redfishtool is a commandline tool that implements the client side of the Redfish RESTful API for Data Center Hardware Management.
redfishtool是一個命令行工具,用於實現用於數據中心硬件管理的 Redfish RESTful API 的客戶端。
Redfishtool,是DMTF用python3來開發的,我們可以透過redfishtool來下指令給redfish,但通常很少會用到這個tool,因為postman和curl其實就很好用了,但基於好奇,我在自己的模擬器裡面安裝來玩看看,安裝指令
Update the package ind
$ sudo apt-get update
Install redfishtool deb package:
$ sudo apt-get install redfishtool
安裝成功後,可以下"redfishtool -V"來查看版本
$ redfishtool -V
redfishtool Version: 1.1.5
查看有哪些指令可以使用
$ redfishtool -h
Usage:
redfishtool: {} [OPTIONS] <SubCommand> <operation> [<args>]...
redfishtool: {} [OPTIONS] hmraw <method> <hmUrl> [<data>]
Common OPTIONS:
-V, --version -- show redfishtool version, and exit
-h, --help -- show Usage, Options, and list of subCommands, and exit
-v, --verbose -- verbose level, can repeat up to 5 times for more verbose output
-v(header), -vv(+addl info), -vvv(Request trace), -vvvv(+subCmd dbg), -vvvvv(max dbg)
-s, --status -- status level, can repeat up to 5 times for more status output
-s(http_status),
-ss(+r.url, +r.elapsed executionTime ),
-sss(+request hdrs,data,authType, +response status_code, +response executionTime,
+login auth token/sessId/sessUri)
-ssss(+response headers), -sssss(+response data
-u <user>, --user=<usernm> -- username used for remote redfish authentication
-p <passwd>, --password=<passwd> -- password used for remote redfish authentication
-r <rhost>, --rhost=<rhost> -- remote redfish service hostname or IP:port
-t <token>, --token=<token> -- redfish auth session token-for sessions across multiple calls
-q, --quiet -- quiet mode--suppress error, warning, and diagnostic messages
-c <cfgFile>,--config=<cfgFile> -- read options (including credentials) from file <cfgFile>
-T <timeout>,--Timeout=<timeout> -- timeout in seconds for each http request. Default=10
-P <property>, --Prop=<property> -- return only the specified property. Applies only to all "get" operations
-E, --Entries -- Fetch the Logs entries. Applies to Logs sub-command of Systems, Chassis and Managers
Options used by "raw" subcommand:
-d <data> --data=<data> -- the http request "data" to send on PATCH,POST,or PUT requests
Options to specify top-level collection members: eg: Systems -I <sysId>
-I <Id>, --Id=<Id> -- Use <Id> to specify the collection member
-M <prop>:<val> --Match=<prop>:<val>-- Use <prop>=<val> search to find the collection member
-F, --First -- Use the 1st link returned in the collection or 1st "matching" link if used with -M
-1, --One -- Use the single link returned in the collection. Return error if more than one member exists
-a, --all -- Returns all members if the operation is a Get on a top-level collection like Systems
-L <Link>, --Link=<Link> -- Use <Link> (eg /redfish/v1/Systems/1) to reference the collection member.
-- If <Link> is not one of the links in the collection, and error is returned.
Options to specify 2nd-level collection members: eg: Systems -I<sysId> Processors -i<procId>
-i <id>, --id=<id> -- use <id> to specify the 2nd-level collection member
-m <prop>:<val> --match=<prop>:val>--use <prop>=<val> search of 2nd-level collection to specify member
-l <link> --link=<link> -- Use <link> (eg /redfish/v1/SYstems/1/Processors/1) to reference a 2nd level resource
-- A -I|M|F|1|L option is still required to specify the link to the top-lvl collection
-a, --all -- Returns all members of the 2nd level collection if the operation is a Get on the
-- 2nd level collection (eg Processors). -I|M|F|1|L still specifies the top-lvl collection.
Additional OPTIONS:
-W <num>:<connTimeout>, -- Send up to <num> {GET /redfish} requests with <connTimeout> TCP connection timeout
--Wait=<num>:<ConnTimeout> -- before sending subcommand to rhost. Default is -W 1:3
-A <Authn>, --Auth <Authn> -- Authentication type to use: Authn={None|Basic|Session} Default is Basic
-S <Secure>, --Secure=<Secure> -- When to use https: (Note: doesn't stop rhost from redirect http to https)
<Secure>={Always | IfSendingCredentials | IfLoginOrAuthenticatedApi(default) }
-R <ver>, --RedfishVersion=<ver>-- The Major Redfish Protocol version to use: ver={v1(dflt), v<n>, Latest}
-C --CheckRedfishVersion -- tells Redfishtool to execute GET /redfish to verify that the rhost supports
the specified redfish protocol version before executing a sub-command.
The -C flag is auto-set if the -R Latest or -W ... options are selected
-N, --NonBlocking -- Do not wait for asynchronous requests to complete.
-n, --no-proxy -- Ignore any PROXY environment variables.
-H <hdrs>, --Headers=<hdrs> -- Specify the request header list--overrides defaults. Format "{ A:B, C:D...}"
-D <flag>, --Debug=<flag> -- Flag for dev debug. <flag> is a 32-bit uint: 0x<hex> or <dec> format
Subcommands:
hello -- redfishtool hello world subcommand for dev testing
about -- display version and other information about this version of redfishtool
versions -- get redfishProtocol versions supported by rhost: GET ^/redfish
root | serviceRoot -- get serviceRoot resouce: GET ^/redfish/v1/
Systems -- operations on Computer Systems in the /Systems collection
Chassis -- operations on Chassis in the /Chassis collection
Managers -- operations on Managers in the /Managers collection
AccountService -- operations on AccountService including user administration
SessionService -- operations on SessionService including Session login/logout
odata -- get the Odata Service document: GET ^/redfish/v1/odata
metadata -- get the CSDL metadata document: GET ^/redfish/v1/$metadata
raw -- subcommand to execute raw http methods(GET,PATCH,POST...) and URIs
For Subcommand usage, options, operations, help:
redfishtool <SubCommand> -h -- usage and options for specific subCommand
我覺得redfishtool最特別的地方是它有支援很多基本的subcommand,大概可分為基本的root/odata/metadata,raw,和常用指令system, managers,account, session...等
Subcommands:
hello -- redfishtool hello world subcommand for dev testing
about -- display version and other information about this version of redfishtool
versions -- get redfishProtocol versions supported by rhost: GET ^/redfish
root | serviceRoot -- get serviceRoot resouce: GET ^/redfish/v1/
Systems -- operations on Computer Systems in the /Systems collection
Chassis -- operations on Chassis in the /Chassis collection
Managers -- operations on Managers in the /Managers collection
AccountService -- operations on AccountService including user administration
SessionService -- operations on SessionService including Session login/logout
odata -- get the Odata Service document: GET ^/redfish/v1/odata
metadata -- get the CSDL metadata document: GET ^/redfish/v1/$metadata
raw -- subcommand to execute raw http methods(GET,PATCH,POST...) and URIs
接下來我開了一台BMC來測試,先Get serviceRoot(不用帳號密碼)來測試,因為目前我的BMC只支援Https,所以要加上-S Always
(https://192.168.122.160/redfish/v1)
$ redfishtool -r 192.168.122.160 -S Always root
{
"@odata.id": "/redfish/v1",
"@odata.type": "#ServiceRoot.v1_5_0.ServiceRoot",
"AccountService": {
"@odata.id": "/redfish/v1/AccountService"
},
"CertificateService": {
"@odata.id": "/redfish/v1/CertificateService"
},
"Chassis": {
"@odata.id": "/redfish/v1/Chassis"
},
"EventService": {
"@odata.id": "/redfish/v1/EventService"
},
"Id": "RootService",
"JsonSchemas": {
"@odata.id": "/redfish/v1/JsonSchemas"
},
"Links": {
"Sessions": {
"@odata.id": "/redfish/v1/SessionService/Sessions"
}
},
"Managers": {
"@odata.id": "/redfish/v1/Managers"
},
"Name": "Root Service",
"RedfishVersion": "1.9.0",
"Registries": {
"@odata.id": "/redfish/v1/Registries"
},
"SessionService": {
"@odata.id": "/redfish/v1/SessionService"
},
"Systems": {
"@odata.id": "/redfish/v1/Systems"
},
"Tasks": {
"@odata.id": "/redfish/v1/TaskService"
},
"TelemetryService": {
"@odata.id": "/redfish/v1/TelemetryService"
},
"UUID": "80c007bb-4962-5990-9c44-062efc9b84f1",
"UpdateService": {
"@odata.id": "/redfish/v1/UpdateService"
}
}
我們常用Postmad/curl下的raw command也可以透過redfishtool來執行
Usage:
redfishtool [OPTNS] raw <method> <path>
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc raw GET /redfish/v1/Managers
{
"@odata.id": "/redfish/v1/Managers",
"@odata.type": "#ManagerCollection.ManagerCollection",
"Members": [
{
"@odata.id": "/redfish/v1/Managers/bmc"
}
],
"Members@odata.count": 1,
"Name": "Manager Collection"
}
POST的話可以透過-d 帶入data
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc raw POST -d "{}" /redfish/v1/Systems/system/LogServices/EventLog/Actions/LogService.ClearLog
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Success",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
最後的subcommand,可以下"subcommand -h"看各個附加功能,等等用AccountServices來示範
Subcommands:
Systems -- operations on Computer Systems in the /Systems collection
Chassis -- operations on Chassis in the /Chassis collection
Managers -- operations on Managers in the /Managers collection
AccountService -- operations on AccountService including user administration
SessionService -- operations on SessionService including Session login/logout
[AccountService -h]
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService -h
Usage:
redfishtool [OPTNS] AccountService <operation> [<args>] -- perform <operation> on the AccountService
<operations>:
[get] -- get the AccountService object.
patch {A: B,C: D,...} -- patch the AccountService w/ json-formatted {prop: value...}
Accounts [list] -- get the "Accounts" collection, or list "Id", username, and Url
Accounts [IDOPTN] -- get the member specified by IDOPTN: -i<Id>, -m<prop>:<val>, -l<link>, -a #all
Roles [list] -- get the "Roles" collection, or list "Id", IsPredefined, and Url
Roles [IDOPTN] -- get the member specified by IDOPTN: -i<Id>, -m<prop>:<val>, -l<link>, -a #all
adduser <usernm> <passwd> [<roleId>] -- add a new user to the Accounts collection
-- <roleId>:{Administrator | Operator | ReadOnlyUser | <a custom roleId}, dflt=Operator
deleteuser <usernm> -- delete an existing user from Accouts collection
setpassword <usernm> <passwd> -- set (change) the password of an existing user account
useradmin <userName> [enable|disable|unlock|[setRoleId <roleId>]] -- enable|disable|unlock.. a user account
setusername <id> <userName> -- set UserName for account with given Id
examples -- example commands with syntax
hello -- AccountService hello -- debug command
GET /redfish/v1/AccountService
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService
{
"@odata.id": "/redfish/v1/AccountService",
"@odata.type": "#AccountService.v1_5_0.AccountService",
"AccountLockoutDuration": 300,
"AccountLockoutThreshold": 10,
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
"ActiveDirectory": {
"Authentication": {
"AuthenticationType": "UsernameAndPassword",
"Password": null,
"Username": ""
},
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
""
],
"GroupsAttribute": "",
"UsernameAttribute": ""
}
},
"RemoteRoleMapping": [],
"ServiceAddresses": [
""
],
"ServiceEnabled": false
},
"Description": "Account Service",
"Id": "AccountService",
"LDAP": {
"Authentication": {
"AuthenticationType": "UsernameAndPassword",
"Password": null,
"Username": ""
},
"Certificates": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
},
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
""
],
"GroupsAttribute": "",
"UsernameAttribute": ""
}
},
"RemoteRoleMapping": [],
"ServiceAddresses": [
""
],
"ServiceEnabled": false
},
"MaxPasswordLength": 20,
"MinPasswordLength": 8,
"Name": "Account Service",
"Oem": {
"OpenBMC": {
"@odata.type": "#OemAccountService.v1_0_0.AccountService",
"AuthMethods": {
"BasicAuth": true,
"Cookie": true,
"SessionToken": true,
"TLS": true,
"XToken": true
}
}
},
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"ServiceEnabled": true
}
GET /redfish/v1/AccountService/Accounts -->list all acoounts
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService Accounts
{
"@odata.id": "/redfish/v1/AccountService/Accounts",
"@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
"Description": "BMC User Accounts",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Accounts/root"
}
],
"Members@odata.count": 1,
"Name": "Accounts Collection"
}
GET /redfish/v1/AccountService/Roles
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService Roles
{
"@odata.id": "/redfish/v1/AccountService/Roles",
"@odata.type": "#RoleCollection.RoleCollection",
"Description": "BMC User Roles",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
],
"Members@odata.count": 4,
"Name": "Roles Collection"
}
Add new user "iris" as Administrator
#adduser <usernm> <passwd> [<roleId>]
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService adduser iris "123QWE@qwe" Administrator
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The resource has been created successfully",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Created",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
Get user iris info
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService Accounts -i iris
{
"@odata.id": "/redfish/v1/AccountService/Accounts/iris",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"Redfish"
],
"Description": "User Account",
"Enabled": true,
"Id": "iris",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Administrator",
"UserName": "iris"
}
delete user iris
$ redfishtool -r 192.168.122.160 -S Always -u root -p 0penBmc AccountService deleteuser iris
大概操作就是上面這樣,我覺得他的指令比curl簡單一點,而且把很多設定類型的指令都包起來了,這樣給網路管理員使用的話,其實非常簡單操作,不用先把資料轉成json format,並且思考這個動作要用patch、post還是delete,我覺得是個不錯的tool
沒有留言:
張貼留言
注意:只有此網誌的成員可以留言。