How it Works
Dell
Loading...
Lifecycle Controller 1.5.5 for Windows

Dell Lifecycle Controller 1.2 for Windows, Lifecycle Controller 1.3 for Windows, Lifecycle Controller 1.4 for Windows, Lifecycle Controller 1.5 for Windows, Lifecycle Controller 1.5.5 for Windows Web Services Interface Guide

...
Steven Zessin
December 18, 2012
Version 2.1.0
Dell™ Lifecycle Controller 2 Web
Services Interface Guide for Windows
Document Status: Published
This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind.
© 2012 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Intel and Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft, Windows, and Windows Server are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others.
December 2012| Rev 2.1.0
2
CONTENTS
1 Introduction ........................................................................................................................ 10
2 References ........................................................................................................................ 10
3 Overview ............................................................................................................................ 12
3.1 Format for WinRM CLI Examples in Document ......................................................... 12
3.2 WS-Man Security & Time Parameters....................................................................... 13
3.2.1 Encryption Certificate Security....................................................................... 13
3.2.2 Handling invalid responses from WSMAN commands ................................... 13
3.2.3 Improving WinRM Enumeration Performance ................................................ 14
3.2.4 Specifying StartTime, Until Time, and TIME_NOW Parameters .................... 14
3.2.5 Return Values ............................................................................................... 15
3.2.6 Glossary ........................................................................................................ 15
4 Discovery ........................................................................................................................... 16
4.1 Discovering Web Service Capability ......................................................................... 16
4.2 Discovering what Profiles are Implemented .............................................................. 16
4.3 Discovering Implementation Namespace .................................................................. 17
5 Managing iDRAC Local User Accounts .............................................................................. 18
5.1 Description of iDRAC Attributes vs Standard DMTF Model ....................................... 18
5.2 Account Inventory (using iDRAC Attributes) .............................................................. 18
5.2.1 Account and Capabilities (using iDRAC Attributes) ........................................ 18
5.2.2 Privilege and Capabilities (using iDRAC Attributes) ....................................... 19
5.3 Manage Account Settings (using iDRAC Attributes) .................................................. 20
5.3.1 Modify User Name (using iDRAC Attributes) ................................................. 20
5.3.2 Modify Password (using iDRAC Attributes).................................................... 21
5.3.3 Modify Account State (using iDRAC Attributes) ............................................. 22
5.3.4 Modify User Privilege (using iDRAC Attributes) ............................................. 23
5.4 Account Inventory (using DMTF Model) .................................................................... 23
5.4.1 Account and Capabilities (using DMTF Model) .............................................. 23
5.4.2 Privilege and Capabilities (using DMTF Model) ............................................. 26
5.5 Manage Account Settings (using DMTF Model) ........................................................ 28
5.5.1 Modify User Name (using DMTF Model) ....................................................... 28
5.5.2 Modify Password (using DMTF Model) .......................................................... 31
5.5.3 Modify Account State (using DMTF Model) ................................................... 31
5.5.4 Modify User Privilege (using DMTF Model) ................................................... 32
6 Firmware Inventory ............................................................................................................ 33
6.1 Software Inventory Profile Specification .................................................................... 33
6.2 Remote Inventory Method Invocation – Get Software Inventory ................................ 33
7 Firmware Update ............................................................................................................... 35
7.1 Software Update Profile Specification ....................................................................... 35
7.2 ”Rollback” Firmware .................................................................................................. 35
7.2.1 Request “Rollback” Image ............................................................................. 35
3
7.2.2 Create Reboot Job ........................................................................................ 35
7.2.3 Schedule Update Jobs .................................................................................. 35
7.2.4 Monitor Update Jobs ..................................................................................... 35
7.3 BIOS Firmware “Rollback” ........................................................................................ 36
7.4 NIC Firmware “Rollback” ........................................................................................... 37
7.5 Update from Network Source .................................................................................... 39
7.5.1 Request Update Download ............................................................................ 39
7.5.2 Monitor Download Status ................................................................ .............. 39
7.5.3 Reboot to Perform Update ............................................................................. 39
7.5.4 Wait for Job Completion ................................................................................ 39
7.5.5 Delete Job ..................................................................................................... 40
7.6 Update NICs from HTTP, CIFS Share, NFS share, TFTP, or FTP ............................ 40
7.7 Update BIOS from HTTP, CIFS Share, NFS share, TFTP, or FTP ............................ 42
7.8 CreateRebootJob() ................................................................................................... 44
8 Power State Management .................................................................................................. 45
8.1 Description of Base Server vs Power State Management Methods ........................... 45
8.2 Get Power State ....................................................................................................... 45
8.2.1 Base Server Method ...................................................................................... 45
8.2.2 Power State Management Method ................................................................ 46
8.3 Get Power Control Capabilites .................................................................................. 47
8.3.1 Base Server Method ...................................................................................... 47
8.3.2 Power State Management Method ................................................................ 48
8.4 Power Control ........................................................................................................... 49
8.4.1 Base Server Method ...................................................................................... 49
8.4.2 Power State Management Method ................................................................ 50
9 Hardware Inventory ............................................................................................................ 51
9.1 Power Supply Inventory ............................................................................................ 51
9.2 Fan Inventory ............................................................................................................ 52
9.3 Memory Inventory ..................................................................................................... 53
9.4 CPU Inventory .......................................................................................................... 54
9.5 iDRAC Card Inventory .............................................................................................. 55
9.6 PCI Device Inventory ................................................................................................ 56
9.7 Video Inventory ......................................................................................................... 57
9.8 VFlash SD Card Inventory ........................................................................................ 58
9.9 NIC Inventory & Configuration .................................................................................. 58
9.10 RAID Inventory & Configuration ................................................................................ 60
9.11 BIOS Inventory & Configuration ................................................................................ 62
9.12 System Inventory (including CSIOR attribute) ........................................................... 63
10 Job Control Management ................................................................................................... 65
10.1 Description of Job Management ............................................................................... 65
10.2 Remote Job Control Examples ................................................................................. 65
10.2.1 Setup Job Queue .......................................................................................... 65
4
10.2.2 Delete Job Queue ................................ ......................................................... 66
10.2.3 List Jobs in Job Store .................................................................................... 67
11 Operating System Deployment .......................................................................................... 69
11.1 OS Deployment Profile Implementation Conformance .............................................. 69
11.2 Checking OS Deployment Service Availability .......................................................... 69
11.3 OS Deployment Method Invocation Examples .......................................................... 69
11.3.1 Get Driver Pack Information .......................................................................... 70
11.3.2 Unpack Selected Drivers and Attach to Host OS as USB Device .................. 71
11.3.3 Detach Emulated USB Device Containing Drivers ......................................... 72
11.3.4 Unpack Selected Drivers and Copy to Network Share ................................... 72
11.3.5 Check Job Status .......................................................................................... 73
11.3.6 Boot to Network ISO ...................................................................................... 74
11.3.7 Detach Network ISO USB Device .................................................................. 75
11.3.8 Boot To PXE ................................................................................................. 76
11.3.9 Get Host MAC Address Information .............................................................. 77
11.3.10 Download ISO to VFlash ........................................................................... 77
11.3.11 Boot to ISO from VFlash ............................................................................ 78
11.3.12 Delete ISO from VFlash ................................................................ ............. 79
11.3.13 Detach ISO from VFlash ............................................................................ 80
11.3.14 Connect Network ISO Image ..................................................................... 80
11.3.15 Disconnect Network ISO Image ................................................................. 81
11.3.16 Skip ISO Image Boot ................................................................................. 82
11.3.17 Get Network ISO Image Connection Information ....................................... 83
11.3.18 Connect RFS ISO Image ................................................................ ........... 83
11.3.19 Disconnect RFS ISO Image ....................................................................... 84
11.3.20 Get RFS ISO Image Connection Information ............................................. 85
11.3.21 Boot To Hard Drive (HD) ........................................................................... 85
11.3.22 Configurarable Boot to Network ISO .......................................................... 86
12 Lifecycle Controller Management Profile ............................................................................ 87
12.1 Collect System Inventory on Restart (CSIOR) ........................................................... 87
12.2 Part Replacement Configuration and Management ................................................... 89
12.2.1 Create Config Job ................................ ......................................................... 89
12.2.2 Get LC Config Job Status .............................................................................. 90
12.2.3 List All LC Jobs ............................................................................................. 90
12.2.4 Get CSIOR Component Configuration Recovery (CCR) Attribute .................. 91
12.2.5 Get Part Firmware Update Attribute .............................................................. 92
12.3 Re-Initiate Auto-Discovery Client .............................................................................. 92
12.4 Clear or Set Provisioning Server ............................................................................... 93
12.5 Check VFlash License Enablement ................................................................ .......... 95
12.6 Download Server Public Key ..................................................................................... 95
12.7 Download Client Certificates ..................................................................................... 96
12.8 Delete Auto-Discovery Client Certificates .................................................................. 97
5
12.9 Set Public Certificates ................................ ............................................................... 98
12.10 Set iDRAC Certificate and Private Key...................................................................... 99
12.11 Delete Auto-Discovery Server Public Key ............................................................... 100
12.12 Insert Comment in Lifecycle Controller Log ............................................................. 100
12.13 Export Lifecycle Controller Log ............................................................................... 101
12.14 Export Hardware Inventory from Lifecycle Controller .............................................. 102
12.15 Export Factory Configuration .................................................................................. 103
12.16 System Decommission ........................................................................................... 104
12.17 Get Remote Services API Status ............................................................................ 105
12.18 Export System Configuration .................................................................................. 105
12.19 Import System Configuration ................................................................................... 106
13 VFlash SD Card Management ......................................................................................... 107
13.1 Listing the SD Card Partitions ................................................................................. 108
13.2 Initialize the Virtual Flash Media.............................................................................. 108
13.2.1 Get VFlash SD Card Inventory .................................................................... 109
13.2.2 Initialize / Format Media .............................................................................. 109
13.2.3 Verify Initialization / Formatting.................................................................... 110
13.3 Enable/Disable VFlash using VFlash State Change ................................................ 111
13.4 Create Partition ....................................................................................................... 111
13.5 Create Partition using Image ................................................................................... 113
13.6 Delete Partition ....................................................................................................... 115
13.7 Format Partition ...................................................................................................... 115
13.8 Modify Partition ....................................................................................................... 117
13.9 Attach Partition ....................................................................................................... 117
13.10 Detach Partition ...................................................................................................... 118
13.11 Export Data from Partition ....................................................................................... 119
14 Boot Control Configuration Management ......................................................................... 121
14.1 Listing the Boot Inventory-ConfigSetting Class ....................................................... 121
14.2 Getting a Boot ConfigSetting Instance .................................................................... 122
14.3 Listing the Boot Inventory-SourceSetting Class ...................................................... 123
14.4 Changing the Boot Order by InstanceID-ChangeBootOrderByInstanceID() ............ 123
14.5 Enable or Disable the Boot Source-ChangeBootSourceState() ............................... 124
15 NIC/CNA Card Management ............................................................................................ 125
15.1 Listing the NIC/CNA Inventory-Enumeration Class ................................................. 126
15.2 Listing the NIC/CNA Inventory-String Class ............................................................ 127
15.3 Listing the CNA Inventory-Integer Class ................................................................. 129
15.4 Listing the CNA Inventory-NICView Class ............................................................... 130
15.5 Listing the CNA Inventory-NICCapabilities Class .................................................... 132
15.6 Listing the CNA Inventory- NICStatistics Class ....................................................... 133
15.7 Applying the Pending Values for CNA-CreateTargetedConfigJob() ......................... 134
15.8 Deleting the Pending Values for CNA-DeletePendingConfiguration() ...................... 135
15.9 Getting the CNA Enumeration Instance .................................................................. 136
6
15.10 Setting the IscsiOffloadMode Attribute .................................................................... 136
15.11 Setting the MaxBandwidth Attribute ................................................................ ........ 138
15.12 Setting the VirtMacAddr Attribute ............................................................................ 139
15.13 Setting the LegacyBootProto Attribute .................................................................... 140
15.14 Setting CNA LAN Modes ........................................................................................ 141
15.15 Setting the iSCSI Boot Target ................................................................................. 142
15.16 Setting the FCoE Boot Target ................................................................................. 143
16 RAID Storage Management ............................................................................................. 144
16.1 Listing the RAID Inventory-Enumeration Class ....................................................... 145
16.2 Getting a RAID Enumeration Instance .................................................................... 146
16.3 Listing the RAID Inventory-Integer Class ................................................................ 146
16.4 Getting a RAID Integer Instance ............................................................................. 148
16.5 Listing the RAID Inventory-String Class .................................................................. 148
16.6 Getting a RAID String Instance ............................................................................... 149
16.7 Listing the RAID Inventory-ControllerView Class .................................................... 150
16.8 Getting a RAID ControllerView Instance ................................................................. 151
16.9 Listing the RAID Inventory-PhysicalDiskView Class ................................................ 152
16.10 Listing the RAID VirtualDiskView Inventory ............................................................. 153
16.11 Listing the RAID EnclosureView Inventory .............................................................. 155
16.12 Reset Configuration-ResetConfig() ......................................................................... 155
16.13 Clearing the Foreign Configuration-ClearForeignConfig() ....................................... 156
16.14 Applying the Pending Values for RAID-CreateTargetedConfigJob() ........................ 157
16.15 Deleting the Pending Values for RAID-DeletePendingConfiguration() ..................... 158
16.16 Managing Hot Spare ............................................................................................... 159
16.16.1 Determining Potential Disks-GetDHSDisks() ................................ ........... 159
16.16.2 Assigning the Hot Spare-AssignSpare() .................................................. 159
16.16.3 Unassigning the Hot Spare-UnassignSpare() .......................................... 161
16.17 Managing Keys for Self Encrypting Drives .............................................................. 161
16.17.1 Setting the Key-SetControllerKey() .......................................................... 161
16.17.2 Locking the Virtual Disk-LockVirtualDisk() ............................................... 162
16.17.3 Locking the Controller with a Key-EnableControllerEncryption() .............. 163
16.17.4 Rekeying the Controller-ReKey() ............................................................. 164
16.17.5 Removing the Key-RemoveControllerKey() ............................................. 166
16.18 Managing Virtual Disk ............................................................................................. 166
16.18.1 Getting the Available RAID levels-GetRAIDLevels() ................................ 166
16.18.2 Getting the Available Disks-GetAvailableDisks() ...................................... 168
16.18.3 Checking the Create VD Parameters Validity-CheckVDValues() ............. 169
16.18.4 Creating a Single Virtual Disk-CreateVirtualDisk() ................................... 170
16.18.5 Creating a Sliced Virtual Disk-CreateVirtualDisk() ................................... 173
16.18.6 Creating a Cachecade Virtual Disk-CreateVirtualDisk() ........................... 176
16.18.7 Deleting a Virtual Disk-DeleteVirtualDisk() ............................................... 178
16.19 Setting Controller Attributes ................................................................ .................... 179
7
16.19.1 Changing the Value of a RAID Controller Enumeration Attribute ............. 179
16.19.2 Changing Multiple Values of RAID Controller Enumeration Attributes ...... 179
16.19.3 Changing the Value of a RAID Controller Integer Attribute ...................... 180
16.19.4 Changing Multiple Values of RAID Controller Integer Attributes ............... 181
16.20 Convert Physical Disks to RAID-ConvertToRAID() ................................................. 182
16.21 Convert Physical Disks to Non RAID-ConvertToNonRAID() .................................... 183
17 Managing BIOS Configuration .......................................................................................... 183
17.1 Listing the BIOS Inventory-Enumeration Class ....................................................... 183
17.2 Getting a BIOS Enumeration Instance .................................................................... 185
17.3 Changing the BIOS BootMode-SetAttribute() .......................................................... 185
17.4 Setting Multiple BIOS BootMode Parameters.......................................................... 186
17.5 Listing the BIOS Inventory-Integer Class ................................................................ 187
17.6 Listing the BIOS Inventory-String Class .................................................................. 187
17.7 Applying the Pending Values for BIOS & Boot-CreateTargetedConfigJob() ............ 188
17.8 Deleting the Pending Values for BIOS & Boot-DeletePendingConfiguration() ......... 189
17.9 Managing BIOS Passwords .................................................................................... 190
17.9.1 Setting the BIOS Password ......................................................................... 190
17.9.2 Create Target Configuration Job ................................................................. 192
17.9.3 Monitor Set BIOS Password Status ............................................................. 192
17.10 Listing the BIOS Inventory-Password Class ............................................................ 192
18 Exporting and Importing Server Profile ............................................................................. 193
18.1 Exporting Server Profile .......................................................................................... 194
18.1.1 Exporting Server Profile to iDRAC vFlash Card-BackupImage() .................. 194
18.1.2 Exporting Server Profile to NFS Share-BackupImage() ............................... 194
18.1.3 Exporting Server Profile to CIFS Share-BackupImage() .............................. 195
18.1.4 Monitoring Export status .............................................................................. 196
18.2 Importing Server Profile .......................................................................................... 197
18.2.1 Importing Server Profile from iDRAC vFlash Card-RestoreImage() ............. 197
18.2.2 Importing Server Profile from NFS share-RestoreImage() ........................... 197
18.2.3 Importing Server Profile from CIFS share-RestoreImage() .......................... 198
18.2.4 Monitoring Import Status ............................................................................. 199
19 iDRAC Configuration ........................................................................................................ 200
19.1 Listing the iDRAC Card Inventory-Enumeration Class ............................................ 200
19.2 Getting an iDRAC Card Enumeration Instance ....................................................... 201
19.3 Listing the iDRAC Card Inventory-Enumeration Class using groupID ..................... 202
19.4 Applying the Attributes and Polling Job Completion ................................................ 204
19.4.1 Changing iDRAC Values-ApplyAttributes() (Immediate) .............................. 204
19.4.2 Polling Job Completion ................................................................................ 205
19.4.3 Set Attribute Verification .............................................................................. 206
19.5 Listing the iDRAC Card Inventory-Integer Class ..................................................... 207
19.6 Listing the iDRAC Card Inventory-Integer Class using groupID .............................. 208
19.7 Listing the iDRAC Card Inventory-String Class ....................................................... 209
8
19.8 Listing the iDRAC Card Inventory-String Class using groupID ................................ 210
19.9 Changing the iDRAC IPChange Notification ........................................................... 212
19.9.1 Getting the Current iDRAC IPChange State ................................................ 212
19.9.2 Setting the iDRAC IPChange Notification-SetAttribute() .............................. 212
20 Remote Service Status .................................................................................................... 213
20.1 Getting Remote Service Status ............................................................................... 213
20.2 Restarting Remote Service Status .......................................................................... 215
21 System Information .......................................................................................................... 216
21.1 Listing the System Inventory-SystemView Class ..................................................... 216
22 Sensor Information .......................................................................................................... 217
22.1 Listing the Sensors Inventory-PSNumericSensor Class .......................................... 217
23 Managing Fiber Channel (FC) Configuration .................................................................... 219
23.1 Listing the FC Inventory-Attribute Class .................................................................. 219
23.2 Listing the FC Inventory-Statistics Class ................................................................. 220
23.3 Listing the FC Inventory-String Class ................................................................ ...... 221
23.4 Listing the FC Inventory-Integer Class ................................ .................................... 222
23.5 Listing the FC Inventory-Enumeration Class ........................................................... 222
23.6 Changing the FC Attributes-SetAttribute() ............................................................... 223
23.7 Applying the Pending Values for FC-CreateTargetedConfigJob() ........................... 223
23.8 Deleting the Pending Values for FC-DeletePendingConfiguration() ........................ 225
23.9 Listing the FC Views ............................................................................................... 225
9
1 Introduction
This document serves as a guideline for utilizing the functionality available from embedded Lifecycle Controller Remote Enablement Web Services interfaces. The purpose of this document is to provide information and examples for utilizing the Web services for Management (WS-Man) management protocol using Windows WinRM and open source WSMANCLI command line utilities. Examples and invocation information is provided for the following functionality.
Inventory for BIOS, component firmware and embedded software Update of BIOS, component firmware and embedded software Job Control of update tasks Enhancement of Operating System Deployment using VFlash SD Card Enhancement of Discovery and Handshake from LifeCycle Controller 1.x Raid configuration management iDRAC Inventory and configuration features NIC configuration management Boot configuration management BIOS configuration management
The target audience for this document is application and script writers that want to utilize the remote management capabilities using WS-Man protocol available from Dell Lifecycle Controller.
2 References
1
Dell 12th Generation PowerEdge Server Resources:
http://www.delltechcenter.com/12thGen
2
Dell CIM Profiles:
http://www.delltechcenter.com/page/DCIM.Library.Profile
3
Managed Object Format (MOF) files
http://www.delltechcenter.com/page/DCIM.Library.MOF
4
WinRM Scripting API, MSDN:
http://msdn.microsoft.com/en-us/library/aa384469(VS.85).aspx
5
Openwsman CLI:
http://www.openwsman.org/project/wsmancli
6
DMTF Common Information Model (CIM) Infrastructure Specification (DSP0004):
http://www.dmtf.org/standards/published_documents/DSP0004_2.5.0.pdf
10
7
List of PCI IDs:
http://pciids.sourceforge.net/pci.ids
11
3 Overview
The remote interface guidelines provided in this document are illustrated by command line examples of the WS-MAN protocol Web services APIs that expose the remote management capabilities of the Dell Lifecycle Controller. The command line examples are from the Microsoft® Windows® and Linux environments using WinRM4 and WSMANCLI5 respectively. The Lifecycle Controller remote management capabilities are organized by management domain and documented in Dell CIM Profile specifications2. The remote enablement feature for Lifecycle Controller 2.0 provides the following capabilities:
Remotely get inventory of the BIOS, component firmware, and embedded software including
version information of both the installed as well as available cached versions
Remote update of BIOS, component firmware, Diagnostic content, DRAC content, driver pack,
power supplies from remotely located Dell Update Packages or cached images located in the Lifecycle Controller
Remotely schedule and track the status of update tasks (jobs) Remotely manage the Part Replacement feature by allowing retrieving and setting auto update
and auto system inventory sync
Enable re-initiation of Lifecycle Controller Auto-Discovery feature Enhancement of Operation System Deployment capabilities by supporting the downloading of
an ISO image to a Dell VFlash SD Card and booting to the ISO image on the VFlash SD Card
NIC configuration enables the ability to get and set NIC attributes that are configurable using
NIC Option ROM or NIC UEFI HII.
Remote RAID configuration allows users to remotely query and configure the Hardware Raid of
the system
Multiple HW Inventory views allows users to remote query the inventory of Hardware
3.1 Format for WinRM CLI Examples in Document
The examples of WinRM and WSMANCLI command line invocations in this document are formatted for readability and often span multiple lines in the document. In actual use, scripted or hand-typed invocations are contained on one line. The examples also use substitute values for the target iDRAC IP address, username (with ExecuteServerCommand privilege), password and other site specific information. Actual use of these examples would require using values for IP Address, username and password, etc. that are valid. These values are represented in the examples as follows:
Target iDRAC IP address = [IPADDRESS]
iDRAC Username = [USER]
iDRAC Password = [PASSWORD]
Additional substitute values are used in some of the examples and are described in the specific example.
12
The following example is typical of the formatting used in this document:
EXAMPLE:
winrm e cimv2/root/dcim/DCIM_OSDeploymentService
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman:443
-encoding:utf-8 -a:basic
3.2 WS-Man Security & Time Parameters
3.2.1 Encryption Certificate Security
For the WinRM examples provided in this document, the strict checks of certificates such as matching of CNs (Common Names) and verification with the actual CA (Certificate Authority) of the certificate of the WS-Management protocol HTTPS encryption certificate is assumed to be already configured and enabled. To disable the strict certificate checking, add the following command line options to all
WinRM examples: –skipCACheck and –skipCNCHeck.
Additionally, the following error may result if the end point does not support this feature. Use the
switch -skiprevocationcheck to bypass this error.
WSManFault
Message = The server certificate on the destination computer (10.35.0.232:443) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
Refer to the WinRM documentation4 and related documentation for directions on setting up encryption certificates for WinRM and executing WinRM invocations using full security capabilities. Refer to the Lifecycle Controller User Guide1 for directions on configuring different encryption certificates for the iDRAC Web server. Dell recommends that the full security and encryption capabilities of the WS­Management protocol is used for production level utilization of the Lifecycle Controller Web services interfaces.
3.2.2 Handling invalid responses from WSMAN commands
Check the network connection to make sure that the system is connected Check the WSMAN syntax to ensure there are no typos in the command line Check if there are other WSMAN commands sending from other systems Wait for a few seconds and re-try the WSMAN command
13
3.2.3 Improving WinRM Enumeration Performance
When an enumeration command is executed, the default WinRM configuration gets only 20 instances at a time and therefore slows down the system drastically. Changing the WinRM configuration to allow a greater number, such as 50, will reduce the time taken by the enumeration operations.
Execute the following command to get instances in groups of up to 50.
winrm set winrm/config @{MaxBatchItems="50"}
Additionally, increasing the allotted maximum envelope size and timeout can also increase performance.
winrm set winrm/config @{MaxEnvelopeSizekb="150"}
winrm set winrm/config @{MaxTimeoutms ="60000"}
Other optional WinRM configuration commands are listed below for convenience. To get the current WinRM configuration settings, execute the following command.
winrm g winrm/config
By default, the client computer requires encrypted network traffic. To allow the client computer to request unencrypted traffic, execute the following command:
winrm s winrm/config/Client @{AllowUnencrypted="true"}
TrustedHosts is an array that specifies the list of remote computers that are trusted. Other computers in a workgroup or computers in a different domain should be added to this list.
Note: The computers in the TrustedHosts list are not authenticated.
Execute the following command to allow all computers to be included in TrustedHosts.
winrm s winrm/config/Client @{TrustedHosts="*"}
Basic authentication is a scheme in which the user name and password are sent in clear text to the server or proxy. This method is the least secure method of authentication. The default is True.
Execute the following command to set client computer to use Basic authentication.
winrm s winrm/config/Client/Auth @{Basic="true"}
3.2.4 Specifying StartTime, Until Time, and TIME_NOW Parameters
The several methods that attach a virtual USB device to the target system accept a StartTime and Until parameter. The parameter data type is CIM date-time. If the StartTime parameter is null the action will not be started. If the Until parameter is null, the default value will be 17 hours. The date-time data type is defined in the CIM Infrastructure Specification4 as:
ddddddddhhmmss.mmmmmm
Where:
14
Term
Meaning
BIOS
Basic Input / Output System
HW
Hardware
iDRAC
Integrated DELL Remote Access Controller
IPL
Initial Program Load
DUP
Dell Update Package
MOF
Managed Object File
CIM
Common Information Model
NIC
Network Interface Controller
RAID
Redundant Array of Independent Disks
FQDD
Fully Qualified Device Description
UEFI
Unified Extensible Firmware Interface
AMEA
Advanced Management Enablement Adapter
HII
Human Interface Infrastructure
WSMAN
WS-Management is a specification of a SOAP-based protocol for the management of servers, devices, applications and more
dddddddd is the number of days
hh is the remaining number of hours
mm is the remaining number of minutes
ss is the remaining number of seconds
mmmmmm is the remaining number of microseconds
The Lifecycle controller firmware update, and set attribute related methods that require a date time parameter, use the form YYYYMMDDhhmmss (Eg. 20090930112030). The user is expected to enter the date and time in this format for all Lifecycle Controller updates and set attribute tasks. TIME_NOW is a special value that represents “running the tasks immediately”.
3.2.5 Return Values
Many of the methods in this document have the following possible return values. They are summarized here for convenience.
0 = Success
1 = Not Supported
2 = Failed
4096 = Job Created
3.2.6 Glossary
15
4 Discovery
4.1 Discovering Web Service Capability
Determine if the target system supports the WinRM interface using the ‘identify’ command.
Profiles:
http://www.dmtf.org/sites/default/files/standards/documents/DSP0217_2.0.0.pdf
EXAMPLE:
winrm identify
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic
OUTPUT:
IdentifyResponse ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor = Openwsman Project ProductVersion = 2.2.4
4.2 Discovering what Profiles are Implemented
Implemented profiles are advertised using the class CIM_RegisteredProfile. Enumerate this class in the “root/interop” CIM namespace.
Profiles:
http://www.dmtf.org/sites/default/files/standards/documents/DSP1033_1.0.0.pdf
EXAMPLE:
winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-
schema/2/CIM_RegisteredProfile?__cimnamespace=root/interop
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic
OUTPUT:
DCIM_LCRegisteredProfile AdvertiseTypeDescriptions = WS-Identify, Interop Namespace AdvertiseTypes = 1, 1 InstanceID = DCIM:Memory:1.0.0 OtherRegisteredOrganization = DCIM RegisteredName = Memory RegisteredOrganization = 1 RegisteredVersion = 1.0.0 ... DCIM_RegisteredProfile
16
AdvertiseTypeDescriptions = WS-Identify AdvertiseTypes = 1 Caption = null Description = null ElementName = null InstanceID = DCIM:CSRegisteredProfile:1 OtherRegisteredOrganization = null RegisteredName = Base Server RegisteredOrganization = 2 RegisteredVersion = 1.0.0 . . .
The above example shows that the DMTF Base Server profile version 1.0.0 is implemented.
4.3 Discovering Implementation Namespace
The implementation CIM namespace may be discovered from the interop (root/interop) CIM namespace using the class CIM_ElementConformsToProfile that associates an instance of CIM_RegisteredProfile class with an instance of CIM_ComputerSystem class.
Profiles: n/a
EXAMPLE:
winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/* -dialect:association -associations ­filter: {object=DCIM_ComputerSystem?CreationClassName=DCIM_ComputerSystem+Name=srv:system+__cimna mespace=root/dcim}
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -encoding:utf-8 -a:basic
-SkipCNcheck –SkipCAcheck
OUTPUT:
DCIM_CSRoleLimitedToTarget DefiningRole Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_Role SelectorSet Selector: CreationClassName = DCIM_Role, Name = DCIM:Role:9, __cimnamespace = root/dcim TargetElement Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-
schema/2/DCIM_ComputerSystem
SelectorSet Selector: CreationClassName = DCIM_ComputerSystem, Name = srv:system, __cimnamespace = root/dcim
17
DCIM_CSRoleLimitedToTarget DefiningRole Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_Role SelectorSet Selector: CreationClassName = DCIM_Role, Name = DCIM:Role:10, __cimnamespace = root/dcim TargetElement Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-
schema/2/DCIM_ComputerSystem
SelectorSet Selector: CreationClassName = DCIM_ComputerSystem, Name = srv:system, __cimnamespace = root/dcim
5 Managing iDRAC Local User Accounts
5.1 Description of iDRAC Attributes vs Standard DMTF Model
The iDRAC user account management data model is represented by both DMTF and Dell Profiles. Both models are currently offered. The DMTF Profiles for Simple Identity Management and Role Based Authorization represent iDRAC user accounts and privileges. The DMTF data model is complex and typically requires multiple transactions to accomplish simple operations such as specifying a username and password or giving a user account admin privileges. For this reason, LC also offers a Dell data model for managing iDRAC user accounts that is based on an attribute model. The DCIM iDRAC Card Profile specifies the attributes for each user account name, password, and privilege. The iDRAC has 15 local user account that can be managed.
5.2 Account Inventory (using iDRAC Attributes)
The list of user accounts may be retrieved by enumerating the DCIM_iDRACCard classes. The class provides the user account name and enabled state properties.
Profile and Associated MOFs:
http://www.delltechcenter.com/page/DCIM.Library.Profile
5.2.1 Account and Capabilities (using iDRAC Attributes)
Enumerating the DCIM_iDRACCardEnumeration class, Section 19.1, and parsing the output for the attribute AttributeDisplayName = User Admin Enable, will display all of the 16 possible user accounts and their respective status.
EXAMPLE:
winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-
schema/2/root/dcim/DCIM_iDRACCardEnumeration
-u:[USER] -p:[PASSWORD]
18
Account Disabled as displayed
in CurrentValue attribute for
Users.1
Account Enabled as displayed
in CurrentValue attribute for
Users.2
-r:https://[IPADDRESS]/wsman:443 -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic
OUTPUT:
DCIM_iDRACCardEnumeration AttributeDisplayName = User Admin Enable
AttributeName = Enable CurrentValue = Disabled DefaultValue = Disabled
Dependency = null DisplayOrder = 0 FQDD = iDRAC.Embedded.1 GroupDisplayName = Users GroupID = Users.1 InstanceID = iDRAC.Embedded.1#Users.1#Enable IsReadOnly = true PossibleValues = Disabled, Enabled DCIM_iDRACCardEnumeration AttributeDisplayName = User Admin Enable
AttributeName = Enable CurrentValue = Enabled
DefaultValue = Enabled Dependency = null DisplayOrder = 0 FQDD = iDRAC.Embedded.1 GroupDisplayName = Users GroupID = Users.2 InstanceID = iDRAC.Embedded.1#Users.2#Enable IsReadOnly = false PossibleValues = Disabled, Enabled . . .
5.2.2 Privilege and Capabilities (using iDRAC Attributes)
Enumerating the DCIM_iDRACCardEnumeration class, Section 19.1, and parsing the output for the attribute AttributeDisplayName = User Admin IPMI LAN(or Serial) Privilege, will display all of the 16 possible user accounts and their respective status.
EXAMPLE:
DCIM_iDRACCardEnumeration AttributeDisplayName = User Admin IPMI LAN Privilege AttributeName = IpmiLanPrivilege CurrentValue = NoAccess DefaultValue = NoAccess Dependency = null DisplayOrder = 0 FQDD = iDRAC.Embedded.1 GroupDisplayName = Users GroupID = Users.1
19
InstanceID = iDRAC.Embedded.1#Users.1#IpmiLanPrivilege IsReadOnly = true PossibleValues = User, Operator, Administrator, NoAccess
DCIM_iDRACCardEnumeration AttributeDisplayName = User Admin IPMI Serial Privilege AttributeName = IpmiSerialPrivilege CurrentValue = NoAccess DefaultValue = NoAccess Dependency = null DisplayOrder = 0 FQDD = iDRAC.Embedded.1 GroupDisplayName = Users GroupID = Users.1 InstanceID = iDRAC.Embedded.1#Users.1#IpmiSerialPrivilege IsReadOnly = true PossibleValues = User, Operator, Administrator, NoAccess. . .
5.3 Manage Account Settings (using iDRAC Attributes)
When the account setting capability allows, the user name of an account may be modified by invoking the ApplyAttributes() method on the UserName property. Confirmation of successful user name or password verification can be obtained by enumerating the DCIM_iDRACCardString class(Section 19.6).
5.3.1 Modify User Name (using iDRAC Attributes)
EXAMPLE:
winrm i ApplyAttributes http://schemas.dmtf.org/wbem/wscim/1/cim-
schema/2/root/dcim/DCIM_iDRACCardService
?SystemCreationClassName=DCIM_ComputerSystem +CreationClassName=DCIM_iDRACCardService +SystemName=DCIM:ComputerSystem +Name=DCIM:iDRACCardService
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -file: DracCard_UserName.xml
The input file, DracCard_UserName.xml, is shown below:
<p:ApplyAttributes_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim­schema/2/root/dcim/DCIM_iDRACCardService"> <p:Target>iDRAC.Embedded.1</p:Target> <p:AttributeName>Users.4#UserName</p:AttributeName> <p:AttributeValue>HELLO</p:AttributeValue> </p:ApplyAttributes_INPUT>
OUTPUT:
20
When this method is executed, a jobid or an error message is returned.
ApplyAttributes_OUTPUT ReturnValue = 4096 Job EndpointReference Address = https://127.0.0.1:443/wsman ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_LifecycleJob SelectorSet Selector: __cimnamespace = root/dcim, InstanceID = JID_001296571842
5.3.2 Modify Password (using iDRAC Attributes)
EXAMPLE:
winrm i ApplyAttributes http://schemas.dmtf.org/wbem/wscim/1/cim-
schema/2/root/dcim/DCIM_iDRACCardService
?SystemCreationClassName=DCIM_ComputerSystem +CreationClassName=DCIM_iDRACCardService +SystemName=DCIM:ComputerSystem +Name=DCIM:iDRACCardService
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -file:DracCard_Password.xml
The input file, DracCard_Password.xml, is shown below:
<p:ApplyAttributes_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim­schema/2/root/dcim/DCIM_iDRACCardService"> <p:Target>iDRAC.Embedded.1</p:Target> <p:AttributeName>Users.4#Enable</p:AttributeName> <p:AttributeValue>Enabled</p:AttributeValue> <p:AttributeName>Users.4#Password</p:AttributeName> <p:AttributeValue>PWORDHERE</p:AttributeValue> </p:ApplyAttributes_INPUT>
OUTPUT:
When this method is executed, a jobid or an error message is returned.
ApplyAttributes_OUTPUT ReturnValue = 4096 Job EndpointReference Address = https://127.0.0.1:443/wsman ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_LifecycleJob SelectorSet Selector: __cimnamespace = root/dcim, InstanceID = JID_001296571842
21
5.3.3 Modify Account State (using iDRAC Attributes)
When the account setting capability allows, the user account may be enabled or disabled by invoking the method ApplyAttributes() method on the Enable property. Confirmation of the change can be obtained by enumerating the DCIM_iDRACCardString class(Section 19.6).
EXAMPLE:
winrm i ApplyAttributes http://schemas.dmtf.org/wbem/wscim/1/cim-
schema/2/root/dcim/DCIM_iDRACCardService
?SystemCreationClassName=DCIM_ComputerSystem +CreationClassName=DCIM_iDRACCardService +SystemName=DCIM:ComputerSystem +Name=DCIM:iDRACCardService
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -file: DracCard_AccountChange.xml
The input file, DracCard_ AccountChange.xml, is shown below:
<p:ApplyAttributes_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim­schema/2/root/dcim/DCIM_iDRACCardService"> <p:Target>iDRAC.Embedded.1</p:Target> <p:AttributeName>Users.4#Enable</p:AttributeName> <p:AttributeValue>Enabled</p:AttributeValue> <p:AttributeName>Users.4#Password</p:AttributeName> <p:AttributeValue>PASSWORDHERE</p:AttributeValue> </p:ApplyAttributes_INPUT>
OUTPUT:
When this method is executed, a jobid or an error message is returned.
ApplyAttributes_OUTPUT Job Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_LifecycleJob SelectorSet Selector: InstanceID = JID_001296744532, __cimnamespace = root/dcim ReturnValue = 4096
The following error may result if the password has not initially been set to a value. The password may be set an initail value at the same time as the account is enabled by adding the Users.4#Password attribute name and corresponding attribute value, as shown above.
ApplyAttributes_OUTPUT Message = The User Password is not configured so cannot Enable the User or set values for IPMILan IPMISerial or User Admin Privilege MessageArguments = NULL MessageID = RAC023 ReturnValue = 2
22
5.3.4 Modify User Privilege (using iDRAC Attributes)
When the account setting capability allows, the user privileges may be enabled or disabled by invoking the method ApplyAttributes() method on the Enable property. Confirmation of the change can be obtained by enumerating the DCIM_iDRACCardString class(Section 19.6).
EXAMPLE:
winrm i ApplyAttributes http://schemas.dmtf.org/wbem/wscim/1/cim-
schema/2/root/dcim/DCIM_iDRACCardService
?SystemCreationClassName=DCIM_ComputerSystem +CreationClassName=DCIM_iDRACCardService +SystemName=DCIM:ComputerSystem +Name=DCIM:iDRACCardService
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -file: DracCard_PrivilegeChange.xml
The input file, DracCard_ PrivilegeChange.xml, is shown below:
<p:ApplyAttributes_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim­schema/2/root/dcim/DCIM_iDRACCardService"> <p:Target>iDRAC.Embedded.1</p:Target> <p:AttributeName>Users.4#IpmiLanPrivilege</p:AttributeName> <p:AttributeValue>Operator</p:AttributeValue> </p:ApplyAttributes_INPUT>
OUTPUT:
When this method is executed, a jobid or an error message is returned.
ApplyAttributes_OUTPUT Job Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_LifecycleJob SelectorSet Selector: InstanceID = JID_001296745342, __cimnamespace = root/dcim ReturnValue = 4096
5.4 Account Inventory (using DMTF Model)
The list of user accounts may be retrieved by enumerating the CIM_Account class. The class provides the user account name and EnabledState properties. The user account password is also included but it is a write-only property.
Profiles:
http://www.dmtf.org/sites/default/files/standards/documents/DSP1034_1.0.1.pdf http://www.dmtf.org/sites/default/files/standards/documents/DSP1039_1.0.0.pdf
5.4.1 Account and Capabilities (using DMTF Model)
Example-A demonstrates standard ouput. Example-B demonstrates EPR mode output.
23
EXAMPLE-A:
winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_Account
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic
OUTPUT-A:
DCIM_Account CreationClassName = DCIM_Account ElementName = DCIM Account EnabledDefault = 2 EnabledState = 3 Name = iDRAC.Embedded.1#Users.1 OrganizationName = DCIM RequestedState = 0 SystemCreationClassName = DCIM_SPComputerSystem SystemName = systemmc TransitioningToState = 12 UserID = null UserPassword = null
DCIM_Account CreationClassName = DCIM_Account ElementName = DCIM Account EnabledDefault = 2 EnabledState = 2 Name = iDRAC.Embedded.1#Users.2 OrganizationName = DCIM RequestedState = 0 SystemCreationClassName = DCIM_SPComputerSystem SystemName = systemmc TransitioningToState = 12 UserID = root UserPassword . . .
EXAMPLE-B:
winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_Account -u:[USER] ­p:[PASSWORD]
-r:https://[IPADDRESS]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -returntype:EPR
OUTPUT-B:
EndpointReference Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_Account SelectorSet
24
Selector: __cimnamespace = root/dcim, Name = iDRAC.Embedded.1#Users.1, CreationClassName = DCIM_Account, Sys temName = systemmc, SystemCreationClassName = DCIM_SPComputerSystem
EndpointReference Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_Account SelectorSet Selector: __cimnamespace = root/dcim, Name = iDRAC.Embedded.1#Users.2, CreationClassName = DCIM_Account, Sys temName = systemmc, SystemCreationClassName = DCIM_SPComputerSystem
. . .
Account setting capability is defined in the class CIM_AccountManagementCapabilities associated with the CIM_Account class instance. The ability to enable and disable an account is defined in the capability class CIM_EnabledLogicalElementCapabilities associated with the CIM_Account class.
To determine account setting capabilities:
1. Get the CIM_Account class instance of interest using EnumerateEPR mode.
2. Enumerate the associators of the CIM_Account instance and search for
CIM_AccountManagementService class instance using EnumerateEPR mode.
3. Enumerate the associators of the CIM_AccountManagementService instance and search for
CIM_AccountManagementCapabilities class instance.
4. One exception is account index 0. The first account is static and could not be set.
OUTPUT-C:
DCIM_LocalUserAccountManagementCapabilities ElementName = Local User Account Management Capabilities ElementNameEditSupported = false InstanceID = DCIM:LocalUserAccountManagementCapabilities:1 MaxElementNameLen = 0 OperationsSupported = 3 SupportedAuthenticationMethod = 0, 1, 2
DCIM_IPMICLPAccountManagementCapabilities ElementName = IPMI/CLP Account Management Capabilities ElementNameEditSupported = false InstanceID = DCIM:IPMICLPAccountManagementCapabilities:1 MaxElementNameLen = 0 OperationsSupported = 3
25
To determine account state setting capabilities:
1. Get the CIM_Account class instance of interest using EnumerateEPR mode.
2. Enumerate the associators of the CIM_Account instance and search for
CIM_EnabledLogicalElementCapabilities class instance.
3. The presence of “RequestedStatesSupported” determines which states could be set.
4. One exception is account index 0. The first account is static and could not be set.
OUTPUT-D:
DCIM_EnabledLogicalElementCapabilities ElementName = Account Capabilities ElementNameEditSupported = false InstanceID = DCIM_EnabledLogicalElementCapabilities:1 MaxElementNameLen = 0 RequestedStatesSupported = 2, 3 . . .
5.4.2 Privilege and Capabilities (using DMTF Model)
The account privilege assigned to a user is defined in the class CIM_Privilege associated with the CIM_Account class. The class contains a list of privileges granted to the user account.
Profiles:
http://www.dmtf.org/sites/default/files/standards/documents/DSP1034_1.0.1.pdf http://www.dmtf.org/sites/default/files/standards/documents/DSP1039_1.0.0.pdf
To get the instance of CIM_Privilege for an account:
1. Get the CIM_Account class instance of interest using EnumerateEPR mode.
2. Enumerate the associators of the CIM_Account instance and search for CIM_Identity class
instance using EnumerateEPR mode.
3. Enumerate the associators of the CIM_Identity instance and search for CIM_Role class instance
using EnumerateEPR mode.
4. Enumerate the associators of the CIM_Role instance and search for CIM_Privilege class instance.
An alternative to the above method, you can retrieve the specific CIM_Privilege instance by enumerating the class directly with filter. This method is similar to the example used to retrieve CIM_Account.
EXAMPLE:
26
winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/DCIM_LocalRolePrivilege
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]//wsman
-SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
OUTPUT:
DCIM_LocalRolePrivilege Activities = null ActivityQualifiers = null ElementName = DCIM Local Privilege 1 InstanceID = DCIM:Privilege:1 PrivilegeGranted = true QualifierFormats = null RepresentsAuthorizationRights = false
DCIM_LocalRolePrivilege Activities = 7, 7, 7, 7, 7, 7, 7, 7, 7 ActivityQualifiers = Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Test Alerts, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Execute Diagnostic Commands
ElementName = DCIM Local Privilege 2 InstanceID = DCIM:Privilege:2 PrivilegeGranted = true QualifierFormats = 9, 9, 9, 9, 9, 9, 9, 9, 9 RepresentsAuthorizationRights = true
DCIM_LocalRolePrivilege Activities = null ActivityQualifiers = null
ElementName = DCIM Local Privilege 3 InstanceID = DCIM:Privilege:3 PrivilegeGranted = true QualifierFormats = null RepresentsAuthorizationRights = false . . .
Privilege setting capability is defined in the class CIM_RoleBasedManagementCapabilities associated with the CIM_Privilege class instance. This class contains the list of possible values used to assign privileges. Look for the property ActivityQualifiersSupported.
To determine privilege setting capabilities:
1. Acquire the class instance of CIM_Privilege of interest.
2. Enumerate the associators of the CIM_Privilege instance and search for
CIM_RoleBasedAuthorizationService class instance using EnumerateEPR mode.
27
3. Enumerate the associators of the CIM_RoleBasedAuthorizationService instance and search for
CIM_RoleBasedManagementCapabilities class instance using EnumerateEPR mode.
OUTPUT:
DCIM_LocalRoleBasedManagementCapabilities ActivitiesSupported = 7, 7, 7, 7, 7, 7, 7, 7, 7 ActivityQualifiersSupported = Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Di agnostic Commands ElementName = Local Role Based Management Capabilities InstanceID = DCIM:LocalRoleBasedManagementCapabilities QualifierFormatsSupported = 9, 9, 9, 9, 9, 9, 9, 9, 9 SharedPrivilegeSupported = false SupportedMethods = 8
DCIM_CLPRoleBasedManagementCapabilities ActivitiesSupported = null ActivityQualifiersSupported = null ElementName = CLP Role Based Management Capabilities InstanceID = DCIM:CLPRoleBasedManagementCapabilities QualifierFormatsSupported = null SharedPrivilegeSupported = false SupportedMethods = 6
DCIM_IPMIRoleBasedManagementCapabilities ActivitiesSupported = null ActivityQualifiersSupported = null ElementName = IPMI Role Based Management Capabilities InstanceID = DCIM:IPMIRoleBasedManagementCapabilities QualifierFormatsSupported = null SharedPrivilegeSupported = false SupportedMethods = 6
5.5 Manage Account Settings (using DMTF Model)
5.5.1 Modify User Name (using DMTF Model)
When the account setting capability allows, the user name of an account may be modified by issuing a set operation on the UserID property of the CIM_Account class instance. The set operation requires an instance reference. The instance reference may be retrieved by adding EnumerateEPR mode to enumerate or get of the class.
Profiles:
http://www.dmtf.org/sites/default/files/standards/documents/DSP1034_1.0.1.pdf http://www.dmtf.org/sites/default/files/standards/documents/DSP1039_1.0.0.pdf
28
The steps below demonstrate how to set the user name and password for local accounts.
A) Enumerate CIM_Account with EPR to identify all possible instance information to be used in a subsequent put or set operations.
EXAMPLE-A:
winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_Account ?__cimnamespace=root/dcim
-u:[USER] -p:[PASSWORD]
-r:https://[IPADDRESS]/wsman:443 -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -returntype:EPR
When this command is executed, a list of objects will be returned. Below is a snippet of the output.
OUTPUT-A:
EndpointReference Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_Account SelectorSet Selector: __cimnamespace = root/dcim, Name = iDRAC.Embedded.1#Users.1, CreationClassName = DCIM_Account, Sys temName = systemmc, SystemCreationClassName = DCIM_SPComputerSystem
EndpointReference Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.dell.com/wbem/wscim/1/cim-schema/2/DCIM_Account SelectorSet Selector: __cimnamespace = root/dcim, Name = iDRAC.Embedded.1#Users.2, CreationClassName = DCIM_Account, Sys temName = systemmc, SystemCreationClassName = DCIM_SPComputerSystem
. . .
B) Perform a get on any instance from A) to ensure correctness of the URI.
EXAMPLE-B:
winrm g "http://schemas.dell.com/wbem/wscim/1/cim-schema/2/ DCIM_Account?__cimnamespace=root/dcim +CreationClassName= DCIM_Account +Name= iDRAC.Embedded.1#Users.16 +SystemCreationClassName=DCIM_SPComputerSystem +SystemName=systemmc"
29
-r:https://[IPADDRESS]
-u:[USER] -p:[PASSWORD]
-a:basic -encoding:utf-8 –SkipCACheck –SkipCNCheck
When this method is executed, the particular object will be returned. Below is the output.
OUTPUT-B:
DCIM_Account CreationClassName = DCIM_Account ElementName = DCIM Account EnabledDefault = 2 EnabledState = 3 Name = iDRAC.Embedded.1#Users.16 OrganizationName = DCIM RequestedState = 0 SystemCreationClassName = DCIM_SPComputerSystem SystemName = systemmc TransitioningToState = 12 UserID = null UserPassword = null
C) If B) is successful, set the new values for the specified instance.
EXAMPLE-C:
winrm set "http://schemas.dell.com/wbem/wscim/1/cim-schema/2/ DCIM_Account?__cimnamespace=root/dcim +CreationClassName= DCIM_Account +Name= iDRAC.Embedded.1#Users.16 +SystemCreationClassName=DCIM_SPComputerSystem +SystemName=systemmc"
-r:https://[IPADDRESS]
-u:[USER] -p:[PASSWORD]
-a:basic -encoding:utf-8
@{UserID="testuser4";UserPassword="testuser4"} -SkipCACheck -SkipCNCheck –skiprevocationcheck
When this command is executed, the UserID will be displayed in the output. The UserPassword will be displayed as null when the account is disabled. After the account is enabled, it will be displayed as blank. The value of UserPassword will never be displayed.
OUTPUT-C:
DCIM_Account CreationClassName = DCIM_Account ElementName = DCIM Account EnabledDefault = 2 EnabledState = 3 Name = iDRAC.Embedded.1#Users.16 OrganizationName = DCIM
30
Loading...
+ 196 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use