dell / iDRAC-Redfish-Scripting

Python and PowerShell scripting for Dell EMC PowerEdge iDRAC REST API with DMTF Redfish
GNU General Public License v2.0
606 stars 279 forks source link

Encrypting virtual disk using Redfish #181

Closed Iznik285 closed 3 years ago

Iznik285 commented 3 years ago

Hi Tex,

I have used the invoke-storagesetcontrollerkeyREDFISH to setup the controller key on the RAID controller successfully. Then created a virtual disk using Invoke-CreateVirtualdiskREDFISH.psm1. The disk is created but it is unencrypted. The virtual disk can then be encrypted using the iDrac GUI.

How can I use Redfish to create an encrypted virtual disk? Is it possible?

I am using iDrac9 with 4.40.40.00

Any help you can give would be much appreciated

texroemer commented 3 years ago

Hi @Iznik285

Currently there is no one single action to do both create VD and secure it. DMTF doesn't support an action to secure VD so you'll have to execute DMTF action to create VD, then OEM extension to secure the VD. RACADM and iDRAC GUI does support one operation to do both at the same time but Redfish currently doesn't, reason for the 2 step process.

Redfish workflow example:

C:\Python39>CreateVirtualDiskREDFISH.py -ip 192.168.0.120 -u root -p calvin -C RAID.Mezzanine.1-1 -V y -D Disk.Bay.20:Enclosure.Internal.0-1:RAID.Mezzanine.1-1 -R 0

- PASS: POST command passed to create "RAID0" virtual disk, status code 202 returned
- PASS, "realtime" JID_303445956933 jid successfully created for create virtual disk
- PASS, realtime jid "JID_303445956933" successfully created. Server will apply the configuration changes in real time, no server reboot needed
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "99"
- INFO, JobStatus not completed, current status: "Job in progress.", percent complete: "99"

--- PASS, Final Detailed Job Status Results ---

ActualRunningStartTime: 2021-08-30T12:29:56
ActualRunningStopTime: 2021-08-30T12:31:28
CompletionTime: 2021-08-30T12:31:28
Description: Job Instance
EndTime: TIME_NA
Id: JID_303445956933
JobState: Completed
JobType: RealTimeNoRebootConfiguration
Message: Job completed successfully.
MessageId: PR19
Name: Configure: RAID.Mezzanine.1-1
PercentComplete: 100
StartTime: 2021-08-30T12:29:55

C:\Python39>LockVirtualDiskREDFISH.py -ip 192.168.0.120 -u root -p calvin -l Disk.Virtual.1:RAID.Mezzanine.1-1

-PASS: POST command passed to lock virtual disk "Disk.Virtual.1:RAID.Mezzanine.1-1"
- Job ID JID_303452420403 successfully created for storage method "LockVirtualDisk"
- WARNING, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- WARNING, JobStatus not completed, current status: "Job in progress.", percent complete: "1"
- WARNING, JobStatus not completed, current status: "Job in progress.", percent complete: "99"
- WARNING, JobStatus not completed, current status: "Job in progress.", percent complete: "99"

--- PASS, Final Detailed Job Status Results ---

ActualRunningStartTime: 2021-08-30T12:40:42
ActualRunningStopTime: 2021-08-30T12:42:02
CompletionTime: 2021-08-30T12:42:02
Description: Job Instance
EndTime: TIME_NA
Id: JID_303452420403
JobState: Completed
JobType: RealTimeNoRebootConfiguration
Message: Job completed successfully.
MessageId: PR19
Name: Configure: RAID.Mezzanine.1-1
PercentComplete: 100
StartTime: 2021-08-30T12:40:42

- PASS, virtual disk Disk.Virtual.1:RAID.Mezzanine.1-1 is now locked and encrypted
Iznik285 commented 3 years ago

I've converted the main parts of the script above to Powershell and tested it successfully. Many thanks for your help and clarification.

texroemer commented 2 years ago

Hi @Iznik285

FYI, iDRAC 6.00.00 was just released which now allows you to create a secured VD using one POST call. Script has been updated on GitHub.

Example:

CreateVirtualDiskREDFISH.py -ip 192.168.0.120 -u root -p calvin --create RAID.Mezzanine.1-1 --raid-level 0 --disks Disk.Bay.2:Enclosure.Internal.0-1:RAID.Mezzanine.1-1 --secure

Thanks Tex

Iznik285 commented 2 years ago

Hi Tex,

Good news. As soon as I am able I will test and confirm what happened.

Many thanks

Iznik285

texroemer commented 2 years ago

Sounds good. FYI, also with 6.00.00, you can now set read, write and disk cache policy settings for VD creation (POST) or you can change these cache policy settings for a VD (PATCH).

Thanks Tex