This is second part of PowerShell HPE ILO4 Rest API automation examples. In earlier part I shown how to use Rest API on ILO version 4. But the same API didn't work on ILO5 for me, After verifying document for ILO5, I found it uses RedFish rest api.
What is Redfish?
DMTF's Redfish® is a standard API designed to deliver simple and secure management for converged, hybrid IT and the Software Defined Data Center (SDDC). Both human and machine readable, Redfish leverages common Internet and web services standards to expose information directly to the modern tool chain.
The main change I found while using api is it uses Redfish text instead of rest in the API url. You can find more documentation on official url https://hewlettpackard.github.io/ilo-rest-api-docs/ilo5/
To start I have feed all the information related to ilo ip and credentials. Note the uri it is different from what is mentioned in earlier article. Also make sure you add / (forward slash) in the last of url as suffix or you might encounter Invoke-WebRequest error 308, the requested page has permanently moved.
Next login to the hpe ilo with command line and create session, Session has all the information about login, the main required component is authentication token. Unlike earlier version API ILO5 redfish produces different result and only shows user ids.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
#ILO details and credentials $hpeilo = '1921.68.34.125' $username = 'Administrator' $password = 'P@ssw0rd' #Approve self signed SSL certificate add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool ChckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } ) } "@ [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy #ILO5 common API url $uri = "https://$ilo/redfish/v1" #ILO4 - Login $credBody = @{UserName = $username; Password=$password} | ConvertTo-Json $loginUri = "$uri/Sessions/" $hpeSession = Invoke-WebRequest -Uri $loginUri -Method Post -Body $credBody -ContentType 'application/json' -SessionVariable webSession #ILO5 - Get list of user IDs $accountsURI = "$uri/AccountService/Accounts/" $authHeaders = @{'X-Auth-Token' = $hpeSession.Headers.'X-Auth-Token'} $accounts = Invoke-WebRequest -Uri $accountsURI -Method Get -Headers $authHeaders -WebSession $webSession $accountIDData = $accounts.Content | ConvertFrom-Json | Select-Object -ExpandProperty Members $accountIDData #ILO5 - Get username Info using Ids $accountsData = @() foreach ($accountId in $accountIDData) { $id = Split-Path $accountId.'@odata.id' -Leaf $accountIDURI= "$uri/AccountService/Accounts/$id" $authHeaders = @{'X-Auth-Token' = $hpeSession.Headers.'X-Auth-Token'} $accountInfo = Invoke-WebRequest -Uri $accountIDURI -Method Get -Headers $authHeaders -WebSession $webSession $accountsData += $accountInfo.Content | ConvertFrom-Json $accountInfo.Content | ConvertFrom-Json | Select-Object -Property UserName, Id } <# #ILO5 - Delete user using user ID $deleteUserID = '3' $deleteAccountsUri ="$uri/AccountService/Accounts/$deleteUserID/" $authHeader = @{"X-Auth-Token" = $hpeSession.Headers.'X-Auth-Token'} $deleteAccount = Invoke-WebRequest -Uri $deleteAccountsUri -Method Delete -Headers $authHeader -WebSession $webSession #> #ILO5 - LogOut $authHeader = @{'X-Auth-Token' = $session.Headers.'X-Auth-Token'} $accountList = Invoke-WebRequest -Uri $hpeSession.Headers.Location -Method Delete -Headers $authHeader -WebSession $webSession |
To know user name use the id in API url AccountService/Accounts/idnumber to get more information about user as below (I am using foreach loop through all Ids.). In the last log off or end the session with method deleting headers location.
Download Get-ILO5User.ps1 script here or it is also available on github.com/kunaludapi.
Useful Articles
Powershell Dell iDrac redfish Rest API basic authentication
POWERCLI AND VSPHERE WEB CLIENT: JOIN ESXI INTO ACTIVE DIRECTORY DOMAIN CONTROLLER
Resolved: Esxi Join domain failed - Error in Active Directory Operations
Join domain ESXi to an Active Directory OU : Powercli
Reset forgotten ESXi root password on Domain joined Esxi using vSphere web client and Powercli
Reset ESXi root password using Host Profiles on vCenter server: VMWare vSphere Web client
Resolved: Reset Esxi forgotten root password using hiren bootCD step by step