sfc-gh-eraigosa
commented
8 years ago Open sfc-gh-eraigosa opened 8 years ago
sfc-gh-eraigosa
commented
8 years ago sfc-gh-eraigosa
commented
8 years ago sfc-gh-eraigosa
commented
8 years ago Alternatively, we have also put in a request for improved SSO integration in ICsp API's that would directly fix this.
It might be possible for us to make the ilo user / password options optional, using SSO interfaces from OneView to access ILO API's here:
API: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=c04423967
and data model: http://h22208.www2.hpe.com/eginfolib/servers/docs/HPRestfultool/iLo4/data_model_reference.html
Once we have the api to access ILO, we can then semi implement access by setting up a docker-machine user and secret password that has it's password temporarily set by using the answer to the SSO key. Only 1 docker-machine create + 1 iLO request should be running at any given time, so it's fairley save to know that the current user is authenticated for a given machine run. Subsequent runs should check for the users existence and re-set the password given any new SSO key. The user name can be static, or based on the ilo-user name option, when not provided by an option, we will use docker-machine.
Other helpful information.
How to get the iLO SSO key:
GET https://oneview/rest/server-hardware//remoteConsoleUrl
{"remoteConsoleUrl":"hplocons://addr=127.0.0.1&sessionkey=123abckey"}
Parse query string for sessionkey
Example call usage in iLO api:
https://iloip/rest/v1/Chassis/1/PowerMetrics
Content-Type: application/json Accept: application/json X-Auth-Token: 123abckey Content-Type: application/json {"PowerLimit": {"LimitInWatts": 250}}
-- response -- 200 OK Cache-Control: no-cache Connection: keep-alive Content-Length: 113 Content-Type: application/json Date: Thu, 28 May 2015 13:56:34 GMT Etag: W/"12345" Server: HP-iLO-Server/1.30 X_HP-CHRP-Service-Version: 1.0.3
{"Messages":[{"MessageID":"Base.0.0.Success"}],"Name":"Extended Error Information","Type":"ExtendedError.0.9.5"}