HPE OneView

Retrieve ILO sessionKey through Oneview rest API with Read-only user

 
davidnew
Occasional Visitor

Retrieve ILO sessionKey through Oneview rest API with Read-only user

Hello,

I need to connect to all ILOs of oneview site using rest API to retrieve ILO's data like fan status, cpu status , etc....

I need to use an account with Read-only privileges.

I connect to oneview with login API and I retrieve sessionID.  (rest API: /rest/login-sessions).  With this sessionID I call API /rest/server-hardware/{uuid}/remoteConsoleUrl to retrieve the ILO sessionID and then I can use this ILO sessionID to retrieve data from ILO, for example using redfish API /redfish/v1/chassis/1/Thermal/ to retrieve thermal data.  The problem is that when I do the call /rest/server-hardware/{uuid}/remoteConsoleUrl there is the error: 

{"errorCode":"ACTION_FORBIDDEN_BY_ROLE","message":"This user session is not authorized to perform the action on {\"name\":\"<serverName>\", \"uri\":\"/rest/server-hardware/{uuid}\"}.","details":"This user session is not authorized to perform the Update action on {\"name\":\"<serverName>\", \"uri\":\"/rest/server-hardware/{uuid}\"} in the server-hardware category.","recommendedActions":["User session permission roles do not authorize the action on this category of resources. Retry the action with permissions that include a role that authorizes the action on the resource category or request assistance from a user who is authorized to perform the action."],"errorSource":null,"nestedErrors":[],"data":{}}

How can I connect to ILO server, using rest API, with read-only oneview user?

NOTE:I can't connect directly to ILO, for many reasons, but I need to use a Oneview session, I need to pass through Oneview.

Thanks a lot.

2 REPLIES 2
ChrisLynch
HPE Pro

Re: Retrieve ILO sessionKey through Oneview rest API with Read-only user

Unfortunately, this operation is not supported with the Read-Only permission.  An alternate way is to use the Firmware Operator role, which provides read-only for almost everything, but is allowed to change the firmware policy of a profile, change the power state of a server (i.e. reboot) and connect to the remote console.  This permission will generate the session token you are looking for.


I am an HPE employee

Accept or Kudo

AmRa
HPE Pro

Re: Retrieve ILO sessionKey through Oneview rest API with Read-only user