HPE Community
HPE OneView
1756730 Members
2955 Online
108852 Solutions
New Discussion

Re: Retrieve ILO sessionKey through Oneview rest API with Read-only user

 
davidnew
Occasional Visitor

‎01-26-2021 06:58 AM

‎01-26-2021 06:58 AM

Retrieve ILO sessionKey through Oneview rest API with Read-only user

Hello,

I need to connect to all ILOs of oneview site using rest API to retrieve ILO's data like fan status, cpu status , etc....

I need to use an account with Read-only privileges.

I connect to oneview with login API and I retrieve sessionID.  (rest API: /rest/login-sessions).  With this sessionID I call API /rest/server-hardware/{uuid}/remoteConsoleUrl to retrieve the ILO sessionID and then I can use this ILO sessionID to retrieve data from ILO, for example using redfish API /redfish/v1/chassis/1/Thermal/ to retrieve thermal data.  The problem is that when I do the call /rest/server-hardware/{uuid}/remoteConsoleUrl there is the error: 

{"errorCode":"ACTION_FORBIDDEN_BY_ROLE","message":"This user session is not authorized to perform the action on {\"name\":\"<serverName>\", \"uri\":\"/rest/server-hardware/{uuid}\"}.","details":"This user session is not authorized to perform the Update action on {\"name\":\"<serverName>\", \"uri\":\"/rest/server-hardware/{uuid}\"} in the server-hardware category.","recommendedActions":["User session permission roles do not authorize the action on this category of resources. Retry the action with permissions that include a role that authorizes the action on the resource category or request assistance from a user who is authorized to perform the action."],"errorSource":null,"nestedErrors":[],"data":{}}

How can I connect to ILO server, using rest API, with read-only oneview user?

NOTE:I can't connect directly to ILO, for many reasons, but I need to use a Oneview session, I need to pass through Oneview.

Thanks a lot.

0 Kudos
Reply
2 REPLIES 2
ChrisLynch
HPE Pro

‎01-27-2021 07:58 AM

‎01-27-2021 07:58 AM

Re: Retrieve ILO sessionKey through Oneview rest API with Read-only user

Unfortunately, this operation is not supported with the Read-Only permission.  An alternate way is to use the Firmware Operator role, which provides read-only for almost everything, but is allowed to change the firmware policy of a profile, change the power state of a server (i.e. reboot) and connect to the remote console.  This permission will generate the session token you are looking for.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
AmRa
HPE Pro

‎02-03-2021 11:41 PM

‎02-03-2021 11:41 PM

Re: Retrieve ILO sessionKey through Oneview rest API with Read-only user

Please refer HPE OneView - User Accounts and Roles article for more information on User role permissions

 

https://support.hpe.com/hpesc/public/docDisplay?docId=a00054510en_us&docLocale=en_US#:~:text=HPE%20OneView%20defines%20a%20set,resources%20managed%20by%20the%20appliance.&text=A%20scope%20is%20a%20user%2Ddefined%20set%20of%20resources.

I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.