Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Configure Dell iDrac9 Rest API with Powershell

After writing  2 articles related on HPE ILO rest api, I had to automate Dell iDRAC9 systems using powershell. Dell iDRAC9 rest API is based on Redfish resources. HPE ILO5 also uses redfish for APIs but the resources and parameter usage are somewhat totally different, So  I wrote Dell iDRAC codes from ground up. Here in this example I will be showing how to use token based authentication also called session based authentication to login to rest api.

Update 2 Sept 2020:  This script will work on iDrac version 8 as well.

Below are my earlier written artlicles.
Powershell Configure ILO5 using Restful API
PowerShell HPE ILO4 Rest API automation examples

Before proceding make sure you have configured and enabled Redfish service on iDRAC web interface.

  1. In the iDRAC web interface, navigate to the following screen:
    • 13th generation of PowerEdge servers: Overview > iDRAC Settings Network Services
    • 14th generation of PowerEdge servers: iDRAC Settings > Services > Redfish
  2. Under Redfish, select Enabled and click Apply to enable the service.

As to provide example, with Redfish API I am going to test/get the list of users and remove the unwanted users from the iDRAC9.

Integrated Dell Remote Access controller 9 Enterprise local users microsoft powershell Powershell idrac rest api automation.png

All the information to consume redfish api is available on dell website, and it's in good detail to read.
https://topics-cdn.dell.com/pdf/idrac9-lifecycle-controller-v3303030_api-guide_en-us.pdf
https://topics-cdn.dell.com/pdf/idrac9-lifecycle-controller-v4x-series_api-guide_en-us.pdf
https://www.dell.com/support/manuals/in/en/inbsd1/idrac9-lifecycle-controller-v4.x-series/idrac9_4.00.00.00_redfishapiguide_pub/manageraccount?guid=guid-a54042ff-86b7-4904-94b0-927e19894800&lang=en-us
https://downloads.dell.com/manuals/all-products/esuprt_software/esuprt_it_ops_datcentr_mgmt/dell-management-solution-resources_white-papers11_en-us.pdf

On the code, In the Information and credentials section I have provided Dell iDrac9 details, While providing username and password it need to be submitted as secure password string. Next code will accept and allow to connect untrusted SSL certificate web interface of iDRAC (if no CA certificate is deployed). 

There is a common root API url for redfish and start like this https://<idrac>/redfish/v1. The first resource with the combination with root url I will be using is Sessions for login to RedFish API. Body must have credentials mentioned and it need to be provided in json format, also header only accept application/json

Once authorization and authentication is successful, it provides session token in header (x-auth-token), Once generated authHeader, I will be keep using it again and again for further operations. To get users list I need manager id and for the same resource is Managers, (The resulted Managers Id is iDRAC.Embedded.1)

Dell iDRAC9 ssl certifciatepolicy invoke-webrequest redfish rest api x-auth-token session post convertto-json body credentials select-object microsoft powershell convertfrom-json hashtable.png

Next part is getting the Id numbers of  local users, for the same resource used is Managers/<ManagerId>/Accounts. Once Ids are received  use those to get UserNames, for this resource used is Managers/<ManagerId>/Accounts/<UserId>.

Once I identified the username which I need to delete, I will use its ID number, (there are upto 16 users can be created on iDRAC 9, in actual they are 16 slots, deleting/removing user means wiping username from the slot), I will by disable the user first and emptying the username using empty string, method used for the operation is Patch.

dell idrac9 Microsoft Powershell restful api split path odata.id managerservice invoke-webrequest auth header convertfrom-json select-object expandproperty method get delete patch post application json contenttype.png

In the last, few lines are how to logout, by deleting Header location.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#IDrac 9 - Info and credentials
$iDracIp = '192.168.34.120'
$username = 'Administrator'
$password = 'P@ssw0rd'

#Securing UserName & Password
$securePassword =  ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($username, $securePassword)

#Allow SelfSigned SSL certificate
Add-Type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
                return true;
            }
        )
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol =  [System.Net.SecurityProtocolType]::Tls12 -bor [System.Net.SecurityProtocolType]::Tls11

#Base common iDRAC rest api
$iDracBaseUrl =  "https://$iDracIp/redfish/v1"

#iDRAC9 - Login Session
$sessionsUrl = "$iDracBaseUrl/Sessions"
$credBody = @{'UserName' = $username; 'Password'=$password} | ConvertTo-Json
$headers = @{'Accept' = 'application/json'}
#curl -X POST -k "https://<iDRAC IP>/redfish/v1/Sessions" -H "ContentType:application/json" -d '{"UserName":"root","Password":"calvin"}' -v
$session = Invoke-WebRequest -Uri $sessionUrl -Method Post -Body $credBody -ContentType 'application/json' -Headers $headers

#iDRAC9 - Authentication header token
$authHeaders = @{
    'X-Auth-Token' = $session.Headers.'X-Auth-Token'
    accept = 'application/json'
}

#iDRAC9 - Get Managers API Id - 'iDRAC.Embedded.1'
$managersApi = "$iDracBaseUrl/Managers"
$managers = Invoke-WebRequest -Uri $managersApi -Method Get -Headers $authHeaders -ContentType 'application/json'
$rawManagerId = $managers.Content | ConvertFrom-Json | Select-Object -ExpandProperty Members

#iDRAC9 - Get List of users IDs
$managerId =  Split-Path -Path $rawManagerId.'@odata.id' -Leaf
$accountsListAPI = "$iDracBaseUrl/Managers/$managerId/Accounts"
$accountsList = Invoke-WebRequest -Uri $accountsListAPI -Method Get -Headers $authHeaders -ContentType 'application/json'
$accountIDData = $accountsList.Content | ConvertFrom-Json | Select-Object -ExpandProperty Members

#iDRAC9 - Account details
foreach ($id in $accountIDData)
{
    $accountId = Split-Path -Path $id.'@odata.id' -Leaf
    $accountAPI = "$iDracBaseUrl/Managers/$managerId/Accounts/$accountId"
    $accountInfo = Invoke-WebRequest -Uri $accountAPI -Method Get -Headers $authHeaders -ContentType 'application/json'
    $account = $accountInfo.Content | ConvertFrom-Json
    if (-not([string]::IsNullOrWhiteSpace($account.UserName)))
    {
        $account | Select-Object UserName, Id
    }
}

#iDRAC9 - Delete user (disable and empty user name
$deleteAccountId = 5
$deleteAccountsAPI = "$iDracBaseUrl/Managers/$managerId/Accounts/$deleteAccountId"
#disable
$disableAccountBody = @{Enabled = $false} | ConvertTo-Json
$disableAccount = Invoke-WebRequest -Uri $deleteAccountsAPI -Method Patch -Headers $authHeaders -ContentType 'application/json' -Body $disableAccountBody
#delete
$deleteAccountBody = @{UserName = ''} | ConvertTo-Json
$deleteAccount = Invoke-WebRequest -Uri $deleteAccountsAPI -Method -Patch -Headers $authHeaders -ContentType 'application/json' -Body $deleteAccountBody

#iDRAC9 - LogOut
$endSessionApi = "https://$iDracIp" + $session.Headers.Location
$endSession = Invoke-Webrequest -Uri $endSessionApi -Method Delete -Headers $authHeaders -ContentType 'application/json'

Download this script from github.com/kunaludapi or it is also available here iDrac9-UserInfo.ps1.

Useful Articles
Powershell Dell iDrac redfish Rest API basic authentication
PowerShell Convert MAC address to Link-local address IPv6
PowerShell Invoke-WebRequest The request was aborted Could not create SSL TLS secure channel
PowerShell Invoke-WebRequest The underlying connection was closed: Could not establish trust relationship for the SSL TLS secure channel.
Powershell Write-Eventlog The source name test does not exist on computer localhost
Powershell New-Object Retrieving the COM class factory for component with CLSID 80040154 Class not registered (Exception from HRESULT 0x80040154 (REGDB_E_CLASSNOTREG))

Go Back

Comment

Blog Search

Page Views

12056213

Follow me on Blogarama