Introduction
The iLO RESTful API for HPE iLO 5 is a programming interface enabling state-of-the-art server management. This document contains helpful information about how to interact with the iLO RESTful API. The iLO RESTful API uses the basic HTTP operations (GET, PUT, POST, DELETE, and PATCH) to submit or return a JSON formatted resource to or from a URI on iLO 5.
With modern scripting languages, you can easily write simple REST clients for RESTful APIs. Most languages, like Python, can transform JSON into internal-data structures, like dictionaries, allowing for easy access to data. This enables you to write custom code directly to the iLO RESTful API, instead of using intermediate tools such as HPE’s HPQLOCFG or CONREP.
Redfish Conformance
iLO 5’s Redfish conformance details are available in this document in the Managing Hewlett Packard Enterprise Servers Using the RESTful API.
Key benefits of the iLO RESTful API
The iLO RESTful API is becoming the main management interface for Hewlett Packard Enterprise servers with iLO 5. Its feature set will become larger than the existing iLO XML API (RIBCL) and IPMI interfaces. Using the iLO RESTful API, you can take full inventory of the server, control power and reset, configure BIOS and iLO settings, fetch event logs, as well as many other functions.
The iLO RESTful API follows the trend of the Internet in moving to a common pattern for new software interfaces. Many web services in a variety of industries use REST APIs because they are easy to implement, easy to consume, and offer scalability advantages over previous technologies.
HPE OneView, OpenStack, and many other server management APIs are now REST APIs. Most Hewlett Packard Enterprise Management software offerings, as well as the entire Software Defined Infrastructure, are built upon REST APIs.
The iLO RESTful API has the additional advantage of consistency across all present and projected server architectures. The same data model works for traditional rack-mount servers, blades, as well as newer types of systems. This advantage comes because the data model is designed to self-describe the service’s capabilities to the client and has room for flexibility designed in from the start
Changelog
The HPE iLO 5 Redfish service implements the DMTF Redfish specification version 1.6.0 and the schemas implemented by iLO 5 adhere to the DMTF Redfish schema bundle 8010_2021.4.
For a better understanding of the conformance to the DMTF Redfish, read the Redfish versioning paragraph of this article.
iLO 5 2.95 new features and changes
New URIs
- No new URIs added for this release.
HTTP Methods - Additions and Deprecations
- No HTTP methods changed across this release.
Deprecated URIs
- No URIs deprecated for this release.
Redfish actions - additions and deprecations
- No changes have been made to supported Redfish Actions for this release.
Schema Updates
AccountService.v1_5_0.AccountService
- Added
Oem.Hpe.TwoFactorAuth
: This property indicates whether two factor authentication is enabled or not.
- Added
#Certificate.v1_1_0.Certificate
updated to#Certificate.v1_6_0.Certificate
- - Added
Issuer
andSubject
: City
: The city or locality of the organization of the entity.CommonName
: The fully qualified domain name of the entity.Country
: The country of the organization of the entity.DisplayString
: A human-readable string for this identifier.Email
: The email address of the contact within the organization of the entity.Organization
: The name of the organization of the entity.OrganizationalUnit
: The name of the unit or division of the organization of the entity.State
: The state, province, or region of the organization of the entity.
- - Added
#Chassis.v1_11_2.Chassis
updated to #Chassis.v1_19_0.Chassis
- Added
LocationIndicatorActive
: An indicator allowing an operator to physically locate this resource.
#ComputerSystem.v1_13_0.ComputerSystem
updated to #ComputerSystem.v1_17_0.ComputerSystem
- Added
LocationIndicatorActive
: An indicator allowing an operator to physically locate this resource.
#Drive.v1_7_0.Drive
updated to #Drive.v1_14_0.Drive
- Added
LocationIndicatorActive
: An indicator allowing an operator to physically locate this resource.
ManagerNetworkProtocol.v1_0_0.ManagerNetworkProtocol
- Added
Oem.Hpe.SMTPForTFAEnabled
: Indicates whether SMTP for Two Factor Authentication is enabled.
iLO 5 2.90 new features and changes
New URIs
- No new URIs added for this release.
HTTP Methods - Additions and Deprecations
- No HTTP methods changed across this release.
Deprecated URIs
- No URIs deprecated for this release.
Redfish actions - additions and deprecations
- No changes have been made to supported Redfish Actions for this release.
Schema Updates
#HpeComponentInstallSet.v1_1_0.HpeComponentInstallSet
updated to#HpeComponentInstallSet.v1_2_0.HpeComponentInstallSet
#HpeComponentUpdateTask.v1_2_0.HpeComponentUpdateTask
updated to#HpeComponentUpdateTask.v1_3_0.HpeComponentUpdateTask
#HpeiLOSnmpService.v2_3_0.HpeiLOSnmpService
updated to#HpeiLOSnmpService.v2_4_0.HpeiLOSnmpService
- Added
SNMPv1RequestsEnabled
andSNMPv1TrapEnabled
to indicate if the SNMPv1 Queries and SNMPv1 Traps are enabled respectively. - Added
SNMPv3RequestsEnabled
andSNMPv3TrapEnabled
to indicate if the SNMPv3 Queries and SNMPv3 Traps are enabled respectively.
- Added
#Chassis.v1_11_2.Chassis
Oem.Hpe.ChassisACPowerWatts
is renamed toOem.Hpe.ChassisInputPowerWatts
.
#SessionService.v1_0_0.SessionService
- Added
SessionTimeout
: This is the number of seconds of inactivity that a session may have before the session service closes the session. Here the value0
means no timeout or infinite timeout.
- Added
iLO 5 2.81 new features and changes
New URIs
- No new URIs added for this release.
HTTP Methods - Additions and Deprecations
- No HTTP methods changed across this release.
Deprecated URIs
- No URIs deprecated for this release.
Redfish actions - additions and deprecations
- No changes have been made to supported Redfish Actions for this release.
Schema Updates
- No schema updates for this release.
iLO 5 2.78 new features and changes
New URIs
- No new URIs added for this release.
HTTP Methods - Additions and Deprecations
- Added PATCH for
redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}}
Deprecated URIs
No URIs deprecated for this releases.
#HpeRemoteSupport.v2_6_0.HpeRemoteSupport
HpeRemoteSupport.CompleteDirectConnectRegistration
: There are no parameters for this action.
Miscellenuous Information
#HpeSecurityService.v2_3_1.HpeSecurityService
TLSVersion.TLS1_0
andTLSVersion.TLS1_1
can be modified with aPATCH
request.
Schema Updates
#Chassis.v1_11_2.Chassis
AddedOem.Hpe.ChassisACPowerWatts
: The total AC input power consumed by the chassis and nodes.#EventDestination.v1_0_0.EventDestination
updated to#EventDestination.v1_4_5.EventDestination
- Added
SubscriptionType
: The subscription type for events. The following value is supported:RedfishEvent
- Added
#EventService.v1_0_8.EventService
updated to#EventService.v1_2_7.EventService
## PCIeDevice.v1_5_0.PCIeDevice
- Added
AssetTag
:The user-assigned asset tag for this PCIe device.
- Added
Thermal.v1_7_1.Thermal
- Added
Temperatures[{item}].Oem.Hpe.MainSensorName
: Sensor name of main temperature sensor that has atleast one sub sensor
- Added
ComputerSystem.v1_13_0.ComputerSystem
BootOrder
:Read Only
set toTrue
.
EthernetInterface.v1_4_1.EthernetInterface
Oem.Hpe.IPv4.DNSServers
:Read Only
set toTrue
#SoftwareInventory.v1_2_0.SoftwareInventory
- Added
Oem.Hpe.Version
: NVIDIA CEC Firmware version
- Added
iLO 5 2.72 new features and changes
New URIs
/redfish/v1/Systems/{@systemId}/LogServices/DPU
(GET,POST)#LogService.v1_1_0.LogService
- The resource contains properties for monitoring and configuring an event log service for the resource or service to which it is associated./redfish/v1/Systems/{@systemId}/LogServices/DPU/Entries
(GET,POST)#LogEntryCollection.LogEntryCollection
- A Collection of LogEntry resource instances./redfish/v1/Systems/{@systemId}/LogServices/DPU/Entries/{@entriesId}
(GET,PATCH)#LogEntry.v1_11_0.LogEntry
- Defines the record format of a log.
Miscellaneous Changes
iLO 5 v2.72 supports enabling and disabling of HTTP and HTTPS ports separately using Redfish APIs. Ensure you enable both HTTP and HTTPS, if you want to downgrade the firmware below iLO 5 v2.72, else the web server will not start.
HTTP methods - additions and deprecations
- Added PATCH for
/redfish/v1/Managers/{@managerId}/BackupRestoreService
- Added PATCH, POST for
/redfish/v1/Systems/{@systemId}/EthernetInterfaces/{@nicId}
Deprecated URIs
- No URIs deprecated for this release.
NOTE: From iLO 5 2.72 release, HPE Insight Online direct connect
is deprecated. HPE now supports only Insight Remote Support central connect
. If you are using HPE Insight Online direct connect
, HPE recommends to unregister Insight Online direct connect
and register with Insight Remote Support central connect
. For more information, see the HPE embedded remote support section
of the HPE iLO 5 2.72 User Guide.
#HpeRemoteSupport.v2_6_0.HpeRemoteSupport
- ConnectModel
(the Remote Support connect model type) will not support the value of DirectConnect
.
- DataCollectionFrequencyInDays
(the frequency of data collection in days. This is applicable only when the server is registered using Direct Connect.) will not apply as HPE Insight Online direct connect
is deprecated in this release.
- DirectConnectRegistrationIsCompleted
(Step 2 of Direct Connect Registration completion status) will not apply as HPE recommends to unregister HPE Insight Online direct connect
and HPE Insight Online direct connect
is deprecated in this release.
- HpeRemoteSupport.CompleteDirectConnectRegistration
: There are no parameters for this action, but this action is not applicable when HPE Insight Online direct connect
is deprecated in this release.
- HpeRemoteSupport.RegisterDeviceToRemoteSupport
: This action includes ConnectionType (string)
as a parameter. But, ConnectionType (string)
will not support the value DirectConnect
.
Redfish actions - additions and deprecations
- No changes have been made to supported Redfish Actions for this release.
Schema updates
#HpeiLOBackupRestoreService.v2_2_0.HpeiLOBackupRestoreService
- Added
CustomBackupandRestore
: The property indicates whether the custom backup and restore is enabled.
- Added
#HpeSecurityService.v2_3_1.HpeSecurityService
- Added
TLSVersion
: The property allows you to enable/disable specific TLS versions and display the status of TLS versions in all the security states.
- Added
#ServiceRoot.v1_5_1.ServiceRoot
- Added
Oem.Hpe.CACLoginUri
: URI for the CAC based authentication.
- Added
#Chassis.v1_10_2.Chassis
updated to#Chassis.v1_11_2.Chassis
- Added
Location
: An object that contains the following properties such asPartLocation
andPlacement
.
- Added
#ComputerSystem.v1_10_0.ComputerSystem
updated to#ComputerSystem.v1_13_0.ComputerSystem
- Added
BootProgress
: Provides information about SmartNIC device operating system booting and operating system services. The property includesLastState
andOemLastState
.LastState
- SmartNIC device operating system status with values such asOSBootStarted
(the operating system has started booting),OSRunning
(the operating system is running), andOEM
(the operating system state which is reported in theOemLastState
property.OemLastState
- SmartNIC device operating system Oem status with values such asOSServicesReady
(the operating system services are ready),OSServicesOffline
(the operating system services are offline),OSHalting
(the operating system has started halting), andOSHalted
(the operating system has performed a shutdown). - Added
Oem.Hpe.AvailableSystemCapabilities (array)
:AvailableSystemCapabilities
is an array that indicates SmartNIC DPU supports to OS-triggered DPC with the supported valueOStriggeredDPC
. - Added
Oem.Hpe.BootProgress
: The property includesOemResetReason
(the Smart NIC Device Operating system Oem reset reason andResetReason
(the Smart NIC Device Operating system reset reason). - Added
Oem.Hpe.EnabledSystemCapabilities (array)
:EnabledSystemCapabilities
is an array that indicates SmartNIC DPU supports to OS-triggered DPC with the supported valueOStriggeredDPC
. - Added
Oem.Hpe.IntegrationConfig
:OsReadyTimeout
is the property of typeinteger
andRead Only
set tofalse
. - Added
Oem.Hpe.OperatingSystem
: An object to find SmartNIC device operating system kernel version andKernel.Version
is the property. - Added the supported values
PoweringOn
andPoweringOFf
to thePowerState
property (the current power state of the system) in addition tonull
,On
,Off
, andReset
in thePowerState
property. - Added
DPU
(SmartNIC DPU System
) to theSystemType
property (the type of computer system that the resource represents) in addition toPhysical
(a computer system),Virtual
(a virtual machine instance running on the system),OS
(an operating system instance),PhysicallyPartitioned
(a hardware-based partition of a computer system),VirtuallyPartitioned
(a virtual or software-based partition of a computer system).
- Added
#HpeServerDevice.v2_0_0.HpeServerDevice
updated to#HpeServerDevice.v2_1_0.HpeServerDevice
- Added
FirmwareVersion.FirmwareVersions (array)
:FirmwareVersions
is an array that contains the propertiesComponentName
andVersionString
for the name and the version string of GPU cores.
- Added
#LogService.v1_0_0.LogService
updated to#LogService.v1_1_0.LogService
- Added
DateTime
: The current date and time, with UTC offset, that theLogService
uses to set or read time. - Added
DateTimeLocalOffset
: The UTC offset that the currentDateTime
property value contains in the+HH:MM
format. - Added
ServiceEnabled
: Indicates whether theLogService
is enabled.
- Added
#PCIeDevice.v1_4_0.PCIeDevice
updated to#PCIeDevice.v1_5_0.PCIeDevice
- Added
Oem.Hpe.FirmwareVersion (array)
:FirmwareVersion
is an array that contains the propertiesComponentName
andVersionString
for the name and the version string of GPU cores.
- Added
#Thermal.v1_6_2.Thermal
updated to#Thermal.v1_7_1.Thermal
- Updated
PhysicalContext
inTemperatures
:Temperatures
is an array and thePhysicalContext
property is updated with the following values such asLiquidInlet
,LiquidOutlet
,CPUSubsystem
,GPUSubsystem
,FPGA
,Accelerator
,ASIC
,PowerSubsystem
,Rectifier
,Memory
,MemorySubsystem
,Chassis
,Fan
,CoolingSubsystem
,Motor
,Transformer
,ACUtilityInput
,ACStaticBypassInput
,ACMaintenanceBypassInput
,DCBus
,ACOutput
,ACInput
,TrustedModule
,Board
,Transceiver
,Battery
, andPump
.
- Updated
#UpdateService.v1_1_1.UpdateService
updated to#UpdateService.v1_2_1.UpdateService
- Added
BundleDowngradeSupport
: Indicates whether iLO supports downgrade capability for cloud based updates to theOem.Hpe.Capabilities
property. - Added
OfflineRuntimeBundleUpdate
: Indicates whether iLO supports offline type D installation. The supported values areProductionMode
,ProductionAndHighSecurityMode
, andAllModes
to theOem.Hpe.Capabilities
property.
- Added
#VirtualMedia.v1_2_0.VirtualMedia
updated to#VirtualMedia.v1_3_0.VirtualMedia
- Added
TransferProtocolType
property andTransferProtocolType (string)
attribute: Supported Network Protocols to use with the image such asCIFS
- Common Internet File System protocol,FTP
- File Transfer Protocol,SFTP
- Secure File Transfer Protocol,HTTP
- Hypertext Transfer Protocol,HTTPS
- HTTP Secure protocol.|,NFS
- Network File System protocol,SCP
- Secure File Copy protocol,TFTP
- Trivial File Transfer Protocol,OEM
- A protocol defined by the manufacturer.
- Added
#HpeComputerSystemExt.v2_11_0.HpeComputerSystemExt
- From iLO 5 v2.72, the
Links
to thePCIDevices
is an array and no longer an object.
- From iLO 5 v2.72, the
Before iLO 5 v2.72:
"Oem": {
"Hpe": {
"Links": {
"PCIDevices": {
"@odata.id": "/redfish/v1/Systems/1/PCIDevices/"
},
},
}
},
From iLO 5 v2.72 onwards:
"Oem": {
"Hpe": {
"Links": {
"PCIDevices": [
{
"@odata.id": "/redfish/v1/Systems/1/PCIDevices/"
}
]
},
}
},
iLO 5 2.70 new features and changes
New URIs
/redfish/v1/Systems/{@systemId}/LogServices/Event/Entries
(GET,POST)#LogEntryCollection.LogEntryCollection
- A Collection of LogEntry resource instances./redfish/v1/Systems/{@systemId}/LogServices/Event/Entries/{@entriesId}
(GET)#LogEntry.v1_11_0.LogEntry
- Defines the record format of a log./redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers
(GET)#StorageControllerCollection.StorageControllerCollection
- A Collection of Storage resource instances./redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/{@StorageControllerId}
(GET)#StorageController.v1_0_0.StorageController
- Describes a storage controller and its properties. The storage controller represents a physical or virtual storage device that produces volumes.AssetTag
: The user-assigned asset tag for the storage controller.CacheSummary
: The portion of the cache memory that is persistent, measured in MiB.ControllerRates
: An object that contains the following properties such asConsistencyCheckRatePercent
(The percentage of controller resources used for performing a data consistency check on volumes),RebuildRatePercent
(the percentage of controller resources used for rebuilding/repairing volumes), andTransformationRatePercent
(the percentage of controller resources used for transforming volumes from one configuration to another).FirmwareVersion
: The firmware version of the storage controller.Identifiers (array)
: An array that contains the following properties such asDurableName
(the world-wide, persistent name of the resource) andDurableNameFormat
(the format of the durable name property).Location
: An object that contains the following properties such asPartLocation
andPlacement
.Manufacturer
: The manufacturer of the storage controller.Model
: The model number of the storage controller.PCIeInterface
: An object that contains the following properties such asLanesInUse
(the number of PCIe lanes in use by the device),MaxLanes
(the number of PCIe lanes that are supported by the device),MaxPCIeType
(the highest version of the PCIe specification supported by the device), andPCIeType
(the version of the PCIe specification in use by the device).PartNumber
: The part number for the storage controller.SKU
: The SKU for the storage controller.SerialNumber
: The serial number for the storage controller.SpeedGbps
: The maximum speed of the storage controller’s device interface.SupportedControllerProtocols (array)
: An array that contains the supported controller protocols such asSAS
,NVMe
,SATA
,USB
, andPCIe
.SupportedDeviceProtocols (array)
: An array that contains the supported device protocols such asSAS
,NVMe
,SATA
,USB
, andPCIe
.SupportedRAIDTypes (array)
: An array that contains the supported RAID types.
HTTP methods - additions and deprecations
No changes have been made to HTTP methods in this release.
Deprecated URIs
No URIs deprecated for this release.
Redfish actions - additions and deprecations
No changes have been made to supported Redfish actions in this release.
Schema updates
Added
StorageController.v1_0_0.StorageController
: Describes a storage controller and its properties. The storage controller represents a physical or virtual storage device that produces volumes.#LogEntry.v1_1_0.LogEntry
updated to#LogEntry.v1_11_0.LogEntry
:- Added
EventId
: The unique instance identifier for an event. - Added
EventTimestamp
: The date and time when the event occurred. - Added
MessageId
toMessageArgs (array)
: The property decodes from the entry type to the following such asMessageId
,Event Data
, orOEM-specific information
. If the entry type isEvent
, the property contains aRedfish Specification-defined MessageId
. If the entry type isSEL
, the property contains theEvent Data
. Otherwise, the property containsOEM-specific information
. - Added
Oem.Hpe.ServiceEvent
: The property indicates a service ticket to be raised for the corresponding event log. - Added
Hpe-Event
in addition toHpe-IML
,Hpe-iLOEventLog
, andHpe-SL
to the format of an OEM record propertyOemRecordFormat
.
- Added
#Storage.v1_7_1.Storage
updated to#Storage.v1_12_0.Storage
:- Added
Controllers
: The set of controllers instantiated by the storage subsystem. - Added
iQN
(The iSCSI Qualified Name),FC_WWN
(the Fibre Channel(FC) World Wide Name(WWN)),NQN
(the NVMe Qualified Name),NGUID
(the Namespace Globally Unique Identifier) as supported values in addition to the Name Address Authority (NAA
) format, the IEEE-defined 64-bit Extended Unique Identifier (EUI
), the Universally Unique Identifier (UUID
) to the format of the durable name propertyDurableNameFormat
inIdentifiers (array)
for storage controllers.
- Added
#Drive.v1_7_0.Drive
:- Added
iQN
(the iSCSI Qualified Name),FC_WWN
(the Fibre Channel(FC) World Wide Name(WWN)),NQN
(the NVMe QualifiedName),NGUID
(the Namespace Globally Unique Identifier) as supported values in addition to the Name Address Authority (NAA
) format, the IEEE-defined 64-bit Extended Unique Identifier (EUI
), the Universally Unique Identifier (UUID
) to the format of the durable name propertyDurableNameFormat
.
- Added
#Manager.v1_5_1.Manager
:- Added
OverrideManager (boolean)
: The property is used to override the existing manager. For example,HPE OneView
.
- Added
#NetworkAdapter.v1_5_0.NetworkAdapter
,#NetworkDeviceFunction.v1_5_0.NetworkDeviceFunction
,#NetworkPort.v1_2_5.NetworkPort
, and#Port.v1_5_0.Port
:- Added
@Redfish.Settings
: Reference to the resource that represents the settings to apply to this object. TheSettings
object property under it displays the settings URI on which user can performPUT
orPATCH
to change config settings. The pending configuration, in most cases, will require some action to be performed for the config change to be applied. For example, changes to theBIOS
configuration require a system reset before they take effect. For more information, see Redfish Specification DSP0266.
- Added
#UpdateService.v1_1_1.UpdateService
: The UpdateService resource describes the Update Service. The resource represents the properties for the service itself and has links to the collections of firmware and software inventory.- Added
OfflineRuntimeBundleUpdate
: Indicates whether iLO supports offline type D installation. The supported values areProductionMode
,ProductionAndHighSecurityMode
, andAllModes
.
- Added
iLO 5 2.65 new features and changes
New URIs
#Port.v1_5_0.Port
- The HPE iLO 5 Redfish service implements the Port schema in this release as the NetworkPort schema will be deprecated in favor of the Port schema. The NetworkPort URIs will work as expected for all future releases from iLO 5 v2.65.
The following resource instances are added in this schema:
/redfish/v1/Chassis/{@ChassisId}/NetworkAdapters/{@nicId}/Ports/{@portId}
(GET,PATCH,POST)/redfish/v1/Chassis/{@ChassisId}/NetworkAdapters/{@nicId}/Ports/{@portId}/Settings
(GET,PATCH): The Settings object returns pending configuration changes on GET, and is used to initiate configuration changes using PATCH./redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/{@ControllerId}/Ports/{@portId}
(GET,PATCH)/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/StorageControllers/{@StorageControllerId}/Ports/{@portId}
(GET,PATCH)redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId}/Ports/{@portId}
(GET,PATCH,POST)/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId}/Ports/{@portId}/Settings
(GET,PATCH): The Settings object returns pending configuration changes on GET, and is used to initiate configuration changes using PATCH.
#Port.v1_5_0.Port
includes the following properties:
ActiveWidth
: The number of active lanes for the interface.CapableProtocolVersions (array)
-CapableProtocolVersions
: An array that contains the following properties:CurrentProtocolVersion
,CurrentSpeedGbps
, andEnabled
.Ethernet
:Ethernet.AssociatedMACAddresses (array)
-AssociatedMACAddresses
: An array that contains the followingEthernet
properties:EEEEnabled
,FlowControlConfiguration
,FlowControlStatus
,LLDPEnabled
,LLDPReceive
object that contains information such asLLDPReceive.ChassisId
,LLDPReceive.ChassisIdSubtype
,LLDPReceive.ManagementAddressIPv4
,LLDPReceive.ManagementAddressIPv6
,LLDPReceive.Ethernet.ManagementAddressMAC
,LLDPReceive.ManagementVlanId
,LLDPReceive.PortId
,LLDPReceive.PortIdSubtype
,LLDPTransmit
object that contains information such asLLDPTransmit.ChassisId
,LLDPTransmit.ChassisIdSubtype
,LLDPTransmit.ManagementAddressIPv4
,LLDPTransmit.ManagementAddressIPv6
,LLDPTransmit.ManagementAddressMAC
,LLDPTransmit.ManagementVlanId
,LLDPTransmit.PortId
,LLDPTransmit.PortIdSubtype
, andWakeOnLANEnabled
.
FibreChannel
:FabricName
,NumberDiscoveredRemotePorts
andPortConnectionType
.
FunctionMaxBandwidth (array)
-FunctionMaxBandwidth
: An array that contains the following properties:FunctionMaxBandwidth[{item}].AllocationPercent
andFunctionMaxBandwidth[{item}].NetworkDeviceFunction
.FunctionMinBandwidth (array)
-FunctionMinBandwidth
: An array that contains the following properties:FunctionMinBandwidth[{item}].AllocationPercent
andFunctionMinBandwidth[{item}].NetworkDeviceFunction
.InterfaceEnabled
: An indication of whether the interface is enabled.LinkConfiguration (array)
: The link width in conjunction with the link speed properties to be used for auto negotiation.LinkConfiguration
is an array that contains the following properties:LinkConfiguration[{item}].AutoSpeedNegotiationCapable
,LinkConfiguration[{item}].AutoSpeedNegotiationEnabled
,LinkConfiguration[{item}].CapableLinkSpeedGbps (array)
-CapableLinkSpeedGbps
: An array that contains the following property:ConfiguredNetworkLinks[{item}].ConfiguredLinkSpeedGbps
, andLinkConfiguration[{item}].ConfiguredNetworkLinks (array)
-ConfiguredNetworkLinks
: An array that contains the following property:ConfiguredNetworkLinks[{item}].ConfiguredWidth
.
LinkNetworkTechnology
: The link network technology capabilities of the port.LinkState
: The preferred link state of the interface.LinkStatus
: The preferred link status of the interface.LinkTransitionIndicator
: The number of link state transitions for the interface.Location
: Represents the part location, location type, and so on.Location.PartLocation
andLocation.PartLocation.LocationOrdinalValue
: The number that represents the location of the part. If LocationType isslot
and the unit is in slot 2, the LocationOrdinalValue is 2.Location.PartLocation.LocationType
,Location.PartLocation.Orientation
,Location.PartLocation.Reference
, andLocation.PartLocation.ServiceLabel
.Location.Placement
,Location.Placement.AdditionalInfo
,Location.Placement.Rack
,Location.Placement.RackOffset
,Location.Placement.RackOffsetUnits
, andLocation.Placement.Row
.
LocationIndicatorActive
: An indicator that allows an operator to locate the resource physically.MaxFrameSize
: The maximum frame size supported by the port.MaxSpeedGbps
: The port’s maximum speed as configured.Oem.Hpe
- HPE OEM properties:Evb
: Edge Virtual Bridging (EVB) information for the port.EvbData
: An object contains information such asReceiving
object,SChannelAssignments
object, andTransmitting
object.Lldp
: Link-Layer Discovery Protocol (LLDP) information for the port.LldpData
: Link-Layer Discovery Protocol (LLDP) data for the port. An object that contains information such asReceiving
object, andTransmitting
object.AutoNegotiationCapable
: Indicates the ability of the network port to automatically negotiate link speed.ConfiguredNetworkLinks (array)
-ConfiguredNetworkLink
: An array that contains the following properties:ConfiguredNetworkLinks[{item}].ConfiguredLinkSpeedGbps
andConfiguredNetworkLinks[{item}].ConfiguredWidth
.PortDiagnosticEnableLocalLoopback
: When true, local loopback is active on the port.Oem.Hpe.PortDiagnosticsEnabled
(When true, diagnostic features are enabled on the port) must first be true in order to set the property to true.PortDiagnosticEnableRemoteLoopback
: When true, remote loopback is active on the port.Oem.Hpe.PortDiagnosticsEnabled
(When true, diagnostic features are enabled on the port) must first be true in order to set the property to true.PortDiagnosticLocalLoopbackCapable
: When true, the port has local loopback capability.PortDiagnosticRemoteLoopbackCapable
: When true, the port has remote loopback capability.PortDiagnosticsEnabled
: When true, diagnostic features are enabled on the port.VirtualFunctionAllocations (array)
-VirtualFunctionAllocation
: An array that contains the following properties:VirtualFunctionAllocations[{item}].NetworkDeviceFunction
andVirtualFunctionAllocations[{item}].VirtualFunctionsAllocated
.
PortId
: The label on the physical package of the port.PortMedium
: The physical connection medium for the port.PortProtocol
: The protocol being sent over the port.PortType
: The type of the port.Settings
: Reference to the resource the client may use PUT/PATCH in order to change the resource.SignalDetected
: Indicates whether a signal is detected at the interface.Width
: The number of lanes, phys, or other physical transport links that the port contains.
#PortCollection.PortCollection
- A Collection of NetworkPort resource instances.
The following resource instances are added in this schema:
/redfish/v1/Chassis/{@ChassisId}/NetworkAdapters/{@nicId}/Ports
(GET)/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId}/Ports
(GET,PATCH,POST)
#SerialInterfaceCollection.SerialInterfaceCollection
The following resource instance is added in this schema:
/redfish/v1/Managers/{@managerId}/SerialInterfaces
(GET): The resource to a collection of serial interfaces that the manager uses for serial and console communication.
#SerialInterface.v1_1_7.SerialInterface
The following resource instance is added in this schema:
/redfish/v1/Managers/{@managerId}/SerialInterfaces/{@sInterfaceId}
(GET,PATCH):InterfaceEnabled
: An indication of whether the interface is enabled.BitRate
: A measure of the rate at which data is received and transmitted over serial connections, specified as bits per second (bit/s).
HTTP methods - additions and deprecations
No changes have been made to HTTP methods for this release.
Deprecated URIs
/redfish/v1/Managers/{@managerId}/SerialInterface
/redfish/v1/Managers/{@managerId}/SerialInterface/{@sInterfaceId}
Redfish actions - additions and deprecations
No changes have been made to supported Redfish actions for this release.
Schema updates
#HpeServerPCISlot.v2_1_0.HpeServerPCISlot
updated to#HpeServerPCISlot.v2_1_1.HpeServerPCISlot
:- Supports
PCIExpressGen5
technology.
- Supports
#NetworkAdapter.v1_4_0.NetworkAdapter
updated to#NetworkAdapter.v1_5_0.NetworkAdapter
:- Added
Ports
: A reference to the collection(s) of physical network ports associated with the network adapter controller.
- Added
#NetworkDeviceFunction.v1_3_0.NetworkDeviceFunction
updated to#NetworkDeviceFunction.v1_5_0.NetworkDeviceFunction
:- Added
AssignablePhysicalNetworkPorts (array)
: An array of references to the physical ports which may be assigned to the network device function. - Added
PhysicalNetworkPortAssignment
: The physical port to which the network device function is currently assigned. - Added
PhysicalPortAssignment
: A reference to the physical port currently assigned to the network device function.
- Added
#NetworkInterface.v1_1_1.NetworkInterface
updated to#NetworkInterface.v1_2_0.NetworkInterface
:- Added
Ports
: A link to a collection ofmembertype
ports. The collection of ports which are available on the network interface.
- Added
#ComputerSystem.v1_10_0.ComputerSystem
(/redfish/v1/systems/{item}
):- Added
Oem.Hpe.AggregateHealthStatus.AggregateServerHealth
: Represents the overall health state.
- Added
#ManagerNetworkProtocol.v1_0_0.ManagerNetworkProtocol
(/redfish/v1/managers/{item}/networkprotocol
):- Added
Oem.Hpe.EnhancedDownloadPerformanceEnabled
: Indicates whether enhanced download for virtual media and firmware update is enabled or disabled.
- Added
#ServiceRoot.v1_5_1.ServiceRoot
(/redfish/v1/
):- Added
Manager[{item}].ExternalManager
: Reports the current external manager of the system.
- Added
iLO 5 2.60 new features and changes
New URIs
HpeAutomaticCertEnrollment
(/redfish/v1/Managers/{@managerId}/SecurityService/AutomaticCertificateEnrollment
(GET, PATCH, POST)) - theHpeAutomaticCertEnrollment
schema supports obtaining and renewing SSL certificate automatically using the Simple Certificate Enrollment Protocol (SCEP).AutomaticCertificateEnrollmentSettings
- theHPEAutomaticCertEnrollment
resource describes the features of Automatic Certificate Enrollment.AutomaticCertificateEnrollmentSettings.CACertificateName
- name of imported CA(Certificate Authority) Certificate which is used to sign the SSL certificate.AutomaticCertificateEnrollmentSettings.CertificateEnrollmentStatus
- Enrollment Status of SSL certificate.AutomaticCertificateEnrollmentSettings.ChallengePassword
- Challenge Password required to complete certificate Enrollment.AutomaticCertificateEnrollmentSettings.ServerUrl
- Link to Certificate Enrollment Server.AutomaticCertificateEnrollmentSettings.ServiceEnabled
- indicates whether the Automatic Certificate Enrollment(ACE) service is enabled.HttpsCertCSRSubjectValue(object)
- city, state, and country code of the organization or company that owns the iLO subsystem, the FQDN of the iLO subsystem, IP addresses in the CSR, along with the unit.
HTTP methods - additions and deprecations
- Added POST for
/redfish/v1/Chassis/{@ChassisId}/Thermal
- Added POST for
/redfish/v1/Systems/{@systemId}/Storage/
- Added POST for
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes/
Deprecated URIs
No URIs deprecated for this release.
Redfish actions - additions and deprecations
HpeAutomaticCertEnrollment.v1_0_0.HpeAutomaticCertEnrollment
Import CA Certificate
- defines a property to import a CA Certificate inHpeAutomaticCertEnrollment
resource.
Schema updates
Memory.json
(/redfish/v1/systems/{item}/memory/{item}
): A memory module is described by a Memory schema.DIMMManufacturingDate
- added date of manufacturing of the module in YYWW (year and week) format in the memory resource.
HpeiLOLicense.json
(/redfish/v1/managers/{item}/licenseservice/{item}
): The License schema describes how to manage BMC licenses based on properties.AutoCertEnroll
- the property enables automatic certificate enrolment and included in HPE iLO License resource.
Thermal.json
(/redfish/v1/chassis/{item}/thermal
): The Thermal schema defines the thermal metrics associated with the system. In other words, it represents the temperature and cooling properties of the system.CriticalTempUserThreshold
- temperature threshold value specified by the user that triggers a critical alert. This property is included in thermal resource.WarningTempUserThreshold
- temperature threshold value that the user sets for the sensor resulting in a warning alert. This property is added inside thermal resource.SetUserTempThreshold
- a user-defined temperature threshold for a PCIe slot temperature sensor. This action is included in thermal resource.
iLO 5 2.55 new features and changes
New URIs
No changes have been made to new URIs for this release.
HTTP methods - additions and deprecations
- Added PATCH for
/redfish/v1/Chassis/{@ChassisId}/NetworkAdapters/{@nicId}
- Added PATCH, POST for
/redfish/v1/Chassis/{@ChassisId}/NetworkAdapters/{@nicId}/NetworkDeviceFunctions/{@pfId}
- Added PATCH for
/redfish/v1/Chassis/{@ChassisId}/NetworkAdapters/{@nicId}/NetworkPorts/{@portId}
- Added PATCH, DELETE, POST for
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}
- Added PATCH, DELETE, POST for
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes/{@volumeId}
- Added PATCH, POST for
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId}/NetworkDeviceFunctions/{@pfId}
- Added PATCH for
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId}/NetworkPorts
- Added PATCH for
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId}/NetworkPorts/{@portId}
Deprecated URIs
No URIs deprecated for this release.
Schema updates
#Drive.v1_1_0.Drive
updated to#Drive.v1_7_0.Drive
#Storage.v1_5_0.Storage
updated to#Storage.v1_7_1.Storage
RDE support changes
Added Redfish Device Enablement (RDE) support for the following URIs and HTTP methods:
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces
(GET)/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId}
(GET)/redfish/v1/Systems/{@systemId}/EthernetInterfaces
(GET)/redfish/v1/Systems/{@systemId}/EthernetInterfaces/{@nicId}
(GET)/redfish/v1/Chassis/{@chassisId}/PCIeDevices
(GET)/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}
(GET)/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions
(GET)/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions/{@PCIeFunctionId}
(GET)
iLO 5 2.42 new features and changes
New URIs
/redfish/v1/CertificateService
(GET, POST)/redfish/v1/CertificateService/CertificateLocations
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/PlatformCert/Certificates
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/PlatformCert/Certificates/{@certId}
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/SystemIAK/Certificates
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/SystemIAK/Certificates/{@certId}
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/SystemIDevID/Certificates
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/SystemIDevID/Certificates/{@certId}
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/iLOIDevID/Certificates
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/iLOIDevID/Certificates/{@certId}
(GET)/redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates
(GET, POST)/redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/{@certId}
(DELETE, GET)
HTTP methods - additions and deprecations
No changes have been made to HTTP methods for this release.
Deprecated URIs
No URIs deprecated for this release.
Redfish actions - additions and deprecations
- Added
/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
- Added
/redfish/v1/Managers/1/ActiveHealthSystem/Actions/HpeiLOActiveHealthSystem.LogMilestone
- Added
/redfish/v1/Managers/1/ActiveHealthSystem/Actions/HpeiLOActiveHealthSystem.CaptureSystemLog
Schema updates
The schema versions listed below correspond to iLO’s schemas which are not aligned to DMTF’s standard Redfish schemas versioning.
#HpePowerMetricsExt.v2_2_0.HpePowerMetricsExt
updated to#HpePowerMetricsExt.v2_3_0.HpePowerMetricsExt
#HpeSecurityService.v2_2_1.HpeSecurityService
updated to#HpeSecurityService.v2_3_1.HpeSecurityService
#HpeiLOActiveHealthSystem.v2_3_0.HpeiLOActiveHealthSystem
updated to#HpeiLOActiveHealthSystem.v2_5_0.HpeiLOActiveHealthSystem
#HpeiLODiagnostics.v2_2_2.HpeiLODiagnostics
updated to#HpeiLODiagnostics.v2_3_0.HpeiLODiagnostics
#NetworkPort.v1_2_0.NetworkPort
updated to#NetworkPort.v1_2_5.NetworkPort
#Processor.v1_0_0.Processor
updated to#Processor.v1_7_2.Processor
#SoftwareInventory.v1_0_0.SoftwareInventory
updated to#SoftwareInventory.v1_2_0.SoftwareInventory
iLO 5 2.33 new features and changes
New URIs
/redfish/v1/Chassis/{@chassisId}/PCIeDevices
(GET)/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions
(GET)/redfish/v1/Managers/{@managerId}/RemoteSupportService/ExtSettings
(GET, PATCH, POST)/redfish/v1/Managers/{@managerId}/SerialInterface
(GET)/redfish/v1/Managers/{@managerId}/SerialInterface/{@sInterfaceId}
(GET, PATCH)/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Drives/{@driveId}
(GET, PATCH, POST)/redfish/v1/Systems/{@systemsId}/SecureEraseReportService
(GET, POST)/redfish/v1/Systems/{@systemsId}/SecureEraseReportService/SecureEraseReportEntries
(GET)/redfish/v1/Systems/{@systemsId}/SecureEraseReportService/SecureEraseReportEntries/{@entryId}
(GET)
HTTP methods - additions and deprecations
- Added DELETE to
/redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/{@certId}
- Added PATCH to
/redfish/v1/Chassis/{@ChassisId}/Thermal
Deprecated URIs
/redfish/v1/Chassis/{@chassisId}/Drives/{@driveId}
Redfish actions - additions and deprecations
- Added
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Drives/{@driveId}/Actions/Drive.Reset
- Added
/redfish/v1/Systems/1/SecureEraseReportService/Actions/HpeSecureEraseReportService.DeleteSecureEraseReport
Schema updates
The schema versions listed below correspond to iLO’s schemas which are not aligned to DMTF’s standard Redfish schemas versioning.
#AccountService.v1_3_0.AccountService
updated to#AccountService.v1_5_0.AccountService
#Chassis.v1_6_0.Chassis
updated to#Chassis.v1_10_2.Chassis
#ComputerSystem.v1_4_0.ComputerSystem
updated to#ComputerSystem.v1_10_0.ComputerSystem
#HpeNetworkPortEVB.v1_1_1.HpeNetworkPortEVB
updated to#HpeNetworkPortEVB.v1_2_0.HpeNetworkPortEVB
#HpeNetworkPortLLDP.v1_1_1.HpeNetworkPortLLDP
updated to#HpeNetworkPortLLDP.v1_2_0.HpeNetworkPortLLDP
#HpeRemoteSupport.v2_4_0.HpeRemoteSupport
updated to#HpeRemoteSupport.v2_6_0.HpeRemoteSupport
#HpeSecurityService.v2_2_0.HpeSecurityService
updated to#HpeSecurityService.v2_2_1.HpeSecurityService
#HpeiLOSnmpService.v2_2_0.HpeiLOSnmpService
updated to#HpeiLOSnmpService.v2_3_0.HpeiLOSnmpService
#ManagerAccount.v1_1_3.ManagerAccount
updated to#ManagerAccount.v1_3_0.ManagerAccount
#MemoryChunks.v1_2_2.MemoryChunks
updated to#MemoryChunks.v1_2_3.MemoryChunks
#NetworkAdapter.v1_3_0.NetworkAdapter
updated to#NetworkAdapter.v1_4_0.NetworkAdapter
RDE support changes
Added Redfish Device Enablement (RDE) support for the following URIs and HTTP methods:
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters
(GET)/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}
(GET)/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkPorts
(GET)/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkPorts/{@portId}
(GET)/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkDeviceFunctions
(GET)/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkDeviceFunctions/{@pfId}
(GET)/redfish/v1/Systems/{@systemId}/Storage/
(GET)/redfish/v1/Systems/{@systemId}/Storage/{@storageId}
(GET)/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Drives/{@driveId}
(GET)/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes
(GET)/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes/{@volumeId}
(GET)
BIOS Redfish changes (GEN 10 to GEN 10 Plus)
New URIs
/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Serverconfiglock
(GET)/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Serverconfiglock/Settings
(GET, PATCH)/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Serverconfiglock/Baseconfigs
(GET)/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Kmsconfig
(GET)/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Kmsconfig/Settings
(GET)/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Kmsconfig/Baseconfigs
(GET)
Migrated URIs
/redfish/v1/Systems/{item}/Bios/baseconfigs
moved to/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Baseconfigs
/redfish/v1/Systems/{item}/Bios/boot
moved to/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Boot
/redfish/v1/Systems/{item}/Bios/boot/Settings
moved to/redfish/v1/Systems/{item}/Bios/Oem/Hpe/Boot/Settings
iLO 5 2.30 new features and changes
AccountService.json
(/redfish/v1/AccountService
)LDAP.Certificates
: Added a link to a collection of certificates used for the external account service.
Chassis.json
(/redfish/v1/Chassis/{@ChassisId}/
)PCIeDevices
: Added a link to thePCIeDeviceCollection
located in the chassis.PCIeSlots
: Added a link to the PCIe slot properties for the chassis.
Drive.json
(/Systems/{@systemId}/Storage/{@storageId}/Drives/{@driveId}
)Drive.Reset
: Added action to reset a drive.IndicatorLED
: Added a state of the indicator LED.
HpeComputerSystemExt.json
(/redfish/v1/Systems/{@systemId}
)CriticalTempRemainOff
: Added a property that indicates whether server should remain off after a thermal shutdown is triggered.PostState
: Added an enumerated type toInPostDiscoveryStart
for a server that has started to discover devices.
HpeiLOServiceExt.json
(/redfish/v1/root
)VNIC
: Added a virtual USB network interface to BMC name.SYSMGMT
: Added the System Management Experience property.
HpeiLOSnmpService.json
(/redfish/v1/Managers/{@managerId}/SnmpService
)SNMPv1Enabled
: This new property indicates if the SNMPv1 protocol is enabled.
HpeiLOUpdateServiceExt.json
(/redfish/v1/UpdateService
)Capabilities
: Added a property that indicates iLO support for various firmware update protocols.Capabilities.UpdateFWPKG
: Added a property insideCapabilities
. The property indicates whether iLO supports FWPKG 2.0 firmware images.Capabilities.PLDMFirmwareUpdate
: Added a property insideCapabilities
. The property indicates whether iLO supports PLDM firmware updates.Accept3rdPartyFirmware
: Added a property that enables or disables support for third-party firmware update packages.
HpeMemoryExt.json
(/redfish/v1/Systems/{@systemId}/Memory
)PartNumber
: Added a property for the HPE product part number of the device.
HpeNetworkAdapter.json
(/redfish/v1/Chassis/{@ChassisId}/NetworkAdapters/{@nicId}
)Controllers[x].RDMASupport
: AddedRDMASupport
to controller array. RDMA technology supported. [RoCE
/iWARP
].Controllers[x].UnderlyingDataSource
: AddedUnderlyingDataSource
to controller array. It is the protocol through which Redfish data is supplied for the adapter. [RDE
/DCi
]. Where x is the controller index.
HpeRemoteSupport.json
(/Managers/{@managerId}/RemoteSupportService
)MessageId
: Added a property for a unique message identifier in UUID format used to match the registration with the request. It is returned in the submission package SOAP envelope header.ExternalAgentName
: Added a property for the name of the external remote support agent.
HpeServerPCISlot.json
(/Systems/{@systemId}/PCISlots/{@PciSlotsId}
)Technology
: Added enumerated typePCIExpressGen4
.
HpeThermalExt.json
(/Chassis/{@ChassisId}/Thermal
)FanPercentMinimum
: Added a system-wide setting for fan speed minimum percentage.ThermalConfiguration
: Added a property that selects the fan cooling method for the system.OptimalCooling
: Added a property that provides the most efficient solution by configuring fan speeds to the minimum required to provide adequate cooling.IncreasedCooling
: Added a property that operates fans at a higher speed.MaximumCooling
: Added a property that provides the maximum cooling available for the system.EnhancedCooling
: Added a property that provides additional cooling to the processors, which can improve performance.
ManagerAccount.json
(/redfish/v1/AccountService/Accounts/@AccountId
)PasswordChangeRequired
: Added a property that indicates that the password for the account must be changed. The service requires the password to be changed before access is allowed.
Storage.json
(/Systems/{@systemId}/Storage/{@storageId}
)FirmwareVersion
: Added a property for the firmware version of the storage controller.Location
: Added a property for the location of the storage controller.
Thermal.json
(/Chassis/{@ChassisId}/Thermal
)UpperThresholdUser
: Added a property for the user-given threshold values for inlet ambient temperature.
HpeRemoteSupportSettingsExt
(/Managers/{@managerId}/RemoteSupportService/ExtSettings
)ChangeExternalControlMode
: Added an action to enable or disable remote support by external agent.RemoteSupportEnabled
: Added a property that indicates if the remote support service is available.ConnectModel
: Added the remote support connect model typeDirectConnect
/CentralConnect
.AdditionalERSConfigurations
: Added a property that shows settings, such as IML mode, sending Active Health System (AHS) followed by a service event and the IML severity level in aGet ERS
settings response.ImlMode
: Added a property that enables or disables the IML mode. It also indicates if the IML mode is enabled.ServiceEventAttachAHS
: Added a property that indicates if the AHS log transmission follows a service event.DirectConnectRegistrationIsCompleted
: Added a property for step 2 of Direct Connect Registration completion status.ExternalAgentName
: Added a property that indicates the name of the external remote support agent.IMLSeverityLevels
: Added a property that lists the IML severity levels available to Insight Remote Support (IRS).
HpeSecureEraseReport.json
(/Systems/{@systemsId}/SecureEraseReportService/SecureEraseReportEntries/{@entryId}
) The new report describes the secure erase status and the other details of the devices during the secure system erase operation.DeviceType
: Added a property that indicates the device type being securely erased.EraseType
: Added a property that indicates the NIST SP800-88 Rev.1 (National Institute of Standards and Technology) approved techniques to sanitize a particular media or device.EraseStatus
: Added a property that indicates the secure erase status of the individual components.DeviceIdentifier
: Added a property that indicates the unique identifier for the device in the system like it’s physical location or the exact device path etc.SerialNumber
: Added a property that indicates the serial number of the device being erased.EraseStartTime
: Added a property that indicates the date and time of the start of secure erase operation, ISO8601 Redfish-style time.EraseEndTime
: Added a property that indicates the date and time of the end of secure erase operation, ISO8601 Redfish-style time.
HpeSecureEraseReportService.json
(/redfish/v1/Systems/{@systemsId}/SecureEraseReportService
)DeleteSecureEraseReport
: (/redfish/v1/Systems/{@systemsId}/SecureEraseReportService/Actions/HpeSecureEraseReportService.DeleteSecureEraseReport
): Permanently removes the erase report in a secure manner and resets the management processor immediately.ServerSerialNumber
: Added a property that represents the server serial number.EraseInitiatedBy
: Added a property that indicates the user, who initiated the secure system erase process.Links
: Added a property that indicates the URIs to the resource related toHpeSecureEraseReport
.
PCIeDevice.json
(/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}
): It represents the properties of a PCIe Device attached to a System.DeviceType
: Added a property that indicates the device type for the PCIe device.FirmwareVersion
: Added a property that indicates the version of firmware for the PCIe device.Links
: Added a property that indicates the links to other resources that are related to the resource.Manufacturer
: Added a property that indicates the manufacturer of the PCIe device.Model
: Added a property that indicates the model number for the PCIe device.PCIeFunctions
: Added a property that indicates the link to the collection of PCIe functions associated with the PCIe device.PCIeInterface
: Added a property that that indicates the type that defines a PCI interface.PCIeInterface.LanesInUse
: Added a property that indicates the number of PCIe lanes in use by the device.PCIeInterface.MaxLanes
: Added a property that indicates the number of PCIe lanes supported by the device.PCIeInterface.MaxPCIeType
: Added a property that indicates the highest version of the PCIe specification supported by the device.PCIeInterface.PCIeType
: Added a property that indicates the version of the PCIe specification in use by the device.PartNumber
: Added a property that indicates the part number for the PCIe device.SKU
: Added a property that indicates the SKU for the PCIe device.SerialNumber
: Added a property that indicates the serial number for the PCIe device.
PCIeFunction.json
(/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions/{@PCIeFunctionId}
): This new resource represents a PCIe function attached to a system.ClassCode
: Added a property that indicates the class code of the PCIe function.DeviceClass
: Added a property that indicates the class for the PCIe function.DeviceId
: Added a property that indicates the device ID of the PCIe function.FunctionId
: Added a property that indicates the PCIe function number.RevisionId
: Added a property that indicates the revision ID of the PCIe function.SubsystemId
: Added a property that indicates the subsystem ID of the PCIe function.SubsystemVendorId
: Added a property that indicates the subsystem vendor ID of the PCIe function.VendorId
: Added a property that indicates the vendor ID of the PCIe function.
PCIeSlots.json
: (/Chassis/{@chassisId}/PCIeSlots
): ThePCIeSlots
schema describes PCIe slot properties.Slots
: Added a property that indicates the array of PCI Slot information.Slots.HotPluggable
: Added a property that indicates whether a PCIe slot supports a hotplug.Slots.Lanes
: Added a property that indicates the number of PCIe lanes supported by the slot.Slots.Location
: Added a property that indicates the location of the PCIe slot.Slots.PCIeType
: Added a property that indicates the PCIe specification supported by the slot.Slots.SlotType
: Added a property that indicates the PCIe slot type for a slot.Status
: Added a property that indicates the status of a PCIe slot.
iLO 5 2.10 new features and changes
Redfish features and fixes
- ComputerSystem (
/redfish/v1/Systems/{@systemsid}
) and sub-resources- Added
GracefulShutdown
to theComputerSystem
ResetType
list - the performs a virtual button press if the system is on and does nothing if the system of off. - Added Redfish
BootOptions
for boot order management - Changed
ResetBios
action to not require aResetType
property to conform to the Redfish standard action, which is parameterless. NOTE: The Redfish client must still supply and empty JSON object{}
as a request body. - Added
Status/HealthRollup
toComputerSystem
- the has the same value asHealth
and is provided for compatibility. - Added
InterfaceEnabled
to all hostEthernetInterfaces
- Added
- Chassis (
/redfish/v1/Chassis/{@chassisid}
)- Added
IndicatorLED
property toChassis
- Added
PowerState
toChassis
resource - Added
AssetTag
- Added
- Manager (
/redfish/v1/Managers/{@Managers}
)- Added
GracefulRestart
andForceRestart
ResetType
allowable values to Manager (iLO reset) - Added
DateTime
andDateTimeLocalOffset
- Added
Model
- Added
Status/Health
- Added
- NVMe Drives
- Added support for
Drive::PCIeInterface
information for NVMe drives (when data is available) - Added
DurableName
andDurableNameFormat
to NVMeDrive
resources
- Added support for
- Other
- Added
ClearingLogic
to iLO Redfish Events registry - Added and/or modified the descriptions of many schema for conformity
- Updated message registries to conform to MessageRegistry.v1_2_0 schema
- Updated the Base registry messages to include newer messages from Redfish standard Base registry.
- Changed schema items with
"format": "uri"
to"format": "uri-reference"
to match Redfish 2019.1 - Removed X_HP-CHRP-Service-Version HTTP header in responses
- Added
TransferProtocol@Redfish.AllowableValues
toUpdateService
- Changed some properties in the API to not trigger Redfish events when they change to reduce event chattiness
- Renamed from
NetworkAdapter.FlushConfigurationToNVM
toHpeNetworkAdapter.FlushConfigurationToNVM
inHpeNetworkAdapter.json
(/redfish/v1/Chassis/1/NetworkAdapters/xxxx
). InvokingNetworkAdapter.FlushConfigurationToNVM
instructs the network adapter to save its configuration state to non-volatile storage. This optional action may not be supported by all devices. Support is indicated by a target present in a GET response.
- Added
HPE OEM features
Added new OEM actions to ComputerSystem to enable special modes on reboot
ServerIntelligentDiagnosticsMode
RestoreManufacturingDefaults
ServerSafeMode
RestoreSystemDefaults
Added the ability to set
EndOfPostDelaySeconds
to > 255 seconds. When PATCHed >255, it is internally converted to whole minutes (rounded up) and reported as the rounded seconds on GET. This enables a client to support up to 15300 seconds (255 minutes).
iLO 5 1.40 new features and changes
iLO 5 1.40 adds support for several Redfish features:
- Redfish 1.6 support for the OpenAPI standard
- Support for the
?only
query parameter for easier access to key data - Directory Services Configuration (
ExternalAccountProvider
) - Local account roles (
Role
) - TelemetryService support for CPU utilization (
TelemetryService
) - Persistent Memory support (
MemoryDomains
andMemoryChunks
) - Improved
EthernetInterfaces
implementation for iLO’s network - Redfish host interface
Additionally, it includes support for new iLO 5 1.40 features:
- One-button secure erase (in
ComputerSystem
HPE OEM schema) - iLO Configuration Backup and Restore (new
HpeiLOBackupRestoreService
HPE OEM schema) - Configuration support for firmware downgrade policy (in
UpdateService
HPE OEM schema) - Workload Performance advisor (new
HpeWorkloadPerformanceAdvisor
HPE OEM schema)
Redfish 1.6 and OpenAPI
iLO 5 version 1.40 and later is conformant with the new Redfish 1.6 requirement to fix certain resource URIs in the data model.
Several resource URIs have been changed to conform to Redfish 1.6. A properly written Redfish client which traverses the data model and finds the URIs dynamically should not be affected, but clients which make assumptions about URIs may require modifications.
Trailing slashes on URIs
iLO 5 versions prior to 1.40 would return an HTTP 308 Redirect back to clients who requested URIs without a trailing slash. Clients must follow 308 Redirect to the alternate URI (the same URI path with a trailing slash.) In order to conform to Redfish 1.6, iLO 5 1.40 changes the behavior and aliases the same resources at both URIs. Requesting a URI with or without a trailing slash will return similar results with the exception that URIs in the returned data will be different. GETs of URIs with trailing slash will return links (@odata.id) with trailing slashes, and GETs of URIs without trailing slashes will return links without trailing slashes.
Version | Behavior |
---|---|
1.10-1.3x | GET /redfish/v1/Systems redirects (308) to /redfish/v1/Systems/ |
1.40-later | GET /redfish/v1/Systems returns result similar to GET /redfish/v1/Systems/ |
Changed URIs
The following URIs have changed in iLO 5 1.40 and later to conform to Redfish 1.6:
Old URI in iLO 5 1.10-1.3x | New URI Required by Redfish 1.6 |
---|---|
/redfish/v1/Chassis/{chassisId}/Drives/{interface}/{driveId} |
/redfish/v1/Chassis/{systemId}/Drives/{driveId} |
/redfish/v1/Systems/{systemId}/Storage/{interface}/{storageId} |
/redfish/v1/Systems/{systemId}/Storage/{storageId} |
/redfish/v1/Systems/{systemId}/Storage/{interface}/{storageId}/Volumes/{volumeId} |
/redfish/v1/Systems/{systemId}/Storage/{storageId}/Volumes/{volumeId} |
/redfish/v1/Systems/{systemId}/NetworkInterfaces/{nId}/NetworkDeviceFunctions/{ndfId} |
/redfish/v1/Chassis/{chassisId}/NetworkAdapters/{nId}/NetworkDeviceFunctions/{ndfId} |
/redfish/v1/Systems/{systemId}/NetworkInterfaces/{nicId}/NetworkPorts/{nportId} |
/redfish/v1/Chassis/{chassisId}/NetworkAdapters/{Id}/NetworkPorts/{nportId} |
/redfish/v1/Schemas/{Id}/ |
/redfish/v1/JsonSchemas/{Id} |
/redfish/v1/Schemas/ |
/redfish/v1/JsonSchemas |
/redfish/v1/Managers/{managerId}/NetworkService/ |
/redfish/v1/Managers/{managerId}/NetworkProtocol |
New ?only
Query Parameter
Starting in iLO 5 1.40, appending ?only
to GETs on single-member collections returns the one and only member instead. This is a convenient and efficient way to get to important data faster.
GET /redfish/v1/Systems?only
returns the one and only ComputerSystem
resource instead of the collection that includes it.
This works for collections that have only one member. Otherwise the GET returns the collection as if the query parameter was omitted.
Getting Started
Tips for Using the RESTful API
The RESTful API for HPE iLO is available on ProLiant Gen10 servers running iLO 5 1.10 or later with the iLO Standard license, although some features in the data might not be available without an Advanced license.
To access the RESTful API, you need an HTTPS-capable client, such as a web browser with the Postman REST Client plugin extension or cURL (a popular command line HTTP utility).
RESTful Interface Tool and Python Examples
Although not a requirement, you can use the RESTful Interface Tool with the RESTful API. This command line tool provides a level of abstraction and convenience above direct access to the RESTful API. For details see: http://www.hpe.com/info/restfulapi.
**Python: See ex1_functionname() in the Python example code. This means look for the specified function name in the python example code.
Also, Hewlett Packard Enterprise published example Python code that implements a number of common operations in a RESTful API client. This code can be downloaded at https://github.com/HewlettPackard/python-ilorest-library. In some cases the examples in this document may refer to examples in the Python code with this notation:
If you prefer not to implement a client in Python, this serves as a good pseudocode implementing the logic required to perform an operation.
Example REST API operation with cURL
> curl https://{iLO}/redfish/v1/ -i --insecure -L
- -i returns HTTP response headers
- –insecure bypasses TLS/SSL certification verification
- -L follows HTTP redirect
The above command returns JSON like this:
{
"@odata.context": "/redfish/v1/$metadata#ServiceRoot",
"@odata.etag": "W/\"B869D8CC\"",
"@odata.id": "/redfish/v1/",
"@odata.type": "#ServiceRoot.v1_1_0.ServiceRoot",
"AccountService": {
"@odata.id": "/redfish/v1/AccountService/"
},
"Chassis": {
"@odata.id": "/redfish/v1/Chassis/"
},
"EventService": {
"@odata.id": "/redfish/v1/EventService/"
},
"Id": "v1",
"JsonSchemas": {
"@odata.id": "/redfish/v1/Schemas/"
},
"Links": {
"Sessions": {
"@odata.id": "/redfish/v1/SessionService/Sessions/"
}
},
"Managers": {
"@odata.id": "/redfish/v1/Managers/"
},
"Name": "HPE RESTful Root Service",
"Oem": {
"Hpe": {
"@odata.type": "#HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt",
"Links": {
"ResourceDirectory": {
"@odata.id": "/redfish/v1/ResourceDirectory/"
}
},
"Manager": [
{
"DefaultLanguage": "en",
"FQDN": "edited",
"HostName": "ILO",
"Languages": [
{
"Language": "en",
"TranslationName": "English",
"Version": "1.10"
}
],
"ManagerFirmwareVersion": "1.10",
"ManagerType": "iLO 5"
}
],
"Moniker": {
"ADVLIC": "iLO Advanced",
"BMC": "iLO",
"BSYS": "BladeSystem",
"CLASS": "Baseboard Management Controller",
"IPROV": "Intelligent Provisioning",
"PRODABR": "iLO",
"PRODFAM": "Integrated Lights-Out",
"PRODGEN": "iLO 5",
"PRODNAM": "Integrated Lights-Out 5",
"PRODTAG": "HPE iLO 5",
"STDLIC": "iLO Standard",
"SUMGR": "Smart Update Manager",
"SYSFAM": "ProLiant",
"VENDABR": "HPE",
"VENDNAM": "Hewlett Packard Enterprise",
"WWW": "www.hpe.com",
"WWWAHSV": "www.hpe.com/servers/ahsv",
"WWWBMC": "www.hpe.com/info/ilo",
"WWWDOC": "www.hpe.com/support/ilo-docs",
"WWWERS": "www.hpe.com/services/getconnected",
"WWWGLIS": "reserved for liconf URI",
"WWWIOL": "www.hpe.com/info/insightonline",
"WWWLIC": "www.hpe.com/info/ilo/licensing",
"WWWPASS": "www.hpe.com/support/hpesc",
"WWWPRV": "www.hpe.com/info/privacy",
"WWWSUP": "www.hpe.com/support/ilo5",
"WWWSWLIC": "www.hpe.com/software/SWLicensing"
},
"Sessions": {
"CertCommonName": "edited",
"CertificateLoginEnabled": false,
"KerberosEnabled": false,
"LDAPAuthLicenced": true,
"LDAPEnabled": false,
"LocalLoginEnabled": true,
"LoginFailureDelay": 0,
"LoginHint": {
"Hint": "POST to /Sessions to login using the following JSON object:",
"HintPOSTData": {
"Password": "password",
"UserName": "username"
}
},
"SecurityOverride": false,
"ServerName": "edited"
},
"Time": "2017-04-03T05:05:01Z"
}
},
"RedfishVersion": "1.0.0",
"Registries": {
"@odata.id": "/redfish/v1/Registries/"
},
"SessionService": {
"@odata.id": "/redfish/v1/SessionService/"
},
"Systems": {
"@odata.id": "/redfish/v1/Systems/"
},
"UUID": "edited",
"UpdateService": {
"@odata.id": "/redfish/v1/UpdateService/"
}
}
Let’s perform our first GET operation using the RESTful API. We will do an HTTP GET on the iLO HTTPS port, typically port 443 (although it could be different if you have previously configured iLO to use another port). Your client should be prepared to handle the HTTPS certificate challenge. The interface is not available over open HTTP (port 80), so you must use HTTPS.
Our GET operation will be against a resource at /redfish/v1/
(with a trailing slash):
It is best to perform this initial GET with a tool like the CURL or the Postman REST Client mentioned above. Later you will want to do this with your own scripting code, but for now it’s useful to see the HTTP header information exchanged using a browser.
CURL is a command line utility available for many Operating Systems that enables easy access to the RESTful API. CURL is available at https://curl.se. Note that all the CURL examples will use a flag –insecure. This causes CURL to bypass validation of the HTTPS certificate. In real use iLO should be configured to use a user-supplied certificate and this option is not necessary. Notice also that we use the –L option to force CURL to follow HTTP redirect responses. If iLO changes URI locations for various items, it can indicate to the client where the new location is and automatically follow the new link.
In JSON, there is no strong ordering of property names, so iLO may return JSON properties in any order. Likewise, iLO cannot assume the order of properties in any submitted JSON. This is why the best scripting data structure for a RESTful client is a dictionary: a simple set of unordered key/value pairs. This lack of ordering is also the reason you see embedded structure within objects (objects within objects). This allows us to keep related data together that is more logically organized, aesthetically pleasing to view, and helps avoid property name conflicts or ridiculously long property names. It also allows us to use identical blocks of JSON in many places in the data model, like status.
HTTP Resource Operations
Operation | HTTP Command | Description |
---|---|---|
Create | POST resource URI (payload = resource data) | Creates a new resource or invokes a custom action. A synchronous POST returns the newly created resource. |
Read | GET resource URI | Returns the requested resource representation. |
Update | PATCH or PUT resource URI (payload = update data) | Updates an existing resource. You can only PATCH properties that are marked readonly = false in the schema. |
Delete | DELETE resource URI | Deletes the specified resource. |
HTTP Status Return Codes
Return Status | Description |
---|---|
2xx | Successful operation. |
308 | The resource has moved |
4xx | Client-side error with message returned |
5xx | iLO error with error message returned |
Navigating the Data Model
The Redfish API is designed to be implemented on many different models of servers and other IT infrastructure devices for years to come. These devices may be quite different from one another. For this reason, the Redfish API does not specify the URIs to various resources. For example, a client cannot assume the BIOS version information is always at a particular URI.
This is more complex for the client, but is necessary to make sure the data model can change to accommodate various future server architectures without requiring specification changes. As an example, if the BIOS version is at /redfish/v1/Systems/1
, and a client assumed it is always there, the client would then break when the interface is implemented on a different type of architecture with many compute nodes, each with its own BIOS version, or on other vendor implementations.
Redfish 1.6 (iLO 5 1.40 or later) URI Templates
As of Redfish 1.6, a number of resource types have URI template specifications to be compatible with OpenAPI 3.0. Please see the Redfish 1.6 CSDL schema for details on URI templates for specific types.
A client must still perform GET operations on a Redfish API service in order to discover what resources are available. For instance, just because a Chassis has a template of /redfish/v1/Chassis/{ChassisId}
means that a client must still GET /redfish/v1/Chassis
in order to find the valid values of {ChassisId}
.
Iterating Collections
curl https://{iLO}/redfish/v1/systems/ -i --insecure -u username:password -L
import sys
import redfish
# When running remotely connect using the iLO address, iLO account name,
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix='/redfish/v1')
# Login into the server and create a session
REDFISH_OBJ.login(auth="session")
# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/systems/", None)
# Print out the response
sys.stdout.write("%s\n" % response)
# Logout of the current session
REDFISH_OBJ.logout()
JSON response example:
{
"@odata.id": "/redfish/v1/systems/",
"@odata.context": "/redfish/v1/$metadata/",
"@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
"Members@odata.count": 1,
"Members": [
{
"@odata.id": "/redfish/v1/systems/1/"
}
]
}
Many operations will require you to locate the resource you wish to use. Most of these resources are members of “collections” (arrays of similar items). The method to find collections members is consistent for compute nodes, chassis, management processors, and many other resources in the data model.
Find a Compute Node
curl https://{host}/redfish/v1/systems/{item}/ -i --insecure -u username:password -L
import sys
import redfish
# When running remotely connect using the iLO address, iLO account name,
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix='/redfish/v1')
# Login into the server and create a session
REDFISH_OBJ.login(auth="session")
# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/systems/{item}/", None)
# Print out the response
sys.stdout.write("%s\n" % response)
# Logout of the current session
REDFISH_OBJ.logout()
JSON response example:
{
"@odata.context": "/redfish/v1/$metadata#Systems/Members/$entity",
"@odata.id": "/redfish/v1/Systems/1/",
"@odata.type": "#ComputerSystem.1.0.1.ComputerSystem",
...
...
"SerialNumber": "Kappa",
"Status": {
"Health": "Warning",
"State": "Enabled"
},
"SystemType": "Physical",
"UUID": "00000000-0000-614B-7070-610000000000"
}
A Compute node represents a logical computer system with attributes such as processors, memory, BIOS, power state, firmware version, etc. To find a compute node GET /redfish/v1/systems
and iterate the “Members” array in the returned JSON. Each member has a link to a compute node.
Find a compute node by iterating the systems collection at /redfish/v1/systems/
.
You can then GET the compute node, PATCH values, or perform Actions.
Find a Chassis
curl https://{host}/redfish/v1/chassis/{item}/ -i --insecure -u username:password -L
import sys
import redfish
# When running remotely connect using the iLO address, iLO account name,
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix='/redfish/v1')
# Login into the server and create a session
REDFISH_OBJ.login(auth="session")
# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/chassis/{item}/", None)
# Print out the response
sys.stdout.write("%s\n" % response)
# Logout of the current session
REDFISH_OBJ.logout()
JSON response example:
{
"@odata.context": "/redfish/v1/$metadata#Chassis/Members/$entity",
"@odata.id": "/redfish/v1/Chassis/1/",
"@odata.type": "#Chassis.1.0.0.Chassis",
"ChassisType": "RackMount",
...
...
"Status": {
"Health": "Warning",
"State": "Enabled"
},
"Thermal": {
"@odata.id": "/redfish/v1/Chassis/1/Thermal/"
}
}
A Chassis represents a physical or virtual container of compute resources with attributes such as FRU information, power supplies, temperature, etc. To find a chassis GET /redfish/v1/chassis
and iterate the “Members” array in the returned JSON. Each member has a link to a chassis.
Find a chassis by iterating the chassis collection at /redfish/v1/chassis/
.
You can then GET the chassis, PATCH values, or perform Actions.
Find the iLO 5 Management Processor
curl https://{host}/redfish/v1/managers/{item}/ -i --insecure -u username:password -L
import sys
import redfish
# When running remotely connect using the iLO address, iLO account name,
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix='/redfish/v1')
# Login into the server and create a session
REDFISH_OBJ.login(auth="session")
# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/managers/{item}/", None)
# Print out the response
sys.stdout.write("%s\n" % response)
# Logout of the current session
REDFISH_OBJ.logout()
JSON response example:
{
"@odata.context": "/redfish/v1/$metadata#Managers/Members/$entity",
"@odata.id": "/redfish/v1/Managers/1/",
"@odata.type": "#Manager.1.0.0.Manager",
...
...
"Status": {
"State": "Enabled"
},
"UUID": null,
"VirtualMedia": {
"@odata.id": "/redfish/v1/Managers/1/VirtualMedia/"
}
}
A Manager represents a management processor (or “BMC”) that manages chassis and compute resources. For HPE Gen10 Servers, the manager is iLO 5. Managers contain attributes such as networking state and configuration, management services, security configuration, etc. To find a manager GET /redfish/v1/managers
and iterate the “Members” array in the returned JSON. Each member has a link to a chassis.
Find a manager by iterating the manager collection at /redfish/v1/managers/
.
You can then GET the manager, PATCH values, or perform Actions.
Authentication and Sessions
The following shows the error displayed on
GET /redfish/v1/systems/
when no authentication is attempted:
401 Forbidden
{
"error": {
"@Message.ExtendedInfo": [
{
"MessageId": "Base.1.0.NoValidSession"
}
],
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information."
}
}
If you perform an HTTP operation on any other resource other than the root /redfish/v1/
resource, you will receive an HTTP 401 (Forbidden)
error indicating that you don’t have the authentication needed to access the resource.
Basic Authentication
curl https://{iLO}/redfish/v1/systems/ -i --insecure -u username:password -L
import sys
import redfish
# When running remotely connect using the iLO address, iLO account name,
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix='/redfish/v1')
# Login into the server and create a session
REDFISH_OBJ.login(auth="basic")
# Logout of the current session
REDFISH_OBJ.logout()
The RESTful API allows you to use HTTP Basic Authentication using a valid iLO user name and password.
Creating and Using Sessions
curl -H "Content-Type: application/json" -H "OData-Version: 4.0" -X POST --data "@data.json" https://{iLO}/redfish/v1/SessionService/Sessions/ --insecure
import redfish
# When running remotely connect using the iLO address, iLO account name,
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix='/redfish/v1')
# Login into the server and create a session
REDFISH_OBJ.login(auth="session")
Contents of data.json
{
"UserName": "<your username>",
"Password": "<your password>"
}
Successful headers from iLO:
Cache-Control: no-cache
Connection: keep-alive
Content-length: 163
Content-type: application/json; charset=utf-8
Date: Tue, 14 Jun 2016 22:23:39 GMT
ETag: W/"C84E3EA9"
Link: </redfish/v1/SessionService/Sessions/{item}/>; rel=self
Location: https://{iLO}/redfish/v1/SessionService/Sessions/{item}/
OData-Version: 4.0
Server: HPE-iLO-Server/1.30
X-Auth-Token: c3c5f437f94bc24428fe930bbf50904f
X-Frame-Options: sameorigin
X_HP-CHRP-Service-Version: 1.0.3
Successful response from iLO:
{
"error": {
"@Message.ExtendedInfo": [
{
"MessageID": "Base.0.10.Created"
}
],
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information."
}
}
For more complex multi-resource operations, you should log in and establish a session. To log in, iLO has a session manager object at the documented URI /redfish/v1/sessions/
. To create a session POST a JSON object to the Session manager:
If the session is created successfully, you receive an HTTP 201 (Created) response from iLO. There will also be two important HTTP response headers.
X-Auth-Token Your session token (string). This is a unique string for your login session. It must be included as a header in all subsequent HTTP operations in the session.
Location The URI of the newly created session resource. iLO allocates a new session resource describing your session. This is the URI that you must DELETE against in order to log out. If you lose this location URI, you can find it by crawling the HREF links in the Sessions collection. Store this URI to facilitate logging out.
Using a Session
To use a session, simply include the X-Auth-Token
header supplied by the login response in all REST requests.
Log Out of a Session
curl -X "DELETE" https://{iLO}/redfish/v1/SessionService/Sessions/{item}/ -u admin:password --insecure
import redfish
# When running remotely connect using the iLO address, iLO account name,
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix='/redfish/v1')
# Login into the server and create a session
REDFISH_OBJ.login(auth="session")
# Logout of the current session
REDFISH_OBJ.logout()
iLO supports a limited number of simultaneous sessions. If you do not log out of a session it will expire automatically after a time of inactivity. However, it is good practice to log out when finished with a session.
To log out perform an HTTP DELETE
to the URI that was returned in the “Location” header when you created the session.
Performing Actions
Example of a system resource advertising an available action:
{
"Actions": {
"#ComputerSystem.Reset": {
"ResetType@Redfish.AllowableValues": [
"On",
"ForceOff",
"ForceRestart",
"Nmi",
"PushPowerButton"
],
"target": "/redfish/v1/Systems/1/Actions/ComputerSystem.Reset"
}
}
}
This action may be invoked by performing:
curl --header "Content-Type: application/json" --request POST --data '{"ResetType": "ForceRestart"}' https://{iLO}/redfish/v1/Systems/1/Actions/ComputerSystem.Reset -u username:password --insecure
REST resources usually support HTTP GET to read the current state, and some support modification and removal with HTTP POST, PUT, PATCH, or DELETE.
There are some resources that support other types of operations not easily mapped to HTTP operations. For this reason the Redfish specification defines “Actions”. Actions are HTTP POST operations with a specifically formatted JSON request including the operation to perform and any parameters. For instance, it is not enough to simply tell a server to reset, but it is also necessary to specify the type of reset: cold boot, warm boot, PCI reset, etc. Actions are often used when the operation causes iLO 5 not just to update a value, but to change system state.
In Redfish, the available actions that can be invoked are identified by a “target” property in the resource’s “Actions” object definitions. The parameters identify the supported values with the annotation @Redfish.AllowableValues.
Actions on HPE-specific Extensions
Actions on HPE-specific extensions are invoked in the same way. Find the target
URI for the action and POST a JSON request with parameters.
curl --header "Content-Type: application/json" --request POST --data '{"PushType": "PressAndHold"}' https://{iLO}//redfish/v1/Systems/1/Actions/Oem/Hpe/HpeComputerSystemExt.PowerButton/ -u username:password --insecure
The embedded extensions may also have Actions not specified by the Redfish standard. They are invoked in a similar way. The POST URI may include indicate the HPE specific nature of the action.
The older pre-Redfish form of the Action invocation requires you to specify "Target": "/Oem/Hp"
as one of the properties in the body of the request.
It is recommended that you use the Redfish version of the action invocation.
Adapting from iLO 4
This section is a guide to help client code adapt from the iLO 4 RESTful API to the iLO 5 RESTful API.
Introduction
The iLO 5 RESTful API is fully conformant with Redfish. Any remaining support for the pre-Redfish iLO RESTful API has been removed and is replaced by the Redfish equivalents. HPE continues to extend the Redfish data model to enable value for the customer.
iLO 5 has the following additions not implemented in iLO 4:
- HPE Embedded Remote Support
- HPE Persistent Memory
- HPE Smart Storage and Logical drive configuration
- Redfish 1.6 OpenAPI 3.0 support (URIs conform to Redfish 1.6 templates)
- Redfish Advanced Communication Device (NetworkAdapter) model for certain network adapters
- Redfish Directory Authentication configuration
- Redfish Firmware Inventory and
UpdateService
- Redfish Role based local user administration
- Redfish Storage/Drive/Volume model for NVMe and other direct attached storage
- Redfish TaskService for long running operations
- Redfish Telemetry service for CPU metrics
- Redfish host Interface (“Virtual NIC”)
- Workload Performance Advisor
- iLO 5 Backup and Restore configuration
- iLO 5 Certificate based authentication configuration
- iLO 5 Component Update Repository
- iLO 5 Firmware Recovery Set
- iLO 5 One-button secure erase
Chunked Transfer Encoding
Unlike iLO 4, iLO 5 responds to all HTTP operations using Chunked Transfer Encoding. This enables features like $expand
that require very large responses.
URI Remapping from /rest to /redfish
For iLO 5 all accesses of the /rest/v1/x
URI pattern result in HTTP 308 redirect to /redfish/v1/x/
. Additionally, access of /redfish/v1/x
redirects to /redfish/v1/x/
.
OData-Version HTTP Header Requirements
iLO 5 assumes all requests are to Redfish REST resources are Redfish requests. Unlike iLO 4, the service does not behave differently based upon the presence or absence of the OData-Version
header.
This is a change from iLO 4 where the presence of the OData-Version
header caused iLO 4 to remove pre-Redfish properties from GET responses.
The only required header for a GET operation is the authorization (X-Auth-Token
or Authorization
) header, except for the root resource at /redfish/v1/
which requires no headers.
Oem/Hp Sections Renamed to Oem/Hpe
As part of the transition from HP to HPE, and due to the Redfish requirement that the Oem section name reflect an owned IANA name, all Oem section names are changed from Hp to Hpe.
iLO 4 example:
{
"Oem": {
"Hp": {
"@odata.type": "#HpiLOServiceExt.1.0.0.HpiLOServiceExt"
}
}
}
iLO 5 example:
{
"Oem": {
"Hpe": {
"@odata.type": "#HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt"
}
}
}
Schema Type Changes
To preserve OData conformance, Redfish transitioned the format of @odata.type properties, and iLO 5 follows this change. The type.<major>.<minor>.<errata>.type
format has changed to type.v<major>_<minor>_<errata>.type
. Also, the type name cannot be parsed programmatically and should be considered opaque. To determine the version of a resource, do not split the type/version by the ‘.’ delimiter.
For example:
iLO | @odata.type Format |
---|---|
iLO 4 | "@odata.type": "ComputerSystem.1.0.0.ComputerSystem" |
iLO 5 | "@odata.type": "ComputerSystem.v1_1_0.ComputerSystem" |
Status Block Changes
The pre-Redfish property HealthRollUp
is removed in iLO 5 and HealthRollup
is retained.
iLO 4 example:
{
"Status": {
"State": "Starting",
"Health": "OK",
"HealthRollup": "OK",
"HealthRollUp": "OK"
}
}
iLO 5 example:
{
"Status": {
"State": "Starting",
"Health": "OK",
"HealthRollup": "OK"
}
}
Error and Response Changes
HTTP Operation responses in iLO 5 are Redfish conformant and pre-Redfish properties are removed.
iLO 4 example (without the Redfish conformant OData-Version header):
{
"Messages": [
{
"MessageID": "Base.0.10.MalformedJSON"
}
],
"Type": "ExtendedError.1.0.0",
"error": {
"@Message.ExtendedInfo": [
{
"MessageID": "Base.0.10.MalformedJSON"
}
],
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information."
}
}
iLO 5 Redfish example:
{
"error": {
"@Message.ExtendedInfo": [
{
"MessageId": "Base.0.10.MalformedJSON"
}
],
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information."
}
}
POST Actions
In Redfish, an “Actions” property informs the client which actions are supported on a resource and how to invoke them.
Advertising Available Actions
iLO 4 contained a pre-Redfish form of this with "AvailableActions"
. This is now removed and replaced in iLO 5 with Redfish "Actions"
.
iLO 4 example of advertised action:
{
"AvailableActions": [
{
"Action": "Reset",
"Capabilities": [
{
"AllowableValues": [
"On",
"ForceOff",
"ForceRestart",
"Nmi",
"PushPowerButton"
],
"PropertyName": "ResetType"
}
]
}
]
}
iLO 5 example of advertised action:
{
"Actions": {
"#ComputerSystem.Reset": {
"target": "/redfish/v1/Systems/1/Actions/ComputerSystem.Reset",
"ResetType@Redfish.AllowableValues": [
"On",
"ForceOff",
"GracefulRestart",
"ForceRestart",
"Nmi",
"GracefulRestart",
"ForceOn",
"PushPowerButton"
]
}
}
}
Invoking Actions
iLO 4 action invoke example:
POST /rest/v1/Systems/1
{
"Action": "Reset",
"ResetType": "On"
}
iLO 5 action invoke example:
POST /redfish/v1/Systems/1/Actions/ComputerSystem.Reset
{
"ResetType": "On"
}
Note that the URI of the POST matches the "target"
property in "Actions"
.
OData query options
Redfish is an OData-derived protocol and data model with resources linking to other resources using @odata.id
:
{"@odata.id": "/redfish/v1/link_to_some_other_resource"}
The iLO 5 Redfish implementation offers several OData services aiming at facilitating the the consumption of data by Redfish clients.
As an example, the OData "$expand"
query option causes the OData service to automatically replace a link with the results of an internal GET of the indicated URI. This is essential to allow the API to scale for clients. An example use case is to expand an event log to return the log entries inline with the collection and reduce the number of GETs required by the client.
Examples of client requests to expand (in the general OData case) looks like:
GET /redfish/v1/some_resource?$expand=*($levels=1)
- Expand any references 1 level. Levels is assumed to be 1 by default so this is the same asGET /redfish/v1/some_resource?$expand=*
GET /redfish/v1/some_resource?$expand=*($levels=3)
- Expand any references 3 levels deep. This case could require loop detection (For example, system expanding a link to chassis expanding a link back to system).GET /redfish/v1/some_resource?$expand=.
- Expand any references EXCEPT those found under the Links section.GET /redfish/v1/some_resource?$expand=./Oem/Hpe
- Expand any references found in the Oem/Hpe section of the resource.
OData query options supported by iLO 5 are presented below along with use case examples.
iLO 5 $expand
Using the rules above, iLO 5 supports $expand
in this way:
$expand
is applicable to HTTP GET only.
$expand=.
, $expand=*
, and $expand=($levels=n)
result in the same behavior:
* Expands all links in both root and Oem/Hpe sections not inside the Links
sections.
* Levels is always interpreted as 1, regardless of n. This is to avoid the potential for expanding recursively for interlinked resources.
* The Links
section is never expanded. This is to avoid expanding the Chassis and Manager related links on GET operations to System.
NOTES:
- The root resource at
/redfish/v1/
is available without authentication and has navigational links that can be expanded. An $expand request does not result in expansion unless valid authentication credentials are supplied. - There might be other links that do not support expand.
iLO 5 $expand
example
See the example in the right pane.
GET /redfish/v1/Chassis
(a collection without$expand
query option)
{
"@odata.context": "/redfish/v1/$metadata#Chassis",
"@odata.etag": "W/\"C2E4D1CC\"",
"@odata.id": "/redfish/v1/Chassis/",
"@odata.type": "#ChassisCollection.ChassisCollection",
"Description": "Computer System Chassis View",
"MemberType": "#Chassis.v1_2_0.Chassis",
"Members": [
{
"@odata.id": "/redfish/v1/Chassis/1/"
}
],
"Members@odata.count": 1,
"Name": "Computer System Chassis"
}
GET /redfish/v1/Chassis?$expand=.
(a collection with$expand
abbreviated for clarity)
{
"@odata.context": "/redfish/v1/$metadata#Chassis",
"@odata.etag": "W/\"C2E4D1CC\"",
"@odata.id": "/redfish/v1/Chassis/",
"@odata.type": "#ChassisCollection.ChassisCollection",
"Description": "Computer System Chassis View",
"MemberType": "#Chassis.v1_2_0.Chassis",
"Members": [
{
"@odata.context": "/redfish/v1/$metadata#Chassis/Members/$entity",
"@odata.etag": "W/\"5D370742\"",
"@odata.id": "/redfish/v1/Chassis/1/",
"@odata.type": "#Chassis.v1_2_0.Chassis",
"ChassisType": "RackMount",
"Id": "1",
"Manufacturer": "HPE",
"Model": "ProLiant ML350 Gen10",
"Name": "Computer System Chassis",
"SKU": "SKU NUMBER",
"SerialNumber": "SERIAL NUMBER",
"Status": {
"Health": "OK",
"State": "Starting"
}
}
],
"Members@odata.count": 1,
"Name": "Computer System Chassis"
}
iLO 5 only
query option
iLO 5 1.40 and later supports the only
query parameter documented in the Redfish API specification. This query parameter is ignored except on collections with only one member. Examples include the ComputerSystemCollection
, ChassisCollection
, and ManagerCollection
.
iLO 5 only
example
GET /redfish/v1/Chassis?only
(JSON output is abbreviated)
{
"@odata.context": "/redfish/v1/$metadata#Chassis.Chassis",
"@odata.etag": "W/\"E85F6E4B\"",
"@odata.id": "/redfish/v1/Chassis/1/",
"@odata.type": "#Chassis.v1_6_0.Chassis",
"Id": "1",
"ChassisType": "RackMount",
}
iLO 5 $filter
query option
The odata.org official site defines the $filter
query as the following:
“The $filter
system query option allows clients to filter a collection of resources that are addressed by a request URL. The expression specified with $filter
is evaluated for each resource in the collection, and only items where the expression evaluates to true are included in the response.”
Six logical operators (Equals, Not Equals, Greater Than…) can be applied to the $filter
query. They are defined in the OData specifications.
iLO 5 $filter
examples
See the examples in the right pane.
Retrieve “iLO Dedicated Network Interface” properties (output abbreviated): GET
/redfish/v1/Managers/1/EthernetInterfaces?$filter=Name eq 'Manager Dedicated Network Interface'
{
"@odata.context": "/redfish/v1/$metadata#EthernetInterfaceCollection.EthernetInterfaceCollection",
"@odata.etag": "W/\"2D50600F\"",
"@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces",
"@odata.type": "#EthernetInterfaceCollection.EthernetInterfaceCollection",
"Description": "Configuration of Manager Network Interfaces",
"Name": "Manager Network Interfaces",
"Members": [
{
"@odata.context": "/redfish/v1/$metadata#EthernetInterface.EthernetInterface",
"@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/1",
"@odata.type": "#EthernetInterface.v1_4_1.EthernetInterface",
"Id": "1",
"AutoNeg": true,
"DHCPv4": {
"DHCPEnabled": false,
"UseDNSServers": false,
"UseDomainName": false,
"UseGateway": false,
"UseNTPServers": false,
"UseStaticRoutes": false
},
....
"VLAN": {
"VLANEnable": false,
"VLANId": null
}
}
],
"Members@odata.count": 1
}
Filter IML entries by key (output abbreviated): GET
/redfish/v1/Systems/1/LogServices/IML/Entries?$filter=Oem.Hpe.Severity eq 'Repaired'
{
"@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
"@odata.etag": "W/\"C97C370E\"",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Integrated Management Logs view",
"Name": "Integrated Management Logs view",
"Members": [
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/3",
"@odata.type": "#LogEntry.v1_11_0.LogEntry",
"Id": "3",
"Created": "2022-05-17T12:30:50Z",
"EntryType": "Oem",
"Message": "HPE Ethernet 1Gb 4-port 331i Adapter - NIC Connectivity status changed to OK for adapter in slot 0, port 1",
"Name": "Integrated Management Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
"Categories": [
"Hardware"
],
"Class": 17,
"ClassDescription": "Network",
"Code": 10,
"Count": 1,
"EventNumber": 57,
"LearnMoreLink": "http://www.hpe.com/support/class0x0011code0x000a-gen10",
"RecommendedAction": "If the connection is lost, then check the physical connection from the server to its destination device such as interconnect ,blade, switch etc, including any cables. Refer to the NIC issues flowchart in the Troubleshooting Guide for more information.",
"Repaired": true,
"Severity": "Repaired",
"Updated": "2022-05-17T12:30:50Z"
}
},
"OemRecordFormat": "Hpe-IML",
"Severity": "OK"
},
....
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/28",
"@odata.type": "#LogEntry.v1_11_0.LogEntry",
"Id": "28",
"Created": "2022-05-23T06:36:51Z",
"EntryType": "Oem",
"Message": "HPE Ethernet 1Gb 4-port 331i Adapter - NIC Connectivity status changed to OK for adapter in slot 0, port 1",
"Name": "Integrated Management Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
"Categories": [
"Hardware"
],
"Class": 17,
"ClassDescription": "Network",
"Code": 10,
"Count": 1,
"EventNumber": 82,
"LearnMoreLink": "http://www.hpe.com/support/class0x0011code0x000a-gen10",
"RecommendedAction": "If the connection is lost, then check the physical connection from the server to its destination device such as interconnect ,blade, switch etc, including any cables. Refer to the NIC issues flowchart in the Troubleshooting Guide for more information.",
"Repaired": true,
"Severity": "Repaired",
"Updated": "2022-05-23T06:36:51Z"
}
},
"OemRecordFormat": "Hpe-IML",
"Severity": "OK"
}
],
"Members@odata.count": 25
}
Filter IML entries by date (output abbreviated): GET
/redfish/v1/Systems/1/LogServices/IML/Entries?$filter=Created gt '2022-03-05T07:49:50Z'
{
"@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
"@odata.etag": "W/\"C8B694E6\"",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Integrated Management Logs view",
"Name": "Integrated Management Logs view",
"Members": [
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1",
"@odata.type": "#LogEntry.v1_11_0.LogEntry",
"Id": "1",
"Created": "2022-05-13T14:41:40Z",
"EntryType": "Oem",
"Message": "IML Cleared (iLO user: demopaq)",
"Name": "Integrated Management Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
"Categories": [
"Maintenance",
"Administration"
],
"Class": 33,
"ClassDescription": "Maintenance",
"Code": 1,
"Count": 1,
"EventNumber": 55,
"Severity": "Informational",
"Updated": "2022-05-13T14:41:40Z"
}
},
"OemRecordFormat": "Hpe-IML",
"Severity": "OK"
},
....
],
"Members@odata.count": 28
}
iLO 5 $count
query option
The $count
system query option allows clients to request a count of the matching resources included with the resources in the response.
iLO 5 $count
example
Retrieve the total number of Security log entries: GET
/redfish/v1/systems/1/logservices/SL/Entries?$count=true
{
"@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
"@odata.etag": "W/\"75983E8D\"",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Security Logs view",
"Name": "Security Logs",
"Members": [],
"Members@odata.count": 31
}
iLO 5 $top
and $skip
query options
The $top
system query option requests the number of items in the queried collection to be included in the result. The $skip
query option requests the number of items in the queried collection that are to be skipped and not included in the result.
iLO 5 $top
and $skip
examples
Retrieve the top ten IML log entries (output abbreviated): GET
/redfish/v1/Systems/1/LogServices/IML/Entries?$top=10
{
"@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
"@odata.etag": "W/\"FFCD0D20\"",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Integrated Management Logs view",
"Name": "Integrated Management Logs view",
"Members": [
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1",
"@odata.type": "#LogEntry.v1_11_0.LogEntry",
"Id": "1",
"Created": "2022-05-13T14:41:40Z",
"EntryType": "Oem",
"Message": "IML Cleared (iLO user: demopaq)",
"Name": "Integrated Management Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
"Categories": [
"Maintenance",
"Administration"
],
"Class": 33,
"ClassDescription": "Maintenance",
"Code": 1,
"Count": 1,
"EventNumber": 55,
"Severity": "Informational",
"Updated": "2022-05-13T14:41:40Z"
}
},
"OemRecordFormat": "Hpe-IML",
"Severity": "OK"
},
....
],
"Members@odata.count": 10
}
Skip 21 entries: last 10 entries when
Members@odata.count
is 28 (Output abbreviated): GET/redfish/v1/Systems/1/LogServices/IML/Entries?$skip=18
{
"@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
"@odata.etag": "W/\"2B9C6986\"",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Integrated Management Logs view",
"Name": "Integrated Management Logs view",
"Members": [
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/19",
"@odata.type": "#LogEntry.v1_11_0.LogEntry",
"Id": "19",
"Created": "2022-05-18T14:55:37Z",
"EntryType": "Oem",
"Message": "HPE Ethernet 1Gb 4-port 331i Adapter - NIC Connectivity status changed to OK for adapter in slot 0, port 1",
"Name": "Integrated Management Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
"Categories": [
"Hardware"
],
...
"Severity": "Repaired",
"Updated": "2022-05-18T14:55:37Z"
}
},
"OemRecordFormat": "Hpe-IML",
"Severity": "OK"
},
...
],
"Members@odata.count": 10
}
iLO 5 Data Model Changes
ServiceRoot (/redfish/v1/
)
Time
The pre-Redfish REST API on iLO 4 had a Time
property representing the current iLO time. Redfish did not include this, so iLO 5 adds it back in the Oem/Hpe section. This is a Redfish conformant time property (ISO 8601).
iLO 4 example of
Time
:
{
"@odata.context": "/redfish/v1/$metadata#ServiceRoot",
"@odata.id": "/redfish/v1/",
"@odata.type": "#ServiceRoot.v1_0_0.ServiceRoot",
"Time": "ISO 8601 time (iLO's current time)"
}
iLO 5 example of
Time
:
{
"@odata.context": "/redfish/v1/$metadata#ServiceRoot",
"@odata.id": "/redfish/v1/",
"@odata.type": "#ServiceRoot.v1_0_0.ServiceRoot",
"Oem": {
"Hpe": {
"@odata.type": "#HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt",
"Time": "ISO 8601 time (iLO's current time)"
}
}
}
RedfishVersion
ServiceVersion
has been removed and replaced with RedfishVersion
for Redfish conformance.
ComputerSystem (/redfish/v1/systems/{item}
)
Boot Source Override
- Two new boot source override values are supported by the UEFI BIOS in Gen10. Both of these are added to BootSourceOverrideTarget@Redfish.AllowableValues. Both of these are only supported in UEFI Boot Mode (not legacy mode).
SDCard
for booting to SD card. Only available when boot mode is UEFI.UefiHttp
for UEFI HTTP Boot. Only available when boot mode is UEFI.
iLO 5 implements a more complete Redfish Boot Source Override capability
{
"Boot": {
"BootSourceOverrideEnabled": "Disabled",
"BootSourceOverrideMode": "UEFI",
"BootSourceOverrideTarget": "None",
"BootSourceOverrideTarget@Redfish.AllowableValues": [
"None",
"Pxe",
"Floppy",
"Cd",
"Usb",
"Hdd",
"BiosSetup",
"Utilities",
"Diags",
"UefiTarget",
"SDCard",
"UefiHttp"
],
"UefiTargetBootSourceOverride": "None",
"UefiTargetBootSourceOverride@Redfish.AllowableValues": [
"None",
"PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Scsi(0x0,0x0)/HD(2,GPT,383D95E0-472A-48F1-8445-2A436025C81C,0x96800,0x31800)/\\EFI\\Microsoft\\Boot\\bootmgfw.efi",
"UsbClass(0xFFFF,0xFFFF,0xFF,0xFF,0xFF)",
"PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Scsi(0x0,0x0)",
"PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A50822E0,0x0)/IPv4(0.0.0.0)",
"PciRoot(0x1)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A5086560,0x0)/IPv4(0.0.0.0)",
"PciRoot(0x0)/Pci(0x3,0x2)/Pci(0x0,0x0)/MAC(3464A99332A0,0x0)/IPv4(0.0.0.0)",
"PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A50822E0,0x0)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)",
"PciRoot(0x1)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A5086560,0x0)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)",
"PciRoot(0x0)/Pci(0x3,0x2)/Pci(0x0,0x0)/MAC(3464A99332A0,0x0)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)"
]
}
}
TrustedModules (TPM)
The existing HPE-specific TrustedModules (TPM) sub-object is replaced with the new Redfish-defined version.
iLO 4 example
{
"Oem": {
"Hp": {
"@odata.type": "#HpComputerSystemExt.1.1.2.HpComputerSystemExt",
"TrustedModules": [
{
"Status": "NotPresent"
}
]
}
}
}
iLO 5 example
{
"TrustedModules": [
{
"FirmwareVersion": "3.1",
"ModuleType": "TPM2_0",
"Status": {
"Health": "OK",
"State": "Enabled"
}
}
]
}
SecureBoot Link
The link to the SecureBoot resource is added as defined in Redfish in place of the existing HPE-specific link. See SecureBoot section for more details.
iLO 4 example SecureBoot link
{
"Oem": {
"Hp": {
"@odata.type": "#HpComputerSystemExt.1.1.2.HpComputerSystemExt",
"SecureBoot": {
"@odata.id": "/redfish/v1/Systems/1/SecureBoot/"
}
}
}
}
iLO 5 example SecureBoot link
{
"SecureBoot": {
"@odata.id": "/redfish/v1/Systems/1/SecureBoot/"
}
}
Bios
The link to the Bios resource is added as defined in Redfish in place of the existing HPE-specific OEM link. See UEFI BIOS section for more details.
iLO 4 example Bios link
{
"Oem": {
"Hp": {
"@odata.type": "#HpComputerSystemExt.1.1.2.HpComputerSystemExt",
"BIOS": {
"@odata.id": "/redfish/v1/systems/1/bios/"
}
}
}
}
iLO 5 example Bios link
{
"Bios": {
"@odata.id": "/redfish/v1/Systems/1/Bios"
}
}
Other
The following properties have been removed in iLO 5 for Redfish conformance:
* Version
* VirtualSerialNumber
* HostCorrelation
- See replacement HostOS
described below.
* BIOSPostCode
* Power
(replaced by PowerState
)
* Processors
is now a link to the Processors collection instead of a summary description of the CPUs.
* Memory
(replaced by MemorySummary
)
If the server has a running operating system and HPE Agentless Management Service is installed and running, a new "HostOS"
object is included in ComputerSystem with information about the OS:
/Oem/Hpe/HostOS:
- OsName
- OsVersion
- OsDescription
UEFI BIOS Standard Redfish Support
iLO5 supports Redfish standard BIOS Attributes and BIOS Attribute Registry resources that replace the HPE proprietary versions used in iLO4. The following is a summary of all BIOS resources changes in Gen10 / iLO5:
Resource Type | iLO 4 / Gen9 | iLO 5 / Gen10 |
---|---|---|
BIOS current settings | HpBios.1.2.0 | #Bios.v1_0_0.Bios |
BIOS pending settings | HpBios.1.2.0 | #Bios.v1_0_0.Bios |
BIOS Attribute Registry | HpBiosAttributeRegistrySchema.1.2.1 | #AttributeRegistry.v1_0_0.AttributeRegistry |
BIOS PCI Mappings | HpBiosMapping.1.2.0 | #HpeBiosMapping.v2_0_0.HpeBiosMapping |
UEFI Boot Order | HpServerBootSettings.1.3.1 | #HpeServerBootSettings.v2_0_0.HpeServerBootSettings |
Base Config (BIOS defaults) | HpBaseConfigs.0.10.0 | #HpeBaseConfigs.v2_0_0.HpeBaseConfigs |
UEFI iSCSI Software Initiator | HpiSCSISoftwareInitiator.1.1.0 | #HpeiSCSISoftwareInitiator.v2_0_0.HpeiSCSISoftwareInitiator |
BIOS Extensions Schema | None | #HpeBiosExt.v2_0_0.HpeBiosExt |
BIOS Current/Pending Settings Resources
- All BIOS attributes resources switch from HP OEM type (HpBios.1.2.0) to Redfish standard type (Bios.1.0.0).
- All BIOS Attributes name/value pairs that are referenced in the Attribute Registry are moved from the top level of the resource to be grouped under an “Attributes” Redfish property.
- New Actions on BIOS resources.
- ResetBios to reset BIOS configuration to defaults.
- ChangePassword to change BIOS passwords.
BIOS Attribute Access
Redfish moves the system-specific BIOS attributes from the top level of the resource into an Attributes sub-object:
iLO 4 BIOS Settings Example:
{
"AdminEmail": "",
"AdminName": "",
"AdminPhone": ""
}
iLO 5 BIOS Settings Example:
{
"Attributes": {
"AdminEmail": "",
"AdminName": "",
"AdminPhone": ""
}
}
Reset Bios Settings (NEW)
UEFI BIOS Supports a new POST Action to reset settings.
iLO 5 Reset BIOS Settings Action
{
"Actions": {
"#Bios.ResetBios": {
"target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios/"
}
}
}
POST /redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios/
no body
Change BIOS Password (NEW)
UEFI BIOS Supports a new Redfish POST Action to change the BIOS password.
iLO 5 Set/Change BIOS Setup Password Actions
{
"Actions": {
"#Bios.ChangePassword": {
"target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ChangePassword/"
}
}
}
POST /redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ChangePassword/
{
"PasswordName": "Administrator | User",
"OldPassword" : "OldPasswordText",
"NewPassword" : "NewPasswordText"
}
Settings Result Report
The result of applying new settings is Redfish conformant in iLO 5.
iLO 4 example:
{
"SettingsResult": {
"ETag": "92EB7D02",
"Messages": [
{
"MessageArgs": [
"test"
],
"MessageID": "Base.1.0:PropertyUnknown"
},
{
"MessageArgs": [],
"MessageID": "Base.1.0:Success"
}
],
"Time": "2012-03-07T14:44.30-05:00"
}
}
iLO 5 example:
{
"@Redfish.Settings": {
"@odata.type": "#Settings.v1_0_0.Settings",
"ETag": "92EB7D02",
"Messages": [
{
"MessageId": "Base.1.0.PropertyUnknown",
"RelatedProperties": [
"#/Attributes/ProcTurboMode"
]
},
{
"MessageId": "Base.1.0.Success"
}
],
"SettingsObject": {
"@odata.id": "/redfish/v1/Systems/1/Bios/Settings"
},
"Time": "2012-03-07T14:44.30-05:00"
}
}
Changes to BIOS Attribute Enum Values
Attribute names/enum values cannot start with digits, per OData requirements.
iLO 4 example:
{
"AsrTimeoutMinutes": "10",
"SerialConsoleBaudRate": "115200",
}
iLO 5 example:
{
"AsrTimeoutMinutes": "TimeOut10",
"SerialConsoleBaudRate": "Baud115200",
}
Redfish conformant HPE Links
With a Redfish conformant BIOS resource structure, some HPE-specific links are moved into an HPE specific section.
iLO 4 example:
{
"links": {
"BaseConfigs": {
"href": "/rest/v1/systems/1/bios/BaseConfigs"
},
"Boot": {
"href": "/rest/v1/systems/1/bios/Boot"
},
"Mappings": {
"href": "/rest/v1/systems/1/bios/Mappings"
},
"Settings": {
"href": "/rest/v1/systems/1/bios/Settings"
},
"iScsi": {
"href": "/rest/v1/systems/1/bios/iScsi"
},
"self": {
"href": "/rest/v1/systems/1/bios"
}
}
}
iLO 5 example of HPE-specific links:
{
"Links": {
"Oem": {
"Hpe": {
"@odata.type": "#HpeBiosExt.v2_0.0.HpeBiosExt",
"BaseConfigs": {
"@odata.id": "/redfish/v1/Systems/1/BIOS/BaseConfigs"
},
"Boot": {
"@odata.id": "/redfish/v1/Systems/1/BIOS/Boot"
},
"Mappings": {
"@odata.id": "/redfish/v1/Systems/1/BIOS/Mappings"
},
"iScsi": {
"@odata.id": "/redfish/v1/Systems/1/BIOS/iScsi"
}
}
}
}
}
Bios Attribute Registry
All BIOS attribute registry resources have switched from HP OEM type (HpBiosAttributeRegistrySchema.1.2.1) to Redfish standard object (AttributeRegistry.v1_0_0).
Other BIOS HPE OEM Resources
Existing BIOS HPE OEM Resources
All the remaining HPE OEM resources remain similar to iLO 4, except for following:
- Includes the Redfish conformance changes
- Major version change to v2_0_0
The impacted resources are:
HpeBiosMapping
HpeServerBootSettings
HpeBaseConfigs
HpeiSCSISoftwareInitiator
New BIOS HPE OEM Resources
The following new HPE BIOS OEM resources are added in iLO5:
HpeBiosExt.v2_0_0.HpeBiosExt
- Provider HPE BIOS OEM extensions toBIOS.v1_0_0 resource
, specifically in thelinks.Oem
property.
BIOS Password Authentication HTTP Header
iLO4 requires a special HTTP header when BIOS Admin password is programmed to be included in all PUT/PATCH requests on BIOS resources. This header is removed from iLO5. Instead, all access to BIOS resources requires ConfigureBios iLO privilege.
Header | iLO 4 / Gen9 | iLO 5 / Gen10 |
---|---|---|
X-HPRESTFULAPI-AuthToken | A string consisting of the uppercase SHA256 hex digest of the administrator password. In Python this is hashlib.sha256(bios_password.encode()).hexdigest().upper(). | None - Access to BIOS resources require iLO account with the ConfigureBios Privilege. |
Software/Firmware Inventory and Update
Gen9 FirmwareInventory (/redfish/v1/systems/{item}/firmwareinventory
) is removed and replaced with the new Redfish firmware inventory /redfish/v1/UpdateService/FirmwareInventory
and /redfish/v1/UpdateService/SoftwareInventory
.
Gen9 HpiLOFirmwareUpdate (/redfish/v1/managers/{item}/updateservice
) is also removed in favor of the new Redfish update service /redfish/v1/UpdateService
.
A Redfish conformant UpdateService has been added at /redfish/v1/UpdateService
. This includes the following:
- Firmware Inventory.
- Software Inventory (when AMS is running on the Host Operating System).
- SimpleUpdate action to update firmware from a URI.
Additionally, the UpdateService
is extended with:
- Component repository to host smart components on the iLO Repository.
- Task queue to update the system via iLO, UEFI, and SUM/SUT.
- Install Sets to organize sequences of update operations.
SecureBoot (/redfish/v1/systems/{item}/secureboot)
The HpSecureBoot
status and configuration resource has been replaced with the Redfish conformant version. The SecureBoot
properties change from iLO 4 2.30+ to iLO 5 as follows:
iLO 4
SecureBoot
settings example:
{
"@odata.context": "/redfish/v1/$metadata#Systems/Members/1/SecureBoot$entity",
"@odata.id": "/redfish/v1/Systems/1/SecureBoot/",
"@odata.type": "#HpSecureBoot.1.0.0.HpSecureBoot",
"Id": "SecureBoot",
"Name": "SecureBoot",
"ResetAllKeys": false,
"ResetToDefaultKeys": false,
"SecureBootCurrentState": false,
"SecureBootEnable": false
}
iLO 5
SecureBoot
settings example:
{
"@odata.context": "/redfish/v1/$metadata#Systems/1/SecureBoot",
"@odata.id": "/redfish/v1/Systems/1/SecureBoot",
"@odata.type": "#SecureBoot.v1_0_0.SecureBoot",
"Actions": {
"#SecureBoot.ResetKeys": {
"ResetKeysType@Redfish.AllowableValues": [
"ResetAllKeysToDefault",
"DeleteAllKeys",
"DeletePK"
],
"target": "/redfish/v1/Systems/1/SecureBoot/Actions/SecureBoot.ResetKeys"
}
},
"Id": "SecureBoot",
"Name": "UEFI Secure Boot",
"SecureBootCurrentBoot": "Disabled",
"SecureBootEnable": false,
"SecureBootMode": "UserMode"
}
An action exists to reset keys. The ResetKeysType
value can be the following:
DeleteAllKeys
ResetAllKeysToDefault
DeletePK
iLO 5 Reset Secure Boot Keys
POST /redfish/v1/Systems/1/SecureBoot/Actions/SecureBoot.ResetKeys/
{
"ResetKeysType": "DeleteAllKeys"
}
Memory and NVDIMM Support
iLO 5 replaces iLO 4’s HpMemory
DIMM information with the Redfish conformant Memory
schema.
Host Correlation Removed
iLO 4 had a pre-Redfish property in the ComputerSystem
resource called HostCorrelation
designed to enable easy discovery of host MAC and IP addresses. This was not included in the Redfish standard, and is removed in iLO 5 for conformance reasons.
iLO 4
HostCorrelation
:
{
"HostCorrelation": {
"HostMACAddress": [
"14:58:d0:d3:10:ca",
"14:58:d0:d3:10:cb"
],
"HostName": "some-host-name",
"IPAddress": [
"ip-address available if AMS is installed and running",
""
]
}
}
iLO 5 HostOS
:
iLO 5 replaces HostCorrelation
with Oem/Hpe/HostOS
which is available if Agentless Management Service is running.
iLO 5
HostOS
:
{
"Oem": {
"Hpe": {
"HostOS": {
"OsName": "Windows Server 2012 R2, x64 Standard Edition",
"OsVersion": "6.3",
"OsSysDescription": "",
"OsType": 38
}
}
}
}
Managers (/redfish/v1/Managers/{item}/) (iLO 5)
The following properties have been replaced for Redfish conformance:
iLO 4 | iLO 5 replacement |
---|---|
/Firmware | FirmwareVersion |
/CommandShell/Enabled | /CommandShell/ServiceEnabled |
/GraphicalConsole/Enabled | /GraphicalConsole/ServiceEnabled |
/SerialConsole/Enabled | /SerialConsole/ServiceEnabled |
All of the replacement properties are also implemented in iLO 4 2.30 and later.
iLO 5 Security State
iLO 5 features a new security state setting readable and settable via the REST API.
{
"Oem": {
"Hpe": {
"SecurityState": "HighSecurity"
}
}
}
The possible values include:
Production
HighSecurity
FIPS
CNSA
You may PATCH these settings, but iLO 5 enforces strict limitations on how security states can transition. Any unsupported transition results in an error.
Allowed Transitions:
Transition | Notes |
---|---|
Production <–> HighSecurity | You may transition freely between Production mode and High Security mode, subject to authentication and privileges. |
FIPS <–> SuiteB | You may transition freely between Production mode and High Security mode, subject to authentication and privileges. |
Production or HighSecurity –> FIPS | You may transition into FIPS mode. Transitions out of FIPS mode are complex and beyond the scope of the RESTful API. |
Impact on Local iLO RESTful API Access (via HPREST utility and Channel Interface)
iLO 4 allowed anonymous access to the iLO RESTful API over the local channel interface (CHIF) except in the case where the Data Center Lock mode was engaged.
iLO 5 limits access to the local interface in HighSecurity, FIPS, and SuiteB modes to authorized users only. In Production mode, anonymous access remains identical to iLO 4.
When performing local BIOS configuration changes, the following conditions apply:
Local REST Access | No BIOS Password | BIOS Password Set |
---|---|---|
Production Mode | No authorization required | Requires BIOS Configuration Privilege |
High Security Mode | Requires BIOS Configuration Privilege | Requires BIOS Configuration Privilege |
Remote REST Access | No BIOS Password | BIOS Password Set |
---|---|---|
Production Mode | Requires BIOS Configuration Privilege | Requires BIOS Configuration Privilege |
High Security Mode | Requires BIOS Configuration Privilege | Requires BIOS Configuration Privilege |
Notice that iLO is not validating against the BIOS setup password, but is using the presence of the BIOS password to require BIOS Configuration Privilege.
iLO Ethernet Interfaces (/redfish/v1/managers/{item}/EthernetInterfaces/{item}/)
The following properties have been removed for Redfish conformance:
iLO 4 | iLO 5 replacement |
---|---|
/FactoryMacAddress | /PermanentMACAddress |
/MacAddress | /MACAddress |
/LinkTechnology | Removed (assume Ethernet) |
/Autosense | /AutoNeg |
All of the above replacement properties were added in iLO 4 2.30.
VLAN Configuration
VLAN Configuration for iLO’s Shared Network Interface has changed in iLO 5 to become Redfish conformant.
iLO 4 | iLO 5 replacement |
---|---|
/VLANEnable | /VLAN/VLANEnable |
/VLANId | /VLAN/VLANId |
iLO Network Protocols (/redfish/v1/managers/{item}/NetworkService/)
The following properties have been removed for Redfish conformance:
iLO 4 | iLO 5 replacement |
---|---|
/SessionTimeoutMinutes | Removed |
/{protocol}/Enabled | /{protocol}/ProtocolEnabled |
/Oem/Hp/HPSystemManagementHomepageAddress | /Oem/Hpe/SystemManagementHomepage |
ProtocolEnabled
was added in iLO 4 2.30 and Enabled is now removed.
HPSystemManagementHomepageAddress
was changed as part of the Hewlett Packard Enterprise transition.
Chassis (/redfish/v1/chassis/{item}/)
iLO 5 supports the Redfish PhysicalSecurity
status to report the status of the hood sensor. This is only present when a hood sensor is installed on the server:
Example:
{
"PhysicalSecurity": {
"IntrusionSensor": "HardwareIntrusion"
}
}
“Version” has been removed from Chassis to be Redfish conformant.
Power (/redfish/v1/chassis/{item}/power/
)
The following properties have been removed for Redfish conformance:
iLO 4 | iLO 5 replacement |
---|---|
/PowerConsumedWatts | /PowerControl/PowerConsumedWatts |
/PowerRequestedWatts | /PowerControl/PowerRequestedWatts |
/PowerAvailableWatts | /PowerControl/PowerAvailableWatts |
/PowerAllocatedWatts | /PowerControl/PowerAllocatedWatts |
/PowerCapacityWatts | /PowerControl/PowerCapacityWatts |
/PowerMetrics | /PowerControl/PowerMetrics |
/PowerLimit | /PowerControl/PowerLimit |
/PowerSupplies[]/CorrelatableID | no replacement |
Thermal (/redfish/v1/chassis/{item}/thermal
)
The existing CurrentReading
property for each fan array entry is replaced with the Redfish errata change:
Redfish adds a pair of properties Reading
and ReadingUnits
. Both are GET-only operation properties. ReadingUnits are returned from a GET operation as Percent
and Reading
is a number between 0 and 100.
Additionally, a few other properties from the pre-Redfish schema are removed to conform with Redfish.
iLO 4 | iLO 5 replacement |
---|---|
/Fans[]/FanName | /Fans[]/Name (changed in Redfish Thermal.v1_1_0) |
/Fans[]/CurrentReading | /Fans[]/Reading* |
/Fans[]/CurrentReading | /Fans[]/ReadingUnits* (= “Percent”) |
/Fans[]/ReadingRPM | Removed from old schema - never implemented |
/Fans[]/Units | /Fans[]/ReadingUnits (= “Percent”) |
/Fans[]/Context | /Fans[]/PhysicalContext |
/Temperatures[]/Context | /Temperatures[]/PhysicalContext |
/Temperatures[]/CurrentReading | /Temperatures[]/ReadingCelsius |
/Temperatures[]/Number | /Temperatures[]/SensorNumber* |
/Temperatures[]/Units | Removed - Redfish always read in Celsius (see ReadingCelsius) |
/Temperatures[]/LowerThresholdNonCritical | /Temperatures[]/UpperThresholdCritical |
/Temperatures[]/LowerThresholdCritical | /Temperatures[]/UpperThresholdFatal |
* These are newly added for iLO 5 as Redfish conformant replacements for the removed properties. The others were added in iLO 4 2.30 and above as Redfish replacements.
NOTE: The threshold property changes fix a issue with incorrectly labeled thresholds in previous releases of iLO.
On-Service JSON Schema
The on-service schema collection remains at /redfish/v1/schema/ and does not change to the Redfish example of /redfish/v1/JsonSchema. Because URIs are opaque, this is left where it is without violating the spec and preserving compatibility.
The existing collection of SchemaFileCollection
and SchemaFile
resources are now Redfish conformant using JsonSchemaFileCollection
and JsonSchemaFile
.
iLO 4 | iLO 5 |
---|---|
/redfish/v1/schemas: “@odata.type”: “#SchemaFileCollection.SchemaFileCollection” | /redfish/v1/schemas: “@odata.type”: “#JsonSchemaFileCollection.JsonSchemaFileCollection” |
/redfish/v1/schemas/{item}: “@odata.type”: “#SchemaFile.1.0.0.SchemaFile" | /redfish/v1/schemas/{item}: “@odata.type”: “#JsonSchemaFile.v1_0_0.JsonSchemaFile" |
The main difference in the SchemaFile
and JsonSchemaFile
is the change from using extref
as a pointer to using the Uri
property:
iLO 4 example:
{
"Uri": {
"extref": "/redfish/v1/registrystore/en/BiosAttributeRegistryP89.v1_0_0.json"
}
}
iLO 5 example:
{
"Uri": "/redfish/v1/registrystore/en/BiosAttributeRegistryP89.v1_0_0.json"
}
On-Service Message Registries
Message Registries available in the service conform to Redfish.
The HpCommon
registry is renamed to HpeCommon
and changed to version 2.0.0.
The iLO registry version is also changed to 2.0.0. The base remains at 1.0.0 because that is a Redfish standard registry.
iLO 4 | iLO 5 |
---|---|
“Type”: “MessageRegistry.0.10.0” | “@odata.type”: “#MessageRegistry.1.0.0.MessageRegistry” |
Version | RegistryVersion |
none | OwningEntity (== Hewlett Packard Enterprise) |
The collection of Message Registries is changed to:
iLO 4 @odata.type | iLO 5 @odata.type |
---|---|
#SchemaFileCollection.SchemaFileCollection" |
"#MessageRegistryFileCollection.MessageRegistryFileCollection" |
The collection items pointing to the registries change type:
iLO 4 @odata.type | iLO 5 @odata.type |
---|---|
"#SchemaFile.1.0.0.SchemaFile" |
"#MessageRegistryFile.1.0.0.MessageRegistryFile" |
The only difference between SchemaFile/JsonSchemaFile and MessageRegistryFile is the property substitution Schema for Registry.
Integrated Management Log (IML)
/redfish/v1/Systems/{item}/LogServices/IML/Entries/{item}/
The Integrated Management Log (IML) RESTful API in iLO 5 is significantly enhanced. Each log entry is Redfish conformant with the LogEntry Schema and has been enhanced with features of the IML using an Oem/Hpe extension.
Compared to iLO 4, the following items are new or changed:
Property | Change | Notes |
---|---|---|
Oem/Hpe/RecommendedAction | Added | This is a text string with recommended actions to resolve a condition indicated by this event. |
Oem/Hpe/Categories (array of strings) | Added | Categorizes this log entry into one or more defined categories (see below). |
Oem/Hpe/LearnMoreLink | Added | A URI with the location of more information for this class and code of event. |
Oem/Hpe/Count | Added | Replaces the “Number” property in iLO 4 which was not Redfish conformant and was hidden when the resource was requested in Redfish mode. |
Oem/Hpe/Repaired | Added | This boolean flag indicates whether the event has been repaired. |
OemRecordFormat | Changed | The Oem Record Format has been changed from “Hp-IML” to “Hpe-IML”. |
Oem/Hpe/EventNumber | Added | Replaces the “RecordId” property in iLO 4 which was not Redfish conformant and was hidden when the resource was requested in Redfish mode. |
Event Categories
An event can indicate that it is in one or more of the following categories:
Categories |
---|
Security |
Hardware Failure |
Firmware Failure |
Maintenance |
Administration |
Power |
Cooling |
Invalid User Input |
Other |
Configuration |
iLO 4 example:
{
"@odata.context": "/redfish/v1/$metadata#Systems/Members/1/LogServices/IML/Entries/Members/$entity",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1/",
"@odata.type": "#LogEntry.1.0.0.LogEntry",
"Created": "2016-01-12T21:38:00Z",
"EntryType": "Oem",
"Id": "1",
"Message": "IML Cleared (iLO 4 user:[NONE])",
"Name": "Integrated Management Log",
"Oem": {
"Hp": {
"@odata.type": "#HpLogEntry.1.0.0.HpLogEntry",
"Class": 33,
"Code": 1,
"EventNumber": 28,
"Updated": "2016-01-12T21:38:00Z"
}
},
"OemRecordFormat": "Hp-IML",
"Severity": "OK"
}
iLO 5 example:
{
"@odata.context": "/redfish/v1/$metadata#Systems/Members/1/LogServices/IML/Entries/Members/$entity",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1/",
"@odata.type": "#LogEntry.v1_0_0.LogEntry",
"Created": "2034-01-01T23:20:04Z",
"EntryType": "Oem",
"Id": "1",
"Message": "System Overheating (Temperature Sensor 0x07, Location Power Supply, Temperature 48)",
"Name": "Integrated Management Log",
"Oem": {
"Hpe": {
"@odata.type": "#HpeLogEntry.v2_0_0.HpeLogEntry",
"Categories": [
"Hardware Failure"
],
"Class": 2,
"Code": 1,
"EventNumber": 197,
"LearnMoreLink": "http://www.hpe.com/support/class0x02code0x01/",
"RecommendedAction": "Replace DIMM at slot no. 0x07, socket ",
"Repaired": false,
"Updated": "2034-01-01T23:20:04Z"
}
},
"OemRecordFormat": "Hpe-IML",
"Severity": "Warning"
}
EventService (/redfish/v1/EventService/)
The following properties are removed for Redfish conformance:
- DeliveryRetryIntervalInSeconds (replaced by DeliveryRetryIntervalSeconds present in iLO 4 2.30 and later)
- SubscriptionRemovalAction
- SubscriptionRemoval
- TimeIntervalInMinutes
Event Destinations
The following properties are removed for Redfish conformance:
- TTLCount
- TTLUnits
Detail of All Property Changes
Property Replacements and Removals
Chassis Renames and Removals
@odata.type: #Chassis.v1_2_0.Chassis
Property | Replacement | Note |
---|---|---|
/Version | none | /Version is not Redfish conformant. |
ComputerSystem Renames and Removals
@odata.type: #ComputerSystem.v1_2_0.ComputerSystem
Property | Replacement |
---|---|
/BIOSPOSTCode | none1 |
/Bios/Current | /BiosVersion |
/Boot/BootSourceOverrideSupported | /Boot/BootSourceOverrideTarget@Redfish.AllowableValues2 |
/Boot/UefiTargetBootSourceOverrideSupported | /Boot/UefiTargetBootSourceOverride@Redfish.AllowableValues3 |
/HostCorrelation | none4 |
/Memory/Status | /MemorySummary/Status |
/Memory/TotalSystemMemoryGB | /MemorySummary/TotalSystemMemoryGiB |
/Power | /PowerState5 |
/Processors/Count | /ProcessorSummary/Count |
/Processors/ProcessorFamily | /ProcessorSummary/Model |
/Processors/Status | /ProcessorSummary/Status |
/Version | none6 |
/VirtualSerialNumber | none7 |
1/BIOSPOSTCode is not Redfish conformant. 2/Boot/BootSourceOverrideSupported is not Redfish conformant. 3/Boot/UefiTargetBootSourceOverrideSupported is not Redfish conformant. 4/HostCorrelation is not Redfish conformant. 5/Power is not Redfish conformant. 6/Version is not Redfish conformant. 7/VirtualSerialNumber is not Redfish conformant.
EthernetInterface Renames and Removals
@odata.type: #EthernetInterface.v1_0_0.EthernetInterface
Property | Replacement | Note |
---|---|---|
/Autosense | /AutoNeg | /Autosense is not Redfish conformant. |
/FactoryMacAddress | /PermanentMACAddress | /FactoryMacAddress is not Redfish conformant. |
/LinkTechnology | none | /LinkTechnology is not Redfish conformant. Ethernet is assumed. |
/MacAddress | /MACAddress | /MacAddress is not Redfish conformant. |
Event Renames and Removals
@odata.type: #Event.v1_0_0.Event
Property | Replacement | Note |
---|---|---|
/Events[]/EventID | /Events[]/EventId | |
/Events[]/MessageID | /Events[]/MessageId | /Events[]/MessageID is not Redfish conformant. |
EventDestination Renames and Removals
@odata.type: #EventDestination.v1_0_0.EventDestination
Property | Replacement | Note |
---|---|---|
/TTLCount | none | /TTLCount is not Redfish conformant. |
/TTLUnits | none | /TTLUnits is not Redfish conformant. |
EventService Renames and Removals
@odata.type: #EventService.v1_0_1.EventService
Property | Replacement | Note |
---|---|---|
/DeliveryRetryIntervalInSeconds | /Oem/Hpe/DeliveryRetryIntervalSeconds | /DeliveryRetryIntervalInSeconds is not Redfish conformant. This has been moved into the EventDestination OEM section as /Oem/Hpe/DeliveryRetryIntervalInSeconds in the HpeEventDestination schema. |
/SubscriptionRemovalAction | none | /SubscriptionRemovalAction is not Redfish conformant. |
/SubscriptionRemovalTimeIntervalInMinutes | none | /SubscriptionRemovalTimeIntervalInMinutes is not Redfish conformant. |
ExtendedInfo Renames and Removals
@odata.type: #ExtendedInfo.1.0.0.ExtendedInfo
Property | Replacement | Note |
---|---|---|
/Messages | /@Message.ExtendedInfo | /Messages is not Redfish conformant. |
/error/@Message.ExtendedInfo[]/MessageID | /error/@Message.ExtendedInfo[]/MessageId | /error/@Message.ExtendedInfo[]/MessageID is not Redfish conformant. |
HpeBaseNetworkAdapter Renames and Removals
@odata.type: #HpeBaseNetworkAdapter.v2_0_0.HpeBaseNetworkAdapter
Property | Replacement | Note |
---|---|---|
/PhysicalPorts[]/links/EthernetNetworkAdapter | none |
HpeComputerSystemExt Renames and Removals
@odata.type: #HpeComputerSystemExt.v2_1_0.HpeComputerSystemExt
Property | Replacement | Note |
---|---|---|
/Actions/#HpComputerSystemExt.PowerButton | /Actions/#HpeComputerSystemExt.PowerButton | HPE Branding Transition |
/Actions/#HpComputerSystemExt.ServerSigRecompute | /Actions/#HpeComputerSystemExt.ServerSigRecompute | HPE Branding Transition |
/Actions/#HpComputerSystemExt.SystemReset | /Actions/#HpeComputerSystemExt.SystemReset | HPE Branding Transition |
/TrustedModules | ComputerSystem#/TrustedModules | This has been formally approved in the Redfish standard and moved from the Oem/Hpe section into the main ComputerSystem object. |
HpeESKM Renames and Removals
@odata.type: #HpeESKM.v2_0_0.HpeESKM
Property | Replacement | Note |
---|---|---|
/Actions/#HpESKM.ClearESKMLog | /Actions/#HpeESKM.ClearESKMLog | HPE Branding Transition |
/Actions/#HpESKM.TestESKMConnections | /Actions/#HpeESKM.TestESKMConnections | HPE Branding Transition |
HpeHttpsCert Renames and Removals
@odata.type: #HpeHttpsCert.v2_0_0.HpeHttpsCert
Property | Replacement | Note |
---|---|---|
/Actions/#HpHttpsCert.GenerateCSR | /Actions/#HpeHttpsCert.GenerateCSR | HPE Branding Transition |
/Actions/#HpHttpsCert.ImportCertificate | /Actions/#HpeHttpsCert.ImportCertificate | HPE Branding Transition |
HpeiLO Renames and Removals
@odata.type: #HpeiLO.v2_0_0.HpeiLO
Property | Replacement | Note |
---|---|---|
/Actions/#HpiLO.ClearRestApiState | /Actions/#HpeiLO.ClearRestApiState | HPE Branding Transition |
/Actions/#HpiLO.ResetToFactoryDefaults | /Actions/#HpeiLO.ResetToFactoryDefaults | HPE Branding Transition |
/Actions/#HpiLO.iLOFunctionality | /Actions/#HpeiLO.iLOFunctionality | HPE Branding Transition |
HpeiLOActiveHealthSystem Renames and Removals
@odata.type: #HpeiLOActiveHealthSystem.v2_0_0.HpeiLOActiveHealthSystem
Property | Replacement | Note |
---|---|---|
/Actions/#HpiLOActiveHealthSystem.ClearLog | /Actions/#HpeiLOActiveHealthSystem.ClearLog | HPE Branding Transition |
HpeiLOEmbeddedMedia Renames and Removals
@odata.type: #HpeiLOEmbeddedMedia.v2_0_0.HpeiLOEmbeddedMedia
Property | Replacement | Note |
---|---|---|
/SDCard/HpCertified | /SDCard/HpeCertified | HPE Branding Transition |
HpeiLOManagerNetworkService Renames and Removals
@odata.type: #HpeiLOManagerNetworkService.v2_0_0.HpeiLOManagerNetworkService
Property | Replacement | Note |
---|---|---|
/Actions/#HpiLOManagerNetworkService.SendTestAlertMail | /Actions/#HpeiLOManagerNetworkService.SendTestAlertMail | HPE Branding Transition |
/Actions/#HpiLOManagerNetworkService.SendTestSyslog | /Actions/#HpeiLOManagerNetworkService.SendTestSyslog | HPE Branding Transition |
/HPSystemManagementHomepageAddress | /SystemManagementHomepage | HPE Branding Transition |
HpeiLOSSO Renames and Removals
@odata.type: #HpeiLOSSO.v2_0_0.HpeiLOSSO
Property | Replacement | Note |
---|---|---|
/Actions/#HpiLOSSO.DeleteAllSSORecords | /Actions/#HpeiLOSSO.DeleteAllSSORecords | HPE Branding Transition |
/Actions/#HpiLOSSO.DeleteSSORecordbyNumber | /Actions/#HpeiLOSSO.DeleteSSORecordbyNumber | HPE Branding Transition |
/Actions/#HpiLOSSO.ImportCertificate | /Actions/#HpeiLOSSO.ImportCertificate | HPE Branding Transition |
/Actions/#HpiLOSSO.ImportDNSName | /Actions/#HpeiLOSSO.ImportDNSName | HPE Branding Transition |
HpeiLOSnmpService Renames and Removals
@odata.type: #HpeiLOSnmpService.v2_0_0.HpeiLOSnmpService
Property | Replacement | Note |
---|---|---|
/Actions/#SnmpService.SendSNMPTestAlert | /Actions/#HpeiLOSnmpService.SendSNMPTestAlert |
HpeiLOVirtualMedia Renames and Removals
@odata.type: #HpeiLOVirtualMedia.v2_0_0.HpeiLOVirtualMedia
Property | Replacement | Note |
---|---|---|
/Actions/#HpiLOVirtualMedia.1.1.0.EjectVirtualMedia | /Actions/#HpeiLOVirtualMedia.EjectVirtualMedia | HPE Branding Transition |
/Actions/#HpiLOVirtualMedia.1.1.0.InsertVirtualMedia | /Actions/#HpeiLOVirtualMedia.InsertVirtualMedia | HPE Branding Transition |
LogEntry Renames and Removals
@odata.type: #LogEntry.v1_0_0.LogEntry
Property | Replacement | Note |
---|---|---|
/Number | none | /Number is not Redfish conformant. |
/RecordId | /EventNumber | /RecordId is not Redfish conformant. |
Manager Renames and Removals
@odata.type: #Manager.v1_1_0.Manager
Property | Replacement | Note |
---|---|---|
/CommandShell/Enabled | /CommandShell/ServiceEnabled | /CommandShell/Enabled is not Redfish conformant. |
/Firmware | /FirmwareVersion | /Firmware is not Redfish conformant. |
/GraphicalConsole/Enabled | /GraphicalConsole/ServiceEnabled | /GraphicalConsole/Enabled is not Redfish conformant. |
/SerialConsole/Enabled | /SerialConsole/ServiceEnabled | /SerialConsole/Enabled is not Redfish conformant. |
ManagerNetworkProtocol Renames and Removals
@odata.type: #ManagerNetworkProtocol.v1_0_0.ManagerNetworkProtocol
Property | Replacement | Note |
---|---|---|
/HTTP/Enabled | /HTTP/ProtocolEnabled | /HTTP/Enabled is not Redfish conformant. |
/HTTPS/Enabled | /HTTPS/ProtocolEnabled | /HTTPS/Enabled is not Redfish conformant. |
/IPMI/Enabled | /IPMI/ProtocolEnabled | /IPMI/Enabled is not Redfish conformant. |
/KVMIP/Enabled | /KVMIP/ProtocolEnabled | /KVMIP/Enabled is not Redfish conformant. |
/SNMP/Enabled | /SNMP/ProtocolEnabled | /SNMP/Enabled is not Redfish conformant. |
/SSDP/Enabled | /SSDP/ProtocolEnabled | /SSDP/Enabled is not Redfish conformant. |
/SSH/Enabled | /SSH/ProtocolEnabled | /SSH/Enabled is not Redfish conformant. |
/SessionTimeoutMinutes | none | /SessionTimeoutMinutes is not Redfish conformant. |
/VirtualMedia/Enabled | /VirtualMedia/ProtocolEnabled | /VirtualMedia/Enabled is not Redfish conformant. |
Power Renames and Removals
@odata.type: #Power.v1_0_1.Power
Property | Replacement | Note |
---|---|---|
/PowerAllocatedWatts | /PowerControl/PowerAllocatedWatts | /PowerAllocatedWatts is not Redfish conformant. |
/PowerAvailableWatts | /PowerControl/PowerAvailableWatts | /PowerAvailableWatts is not Redfish conformant. |
/PowerCapacityWatts | /PowerControl/PowerCapacityWatts | /PowerCapacityWatts is not Redfish conformant. |
/PowerConsumedWatts | /PowerControl/PowerConsumedWatts | /PowerConsumedWatts is not Redfish conformant. |
/PowerLimit | /PowerControl/PowerLimit | /PowerLimit is not Redfish conformant. |
/PowerMetrics | /PowerControl/PowerMetrics | /PowerMetrics is not Redfish conformant. |
/PowerRequestedWatts | /PowerControl/PowerRequestedWatts | /PowerRequestedWatts is not Redfish conformant. |
/PowerSupplies[]/CorrelatableID | none | /PowerSupplies[]/CorrelatableID is not Redfish conformant. |
ServiceRoot Renames and Removals
@odata.type: #ServiceRoot.v1_1_0.ServiceRoot
Property | Replacement | Note |
---|---|---|
/Time | HpeiLOServiceExt#/Time | /Time is not Redfish conformant. A replacement to this is defined in the Oem section of Manager (HpeiLOServiceExt). |
Thermal Renames and Removals
@odata.type: #Thermal.v1_1_0.Thermal
Property | Replacement | Note |
---|---|---|
/Fans[]/Context | /Fans[]/PhysicalContext | /Fans[]/Context is not Redfish conformant. |
/Fans[]/CurrentReading | /Fans[]/Reading | /Fans[]/CurrentReading is not Redfish conformant. |
/Fans[]/FanName | /Fans[]/Name | |
/Fans[]/ReadingRPM | /Fans[]/Reading | |
/Fans[]/Units | /Fans[]/ReadingRPM | /Fans[]/Units is not Redfish conformant. |
/Temperatures[]/Context | /Temperatures[]/PhysicalContext | /Temperatures[]/Context is not Redfish conformant. |
/Temperatures[]/CurrentReading | /Temperatures[]/ReadingCelsius | /Temperatures[]/CurrentReading is not Redfish conformant. |
/Temperatures[]/Number | /Temperatures[]/SensorNumber | /Temperatures[]/Number is not Redfish conformant. |
/Temperatures[]/Units | /Temperatures[]/ReadingCelsius | /Temperatures[]/Units is not Redfish conformant. |
Property Additions to existing Types
Chassis Additions
@odata.type: #Chassis.v1_2_0.Chassis
Property | Note |
---|---|
/Links/Drives | An array of references to the drives contained in this chassis. |
/PhysicalSecurity | A Redfish standard Physical Security object if supported and installed on the chassis. |
ComputerSystem Additions
@odata.type: #ComputerSystem.v1_2_0.ComputerSystem
Property | Note |
---|---|
/Boot/BootSourceOverrideMode | none |
/Boot/BootSourceOverrideTarget@Redfish.AllowableValues | none |
/Boot/UefiTargetBootSourceOverride@Redfish.AllowableValues | none |
/SecureBoot | A reference to the UEFI SecureBoot resource associated with this system. |
/Storage | A reference to the collection of storage devices associated with this system. |
/TrustedModules | This object describes the array of Trusted Modules in the system. |
Event Additions
@odata.type: #Event.v1_0_0.Event
Property | Note |
---|---|
/Events[]/EventId | This is a unique instance identifier of an event. |
HpeAdvancedMemoryProtection Additions
@odata.type: #HpeAdvancedMemoryProtection.v2_0_0.HpeAdvancedMemoryProtection
Property | Note |
---|---|
/MemoryList | An array of memory boards containing socket and CPU correlation information. |
HpeBaseNetworkAdapter Additions
@odata.type: #HpeBaseNetworkAdapter.v2_0_0.HpeBaseNetworkAdapter
Property | Note |
---|---|
/FcPorts | Information about the Fiber Channel Ports in the server. |
HpeComputerSystemExt Additions
@odata.type: #HpeComputerSystemExt.v2_1_0.HpeComputerSystemExt
Property | Note |
---|---|
/AggregateHealthStatus | The Aggregate Health Status of the System. |
/HostOS | none |
/Links/USBPorts | A reference to the USB Port Connectors associated with this system. |
/PCAPartNumber | The PCA part number. |
/PCASerialNumber | The PCA serial number. |
/PostDiscoveryCompleteTimeStamp | Displays the last known POST Discovery Complete time. |
/PostDiscoveryMode | The mode which the system operates during the discovery section of POST. |
/SMBIOS | A reference to the SMBIOS records associated with this system. |
/SmartStorageConfig | An array of references to SmartStorage elements associated with this system. |
/ProcessorJitterControl | Allows the user to set the Processor Jitter Control mode and Frequency at run time. |
/CurrentPowerOnTimeSeconds | Shows the amount of time (in seconds) that has passed since the server was last powered on. |
/PowerOnMinutes | Retrieves the virtual clock value, in minutes, since the server was first powered on. |
HpeLogEntry Additions
@odata.type: #HpeLogEntry.v2_0_0.HpeLogEntry
Property | Note |
---|---|
/Categories | The log entry categories. |
/Count | The occurrence count of the log entry. |
/LearnMoreLink | The HPSC link for troubleshooting information. |
/RecommendedAction | The recommended action for the event. |
HpePowerMetricsExt Additions
@odata.type: #HpePowerMetricsExt.v2_0_0.HpePowerMetricsExt
Property | Note |
---|---|
/BbuPowerSupply | Battery Backup Unit Power Supply action determines what occurs when a server is running on battery power. |
/HasPowerMetering | Indicates if the system has power metering. |
/MinimumSafelyAchievableCap | Minimum Safely Achievable Cap is the lowest cap value that is safe for a group power manager to apply to a particular server. It can either be identical to or slightly greater than the 0 percent cap value calculated during ROM power burn. |
/HighEfficiencyMode | The redundant power supply mode that is used when redundant power supplies are configured. |
HpeSecurityService Additions
@odata.type: #HpeSecurityService.v2_0_0.HpeSecurityService
Property | Note |
---|---|
/SecurityState | The operational security level of this Manager. |
/LoginSecurityBanner | Allows you to configure the security banner displayed on the iLO login screen. |
/CurrentCipher | Displays the current cipher in use. |
HpeServerChassis Additions
@odata.type: #HpeServerChassis.v2_0_0.HpeServerChassis
Property | Note |
---|---|
/Links/BladeEnclosure | The URI for this blade enclosure resource. |
/SystemMaintenanceSwitches | Describes the maintenance switch positions |
HpeServerFan Additions
@odata.type: #HpeServerFan.v2_0_0.HpeServerFan
Property | Note |
---|---|
/HotPluggable | Indicates if the fan can be replaced while the server is running. |
/Redundant | Indicates if the fan is in a redundant configuration. |
HpeServerPciDevice Additions
@odata.type: #HpeServerPciDevice.v2_0_0.HpeServerPciDevice
Property | Note |
---|---|
/LocationString | Text representation of the UEFI device location. |
HpeSmartStorageArrayController Additions
@odata.type: #HpeSmartStorageArrayController.v2_0_0.HpeSmartStorageArrayController
Property | Note |
---|---|
/ControllerPartNumber | Smart Array Controller Part Number |
HpeSmartStorageDiskDrive Additions
@odata.type: #HpeSmartStorageDiskDrive.v2_0_0.HpeSmartStorageDiskDrive
Property | Note |
---|---|
/LegacyBootPriority | This indicates that the array controller should provide legacy boot support. |
HpeSmartStorageLogicalDrive Additions
@odata.type: #HpeSmartStorageLogicalDrive.v2_0_0.HpeSmartStorageLogicalDrive
Property | Note |
---|---|
/InterfaceType | The connection interface of the logical drive. |
/MediaType | Type of the disk this logical drive is associated with. |
HpeiLO Additions
@odata.type: #HpeiLO.v2_0_0.HpeiLO
Property | Note |
---|---|
/ConfigurationSettings | State of the currently displayed configuration settings. |
/IdleConnectionTimeoutMinutes | This setting specifies how long a user can be inactive before an iLO web interface ends automatically. |
/Links/Thumbnail | A link to static images in Manager. |
/RIBCLEnabled | This property enables or disables RIBCL for the management processor. The management processor requires reset when this field is modified. |
/WebGuiEnabled | This property enables or disables WEB GUI access for the management processor. The management processor requires reset when this field is modified. |
/PersistentMouseKeyboardEnabled | This property enables or disables the persistent keyboard and mouse feature. |
HpeiLOEmbeddedMedia Additions
@odata.type: #HpeiLOEmbeddedMedia.v2_0_0.HpeiLOEmbeddedMedia
Property | Note |
---|---|
/SDCard/HpeCertified | True if this is an HPE-certified SD card. |
HpeiLOManagerNetworkService Additions
@odata.type: #HpeiLOManagerNetworkService.v2_0_0.HpeiLOManagerNetworkService
Property | Note |
---|---|
/SystemManagementHomepage | The IP address or FQDN of the System Management Homepage (SMH) server. |
HpeiLOResourceDirectory Additions
@odata.type: #HpeiLOResourceDirectory.v2_0_0.HpeiLOResourceDirectory
Property | Note |
---|---|
/Instances[]/HttpMethods | This property lists the set of methods supported by the resource. |
HpeiLOServiceExt Additions
@odata.type: #HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt
Property | Note |
---|---|
/Time | The current Redfish service time. This is a replacement for the ServiceRoot Time removed in Redfish. |
Manager Additions
@odata.type: #Manager.v1_1_0.Manager
Property | Note |
---|---|
/Links/ManagerInChassis | This property is a reference to the chassis that this manager is located within. |
ServiceRoot Additions
@odata.type: #ServiceRoot.v1_1_0.ServiceRoot
Property | Note |
---|---|
/UpdateService | The URI to this UpdateService resource. |
Thermal Additions
@odata.type: #Thermal.v1_1_0.Thermal
Property | Note |
---|---|
/Fans[]/Name | The name of the fan sensor. |
/Fans[]/Reading | The current speed of the fan. |
/Temperatures[]/SensorNumber | A numerical identifier to represent the temperature sensor. |
Managing iLO 5 Users
iLO 5 supports both local user authentication as well as directory authentication.
iLO 5 1.40 adds:
- Role based local user administration via Redfish
- Directory Authentication configuration via Redfish
All user account modifications require the client to be authenticated with the “Administer User Accounts” privilege (UserConfigPriv
in the Redfish ManagerAccount
)
Local User Administration
iLO 5 has a local user database enabling consistent user management for all interfaces including the Web interface (GUI) as well as the Redfish API. The iLO 5 local user accounts are managed in the AccountService (/redfish/v1/AccountService
). An Accounts
collection in the AccountService enables clients to create, modify, or remove local user accounts.
GET /redfish/v1/AccountService/Accounts/
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccountCollection.ManagerAccountCollection",
"@odata.etag": "W/\"21C260DB\"",
"@odata.id": "/redfish/v1/AccountService/Accounts/",
"@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
"Description": "iLO User Accounts",
"Name": "Accounts",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Accounts/1/"
}
],
"Members@odata.count": 1
}
A local user account consists of a user name, password, and a set of privileges. The RoleId
describes one of three defined Redfish roles based upon assigned privileges. The Oem/Hpe/LoginName
property is a description of the account.
NOTE: Due to a terminology mismatch between the Redfish standard and historical iLO products, the Properties for UserName
and LoginName
are reversed in Redfish vs. the iLO 5 Web interface:
Redfish Property | GUI Term | Description | Example |
---|---|---|---|
UserName | Login Name | The user identity string used with a password to log into iLO 5 | jsmith |
Oem/Hpe/LoginName | User Name | The descriptive name of the user | Jane Smith - Director of IT |
GET /redfish/v1/AccountService/Accounts/1/
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
"@odata.etag": "W/\"D9DF9F68\"",
"@odata.id": "/redfish/v1/AccountService/Accounts/1/",
"@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
"Id": "1",
"Description": "iLO User Account",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator/"
}
},
"Name": "User Account",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
"@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
"LoginName": "Jane Smith - Director of IT",
"Privileges": {
"HostBIOSConfigPriv": true,
"HostNICConfigPriv": true,
"HostStorageConfigPriv": true,
"LoginPriv": true,
"RemoteConsolePriv": true,
"SystemRecoveryConfigPriv": true,
"UserConfigPriv": true,
"VirtualMediaPriv": true,
"VirtualPowerAndResetPriv": true,
"iLOConfigPriv": true
},
"ServiceAccount": false
}
},
"Password": null,
"RoleId": "Administrator",
"UserName": "jsmith"
}
Note that
Password
is always shown asnull
even though its PATCHable with a new password
Roles and Privileges
iLO 5 uses a set of privileges assigned to each user account to grant and restrict access to features. iLO 5’s privileges are:
Redfish | iLO Web Interface (GUI) |
---|---|
LoginPriv | Login |
RemoteConsolePriv | Remote Console |
VirtualPowerAndResetPriv | Virtual Power and Reset |
VirtualMediaPriv | Virtual Media |
HostBIOSConfigPriv | Host BIOS |
iLOConfigPriv | Configure iLO Settings |
UserConfigPriv | Administer User Accounts |
HostNICConfigPriv | Host NIC |
HostStorageConfigPriv | Host Storage |
SystemRecoveryConfigPriv | Recovery Set |
Roles
In iLO 5 1.40 and later, you can use RoleId
to create users with specific starting privileges.
On a GET of the local user account, RoleId
is synthesized based upon the enabled privileges. iLO 5 does not store a separate RoleId
value. For this reason, modifications to raw privileges may or may not result in a changed RoleId
based upon iLO’s mapping
If the PATCH includes both RoleID
and individual privileges, the privileges corresponding to the RoleId are assigned to the local user account first, and then the explicit privileges are assigned.
PATCH /redfish/v1/AccountService/Accounts/{accountId}
{
"RoleId": "Administrator",
"Oem": {
"Hpe": {
"Privileges": {
"SystemRecoveryConfigPriv": true
}
}
}
}
will set all iLO 5 privileges as long as the account performing the operation already has sufficient privilege to grant these privileges.
Privileges granted on Local Account Creation by RoleId
RoleId | Privileges |
---|---|
Administrator | HostBIOSConfigPriv, HostNICConfigPriv, HostStorageConfigPriv, LoginPriv, RemoteConsolePriv, UserConfigPriv, VirtualMediaPriv, VirtualPowerAndResetPriv, iLOConfigPriv |
Operator | HostBIOSConfigPriv, HostNICConfigPriv, HostStorageConfigPriv, LoginPriv, RemoteConsolePriv, VirtualMediaPriv, VirtualPowerAndResetPriv |
ReadOnly | LoginPriv |
RoleId shown on an existing Local User Account by Privilege
The RoleId
reported is the smallest superset of assigned privileges.
Privileges | RoleId |
---|---|
LoginPriv only | ReadOnly |
iLOConfigPriv or UserConfigPriv or SystemRecoveryConfigPriv and anything else | Administrator |
any other combination | Operator |
Creating a new Local User Account
The simplest possible new local user account create operation is to POST to the Accounts collection, as shown in the example in the right pane.
PATCH /redfish/v1/AccountService/Accounts/{accountId}
{
"UserName": "jsmith",
"Password": "passwordexample"
}
The next example in the right pane creates a user account jsmith
with the default ReadOnly
RoleId and only the iLO 5 Login privilege. Notice that Oem/Hpe/LoginName
defaults to the provided UserName
unless it is specifically specified.
NOTE: Each local user account must have a unique UserName
.
GET /redfish/v1/AccountService/Accounts/{accountId}
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
"@odata.etag": "W/\"B103601C\"",
"@odata.id": "/redfish/v1/AccountService/Accounts/12/",
"@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
"Id": "12",
"Description": "iLO User Account",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly/"
}
},
"Name": "User Account",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
"@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
"LoginName": "jsmith",
"Privileges": {
"HostBIOSConfigPriv": false,
"HostNICConfigPriv": false,
"HostStorageConfigPriv": false,
"LoginPriv": true,
"RemoteConsolePriv": false,
"SystemRecoveryConfigPriv": false,
"UserConfigPriv": false,
"VirtualMediaPriv": false,
"VirtualPowerAndResetPriv": false,
"iLOConfigPriv": false
},
"ServiceAccount": false
}
},
"Password": null,
"RoleId": "ReadOnly",
"UserName": "jsmith"
}
Creating a new Account using a RoleId
In iLO 5 1.40 and later, you may specify a RoleId
with a new user account, as shown in the right pane.
POST /redfish/v1/AccountService/Accounts/
{
"UserName": "jsmith",
"Password": "passwordexample",
"RoleId": "Operator"
}
This results in:
GET /redfish/v1/AccountService/Accounts/{accountId}
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
"@odata.etag": "W/\"6C16FDE3\"",
"@odata.id": "/redfish/v1/AccountService/Accounts/14/",
"@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
"Id": "14",
"Description": "iLO User Account",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator/"
}
},
"Name": "User Account",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
"@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
"LoginName": "jsmith",
"Privileges": {
"HostBIOSConfigPriv": true,
"HostNICConfigPriv": true,
"HostStorageConfigPriv": true,
"LoginPriv": true,
"RemoteConsolePriv": true,
"SystemRecoveryConfigPriv": false,
"UserConfigPriv": false,
"VirtualMediaPriv": true,
"VirtualPowerAndResetPriv": true,
"iLOConfigPriv": false
},
"ServiceAccount": false
}
},
"Password": null,
"RoleId": "Operator",
"UserName": "jsmith"
}
Creating a new Account with specific Privileges
You may also create a local user with specific privileges, as shown in the right pane.
POST /redfish/v1/AccountService/Accounts/
{
"UserName": "jsmith",
"Password": "passwordexample",
"Oem": {
"Hpe": {
"LoginName": "Director of IT",
"Privileges": {
"LoginPriv": true,
"VirtualMediaPriv": true,
"VirtualPowerAndResetPriv": true
}
}
}
}
This results in the following new local user account:
GET /redfish/v1/AccountService/Accounts/{accountId}
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
"@odata.etag": "W/\"E8037663\"",
"@odata.id": "/redfish/v1/AccountService/Accounts/15/",
"@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
"Id": "15",
"Description": "iLO User Account",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator/"
}
},
"Name": "User Account",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
"@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
"LoginName": "Director of IT",
"Privileges": {
"HostBIOSConfigPriv": false,
"HostNICConfigPriv": false,
"HostStorageConfigPriv": false,
"LoginPriv": true,
"RemoteConsolePriv": false,
"SystemRecoveryConfigPriv": false,
"UserConfigPriv": false,
"VirtualMediaPriv": true,
"VirtualPowerAndResetPriv": true,
"iLOConfigPriv": false
},
"ServiceAccount": false
}
},
"Password": null,
"RoleId": "Operator",
"UserName": "jsmith"
}
Modifying a Local User Account
The following properties are modifiable on an existing local user account:
* UserName
* Password
- this is always returned as null, but you may PATCH it with a value to change the password
* RoleId
- PATCHing RoleId
on an existing local user account will reset it’s existing privileges with those mapped to the RoleId.
* Oem/Hpe/LoginName
* Oem/Hpe/Privileges/*
- any of the privileges may be modified with true or false
Adding and Removing Privileges
Local user account privileges may be modified with a PATCH to the URI of the desired ManagerAccount
resource, as shown in the example in the right pane.
PATCH /redfish/v1/AccountService/Accounts/{accountId}/
{
"Oem": {
"Hpe": {
"Privileges": {
"VirtualMediaPriv": true,
"VirtualPowerAndResetPriv": true
}
}
}
}
Changing Roles
See the example in the right pane.
PATCH /redfish/v1/AccountService/Accounts/{accountId}/
{
"RoleId": "Operator"
}
results in HTTPS status 200:
{
"error": {
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageId": "Base.1.0.AccountModified"
}
]
}
}
Changing Password
Local user account passwords may be modified with a PATCH to the URI of the desired ManagerAccount
resource, as shown in the example in the right pane.
PATCH /redfish/v1/AccountService/Accounts/{accountId}/
{
"Password": "newpassword"
}
Removing a Local User Account
A local user account can be removed with a DELETE to the URI of desired ManagerAccount
resource, as shown in the example in the right pane.
DELETE /redfish/v1/AccountService/Accounts/{accountId}/
Directory Authentication
Enabling or Disabling Local User Accounts
See the examples in the right pane for more information.
PATCH /redfish/v1/AccountService/
{
"LocalAccountAuth": "Disabled"
}
or
json { "LocalAccountAuth": "Enabled" }
Note: Disabling local user accounts is not allowed if both Directory Authentication and Kerberos Authentication are disabled.
Configuring Active Directory Authentication
See the examples in the right pane for examples of configuring active directory authentication.
PATCH /redfish/v1/AccountService/
Example 1 (Using default Active Directory server port 636):
{
"LDAP": {
"ServiceEnabled": true,
"ServiceAddresses": [
"<Active Directory Server host name>"
]
}
}
Example 2 (Using explicit/custom Active Directory server port):
{
"LDAP": {
"ServiceEnabled": true,
"ServiceAddresses": [
"<Active Directory Server host name>:4646"
]
}
}
Configuring LDAP Authentication
See the examples in the right pane for examples of configuring LDAP authentication.
PATCH /redfish/v1/AccountService/
Example 1 (Using default OpenLDAP server port 636):
{
"LDAP": {
"AccountProviderType": "LDAPService",
"ServiceEnabled": true,
"ServiceAddresses": [
"<LDAP Server host name>"
]
}
}
Example 2 (Using explicit/custom OpenLDAP server port):
{
"LDAP": {
"AccountProviderType": "LDAPService",
"ServiceEnabled": true,
"ServiceAddresses": [
"<LDAP Server host name>:4646"
]
}
}
Disable Active Directory and LDAP Authentication (Generic LDAP)
See the example in the right pane for more information.
PATCH /redfish/v1/AccountService/
{
"LDAP": {
"AccountProviderType": "ActiveDirectoryService",
"ServiceEnabled": false,
}
}
Enable and Configure HPE Extended Schema Authentication (for Active Directory only)
See the example in the right pane for more information.
PATCH /redfish/v1/AccountService/
{
"LDAP": {
"ServiceEnabled": true,
"ServiceAddresses": [
"<Active Directory Server host name>"
],
"Authentication": {
"Username": "CN=testdevice,CN=Users,DC=ilotest2,DC=com"
}
},
"Oem": {
"Hpe": {
"DirectorySettings": {
"LdapAuthenticationMode": "ExtendedSchema"
}
}
}
}
Add User Search Contexts
See the examples in the right pane for more information.
PATCH /redfish/v1/AccountService/
Sample Payload-1 (Add two new User Search Contexts, with no existing User Search Context present):
{
"LDAP": {
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"CN=Users,DC=domain,DC=com",
"DC=domain,DC=com"
]
}
}
}
}
Sample Payload-2 (Add a new User Search Context, with two existing User Search Contexts present):
{
"LDAP": {
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"CN=Users,DC=domain,DC=com",
"DC=domain,DC=com",
"DC=testdomain,DC=com"
]
}
}
}
}
Delete User Search Contexts
See the examples in the right pane for more information.
PATCH /redfish/v1/AccountService/
Sample Payload-1 (To delete one/multiple User Search Contexts):
Assume you have three existing User Search Contexts, e.g. “CN=Users,DC=domain,DC=com”, “DC=domain,DC=com” and “DC=testdomain,DC=com”. To delete one, exclude it from the payload and keep the ones to be retained.
{
"LDAP": {
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"CN=Users,DC=domain,DC=com",
"DC=domain,DC=com"
]
}
}
}
}
Sample Payload-2 (To delete all User Search Contexts):
{
"LDAP": {
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
""
]
}
}
}
}
Import LDAP Server CA Certificate
See the example in the right pane for more information.
POST /redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/
{
"CertificateString": "-----BEGIN CERTIFICATE-----
MIIEHTCCAwWgAwIBAgIQe8LmWgF5edKw01/avJg69DANBgkqhkiG9w0BAQsFADCB
…………………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………………
Ow==
-----END CERTIFICATE-----"
}
View LDAP Server CA Certificate Status
See the example in the right pane for more information.
GET /redfish/v1/AccountService/
The property Oem/Hpe/DirectorySettings/LdapCaCertificateLoaded
indicates the status of the certificate.
View LDAP Server CA Certificate Details
GET /redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/{certId}/
NOTE: The LDAP provider supports a single certificate
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.etag": "W/\"A1110A63\"",
"@odata.id": "/redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/1/",
"@odata.type": "#Certificate.v0_9_0.Certificate",
"Id": "1",
"Issuer": "/C=US/O=Hewlett Packard Enterprise Company/OU=Infrastructure Services/CN=Hewlett Packard Enterprise Private Root CA",
"Name": "LDAP Certificate",
"SerialNumber": "7BC2E65A017979D2B0D35FDABC983AF4",
"Subject": "/C=US/O=Hewlett Packard Enterprise Company/OU=Infrastructure Services/CN=Hewlett Packard Enterprise Private Root CA",
"ValidNotAfter": "2025-03-16T23:59:59Z",
"ValidNotBefore": "2015-03-17T00:00:00Z"
}
Add new Directory Groups (No Existing Groups)
See the example in the right pane for more information.
PATCH /redfish/v1/AccountService/
Sample Payload: “Administrator” and “Operator” are predefined Redfish RoleIds. “LDAP” can also be used instead of “ActiveDirectory”.
{
"ActiveDirectory": {
"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "TestGroup1"
},
{
"LocalRole": "Operator",
"RemoteGroup": "TestGroup2"
}
]
}
}
View Directory Groups
See the example in the right pane for more information.
GET /redfish/v1/AccountService/
See the properties under
RemoteRoleMapping
created by the Add operation (fragment of the response):
{
"RemoteRoleMapping": [
{
"LocalRole": "dirgroup4c6c827762dd20dc530c52ef",
"RemoteGroup": "TestGroup1"
},
{
"LocalRole": "dirgroupeb9a3afc9cd9d126249c3aed",
"RemoteGroup": "TestGroup2"
}
]
}
Add New Directory Groups to Existing Groups
See the example in the right pane for more information.
PATCH /redfish/v1/AccountService/
Assume two directory groups (TestGroup1 and TestGroup2 as in the steps above) are present. Use the LocalRole and RemoteGroup values for the existing directory groups from the step above in the payload. Add an additional group “TestGroup3” with “ReadOnly” Redfish Role. “LDAP” can also be used instead of “ActiveDirectory”.
{
"ActiveDirectory": {
"RemoteRoleMapping": [
{
"LocalRole": "dirgroup4c6c827762dd20dc530c52ef",
"RemoteGroup": "TestGroup1"
},
{
"LocalRole": "dirgroupeb9a3afc9cd9d126249c3aed",
"RemoteGroup": "TestGroup2"
},
{
"LocalRole": "ReadOnly",
"RemoteGroup": "TestGroup3"
}
]
}
}
Delete Directory Groups
See the example in the right pane for more information.
PATCH /redfish/v1/AccountService/
Sample Payload-1 (To delete one/multiple Directory Groups): Assume you have three existing directory groups, e.g. “TestGroup1”, “TestGroup2” and “TestGroup3”. To delete “TestGroup3”, exclude it from the payload and keep the ones to be retained. “LDAP” can also be used instead of “ActiveDirectory”.
{
"ActiveDirectory": {
"RemoteRoleMapping": [
{
"LocalRole": "dirgroup4c6c827762dd20dc530c52ef",
"RemoteGroup": "TestGroup1"
},
{
"LocalRole": "dirgroupeb9a3afc9cd9d126249c3aed",
"RemoteGroup": "TestGroup2"
}
]
}
}
Sample Payload-2 (To delete all Directory Groups): “LDAP” can also be used instead of “ActiveDirectory”.
{
"ActiveDirectory": {
"RemoteRoleMapping": [
{}
]
}
}
View Directory Group Privileges
See the example in the right pane for more information.
GET /redfish/v1/AccountService/Roles/
{
"@odata.context": "/redfish/v1/$metadata#RoleCollection.RoleCollection",
"@odata.etag": "W/\"08A22FCA\"",
"@odata.id": "/redfish/v1/AccountService/Roles/",
"@odata.type": "#RoleCollection.RoleCollection",
"Description": "iLO Roles Collection",
"Name": "Roles",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator/"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/Operator/"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly/"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/dirgroup4c6c827762dd20dc530c52ef/"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/dirgroupeb9a3afc9cd9d126249c3aed/"
}
],
"Members@odata.count": 5
}
GET /redfish/v1/AccountService/Roles/{directoryGroupId}/
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.etag": "W/\"D17157B3\"",
"@odata.id": "/redfish/v1/AccountService/Roles/dirgroup4c6c827762dd20dc530c52ef/",
"@odata.type": "#Role.v1_2_1.Role",
"Id": "dirgroup4c6c827762dd20dc530c52ef",
"AssignedPrivileges": [
"Login",
"ConfigureSelf",
"ConfigureManager",
"ConfigureUsers"
],
"Description": "iLO Directory Group Role",
"IsPredefined": false,
"Name": "Group Role",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeDirectoryGroup.HpeDirectoryGroup",
"@odata.type": "#HpeDirectoryGroup.v1_0_0.HpeDirectoryGroup",
"GroupDn": "TestGroup1",
"GroupSid": ""
}
},
"OemPrivileges": [
"RemoteConsolePriv",
"VirtualMediaPriv",
"VirtualPowerAndResetPriv",
"HostBIOSConfigPriv",
"HostNICConfigPriv",
"HostStorageConfigPriv"
],
"RoleId": "dirgroup4c6c827762dd20dc530c52ef"
}
Modify Directory Group Privileges
See the examples in the right pane for more information.
PATCH /redfish/v1/AccountService/Roles/{directoryGroupId}/
Sample Payload-1 (Update AssignedPrivileges): Add/Remove the privileges in the AssignedPrivileges[] array.
{
"AssignedPrivileges": [
"Login",
"ConfigureSelf",
"ConfigureUsers"
]
}
Sample Payload-2 (Update OemPrivileges): Add/Remove the privileges in the OemPrivileges[] array.
{
"OemPrivileges": [
"RemoteConsolePriv",
"VirtualPowerAndResetPriv",
"HostNICConfigPriv",
"HostStorageConfigPriv"
]
}
Enable, Configure, Disable Kerberos Authentication
See the examples in the right pane for more information.
PATCH /redfish/v1/AccountService/
Disable
{
"ActiveDirectory": {
"ServiceEnabled": false
}
}
Enable Sample Payload-1 (Using default KDC server port 88):
Where
“TESTKDCREALM.COM”
is the Kerberos Realm.
{
"ActiveDirectory": {
"ServiceEnabled": true,
"ServiceAddresses": [
"testkdc.hpe.com@TESTKDCREALM.COM"
]
}
}
Enable Sample Payload-2 (Using explicit/custom KDC server port):
{
"ActiveDirectory": {
"ServiceEnabled": true,
"ServiceAddresses": [
"testkdc.hpe.com:8888@TESTKDCREALM.COM"
]
}
}
Import Kerberos Keytab File
See the example in the right pane for more information.
POST /redfish/v1/AccountService/Actions/Oem/Hpe/HpeiLOAccountService.ImportKerberosKeytab/
{
"ImportUri": "http://<URI of keytab file>"
}
Start Directory Test
See the examples in the right pane for more information.
POST on /redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StartTest/
Sample Payload-1 (No parameters):
{
}
Sample Payload-2 (with Test User Name and password):
{
"TestUserName": "TestUser1",
"TestUserPassword": "TestPassword1"
}
Sample Payload-3 (with all parameters):
{
"TestUserName": "TestUser1",
"TestUserPassword": "TestPassword1",
"DirectoryAdminDn": "CN=Administrator,CN=Users,DC=ilotest2,DC=com",
"DirectoryAdminPassword": "AdminPassword"
}
Stop Directory Test
See the example in the right pane for more information.
POST /redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StopTest/
(empty payload)
{
}
View Directory Test Result
See the example in the right pane for more information.
GET /redfish/v1/AccountService/DirectoryTest/
{
"@odata.context": "/redfish/v1/$metadata#HpeDirectoryTest.HpeDirectoryTest",
"@odata.etag": "W/\"6B3F28F1\"",
"@odata.id": "/redfish/v1/AccountService/DirectoryTest/",
"@odata.type": "#HpeDirectoryTest.v1_0_0.HpeDirectoryTest",
"Id": "DirectoryTest",
"Actions": {
"#HpeDirectoryTest.StartTest": {
"target": "/redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StartTest/"
},
"#HpeDirectoryTest.StopTest": {
"target": "/redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StopTest/"
}
},
"OverallStatus": "NotRun",
"TestResults": [
{
"Notes": "",
"Status": "NotRun",
"TestName": "Directory Server DNS Name"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "Ping Directory Server"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "Connect to Directory Server"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "Connect using SSL"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "Bind to Directory Server"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "Directory Administrator login"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "User Authentication"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "User Authorization"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "Directory User Contexts"
},
{
"Notes": "",
"Status": "NotRun",
"TestName": "LOM Object exists"
}
]
}
Implementation of Two Factor Authentication (TFA) in Redfish
Two Factor Authentication is a security feature that enhances security while logging in and creating a user session. TFA uses a One Time Password (OTP) token along with the username and password credentials. When a Microsoft Active Directory user logs in, the user needs to provide the 6 digit token (OTP) received over email.
Two Factor Authentication (TFA) is applicable for Microsoft Active Directory users when enabled
.
Pre-requisites for using Two Factor Authentication
- Both
TwoFactorAuth
andSMTPForTFAEnabled
must beenabled
andtrue
respectively. - To enable
TwoFactorAuth
, the following should be enabled:LDAPAuthenticationMode
LDAPService
SMTPForTFAEnabled
Enabling SMTP For Two Factor Authentication
SMTPForTFAEnabled
indicates SMTP for Two Factor Authentication (TFA). Perfom GET
on /redfish/v1/AccountService
. The supported values are Enabled
and Disabled
.
NOTE: To enable SMTPForTFAEnabled
, AlertMailSenderDomain
and AlertMailSMTPServer
should be set correctly.
GET /redfish/v1/AccountService
{
"SNMPService": {
"@odata.id": "/redfish/v1/Managers/1/SnmpService"
},
"RemoteSyslogEnabled": false,
"RemoteSyslogPort": 514,
"RemoteSyslogServer": "stuv",
"SMTPForTFAEnabled": false,
"SNMPTrapPort": 162,
"SerialOverLanLogging": false,
"VirtualMediaEncryptionEnabled": true,
"WebProxyConfiguration": {
"ProxyPassword": null,
"ProxyPort": null
}
}
To enable SMTPForTFAEnabled
, perform PATCH
on /redfish/v1/Managers/1/NetworkProtocol
. The supported values are true
and false
.
PATCH /redfish/v1/Managers/1/NetworkProtocol
PATCH Payload
{
"Oem": {
"Hpe": {
"SMTPForTFAEnabled": "true"
}
}
}
{
"error":{
"code": "iLO.0.10ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information",
"@Message.ExtendedInfo": {
"MessageId": "Base.1.4.Success"
}
}
}
Enabling Two Factor Authentication
TwoFactorAuth
indicates if Two Factor Authentication (TFA) is enabled or not. Perform GET
on /redfish/v1/AccountService
. The supported values are Enabled
and Disabled
.
NOTE: Attempting to authenticate using Basic-Auth
when TFA is enabled
will result in a 401 Unauthorized No Valid Session
response if the user account used is a Microsoft Active Directory user.
GET /redfish/v1/AccountService
{
"DirectorTest" : {
"@odata.id": "/redfish/v1/AccountService/DirectoryTest"
},
"EnforcePasswordComplexity": false,
"KerberosSettings": {
"KDCServerPort": 88,
"KerberosRealm": "ILOQA.COM"
},
"MinPasswordLength": 8,
"TwoFactorAuth": "Enabled"
}
To enable or disable TwoFactorAuth
, perform PATCH
on /redfish/v1/AccountService
. The supported values are Enabled
and Disabled
.
PATCH /redfish/v1/AccountService
PATCH Payload
{
"Oem": {
"Hpe": {
"TwoFactorAuth": "Enabled"
}
}
}
{
"error":{
"code": "iLO.0.10ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information",
"@Message.ExtendedInfo": {
"MessageId": "Base.1.4.Success"
}
}
}
NOTE : Both TwoFactorAuth
and SMTPForTFAEnabled
should be enabled
and true
respectively to enable Two Factor Authentication.
Creating a User Session
When Two Factor Authentication is enabled
and the Microsoft Active Directory user credentials are entered, a OneTimePasscodeSent
response message appears and an One Time Password (OTP) will be sent to the configured Microsoft Active Directory user email id.
To obtain the One Time Password (OTP) perform POST
on /redfish/v1/Sessions
POST /redfish/v1/Sessions
POST Payload
{
"UserName": "jason",
"Password": "words123"
}
{
"error":{
"code": "iLO.0.10ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information",
"@Message.ExtendedInfo": [
{
"MessageArgs": [
"configured mail"
],
"MessageId": "Base.1.17.OneTimePasscodeSent"
}
]
}
}
This OTP is entered in the POST
payload as a Token
along with the Microsoft Active Directory user credentials.
The Token is 6 digit positive non-zero integer value.
POST /redfish/v1/Sessions
POST Payload
{
"UserName": "jason",
"Password": "words123",
"Token": "123456"
}
{
"@odata.context": "/redfish/v1/$metadata#Session.Session",
"@odata.etag": "W/_\"3F61854C",
"@odata.id": "/redfish/v1/SessionService/Sessions/fewe0000648857f74474c42",
"@oata.type": "Session.v1_0_0.Session",
"Id": "jason0000648857f74474c42"
}
Managing Time in iLO 5
iLO 5 obtains the date and time from one of several sources and is not manually configurable.
- Network Time Protocol (NTP) Servers
- System UEFI during Boot
- BladeSystem C-Class Onboard Administrator
The configurable iLO 5 Time/Date related configuration properties are:
- Time zone
- Network Time Protocol Server addresses
- Option to synchronize the host to iLO 5’s date and time during first boot after AC power is applied (
PropagateTimeToHost
boolean)
iLO 5 Date and Time
iLO 5 current date and time is available in the main Manager
resource at /redfish/v1/Managers/{id}
GET /redfish/v1/Managers/{id}
"DateTime": "2019-01-06T17:11:53Z",
"DateTimeLocalOffset": "-06:00",
Date/Time Service Resource
A link exists in /redfish/v1/Managers/{id}
to the iLO 5 Date/Time Service. See Oem/Hpe/Links/DateTimeService
. This points to a DateTime resource at /redfish/v1/Managers/{id}/DateTime
.
Time Zone Management
Time Zone configuration is performed with a PATCH to the DateTime
resource at /redfish/v1/Managers/{id}/DateTime
.
The available time zones are available in the TimeZoneList
property. Take note of the Index
value of the time zone you wish iLO 5 to be configured with. Then PATCH
the TimeZone.Index
property:
PATCH /redfish/v1/Managers/{id}/DateTime
{
"TimeZone": {
"Index": 4
}
}
If the operation is successful, iLO 5 will respond with HTTP 200 OK
and ResetRequired
. An iLO 5 reset is required for date and time operations to be applied. After a successful PATCH the ConfigurationSettings
property will contain SomePendingReset
indicating that some settings have changed but will not take effect until iLO 5 is reset.
If the time zone is configured to be managed by DHCP, iLO 5 will respond with HTTP 400
and SNTPConfigurationManagedByDHCPAndIsReadOnly
(see Using DHCP Supplied Time Settings).
Configuring Network Time Protocol (NTP)
The currently configured Network Time Protocol (NTP) servers are available in the DateTime
resource at /redfish/v1/Managers/{id}/DateTime
.
GET /redfish/v1/Managers/{id}/DateTime
{
"NTPServers": [
"<NTP server 1>",
"<NTP server 2>"
]
}
If NTP is not being managed by DHCP, you may PATCH server addresses into the StaticNTPServers
array.
PATCH /redfish/v1/Managers/{id}/DateTime
{
"StaticNTPServers": [
"<NTP server 1>",
"<NTP server 2>"
]
}
or to set one address
{
"StaticNTPServers": [
"<NTP server 1>"
]
}
If the operation is successful, iLO 5 will respond with HTTP 200 OK
and ResetRequired
. An iLO 5 reset is required for date and time operations to be applied. After a successful PATCH the ConfigurationSettings
property will contain SomePendingReset
indicating that some settings have changed but will not take effect until iLO 5 is reset.
If the time zone is configured to be managed by DHCP, iLO 5 will respond with HTTP 400
and SNTPConfigurationManagedByDHCPAndIsReadOnly
(see Using DHCP Supplied Time Settings).
Example Use Cases
NOTE: The examples in this section use a pseudo-code syntax for clarity. JSON pointer syntax is used to indicate specific properties.
Reading BIOS Current Settings
To GET the current BIOS configuration:
curl https://{iLO}/redfish/v1/systems/1/bios/settings/ -i --insecure -u username:password -L
# Make sure the DMTF redfish library is not loaded before loading
# the HPE python-ilorest-library:
# pip uninstall redfish
# pip install python-ilorest-library
import sys
import json
from redfish import RedfishClient
# When running remotely, connect using the iLO address, iLO account name,
# and password to send https requests.
SYSTEM_URL = "https://{BMC}"
LOGIN_ACCOUNT = "username"
LOGIN_PASSWORD = "password"
ca_cert_data = {}
# Create a REST object
REDFISHOBJ = RedfishClient(base_url=SYSTEM_URL, username=LOGIN_ACCOUNT, password=LOGIN_PASSWORD, ca_cert_data=ca_cert_data)
# Login
REDFISHOBJ.login()
# Get the resource you need.
response = REDFISHOBJ.get("/redfish/v1/systems/1/bios/")
print('Response: '+json.dumps(response.dict, indent=4, sort_keys=True))
Response
{
"@Redfish.Settings": {
"@odata.type": "#Settings.v1_0_0.Settings",
"ETag": "5DFD7F66",
"Messages": [
{
"MessageId": "Base.1.0.Success"
}
],
"SettingsObject": {
"@odata.id": "/redfish/v1/systems/1/bios/settings/"
},
"Time": "2001-05-07T20:28:28+00:00"
},
"@odata.context": "/redfish/v1/$metadata#Bios.Bios",
"@odata.etag": "W/\"D230AB047BF85050500CD97692925EA4\"",
"@odata.id": "/redfish/v1/systems/1/bios/",
"@odata.type": "#Bios.v1_0_0.Bios",
"Actions": {
"#Bios.ChangePassword": {
"target": "/redfish/v1/systems/1/bios/settings/Actions/Bios.ChangePasswords/"
},
"#Bios.ResetBios": {
"target": "/redfish/v1/systems/1/bios/settings/Actions/Bios.ResetBios/"
}
},
"AttributeRegistry": "BiosAttributeRegistryU32.v1_1_20",
"Attributes": {
"AcpiHpet": "Enabled",
"AcpiRootBridgePxm": "Enabled",
...
...
"XptPrefetcher": "Enabled",
"iSCSIPolicy": "SoftwareInitiator"
},
"Id": "bios",
"Name": "BIOS Current Settings",
"Oem": {
"Hpe": {
"@odata.type": "#HpeBiosExt.v2_0_0.HpeBiosExt",
"Links": {
"BaseConfigs": {
"@odata.id": "/redfish/v1/systems/1/bios/baseconfigs/"
},
"Boot": {
"@odata.id": "/redfish/v1/systems/1/bios/boot/"
},
"Mappings": {
"@odata.id": "/redfish/v1/systems/1/bios/mappings/"
},
"TlsConfig": {
"@odata.id": "/redfish/v1/systems/1/bios/tlsconfig/"
},
"iScsi": {
"@odata.id": "/redfish/v1/systems/1/bios/iscsi/"
}
},
"SettingsObject": {
"UnmodifiedETag": "W/\"7F8B308F162455555532A6400C9EEBC3\""
}
}
}
}
The iLO RESTful API enables UEFI BIOS configuration. The link to the BIOS configuration is from the computer system object.
Changing Pending Settings and understanding “@Redfish.Settings”.
The current configuration object for BIOS is read-only. This object contains a link to a Settings resource that you can perform a PATCH operation on. This is the “pending settings.” If you GET the Settings resource, the returned information shows that you can perform PATCH operations. You can change properties and then perform a PATCH patch operation using the Settings URI. Changes to pending settings do not take effect until the server is reset. Before the server is reset, the current and pending settings are independently available. After the server is reset, the pending settings are applied and you can view any errors in the “@Redfish.Settings” property on the main object.
There are benefits to handling BIOS settings in this way:
- Enables offline components (for example, BIOS) to process changes to settings in a deferred manner.
- Allows current and pending values to remain available for review until the offline component processes the pending settings.
- Avoids the need for complex job queues.
Updating the BIOS settings example
curl -H "Content-Type: application/json" -X PATCH --data "@data.json" https://{iLO}/redfish/v1/Systems/1/bios/settings/ -u username:password --insecure
Contents of data.json
{“Attributes”:{“AdminName”: “NewName”}}
For a full Redfish example click here: change_bios_setting.py
The minimum required session ID privileges is Configure.
- Iterate through
/redfish/v1/Systems
and choose a member ComputerSystem. Result ={ilo-ip-address}/redfish/v1/Systems/1/BIOS
- Find a link in the
Oem/Hp/links
calledBios
and note theBiosURI
. GET BiosObj
fromBiosURI
and note that it only allowsGET
(this is the current settings).- Find a link in
BiosObj
calledSettings
and note this URI. - Obtain the BIOS settings using the URI from step 4.
GET {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings
- Create a new JSON object with the
AdminName
property changed to{"Attributes":{"AdminName":"Joe Smith"}}
. - Update the BIOS settings. You only need to send the updated
AdminName
property in the request body.PATCH {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings
- Obtain the BIOS settings to verify you made the change to the AdminName property.
GET {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings
When the server is reset, the BIOS settings are validated and adopted.
Reading BIOS Defaults example
The BIOS current configuration object contains a link to a separate read-only object, BaseConfigs
, which lists the BIOS default settings. To get the BIOS BaseConfigs
resource:
curl https://{iLO}/redfish/v1/systems/1/bios/BaseConfigs/ -i --insecure -u username:password -L
import sys
from redfish import AuthMethod, redfish_logger, redfish_client
# When running remotely, connect using the iLO address, iLO account name,
# and password to send https requests.
iLO_host = "https://16.84.27.67"
login_account = "admin"
login_password = "password"
## Create a REDFISH object
REDFISH_OBJ = redfish_client(base_url=iLO_host,username=login_account, \
password=login_password, default_prefix="/redfish/v1")
# Login into the server and create a session
REDFISH_OBJ.login(auth="session")
# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/systems/1/bios/BaseConfigs/", None)
# Print out the response
sys.stdout.write("%s\n" % response)
# Logout of the current session
REDFISH_OBJ.logout()
The results looks something like this:
Response
{
"@odata.context": "/redfish/v1/$metadata#HpeBaseConfigs.HpeBaseConfigs",
"@odata.etag": "W/\"1BAB2532EC201D1D1DFED6F112252823\"",
"@odata.id": "/redfish/v1/systems/1/bios/baseconfigs/",
"@odata.type": "#HpeBaseConfigs.v2_0_0.HpeBaseConfigs",
"BaseConfigs": [
{
"default": {
"AcpiHpet": "Enabled",
"AcpiRootBridgePxm": "Enabled",
"AcpiSlit": "Enabled",
...
...
"XptPrefetcher": "Auto",
"iSCSIPolicy": "SoftwareInitiator"
}
}
],
"Capabilities": {
"BaseConfig": true,
"BaseConfigs": false
},
"Id": "baseconfigs",
"Name": "BIOS Default Settings"
}
Notice that BaseConfigs
contains an array of default sets (or base configuration sets). Each base config set contains a list of BIOS properties and their default values. The default base config set contains the BIOS manufacturing defaults. It is possible for BaseConfigs
to contain other sets, like default.user
for user custom defaults.
BIOS resources and attribute registry overview
The BIOS resources are formatted differently than most other resources. BIOS resources do conform to a schema type as all objects do. However, BIOS settings vary widely across server types and BIOS revisions, so it is extremely difficult to publish a standard schema defining all the possible BIOS setting properties. Furthermore, it is not possible to communicate some of the advanced settings such as inter-setting dependencies, and menu structure in json-schema. Therefore, BIOS uses an Attribute Registry.
Attribute registry
The BIOS Current Configuration resource has a property called AttributeRegistry
. This property indicates the name and version of a registry file that defines the properties in the BIOS configuration. It also includes information about interdependencies between settings.
Due to their size, BIOS Attribute Registries are compressed JSON resources (gzip), so the returned HTTP headers indicate a content-encoding of gzip.
The REST client will need to decompress the resource. This is done automatically in many web clients (like the Postman
plugin).
BIOS attribute registry structure
The BIOS attribute registries contains three top-level arrays:
- Menus: Array containing the BIOS attributes menus and their hierarchy. This can be used
(for instance) to build a user interface that resembles the local BIOS Setup, or to group
properties that are related such as
ProcessorOptions
andUsbOptions.
- Attributes: Array containing BIOS attributes and information about the attributes such as type, values, etc.
- Dependencies: Array containing a list of dependencies of BIOS attributes on this server.
This includes inter-setting dependencies that might cause one BIOS setting to change its
value or its
ReadOnly
property based on the value of another BIOS setting. - BaseConfigs: Array containing a list of default manufacturing settings of BIOS attributes.
This is equivalent to reading the BaseConfigs resource and parsing the object named
default.
BIOS attributes
Each BIOS attribute in the attribute registry includes:
- Type of each BIOS attribute (enum, string, numeric, or Boolean).
- Possible values for enum type attributes.
- Display strings (localized to the registry language) for the attributes and their possible values.
- Help text and warning text (localized).
- Location and display order information, including menu hierarchy for an attribute. BIOS 25
- Value limits, including maximum, minimum, and step values for numeric attributes, and minimum and maximum character lengths, as well as regular expressions for string attributes.
- And other meta-data.
Example to reset all BIOS and boot order settings to factory defaults
- Iterate through
/redfish/v1/Systems/
and choose a memberComputerSystem.
Find the BIOS settings resource by following theBios
property link.- BiosSettingsURI =
{ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
- BiosSettingsURI =
- Obtain the BIOS and boot order pending settings.
- GET @
{ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
- GET @
- Create a new JSON object with the
RestoreManufacturingDefaults
property and change the value toYes
. Be sure to include the top level JSONAttributes
property.- JSON = {“Attributes”:{“RestoreManufacturingDefaults”:“Yes”}}
- Make a PATCH request with the new JSON to the
BiosSettingsUri
. You only need to send the updatedRestoreManufacturingDefaults
property in the request body.PATCH {"Attributes":{"RestoreManufacturingDefaults":"Yes"}} @ {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
Reverting BIOS UEFI settings to default example
curl -H "Content-Type: application/json" -X POST --data "@data.json" https://{iLO}/redfish/v1/Systems/1/bios/settings/ -u username:password --insecure
Contents of data.json
{“Attributes”:{“BaseConfig”: “default”}}
For a full Redfish example click here: bios_revert_default.py
The BIOS Settings resource supports a special feature that allows you to revert BIOS settings to default for the selected resource. This is accomplished by performing the PATCH or PUT operation on a special property in the BIOS settings object: {“BaseConfig”: “default”}. This can be combined with other property sets to first set default values and then set specific settings all in one operation.
NOTE: The BaseConfig
property might not already exist in the BIOS or BIOS Settings
resources. To determine if the BIOS resource supports reverting the settings to default, GET
the
BIOS BaseConfigs
resource, and view the Capabilities
property.
- Iterate through
/redfish/v1/Systems/
and choose a memberComputerSystem
. Find the BIOS settings resource by following theBios
property link.- BiosSettingsURI =
{ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
- BiosSettingsURI =
- Obtain the BIOS pending settings.
- GET @
{ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
- GET @
- Create a new JSON object with the
BaseConfig
property and change the value todefault
. Be sure to include the top level JSONAttributes
property.- JSON = {“Attributes”:{“BaseConfig”:“default”}}
- Make a PUT request with the new JSON to the
BiosSettingsUri
. You only need to send the updatedBaseConfig
property in the request body.PUT {"Attributes":{"BaseConfig":"default"}} @ {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
When the sever is reset, the BIOS UEFI settings are reverted to default.
NOTE:
- You might also view the default values for BIOS settings by finding the resource type
HpeBaseConfigs.
{ilo-ip-address}/redfish/v1/Systems/1/BIOS/BaseConfigs
BaseConfig
can be combined with other property values to first reset everything to default and then apply some specific settings in one operation.
Enabling BIOS UEFI Secure Boot example
curl -H "Content-Type: application/json" -X PATCH --data "@data.json" https://{iLO}/redfish/v1/Systems/1/SecureBoot/ -u username:password --insecure
Contents of data.json
{“SecureBootEnable”:true}
For a full Redfish example click here: enable_secure_boot.py
The minimum required session ID privileges is Configure.
- Iterate through
/redfish/v1/Systems/
and choose a member ComputerSystem. Find a child resource of typeHpSecureBoot
that allowsPATCH
operations (there might be more than one, but for this exercise, choose the first one).{ilo-ip-address}/redfish/v1/Systems/1/SecureBoot/
- Obtain the secure boot settings.
GET {ilo-ip-address}/redfish/v1/Systems/1/SecureBoot/
- Create a new JSON object with the
SecureBootEnable
property changed to{"SecureBootEnable":true}.
- Update the secure boot settings. Send the updated
SecureBootEnable
property in the request body.PATCH {ilo-ip-address}/redfish/v1/Systems/1/SecureBoot/
When the sever is reset, the boot settings are validated and adopted.
Example iSCSI Software Initiator configuration
Existing example resource:
{
"iSCSISources": [
{
"iSCSIAttemptInstance": 1,
...
},
{
"iSCSIAttemptInstance": 2,
...
},
{
"iSCSIAttemptInstance": 0,
...
},
{
"iSCSIAttemptInstance": 0,
...
}
],
...
}
{
"iSCSISources": [
{},
{
"iSCSIConnectRetry": 2
},
{
"iSCSIAttemptInstance": 3,
"iSCSIAttemptName": "Name",
"iSCSINicSource": "NicBootX"
...
},
{}
]
}
The iSCSI Software Initiator allows you to configure an iSCSI target device to be used as a boot
source. The BIOS current configuration object contains a link to a separate resource of type
HpeiSCSISoftwareInitiator.
The BIOS current configuration resource and the iSCSI Software
Initiator current configuration resources are read-only. To change iSCSI settings, you need to
follow another link to the Settings
resource, which allows PUT
and PATCH
operations.
The iSCSI target configurations are represented in an iSCSISources
property, that is an
array of objects, each containing the settings for a single target. The size of the array represents
the total number of iSCSI boot sources that can be configured at the same time. Many mutable
properties exist, including iSCSIAttemptInstance,
which can be set to a unique integer
in the range [1, N], where N is the boot sources array size. By default, this instance number is 0
for all objects, indicating that the object should be ignored when configuring iSCSI.
Each object also contains two read-only properties—StructuredBootString
and
UEFIDevicePath
, which are only populated after the target has been successfully configured
as a boot source. More information about each property is available in the corresponding schema.
The iSCSI initiator name is represented by the iSCSIInitiatorName
property.
An additional read-only property, iSCSINicSources,
is only shown in the iSCSI current
configuration resource. This property is an array of strings representing the possible NIC instances
that can be used as targets for iSCSI boot configuration. To confirm which NIC device each string
corresponds to, it is recommended to cross-reference two other resources:
- A resource of type
HpeBiosMapping
can be found through aMappings
link in the BIOS current configurations resource. Within itsBiosPciSettingsMappings
property is an array of mappings between BIOS-specific device strings (such as theNIC
source string) and aCorrelatableID
string that can be used to refer to the same device in non-BIOS contexts. - A collection of
HpeServerPciDevices
may be found through a PCIDevices link in theComputerSystem
resource. The specific PCI device corresponding to the NIC instance can be found by searching for theCorrelatableID
that will usually match aUEFIDevicePath.
Once theHpeServerPciDevice
resource is found, you have access to all the human-readable properties useful for describing a NIC source.
Changing the iSCSISources
and iSCSIInitiatorName
settings can be done through
PATCH
operations, very similar to how HpeBios
settings are changed. However, whereas all BIOS
settings are located in a single flat object, iSCSI settings are nested into arrays and sub-objects.
When doing a PATCH
operation, use empty objects ({}
) in place of those boot source objects
that you do not want to alter.
The following example covers a situation where you have configured two iSCSI boot sources, and you would like to edit some existing settings, and add a third source.
- Iterate through
/redfish/v1/Systems
and choose a memberComputerSystem.
Find a child resource of typeHpiSCSISoftwareInitiator
that allows PATCH operations.{ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings/
Inspect the existing
iSCSIBootSources
array. You need to inspect theiSCSIBootAttemptInstance
property of each object to find the boot sources you are prefer to change.Create a new JSON object with the iSCSIBootSources property.
- Use an empty object in the position of instance 1 to indicate that it should not be modified. Use an object in the position of instance 2 containing the properties that should be modified—all omitted properties will remain unmodified.
- To add a new boot source, find any position of instance 0 and replace it with an object containing all the new settings, and most importantly, a new unique value of iSCSIBootAttemptInstance.
Change the iSCSI software initiator settings.
PATCH {ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings/
Changing Boot Settings
UEFI boot structured name string
This UEFI boot structured name string is unique and represents each UEFI boot option in the system. Software can identify and manipulate devices using the string’s fixed format as defined in this specification. Software can assume that the string unique for each boot device in the UEFI BootOrder.
The UEFI boot structured name string is divided into sections separated by ‘.’ characters, using the following format:
- DeviceType: The first section describes the device type (For example,
HD,
CD,
NIC,
andPCI.
). - Location: The second and the third section together describes the location of the device
(For example,
Slot.7
orEmb.4
). - Instance: The third section is used with the
Location
section to describe the device location (for example, the slot number or embedded instance number). - Sub-instance: The fourth section is optional, and is used as a sub-instance number in case of multiple boot options using the same instance. For example, this can be the port number for a multi-port NIC.
- Qualifier: The fifth section is optional, and describes the logical protocol (for example, IPv4, IPv6, and iSCSI).
UEFI boot structured name string examples
Table 1 Examples
Name | Description |
---|---|
HD.Emb.4.2 | The second instance of a hard drive in embedded SA controller bay 4 |
NIC.Slot.7.2.IPv4 | Port 2 of a NIC in PCIe slot 7, which is enabled for PXE IPv4 |
NIC.FlexLOM.1.1.IPv6 | Port 1 of an embedded NIC FlexLOM, which is enabled for PXE IPv6 |
PCI.Slot.6.1 | PCIe card in slot 6 |
HD.FrontUSB.2.2 | Second partition of a flash drive in front USB port 2 |
Table 2 Examples of currently supported Structured Boot Strings
Device Type | Location | Instance | Sub instance | Qualifier | Structure Boot String Examples |
---|---|---|---|---|---|
Smart Array Hard Drive | Embedded | Bay number | Incremental by LUN | HD.Emb.1.1 | |
Slot | Slot number | Incremental by LUN | HD.Slot.1.1 | ||
Smart Array Controller | Embedded | Controller Instance | 1 | RAID.Emb.1.1 | |
Slot | Slot number | 1 | RAID.Slot.1.1 | ||
Dynamic Smart Array Controller (Software RAID) | Embedded | 1 | 1 | Storage.Emb.1.1 | |
Slot | Controller Instance | 1 | Storage.Slot.1.1 | ||
SATA Hard Drive | Embedded | SATA port # 1 | HD.Emb.1.1 | ||
SATA Controller | Embedded | Controller Instance | 1 | SATA.Emb.1.1 | |
All other storage controllers (FC, SAS, etc…) | Embedded | 1 | 1 | Storage.Emb.1.1 | |
Slot | Slot # | 1 | Storage.Slot.1.1 | ||
Network Adapter | LOM | NIC number, 1 for 1st NIC, 2 for 2nd NIC | Port number | IPv4 or IPv6 or iSCSI or FCoE | NIC.LOM.1.2.IPv4, NIC.LOM.1.2.IPv6 |
FlexibleLOM | FlexibleLOM number, 1 for 1st FlexLOM, 2 for 2nd FlexLOM | Port Number | IPv4 or IPv6 or iSCSI or FCoE | NIC.FlexLOM.2.1.IPv4, NIC.FlexLOM.2.1.IPv6 | |
Slot | Slot Number | Port number | IPv4 or IPv6 or iSCSI or FCoE | NIC.Slot.3.2.Ipv4 | |
Fiber Channel Adapter | Slot | Slot number | Port number | IPv4 or IPv6 or iSCSI or FCoE | PCI.Slot.3.1 |
OS Boot entry (such as Embedded HD.Slot.1.2 “Windows Boot Manager”) | Slot | Embedded | Incremental | HD.Emb.1.2, HD.Slot.1.2 | |
USB Key | Front USB | USB Port # | Incremental by LUN | HD.FrontUSB.1.1 | |
Rear USB | USB Port # | Incremental by LUN | HD.RearUSB.1.1 | ||
Internal USB | USB Port # | HD.InternalUSB.1.1 | |||
iLO virtual media | HD.Virtual.1.1 | ||||
ISO image | iLO virtual media | CD.Virtual.2.1 | |||
Virtual Install Disk (VID) | Embedded store | USB Port # | HD.VirtualUSB.1.1 | ||
Embedded User Partition | Embedded store | USB Port # | HD.VirtualUSB.2.1 | ||
USB CD/DVD | Front USB | USB Port # | CD.FrontUSB.1.1 | ||
Rear USB | USB Port # | CD.RearUSB.1.1 | |||
Internal USB | USB Port # | xxxxxxxx | |||
SD card | SD slot | USB Port # | HD.SD.1.1 | ||
Floppy | Front USB, Rear USB | USB Port # | FD.FrontUSB.1.1, FD.RearUSB.1.1 | ||
Embedded UEFI Shell | Embedded | 1 | 1 | Shell.Emb.1.1 | |
UEFI applications (embedded in the ROM firmware) (Diag, System Utility, etc..) | Embedded | 1 | Incremental | App.Emb.1.1, App.Emb.1.2, App.Emb.1.3 | |
File | URL | Different URL Increased by 1 | 1 | File.URL.1.1 | |
HPE RAM Disk Device | RAM Memory | 1 | Port Number | RAMDisk.Emb.1.1 | |
Special USB device class with Device Path: UsbClass(0xFFFF, 0xFFFF, 0xFF, 0xFF, 0xFF) | Any USB device in the system | 1 | Generic.USB.1.1 | ||
Empty slot, no device | Slot | Slot number | 1 | PCI.Slot.2.1 | |
Unknown device | Embedded Slot Unknown location | Slot number or 1 | Incremental | Unknown.Slot.1.1, Unknown.Unknown.1.1 | |
NVMe | Slot | Slot number | NVMe drive number (The number is based on bus enumeration sequence). | NVMe.Slot.1.1 | |
NVMe | Embedded | Bay number | 1 (Each drive bay has 1 NVMe drive.) | NVMe.Emb.1.1 |
Change UEFI boot order example
For more information click on the python tab.
For a full Redfish example click here: change_boot_order.py
The BIOS current configuration object contains a link to a separate read-only resource of type
HpeServerBootSettings
that lists the UEFI Boot Order current configuration. This is the system
boot order when the system is configured in the UEFI Boot Mode. The UEFI Boot Order current
configuration resource contains a BootSources
property, which is an array of UEFI boot sources.
Each object in that array has a unique StructuredBootString,
among other properties that
identify that boot source.
The UEFI boot order list itself is represented in a separate PersistentBootConfigOrder
property that is an ordered array of boot sources, each referenced by its
StructuredBootString.
In addition, a DesiredBootDevices
property lists a separate
ordered list of desired boot sources that might not be listed in the BootSources
property. This
is useful for configuring boot from a specific SCSI or FC LUN or iSCSI target that might have not
been configured (and discovered by BIOS) yet.
As with the BIOS current configuration resource, the UEFI Boot Order current configuration
resource is read only (as evident by the allow header, which do not list PATCH
as an allowed
operation). To change the UEFI Boot Order, you need to follow the link to a separate Settings
resource that you can perform a PATCH
operation on that contains the pending UEFI Boot Order
settings, and update that PersistentBootConfigOrder
and/or the DesiredBootDevices
properties in that Settings resource. The settings remain pending until next reboot, and the results
are reflected back in the @Redfish.Settings
property in the UEFI Boot Order current configuration
resource.
Prerequisites: Minimum required session ID privileges: Configure
- Iterate through
/redfish/v1/Systems/
and choose a memberComputerSystem.
Find a child resource of typeHpeServerBootSettings
that allowsPATCH
operations (there might be more than one, but for this exercise, hoose the first one).{ilo-ip-address}/redfish/v1/Systems/1/BIOS/Boot/Settings/
- Obtain the UEFI boot order.
GET {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Boot/Settings/
- Create a new JSON object with the
PersistentBootConfigOrder
property and change the boot order. - Change the UEFI boot order. You only need to send the updated
PersistentBootConfigOrder
property in the request body.PATCH {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Boot/Settings/
When the sever is reset, the new boot order is validated and used.
Reset a Server
Server power control is a system-node-level entity, not a chassis-level control. For example, you can turn on one node in a multi-node chassis. You control power by performing an HTTP operation on a computer system node object.
Some operations in the interface are not truly RESTful GET,
PUT,
POST,
DELETE,
or PATCH.
They
are called custom actions and are performed with an HTTP POST
containing a specific request
payload. Typically, actions are defined when the action you want to perform is not adequately
represented by the properties available in the type. For example, a power button is not readable,
so you cannot GET
the status of the power button. In this case, pressing the power button is an
action.
Actions are POST
operations with an Action
property that names the action to perform and zero
or more parameter properties.
Reset a server example
curl --header "Content-Type: application/json" --request POST --data '{"ResetType": "ForceRestart"}' https://{iLO}/redfish/v1/Systems/1/Actions/ComputerSystem.Reset -u username:password --insecure
Prerequisites
Minimum required session ID privileges: Configure
- Iterate through
/redfish/v1/Systems
collection and choose a memberComputerSystem
that allowsPOST
operations.{ilo-ip-address}/redfish/v1/Systems/1
- Get the “Actions” -> “#ComputerSystem.Reset” -> “target” Uri.
- Construct an Action object to submit to iLO.
{"ResetType":"ForceRestart"}
- Reset the server by posting the body to the target Uri.
POST {ilo-ip-address}/redfish/v1/Systems/1/Actions/ComputerSystem.Reset/
The server resets and reboots.
Download Active Health System Data
For more information click on the python tab.
For a full Redfish example click here: get_ahs_data.py
Active Health System (AHS) data may be accessed by first discovering the resource of type HpiLOActiveHealthSystem
. This is typically at https://{iLO}/redfish/v1/managers/{item}/activehealthsystem/
. Refer to the section on Iterating Collections for details on how to navigate the data model.
Iterate the Managers collection at
https://{iLO}/redfish/v1/managers/
. For traditional iLO-based server architectures there is a single manager representing iLO 5 itself.Find the
Link
property referring to theHpiLOActiveHealthSystem
and follow that link.GET the
HpiLOActiveHealthSystem
resource and look for the URI indicated byLinks.AHSLocation.extref
.Perform a GET to this URI with the following query parameters to define the download time range and embed customer case information:
from
: the starting date of the download range (in YYYY-MM-DD format)to
: the ending date of the download range (in YYYY-MM-DD format)case_no
: case identification stringco_name
: company or organization namecontact
: contact nameemail
: contact email addressphone
: contact phone number
If successful, the response is an HTTP 200 level status code and a binary download which can be saved to a file.
Finding the iLO mac address
For more information click on the python tab.
For a full Redfish example click here: find_ilo_mac_address.py
Before you search for the iLO mac address, you must create an instance of a RestObject
or RedfishObject
. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.
Adding an iLO user account
For more information click on the python tab.
For a full Redfish example click here: add_user_account.py
Before you add an iLO user account, you must create an instance of a RestObject
or RedfishObject
. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.
Setting a license key
curl -H "Content-Type: application/json" -X POST --data "@data.json" https://{iLO}/redfish/v1/Managers/1/LicenseService/ -u username:password --insecure
Contents of data.json
{“LicenseKey”: “xxxxx-xxxxx-xxxxx-xxxxx-xxxxx”}
For a full Redfish example click here: set_license_key.py
Before you set a license key, you must create an instance of a RestObject
or RedfishObject
. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.
Changing an iLO user account
For more information click on the python tab.
For full Redfish examples click here: modify_user_account.py, remove_account.py
Before you change an iLO user account, you must create an instance of a RestObject
or RedfishObject
. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.
iLO 5 Software/Firmware Update Service
The Redfish standard schema package DSP8010 version 2016.2 introduced the “UpdateService” schema, enabling firmware and software inventory, and simple firmware updates. The iLO 5 Update Service is conformant with the “UpdateService” schema, but significantly expands the capabilities to include a component repository, an update queue, and install sets.
Concepts and Terms
Term | Definition |
---|---|
Inventory | The installed or running versions of software or firmware. |
Target | The object of a firmware or software update (e.g. BIOS, iLO, Network Adapter, software package). |
Update | The process of applying updated firmware or software to applicable targets. |
Update Agent | The software or firmware agent that applies an update to one or more targets. Update Agents include Smart Update Manager (SUM), UEFI BIOS, and iLO 5. Different types of updates might be supported by specific update agents. |
Activate | The process of making updated firmware of software active (for example, a BIOS update is activated when the server reboots). |
Component | A package containing one or more software or firmware update images (also known as a “Smart Component”). Components are typically delivered with the Support Pack for ProLiant (SPP) in EXE, RPM, or ZIP files. |
Component Signature File (.compsig) | A file containing information about a component, including a digital signature. This enables iLO to verify the integrity and authenticity of a variety of component formats. The .compsig files are also available with the SPP and must be uploaded with the component. SUM automatically uploads the right .compsig file with components. |
iLO Repository | A persistent storage location on the server that can hold software or firmware update components. |
Update Task Queue | An iLO managed queue of update operations. iLO might not be the actual update agent. Other update agents include Smart Update Manager (SUM) and the UEFI BIOS. |
Install Set | A pre-defined sequence of update tasks managed using the iLO REST API that can be added to the Update Task Queue with an “Invoke” action. |
Maintenance Window | A defined time window that may be used with an Update Task create or Install Set Invoke commands to associate a time with the operation. |
Redfish Update Service Operations
The Update Service is available as a link (UpdateService
) from the Redfish root resource (/redfish/v1/
). The Update Service complies with the Redfish UpdateService
schema.
Firmware and Software Inventory
The firmware and software inventory is maintained in two separate collections (FirmwareInventory
and SoftwareInventory
). These collections support the iLO 5 $expand operation, allowing a client to fetch the entire collection with one GET operation.
Each member item conforms to the Redfish SoftwareInventory
schema.
Item (generic) at /redfish/v1/UpdateService/FirmwareInventory/{item}
HTTP Allow: GET
Adapting from iLO 4 HpSwFwInventory to iLO 5 Redfish Inventory
The following attributes of items in the iLO 4 inventory have been replaced in the iLO 5 Redfish conformant inventory:
- JSON property name - A PCI ID or a hard-coded value.
- Replaced by the
Name
and/orDescription
property in the collection item. Redfish removed this dictionary-style object in favor of an unordered collection.
- Replaced by the
- “Key” - The GUID value used to correlate an item back to an SPP component.
- Examine
DeviceClass
if it exists in the /Oem/Hpe/Targets array.
- Examine
- “Location” - Name string for human readable context.
- Replaced by
DeviceContext
string.
- Replaced by
- “UefiDevicePath” - PCI instance identifier (only if this was for a PCI device).
- Replaced by
DeviceInstance
.
- Replaced by
SimpleUpdate Action
The SimpleUpdate
action with the "ImageURI"
parameter causes iLO to fetch an image from a web server and flash it directly. Only certain types of images may be supplied, including iLO firmware binaries and UEFI firmware binaries. Smart Components are not supported. The list of supported binaries is the same as those that can be updated through iLO’s Web user interface.
Smart Components may be uploaded to the iLO Repository and a task created to cause UEFI or SUM to perform the update.
POST /redfish/v1/UpdateService/Actions/UpdateService.SimpleUpdate/
{
"ImageURI": "<uri to binary image for iLO to flash>"
}
HttpPushUri
The HttpPushUri property indicates the URI to POST a firmware component that iLO can flash. Only certain types of images may be supplied including iLO firmware binaries and UEFI firmware binaries. Smart Components are not supported. The list of supported binaries is the same as those that can be updated through iLO’s Web user interface.
The POST must be of Content-Type: “multipart/form-data”
-----------------------------64062213329524
Content-Disposition: form-data; name="sessionKey"
<value of X-Auth-Token here>
-----------------------------64062213329524
Content-Disposition: form-data; name="<component-filename>"; filename="<component-filename>"
Content-Type: application/octet-stream
<binary image>
iLO validates the uploaded binary image and flashes any applicable targets immediately. If the update is for iLO itself, iLO automatically resets at the end of the flash process and activates the new firmware upon restart.
Software and Firmware Management Flow
Evaluating Current Software and Firmware Inventory to iLO Repository Components
This is the general pseudocode to correlate applicable updates in the iLO Repository to updatable items from the inventory.
- Use the FirmwareInventory and SoftwareInventory data to evaluate the current software and firmware running on the server.
for component in /redfish/v1/updateservice/componentrepository:
for inventory_item in /redfish/v1/updateservice/firmwareinventory:
# if "DeviceClass" is populated in the inventory item
if DeviceClass in inventory_item:
# if present and not matching, move along
if component.DeviceClass != inventory_item.DeviceClass:
continue
# if we made this this far, either inventory item doesn't have DeviceClass or they match
for target in component.Targets:
if target in item.Oem.Hpe.Targets:
return inventory_item, component # return correlated
- Upload new components to the iLO Repository
- Optionally create or modify Install Sets to bundle multiple components in the iLO Repository into an ordered list of update operations.
- Optionally create Maintenance Windows to specify pre-determined time ranges for udpate tasks to be executed.
- Create tasks individually or Invoke an Install Set to populate the task list. Use either a time range for each task or specify a Maintenance Window to automatically associate the timed window with the created tasks.
- Monitor update operations and handle any errors
- Optionally remove any completed Tasks, Maintenance Windows, Install Sets, or components that are no longer required.
Software and Firmware Management Operations
iLO Repository
The iLO Repository is a persistent storage location for update components including Smart Component files (.EXE, .RPM, etc.), as well as raw binary files (.BIN). Additions to the repository require a digital signature for iLO to verify the integrity and authenticity of the component. For raw .BIN files, this information is contained within the file. For Smart Components, the information is in a separate Component Signature file (.compsig) that must be supplied when adding a component.
The Repository is available in the REST API as a child of the Update Service.
- GET root (
/redfish/v1/
). - GET the destination of the
UpdateService
link. - GET the destination of the
Oem/Hpe/ComponentRepository
link.
Additions to the repository are made via the UpdateService actions. Removals are made by DELETE on repository collection members.
Upload Components
See details on the HttpPushUri in the Update Service resource first. The upload process can alternatively be used to add components to the iLO Repository. As with update, the POST must be a multipart/form-data.
The following HTTP headers must be supplied:
# build the HTTP headers
# 'Content-Type': 'multipart/form-data',
headers = {'Accept': 'application/json',
'Expect':'',
'OData-Version': '4.0',
'X-Auth-Token': sessionkey,
'Cookie': 'sessionKey=' + sessionkey}
The HTTP POST body:
-----------------------------64062213329524
Content-Disposition: form-data; name="sessionKey"
<value of X-Auth-Token here>
-----------------------------64062213329524
Content-Disposition: form-data; name="parameters"
Content-Type: application/json
{
"UploadCurrentEtag": "<client-defined-string>",
}
-----------------------------64062213329524
Content-Disposition: form-data; name="compsig"; filename="compsig-filename"
Content-Type: application/octet-stream
<binary content of component signature file>
-----------------------------64062213329524
Content-Disposition: form-data; name="file"; filename="component-filename"
Content-Type: application/octet-stream
<binary content of component file>
The new ‘compsig
’ part enables the client to push the component signature file with the payload.
The ‘parameters
’ part enables clients to add parameters to the upload like execution parameters.
‘parameters’ part in multi-part POST
The following parameters may be specified in a JSON object as part of the upload. All parameters are optional and the ‘Parameters’ multi-part may be optional.
Parameter Name | JSON type | Description |
---|---|---|
UpdateRepository | boolean | If true, adds the component to the repository. This is ignored and assumed true for components flashable by UEFI or SUT/SUM. |
UploadCurrentEtag | string | client-selected-etag-string-reported back in ‘UploadCurrentEtag’ |
UpdateTarget | boolean | If true, iLO immediately flashes the binary. This is ignored and assumed false for components flashable by UEFI or SUT/SUM. |
Section | integer | Section number for huge uploads (see below) starting at 0. |
NOTE: The two free-form parameters, ‘ExecutionParameters’ and ‘Configuration’ (used by SUM to communicate to the components) are not supplied here, but can be PATCHed later once the components are in the Repository.
iLO self-flash Example:
{
"UploadCurrentEtag": "<client-defined-string>",
"UpdateRepository": true,
"UpdateTarget": true
}
Smart Component Example:
{
"UploadCurrentEtag": "<client-defined-string>"
}
Waiting for Uploads to Complete
After uploading the component, iLO must verify and write the contents to the repository. The client may track this progress by polling on Oem/Hpe/State
property in the UpdateService. Values are:
State | Detail |
---|---|
Uploading | iLO is processing the upload - Clients likely won’t see this State because this state occurs during the upload POST. |
Verifying | iLO is verifying the integrity and authenticity of the upload. |
Writing | iLO is writing the upload to the repository. |
Updating | iLO is updating one or more targets applicable to the upload. |
Complete | The operation is complete without errors. |
Error | The operation encountered errors. |
The client should wait for Complete
before progressing.
Inventory Components in iLO Repository
The iLO Repository is a collection that supports the $expand operation. Perform a GET operation on the collection and its members to inventory the repository.
Available data for each member includes:
Property | PATCHable? | Detail |
---|---|---|
Name | No | Component Name |
Filename | No | Unique file name |
Version | No | Version as a string |
SizeBytes | No | Size in Bytes |
Criticality | Yes | Recommended, optional, critical. |
Created | No | Time the component was added to the repository. |
Locked | No | True if the component is referenced by a task or install set. |
ComponentUri | No | URI of the component binary. |
Activates | No | A hint of when a component activates (for example, after reboot). |
Configuration | Yes | For Smart Update Manager use only. |
ExecutionParameters | Yes | The command line passed to the component when launched. |
Remove Components
Perform a DELETE operation on the repository collection member to remove it from the repository.
Free Space
The free and total space of the iLO Repository in bytes is available as part of the Repository Collection.
{
"@odata.context": "/redfish/v1/$metadata#ComponentRepository",
"@odata.etag": "W/\"FF1B13FE\"",
"@odata.id": "/redfish/v1/UpdateService/ComponentRepository/",
"@odata.type": "#HpeComponentCollection.HpeComponentCollection",
"Description": "Component Collection",
"Members@odata.count": 0,
"Name": "Component Collection",
"Oem": {
"Hpe": {
"@odata.type": "#HpeComponentRepositoryInformation.v2_0_0.HpeComponentRepositoryInformation",
"ComponentCount": 0,
"FreeSizeBytes": 1073102848,
"TotalSizeBytes": 1073168384
}
}
}
Correlating Components with Current Software and Firmware Version Inventory
There is not a one-to-one correspondence between installed firmware or software and update components. For example, a component might carry firmware for several network controllers.
This algorithm shows how to correlate current version inventory with available components:
for component in componentrepository:
for inventory_item in inventory:
# if "DeviceClass" is populated in the inventory item
if DeviceClass in inventory_item:
# if present and not matching, move along
if component.DeviceClass != inventory_item.DeviceClass:
continue
# if we made this this far, either inventory item doesn't have DeviceClass or they match
for target in component.Targets:
if target in item.Oem.Hpe.Targets:
return inventory_item, component # return correlated
Tasks
Update Agents and Strong Queue Order
Different updates must be performed in different ways:
- Using iLO 5 over the management network
- During server power on by UEFI BISO
- Under an Operating System with SUM
The UpdateableBy
property indicates which “update agent” may perform the update.
For an update to be applied to a running operating system, SUM or SUT must run on the OS. SUM/SUT checks for pending tasks that include RuntimeAgent
in the UpdateableBy
property.
For an update to be applied during UEFI POST, UEFI checks for pending tasks that include Uefi
in the UpdateableBy
property.
For an update to be applied any time by iLO, iLO checks for pending tasks that include Bmc
in the UpdateableBy
property. Note that items that are updateable by iLO are never marked as updatable by any other agent.
Because of the strong ordering of the task queue, updaters do not bypass another pending item or exception item to find something to update. This can result in task queue stalls. For example, if the top of the queue is marked as Uefi
update, and the second item is marked RuntimeAgent
, SUM/SUT won’t process their item until the system has rebooted, and UEFI has processed its top item.
Updaters process the queue in order, looking at the task state:
Task State |
Updater Behavior |
---|---|
Pending | Mark as InProgress and begin task. |
InProgress | Do nothing and stop processing the queue - a task item is in progress by another updater (assuming this task is not yours). |
Expired | Do nothing and stop processing the queue - the task item has expired, and because of strong queue ordering, all following tasks are not processed. |
Exception | Do nothing and stop processing the queue - the task item has failed, and because of strong queue ordering, all following tasks are not processed. |
Complete | Iterate to next task and examine its State. |
Canceled | Iterate to next task and examine its State. |
Creating Update Tasks
Create a new Task resource to schedule Update tasks. POST a new task object to the tasks collection pointed to by UpdateService Oem/Hpe/UpdateTaskQueue
:
Example that enables an component to be updated by either SUM or UEFI:
{
"Name": "Unique Client supplied friendly name of this task item.",
"UpdatableBy": [
"Uefi",
"RuntimeAgent"
],
"Command": "ApplyUpdate",
"Component": "<component-name>",
"TPMOverride": true
}
Example that enables an binary component to be updated by iLO:
{
"Name": "Unique Client supplied friendly name of this task item.",
"UpdatableBy": [
"Bmc"
],
"Command": "ApplyUpdate",
"Component": "<component-name>"
}
This creates a new task in the Pending
state at the end of the queue. If it assigned to the Bmc
and is at the top of the queue, iLO starts operating on it immediately. Otherwise, the new task is operated on as soon as an updater runs and finds the new task.
Creating Scheduled Tasks
Starting with iLO 5 1.30 a client may specify a time window for a task. Time is always relative to iLO’s clock. Two options exist for creating scheduled tasks: explicit time ranges or Maintenance Windows.
Explicit Time Range: Include StartAfter
and Expire
in Task Create POST
StartAfter
and Expire
are two times that can be included in the task create POST operation. You may specify either or both. Each must be formatted as an ISO 8601 time string.
Tasks in the Pending
state will not begin execution until iLO time is after StartAfter
. If for some reason an update does not start and remains in a Pending
state until after the Expire
time, it will never be executed and the State will be Expired. This can happen for instance if a task is to be executed by UEFI and no reboot happens during the time window.
Maintenance Window
See the section on Maintenance Windows later for more details on the use of Maintenance Windows.
If a client creates a Maintenance Window, this window may be specified (by Id
) in the creation of a task.
Example that uses a Maintenance Window
{
"Name": "Unique Client supplied friendly name of this task item.",
"UpdatableBy": [
"Bmc"
],
"Command": "ApplyUpdate",
"Component": "<component-name>",
"MaintenanceWindow": "<maintenance-window-id>"
}
Creating Wait Tasks
Wait tasks can be used to insert time between two other tasks. The UpdatableBy
property should contain only one update agent chosen based upon the updater that needs the time.
Example that causes UEFI to Wait for 30 seconds:
{
"Name": "Pause 30 seconds",
"UpdatableBy": [
"Uefi"
],
"Command": "Wait",
"WaitTimeSeconds": 30
}
WaitTimeSeconds
can be in the range 0-3600 seconds.s
Retiring and Removing Tasks
The REST client that creates an update task is expected to DELETE the task upon completion after the final status/log information is obtained.
Tasks are removed by performing a DELETE operation on the task collection member. The entire queue can be cleared by deleting all tasks. InProgress
tasks should not be deleted even though the REST API will allow it. This might be useful if the task list is stalled and needs to be cleared.
iLO automatically removes completed tasks (State
is Complete
) after 24 hours, but tasks in any other state are not removed.
Handling Exceptions
If a task cannot complete it will report a State
value of Exception
. Tasks in this state do not automatically clear and require attention to clear. You may remove the task and re-add it later if there is a condition corrected that improves its chances of executing to completion.
Stalls in the Task Queue
Tasks can be added to the task queue that cannot execute to completion. In this case, the task queue might stall waiting for attention or the appropriate updater to execute. Examples may include the following:
- A task requires the UEFI BIOS to execute it (
Uefi
). In this case the task does not execute until the server is rebooted. - A task requires SUM or SUT to execute it (
RuntimeAgent
). In this case the task does not execute until either SUM or SUT is executed on the server. If neither is installed, the task waits forever. - A task might result in an exception state. In this case, the task will remain in the queue and no further tasks will be executed until the Task Queue is cleared and reset.
- A task may be scheduled to execute during a time range in the past or in the future.
Maintenance Windows
(New for iLO 5 1.30)
Tasks can be created and Install Sets invoked with either an explicit time range (specifying StartAfter
and Expire
times) or by referring by Id
to a Maintenance Window.
The Maintenance Window collection is pointed to by UpdateService Oem/Hpe/MaintenanceWindows
:
A special feature of Maintenance Windows is that any task associated with a Maintenance Window may be rescheduled by PATCHing the Maintenance Window instead of modifying multiple tasks.
Creating Maintenance Windows
POST a new object to the Maintenance Window collection:
{
"Name": "unique name of the Maintenance Window.",
"StartAfter": "ISO 8601 Redfish-style time string of earliest execution - null for no start time specified",
"Expire": "ISO 8601 Redfish-style time string after which we will automatically change state to Expired - null for no expire time"
}
Any of these properties may be PATCHed to modify an existing Maintenance Window.
Referring to Maintenance Windows
Each Maintenance Window has an Id
string property. Use this value with the MaintenanceWindow
property when creating a task or invoking an install set.
Removing Maintenance Windows
Maintenance Windows are removed by performing a DELETE operation on the Maintenance Window member.
Maintenance Windows will eventually be outdated with times in the past and should be removed.
Install Sets
Create a new install set resource to create Install Sets. POST a new install set object to the install set collection pointed to by UpdateService Oem/Hpe/InstallSets
:
Creating Install Sets
POST a new install set object to the install set collection:
{
"Name": "unique name of the install set.",
"IsRecovery": false,
"Sequence": [
{
"Name": "Client supplied friendly name of this task item.",
"UpdatableBy": [
"Uefi",
"RuntimeAgent"
],
"Command": "ApplyUpdate",
"Filename": "Name of the file as it appears in the repository."
}
]
}
Invoking Install Sets
Install Sets are invoked by performing the Invoke
action on the install set member item. The Invoke action has no parameters.
Invoking an install set causes iLO to append the task queue with new tasks, each corresponding to the items in the Sequence array.
POST /redfish/v1/updateservice/installsets/{id}/Actions/HpeComponentInstallSet.Invoke
Content-Type: application/json
{
"ClearTaskQueue": true,
}
Scheduled Install Sets
Starting with iLO 5 1.30 a client may specify a time window for an Install Set. Time is always relative to iLO’s clock. Two options exist for creating scheduled tasks: explicit time ranges or Maintenance Windows.
Explicit Time Range: Include StartAfter
and Expire
in Invoke
StartAfter
and Expire
are two times that can be included in Invoke
Action. You may specify either or both. Each must be formatted as an ISO 8601 time string.
Each task in the Install Set will be created with this explicit time range. Tasks in the Pending
state will not begin execution until iLO time is after StartAfter
. If for some reason an update does not start and remains in a Pending
state until after the Expire
time, it will never be executed and the State will be Expired. This can happen for instance if a task is to be executed by UEFI and no reboot happens during the time window.
POST /redfish/v1/updateservice/installsets/{id}/Actions/HpeComponentInstallSet.Invoke
Content-Type: application/json
{
"ClearTaskQueue": true,
"StartAfter": "ISO 8601 Redfish-style time string of earliest execution - null for no start time specified",
"Expire": "ISO 8601 Redfish-style time string after which we will automatically change state to Expired - null for no expire time"
}
Install sets and Maintenance Windows
If a client creates a Maintenance Window, this window may be specified (by Id
) in the Install Set Invoke
.
POST /redfish/v1/updateservice/installsets/{id}/Actions/HpeComponentInstallSet.Invoke
Content-Type: application/json
{
"ClearTaskQueue": true,
"MaintenanceWindow": "<maintenance-windows-Id>"
}
Removing Install Sets
Install Sets are removed by performing a DELETE operation on the install set member.
Using Install Sets for Rollback and Baseline Management
iLO does not maintain a specific “rollback” architecture. Instead, a client might maintain alternate versions of the same deliverable in the iLO Repository, and maintain multiple (up to 8) install sets in the InstallSets collection.
Firmware Recovery Install Set
SystemRecoveryConfigPriv
One of the install sets on the system might be marked with a property "IsRecovery": true
. If true, the install set is reserved to hold only critical firmware recovery components.
‘Administrate Recovery Set’ iLO user privilege is required to modify or remove this install set.“. This is called SystemRecoveryConfigPriv
in the REST API’s Account privileges. This privilege enables users to alter or remove this recovery install set.
The recovery install set should only be modified with care and hold a minimal set of firmware updates needed to make the server bootable. These firmware image file must be directly flashable by iLO. The order is important because the install set is the order of update.
Firmware Verification
Firmware Verification, available with the iLO Advanced Premium Security Edition, enables you to run an on-demand verification scan or implement scheduled scans.
To respond to detected issues, choose between logging the results, or logging the results and initiating a repair action that uses a recovery install set.
Depending on the scan results, information is logged in the Active Health System Log and the Integrated Management Log.
The following firmware items are verified:
- iLO 5
- System UEFI BIOS
- System Programmable Logic Device (CPLD)
- Server Platform Services (SPS) Firmware
- Innovation Engine (IE) Firmware
When a firmware verification scan is in progress, you cannot install firmware updates or upload firmware to the iLO Repository.
Configuring Firmware Verification
Available with iLO Advanced Premium Security Edition
Firmware Verification scan options:
- Enable Background Scan (”
EnableBackgroundScan
“) enables or disables Firmware Verification scanning. When enabled, iLO scans the supported installed firmware for file corruption. - Integrity Failure Action (”
OnIntegrityFailure
“) determines the action iLO takes when a problem is found during a Firmware Verification scan.- To log the results, patch ”
LogOnly
“. - To log the results and initiate a repair action, patch ”
LogAndRepairAutomatically
“.
- To log the results, patch ”
If a problem is detected for a supported firmware item, iLO checks for the affected firmware type in a protected install set. By default, this set is the System recovery set. If a firmware image is available, iLO flashes that firmware image to complete the repair.
- Scan Interval (”
ScanEveryDays
“) sets the background scan frequency in days. Valid values are from 1 to 365.
GET /redfish/v1/UpdateService/
{
"Oem": {
"Hpe": {
"FirmwareIntegrity": {
"EnableBackgroundScan": true,
"LastScanResult": "OK",
"LastScanTime": "2017-05-31T19:14:54Z",
"OnIntegrityFailure": "LogAndRepairAutomatically",
"ScanEveryDays": 14
}
}
}
}
Initiating a Firmware Verification Scan
Available with iLO Advanced Premium Security Edition
You may manually start a firmware verification scan by invoking the action "StartFirmwareIntegrityCheck”. You must have the iLO Advanced Premium Security Edition license to use this feature.
POST /redfish/v1/UpdateService/Actions/Oem/Hpe/HpeiLOUpdateServiceExt.StartFirmwareIntegrityCheck
BIOS Defaults and Passwords
Actions are POST operations to perform a specific request, such as a system reset or a password change. Actions are completely different from actions in iLO 4. The Bios resource has 2 actions:
Reset BIOS Settings
UEFI BIOS Supports a new POST action to reset settings.
"Actions": {
"#Bios.ResetBios": {
"target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios"
}
}
The body of the POST should contain
{
"ResetType" : "default"
}
or
{
"ResetType" : "default.user"
}
Change BIOS password
UEFI BIOS supports a new POST action to change the BIOS password.
"Actions": {
"#Bios.ChangePassword": {
"target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ChangePassword"
}
}
The body of the action should contain:
{
"PasswordName": "Administrator | User",
"OldPassword" : "OldPasswordText",
"NewPassword" : "NewPasswordText"
}
The target link is where the body of the action should be posted.
iSCSI Software Initiator Configuration
Introduction
The iSCSI Software Initiator allows you to configure an iSCSI target device to be used as a boot source. The BIOS current configuration object contains a link to a separate resource of type HpeiSCSISoftwareInitiator
. The BIOS current configuration resource and the iSCSI Software Initiator current configuration resources are read-only. To change iSCSI settings, you need to follow another link to the Settings resource, which allows PUT and PATCH operations.
The iSCSI target configurations are represented in an iSCSISources
property, that is an array of objects, each containing the settings for a single target. The size of the array represents the total number of iSCSI boot sources that can be configured at the same time. Many mutable properties exist, including iSCSIAttemptInstance
, which can be set to a unique integer in the range [1, N], where N is the boot sources array size. By default, this instance number is 0 for all objects, indicating that the object should be ignored when configuring iSCSI.
Each object also contains two read-only properties—StructuredBootString
and UEFIDevicePath
, which are only populated after the target has been successfully configured as a boot source. More information about each property is available in the corresponding schema. The iSCSI initiator name is represented by the iSCSIInitiatorName
property.
An additional read-only property, iSCSINicSources
, is only shown in the iSCSI current configuration resource. This property is an array of strings representing the possible NIC instances that can be used as targets for iSCSI boot configuration. To confirm which NIC device each string corresponds to, it is recommended to cross-reference two other resources.
- A resource of type
HpeBiosMapping
can be found through aMappings
link in the BIOS current configurations resource. Within itsBiosPciSettingsMappings
property is an array of mappings between BIOS-specific device strings (such as theNIC
source string) and aCorrelatableID
string that can be used to refer to the same device in non-BIOS contexts. - A collection of
HpeServerPciDevices
may be found through a PCIDevices link in theComputerSystem
resource. To find the specific PCI device corresponding to the NIC instance, you can search for theCorrelatableID
that usually matches aUEFIDevicePath.
Once you find theHpeServerPciDevice
resource, you have access to all the human-readable properties useful for describing a NIC source.
Changing the iSCSISources
and iSCSIInitiatorName
settings can be done through
PATCH
operations, very similar to how HpeBios
settings are changed. However, whereas all BIOS
settings are located in a single flat object, iSCSI settings are nested into arrays and sub-objects.
When doing a PATCH
operation, use empty objects ({}
) in place of those boot source objects
that you do not want to alter.
The following example covers a situation where you have configured two iSCSI boot sources, and you would like to edit some existing settings, and add a third source.
- Iterate through
/redfish/v1/Systems
and choose a memberComputerSystem.
Find a child resource of typeHpeiSCSISoftwareInitiator
that allows PATCH operations.{ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings
Inspect the existing
iSCSISources
array. You need to inspect theiSCSIAttemptInstance
property of each object to find the boot sources you are prefer to change.Create a new JSON object with the
iSCSISources
property.- Use an empty object in the position of instance 1 to indicate that it should not be modified. Use an object in the position of instance 2 containing the properties that should be modified—all omitted properties remain unmodified.
- To add a new boot source, find any position of instance 0 and replace it with an object
containing all the new settings, and most importantly, a new unique value of
iSCSIAttemptInstance.
Change the iSCSI software initiator settings.
PATCH {ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings
HTTPS Boot TLS Configuration
TLS Certificates Resource has three resources within the RESTful API tree:
- Current Settings Resource (read-only) : redfish/v1/systems/1/bios/tlsconfig/
- Contains current TLS certificates resource configuration data present in the system
- Pending Settings Resource (read/write) : redfish/v1/systems/1/bios/tlsconfig/settings/
- Writable resource used to configure TLS certificates settings
- Modifiable properties:
- "Ciphers"
- Set the desired supported ciphers
- "HostnameCheck"
- Enable/Disable host name checking
- "ProtocolVersion"
- Set the desired protocol version
- "VerifyMode"
- Set the verification method (PEER/NONE)
- "NewCertificates"
- An array of the certificates to be installed
- "DeleteCertificates"
- An array of the fingerprints of the certificates to be deleted
- Read Only properties that gets modified internally:
- "Certificates"
- An array of all the installed certificates
- "TlsCaCertificateCount"
- The number of the installed certificates
- TLS Default Settings Resource (read-only) : redfish/v1/systems/1/bios/tlsconfig/baseconfigs/ Holds the default values of the resource
Installing Certificates
The certificates are X509 keys. In PEM format, the certificates are encoded in a series of strings with new line characters between them:
This an example of a certificate in a PEM format:
—–BEGIN CERTIFICATE—– MIIEHTCCAwWgAwIBAgIQe8LmWgF5edKw01/avJg69DANBgkqhkiG9w0BAQsFADCB kTELMAkGA1UEBhMCVVMxKzApBgNVBAoTIkhld2xldHQgUGFja2FyZCBFbnRlcnBy aXNlIENvbXBhbnkxIDAeBgNVBAsTF0luZnJhc3RydWN0dXJlIFNlcnZpY2VzMTMw
It should be modified to add the new line characters:
—–BEGIN CERTIFICATE—–\r\nMIIGxDCCBaygAwIBAgIQUkL9757013wOQ2heZMCLizANBgkqhkiG9w0BAQsFADCB\r\nkTELMAkGA1UEBhMCVVMxKzApBgNVBAo TIkhld2xldHQgUGFja2FyZCBFbnRlcnBy\r\naXNlIENvbXBhbnkxIDAeBgNVBAsTF0luZnJhc3RydWN0dXJlIFNlcnZpY2VzMTMw\r\n
Notice the “\r\n” added at the beginning of the certificate and at end of each line in the certificate body. Finally, the certificate needs to be PUT (only a PUT would work) through the API (Postman,..), as many as needed to be installed. See the examples in the right pane for more information:
PUT /redfish/v1/Systems/{item}/bios/tlsconfig/settings/
{
"NewCertificates": [
{
"X509Certificate":"-----BEGIN CERTIFICATE-----\r\nMIIGxDCCBaygAwIBAgIQUkL9757013wOQ2heZMCLizANBg......"
}
]
}
Once installed, it will look like this after rebooting:
{
"@odata.context": "/redfish/v1/$metadata#HpeTlsConfig.HpeTlsConfig",
"@odata.etag": "W/\"DAE5B73CD430CFCFCF7E180C05FE6C9E\"",
"@odata.id": "/redfish/v1/systems/1/bios/tlsconfig/settings/",
"@odata.type": "#HpeTlsConfig.v1_0_0.HpeTlsConfig",
"Certificates": [
{
"FingerPrint": "54:8C:8B:45:55:30:47:8D:43:8D:44:BF:33:E0:C5:A5:44:1E:E9:5E:B2:0A:AC:A6:CA:59:B6:D9:7B:FC:83:A9",
"Issuer": "C=US, O=Whatever, OU=Infrastructure Services, CN=Whatever Private Root CA",
"SerialNumber": "5242FDEF9EF4D77CE43685E64C08B8B",
"Subject": "O=Whatever, CN=John Smith, OU=XXX-WEB-H, OU=Computer Name - Smith.John, OU=Employment Status - Employees, OU=SmartCard, emailAddress=John.Smith@whatever.com",
"ValidNotAfter": "07/11/2017 23:59",
"ValidNotBefore": "07/11/2016 00:00"
}
],
"Ciphers": "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384",
"DeleteCertificates": [],
"HostnameCheck": "Enabled",
"Id": "settings",
"Name": "TLS Pending Settings",
"NewCertificates": [],
"ProtocolVersion": "AUTO",
"TlsCaCertificateCount": 1,
"VerifyMode": "NONE"
}
Deleting Certificates
When a certificate is installed, a new field is created with the Fingerprint of that certificate (SHA256). To remove a certificate, PUT the fingerprint to remove
PUT /redfish/v1/Systems/1/bios/tlsconfig/settings/
{
"DeleteCertificates": [
{
"FingerPrint": "54:8C:8B:45:55:30:47:8D:43:8D:44:BF:33:E0:C5:A5:44:1E:E9:5E:B2:0A:AC:A6:CA:59:B6:D9:7B:FC:83:A9"
}
]
}
You can delete more than one certificate at a time.
Resetting the resource to its default settings
See the example in the right pane for more information.
PUT /redfish/v1/Systems/1/bios/tlsconfig/settings/
{
"BaseConfig": "Default"
}
The default resource would look like:
{
"@odata.context": "/redfish/v1/$metadata#HpeTlsConfig.HpeTlsConfig",
"@odata.etag": "W/\"F5B8B30487AB151515845B0C2CC520E0\"",
"@odata.id": "/redfish/v1/systems/1/bios/tlsconfig/settings/",
"@odata.type": "#HpeTlsConfig.v1_0_0.HpeTlsConfig",
"Certificates": [],
"Ciphers": "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384",
"DeleteCertificates": [],
"HostnameCheck": "Disabled",
"Id": "settings",
"Name": "TLS Current Settings",
"NewCertificates": [],
"ProtocolVersion": "AUTO",
"TlsCaCertificateCount": 0,
"VerifyMode": "PEER"
}
Examples of other changes
- Modifying Ciphers
PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/
{
"Ciphers": "AES128-SHA:AES256-SHA"
}
- Modifying VerifyMode PEER or NONE.
PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/
{
"VerifyMode": "PEER"
}
- Modifying HostnameCheck Can not be changed if VerifyMode is set to NONE.
PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/
{
"HostnameCheck": "Enabled"
}
- Modifying ProtocolVersion “AUTO”, “1.0”, “1.1” or “1.2”.
PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/
{
"ProtocolVersion": "1.1"
}
SSL certificates
SSL protocol is a standard for encrypting data so that it cannot be viewed or modified while in transit on the network. This protocol uses a key to encrypt and decrypt the data. Generally, the longer the key, the better the encryption.
A certificate is a small data file that connects an SSL key to a server. The certificate contains the server name and the server public key. Only the server has the corresponding private key, and this is how it is authenticated.
A certificate must be signed to be valid. If it is signed by a Certificate Authority (CA), and that CA is trusted, all certificates signed by the CA are also trusted. A self-signed certificate is one in which the owner of the certificate acts as its own CA. By default, iLO creates a self-signed certificate for use in SSL connections. This certificate enables iLO to work without additional configuration steps.
IMPORTANT: Using a self-signed certificate is less secure than importing a trusted certificate. Hewlett Packard Enterprise recommends importing a trusted certificate to protect the security of the iLO processor.
Manually obtaining and importing an SSL certificate
iLO allows you to create a Certificate Signing Request that you can send to a Certificate Authority to obtain a trusted SSL certificate to import into iLO.
An SSL certificate works only with the keys generated with its corresponding CSR. If iLO is reset to the factory default settings, or another CSR is generated before the certificate that corresponds to the previous CSR is imported, the certificate does not work. In that case, a new CSR must be generated and used to obtain a new certificate from a CA.
Obtain a trusted certificate from a Certificate Authority (CA)
Prerequisites:
- Configure iLO Settings privilege.
Enter the following details when you create a CSR: * City or Locality (L)—The city or locality where the company or organization that owns this iLO subsystem is located. * Common Name (CN)—The FQDN of this iLO subsystem. * Country ©—The two-character country code that identifies the country where the company or organization that owns this iLO subsystem is located. Enter the two-letter abbreviation in capital letters. * Organization Name (O)—The name of the company or organization that owns this iLO subsystem. * Organizational Unit (OU)—(Optional) The unit within the company or organization that owns this iLO subsystem. * State (ST)—The state where the company or organization that owns this iLO subsystem is located.
POST
/redfish/v1/managers/{item}/securityservice/httpscert/HpeHttpsCert.GenerateCSR
{
"City": "<City>",
"CommonName": "<CommonName>",
"Country": "<Country>",
"IncludeIP": <true or false>,
"OrgName": "<OrgName>",
"OrgUnit": "<OrgUnit>",
"State": "<State>"
}
Importing a trusted certificate
Prerequisites:
- Configure iLO Settings privilege.
POST
/redfish/v1/managers/{item}/securityservice/httpscert/HpeHttpsCert.ImportCertificate
{
"Certificate": "<text>"
}
Sideloading certificate with private key
Use this option to manually import a Trusted SSL Certificate and corresponding Private Key.
iLO allows you to import a trusted SSL certificate and its corresponding private key.
Total size of the certificate and private key should not be more than 20 KB.
Ensure both the certificate and private key are in PEM format and the certificate can be used as SSL Server certificate.
Note : Only 384-bit ECDSA key is allowed in CNSA security state and up to 2048-bit RSA key is allowed in other security states.
To sideload a certificate along with the private key, perform a POST
request with the combined certificate and private key string in Certificate.
POST
/redfish/v1/managers/{item}/securityservice/httpscert/HpeHttpsCert.ImportCertificate
{
"Certificate": "<text>"
}
Automatic Certificate Enrollment
From iLO5 2.60 onwards, iLO supports obtaining and renewing SSL certificate automatically using the Simple Certificate Enrollment Protocol (SCEP). Currently, iLO supports these features on the Microsoft Network Device Enrollment Service (NDES).
By default the feature is disabled. To enable automatic certificate enrollment for iLO, you must first configure the following services on the certificate enrollment server: - Configure the Certificate Authority (CA). CA is the server that runs the Certificate Services and issues certificates. - Configure NDES. NDES is the Certificate Enrollment Server.
NOTE: This feature is not supported when iLO is in CNSA security state.
Enabling Automatic Certificate Enrollment
Prerequisites:
- iLO5 2.60 or later
- Configure iLO Settings privilege
- URL of the certificate enrollment server
- Challenge password
- CA certificate of the certificate enrollment server must be imported. (See Obtain a trusted certificate from a Certificate Authority (CA)).
- Configure CSR
- A license that supports this feature is installed. (For information about the available license types and the features they support, see the licensing documentation.
NOTE: If Enrollment Service is enabled, removal and manual import of certificate is not allowed.
To enable Automatic Certificate Enrollment, perform PATCH
on /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment
PATCH
/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment
PATCH Payload:
{
"AutomaticCertificateEnrollmentSettings" : {
"ServiceEnabled" : true,
"ServerUrl" : "<CertificateServerURL>",
"ChallengePassword" : "<ChallengePassword>"
}
}
Updating certificate enrollment settings
Prerequisites:
- Configure iLO Settings privilege
NOTE: Updating the settings does not initiate certificate enrollment. To start the enrollment, first disable the service and enable it again.
To view the automatic certificate enrollment settings, perform GET
on
GET
/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment
{
"@odata.context": "/redfish/v1/$metadata#HpeAutomaticCertEnrollment.HpeAutomaticCertEnrollment",
"@odata.etag": "W/\"<ETAG>\"",
"@odata.id": "/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment/",
"@odata.type": "#HpeAutomaticCertEnrollment.v1_0_0.HpeAutomaticCertEnrollment",
"Id": "AutomaticCertificateEnrollment",
"Actions": {
"#HpeAutomaticCertEnrollment.ImportCACertificate": {
"Certificate@Redfish.AllowableValues": [
"Certificate"
],
"target": "/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment/Actions/HpeAutomaticCertEnrollment.ImportCACertificate/"
}
},
"AutomaticCertificateEnrollmentSettings": {
"CACertificateName": "Unavailable",
"CertificateEnrollmentStatus": "Disabled",
"ChallengePassword": null,
"ServerUrl": "",
"ServiceEnabled": false
},
"HttpsCertCSRSubjectValue": {
"City": "<City>",
"CommonName": "<CommonName>",
"Country": "<Country>",
"IncludeIP": false,
"OrgName": "<OrgName>",
"OrgUnit": "<OrgUnit>",
"State": "<State>"
}
}
Modifying Webserver CSR subject contents
To modify the webserver CSR subject contents, perform PATCH
on /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment
PATCH
/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment
PATCH Payload:
{
"HttpsCertCSRSubjectValue": {
"City": "<City>",
"CommonName": "<CommonName>",
"Country": "<Country>",
"IncludeIP": false,
"OrgName": "<OrgName>",
"OrgUnit": "<OrgUnit>",
"State": "<State>"
}
}
Renewing automatically managed SSL certificate
When the certificate enrollment service is enabled and the certificate is about to expire (that is 30 days from the expiry date), iLO initiates certificate renewal automatically. As soon as iLO initiates certificate renewal, the certificate enrollment status will change to InProgress
.
Certificate enrollment status will change to Success
when the renewal is successful. For information on renewal status, see the Security Logs. You must reset iLO manually after successful renewal. The newly trusted certificate will be in use only after iLO reset.
Certificate enrollment status will change to Failed
if the renewal fails. For more information on cause of failure and
recommended actions, see the Security Logs.
Viewing webserver certificate
Webserver certificate whether self-signed, manually imported or issued automatically can be viewed by performing GET
on redfish/v1/managers/1/securityservice/httpscert/
GET
redfish/v1/managers/1/securityservice/httpscert/
{
"@odata.context": "/redfish/v1/$metadata#HpeHttpsCert.HpeHttpsCert",
"@odata.etag": "W/\"<ETAG>\"",
"@odata.id": "/redfish/v1/Managers/1/SecurityService/HttpsCert/",
"@odata.type": "#HpeHttpsCert.v2_0_0.HpeHttpsCert",
"Id": "HttpsCert",
"Actions": {
"#HpeHttpsCert.GenerateCSR": {
"target": "/redfish/v1/Managers/1/SecurityService/HttpsCert/Actions/HpeHttpsCert.GenerateCSR/"
},
"#HpeHttpsCert.ImportCertificate": {
"target": "/redfish/v1/Managers/1/SecurityService/HttpsCert/Actions/HpeHttpsCert.ImportCertificate/"
}
},
"CertificateSigningRequest": null,
"X509CertificateInformation": {
"Issuer": "CN = <CommonName>, O = <OrgName>, OU = <OrgUnit>, L = <Region>, ST = <State>, C = <Country>",
"SerialNumber": "<SerialNumber>",
"Subject": "CN = <CommonName>, O = <OrgName>, OU = <OrgUnit>, L = <Region>, ST = <State>, C = <Country>",
"ValidNotAfter": "2037-05-26T10:07:53Z",
"ValidNotBefore": "2022-05-27T10:07:53Z"
}
}
Disabling enrollment service
Disabling enrollment service does not remove the certificate generated using the service. To remove the certificate, see Removing an SSL certificate.
When the service is disabled, iLO does not initiate renewal of the certificate automatically.
Prerequisites:
- Configure iLO Settings privilege
To disable Automatic Certificate Enrollment, perform PATCH
on /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment
PATCH
/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment
PATCH Payload:
{
"AutomaticCertificateEnrollmentSettings" : {
"ServiceEnabled" : false
}
}
Removing an SSL certificate
Use this feature to remove an SSL certificate and regenerate the iLO self-signed certificate.
NOTE: If Certificate Enrollment Service is enabled, removal and manual import of certificate is not allowed.
You might want to remove a certificate for the following reasons: - The certificate expired. - The certificate contains invalid information. - There are security concerns related to the certificate. - An experienced support organization recommended that you remove the certificate.
Prerequisites:
- Configure iLO Settings privilege
DELETE
/redfish/v1/managers/{item}/securityservice/httpscert/
Security Service
The HpeSecurityService
resource type contains security links and properties mentioned in the Resource definition section of this document. This section provides technical detail concerning several server management identities, including the Server Identity (DevID).
DevID is a standard (based on IEEE 802.1AR) way to uniquely identify a server across networks. DevID is uniquely bound to a server that enables a server to prove its identity in various industry standards and protocols that authenticate, provision, and authorize communicating devices. iLO supports factory provisioned server identity (iLO IDevID) and user defined server identity (iLO LDevID). iLO also stores the system certificates (System IDevID and System IAK).
Following are the different server management identities described in this section:
iLO IDevID
iLO can be provisioned with server identity in the factory. This factory provisioned server identity is called iLO IDevID. HPE servers can be securely on boarded into a customer network using the IDevID for 802.1X authentication. iLO IDevID has life time validity and is immutable.
To instruct the HPE factory to provision a server with an IDevID, include either SKU P41905-B21 (if you do not have a TPM2.0 module) or P42104-B21 (if you have a TPM2.0 module) in your order.
iLO does not allow you to update or delete IDevID since it is immutable.
You can view the iLO IDevID certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/iLOIDevID/Certificates/{@certId}
iLO LDevID
IDevID can be supplemented by a user defined server identity, called iLO LDevID. iLO LDevID is unique in the administrative domain, in which the server is used. HPE servers can be securely on boarded into a customer network using the LDevID for 802.1X authentication. iLO LDevID can be used on servers that do not have iLO IDevID. LDevID helps in facilitating the enrollment (authentication and authorization of credentials) by local network administrators. iLO allows to import, view, and delete LDevID outside the factory.
Importing an LDevID certificate
NOTE: LDevID certificate import requires the system in the FIPS security state. You can retrieve this state with a GET request toward the HpeSecurityService
URI.
Follow these steps in sequence to import an LDevID certificate:
- Generate a Certificate Signing Request (CSR) for LDevID. iLO allows creation of a CSR in PEM format for LDevID using the RESTful API POST command toward
/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
with a body containing the location where the signed certificate will have to be posted. See example in right pane.
A successful response body contains the CSR as well as a link to the destination of the signed certificate in the CertificateCollection
object.
iLO LDevID CSR generation: POST /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
{
"CertificateCollection": {
"@odata.id": "/redfish/v1/Managers/1/SecurityService/iLOLDevID/Certificates/"
}
}
Send this CSR to your favorite Certificate Authority to obtain a signed certificate.
Import the signed LDevID certificate into iLO. iLO allows import of LDevID certificate in PEM format using the RESTful API POST command toward
/redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/
with a body containing theCertificateType
andCertificateString
properties.
NOTE: Replace non ASCII characters like CRLF or CR with literally “\n” in the CertificateString
property.
Import signed LDevID certificate: POST /redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/
{
"CertificateType": "PEM",
"CertificateString": "-----BEGIN CERTIFICATE-----\n<Contents of the trusted certificate>\n-----END CERTIFICATE-----\n"
}
Before importing, iLO validates the input certificate with the following parameters:
- The public key in the certificate matches the one generated with its corresponding CSR.
- The signing and hashing algorithms used in the certificate are FIPS compliant.
NOTE: iLO supports import of LDevID certificates up to 16 KB size.
Viewing the imported LDevID certificate
To view the imported LDevID certificate, use the following RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/{@certId}
Deleting the imported LDevID certificate
To delete the imported LDevID certificate, use the following RESTful API DELETE command toward /redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/{@certId}
Updating an LDevID certificate
You cannot update a LDevID certificate. To replace a certificate, you must delete the existing LDevID certificate and generate a new certificate. See Importing an LDevID certificate.
NOTE: In case LDevID certificate is lost due to secure erase, you can restore it using the Backup and Restore feature or replace it.
System IDevID certificate
iLO can be provisioned with the server host identity, available for use by the operating system. This factory provisioned system identity is called System IDevID, whose corresponding private key is stored in TPM. System IDevID follows the TCG proposal for TPM2.0 implementation of an IDevID. You have to order a specific server SKU (P42104-B21) for obtaining System IDevID.
iLO does not allow you to update or delete the certificate.
You can only view the certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/SystemIDevID/Certificates/{@certId}
System IAK certificate
iLO can be provisioned with the System Initial Attestation Key (IAK) certificate in the factory. This is similar to System IDevID but used for TPM-based attestation. The corresponding private key is stored in TPM. System IAK follows the TCG proposal for TPM2.0 implementation of an IDevID. You have to order a specific server SKU (P42104-B21) for obtaining System IAK certificate.
iLO does not allow you to update or delete the certificate.
You can only view the certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/SystemIAK/Certificates/{@certId}
NOTE: iLO IDevID, iLO LDevID, System IDevID, and System IAK are preserved across iLO security state transitions, reset to factory defaults.
Platform certificate
iLO can be provisioned with the platform certificate which is an attribute certificate that functions as a signed manifest for the hardware chassis or configuration used to detect supply chain tampering. This certificate is TCG compliant. You have to order a specific server SKU (P42104-B21) for obtaining Platform certificate.
iLO does not allow you to update or delete the platform certificate.
You can only view the certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/PlatformCert/Certificates/{@certId}
Enabling/disabling specific TLS versions
From iLO 5 2.72 version, the HpeSecurityService
resource type includes a new property called TLSVersion
.
This section details the TLSversion
property which displays the status (Enabled
/ Disabled
) of different TLS versions supported and how they can be modified in different security states.
HPE iLO Standard, that comes with every HPE ProLiant Gen10 or later server, gives customers the ability to configure servers in one of three security states (Production, High Security, and FIPS). With an iLO Advanced license, customers have a fourth security state available to them that needs the highest-level encryption capabilities of CNSA.
iLO features the following security states:
- Production
- High Security
- FIPS (Federal Information Processing Standards)
- CNSA (Commercial National Security Algorithm)
NOTE: - TLS versions 1.0 and 1.1 can be enabled or disabled only in Production mode but they are disabled in higher security modes such as High Security, FIPS, and CNSA. - Tools that do not support TLS 1.2 will not be able to connect to iLO when TLS 1.0 and 1.1 are disabled.
For more information on iLO security states, see the iLO encryption settings
of the HPE iLO 5 User Guide
Viewing status of TLS versions enabled/disabled
To view the enabled/disabled status of TLS versions, perform GET
on /redfish/v1/Managers/1/SecurityService/
GET
/redfish/v1/Managers/1/SecurityService/
{
....
"TLSVersion": {
"TLS1_0": "Disabled",
"TLS1_1": "Enabled",
"TLS1_2": "Enabled"
}
...
}
Modifying the enable/disable status of specific TLS versions
Note:
- In iLO 5 v2.72, TLSVersion properties are not PATCHable through Redfish. Performing the PATCH
operation using the values Enabled
or Disabled
results in the iLO returning iLO.2.15.PropertyValueBadParam
.
- This is fixed in iLO 5 v2.78.
Enabling/disabling the TLS versions triggers an event and creates an alert for that event. The message arguments include TLS version being modified, its Status, and the user who requested for the change for the alert.
To enable or disable TLS 1.0 or TLS 1.1 versions or both at the same time in the production state, perform PATCH
on /redfish/v1/Managers/1/SecurityService/
PATCH
/redfish/v1/Managers/1/SecurityService/
PATCH Payload:
{
"TLSVersion": {
"TLS1_0": "Disabled",
"TLS1_1": "Enabled"
}
}
iLO automatically resets after enabling or disabling TLS versions and iLO 5 will respond with HTTP 200 OK after PATCH
.
Performing PATCH
on TLS versions creates an entry in the Security Log
. See Security Logs
Examples of entries (Description) in the Security Log
after performing PATCH
on TLS versions:
TLS Version 1.0 is Disabled by: username
TLS Version 1.0 is Enabled by: username
TLS Version 1.1 is Disabled by: username
TLS Version 1.1 is Enabled by: username
Managing the iLO Redfish Host Interface (“Virtual NIC”)
iLO 5 1.40 adds a virtual network interface to access iLO’s HTTPS resources (including the Redfish API and the Web GUI) to the host. This interface is disabled by default in Gen10 servers but may be enabled by default in future servers.
When accessing iLO 5 through the virtual network interface, authentication is enforced.
Enabling the Virtual NIC
The Virtual NIC (also known as the Redfish Host API) is disabled by default but may be enabled either though the Web GUI or by a Redfish operation. An iLO reset is required for this change to take effect.
PATCH /redfish/v1/Managers/{managerId}/
{
"Oem": {
"Hpe": {
"VirtualNICEnabled": true
}
}
}
Using the Virtual NIC
When enabled, software running on the server operating system may access the iLO 5 Web GUI or Redfish API using IP address 16.1.15.1
. Normal authentication is required.
NOTE: The Virtual NIC does NOT act as a passthrough to traffic on the iLO 5 network connection. It is a separate network connection into iLO’s resources.
Disabling the Virtual NIC
The Virtual NIC may be disabled either though the Web GUI or by a Redfish operation. An iLO reset is required for this change to take effect.
PATCH /redfish/v1/Managers/{managerId}/
{
"Oem": {
"Hpe": {
"VirtualNICEnabled": false
}
}
}
Secure Erase
The secure erase process resets iLO and deletes all licenses stored there, resets BIOS settings, and deletes all AHS and warranty data stored on the system. The secure erase process also erases supported non-volatile storage data and deletes any deployment settings profiles. iLO reboots multiple times after the process is initiated.
NOTE: Securely erasing the server can take up to a day to complete.
Secure erase erases supported non-volatile storage data and returns the server to the manufacturing default state. The feature complies with specification NIST SP 800-88 Revision 1, Guidelines for Media Sanitization. For more information about NIST SP 800-88, see https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf. Section 2.5 of the specification describes the level of sanitization. The appendix recommends minimum sanitization levels for media. Secure erase implements the NIST SP 800-88 Revision 1 Sanitization Recommendations for Purging user data and returns the server and supported components to the default state. This feature automates many of the tasks you follow in the Statement of Volatility document for a server. To view what was erased successfully, see View secure erase report. The process can take up to a day to fully erase and reset all user data. When you activate secure erase, iLO 5 does not allow firmware update or reset operations. DO NOT perform any iLO 5 configuration changes until this process is completed.
Secure erase access methods
You can initiate the secure erase process from the following products:
- iLO 5 2.30 or later
- Intelligent Provisioning 3.30 or later
- The iLO RESTful API
Prerequisites
- User account must have all iLO 5 permissions, including
SystemRecoveryConfigPriv
. - iLO Advanced license.
- Set the iLO security setting on the system maintenance switch to the OFF position.
- Disconnect any FCoE, iSCSI, external SAS, and Fibre Channel storage before using secure erase.
- Disable Server Configuration Lock. For instructions, see the UEFI System Utilities User Guide for HPE ProLiant Gen10 Servers and HPE Synergy.
- Disable Smart Storage Encryption. For instructions, see the
Clearing the encryption configuration
section in the HPE Smart Array SR Secure Encryption Installation and User Guide. - For c-Class and Synergy users: Remove HPE OneView or Virtual Connect profiles assigned to the system.
Process flow
- User initiates secure erase.
- Upon reboot, BIOS erases configuration, system time, TPM configuration and user data (drives and persistent memory). The system powers off after completion.
- iLO 5 then erases key NVRAM and NAND data, and then automatically resets.
Initiating secure erase through Redfish
To initiate secure erase, perform a POST
on /redfish/v1/Systems/<index>/Actions/Oem/Hpe/HpeComputerSystemExt.SecureSystemErase/
.
The payload for this POST includes two properties:
Property | Type | Description |
---|---|---|
SystemRomAndiLOErase | Boolean | Reset the system BIOS settings and iLO to manufacturing defaults. It also erases the Active Health System (AHS) user data in the NAND. |
UserDataErase | Boolean | Erase all the user data on the system including TPMs, persistent memory devices, storage controller configurations, RAID settings, and data from the hard drives attached to the system. USB and other removable media will be excluded. |
NOTE: The POST operation payload requires both the SystemRomAndiLOErase
and UserDataErase
parameters to be set to true
to initiate the secure erase process.
NOTE: Once you initiate this process, it cannot be undone.
POST /redfish/v1/Systems/1/Actions/Oem/Hpe/HpeComputerSystemExt.SecureSystemErase/
{
"SystemROMAndiLOErase" : true ,
"UserDataErase": true
}
This returns a response indicating that a server system reset is required.
returns
{
"error": {
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageId": "iLO.2.7.SystemResetRequired"
}
],
}
}
The client must then initiate a server reset using the Reset action in the ComputerSystem resource.
POST
/redfish/v1/Systems/{id}/Actions/ComputerSystem.Reset
{
"ResetType": "ForceRestart"
}
At this point the UEFI BIOS will begin erasing configuration information.
Monitor status of secure erase
Once the secure erase is initiated, perform GET
on /redfish/v1/Systems/1/
. This resource includes an object Oem.Hpe
which contains the status value properties for the secure erase previously initiated. This includes the following properties:
Property | Type | Description |
---|---|---|
UserDataEraseStatus | Status (Enum) |
Reports the overall user data erase status |
UserDataEraseComponentStatus.{ComponentName} | Status (Enum) |
Indicates the erase status of the individual components |
ElapsedEraseTimeInMinutes | Integer | Reports the time elapsed since the erase started |
EstimatedEraseTimeInMinutes | Integer | Reports the approximate time (in minutes) for the overall erase process |
The Status
enum takes the following values - Idle
, Initiated
, InProgress
, CompletedWithSuccess
, CompletedWithErrors
, Failed
.
View secure erase report
The client must then initiate a server reset using the Reset action in the ComputerSystem resource.
To view the secure erase report for each of the individual drives or disks installed, perform GET
on /redfish/v1/systems/1/Oem/Hpe/EraseReport/{reportId}
.
> curl https://{iLO}/redfish/v1/sytems/1/Oem/Hpe/EraseReport/2 -i --insecure -L
{
"ResetType" : "ForceRestart",
"DeviceType" : "NVMeDrive",
"DeviceIdentifier" : "NVMe M.2 Drive Slot 1 Bay 1",
"SerialNumber" : "<serialNumber>",
"EraseStatus" : "CompletedWithSuccess",
"EraseType" : "PURGE",
"StartTime" : "2019-05-30T08:40:13Z",
"EndTime" : "2019-05-30T08:40:13Z"
}
Impacts to the server after secure erase completes
The server will need to be re-provisioned to be used after this operation.
All data on impacted storage drives and persistent memory will be erased and is not recoverable.
- All RAID settings, disk partitions and OS installations will be lost.
BIOS and iLO 5 settings will be reset to defaults
- iLO 5 network and other settings will need to be reconfigured.
- iLO 5 Language Pack will be removed and iLO 5 will respond in English only.
- iLO 5 license reverts to “Standard”.
- The System Recovery Set will need to be recreated.
- iLO 5 user accounts will be removed and will revert to the default factory Administrator account and password.
- Active Health System, Integrated Management Log, and iLO 5 Event Logs will be cleared.
- BIOS and SmartStorage Redfish API data will be removed and recreated on the next boot.
- Secure Boot will be disabled and any enrolled certificates will be removed (other than the factory installed certificates).
- Boot options and BIOS User Defined Defaults are removed.
- Passwords, pass-phrases and/or encryption keys stored in the TPM or BIOS will be removed.
- Date, time, DST, and time zone will be reset.
- System will boot the most recent BIOS revision flashed.
Intelligent Provisioning will not boot and will need to be reinstalled.
Troubleshooting
In some situations the secure erase function may return an HTTP 500 Internal Server Error.
HTTP 500 Internal Server Error
{
"error": {
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageId": "Base.1.0.InternalError"
}
],
}
}
In the event of this error:
- Check if the installed BIOS firmware supports secure erase. Note: This feature is supported only on Gen10 servers and above that have been updated with SPP version 2019.03.0 or later.
- If the system is already updated with the correct BIOS firmware version, then reboot the server. Once the system booted, execute the secure erase again using POST action URI.
For more troubleshooting tips and secure erase FAQ, please refer “Intelligent Provisioning User Guide for HPE ProLiant Gen10 Servers and HPE Synergy” https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=sd00001085en_us
iLO Backup and Restore
The Backup and Restore service allows you to create and download a binary file containing the configuration of the iLO. In addition, you can restore the iLO configuration on a system with the same hardware configuration as the system that was backed up. This feature is not meant to duplicate a configuration and apply it to a different iLO system.
In general, it is not expected that you will need to perform an iLO restore operation. However, there are cases in which having a backup of the configuration eases and expedites the return to a normal operating environment.
As with any computer system, backing up your data is a recommended practice to minimize the impact from failures. Hewlett Packard Enterprise recommends performing a backup each time that you update the iLO firmware.
You might want to restore the iLO configuration in the following situations:
Battery failure or removal
Various configuration parameters are stored in the battery-powered SRAM. Although rare, the battery can fail. In some situations, battery removal and replacement might be required. To avoid the loss of configuration information, restore the iLO configuration from a backup file after the battery is replaced.
Reset to factory defaults
In some cases, you might need to reset iLO to the factory default settings to erase settings external to iLO. Resetting iLO to the factory default settings erases the iLO configuration. To recover the iLO configuration quickly, restore the configuration from a backup file after the reset to the factory default settings is complete.
Accidental or incorrect configuration change
In some cases, the iLO configuration might be changed incorrectly, causing important settings to be lost. This situation might occur if iLO is set to the factory default settings or user accounts are deleted. To recover the original configuration, restore the configuration from a backup file.
System board replacement
If a system board replacement is required to address a hardware issue, you can use this feature to transfer the iLO configuration from the original system board to the new system board.
Lost license key
If a license key is accidentally replaced, or you reset iLO to the factory default settings, and you are not sure which key to install, you can restore the license key and other configuration settings from a backup file.
What information is restored?
The iLO configuration includes many categories such as Power, Network, Security, the User Database, and License Keys. Most configuration information is stored in the battery-powered SRAM memory device, and it can be backed up and restored.
Information that is not restored
Some information is not suitable to be restored. The information that cannot be restored is not part of the iLO configuration, but instead is related to the iLO or server system state.
The following information is not backed up or restored:
- Security state—Allowing a restore operation to change the iLO security state would defeat the principles of security and enforcement of security.
- Integrated Management Log—To preserve information about events that occurred between the backup and the time or event that required the restore, this information is not restored.
- iLO Event Log—To preserve information about events that occurred between the backup and the time or event that required the restore, this information is not restored.
- Active Health System data—To preserve the information recorded during the backup and restore process, this information is not restored.
- Server state information— Server power state (ON/OFF), Server UID LED states, iLO and server clock settings.
Backing up the iLO 5 configuration
To find the information about the BackupRestoreService, perform GET /redfish/v1/Managers/1/BackupRestoreService
GET
/redfish/v1/Managers/1/BackupRestoreService
{
"@odata.context": "/redfish/v1/$metadata#HpeiLOBackupRestoreService.HpeiLOBackupRestoreService",
"@odata.etag": "W/\"D863AC37\"",
"@odata.id": "/redfish/v1/Managers/1/BackupRestoreService",
"@odata.type": "#HpeiLOBackupRestoreService.v2_2_0.HpeiLOBackupRestoreService",
"Id": "BackupRestoreService",
"BackupFileLocation": "/bkupdata/HPE_MXQ32200VV_20020928_0712.bak",
"BackupFiles": {
"@odata.id": "/redfish/v1/Managers/1/BackupRestoreService/BackupFiles"
},
"HttpPushUri": "/cgi-bin/uploadRestoreFile",
"Name": "Backup Restore Service"
}
GET the backup file based upon the
BackupFileLocation
URIGET
/bkupdata/HPE_MXQ32200VV_20020928_0712.bak
The GET operation to the BackupFileLocation
URI returns HTTP 200 with Content Type: application/octet-stream
. This is the binary image of the backup file.
Restoring the iLO 5 configuration
POST
/cgi-bin/uploadRestoreFile
The content type of the POST must be Form Data and include the session key.
Enabling Custom Backup and Restore
From iLO 5 v2.72 release, the backup and restore feature introduces a new OEM property called CustomBackupandRestore
. Users can enable this property that allows automatically restoring user defined iLO configuration that was earlier used for backup instead of the factory default settings.
/redfish/v1/managers/1/backuprestoreservice
(GET, PATCH)
"CustomBackupandRestore": {
"description": "This property indicates whether a custom backup and restore is enabled.",
"etag": true,
"readonly": false,
"type": "boolean"
}
NOTE:
- For iLO5 v2.72, only IPMI and SNMP user configurations are covered in this custom backup and auto-restore feature.
- An IEL is logged when the
PATCH
is performed to set theCustomBackupandRestore
property totrue
/false
. - When the auto-restore takes place during the iLO boot, there may be a possible delay of up to 120 seconds before some of the iLO functionalities become available after the auto-restore has taken place.
- iLO is configured to use the
Production
orHigh Security state
- custom backup and auto-restore functionality is not supported inFIPS
and higher security states. - If iLO is reset to the factory default settings, then the custom backup needs to be configured again.
To modify the value of the CustomBackupandRestore
property, send a PATCH
request to the Backup and Restore URI.
PATCH
/redfish/v1/managers/1/backuprestoreservice
{
"CustomBackupandRestore": true
}
Storage data models
The following sections describe the storage models supported by iLO - DMTF Redfish Storage Model and HPE OEM Storage Model.
DMTF Redfish Storage Model
HPE ProLiant Gen10 servers (iLO 5 version equal or greater than 2.30) and beyond implement the DMTF standard known as Platform Level Data Model for Redfish Device Enablement (PLDM for RDE). This open standard allows storage controllers to host their own set of Redfish resources and capabilities which are rooted under the iLO /redfish/v1
service root. As a result, responses to Redfish client requests are provided by the controllers through the iLO.
Without the implementation of PLDM for RDE in either the iLO firmware or the storage controller firmware, the iLO responds to Redfish client requests using its own database of storage controller resources and properties, populated during Pre-OS tasks (POST).
For updated information on the Redfish resources, corresponding URIs, and supported HTTP methods towards storage controllers implementing PLDM for RDE, see the Configuration
and Redfish
sections of the HPE SR Gen10 Plus Controller User Guide.
The array controllers have implemented the DMTF Redfish storage data model for inventory (GET). Starting at iLO 5 firmware version 2.65, the array controllers that have implemented the DMTF PLDM for RDE standard support Redfish write operations (POST, DELETE, and PATCH).
The following table lists the Redfish resources and the corresponding URIs for the GET requests towards storage controllers implementing PLDM for RDE:
Redfish Resource | Method | URI |
---|---|---|
Storage | GET | /redfish/v1/Systems/{item}/Storage/{item} |
Controller Collection | GET | /redfish/v1/Systems/{item}/Storage/{item}/Controllers |
Storage Controller | GET | /redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item} |
Port Collection | GET | /redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item}/Ports |
Volume Collection | GET | /redfish/v1/Systems/{item}/Storage/{item}/Volumes |
Volume Capabilities | GET | /redfish/v1/Systems/{item}/Storage/{item}/Volumes/Capabilities |
Volume | GET | /redfish/v1/Systems/{item}/Storage/{item}/Volumes/{item} |
Drive | GET | /redfish/v1/Systems/{item}/Storage/{item}/Drives/{item} |
The following table lists the Redfish resources and corresponding URIs for write requests towards storage controllers implementing PLDM for RDE:
Redfish Resource | Method | URI |
---|---|---|
Volume Create | POST | /redfish/v1/Systems/{item}/Storage/{item}/Volumes |
Volume Delete | DEL | /redfish/v1/Systems/{item}/Storage/{item}/Volumes/{item} |
NOTE: The Redfish responses from controllers implementing PLDM for RDE depend on the schema versions that are supported by each device and are likely to vary across each device vendor/family/model. Create and delete volume operations will also likely vary across devices.
For more information on RDE support changes and limitations, see Redfish Device Enablement (RDE) support.
Example GET responses
GET /redfish/v1/Systems/1/Storage/{item}
{
"@odata.context": "/redfish/v1/$metadata#Storage.Storage",
"@odata.etag": "W/\"F7D058EE\"",
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/",
"@odata.type": "#Storage.v1_12_0.Storage",
"Id": "DA000008",
"Controllers": {
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Controllers/"
},
"Drives": [
{
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/CAE9137A/"
},
{
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/F377244E/"
},
{
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/E55B33A9/"
},
{
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/69483FD4/"
}
],
"Links": {
"Enclosures": [
{
"@odata.id": "/redfish/v1/Chassis/1/"
}
]
},
"Name": "SATA Storage System",
"Status": {
"Health": "OK",
"State": "Enabled"
},
"StorageControllers": [
{
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008#/StorageControllers/0/",
"FirmwareVersion": null,
"Location": {
"PartLocation": {
"ServiceLabel": "System Board"
}
},
"Manufacturer": "",
"MemberId": "0",
"Model": "Embedded SATA Controller #2",
"Name": "SATA Storage Controller",
"PartNumber": "",
"SerialNumber": "<SerialNumber>",
"Status": {
"Health": null,
"State": null
},
"SupportedDeviceProtocols": [
"SATA"
]
}
]
}
GET /redfish/v1/Systems/1/Storage/{item}/Drives/{item}
{
"@odata.context": "/redfish/v1/$metadata#Drive.Drive",
"@odata.etag": "W/\"98A85B7F\"",
"@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/CAE9137A/",
"@odata.type": "#Drive.v1_7_0.Drive",
"Id": "CAE9137A",
"Actions": {
"#Drive.Reset": {
"ResetValue@Redfish.AllowableValues": [
"ForceOff",
"ForceOn",
"PowerCycle"
],
"target": "/redfish/v1/Systems/1/Storage/DA000008/Drives/CAE9137A/Actions/Drive.Reset/"
}
},
"CapacityBytes": 1000204000000,
"Identifiers": [],
"IndicatorLED": "Off",
"Location": [
{
"Info": "SATA Drive Box 3 Bay 4",
"InfoFormat": "BayNumber"
}
],
"MediaType": "HDD",
"Model": "MM1000GFJTE",
"Name": "Secondary Storage Device",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeiLODriveExt.HpeiLODriveExt",
"@odata.type": "#HpeiLODriveExt.v2_0_1.HpeiLODriveExt",
"DriveStatus": {},
"TemperatureStatus": {}
}
},
"PhysicalLocation": {
"PartLocation": {
"LocationOrdinalValue": 4,
"LocationType": "Bay",
"ServiceLabel": "SATA Drive Box 3 Bay 4"
}
},
"Revision": "HPG5",
"SerialNumber": "<SerialNumber>",
"Status": {
"Health": "OK",
"State": "Enabled"
}
}
GET /redfish/v1/Systems/1/Storage/{item}/Volumes/{item}
{
"@odata.etag": "\"14175561\"",
"@odata.id": "/redfish/v1/Systems/1/Storage/DE009000/Volumes/238",
"@odata.type": "#Volume.v1_4_0.Volume",
"Id": "238",
"Name": "MR Volume",
"Status": {
"State": "Enabled",
"Health": "OK"
},
"BlockSizeBytes": 512,
"CapacityBytes": 85899345920,
"DisplayName": "WESERVER",
"Encrypted": false,
"EncryptionTypes": [
"NativeDriveEncryption"
],
"Identifiers": [
{
"DurableName": "425380496",
"DurableNameFormat": "NAA"
}
],
"Links": {
"Drives@odata.count": 1,
"Drives": [
{
"@odata.id": "/redfish/v1/Systems/1/Storage/DE009000/Drives/8"
}
],
"DedicatedSpareDrives@odata.count": 0,
"DedicatedSpareDrives": []
},
"LogicalUnitNumber": 0,
"Operations": [],
"OptimumIOSizeBytes": 65536,
"RAIDType": "RAID0",
"ReadCachePolicy": "Off",
"StripSizeBytes": 65536,
"VolumeUsage": "Data",
"WriteCachePolicy": "WriteThrough"
}
Creating Volumes
Creating volumes in a storage controller supporting PLDM for RDE in write mode, is performed using a POST request toward /redfish/v1/Systems/1/Storage/{item}/Volumes
. The exhaustive list of required and optional parameters of such POST requests can be retrieved with a GET request to /redfish/v1/Systems/1/Storage/{item}/Volumes/Capabilities
This URI provides as well the possible values for each capability.
Verify POST requests are allowed to create volumes: HEAD /redfish/v1/Systems/1/Storage/{item}/Volumes
{
"Allow": "GET, HEAD, POST",
"Content-Length": "0",
"Date": "Tue, 05 Jul 2022 12:43:12 GMT",
"ETag": "W/\"75983E8D\"",
"Link": "</redfish/v1/SchemaStore/en/StorageCollection.json>; rel=describedby",
"OData-Version": "4.0",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "sameorigin",
"X-XSS-Protection": "1; mode=block"
}
Retrieve optional and required parameters to create a volume: GET /redfish/v1/Systems/1/Storage/{item}/Volumes/Capabilities
{
"@odata.id": "/redfish/v1/Systems/1/Storage/DE00D000/Volumes/Capabilities",
"@odata.type": "#Volume.v1_6_2.Volume",
"Id": "Capabilities",
"Name": "Capabilities for the volume collection",
"RAIDType@Redfish.RequiredOnCreate": true,
"RAIDType@Redfish.AllowableValues": [
"RAID0",
"RAID1",
"RAID10",
"RAID5",
"RAID50",
"RAID6",
"RAID60",
"RAID1Triple",
"RAID10Triple"
],
"CapacityBytes@Redfish.OptionalOnCreate": true,
"StripSizeBytes@Redfish.OptionalOnCreate": true,
"IOPerfModeEnabled@Redfish.OptionalOnCreate": true,
"IOPerfModeEnabled@Redfish.UpdatableAfterCreate": true,
"MediaSpanCount@Redfish.OptionalOnCreate": true,
"DisplayName@Redfish.OptionalOnCreate": true,
"DisplayName@Redfish.UpdatableAfterCreate": true,
"ReadCachePolicy@Redfish.OptionalOnCreate": true,
"ReadCachePolicy@Redfish.AllowableValues": [
"Off",
"ReadAhead"
],
"ReadCachePolicy@Redfish.UpdatableAfterCreate": true,
"WriteCachePolicy@Redfish.OptionalOnCreate": true,
"WriteCachePolicy@Redfish.AllowableValues": [
"Off"
],
"WriteCachePolicy@Redfish.UpdatableAfterCreate": true,
"VolumeUsage@Redfish.OptionalOnCreate": true,
"VolumeUsage@Redfish.AllowableValues": [
"Data"
],
"InitializeMethod@Redfish.OptionalOnCreate": true,
"InitializeMethod@Redfish.AllowableValues": [
"Background",
"Foreground"
],
"Links@Redfish.RequiredOnCreate": true,
"Links": {
"Drives@Redfish.RequiredOnCreate": true,
"DedicatedSpareDrives@Redfish.OptionalOnCreate": true,
"DedicatedSpareDrives@Redfish.UpdatableAfterCreate": true
},
"@odata.etag": "\"0A1FA1E9\""
}
Volume creation: POST /redfish/v1/Systems/1/Storage/{item}/Volumes
{
"CapacityBytes": <Number>,
"StripSizeBytes": <Number>,
"DisplayName": "string",
"ReadCachePolicy": "string",
"RAIDType": "string",
"WriteCachePolicy": "string",
"Links": {
"Drives": [
{
"@odata.id": "/redfish/v1/Systems/1/Storage/{item}/Drives/0"
},
{
"@odata.id": "/redfish/v1/Systems/1/Storage/{item}/Drives/4"
}
]
}
}
The properties to be passed as part of the POST payload are described below:
Property | Datatype | Description |
---|---|---|
CapacityBytes | Number | Size in bytes of this volume. |
StripSizeBytes | Number | The number of blocks (bytes) in a strip in a disk array that uses striped data mapping. |
DisplayName | String | A user-configurable string to name the volume. |
ReadCachePolicy | String | Indicates the read cache policy setting for the Volume. |
RAIDType | String | The RAID type of this volume. |
WriteCachePolicy | String (enum) "WriteThrough" / "UnprotectedWriteBack" / "ProtectedWriteBack" |
Indicates the write cache policy setting for the Volume. |
Links | Collection of @odata.id |
Links to the physical drives from which to create the Volume. |
Deleting Volumes
DELETE /redfish/v1/Systems/1/Storage/{item}/Volumes/{item}
HPE OEM Storage Models
HPE initially developed the SmartStorage
Redfish OEM data model for HPE ProLiant DL580 Gen8 server. This model supported inventory (GET) and monitoring (Events) features.
In HPE ProLiant Gen10, the SmartStorageConfig
resource was added to support configuration. This OEM model used a proprietary API that only supports the SR line of storage controllers. This OEM storage model is removed starting with HPE Gen11 servers. Customers are encouraged to use the open standard “DMTF Redfish Storage Model” described above.
The following table lists the Redfish resources and corresponding URIs for the GET requests toward the legacy OEM HPE SmartStorage
model:
Redfish Resource | Method | URI |
---|---|---|
HPE Smart Storage Config | GET | /redfish/v1/Systems/{item}/smartstorageconfig |
HPE Smart Storage | GET | /redfish/v1/Systems/{item}/SmartStorage |
HPE Smart Storage Array Controller Collection | GET | /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers |
HPE Smart Storage Array Controller | GET | /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item} |
HPE Smart Storage Logical Drive Collection | GET | /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers /{item}/LogicalDrives |
HPE Smart Storage Storage Enclosure Collection | GET | /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures |
HPE Smart Storage Disk Drive Collection | GET | /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives |
The following table lists the Redfish resources and corresponding URIs for write requests toward the legacy OEM HPE SmartStorageConfig
model
NOTE: The HPE SmartArray configuration process is similar to the way BIOS is configured. PATCH or PUT requests are performed toward a temporary setting zone. Then, upon reboot, the settings are verified and, if valid, they are transferred in the current area. If they are not valid, error messages are posted in the @Redfish.Settings
resource of current area.
Redfish Resource | Method | URI |
---|---|---|
Logical Drive Create & Delete | PUT | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Spare Drives | PATCH | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Spare Rebuild Mode | PATCH | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Accelerator | PATCH | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Read Cache Percent | PATCH | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Rebuild Priority | PATCH | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Surface Scan Analysis Priority | PATCH | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Drive Write Cache | PATCH | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
Physical Drive Erase | PUT | /redfish/v1/Systems/{item}/smartstorageconfig/settings |
ComputerSystem links to SmartStorageConfig
The SmartStorageConfig
resource sub-tree is linked into the ComputerSystem
resource:
GET
/redfish/v1/systems/{item}/
(output truncated)
...
{
"Oem": {
"Hpe": {
"SmartStorageConfig": {
"@odata.id": "/redfish/v1/systems/{item}/smartstorageconfig/"
}
}
}
}
...
The /redfish/v1/systems/{item}/smartstorageconfig/
URI is the GET-only current configuration which links to the pending configuration URI.
SmartStorageConfig output example
GET
/redfish/v1/systems/{item}/smartstorageconfig/
{
"@Redfish.Settings": {
"@odata.type": "#Settings.v1_0_0.Settings",
"ETag": "",
"Messages": [
{
"MessageId": "Base.1.0.Success"
}
],
"SettingsObject": {
"@odata.id": "/redfish/v1/systems/1/smartstorageconfig/settings/"
},
"Time": ""
},
"@odata.context": "/redfish/v1/$metadata#SmartStorageConfig.SmartStorageConfig",
"@odata.etag": "W/\"5C73F2701BE5B6B6B665E028E718BAB2\"",
"@odata.id": "/redfish/v1/systems/1/smartstorageconfig/",
"@odata.type": "#SmartStorageConfig.v2_0_0.SmartStorageConfig",
"CurrentParallelSurfaceScanCount": 1,
"DataGuard": "Strict",
"DegradedPerformanceOptimization": "Disabled",
"DriveWriteCache": "Disabled",
"ElevatorSort": "Enabled",
"EncryptionConfiguration": "None",
"EncryptionEULA": null,
"ExpandPriority": "Medium",
"FlexibleLatencySchedulerSetting": "Default",
"Id": "smartstorageconfig",
"InconsistencyRepairPolicy": "Disabled",
"Location": "Slot UNKNOWN",
"LocationFormat": "PCISlot",
"LogicalDrives": [
{
"Accelerator": "ControllerCache",
"BlockSizeBytes": 512,
"CapacityBlocks": 1953459632,
"CapacityGiB": 931,
"DataDrives": [
"P1I:3:1"
],
"DriveLocationFormat": "ControllerPort:Box:Bay",
"LegacyBootPriority": "None",
"LogicalDriveName": "Logical Drive 0",
"LogicalDriveNumber": 1,
"ParityGroupCount": 0,
"Raid": "Raid0",
"SpareDrives": [],
"SpareRebuildMode": null,
"StripSizeBytes": 262144,
"StripeSizeBytes": 262144,
"VolumeUniqueIdentifier": "600508B1001CAC3093F52C735D6DE038"
}
],
"MonitorAndPerformanceAnalysisDelaySeconds": 60,
"NoBatteryWriteCache": "Disabled",
"Oem": {
"Hpe": {
"@odata.type": "#HpeBiosExt.v2_0_0.HpeBiosExt",
"SettingsObject": {
"UnmodifiedETag": "W/\"1D348072E79A999999DDFE0BCB960774\""
}
}
},
"PhysicalDrives": [
{
"LegacyBootPriority": "None",
"Location": "P1I:3:1",
"LocationFormat": "ControllerPort:Box:Bay"
}
],
"Ports": [
{
"OperatingModeAfterReboot": "Mixed",
"PortIndex": 0
},
{
"OperatingModeAfterReboot": "Mixed",
"PortIndex": 1
}
],
"PowerModeAfterReboot": "MaxPerformance",
"PredictiveSpareRebuild": "Disabled",
"QueueDepth": "Automatic",
"ReadCachePercent": 100,
"RebuildPriority": "RapidLow",
"SurfaceScanAnalysisDelaySeconds": 3,
"SurfaceScanAnalysisPriority": "Idle",
"SurvivalPowerMode": "Enabled",
"WriteCacheBypassThresholdKiB": 1040
}
Update controller configuration
The controller configuration is accurate after boot, before any online changes are administered using dedicated applications like the HPE Smart Storage Administrator (SSA).
A live version of this data is available in both redfish/v1/Systems/{item}/smartstorageconfig/
and /redfish/v1/Systems/1/SmartStorage/
.
PATCH
/redfish/v1/Systems/{item}/smartstorageconfig/settings/
{
"DataGuard": "Strict",
"ExpandPriority": "High",
"RebuildPriority": "High",
"ReadCachePercent": 20
}
View logical drive inventory
The logical drive inventory is accurate after boot, before any online changes are administered using dedicated applications like the HPE Smart Storage Administrator (SSA).
A live version of this data is available in both redfish/v1/Systems/{item}/smartstorageconfig/
and /redfish/v1/Systems/1/SmartStorage
.
GET
/redfish/v1/Systems/{item}/smartstorageconfig/
{
"LocationFormat": "PCISlot",
"DataGuard": "Strict",
"Location": "Slot 1",
"BootVolumePrimary": "600508B1001C406C193B03A644CDF6C2",
"BootVolumeSecondary": "00000000000000000000000000000000",
"LogicalDrives": [
{
"LogicalDriveNumber": 1,
"Status": {
"State": "Enabled",
"HealthRollup": "OK",
"Health": "OK"
},
"VolumeUniqueIdentifier": "600508B1001C406C193B03A644CDF6C2",
"LegacyBootPriority": "Primary",
"CapacityGiB": 558,
"CapacityBlocks": 1171743324,
"Raid": "Raid0",
"StripSizeBytes": 262144,
"StripeSizeBytes": 524288,
"Accelerator": "None",
"LogicalDriveName": "A4119B335001438020C7EA30\u0002\u00012B8F",
"DriveLocationFormat": "ControllerPort:Box:Bay",
"DataDrives": [
"1I:1:1",
"1I:1:2"
],
"SpareDrives": []
}
]
}
The DataGuard property
The management of HPE Smart Storage devices requires a proper understanding of the DataGuard
property part of the SmartStorageConfig
sub-tree. The value of this attribute “indicates whether or not data destructive actions are allowed” as explained in the Resource Definitions paragraph.
This property is set in the pending settings area (SmartStorageConfig/Settings
) along with the directives to be performed by the Smart Storage device (i.e. Logical Volume Creation, Deletion…). During the next Pre-OS Tasks process, the iLO firmware checks its value and performs, or does not perform, the requested directives.
Read the DataGuard paragraph for the supported values.
Create logical drives
Find below two examples of logical drive creation.
PUT
/redfish/v1/Systems/{item}/smartstorageconfig/settings/
{
"DataGuard": "Disabled",
"LogicalDrives": [
{
"CapacityGiB": 558,
"Raid": "Raid0",
"StripSizeBytes": 262144,
"LogicalDriveName": "MyLD",
"DataDrives": [
"1I:1:1",
"1I:1:2"
],
"SpareDrives": [
"1I:1:3"
],
"Accelerator": "ControllerCache",
"LegacyBootPriority": "None"
}
]
}
PUT
/redfish/v1/Systems/{item}/smartstorageconfig/settings/
{
"DataGuard": "Disabled",
"LogicalDrives": [
{
"LogicalDriveName": "MyLD",
"Raid": "Raid5",
"DataDrives": {
"DataDriveCount": 4,
"DataDriveMediaType": "HDD",
"DataDriveInterfaceType": "SAS",
"DataDriveMinimumSizeGiB": 1000
}
}
]
}
DataGuard rules concerning Logical Volume deletion
- When
DataGuard
is set toDisabled
, logical drives are deleted if they are omitted or if the delete action is specified. - When
DataGuard
is set toPermissive
, logical drives are deleted if the delete action is specified. Omitted logical drives are not deleted. - When
DataGuard
is set toStrict
, in any case, logical drives are not deleted. If a logical drive is omitted or a delete action is found on a logical drive, the request returns an error.
Delete logical drives
There are two ways to delete logical drives. The first enables you to remove specific logical drives by Volume Unique Identifier. The second can be used to remove all logical drives.
The Actions
property is not present by default in the resource but must be added with an HTTPS PUT operation.
NOTE: The Actions
property here is under the specific logical drive you wish to delete.
PUT
/redfish/v1/Systems/{item}/SmartStorageConfig/Settings/
{
"LogicalDrives": [
{
"Actions": [{"Action": "LogicalDriveDelete"}],
"VolumeUniqueIdentifier": "600123459AF45456664443"
}
],
"DataGuard": "Permissive"
}
PATCH
/redfish/v1/Systems/{item}/SmartStorageConfig/Settings/
{
"LogicalDrives": [],
"DataGuard": "Disabled"
}
A system reboot is required for the Smart Storage firmware to validate and perform any requested changes. The result of the operations will be available in the current configuration resource at /redfish/v1/Systems/{item}/SmartStorageConfig/
(the parent resource of the settings resource.)
Sanitize drives
Physical drive erase:
PATCH
/redfish/v1/systems/{item}/smartstorageconfig/settings/
{
"Actions": [
{
"Action": "PhysicalDriveErase",
"ErasePattern": "SanitizeRestrictedBlockErase",
"PhysicalDriveList": [
"1I:1:1",
"1I:1:2"
]
}
],
"DataGuard": "Disabled"
}
Sanitize is a long running operation and the drive is not available (for RAID config) until sanitize is complete. The status can be checked from the iLO/SmartStorage data.
Redfish Device Enablement (RDE) support
Redfish Device Enablement (RDE) enables a management controller (iLO) to present Redfish-conformant data model of I/O devices in a server, without the need for code specific to each device vendor/family/model. With the changes described below, iLO is enabling these devices to handle their own Redfish data model but it is up to the vendors to make their devices conform to the latest standards of Redfish. The Redfish responses from the device depend on the schema versions that are supported by each device and are likely to vary across each device vendor/family/model.
NOTE: As of iLO 5 2.70 version, iLO returns 400 Bad Request
when RDE devices/adapters take a long time to process and respond to POST
requests.
iLO support for enabling RDE URIs and corresponding HTTP methods
The following table lists the Redfish URIs enabled by iLO for RDE capable devices. It also lists the iLO firmware version in which the support was added for the URI and HTTP method.
URI | GET | HEAD | PATCH | POST | DELETE |
---|---|---|---|---|---|
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces |
2.55 | - | - | - | - |
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId} |
2.55 | 2.55 | - | - | - |
/redfish/v1/Systems/{@systemId}/EthernetInterfaces |
2.55 | - | - | - | - |
/redfish/v1/Systems/{@systemId}/EthernetInterfaces/{@nicId} |
2.55 | 2.55 | 2.72 | 2.72 | - |
/redfish/v1/Chassis/{@chassisId}/PCIeDevices |
2.55 | - | - | - | - |
/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId} |
2.55 | 2.55 | - | - | - |
/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions |
2.55 | - | - | - | - |
/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions/{@PCIeFunctionId} |
2.55 | 2.55 | - | - | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters |
2.33 | - | - | - | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId} |
2.33 | 2.33 | 2.50 | 2.55 | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkPorts |
2.33 | - | - | - | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkPorts/{@portId} |
2.33 | 2.33 | 2.50 | 2.55 | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/Ports |
2.65 | - | - | - | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/Ports/{@portId} |
2.65 | 2.65 | 2.65 | 2.65 | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkDeviceFunctions |
2.33 | - | - | - | - |
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkDeviceFunctions/{@pfId} |
2.33 | 2.33 | 2.50 | 2.55 | - |
/redfish/v1/Systems/{@systemId}/Storage |
2.33 | - | - | - | - |
/redfish/v1/Systems/{@systemId}/Storage/{@storageId} |
2.33 | 2.50 | 2.50 | 2.55 | - |
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Drives/{@driveId} |
2.33 | 2.33 | 2.50 | 2.55 | - |
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/ |
2.70 | - | - | - | - |
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/{@controllerId} |
2.70 | 2.70 | 2.72 | - | - |
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/{@ControllerId}/Ports/{@portId} |
2.65 | 2.65 | 2.65 | - | - |
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes |
2.33 | - | - | 2.60 | - |
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes/{@volumeId} |
2.33 | 2.50 | 2.50 | 2.50 | 2.50 |
RDE capable device schema file locations
The schema files describing RDE capable devices are not stored in iLO nor in the device. However, their location is in the Link
response header property of HEAD requests.
These schema files can be obtained using iLOrest tool.
To get the controller schema file of an RDE capable storage controller:
ilorest rawhead /redfish/v1/Systems/1/Storage/DE07C000 2>/dev/null | jq ‘.Link’
http://redfish.dmtf.org/schemas/v1/Storage.v1_10_1.json#/definitions/Storage
To get the volume schema file of an RDE capable logical volumes:
ilorest rawhead /redfish/v1/Systems/1/Storage/DE07C000/Volumes 2>/dev/null | jq -r ‘.Link’
http://redfish.dmtf.org/schemas/swordfish/v1/VolumeCollection.json
To get the network port schema file of an RDE capable network adapter:
ilorest rawhead /redfish/v1/Chassis/1/NetworkAdapters/DE080000/NetworkPorts 2>/dev/null | jq ‘.Link’
http://redfish.dmtf.org/schemas/v1/NetworkPortCollection.json
For more details, refer to the DMTF RDE specification.
Compute node data
Base FRUs
iLO 5 features the ability to display the FRU data on server blade board.
Accessing Base FRUs through Redfish
To access the Redfish Base FRUs resource, perform GET
on /redfish/v1/Chassis/1/BaseFrus/
.
This resource includes a link to the collection of entries
/redfish/v1/Chassis/1/BaseFrus/
.
Individual FRUs can be accessed by performing GET
on /redfish/v1/Chassis/1/BaseFrus/{@baseId}/Details
.
> curl https://{iLO}/redfish/v1/Chassis/1/BaseFrus/{@baseId}/Details -i --insecure -L
{
"BladeInfo":{
"Capabilities":{
"BBCoordMap":["A"],
"ChangesRequireReboot": true,
"CurrentSenseSF":[195],
"DynamicPower": true,
"EkeyGroupMatchReq":[],
"ILOHwReset": true,
"StaticLowPowerMode": true,
"TVSMechanicalFuse": true,
"TempDeadlyDelayTime": 120,
"UEFISupport": true
},
"PortMap":[
{
"BBCoord": "A",
"BBMezzSlot":[
{
"LinkInfo":{"LType": "PCIe"},
"MZ": 1,
"Sys":[
{
"Cpu": 1,
"Id": "1",
"Pin":[
"0..15"
]
}
]
},
{
"LinkInfo":{
"LType": "PCIe"
},
"MZ": 2,
"Sys":[
{
"Cpu": 2,
"Id": "1",
"Pin":[
"0..15"
]
}
]
},
{
"LinkInfo":{"LType": "PCIe"},
"MZ": 3,
"Sys":[
{
"Cpu": 1,
"Id": "1",
"Pin":[
"0..15"
]
}
]
}
]
}
],
"Systems":[
{
"Components":[
{
"Count": 2,
"DevType": "Processor",
"Name": "CPU Slots"
},
{
"Count": 32,
"DevType": "DIMM",
"Name": "Memory Module Slots"
}
],
"Id": "1"
}
]
},
"IpmiProductInfo":{
"AssemblyPartNumber": "<AssemblyPartNumber>",
"BoardRevCode": "X3",
"ChassisDepth": 572,
"ChassisHeight": 213,
"ChassisPartNumber": "<ChassisPartNumber>",
"ChassisSerialNumber": "<ChassisSerialNumber>",
"ChassisWidth": 64,
"ManufacturedFor": "HPE",
"Manufacturer": "HPE",
"PCASerialNumber": "<PCASerialNumber>",
"PCASparePartNumber": "<PCASparePartNumber>",
"PartNumber": "<PartNumber>",
"ProductVersion": "10P",
"SerialNumber": "<SerialNumber>",
"SlotsConsumedHeight": 1,
"SlotsConsumedWidth": 1
},
"MgmtConfig":[
{
"ConnectType": "iLO",
"CustomerVisible": true,
"LinkRate": "1Gb",
"ProtocolType": "Ethernet"
}
],
"PowerInfo":{
"FullOn": 22,
"LowMode": 16,
"MaxPowerDuringAlert": 22,
"Vaux": 10
},
"Preamble":{
"CommType":[
"iLO",
"RIS"
],
"EEPROMSize": 4096,
"EfuseResetDuration": 4,
"FactoryTimeStamp": "2020-08-13T04:08:02+0000",
"FruSubType":[
"Blade",
"IpmiSegment"
],
"FruType": "ServerBlade",
"GreenFactor":[
"Low Halogen"
],
"HwCompliance":[],
"Language": "en-US",
"LastModified": "2020-07-10",
"Model": "Synergy 480 Gen10 Plus Compute Module"
},
"Type": "HpServerFru.1.0.1"
}
Mezzanine FRUs
The NIC and Mezzanine (Mezz) option FRU information informs Onboard Administrator of the type of interconnects each server requires. Before power is provided to a server blade, Onboard Administrator compares this information with the FRU EEPROMs on installed interconnect modules to check for electronic keying errors.
iLO 5 features the ability to display the FRU data on the cards in the Mezzanine slots.
Accessing MEZZ FRUs through Redfish
To access the Redfish MEZZ FRUs resource, perform GET
on /redfish/v1/Chassis/1/MezzFrus/
.
This resource includes a link to the collection of entries /redfish/v1/Chassis/1/MezzFrus/
.
Individual FRUs can be accessed by performing GET
on /redfish/v1/Chassis/1/MezzFrus/{@mezzId}/Details
.
> curl https://{iLO}/redfish/v1/Chassis/1/MezzFrus/{@mezzId}/Details -i --insecure -L
{
"Type": "HpMezzFru.1.0.1",
"Preamble":{
"Model": "Synergy 4820C 10/20/25Gb CNA",
"LastModified": "2018-03-29",
"FactoryTimeStamp": "2019-11-29T02:04:57+0000",
"EEPROMSize": 16384,
"Language": "en-US",
"HwCompliance":[
"PCI"
],
"GreenFactor":[],
"FruType": "Mezz",
"FruSubType":[
"Ethernet",
"IpmiSegment"
],
"CommType":[
"DCI",
"RIS",
"iLO"
]
},
"IpmiProductInfo":{
"Manufacturer": "HPE",
"ManufacturedFor": "HPE",
"SerialNumber": "<SerialNumber>",
"PartNumber": "<PartNumber>",
"PCASerialNumber": "<PCASerialNumber>",
"PCASparePartNumber": "<PCASparePartNumber>",
"AssemblyPartNumber": "<AssemblyPartNumber>",
"BoardRevCode": "0A"
},
"PowerInfo":{
"FullOn": 13,
"LowMode": 11,
"Vaux": 6
},
"MezzInfo":{
"CardType": "C",
"Capabilities":{
"EkeyMismatch": "DisableOnReboot",
"EkeyGroupMatchReq":[],
"EkeyPortToAirIsOk": true,
"ScanChainSupport": true,
"PortSwap": true,
"LLSupport": false,
"LinkInfo":{"LType": "PCIe", "LWidth":["16x" ], "LReverse": true},
"ESwitchSupport": false,
"CLPSupport": false
},
"PortMap":[
{
"ConnName": "System",
"ConnType":[
"Copper"
],
"SysToPort":[
{
"PrName": "Flex10",
"PrSp": 10,
"PinSp": 10,
"Capabilities":[
{"Pin":["0..15" ], "PrName": "Flex10-1"},
{"Pin":["0..15" ], "PrName": "Flex10-3"}
]
},
{
"PrName": "Flex20",
"PrSp": 20,
"PinSp": 10,
"Capabilities":[
{"Pin":["0..15" ], "PrName": "Flex20-1:2"},
{"Pin":["0..15" ], "PrName": "Flex20-3:4"}
]
},
{
"PrName": "Flex25",
"PrSp": 25,
"PinSp": 25,
"Capabilities":[
{"Pin":["0..15" ], "PrName": "Flex25-1"},
{"Pin":["0..15" ], "PrName": "Flex25-3"}
]
}
]
},
{
"ConnName": "Fabric",
"ConnType":["Copper"],
"MediaInfo":[
{"MediaId": 1, "MAC": "94:40:c9:5b:34:76"},
{"MediaId": 2, "WwpnPrefix": "20:00:"},
{"MediaId": 3, "WwnnPrefix": "10:00:"}
],
"PortToFabric":[
{
"PortId": 1,
"Personality":[
{
"TechType": "Ethernet",
"SubType":["Ethernet", "iSCSI", "FCoE"],
"SerdesType": "FF",
"Capabilities":[
{"PrType": "Ethernet", "PrName": "Flex10-1", "PrSp": 10, "PinSp": 10},
{"PrType": "Ethernet", "PrName": "Flex20-1:2", "PrSp": 20, "PinSp": 10},
{"PrType": "Ethernet", "PrName": "Flex25-1", "PrSp": 25, "PinSp": 25},
{"PrType": "iSCSI", "PrName": "Flex10-1", "PrSp": 10, "PinSp": 10},
{"PrType": "iSCSI", "PrName": "Flex20-1:2", "PrSp": 20, "PinSp": 10},
{"PrType": "iSCSI", "PrName": "Flex25-1", "PrSp": 25, "PinSp": 25},
{"PrType": "FCoE", "PrName": "Flex10-1", "PrSp": 10, "PinSp": 10},
{"PrType": "FCoE", "PrName": "Flex20-1:2", "PrSp": 20, "PinSp": 10},
{"PrType": "FCoE", "PrName": "Flex25-1", "PrSp": 25, "PinSp": 25}
]
}
]
},
{
"PortId": 2,
"Personality":[
{
"TechType": "Ethernet",
"SubType":["Ethernet", "iSCSI", "FCoE"],
"SerdesType": "FF",
"Capabilities":[
{"PrType": "Ethernet", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
{"PrType": "Ethernet", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
{"PrType": "Ethernet", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
{"PrType": "iSCSI", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
{"PrType": "iSCSI", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
{"PrType": "iSCSI", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
{"PrType": "FCoE", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
{"PrType": "FCoE", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
{"PrType": "FCoE", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25}
]
}
]
}
],
"PortToFabricSwap":[
{
"PortId": 1,
"Personality":[
{"TechType": "Ethernet", "SubType":["Ethernet", "iSCSI", "FCoE" ], "SerdesType": "FF"}
]
},
{
"PortId": 2,
"Personality":[
{
"TechType": "Ethernet",
"SubType":["Ethernet", "iSCSI", "FCoE"],
"SerdesType": "FF",
"Capabilities":[
{"PrType": "Ethernet", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
{"PrType": "Ethernet", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
{"PrType": "Ethernet", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
{"PrType": "iSCSI", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
{"PrType": "iSCSI", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
{"PrType": "iSCSI", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
{"PrType": "FCoE", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
{"PrType": "FCoE", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
{"PrType": "FCoE", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25}
]
}
]
}
]
}
]
}
}
Logging
iLO 5 features a logging service that enables you to view logs of different categories. These logs are of the following types - Security Logs (SL), Integrated Management Logs (IML), iLO Event Logs (IEL), Alert Event Logs, and DPU Logs. All of these logs are part of the #LogServices
resource type. The entry point for the SL, IML, and Alert Event logs is at /redfish/v1/systems/{item}/logservices
. The entry point for the IEL is at /redfish/v1/managers/{item}/logservices
.
Security Logs
The Security Logs provide a record of the security events recorded by the iLO firmware. Examples of the logged events include changes to the security configuration and security compliance issues. Other logged events include hardware intrusion, maintenance, and denial of service. The security logs provide a focused view of all recorded security events. When the security log is full, the new events overwrite the previous event in the log.
Accessing SLs through Redfish
To access the Redfish SL resource, perform GET
on /redfish/v1/Systems/1/LogServices/SL/
. This resource includes a link to the collection of entries /redfish/v1/Systems/1/LogServices/SL/Entries/
and an action /redfish/v1/Systems/1/LogServices/SL/Actions/LogService.ClearLog
to clear the SLs. Individual SLs can be accessed by performing GET
on /redfish/v1/Systems/1/LogServices/SL/Entries/{@SlId}
.
> curl https://{iLO}/redfish/v1/systems/1/logservices/sl/entries/{SlId} -i --insecure -L
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.etag": "W/\"89680635\"",
"@odata.id": "/redfish/v1/Systems/1/LogServices/SL/Entries/3",
"@odata.type": "#LogEntry.v1_1_0.LogEntry",
"Id": "3",
"Created": "2020-01-08T11:15:41Z",
"EntryType": "Oem",
"Message": "iLO detected 3 unauthorized login attempts.",
"Name": "Security Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_3_0.HpeLogEntry",
"Categories": [
"Security",
"Administration"
],
"Class": 56,
"ClassDescription": "Denial of Service",
"Code": 2,
"Count": 1,
"EventNumber": 3,
"Severity": "Informational",
"Updated": "2020-01-08T11:15:41Z",
"UserAction": "Not Applicable"
}
},
"OemRecordFormat": "Hpe-SL",
"Severity": "OK"
}
Clearing SLs through Redfish Action
To completely clear all SLs, perform POST
on https://{iLOIP}/redfish/v1/systems/1/logservices/sl/Actions/LogService.ClearLog
.
NOTE: Cleared SLs will be available in the server AHS logs.
Integrated Management Log
The IML provides a record of historical events that have occurred on the server. Events are generated by the system ROM and by services such as the iLO drivers. Logged events include server-specific information such as health and status information, firmware updates, operating system information, and ROM-based POST codes. Entries in the IML can help you diagnose issues or identify potential issues. Preventative action might help to avoid disruption of service. When the IML is full, new events overwrite the previous event in the log.
Examples of IML event types
- Fan actions and status
- Power supply actions and status
- Temperature status and automatic shutdown actions
- Drive failure
- Firmware flash actions
- Smart Storage Energy Pack status
- Network actions and status
Accessing IMLs through Redfish
To access the Redfish IML resource, perform GET
on /redfish/v1/Systems/1/LogServices/IML/
. This resource includes a link to the collection of entries /redfish/v1/Systems/1/LogServices/IML/Entries/
and an action LogService.ClearLog
to clear the IMLs. Individual IMLs can be accessed by performing GET
on /redfish/v1/Systems/1/LogServices/IML/Entries/{@ImlId}
.
> curl https://{iLO}/redfish/v1/systems/1/logservices/iml/entries/{ImlId} -i --insecure -L
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.etag": "W/\"C18B58CC\"",
"@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1",
"@odata.type": "#LogEntry.v1_1_0.LogEntry",
"Id": "1",
"Created": "0000-00-00T00:00:00Z",
"EntryType": "Oem",
"Message": "IML Cleared (iLO user: admin)",
"Name": "Integrated Management Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_3_0.HpeLogEntry",
"Categories": [
"Maintenance",
"Administration"
],
"Class": 33,
"ClassDescription": "Maintenance",
"Code": 1,
"Count": 1,
"EventNumber": 51,
"Severity": "Informational",
"Updated": "0000-00-00T00:00:00Z"
}
},
"OemRecordFormat": "Hpe-IML",
"Severity": "OK"
}
Repairing IMLs through Redfish PATCH
To manually mark an IML event as repaired, perform a PATCH
on https://{iLOIP}/redfish/v1/systems/1/logservices/iml/entries/{ImlId}
. This is only supported on events that are of severity Caution
or Critical
.
NOTE: When events are manually marked as repaired, SNMP or REST alerts are not notified.
PATCH /redfish/v1/systems/1/logservices/iml/entries/{ImlId}
{
"Oem" : {
"Hpe" : {
"Repaired" : true
}
}
}
Clearing IMLs through Redfish Action
To completely clear all IMLs, perform POST
on https://{iLOIP}/redfish/v1/systems/1/logservices/iml/Actions/LogService.ClearLog
.
NOTE: Cleared IMLs are available in the server AHS logs.
iLO Event Log
The iLO Event Log provides a record of significant events recorded by the iLO firmware. Examples of the logged events include server events such as a server power outage or a server reset. Other logged events include logins, virtual power events, clearing the log, and some configuration changes. iLO provides secure password encryption, tracking all login attempts and maintaining a record of all login failures. The Authentication Failure Logging setting allows you to configure logging criteria for failed authentications. The event log captures the client name for each logged entry to improve auditing capabilities in DHCP environments, and records the account name, computer name, and IP address. When the event log is full, each new event overwrites the oldest event in the log. For a list of the errors that might appear in the event log, see the error messages guide for your server.
Accessing IELs through Redfish
To access the Redfish IEL resource, perform GET
on /redfish/v1/Managers/1/LogServices/IEL/
. This resource includes a link to the collection of entries /redfish/v1/Managers/1/LogServices/IEL/Entries/
and an action /redfish/v1/Managers/1/LogServices/IEL/Actions/LogService.ClearLog
to clear the IELs. Individual IELs can be accessed by performing GET
on /redfish/v1/Managers/1/LogServices/IEL/Entries/{@IelId}
.
> curl https://{iLO}/redfish/v1/managers/1/logservices/iel/entries/{IelId} -i --insecure -L
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.etag": "W/\"C1EEC71D\"",
"@odata.id": "/redfish/v1/Managers/1/LogServices/IEL/Entries/1",
"@odata.type": "#LogEntry.v1_1_0.LogEntry",
"Id": "1",
"Created": "2022-02-25T05:13:01Z",
"EntryType": "Oem",
"Message": "Host REST login: System Administrator",
"Name": "iLO Event Log",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_3_0.HpeLogEntry",
"Categories": [
"Security",
"Administration"
],
"Class": 35,
"ClassDescription": "iLO 5",
"Code": 1131,
"Count": 11,
"EventNumber": 256407,
"Severity": "Informational",
"Updated": "2022-02-25T05:13:11Z"
}
},
"OemRecordFormat": "Hpe-iLOEventLog",
"Severity": "OK"
}
Clearing IELs through Redfish Action
To completely clear all IELs, perform POST
on https://{iLOIP}/redfish/v1/managers/1/logservices/iel/Actions/LogService.ClearLog
.
NOTE: Cleared IELs will still be present in the server AHS logs.
Alert Event Log
The Entries
under API - /redfish/v1/Systems/{item}/LogServices/Event/Entries
list alerts in iLO. In general, clients can choose to asynchronously receive events by Subscribing to Event. Alerts
are specifically those event entries having EventType
as Alert
, and they can be accessed synchronously by performing GET on /redfish/v1/Systems/{item}/LogServices/Event/Entries
(without subscribing).
As of iLO 5 v2.70, these alerts are non-persistent, meaning that after an iLO reset, the count of /Event/Entries
resets to 0
, and only the new alerts generated after the iLO reset are logged to this collection. iLO can store up to 256 REST alerts (no life cycle events will be stored) in a rolling buffer mechanism. These alerts can also be cleared by performing POST
on /redfish/v1/Systems/1/LogServices/Event/Actions/LogService.ClearLog/
.
Following information will only be stored/retrieved and presented in JSON format as an API response:
EventID
EventTimeStamp
Created
MessageId
Severity
OriginOfCondition
MessageArgs
ServiceEvent
The Properties from EventID
to MessageArgs
are all under the LogEntry
schema, while ServiceEvent
is a new OEM property defined with iLO 5 firmware v2.70.
Accessing Alert Event Log through Redfish
To access the Redfish Alert Event Log resource, perform GET
on /redfish/v1/Systems/1/LogServices/Event/
. This resource includes a link to the collection of entries /redfish/v1/Systems/1/LogServices/Event/Entries
and an action /redfish/v1/Systems/1/LogServices/Event/Actions/LogService.ClearLog/
to clear the Alert Event Logs. Individual Alert Event Logs can be accessed by performing GET
on /redfish/v1/Systems/1/LogServices/Event/Entries/{@entriesId}
.
GET /redfish/v1/Systems/1/LogService/Event/Entries/24
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/1/LogServices/Event/Entries/24/",
"@odata.type": "#LogEntry.v1_11_0.LogEntry",
"Id": "24",
"Created": "2022-08-01T00:05:59Z",
"EntryType": "Oem",
"EventId": "3f4b0657-6612-5c36-d2fa-d747682c8c8b",
"EventTimestamp": "2022-08-01T00:05:59Z",
"Links": {
"OriginOfCondition": {
"@odata.id": "/redfish/v1/Chassis/2/Thermal#Fans/0/"
}
},
"MessageArgs": [
"1"
],
"MessageId": "iLOEvents.3.7.FanFailed",
"Name": "Event",
"Oem": {
"Hpe": {
"@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
"@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
"ServiceEvent": "True"
}
},
"OemRecordFormat": "Hpe-Event",
"Severity": "Critical"
}
Clearing Alert Event Log through Redfish Action
To completely clear all Alert Event Logs, perform POST
on https://{iLOIP}/redfish/v1/Systems/1/LogServices/Event/Actions/LogService.ClearLog/
.
DPU Log
DPU devices maintain a separate resource tree (i.e. /redfish/v1/systems/2
) and all sub-resources are listed under it. One of these sub-resources is the DPU Management Logs resource - /redfish/v1/systems/2/LogServices/DPU
.
The DPU Management logs provide a record of historical events that have occurred on the DPU. Logged events include DPU-specific information such as health and status information, firmware updates, configuration changes etc. Entries
in the DPU can help you diagnose issues or identify potential issues. Preventative action might help to avoid disruption of service. When the DPU Log entry collection is full, new events overwrite the previous event in the log.
Accessing DPU Log through Redfish
To access the Redfish DPU Log resource, perform GET
on /redfish/v1/Systems/2/LogServices/DPU/
. This resource includes a link to the collection of entries /redfish/v1/Systems/2/LogServices/DPU/Entries
and an action /redfish/v1/Systems/2/LogServices/DPU/Actions/LogService.ClearLog/
to clear the DPU Logs. Individual DPU Log can be accessed by performing GET
on /redfish/v1/Systems/2/LogServices/DPU/Entries/{@entriesId}
.
GET /redfish/v1/Systems/2/LogServices/DPU/Entries/1
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.etag": "W/\"D92B34AC\"",
"@odata.id": "/redfish/v1/Systems/2/LogServices/DPU/Entries/1",
"@odata.type": "#LogEntry.v1_11_0.LogEntry",
"Id": "1",
"Created": "2021-06-10T08:08:42Z",
"EntryType": "Oem",
"Message": "DPU Log cleared by: Administrator",
"Name": "DPU Log",
"Severity": "OK"
}
Clearing DPU Log through Redfish Action
To completely clear all DPU Logs, perform POST
on https://{iLOIP}/redfish/v1/Systems/2/LogServices/DPU/Actions/LogService.ClearLog/
.
Serial interface
The Redfish serial interface resource lists physical serial interfaces that allow access to iLO. It allows administrators to configure the baud rate and enable or disable serial access to iLO Command line interface using server physical serial port.
Accessing serial interfaces resource through Redfish
To access the Redfish serial interfaces resource, perform GET
on /redfish/v1/Managers/1/SerialInterfaces/
.
This collection resource includes links to the serial interface members /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}
.
Viewing serial interface configuration
To view configuration information on a specific member from the serial interfaces collection, perform GET
on /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}
.
This resource provides configurable information on the following:
Property | Type | Description |
---|---|---|
InterfaceEnabled | Boolean | An indication of whether this interface is enabled |
BitRate | Enum (Bitrate ) |
The receive and transmit rate of data flow, typically in bits per second (bit/s), over the serial connection |
The Bitrate
enum can take the following values - "9600"
, "19200"
, "38400"
, "57600"
, "115200"
> curl https://{iLO}/redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId} -i --insecure -L
{
"@odata.context": "/redfish/v1/$metadata#SerialInterface.SerialInterface",
"@odata.etag": "W/\"0CFA12DC\"",
"@odata.id": "/redfish/v1/Managers/1/SerialInterfaces/1",
"@odata.type": "#SerialInterface.v1_1_7.SerialInterface",
"Id": "1",
"BitRate": "115200",
"Description" : "Serial Interface",
"InterfaceEnabled" : true,
"Name" : "SerialInterface"
}
Configuring serial interface through Redfish PATCH
To modify the serial interface configuration, perform a PATCH
on /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}
.
PATCH /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}
{
"InterfaceEnabled" : true,
"BitRate" : "9600"
}
HPE Persistent Memory Configuration
Configuration of HPE Persistent Memory featuring Intel Optane persistent memory modules (PMM) uses the Redfish MemoryChunk, MemoryDomain, and TaskService to manage goal configurations. Please note that the HPE RESTful Interface tool v2.5.0 provides commands for inventory and configuration of PMMs. The new HPE Persistent Memory Management Utility provides a graphical experience for managing PMMs. Both tools use the iLO RESTful API, but add a layer of abstraction for the user.
Concepts and Terms
Term | Definition |
---|---|
Interleave Set | A group of Memory Regions that are interleaved together. Represented by a MemoryChunk in Redfish. |
Memory Chunk | A Memory Chunk is a group of one or more regions. The chunk represents an interleave set. Memory Domains and Chunks will ONLY be reported for Persistent Regions. Volatile Regions will be treated just like DIMMs with no such data reported. |
Memory Domain | Memory Domains are used to indicate to the client which Memory (DIMMs) can be grouped together in Memory Chunks to form interleave sets or otherwise grouped together. Informational only, not configurable. |
Memory Region | A region is a portion of a DIMM of a specific size and mode. A DIMM can have one or more regions. Regions can be the same or different mode on a DIMM. |
Namespace | For PMM, this is a device made available in filesystem (OS) source. |
Overview
To create a MemoryChunk and Regions required, POST a MemoryChunk to the MemoryChunkCollection in a specific MemoryDomain. In the POST, list the DIMMs that should be included in MemorySet for the MemoryChunk, based on the InterleavableMemorySets
in the MemoryDomain. All DIMMs on the socket related to the MemoryDomain must be configured in a MemoryChunk in order for the configuration to succeed.
To delete a MemoryChunk, DELETE the MemoryChunk from the MemoryChunkCollection. Deleting a MemoryChunk will result in the corresponding memory region being set to volatile memory.
POST will only be supported for persistent Memory Chunks. Remaining capacity will be configured as volatile. Only persistent Memory Chunks will be reported in the system, since volatile interleaving is not reported for standard DIMMs.
Only one Interleaved MemoryChunk is supported, and that Interleaved MemoryChunk must include all DIMMs on that socket. This matches what is specified in the MemoryDomain’s InterleavableMemorySets
. If several POST requests are issued to configure multiple Interleaved MemoryChunks on a socket, iLO will reject the POST. iLO ensures all CPU installed PMMs are included in the memory set for a POST that is creating an interleaved Memory Chunk. This also checks for duplicate DIMM entries.
Memory Population Violations
If the memory population rules are violated, then configuration through the iLO RESTful API is not supported. Configuration may fail or have unexpected results.
MemoryChunk POST properties
AddressRangeType
: requiredMemoryChunkSizeMiB
: optional, default value is 0. Maximum is the sum total of the CapacityMiB of each Memory in theInterleaveSets
. Specify this orMemoryChunkSizePercentage
, but not both. In order to create the PMM goal configuration, sizes will be converted to a percentage. During this conversion, the size may change slightly.IsMirrorEnabled
: optional, default value is falseIsSpare
: optional, default is false.InterleaveSets
: required. Must match one of theInterleavableMemorySets
in the corresponding MemoryDomain. IfInterleaveSet
is empty, all possible Memory in the Memory Domain will be included in the Memory Chunk by default. BIOS will use best interleaving.Oem.Hpe.MemoryChunkSizePercentage
: optional, default value is 0. Specify this orMemoryChunkSizeMiB
, but not both.MemoryChunkSizePercentage
is recommended.
Note: The values specified by MemoryChunkSizeMiB
or MemoryChunkSizePercentage
must be the same across all POST requests on a given socket (Memory Domain).
Example MemoryChunk POST
The example below is a POST body for creating a MemoryChunk using the MemoryChunkSizePercentage
property. The PMMs on processor 1 in slots 6 and 7 will be interleaved and provisioned to 50% persistent memory (App Direct) mode. The remaining 50% is set to volatile (memory) mode.
POST /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/
{
"AddressRangeType": "PMEM",
"Oem": {
"Hpe": {
"MemoryChunkSizePercentage": 50
}
},
"InterleaveSets": [
{
"Memory" : { "@odata.id": "/redfish/v1/Systems/1/Memory/proc1dimm6/"}
},
{
"Memory" : { "@odata.id": "/redfish/v1/Systems/1/Memory/proc1dimm7/"}
}
]
}
Configuration Tasks
Since the POST and DELETE modifications to the MemoryChunks are applied on system reboot, iLO will create a Task for each request. The Tasks are managed by the TaskService. On success, the POST and DELETE responses will include information about the corresponding Task. All the staged Tasks will be provided to BIOS on reboot. BIOS will process all the Tasks, in order, to create new Goal Configurations for each impacted PMMs. If Goal Configurations cannot be created, then ALL of the Tasks will fail, and the Task status will report the reason for the failure. PATCH to the MemoryChunk is not supported, so reconfiguration of existing configurations must first DELETE the existing MemoryChunks before creating a new configuration.
Example response to a MemoryChunk POST:
Status: 202 Accepted
{
"@odata.context": "/redfish/v1/$metadata#Task.Task",
"@odata.etag": "W/\"D793BCE6\"",
"@odata.id": "/redfish/v1/TaskService/Tasks/1545/",
"@odata.type": "#Task.v1_3_0.Task",
"Id": "1545",
"Description": "iLO Task",
"Messages": [
{}
],
"Name": "Task 1545",
"Payload": {
"HttpOperation": "POST",
"JsonBody": "{\"AddressRangeType\":\"PMEM\",\"InterleaveSets\":[{\"Memory\":{\"@odata.id\":\"/redfish/v1/Systems/1/Memory/proc1dimm6/\"}},{\"Memory\":{\"@odata.id\":\"/redfish/v1/Systems/1/Memory/proc1dimm7/\"}}],\"Oem\":{\"Hpe\":{\"MemoryChunkSizePercentage\":100}}}",
"TargetUri": "/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/"
},
"StartTime": "2019-03-06T16:18:50Z",
"TaskMonitor": "/redfish/v1/TaskService/TaskMonitors/1545/",
"TaskState": "New"
}
POST and Task limits
iLO will limit the total number of Tasks to a minimum of 192.
Configuration Sequencing
The intent of configuration will only be inferred from the sequence in which the requests are made. As such, any DELETE requests must precede any POST requests relating to MemoryDomains on the same socket. A DELETE request and a POST request may be performed in the same reboot, as long as they follow this rule.
Example 1: Reconfigure to Change Interleaving
Start: Example configuration is two PMMs, A1 and A2, of 16 GiB each on a single socket on the same memory controller. There are two existing MemoryChunks, MC1 and MC2, for 100% persistent memory non-interleaved.
Goal: Reconfigure these two PMMs to be 100% persistent memory interleaved.
Solution: The client would first issue a DELETE request on MC1 and a separate DELETE request on MC2. This would create two New Tasks in the
TaskService. The client would then issue a POST request on the MemoryDomain’s Memory Chunk Collection. The POST body includes DIMMs A1 and A2 in the corresponding InterleaveSets
with an
Oem.Hpe.MemoryChunkSizePercentage
of 100% or a MemoryChunkSizeMiB
of 32GiB. This would result in three New Tasks in the TaskService queue to be consumed on
reboot. See details steps below:
- Delete MC1.
DELETE
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC1
- Delete MC2.
DELETE
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC2
- Create new configuration: Option 1 using MemoryChunkSizePercentage
POST
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks
{
"AddressRangeType": "PMEM",
"Oem": {
"Hpe": {
"MemoryChunkSizePercentage": 100
}
},
"InterleaveSets": [
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/A1/"
}
},
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/A2/"
}
}
]
}
- Create new configuration: Option 2 using MemoryChunkSizeMiB
POST
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks
{
"AddressRangeType": "PMEM",
"MemoryChunkSizeMiB": 32768,
"InterleaveSets": [
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/A1/"
}
},
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/A2/"
}
}
]
}
- Reboot system to apply changes staged in iLO as Tasks.
Example 2: Reconfigure to change Memory Provisioning on Two-Socket System
Start: Example configuration is two PMMs, A1 and A2, of 16GiB each on a single socket on the same memory controller. There are two existing MemoryChunks, MC1 and MC2, for 100% persistent memory non-interleaved. Also, two PMMs, B1 and B2, of 16GiB each on a single socket (separate than A1 and A2) on the same memory controller with two existing MemoryChunks, MC3 and MC4, for 100% persistent memory non-interleaved.
Goal: Reconfigure these four PMMs to be 50% persistent memory non-interleaved. The remaining 50% is volatile (memory mode).
Solution: The client would first issue separate DELETE requests on MC1, MC2, MC3, and MC4. This would create four New Tasks in the TaskService. The client would then issue a POST request on the Memory Chunk Collection of the MemoryDomain corresponding to A1 with A1 in the corresponding InterleaveSets
and an Oem.Hpe.MemoryChunkSizePercentage
of 50% or a MemoryChunkSizeMiB
of 16GiB. The client would repeat this POST request on the MemoryDomains corresponding to A2, B1, and B2 with each of those respective DIMMs in their own InterleaveSets
. This would result in eight New Tasks in the TaskService queue that would be consumed on reboot. See detailed steps below:
- Delete MC1.
DELETE
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC1
- Delete MC2.
DELETE
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC2
- Delete MC3.
DELETE
/redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks/MC3
- Delete MC4.
DELETE
/redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks/MC4
- Create new configuration using MemoryChunkSizePercentage for A1.
POST
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks
{
"AddressRangeType": "PMEM",
"Oem": {
"Hpe": {
"MemoryChunkSizePercentage": 50
}
},
"InterleaveSets": [
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/A1/"
}
}
]
}
- Create new configuration using MemoryChunkSizePercentage for A2.
POST
/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks
{
"AddressRangeType": "PMEM",
"Oem": {
"Hpe": {
"MemoryChunkSizePercentage": 50
}
},
"InterleaveSets": [
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/A2/"
}
}
]
}
- Create new configuration using MemoryChunkSizePercentage for B1.
POST
/redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks
{
"AddressRangeType": "PMEM",
"Oem": {
"Hpe": {
"MemoryChunkSizePercentage": 50
}
},
"InterleaveSets": [
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/B1/"
}
}
]
}
- Create new configuration using MemoryChunkSizePercentage for B2.
POST
/redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks
{
"AddressRangeType": "PMEM",
"Oem": {
"Hpe": {
"MemoryChunkSizePercentage": 50
}
},
"InterleaveSets": [
{
"Memory": {
"@odata.id": "/redfish/v1/Systems/1/Memory/B2/"
}
}
]
}
- Reboot system to apply changes staged in iLO as Tasks.
Managing Apollo Drive Bay Mapping
The HPE Apollo 2000 System with the HPE Apollo r2800 Chassis (including the Storage Expander Backplane) supports 24 SFF HPE SmartDrives. The SFF drive bays can be assigned to specific server nodes.
CAUTION: Changing the drive bay mapping configuration might cause data loss or data corruption. For example, consider a configuration with drive bays two through seven assigned to node 1, with the drives configured as a RAID0 volume. Data corruption might occur if you change the drive bay mapping so that the configured drives are no longer available.
Prerequisites
- HPE iLO 5 firmware 1.20 or later
- Storage enclosure processor firmware 1.00 or later
- Chassis firmware 1.2.10 or later
Getting host port topology details
The HostPortsInfo JSON object displays the node number and SAS controller associated with each server host port. Before you change the drive bay mapping, HPE recommends using the following REST API to view and understand the PortNumber mapping:
GET /redfish/v1/Chassis/1/AccHddService
This action returns the HostPortsInfo JSON object.
{
"HostPortsInfo": [
{
"NodeNumber": 1,
"PortNumber": 1,
"SlotNumber": 1
},
{
"NodeNumber": 2,
"PortNumber": 2,
"SlotNumber": 1
},
{
"NodeNumber": 3,
"PortNumber": 3,
"SlotNumber": 1
},
{
"NodeNumber": 4,
"PortNumber": 4,
"SlotNumber": 1
}
]
}
Getting current and pending drive bay mapping
GET /redfish/v1/Chassis/1/AccHddService/zone
This action returns the CurrentZoneConfiguration and PendingZoneConfiguration JSON objects.
The CurrentZoneConfiguration JSON object displays the current drive bay mapping in the chassis.
{
"CurrentZoneConfiguration": {
"HostPort": [
{
"BayNumber": [ 1, 2, 3, 4, 5, 6 ],
"PortNumber": 1
},
{
"BayNumber": [ 7, 8, 9, 10, 11, 12 ],
"PortNumber": 2
},
{
"BayNumber": [ 13, 14, 15, 16, 17, 18 ],
"PortNumber": 3
},
{
"BayNumber": [ 19, 20, 21, 22, 23, 24 ],
"PortNumber": 4
},
{
"PortNumber": null
}
]
}
}
Note: The value PortNumber null indicates that a drive bay is not assigned.
The PendingZoneConfiguration JSON object displays the pending drive bay mapping configuration. This configuration will not be applied until all nodes remain powered off for at least 5 seconds.
{
"PendingZoneConfiguration": {
"HostPort": [
{
"BayNumber": [ 1, 2, 3, 4 ],
"PortNumber": 1
},
{
"BayNumber": [ 7, 8, 9, 10 ],
"PortNumber": 2
},
{
"BayNumber": [ 13, 14, 15, 16 ],
"PortNumber": 3
},
{
"BayNumber": [ 19, 20, 21, 22 ],
"PortNumber": 4
},
{
"BayNumber": [ 5, 6, 11, 12, 17, 18, 23, 24 ],
"PortNumber": null
}
]
}
}
Note: The value PortNumber null indicates that a drive bay is not assigned.
Configuring drive bay mapping
You can make drive bay mapping configuration changes from any server node. The changes take effect when all server nodes in the Apollo 2000 system chassis are powered off and the Chassis firmware is able to reset the Storage Expander backplane. All nodes must remain powered off for at least 5 seconds after you initiate the configuration change.
The following example shows three drive bays assigned to each node.
POST /redfish/v1/Chassis/1/AccHddService/Zone/Actions/HpeServerAccHddZone.ConfigureZone
{
"HostPort": [
{
"BayNumber": [
1,
2,
3
],
"PortNumber": 1
},
{
"BayNumber": [
7,
8,
9
],
"PortNumber": 2
},
{
"BayNumber": [
13,
14,
15
],
"PortNumber": 3
},
{
"BayNumber": [
19,
20,
21
],
"PortNumber": 4
}
]
}
This action returns a response indicating that all server nodes in the chassis must remain powered off for at least 5 seconds for the changes to take effect.
{
"error": {
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageId": "iLO.2.9.ChassisResetRequired"
}
]
}
}
Setting drive bay mapping to the default configuration
The default configuration divides the 24 SFF drive bays by the number of server host ports in the Apollo 2000 Chassis. In a configuration with four 1U servers, the default drive bay configuration is six drive bays allocated to each of the four server slots. In a configuration with two 2U servers, the default drive bay configuration is 12 drive bays allocated to each of the two server slots.
POST an empty JSON object to URI to set drive bay mapping to the default configuration.
POST /redfish/v1/Chassis/1/AccHddService/Zone/Actions/HpeServerAccHddZone.LoadDefault
{}
This action returns a response indicating that all server nodes in the chassis must remain powered off for at least 5 seconds for the changes to take effect.
{
"error": {
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageId": "iLO.2.9.ChassisResetRequired"
}
]
}
}
Error messages and registries in the iLO RESTful API
HTTP response 400
{
"error": {
"@Message.ExtendedInfo": [
{
"MessageId": "iLO.0.9.InvalidLicenseKey"
}
],
"code": "iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information."
}
}
"InvalidLicenseKey": {
"Description": "The license key is not valid.",
"Message": "The license key is not valid.",
"Severity": "Warning",
"NumberOfArgs": 0,
"ParamTypes": [],
"Resolution": "Retry the operation using a valid license key."
}
Error messages appear in several places in the iLO RESTful API.
- An immediate response to an HTTP operation.
- A
SettingsResult
in the data model where other providers, such as BIOS, processed the settings at some point and want to communicate status in the model.
All error cases use a basic error JSON structure called ExtendedInfo
. The most important property in ExtendedInfo
is MessageId
, a string containing a lookup key into a message registry.
MessageId
helps to keep the iLO service small by keeping much of the explanatory text for an error out of the code. Instead, iLO supplies an ExtendedInfo
response, where the MessageId
provides enough information so that you can look up more details from another file.
For example, if you POST
to the iLO license service to install an iLO license, but you supply an incorrect LicenseKey
string, iLO responds with an error similar to the following:
HTTP response 400 is the standard RESTful API response to an error. In the example above, the error is easy to understand, but some errors are not easy to understand. To display a more meaningful error message, parse the string iLO.0.9.InvalidLicenseKey
into the following
components:
iLO.0.9
—This is the base name of the message registry to consult. Look for a matching registry file.InvalidLicenseKey
—This is the lookup key into the message registry.
The search returns a result similar to the following:
Many error messages can also return parameters. These parameters may be plugged into the strings in the registry to form detailed messages tailored to the instance of the error message.
RESTful Events and the Event Service
iLO 5 features an event subscription service that enables you to subscribe to receive notifications when the REST data changes or when certain alerts occur. These notifications are in the form of HTTPS POST operations to a URI of your choice.
The event service is located in the data model at /redfish/v1/EventService.
This resource includes
a link to a collection of subscriptions (called Subscriptions
located at
/redfish/v1/EventService/Subscriptions
).
Subscribing for Events examples
POST /redfish/v1/EventService/Subscriptions/
{
"Destination": "https://myeventreciever/eventreceiver",
"EventTypes": [
"ResourceAdded",
"ResourceRemoved",
"ResourceUpdated",
"StatusChange",
"Alert"
],
"HttpHeaders": {
"Header": "HeaderValue"
},
"Context": "context string",
"Oem": {
"Hpe": {
"DeliveryRetryIntervalInSeconds": 30,
"RequestedMaxEventsToQueue": 20,
"DeliveryRetryAttempts": 5,
"RetireOldEventInMinutes": 10
}
}
}
In order to receive events, you must provide an HTTPS server accessible to iLO’s network with a URI you designate as the target for iLO-initiated HTTPS POST operations.
Construct a JSON object conforming to the type ListenerDestination
(see example) and
POST this to the collection indicated by the Subscriptions
link at
/redfish/v1/EventService/Subscriptions.
If you receive an HTTP 201 Created
response, a new subscription has been added. Note that iLO does not test the destination URI
during this phase, so if the indicated URI is not valid, this will not be flagged until events are
emitted and the connection to the destination fails.
Example POST payload to create a new subscription
Much of the above content depends entirely upon your needs and setup:
Destination
must be an HTTPS URI accessible to iLO’s network.EventTypes
in the example is everything but you could remove types from the array.HttpHeaders
gives you an opportunity to specify any arbitrary HTTP headers you need for the event POST operation. Note that the subscription is readable via GET to an authorized iLO user.Context
may be any string.
Consult the ListenerDestination
schema for more details on each property. The subscription
will automatically expire after the TTL information specified and must be renewed.
Simple Network Management Protocol
HPE iLO supports the Simple Network Management Protocol (SNMP). SNMP traps are generated by Redfish events posted in the iLO Integrated Management Logs (IML). iLO SNMP Object Identifiers (OIDs) are defined in the HPE Systems Insight Manager (SIM) MIB update kit. To cross reference an SNMP trap with REST alerts information, see the REST alerts table in the iLO 5 user guide.
SNMP configuration
SNMPv3 configuration can only be performed when the SNMP is enabled. SNMPv1 configuration can only be performed when the SNMP and the SNMPv1 are enabled.
SNMP enablement
SNMP enablement is performed by setting the SNMP/ProtocolEnabled
property to true
under the Redfish standard ManagerNetworkProtocol
URI.
PATCH /redfish/v1/Managers/1/NetworkProtocol
{
"SNMP": {
"ProtocolEnabled": true
}
}
SNMP ports configuration
The SNMP default port number (161) can be modified with a PATCH request of the SNMP/Port
property under the Redfish standard ManagerNetworkProtocol
URI.
The SNMP default trap port (162) can be modified with a PATCH request of the OEM/Hpe/SNMPTrapPort
property under the ManagerNetworkProtocol
URI.
PATCH /redfish/v1/Managers/1/NetworkProtocol
"Port": <integer>,
"Oem": {
"Hpe": {
"SNMPTrapPort": <integer>
}
}
SNMPv1 enablement
SNMPv1 is enabled when the SNMPv1Enabled
key is set to true
, under the redfish/v1/Managers/1/SNMPServices
URI. An iLO reset is required when a PATCH request is performed on that property.
PATCH /redfish/v1/Managers/1/SnmpService
{
"SNMPv1Enabled": true,
"SNMPv1RequestEnabled" : true,
"SNMPv1TrapEnabled" : true
}
SNMP settings
General SNMP settings can be set in under the redfish/v1/Managers/1/SNMPServices
URI.
PATCH /redfish/v1/Managers/1/SnmpService
{
"Location": "My Location",
"Contact": "Contact Name",
"Role": "My role",
"RoleDetail": "My role details",
"ReadCommunities": [
"communitystring1",
"communitystring2",
"communitystring3"
]
}
SNMPv3 settings
Specific SNMPv3 settings can be provided under the redfish/v1/Managers/1/SNMPServices
URI.
PATCH /redfish/v1/Managers/1/SnmpService
{
"SNMPv3EngineID": "0x8000000001020304",
"SNMPv3InformRetryAttempt": 2,
"SNMPv3InformRetryIntervalSeconds": 15
}
SNMP alerts
SNMP alerts properties can be set under the redfish/v1/Managers/1/SNMPServices
URI.
iLO5 2.90 onwards, the following properties have been added:
- SNMPv1RequestsEnabled
: Enables iLO to receive external SNMPv1 requests.
- SNMPv1TrapEnabled
: Enables iLO to send SNMPv1 traps to the remote management systems configured in the alert destination.
- SNMPv3RequestsEnabled
: Enables iLO to receive external SNMPv3 requests.
- SNMPv3TrapEnabled
: Enables iLO to send SNMPv3 traps to the remote management systems configured in the alert destination.
NOTE:
- SNMPv1Enabled
enables both SNMPv1RequestsEnabled
and SNMPv1TrapEnabled
.
- AlertsEnabled
enables both SNMPv1TrapEnabled
and SNMPv3TrapEnabled
.
- Enabling either SNMPv1RequestsEnabled
or SNMPv1TrapEnabled
will enable SNMPv1Enabled
.
- Enabling either SNMPv1TrapEnabled
or SNMPv3TrapEnabled
will enable AlertsEnabled
.
PATCH /redfish/v1/Managers/1/SnmpService
{
"TrapSourceHostname": "Manager",
"AlertsEnabled": true,
"SNMPv1Enabled": false,
"Oem": {
"Hpe": {
"SNMPColdStartTrapBroadcast": false
}
},
"PeriodicHSATrapConfig": "Disabled"
}
SNMP alert destinations
NOTE:
- The SNMPv1TrapEnabled
option is available when SNMPv1TrapEnabled
is enabled in the SNMP Alerts section.
- The SNMPv3TrapEnabled
option is available when SNMPv3TrapEnabled
is enabled in the SNMP Alerts section and at least one SNMPv3 user is configured.
- The SNMPv3Inform
option is available when at least one SNMPv3 user is configured.
Add an SNMP alert destination with a POST request in the HpeSNMPAlertDestinationCollection
URI.
POST redfish/v1/Managers/1/SnmpService/SNMPAlertDestinations
{
"AlertDestination": "192.168.87.41",
"SNMPAlertProtocol": "SNMPv1Trap",
"TrapCommunity": "public"
}
SNMPv3 users
NOTE:
SNMPv3 users is available only if the SNMP Protocol is set to SNMPv3TrapEnabled
or SNMPv3Inform
.
SNMPv3 users can be managed under the HpeSNMPUsersCollection
URI.
Add an SNMP user: POST /redfish/v1/Managers/1/SnmpService/SNMPUsers
{
"SecurityName": "snmpuser",
"AuthProtocol": "SHA",
"AuthPassphrase": "myauthpassword",
"PrivacyProtocol": "AES",
"PrivacyPassphrase": "myPrivacyPassphrase",
"UserEngineID": "0x8000000001020304"
}
Delete an SNMP user: DELETE /redfish/v1/Managers/1/SnmpService/SNMPUsers/2
Send test alerts
Test alerts can be sent to alert destinations using a POST request towards HpeiLOSnmpService.SendSNMPTestAlert
under the redfish/v1/Managers/1/SNMPServices
URI with an empty body.
POST /redfish/v1/Managers/1/SnmpService/Actions/HpeiLOSnmpService.SendSNMPTestAlert/
{}
Using the RESTful Interface Tool
Although not a requirement, you can use the RESTful Interface Tool with the RESTful API. This command line tool provides a level of abstraction and convenience above direct access to the RESTful API. For more information, see: http://www.hpe.com/info/resttool.
Client Best Practices
When developing a client for the RESTful API, be sure to not code based upon assumptions that are not guaranteed. The reason avoiding these assumptions is so important is that implementations may vary across systems and firmware versions, and we want your code to work consistently.
API Architecture
The RESTful API is a hypermedia API by design. This is to avoid building in restrictive assumptions to the data model that will make it difficult to adapt to future hardware implementations. A hypermedia API avoids these assumptions by making the data model discoverable via links between resources.
The client should not interact with a URI as if it will remain static. Only specific top-level URIs (any URI in this sample code) can be assumed as static.
All URIs, with the exception of known top-level URIs, must be discovered dynamically by following the href links in the data model. Clients should not make assumptions about the URIs for the resource members of a collection. For instance, the URI of a collection member will NOT always be /redfish/v1/.../collection/1
, or 2.
Traversing the data model
Although the resources in the data model are linked together, because of cross link references between resources, a client may not assume the resource model is a tree. It is a graph instead, so any crawl of the data model should keep track of visited resources to avoid an infinite traversal loop.
A reference to another resource is any property called href (@odata.id in Redfish) no matter where it occurs in a resource.
An external reference to a resource outside the data model is referred to by a property called “extref”. Any resource referred to by extref should not be assumed to follow the conventions of the API.
HTTP POST to Create
When POSTing to create a resource (e.g. create an account or session), a successful response includes a Location HTTP header indicating the resource URI of the newly created resource. The POST may also include a representation of the newly created object in a JSON response body but may not. Do not assume the response body, but test it. It may also be an ExtendedError object.
HTTP Redirect
All clients must correctly handle HTTP redirect (for example, 308, 301, and so on.) iLO 5 will use redirection as a way to alias portions of the data model and to migrate the data model to the Redfish specified URIs (for example, /redfish/…).
Errata
EthernetInterfaces for ComputerSystem
In iLO 5 1.10, the link (@odata.id) to the EthernetInterfacesCollection is in the wrong location in the ComputerSystem resource. It should be a link directly from the root of the resource.
{
"EthernetInterfaces": {
"@odata.id": "<link>"
}
}
In iLO 5 1.10 it is instead in the Hpe OEM sub-object:
{
"Oem": {
"Hpe": {
"EthernetInterfaces": {
"@odata.id": "<link>"
}
}
}
}
Future iLO 5 firmware will correct this by adding the additional corrected link.
Other Web Resources
Redfish DMTF standard at http://www.dmtf.org/standards/redfish.
HPE RESTful API Home page: http://www.hpe.com/info/restfulapi.
Example Python code: https://github.com/HewlettPackard/python-ilorest-library.
Resource Map
URI | Type |
---|---|
/redfish/v1/ |
ServiceRoot |
/redfish/v1/AccountService |
AccountService |
/redfish/v1/AccountService/Accounts |
Collection of ManagerAccount |
/redfish/v1/AccountService/Accounts/{item} |
ManagerAccount |
/redfish/v1/AccountService/DirectoryTest |
HpeDirectoryTest |
/redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates |
Collection of Certificate |
/redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/{item} |
Certificate |
/redfish/v1/AccountService/Roles |
Collection of Role |
/redfish/v1/AccountService/Roles/{item} |
Role |
/redfish/v1/AccountService/UserCertificateMapping |
Collection of HpeiLOAccountCertificateMap |
/redfish/v1/AccountService/UserCertificateMapping/{item} |
HpeiLOAccountCertificateMap |
/redfish/v1/CertificateService |
CertificateService |
/redfish/v1/CertificateService/CertificateLocations |
CertificateLocations |
/redfish/v1/Chassis |
Collection of Chassis |
/redfish/v1/Chassis/{item} |
Chassis |
/redfish/v1/Chassis/{item}/AccHddService |
HpeServerAccHddService |
/redfish/v1/Chassis/{item}/AccHddService/Zone |
HpeServerAccHddZone |
/redfish/v1/Chassis/{item}/Devices |
Collection of HpeServerDevice |
/redfish/v1/Chassis/{item}/Devices/{item} |
HpeServerDevice |
/redfish/v1/Chassis/{item}/NetworkAdapters |
Collection of NetworkAdapter |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item} |
NetworkAdapter |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkDeviceFunctions |
Collection of NetworkDeviceFunction |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkDeviceFunctions/{item} |
NetworkDeviceFunction |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkDeviceFunctions/{item}/Settings |
NetworkDeviceFunction |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts |
Collection of NetworkPort |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item} |
NetworkPort |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item}/HpeEVB |
HpeNetworkPortEVB |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item}/HpeLLDP |
HpeNetworkPortLLDP |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item}/Settings |
NetworkPort |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Ports |
Collection of Port |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Ports/{item} |
Port |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Ports/{item}/Settings |
Port |
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Settings |
NetworkAdapter |
/redfish/v1/Chassis/{item}/Power |
Power |
/redfish/v1/Chassis/{item}/Power/AccPowerService |
HpeServerAccPowerService |
/redfish/v1/Chassis/{item}/Power/AccPowerService/Calibration |
HpeServerAccPowerCalibration |
/redfish/v1/Chassis/{item}/Power/AccPowerService/NodesInfo |
HpeServerAccPowerNodesInfo |
/redfish/v1/Chassis/{item}/Power/AccPowerService/PowerLimit |
HpeServerAccPowerLimit |
/redfish/v1/Chassis/{item}/Power/AccPowerService/Zone |
HpeServerAccPowerZone |
/redfish/v1/Chassis/{item}/Power/FastPowerMeter |
HpePowerMeter |
/redfish/v1/Chassis/{item}/Power/FederatedGroupCapping |
HpeiLOFederatedGroupCapping |
/redfish/v1/Chassis/{item}/Power/PowerMeter |
HpePowerMeter |
/redfish/v1/Chassis/{item}/Thermal |
Thermal |
/redfish/v1/EventService |
EventService |
/redfish/v1/EventService/CACertificates |
Collection of HpeCertificate |
/redfish/v1/EventService/CACertificates/{item} |
HpeCertificate |
/redfish/v1/EventService/Subscriptions |
Collection of EventDestination |
/redfish/v1/EventService/Subscriptions/{item} |
EventDestination |
/redfish/v1/JsonSchemas |
Collection of JsonSchemaFile |
/redfish/v1/JsonSchemas/{item} |
JsonSchemaFile |
/redfish/v1/Managers |
Collection of Manager |
/redfish/v1/Managers/{item} |
Manager |
/redfish/v1/Managers/{item}/ActiveHealthSystem |
HpeiLOActiveHealthSystem |
/redfish/v1/Managers/{item}/BackupRestoreService |
HpeiLOBackupRestoreService |
/redfish/v1/Managers/{item}/BackupRestoreService/BackupFiles |
Collection of HpeiLOBackupFile |
/redfish/v1/Managers/{item}/BackupRestoreService/BackupFiles/{item} |
HpeiLOBackupFile |
/redfish/v1/Managers/{item}/DateTime |
HpeiLODateTime |
/redfish/v1/Managers/{item}/EmbeddedMedia |
HpeiLOEmbeddedMedia |
/redfish/v1/Managers/{item}/EthernetInterfaces |
Collection of EthernetInterface |
/redfish/v1/Managers/{item}/EthernetInterfaces/{item} |
EthernetInterface |
/redfish/v1/Managers/{item}/FederationGroups |
Collection of HpeiLOFederationGroup |
/redfish/v1/Managers/{item}/FederationGroups/{item} |
HpeiLOFederationGroup |
/redfish/v1/Managers/{item}/FederationPeers |
Collection of HpeiLOFederationPeers |
/redfish/v1/Managers/{item}/FederationPeers/{item} |
HpeiLOFederationPeers |
/redfish/v1/Managers/{item}/HostInterfaces |
Collection of HostInterface |
/redfish/v1/Managers/{item}/HostInterfaces/{item} |
HostInterface |
/redfish/v1/Managers/{item}/LicenseService |
Collection of HpeiLOLicense |
/redfish/v1/Managers/{item}/LicenseService/{item} |
HpeiLOLicense |
/redfish/v1/Managers/{item}/LogServices |
Collection of LogService |
/redfish/v1/Managers/{item}/LogServices/IEL |
LogService |
/redfish/v1/Managers/{item}/LogServices/IEL/Entries |
Collection of LogEntry |
/redfish/v1/Managers/{item}/LogServices/IEL/Entries/{item} |
LogEntry |
/redfish/v1/Managers/{item}/NetworkProtocol |
ManagerNetworkProtocol |
/redfish/v1/Managers/{item}/RemoteSupportService |
HpeRemoteSupport |
/redfish/v1/Managers/{item}/RemoteSupportService/ServiceEventLogs |
Collection of LogEntry |
/redfish/v1/Managers/{item}/RemoteSupportService/ServiceEventLogs/{item} |
LogEntry |
/redfish/v1/Managers/{item}/SecurityService |
HpeSecurityService |
/redfish/v1/Managers/{item}/SecurityService/AutomaticCertificateEnrollment |
HpeAutomaticCertEnrollment |
/redfish/v1/Managers/{item}/SecurityService/CertificateAuthentication |
HpeCertAuth |
/redfish/v1/Managers/{item}/SecurityService/CertificateAuthentication/CACertificates |
Collection of HpeCertificate |
/redfish/v1/Managers/{item}/SecurityService/CertificateAuthentication/CACertificates/{item} |
HpeCertificate |
/redfish/v1/Managers/{item}/SecurityService/ESKM |
HpeESKM |
/redfish/v1/Managers/{item}/SecurityService/HttpsCert |
HpeHttpsCert |
/redfish/v1/Managers/{item}/SecurityService/PlatformCert/Certificates |
Collection of Certificate |
/redfish/v1/Managers/{item}/SecurityService/PlatformCert/Certificates/{item} |
Certificate |
/redfish/v1/Managers/{item}/SecurityService/SSO |
HpeiLOSSO |
/redfish/v1/Managers/{item}/SecurityService/SecurityDashboard |
HpeiLOSecurityDashboard |
/redfish/v1/Managers/{item}/SecurityService/SecurityDashboard/SecurityParams |
Collection of HpeiLOSecurityParam |
/redfish/v1/Managers/{item}/SecurityService/SecurityDashboard/SecurityParams/{item} |
HpeiLOSecurityParam |
/redfish/v1/Managers/{item}/SecurityService/SystemIAK/Certificates |
Collection of Certificate |
/redfish/v1/Managers/{item}/SecurityService/SystemIAK/Certificates/{item} |
Certificate |
/redfish/v1/Managers/{item}/SecurityService/SystemIDevID/Certificates |
Collection of Certificate |
/redfish/v1/Managers/{item}/SecurityService/SystemIDevID/Certificates/{item} |
Certificate |
/redfish/v1/Managers/{item}/SecurityService/iLOIDevID/Certificates |
Collection of Certificate |
/redfish/v1/Managers/{item}/SecurityService/iLOIDevID/Certificates/{item} |
Certificate |
/redfish/v1/Managers/{item}/SecurityService/iLOLDevID/Certificates |
Collection of Certificate |
/redfish/v1/Managers/{item}/SecurityService/iLOLDevID/Certificates/{item} |
Certificate |
/redfish/v1/Managers/{item}/SerialInterfaces |
Collection of SerialInterface |
/redfish/v1/Managers/{item}/SerialInterfaces/{item} |
SerialInterface |
/redfish/v1/Managers/{item}/SnmpService |
HpeiLOSnmpService |
/redfish/v1/Managers/{item}/SnmpService/SNMPAlertDestinations |
Collection of HpeSNMPAlertDestination |
/redfish/v1/Managers/{item}/SnmpService/SNMPAlertDestinations/{item} |
HpeSNMPAlertDestination |
/redfish/v1/Managers/{item}/SnmpService/SNMPUsers |
Collection of HpeSNMPUser |
/redfish/v1/Managers/{item}/SnmpService/SNMPUsers/{item} |
HpeSNMPUser |
/redfish/v1/Managers/{item}/VirtualMedia |
Collection of VirtualMedia |
/redfish/v1/Managers/{item}/VirtualMedia/{item} |
VirtualMedia |
/redfish/v1/Registries |
Collection of MessageRegistryFile |
/redfish/v1/Registries/{item} |
MessageRegistryFile |
/redfish/v1/ResourceDirectory |
HpeiLOResourceDirectory |
/redfish/v1/SessionService |
SessionService |
/redfish/v1/SessionService/Sessions |
Collection of Session |
/redfish/v1/SessionService/Sessions/{item} |
Session |
/redfish/v1/Systems |
Collection of ComputerSystem |
/redfish/v1/Systems/{item} |
ComputerSystem |
/redfish/v1/Systems/{item}/BaseNetworkAdapters |
Collection of HpeBaseNetworkAdapter |
/redfish/v1/Systems/{item}/BaseNetworkAdapters/{item} |
HpeBaseNetworkAdapter |
/redfish/v1/Systems/{item}/Bios |
Bios |
/redfish/v1/Systems/{item}/Bios/Kmsconfig/Baseconfigs |
HpeBaseConfigs |
/redfish/v1/Systems/{item}/Bios/Kmsconfig/Settings |
HpeKmsConfig |
/redfish/v1/Systems/{item}/Bios/Serverconfiglock/Baseconfigs |
HpeBaseConfigs |
/redfish/v1/Systems/{item}/Bios/Serverconfiglock/Settings |
HpeServerConfigLock |
/redfish/v1/Systems/{item}/Bios/Settings |
Bios |
/redfish/v1/Systems/{item}/Bios/baseconfigs |
HpeBaseConfigs |
/redfish/v1/Systems/{item}/Bios/boot |
HpeServerBootSettings |
/redfish/v1/Systems/{item}/Bios/boot/Settings |
HpeServerBootSettings |
/redfish/v1/Systems/{item}/Bios/boot/baseconfigs |
HpeBaseConfigs |
/redfish/v1/Systems/{item}/Bios/hpescalablepmem |
HpeScalablePmem |
/redfish/v1/Systems/{item}/Bios/hpescalablepmem/Settings |
HpeScalablePmem |
/redfish/v1/Systems/{item}/Bios/iscsi |
HpeiSCSISoftwareInitiator |
/redfish/v1/Systems/{item}/Bios/iscsi/Settings |
HpeiSCSISoftwareInitiator |
/redfish/v1/Systems/{item}/Bios/iscsi/baseconfigs |
HpeBaseConfigs |
/redfish/v1/Systems/{item}/Bios/mappings |
HpeBiosMapping |
/redfish/v1/Systems/{item}/Bios/tlsconfig |
HpeTlsConfig |
/redfish/v1/Systems/{item}/Bios/tlsconfig/Settings |
HpeTlsConfig |
/redfish/v1/Systems/{item}/Bios/tlsconfig/baseconfigs |
HpeBaseConfigs |
/redfish/v1/Systems/{item}/BootOptions |
Collection of BootOption |
/redfish/v1/Systems/{item}/BootOptions/{item} |
BootOption |
/redfish/v1/Systems/{item}/EthernetInterfaces |
Collection of EthernetInterface |
/redfish/v1/Systems/{item}/EthernetInterfaces/{item} |
EthernetInterface |
/redfish/v1/Systems/{item}/LogServices |
Collection of LogService |
/redfish/v1/Systems/{item}/LogServices/DPU |
LogService |
/redfish/v1/Systems/{item}/LogServices/DPU/Entries |
Collection of LogEntry |
/redfish/v1/Systems/{item}/LogServices/DPU/Entries/{item} |
LogEntry |
/redfish/v1/Systems/{item}/LogServices/Event |
LogService |
/redfish/v1/Systems/{item}/LogServices/Event/Entries |
Collection of LogEntry |
/redfish/v1/Systems/{item}/LogServices/Event/Entries/{item} |
LogEntry |
/redfish/v1/Systems/{item}/LogServices/IML |
LogService |
/redfish/v1/Systems/{item}/LogServices/IML/Entries |
Collection of LogEntry |
/redfish/v1/Systems/{item}/LogServices/IML/Entries/{item} |
LogEntry |
/redfish/v1/Systems/{item}/LogServices/SL |
LogService |
/redfish/v1/Systems/{item}/LogServices/SL/Entries |
Collection of LogEntry |
/redfish/v1/Systems/{item}/LogServices/SL/Entries/{item} |
LogEntry |
/redfish/v1/Systems/{item}/Memory |
Collection of Memory |
/redfish/v1/Systems/{item}/Memory/{item} |
Memory |
/redfish/v1/Systems/{item}/MemoryDomains |
Collection of MemoryDomain |
/redfish/v1/Systems/{item}/MemoryDomains/{item} |
MemoryDomain |
/redfish/v1/Systems/{item}/MemoryDomains/{item}/MemoryChunks |
Collection of MemoryChunks |
/redfish/v1/Systems/{item}/MemoryDomains/{item}/MemoryChunks/{item} |
MemoryChunks |
/redfish/v1/Systems/{item}/NetworkInterfaces |
Collection of NetworkInterface |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item} |
NetworkInterface |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkDeviceFunctions |
Collection of NetworkDeviceFunction |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkDeviceFunctions/{item} |
NetworkDeviceFunction |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts |
Collection of NetworkPort |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item} |
NetworkPort |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item}/HpeEVB |
HpeNetworkPortEVB |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item}/HpeLLDP |
HpeNetworkPortLLDP |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item}/Settings |
NetworkPort |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/Ports |
Collection of Port |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/Ports/{item} |
Port |
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/Ports/{item}/Settings |
Port |
/redfish/v1/Systems/{item}/PCIDevices |
Collection of HpeServerPciDevice |
/redfish/v1/Systems/{item}/PCIDevices/{item} |
HpeServerPciDevice |
/redfish/v1/Systems/{item}/PCISlots |
Collection of HpeServerPCISlot |
/redfish/v1/Systems/{item}/PCISlots/{item} |
HpeServerPCISlot |
/redfish/v1/Systems/{item}/Processors |
Collection of Processor |
/redfish/v1/Systems/{item}/Processors/{item} |
Processor |
/redfish/v1/Systems/{item}/SecureBoot |
SecureBoot |
/redfish/v1/Systems/{item}/SmartStorage |
HpeSmartStorage |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers |
Collection of HpeSmartStorageArrayController |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item} |
HpeSmartStorageArrayController |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives |
Collection of HpeSmartStorageDiskDrive |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives/{item} |
HpeSmartStorageDiskDrive |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives |
Collection of HpeSmartStorageLogicalDrive |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item} |
HpeSmartStorageLogicalDrive |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item}/DataDrives |
Collection of HpeSmartStorageDiskDrive |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures |
Collection of HpeSmartStorageStorageEnclosure |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures/{item} |
HpeSmartStorageStorageEnclosure |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/UnconfiguredDrives |
Collection of HpeSmartStorageDiskDrive |
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/UnconfiguredDrives/{item} |
HpeSmartStorageDiskDrive |
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters |
Collection of HpeSmartStorageHostBusAdapter |
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters/{item} |
HpeSmartStorageHostBusAdapter |
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters/{item}/DiskDrives |
Collection of HpeSmartStorageDiskDrive |
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters/{item}/DiskDrives/{item} |
HpeSmartStorageDiskDrive |
/redfish/v1/Systems/{item}/SmartStorageConfig |
SmartStorageConfig |
/redfish/v1/Systems/{item}/SmartStorageConfig/Settings |
SmartStorageConfig |
/redfish/v1/Systems/{item}/Storage |
Collection of Storage |
/redfish/v1/Systems/{item}/Storage/{item}/Controllers/ |
Collection of StorageController |
/redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item} |
StorageController |
/redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item}/Ports/{item} |
Port |
/redfish/v1/Systems/{item}/Storage/{item}/StorageControllers/{item}/Ports/{item} |
Port |
/redfish/v1/Systems/{item}/USBDevices |
Collection of HpeUSBDevice |
/redfish/v1/Systems/{item}/USBDevices/{item} |
HpeUSBDevice |
/redfish/v1/Systems/{item}/USBPorts |
Collection of HpeUSBPort |
/redfish/v1/Systems/{item}/USBPorts/{item} |
HpeUSBPort |
/redfish/v1/Systems/{item}/WorkloadPerformanceAdvisor |
Collection of HpeWorkloadPerformanceAdvisor |
/redfish/v1/Systems/{item}/WorkloadPerformanceAdvisor/{item} |
HpeWorkloadPerformanceAdvisor |
/redfish/v1/TaskService |
TaskService |
/redfish/v1/TaskService/Tasks |
Collection of Task |
/redfish/v1/TaskService/Tasks/{item} |
Task |
/redfish/v1/TelemetryService |
TelemetryService |
/redfish/v1/TelemetryService/MetricDefinitions |
Collection of MetricDefinition |
/redfish/v1/TelemetryService/MetricDefinitions/{item} |
MetricDefinition |
/redfish/v1/TelemetryService/MetricReportDefinitions |
Collection of MetricReportDefinition |
/redfish/v1/TelemetryService/MetricReportDefinitions/{item} |
MetricReportDefinition |
/redfish/v1/TelemetryService/MetricReports/{item} |
MetricReport |
/redfish/v1/TelemetryService/MetricsReport |
Collection of MetricReport |
/redfish/v1/TelemetryService/Triggers |
Collection of Triggers |
/redfish/v1/TelemetryService/Triggers/{item} |
Triggers |
/redfish/v1/UpdateService |
UpdateService |
/redfish/v1/UpdateService/ComponentRepository |
Collection of HpeComponent |
/redfish/v1/UpdateService/ComponentRepository/{item} |
HpeComponent |
/redfish/v1/UpdateService/FirmwareInventory |
Collection of SoftwareInventory |
/redfish/v1/UpdateService/FirmwareInventory/{item} |
SoftwareInventory |
/redfish/v1/UpdateService/InstallSets |
Collection of HpeComponentInstallSet |
/redfish/v1/UpdateService/InstallSets/{item} |
HpeComponentInstallSet |
/redfish/v1/UpdateService/InvalidImageRepository |
Collection of HpeInvalidImage |
/redfish/v1/UpdateService/InvalidImageRepository/{item} |
HpeInvalidImage |
/redfish/v1/UpdateService/MaintenanceWindows |
Collection of HpeMaintenanceWindow |
/redfish/v1/UpdateService/MaintenanceWindows/{item} |
HpeMaintenanceWindow |
/redfish/v1/UpdateService/SoftwareInventory |
Collection of SoftwareInventory |
/redfish/v1/UpdateService/SoftwareInventory/{item} |
SoftwareInventory |
/redfish/v1/UpdateService/UpdateTaskQueue |
Collection of HpeComponentUpdateTask |
/redfish/v1/UpdateService/UpdateTaskQueue/{item} |
HpeComponentUpdateTask |
/redfish/v1/systems/{item}/bios/Kmsconfig |
HpeKmsConfig |
/redfish/v1/systems/{item}/bios/Serverconfiglock |
HpeServerConfigLock |
redfish/v1/Chassis/{item}/BaseFrus |
Collection of HpeiLOFrus |
redfish/v1/Chassis/{item}/BaseFrus/{item} |
HpeiLOFrus |
redfish/v1/Chassis/{item}/BaseFrus/{item}/Details |
HpeiLOFrus |
redfish/v1/Chassis/{item}/MezzFrus |
Collection of HpeiLOFrus |
redfish/v1/Chassis/{item}/MezzFrus/{item} |
HpeiLOFrus |
redfish/v1/Chassis/{item}/MezzFrus/{item}/Details |
HpeiLOFrus |
redfish/v1/Chassis/{item}/PCIeDevices |
Collection of PCIeDevice |
redfish/v1/Chassis/{item}/PCIeDevices/{item} |
PCIeDevice |
redfish/v1/Chassis/{item}/PCIeDevices/{item}/PCIeFunctions |
Collection of PCIeFunction |
redfish/v1/Chassis/{item}/PCIeDevices/{item}/PCIeFunctions/{item} |
PCIeFunction |
redfish/v1/Chassis/{item}/PCIeSlots |
PCIeSlots |
redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkDeviceFunctions/{item}/Settings |
NetworkDeviceFunction |
redfish/v1/Systems/{item}/SecureEraseReportService |
HpeSecureEraseReportService |
redfish/v1/Systems/{item}/SecureEraseReportService/SecureEraseReportEntries |
Collection of HpeSecureEraseReport |
redfish/v1/Systems/{item}/SecureEraseReportService/SecureEraseReportEntries/{item} |
HpeSecureEraseReport |
redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item}/ActiveSpareDrives |
Collection of HpeSmartStorageDiskDrive |
redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item}/StandbySpareDrives |
Collection of HpeSmartStorageDiskDrive |
redfish/v1/Systems/{item}/Storage/{item} |
Storage |
redfish/v1/Systems/{item}/Storage/{item}/Drives/{item} |
Drive |
redfish/v1/Systems/{item}/Storage/{item}/Volumes |
Collection of Volume |
redfish/v1/Systems/{item}/Storage/{item}/Volumes/{item} |
Volume |
Resource Definitions
Each resource in the API has a “type” that defines its properties. See the Redfish specification for @odata.type
for details.
This section defines the supported types and lists the typical instances of each. Because this API document is applicable to all HPE servers using iLO 5, you may find variations such as:
- properties implemented on one type of server and not another
- resources that are read only on one type of server and not another
- The number of resources of a particular type (for example, multiple compute nodes or enclosing chassis)
Collections
Many resource types in the API are members of “collections.” Collections are groups of similar resources and are typically an array of Member links.
Redfish does not define a generic collection “type” (@odata.type) but all collections are identical in structure. A ComputerSystemCollection
is identical in structure to a ChassisCollection
although they have slightly different names. Typically, collection types are suffixed with the word collection and are recognizable by the presence of the Members
array of links.
Collections may be GET-only that may not be added to or removed from. Examples of GET-only collections are the Systems collection at /redfish/v1/systems/
. In a typical systems collection describing physical hardware, it wouldn’t make sense to be able to create or remove members using GET or DELETE.
Other collections may be editable. Examples of these might be the Accounts collection at /redfish/v1/accountservice/accounts
. The API supports the addition or removal of user accounts. To add a new member to an editable collection, perform an HTTP POST to the collection resource with a body consisting of the required JSON properties needed to create a new member (this does not necessarily require you to POST every property because many may take a unique service-assigned value or take a default value.)
For more information on collections see the Redfish 1.0 DMTF standard at https://www.dmtf.org/standards/redfish and the example Python code: https://github.com/HewlettPackard/python-ilorest-library.
GET https://{iLO}/redfish/v1/systems/ showing a collection response (JSON)
{
"@odata.id": "/redfish/v1/systems/",
"@odata.context": "/redfish/v1/$metadata/",
"@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
"Members@odata.count": 1,
"Members": [
{
"@odata.id": "/redfish/v1/systems/1/"
}
]
}
Properties
Collection Instances:
https://{iLO}/redfish/v1/AccountService/Accounts
https://{iLO}/redfish/v1/Chassis
https://{iLO}/redfish/v1/EventService/EventSubscriptions
https://{iLO}/redfish/v1/Managers
https://{iLO}/redfish/v1/Managers/{item}/EthernetInterfaces
https://{iLO}/redfish/v1/Managers/{item}/FederationGroups
https://{iLO}/redfish/v1/Managers/{item}/FederationPeers
https://{iLO}/redfish/v1/Managers/{item}/LicenseService
https://{iLO}/redfish/v1/Managers/{item}/LogServices
https://{iLO}/redfish/v1/Managers/{item}/LogServices/IEL/Entries
https://{iLO}/redfish/v1/Managers/{item}/VirtualMedia
https://{iLO}/redfish/v1/Registries
https://{iLO}/redfish/v1/Schemas
https://{iLO}/redfish/v1/SessionService/Sessions
https://{iLO}/redfish/v1/Systems
https://{iLO}/redfish/v1/Systems/{item}/LogServices
https://{iLO}/redfish/v1/Systems/{item}/LogServices/IML/Entries
https://{iLO}/redfish/v1/Systems/{item}/Memory
https://{iLO}/redfish/v1/Systems/{item}/NetworkAdapters
https://{iLO}/redfish/v1/Systems/{item}/PCIDevices
https://{iLO}/redfish/v1/Systems/{item}/PCISlots
https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers
https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives
https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives
https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures
https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters
Members@odata.count
JSONPath: /Members@odata.count
(read only integer)
The number of members in the collection.
Members[]
JSONPath: /Members
(read only array of links)
The Members array consists of links (@odata.id
) to the members of the collection.
AccountService.v1_5_0.AccountService
@odata.type: "#AccountService.v1_5_0.AccountService"
The AccountService resource describes the BMC user account management service. It represents the properties for this service and has links to the list of accounts.
Managing User Accounts with the Accounts Collection
JSONPath: /Accounts/@odata.id
The destination of this link is a collection of user accounts (see ManagerAccount).
- You may create a new user account by POSTing a new account description the the Accounts collection. See ManagerAccount for details.
> e.g.
POST https://{iLO}/redfish/v1/accountservice/accounts/ with new account description
- You may modify an existing user by PATCHing properties to the user account resource. See ManagerAccount for details.
> e.g.
PATCH https://{iLO}/redfish/v1/accountservice/accounts/{item} with different properties
- You may remove a user account by DELETEing the resources representing the user
> e.g.
DELETE https://{iLO}/redfish/v1/accountservice/accounts/{item}
Resource Instances
Uri | HTTP Allow |
---|---|
/redfish/v1/accountservice |
GET POST PATCH |
Links to other Resources
Link Name | Destination type |
---|---|
Accounts |
Collection of ManagerAccount |
AccountLockoutCounterResetAfter
Member of AccountService.v1_5_0.AccountService
Description | The interval of time in seconds between the last failed login attempt and reset of the lockout threshold counter. This value must be less than or equal to AccountLockoutDuration. Reset sets the counter to zero. |
Type | number |
Read Only | True |
Added | iLO 5 1.40 |
AccountLockoutCounterResetEnabled
Member of AccountService.v1_5_0.AccountService
Description | The value indicates whether the threshold counter will be reset after AccountLockoutCounterResetAfter expires. |
Type | boolean |
Read Only | True |
AccountLockoutDuration
Member of AccountService.v1_5_0.AccountService
Description | The time in seconds an account is locked out. The value must be greater than or equal to the value of the AccountLockoutCounterResetAfter property. If set to 0, no lockout occurs. |
Type | number or null |
Read Only | False |
Added | iLO 5 1.40 |
AccountLockoutThreshold
Member of AccountService.v1_5_0.AccountService
Description | The number of failed login attempts allowed before a user account is locked for a specified duration. A value of 0 means it is never locked. |
Type | number or null |
Read Only | False |
Added | iLO 5 1.40 |
Accounts
This property references a resource of type Collection with a MemberType of ManagerAccount.
Accounts is a link ("@odata.id": URI
) to another resource.
ActiveDirectory
ActiveDirectory.AccountProviderType Member of AccountService.v1_5_0.AccountService
Description | This property contains the type of external account provider this resource references. |
Type | string |
Read Only | False |
Added | iLO 5 1.40 |
The following are the supported values:
Value | Description |
---|---|
ActiveDirectoryService |
An external Active Directory Service. |
ActiveDirectory.Authentication ActiveDirectory.Authentication.AuthenticationType Member of AccountService.v1_5_0.AccountService
Description | This property contains the type of authentication used to connect to the external account provider. |
Type | string |
Read Only | False |
Added | iLO 5 1.40 |
The following are the supported values:
Value | Description |
---|---|
UsernameAndPassword |
Username and password combination. |
ActiveDirectory.Authentication.Password Member of AccountService.v1_5_0.AccountService
Description | This property is used with a PATCH or PUT to write the password for the account service. This property is null on a GET. |
Type | string or null |
Read Only | False |
Added | iLO 5 1.40 |
ActiveDirectory.Authentication.Username Member of AccountService.v1_5_0.AccountService
Description | This property contains the distinguished name for the account service. |
Type | string or null |
Read Only | False |
Added | iLO 5 1.40 |
ActiveDirectory.RemoteRoleMapping (array)
Member of AccountService.v1_5_0.AccountService
RemoteRoleMapping
is an array containing elements of:
RemoteRoleMapping[{item}].LocalRole Member of AccountService.v1_5_0.AccountService
Description | The name of the local role in which to map the remote user or group. |
Type | string or null |
Read Only | False |
RemoteRoleMapping[{item}].RemoteGroup Member of AccountService.v1_5_0.AccountService
Description | This property is the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity. |
Type | string or null |
Read Only | False |
ActiveDirectory.ServiceAddresses (array)
Member of AccountService.v1_5_0.AccountService
ServiceAddresses
is an array containing elements of:
Type | string or null |
Read Only | True |
ActiveDirectory.ServiceEnabled Member of AccountService.v1_5_0.AccountService
Description | This indicates whether this service is enabled. |
Type | boolean or null |
Read Only | False |
Added | iLO 5 1.40 |
AuthFailureLoggingThreshold
Member of AccountService.v1_5_0.AccountService
Description | The number of authorization failures allowed before the failure attempt is logged to the manager log. |
Type | number |
Read Only | False |
LDAP
LDAP.AccountProviderType Member of AccountService.v1_5_0.AccountService
Description | This property contains the type of external account provider this resource references. |
Type | string |
Read Only | False |
Added | iLO 5 1.40 |
The following are the supported values:
Value | Description |
---|---|
ActiveDirectoryService |
An external Active Directory Service. |
LDAPService |
A generic external LDAP Service. |
LDAP.Authentication LDAP.Authentication.AuthenticationType Member of AccountService.v1_5_0.AccountService
Description | This property contains the type of authentication used to connect to the external account provider. |
Type | string |
Read Only | False |
Added | iLO 5 1.40 |
The following are the supported values:
Value | Description |
---|---|
UsernameAndPassword |
Username and password combination. |
LDAP.Authentication.Password Member of AccountService.v1_5_0.AccountService
Description | This property is used with a PATCH or PUT to write the password for the account service. This property is null on a GET. |
Type | string or null |
Read Only | False |
Added | iLO 5 1.40 |
LDAP.Authentication.Username Member of AccountService.v1_5_0.AccountService
Description | This property contains the distinguished name for the account service. |
Type | string or null |
Read Only | False |
Added | iLO 5 1.40 |
LDAP.Certificates
A link to a collection of Certificates used for the external account service.
Certificates is a link ("@odata.id": URI
) to another resource.
LDAP.LDAPService
LDAP.LDAPService.SearchSettings
LDAP.LDAPService.SearchSettings.BaseDistinguishedNames (array)
Member of AccountService.v1_5_0.AccountService
BaseDistinguishedNames
is an array containing elements of:
Type | string or null |
Read Only | True |
LDAP.RemoteRoleMapping (array)
Member of AccountService.v1_5_0.AccountService
RemoteRoleMapping
is an array containing elements of:
RemoteRoleMapping[{item}].LocalRole Member of AccountService.v1_5_0.AccountService
Description | The name of the local role in which to map the remote user or group. |
Type | string or null |
Read Only | False |
RemoteRoleMapping[{item}].RemoteGroup Member of AccountService.v1_5_0.AccountService
Description | This property is the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity. |
Type | string or null |
Read Only | False |
LDAP.ServiceAddresses (array)
Member of AccountService.v1_5_0.AccountService
ServiceAddresses
is an array containing elements of:
Type | string or null |
Read Only | True |
LDAP.ServiceEnabled Member of AccountService.v1_5_0.AccountService
Description | This indicates whether this service is enabled. |
Type | boolean or null |
Read Only | False |
Added | iLO 5 1.40 |
LocalAccountAuth
Member of AccountService.v1_5_0.AccountService
Description | Controls when this service will use the accounts defined withing this AccountService as part of authentication. |
Type | string |
Read Only | False |
Added | iLO 5 1.40 |
The following are the supported values:
Value | Description |
---|---|
Enabled |
Authentication via accounts defined in this AccountService is enabled. |
Disabled |
Authentication via accounts defined in this AccountService is disabled. |
MaxPasswordLength
Member of AccountService.v1_5_0.AccountService
Description | The maximum password length for this service. |
Type | number |
Read Only | True |
Added | iLO 5 1.40 |
MinPasswordLength
Member of AccountService.v1_5_0.AccountService
Description | The minimum password length for this account service. |
Type | integer |
Read Only | True |
Added | iLO 5 1.40 |
Oem.Hpe.AuthFailureDelayTimeSeconds
Member of AccountService.v1_5_0.AccountService
Description | The time in seconds to delay for each failure after AuthFailuresBeforeDelay authentication attempts have failed. Values of 2, 5, 10, and 30 seconds are valid. |
Type | integer |
Read Only | False |
Added | iLO 5 1.10 |
The following are the supported values:
Value |
---|
2 |
5 |
10 |
30 |
Oem.Hpe.AuthFailureLoggingThreshold
Member of AccountService.v1_5_0.AccountService
Description | This property enables you to view and configure logging criteria for failed authentications. A failed login log entry is recorded after the configured number of attempts. 0 = feature disabled; 1-3 and 5 are allowable values. |
Type | integer |
Read Only | False |
The following are the supported values:
Value |
---|
Null |
1 |
2 |
3 |
5 |
Oem.Hpe.AuthFailuresBeforeDelay
Member of AccountService.v1_5_0.AccountService
Description | The number of failed authentication attempts allowed before authentication is delayed by AuthFailureDelayTimeSeconds. Values of 0, 1, 3, and 5 are valid, with 0 indicating delay after every authentication failure. |
Type | integer |
Read Only | False |
Added | iLO 5 1.10 |
The following are the supported values:
Value |
---|
Null |
1 |
3 |
5 |
Oem.Hpe.DefaultPassword
Member of AccountService.v1_5_0.AccountService
Description | The default password used to log in to the management processor when factory reset is performed. |
Type | string or null |
Read Only | False |
Added | iLO 5 1.17 |
Oem.Hpe.DefaultUserName
Member of AccountService.v1_5_0.AccountService
Description | The default name used to log in to the management processor when factory reset is performed. |
Type | string or null |
Read Only | False |
Added | iLO 5 1.17 |
Oem.Hpe.DirectorySettings
Oem.Hpe.DirectorySettings.LdapAuthenticationMode Member of AccountService.v1_5_0.AccountService
Description | Represents the LDAP authentication mode. |
Type | string |
Read Only | False |
Added | iLO 5 1.40 |
The following are the supported values:
Value | Description |
---|---|
Disabled |
Directory authentication is disabled. |
DefaultSchema |
Directory Default schema or Schema-free option is selected. |
ExtendedSchema |
HPE Extended schema is selected. |
Oem.Hpe.DirectorySettings.LdapCaCertificateLoaded Member of AccountService.v1_5_0.AccountService
Description | Represents if the directory server CA certificate is loaded or not. |
Type | boolean |
Read Only | True |
Added | iLO 5 1.40 |
Oem.Hpe.DirectorySettings.LdapCaCertificates
A link to a collection of Certificates.
LdapCaCertificates is a link ("@odata.id": URI
) to another resource.
Oem.Hpe.DirectorySettings.LdapServerPort Member of AccountService.v1_5_0.AccountService
Description | Represents the port number of the directory server. |
Type | integer |
Read Only | True |
Added | iLO 5 1.40 |
Oem.Hpe.DirectoryTest
The value of this property shall be a reference to a resource of type HpeDirectoryTest.
DirectoryTest is a link ("@odata.id": URI
) to another resource.
Oem.Hpe.EnforcePasswordComplexity
Member of AccountService.v1_5_0.AccountService
Description | Enforce complexity rules when a user password is set or changed. Three of four character classes must be present; ASCII UPPERCASE, LOWERCASE, DIGITS, and Other |
Type | boolean |
Read Only | False |
Added | iLO 5 1.40 |
Oem.Hpe.KerberosSettings
Oem.Hpe.KerberosSettings.KDCServerPort Member of AccountService.v1_5_0.AccountService
Description | Represents the port number of the KDC server. |
Type | integer |
Read Only | True |
Added | iLO 5 1.40 |
Oem.Hpe.KerberosSettings.KerberosRealm Member of AccountService.v1_5_0.AccountService
Description | Represents the Realm of the KDC server. |
Type | string or null |
Read Only | False |
Added | iLO 5 1.40 |
Oem.Hpe.MinPasswordLength
Member of AccountService.v1_5_0.AccountService
Description | This property specifies the minimum number of characters allowed when a user password is set or changed. It must be a value from 0 to 39. |
Type | integer |
Read Only | False |
Added | iLO 5 1.10 |
Oem.Hpe.TwoFactorAuth
Member of AccountService.v1_5_0.AccountService
Description | This property indicates two factor authentication enabled or not |
Type | string |
Read Only | False |
The following are the supported values:
Value |
---|
Enabled |
Disabled |
Roles
A link to a collection of Roles.
Roles is a link ("@odata.id": URI
) to another resource.
Actions
HpeiLOAccountService.ImportKerberosKeytab Member of AccountService.v1_5_0.AccountService Import the Kerberos keytab file.
Parameters:
ImportUri (string)
URI of the kerberos keytab file.
Bios.v1_0_0.Bios
@odata.type: "#Bios.v1_0_0.Bios"
Bios contains properties surrounding a BIOS Attribute Registry (where the system-specific BIOS attributes are described) and the Actions needed to perform changes to BIOS settings, which typically require a system reset to apply.
Resource Instances
Uri | HTTP Allow |
---|---|
/redfish/v1/systems/{item}/bios |
GET |
/redfish/v1/systems/{item}/bios/settings |
GET POST PATCH |
Links to other Resources
Link Name | Destination type |
---|---|
@Redfish.Settings/SettingsObject |
Bios |
Oem/Hpe/Links/BaseConfigs |
HpeBaseConfigs |
Oem/Hpe/Links/Boot |
HpeServerBootSettings |
Oem/Hpe/Links/Mappings |
HpeBiosMapping |
Oem/Hpe/Links/ScalablePmem |
HpeScalablePmem |
Oem/Hpe/Links/TlsConfig |
HpeTlsConfig |
Oem/Hpe/Links/iScsi |
HpeiSCSISoftwareInitiator |
AttributeRegistry
Member of Bios.v1_0_0.Bios
Description | The Resource ID of the Attribute Registry for the BIOS Attributes resource. |
Type | string or null |
Read Only | True |
Attributes
AcpiHpet (High Precision Event Timer (HPET) ACPI Support) Member of Bios.v1_0_0.Bios
Description | Use this option to disable the High Precision Event Timer (HPET) table and device object in ACPI. When disabled, the HPET is not available to an operating system that supports the HPET through the industry standard ACPI name space. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
AcpiRootBridgePxm (Memory Proximity Reporting for I/O) Member of Bios.v1_0_0.Bios
Description | When enabled, the System BIOS reports the proximity relationship between I/O devices and system memory to the operating system. Most operating systems can use this information to efficiently assign memory resources for devices, such as network controllers and storage devices. Additionally, certain I/O devices might not be able to take advantage of I/O handling benefits if their OS drivers are not properly optimized to support this feature. See your operating system and I/O device documentation for more details. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
AcpiSlit (ACPI SLIT) Member of Bios.v1_0_0.Bios
Description | The ACPI SLIT (System Locality Information Table) defines the relative access times between processors, memory subsystems, and I/O subsystems. Operating systems that support the SLIT can use this information to improve performance by allocating resources and workloads more efficiently. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
AdjSecPrefetch (Adjacent Sector Prefetch) Member of Bios.v1_0_0.Bios
Description | Use this option to disable the processor Adjacent Sector Prefetch feature. In some cases, setting this option to disabled can improve performance. Typically, setting this option to enabled provides better performance. Only disable this option after performing application benchmarking to verify improved performance in the environment. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
AdminEmail (Administrator E-mail Address) Member of Bios.v1_0_0.Bios
Description | Enter the server administrator’s e-mail address. |
Type | String |
Read Only | False |
AdminName (Administrator Name) Member of Bios.v1_0_0.Bios
Description | Enter the server administrator’s name text. |
Type | String |
Read Only | False |
AdminOtherInfo (Administrator Other Information) Member of Bios.v1_0_0.Bios
Description | Enter the server administrator’s information text. |
Type | String |
Read Only | False |
AdminPhone (Administrator Phone Number) Member of Bios.v1_0_0.Bios
Description | Enter the server administrator’s phone number text. |
Type | String |
Read Only | False |
AdvCrashDumpMode (Advanced Crash Dump Mode) Member of Bios.v1_0_0.Bios
Description | Use this option to enable the Advanced Crash Dump Mode. When enabled, the system will be configured to log additional debug information to the Active Health System logs when an unexpected system crash is experienced. This option should only be enabled when directed by qualified service personnel |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Disabled |
Disabled |
Enabled |
Enabled |
AdvancedMemProtection (Advanced Memory Protection) Member of Bios.v1_0_0.Bios
Description | Use this option to configure additional memory protection with ECC (Error Checking and Correcting). Options and support vary per system. Advanced ECC keeps all installed memory available for use while still protecting the system against all single-bit failures and certain multi-bit failures. Online Spare Memory enables a system to automatically map out a group of memory that is detected to be at an increased risk of receiving uncorrected memory errors based on an advanced analysis of corrected memory errors. The mapped out memory is automatically replaced by a spare group of memory without interrupting the system. Mirrored Memory provides the maximum protection against uncorrected memory errors that might otherwise result in a system failure. Fault Tolerant Advanced Double Device Data Correction (ADDDC) enables the system to correct memory errors and continue to operate in cases of multiple DRAM device failures on a DIMM. This provides protection against uncorrectable memory errors beyond what is available with Advanced ECC. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
FastFaultTolerantADDDC |
Fault Tolerant Memory (ADDDC) |
AdvancedEcc |
Advanced ECC Support |
OnlineSpareAdvancedEcc |
Online Spare with Advanced ECC Support |
MirroredAdvancedEcc |
Mirrored Memory with Advanced ECC Support |
AsrStatus (ASR Status) Member of Bios.v1_0_0.Bios
Description | Use this option to configure the Automatic Server Recovery option, which enables the system to automatically reboot if the server locks up. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
AsrTimeoutMinutes (ASR Timeout) Member of Bios.v1_0_0.Bios
Description | When Automatic Server Recovery is enabled, you can use this option to set the time to wait before rebooting the server in the event of an operating system crash or server lockup. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Timeout10 |
10 Minutes |
Timeout15 |
15 Minutes |
Timeout20 |
20 Minutes |
Timeout30 |
30 Minutes |
Timeout5 |
5 Minutes |
AssetTagProtection (Asset Tag Protection) Member of Bios.v1_0_0.Bios
Description | Use this option to lock Asset Tag information. When set to lock, the Asset Tag is not erased if the default system settings are restored. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Locked |
Locked |
Unlocked |
Unlocked |
AutoPowerOn (Automatic Power-On) Member of Bios.v1_0_0.Bios
Description | Use this option to configure the server power state when AC power is applied to the system. Restore Last Power State returns the system to its previous power state when AC power is restored after an AC power loss. Note: This option is not available on all systems. Always Power On and Always Power Off causes the system to always return to the “on” and “off” state, respectively, whenever power is applied, even if the system is in the “off” state when power is lost. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
AlwaysPowerOn |
Always Power On |
AlwaysPowerOff |
Always Power Off |
RestoreLastState |
Restore Last Power State |
BootMode (Boot Mode) Member of Bios.v1_0_0.Bios
Description | Use this option to select the boot mode of the system. Selecting UEFI Mode configures the system to boot Unified Extensible Firmware Interface (UEFI) compatible operating systems. Selecting Legacy BIOS Mode configures the system to boot traditional operating systems in Legacy BIOS compatibility mode. The operating system can only boot in the mode in which it is installed. The following options require booting in UEFI Mode: Secure Boot, IPv6 PXE Boot, boot > 2.2 TB Disks in AHCI SATA Mode, and Smart Array SW RAID. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Uefi |
UEFI Mode |
LegacyBios |
Legacy BIOS Mode |
BootOrderPolicy (Boot Order Policy) Member of Bios.v1_0_0.Bios
Description | Use this option to configure how the system attempts to boot devices per the Boot Order list when no bootable device is found. If configured to ‘Retry Boot Order Indefinitely,’ the system continuously attempts to process the Boot Order list until a bootable device is found. If configured to ‘Attempt Boot Order Once,’ the system attempts to process all items in the Boot Order list once, and if unsuccessful, waits for user input to proceed. If configured for ‘Reset After Failed Boot Attempt,’ the system attempts to process all items in the Boot Order list once, and then reboots the system. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
RetryIndefinitely |
Retry Boot Order Indefinitely |
AttemptOnce |
Attempt Boot Order Once |
ResetAfterFailed |
Reset After Failed Boot Attempt |
ChannelInterleaving (Channel Interleaving) Member of Bios.v1_0_0.Bios
Description | You can only configure this option if the Workload Profile is set to Custom. Use this option to modify the level of interleaving for which the memory system is configured. Typically, higher levels of memory interleaving result in maximum performance. However, reducing the level of interleaving can result in power savings. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
CollabPowerControl (Collaborative Power Control) Member of Bios.v1_0_0.Bios
Description | For operating systems that support the Processor Clocking Control (PCC) Interface, enabling this option enables the Operating System to request processor frequency changes even if the Power Regulator option on the server are configured for Dynamic Power Savings Mode. For Operating Systems that do not support the PCC Interface, or when the Power Regulator Mode is not configured for Dynamic Power Savings Mode, this option has no effect on system operation. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
ConsistentDevNaming (Consistent Device Naming) Member of Bios.v1_0_0.Bios
Description | Use this option to select the level of Consistent Device Naming. On supported operating systems, NIC ports are named based on their location in the system. CDN Support for LOMs Only names Embedded NICs and FlexibleLOMs. Existing NIC connections retain their names until reinstalled under the OS environment. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
LomsAndSlots |
CDN Support for LOMs and Slots |
LomsOnly |
CDN Support for LOMs Only |
Disabled |
Disabled |
CoreBoosting (Core Boosting) Member of Bios.v1_0_0.Bios
Description | Use this option to enable the Core Boosting technology to increase processor performance on qualified processors. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Disabled |
Disabled |
Enabled |
Enabled |
CustomPostMessage (Custom POST Message) Member of Bios.v1_0_0.Bios
Description | Enter a message to be displayed on POST screen during system startup. This feature limits POST screen messaging to 62 characters, special characters are also accepted. |
Type | String |
Read Only | False |
DaylightSavingsTime (Daylight Savings Time) Member of Bios.v1_0_0.Bios
Description | This option controls the Daylight Savings Time (DST) adjustment to the displayed local time. If this option is disabled, the displayed local time will not be adjusted for DST. If this option is enabled, the displayed local time will be advanced by one hour. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Disabled |
Disabled |
Enabled |
Enabled |
DcuIpPrefetcher (DCU IP Prefetcher) Member of Bios.v1_0_0.Bios
Description | Use this option to disable the processor DCU IP Prefetcher feature. In some cases, setting this option to disabled can improve performance. In most cases, the default value of enabled provides optimal performance. Only disable this option after performing application benchmarking to verify improved performance in the environment. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
DcuStreamPrefetcher (DCU Stream Prefetcher) Member of Bios.v1_0_0.Bios
Description | Use this option to disable the processor DCU Stream Prefetcher feature. In some cases, setting this option to disabled can improve performance. Typically, setting this option to enabled provides better performance. Only disable this option after performing application benchmarking to verify improved performance in your environment. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
Dhcpv4 (DHCPv4) Member of Bios.v1_0_0.Bios
Description | When enabled, this option enables obtaining the pre-boot network IPv4 configuration from a DHCP server. Individual settings are not available. When disabled, you must configure static IP address settings individually. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
DirectToUpi (Direct To UPI (D2K)) Member of Bios.v1_0_0.Bios
Description | Direct To UPI (D2K) |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Enabled |
Enabled |
Disabled |
Disabled |
DynamicPowerCapping (Dynamic Power Capping Functionality) Member of Bios.v1_0_0.Bios
Description | Use this option to configure when the System BIOS executes power calibration during the boot process. In Auto mode, calibration is run the first time the server is booted, and is then only run again when the server’s hardware configuration changes, configuration settings change, or if the system determines a new calibration is necessary. When disabled, the calibration does not run, and Dynamic Power Capping is not supported. When enabled, the calibration is run on every boot. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Enabled |
Enabled |
Disabled |
Disabled |
EmbNicAspm (PCIe Power Management(ASPM)) Member of Bios.v1_0_0.Bios
Description | Use this option to configure the PCIe Link Power Management (ASPM) support for the selected device. When configured for L0s Enabled, the selected device’s link enters a standby energy savings state. When configured for L1 Enabled, the selected device’s link enters a lower power standby state at the expense of a longer exit latency. When configured for L1 and L0s Enabled, the selected device’s link enters either power savings mode, depending on link utilization, and provides the highest energy savings. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Disabled |
Disabled |
AspmL1Enabled |
L1 Enabled |
EmbNicEnable (PCIe Device Disable) Member of Bios.v1_0_0.Bios
Description | Select this option to enable or disable PCI devices. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Disabled |
Disabled |
EmbNicLinkSpeed (PCIe Link Speed) Member of Bios.v1_0_0.Bios
Description | Use this option to configure the PCIe Link Speed for the selected device. When configured for Auto, the selected device trains at the maximum supported speed of the PCIe link. When configured for PCIe Generation 2 Link Speed, the selected device trains at a maximum of PCIe Generation 2 speed. When configured for PCIe Generation Link 1 speed, the selected device trains at a maximum of PCIe Generation 1 speed. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
PcieGen1 |
PCIe Generation 1.0 |
EmbNicPCIeOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable Device Option ROM |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
EmbSas1Aspm (PCIe Power Management(ASPM)) Member of Bios.v1_0_0.Bios
Description | Use this option to configure the PCIe Link Power Management (ASPM) support for the selected device. When configured for L0s Enabled, the selected device’s link enters a standby energy savings state. When configured for L1 Enabled, the selected device’s link enters a lower power standby state at the expense of a longer exit latency. When configured for L1 and L0s Enabled, the selected device’s link enters either power savings mode, depending on link utilization, and provides the highest energy savings. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Disabled |
Disabled |
AspmL1Enabled |
L1 Enabled |
EmbSas1Boot (Embedded SAS Controller 1) Member of Bios.v1_0_0.Bios
Description | When Boot All Targets is selected, all valid boot targets attached to the storage controller are made available in the UEFI Boot Order list. If Boot No Targets is selected, no boot targets from this storage controller are made available in the UEFI Boot Order list.If Boot Limit to 24 Targets is selected, 24 boot targets attached to the storage controller are made available in the UEFI Boot Order list. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
AllTargets |
Boot All Targets |
TwentyFourTargets |
Boot Limit to 24 Targets |
NoTargets |
Boot No Targets |
EmbSas1Enable (PCIe Device Disable) Member of Bios.v1_0_0.Bios
Description | Select this option to enable or disable PCI devices. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Disabled |
Disabled |
EmbSas1LinkSpeed (PCIe Link Speed) Member of Bios.v1_0_0.Bios
Description | Use this option to configure the PCIe Link Speed for the selected device. When configured for Auto, the selected device trains at the maximum supported speed of the PCIe link. When configured for PCIe Generation 2 Link Speed, the selected device trains at a maximum of PCIe Generation 2 speed. When configured for PCIe Generation Link 1 speed, the selected device trains at a maximum of PCIe Generation 1 speed. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
PcieGen1 |
PCIe Generation 1.0 |
PcieGen2 |
PCIe Generation 2.0 |
EmbSas1PcieOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable Device Option ROM |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
EmbSata1Aspm (SATA Power Management(SALP)) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable Aggressive Link Power Management(SALP). |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Disabled |
Disabled |
Enabled |
Enabled |
EmbSata1Enable (SATA Device Disable) Member of Bios.v1_0_0.Bios
Description | Select this option to enable or disable SATA devices. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Disabled |
Disabled |
EmbSata1PCIeOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable Device Option ROM |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
EmbSata2Aspm (SATA Power Management(SALP)) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable Aggressive Link Power Management(SALP). |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Disabled |
Disabled |
Enabled |
Enabled |
EmbSata2Enable (SATA Device Disable) Member of Bios.v1_0_0.Bios
Description | Select this option to enable or disable SATA devices. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
Disabled |
Disabled |
EmbSata2PCIeOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable Device Option ROM |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
EmbVideoConnection (Embedded Video Connection) Member of Bios.v1_0_0.Bios
Description | When configured for Auto mode, the external video connection to the embedded video controller is automatically disabled to save power when a monitor is not attached. It is automatically enabled when a monitor is attached, including when the server is operating. When configured for Always Disabled, the external video connection to the embedded video controller is disabled, and a monitor connected to this port does not display except during system boot. This can be used for security reasons. When configured for Always Enabled, the external video connection to the embedded video controller is always enabled. This option is only required if a monitor is attached with a monitor detection that does not function properly (making AUTO mode not work properly). Note: This option does not affect Integrated Remote Console video. Also, if you press F9 or F11 during system boot, the configured video connector behavior is overridden, and the video console remains enabled. This lets you reconfigure the Embedded Video Connection option even if the video is disabled. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Auto |
Auto |
AlwaysDisabled |
Always Disabled |
AlwaysEnabled |
Always Enabled |
EmbeddedDiagnostics (Embedded Diagnostics) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable Embedded Diagnostics functionality. If disabled, you cannot launch Embedded Diagnostics. Enable this option to use the Embedded Diagnostics functionality. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Enabled |
Enabled |
Disabled |
Disabled |
EmbeddedSata (Embedded SATA Configuration) Member of Bios.v1_0_0.Bios
Description | Important: Smart Array SW RAID is not supported when Boot Mode is set to Legacy BIOS Mode. Use this option to configure the embedded chipset SATA controller. When selecting the Advanced Host Controller Interface (AHCI) or RAID (if supported), make sure the proper operating system drivers are used for proper operation. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Ahci |
SATA AHCI Support |
Raid |
Smart Array SW RAID Support |
EmbeddedSerialPort (Embedded Serial Port) Member of Bios.v1_0_0.Bios
Description | Select this option to assign the logical COM port address and associated default resources to the selected physical serial port. The operating system can overwrite this setting. |
Type | Enumeration |
Read Only | False |
Value | Description |
---|---|
Com1Irq4 |
COM 1; IRQ4; I/O: 3F8h-3FFh |
Com2Irq3 |
COM 2; IRQ3; I/O: 2F8h-2FFh |
Disabled |
Disabled |
EmbeddedUefiShell (Embedded UEFI Shell) Member of Bios.v1_0_0.Bios
Description | Use this option to enable or disable the Embedded UEFI Shell. When enabled, you can launch the Embedded UEFI Shell from the pre-boot environment. When enabled and the Boot Mode is configured for UEFI Mode, you can add the Embedded UEFI Shell to the UEFI Boot Order list by selecting the option entitled ‘Add Embedded UEFI Shell to Boot Order’. When disabled, the Embedded UEFI Shell is not available in the pre-boot environment, and you cannot add it to the UEFI Boot Order list. The Embedded UEFI Shell is a pre-boot command line environment that you can use for scripting and running UEFI applications. It provides CLI-based commands to configure the server, update the System BIOS and other firmware, and obtain system information and error logs. |
Type | Enumeration |
Read Only | False |
Value | Descripti |
---|