommands:
     hello                 -- redfishtool hello world subcommand for dev testing
     about                 -- display version and other information about this version of redfishtool
     versions              -- get redfishProtocol versions supported by rhost: GET ^/redfish
     root   |  serviceRoot -- get serviceRoot resouce: GET ^/redfish/v1/
     Systems               -- operations on Computer Systems in the /Systems collection
     Chassis               -- operations on Chassis in the /Chassis collection
     Managers              -- operations on Managers in the /Managers collection
     AccountService        -- operations on AccountService including user administration
     SessionService        -- operations on SessionService including Session login/logout
     odata                 -- get the Odata Service document: GET ^/redfish/v1/odata
     metadata              -- get the CSDL metadata document: GET ^/redfish/v1/$metadata
     raw                   -- subcommand to execute raw http methods(GET,PATCH,POST...) and URIs

接下來我開了一台BMC來測試,先Get serviceRoot(不用帳號密碼)來測試,因為目前我的BMC只支援Https,所以要加上-S Always

(https://192.168.122.160/redfish/v1)

$ redfishtool -r 192.168.122.160 -S Always root
{
    "@odata.id": "/redfish/v1",
    "@odata.type": "#ServiceRoot.v1_5_0.ServiceRoot",
    "AccountService": {
        "@odata.id": "/redfish/v1/AccountService"
    },
    "CertificateService": {
        "@odata.id": "/redfish/v1/CertificateService"
    },
    "Chassis": {
        "@odata.id": "/redfish/v1/Chassis"
    },
    "EventService": {
        "@odata.id": "/redfish/v1/EventService"
    },
    "Id": "RootService",
    "JsonSchemas": {
        "@odata.id": "/redfish/v1/JsonSchemas"
    },
    "Links": {
        "Sessions": {
            "@odata.id": "/redfish/v1/SessionService/Sessions"
        }
    },
    "Managers": {
        "@odata.id": "/redfish/v1/Managers"
    },
    "Name": "Root Service",
    "RedfishVersion": "1.9.0",
    "Registries": {
        "@odata.id": "/redfish/v1/Registries"
    },
    "SessionService": {
        "@odata.id": "/redfish/v1/SessionService"
    },
    "Systems": {
        "@odata.id": "/redfish/v1/Systems"
    },
    "Tasks": {
        "@odata.id": "/redfish/v1/TaskService"
    },
    "TelemetryService": {
        "@odata.id": "/redfish/v1/TelemetryService"
    },
    "UUID": "80c007bb-4962-5990-9c44-062efc9b84f1",
    "UpdateService": {
        "@odata.id": "/redfish/v1/UpdateService"
    }
}

我們常用Postmad/curl下的raw command也可以透過redfishtool來執行

 Usage:

   redfishtool [OPTNS] raw <method> <path>

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc raw GET /redfish/v1/Managers
{
    "@odata.id": "/redfish/v1/Managers",
    "@odata.type": "#ManagerCollection.ManagerCollection",
    "Members": [
        {
            "@odata.id": "/redfish/v1/Managers/bmc"
        }
    ],
    "Members@odata.count": 1,
    "Name": "Manager Collection"
}

POST的話可以透過-d 帶入data

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc raw POST -d "{}" /redfish/v1/Systems/system/LogServices/EventLog/Actions/LogService.ClearLog
{
    "@Message.ExtendedInfo": [
        {
            "@odata.type": "#Message.v1_1_1.Message",
            "Message": "Successfully Completed Request",
            "MessageArgs": [],
            "MessageId": "Base.1.8.1.Success",
            "MessageSeverity": "OK",
            "Resolution": "None"
        }
    ]
}

最後的subcommand,可以下"subcommand -h"看各個附加功能,等等用AccountServices來示範

Subcommands:
     Systems               -- operations on Computer Systems in the /Systems collection
     Chassis               -- operations on Chassis in the /Chassis collection
     Managers              -- operations on Managers in the /Managers collection
     AccountService        -- operations on AccountService including user administration
     SessionService        -- operations on SessionService including Session login/logout

[AccountService -h]


$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService  -h
  Usage:
   redfishtool [OPTNS]  AccountService  <operation> [<args>]  -- perform <operation> on the AccountService
  <operations>:
     [get]                     -- get the AccountService object.
     patch {A: B,C: D,...}     -- patch the AccountService w/ json-formatted {prop: value...}
     Accounts [list]           -- get the "Accounts" collection, or list "Id", username, and Url
       Accounts [IDOPTN]       --   get the member specified by IDOPTN: -i<Id>, -m<prop>:<val>, -l<link>, -a #all
     Roles [list]              -- get the "Roles" collection, or list "Id", IsPredefined, and Url
       Roles [IDOPTN]          --   get the member specified by IDOPTN: -i<Id>, -m<prop>:<val>, -l<link>, -a #all
     adduser <usernm> <passwd> [<roleId>] -- add a new user to the Accounts collection
                               -- <roleId>:{Administrator | Operator | ReadOnlyUser | <a custom roleId}, dflt=Operator
     deleteuser <usernm>       -- delete an existing user from Accouts collection
     setpassword  <usernm> <passwd>  -- set (change) the password of an existing user account
     useradmin <userName> [enable|disable|unlock|[setRoleId <roleId>]] -- enable|disable|unlock.. a user account
     setusername <id> <userName> -- set UserName for account with given Id
     examples                  -- example commands with syntax
     hello                     -- AccountService hello -- debug command

GET /redfish/v1/AccountService

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService
{
    "@odata.id": "/redfish/v1/AccountService",
    "@odata.type": "#AccountService.v1_5_0.AccountService",
    "AccountLockoutDuration": 300,
    "AccountLockoutThreshold": 10,
    "Accounts": {
        "@odata.id": "/redfish/v1/AccountService/Accounts"
    },
    "ActiveDirectory": {
        "Authentication": {
            "AuthenticationType": "UsernameAndPassword",
            "Password": null,
            "Username": ""
        },
        "LDAPService": {
            "SearchSettings": {
                "BaseDistinguishedNames": [
                    ""
                ],
                "GroupsAttribute": "",
                "UsernameAttribute": ""
            }
        },
        "RemoteRoleMapping": [],
        "ServiceAddresses": [
            ""
        ],
        "ServiceEnabled": false
    },
    "Description": "Account Service",
    "Id": "AccountService",
    "LDAP": {
        "Authentication": {
            "AuthenticationType": "UsernameAndPassword",
            "Password": null,
            "Username": ""
        },
        "Certificates": {
            "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
        },
        "LDAPService": {
            "SearchSettings": {
                "BaseDistinguishedNames": [
                    ""
                ],
                "GroupsAttribute": "",
                "UsernameAttribute": ""
            }
        },
        "RemoteRoleMapping": [],
        "ServiceAddresses": [
            ""
        ],
        "ServiceEnabled": false
    },
    "MaxPasswordLength": 20,
    "MinPasswordLength": 8,
    "Name": "Account Service",
    "Oem": {
        "OpenBMC": {
            "@odata.type": "#OemAccountService.v1_0_0.AccountService",
            "AuthMethods": {
                "BasicAuth": true,
                "Cookie": true,
                "SessionToken": true,
                "TLS": true,
                "XToken": true
            }
        }
    },
    "Roles": {
        "@odata.id": "/redfish/v1/AccountService/Roles"
    },
    "ServiceEnabled": true
} 

GET /redfish/v1/AccountService/Accounts -->list all acoounts

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService Accounts
{
    "@odata.id": "/redfish/v1/AccountService/Accounts",
    "@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
    "Description": "BMC User Accounts",
    "Members": [
        {
            "@odata.id": "/redfish/v1/AccountService/Accounts/root"
        }
    ],
    "Members@odata.count": 1,
    "Name": "Accounts Collection"
}

GET /redfish/v1/AccountService/Roles

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService  Roles
{
    "@odata.id": "/redfish/v1/AccountService/Roles",
    "@odata.type": "#RoleCollection.RoleCollection",
    "Description": "BMC User Roles",
    "Members": [
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
        },
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/Operator"
        },
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
        },
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
        }
    ],
    "Members@odata.count": 4,
    "Name": "Roles Collection"
}

Add new user "iris" as Administrator

#adduser <usernm> <passwd> [<roleId>]

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService adduser iris "123QWE@qwe" Administrator
{
    "@Message.ExtendedInfo": [
        {
            "@odata.type": "#Message.v1_1_1.Message",
            "Message": "The resource has been created successfully",
            "MessageArgs": [],
            "MessageId": "Base.1.8.1.Created",
            "MessageSeverity": "OK",
            "Resolution": "None"
        }
    ]
}

Get user iris info

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService  Accounts -i iris
{
    "@odata.id": "/redfish/v1/AccountService/Accounts/iris",
    "@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
    "AccountTypes": [
        "Redfish"
    ],
    "Description": "User Account",
    "Enabled": true,
    "Id": "iris",
    "Links": {
        "Role": {
            "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
        }
    },
    "Locked": false,
    "Locked@Redfish.AllowableValues": [
        "false"
    ],
    "Name": "User Account",
    "Password": null,
    "PasswordChangeRequired": false,
    "RoleId": "Administrator",
    "UserName": "iris"
}

delete user iris

$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService  deleteuser iris

大概操作就是上面這樣,我覺得他的指令比curl簡單一點,而且把很多設定類型的指令都包起來了,這樣給網路管理員使用的話,其實非常簡單操作,不用先把資料轉成json format,並且思考這個動作要用patch、post還是delete,我覺得是個不錯的tool

沒有留言:

張貼留言

注意:只有此網誌的成員可以留言。