Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 23. Remote management with IPMI and Redfish by using the rhel_mgmt collection

With the Intelligent Platform Management Interface (IPMI) and the Redfish API, administrators can remotely manage hosts even if the operating system is not running. The rhel_mgmt Ansible collection provides modules that use IPMI and Redfish to perform certain remote operations, such as setting the boot device.

23.1. Setting the boot device by using the rhel_mgmt.ipmi_boot module

You can set the boot device of a host by using the ipmi_boot module of the redhat.rhel_mgmt collection. This module uses the Intelligent Platform Management Interface (IPMI) to perform this operation.

Important

When you use this Ansible module, three hosts are involved: the control node, the managed node, and the host with the baseboard management controller (BMC) on which the actual IPMI operation is applied. The control node executes the playbook on the managed node. The managed host connects to the remote BMC to execute the IPMI operation. For example, if you set hosts: managed-node-01.example.com and name: server.example.com in the playbook, then managed-node-01.example.com changes the setting by using IPMI on server.example.com.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The ansible-collection-redhat-rhel_mgmt package is installed on the control node.
  • You have credentials to access the BMC, and these credentials have permissions to change settings.
  • The managed node can access the remote BMC over the network.

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <vault_password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      ipmi_usr: <username>
ipmi_pwd: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Set the boot device by using IPMI
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Install python3-pyghmi prerequisite
      ansible.builtin.dnf:
        name: python3-pyghmi
        state: latest

    - name: Set the boot device to hd
      redhat.rhel_mgmt.ipmi_boot:
        name: <bmc_hostname_or_ip_address>
        port: <bmc_port_number>
        user: "{{ ipmi_usr }}"
        password: "{{ ipmi_pwd }}"
        bootdev: hd
        persistent: true

    The settings specified in the example playbook include the following:

    name: <bmc_hostname_or_ip_address>
    Defines the hostname or IP address of the BMC. This is the BMC of the host on which the managed node performs the action.
    port: <bmc_port_number>
    Sets the Remote Management Control Protocol (RMCP) port number. The default is 623.
    bootdev: <value>

    Sets the boot device. You can select one of the following values:

    • hd: Boots from the hard disk.
    • network: Boots from network.
    • optical: Boots from an optical drive, such as a DVD-ROM.
    • floppy: Boots from a floppy disk.
    • safe: Boots from hard drive in safe mode.
    • setup: Boots into the BIOS or UEFI.
    • default: Removes any IPMI-directed boot device request.
    persistent: <true|false>
    Configures whether the remote host uses the defined setting for all future boots or only for the next one. By default, this variable is set to false. Note that not all BMCs support setting the boot device persistently.

    For details about all variables used in the playbook, use the ansible-doc redhat.rhel_mgmt.ipmi_boot command on the control node to display the documentation of the module.

  3. Validate the playbook syntax: 

    $ ansible-playbook --ask-vault-pass --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • The ansible-doc redhat.rhel_mgmt.ipmi_boot command on the control node
  • Ansible vault

23.2. Setting the system power state by using the rhel_mgmt.ipmi_power module

You can set the hardware state by using the ipmi_power module of the redhat.rhel_mgmt collection. For example, you can ensure that a host is powered on or hard-reset it without involvement of the operating system. The ipmi_power module uses the Intelligent Platform Management Interface (IPMI) to perform operations.

Important

When you use this Ansible module, three hosts are involved: the control node, the managed node, and the host with the baseboard management controller (BMC) on which the actual IPMI operation is applied. The control node executes the playbook on the managed node. The managed host connects to the remote BMC to execute the IPMI operation. For example, if you set hosts: managed-node-01.example.com and name: server.example.com in the playbook, then managed-node-01.example.com changes the setting by using IPMI on server.example.com.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The ansible-collection-redhat-rhel_mgmt package is installed on the control node.
  • You have credentials to access the BMC, and these credentials have permissions to change settings.
  • The managed node can access the remote BMC over the network.

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <vault_password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      ipmi_usr: <username>
ipmi_pwd: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Configure the system state by using IPMI
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Install python3-pyghmi prerequisite
      ansible.builtin.dnf:
        name: python3-pyghmi
        state: latest

    - name: Ensure a machine is powered on
      redhat.rhel_mgmt.ipmi_power:
        name: <bmc_hostname_or_ip_address>
        port: <bmc_port_number>
        user: "{{ ipmi_usr }}"
        password: "{{ ipmi_pwd }}"
        state: on

    The settings specified in the example playbook include the following:

    name: <bmc_hostname_or_ip_address>
    Defines the hostname or IP address of the BMC. This is the BMC of the host on which the managed node performs the action.
    port: <bmc_port_number>
    Sets the Remote Management Control Protocol (RMCP) port number. The default is 623.
    state: <value>

    Sets the state which the device should be in. You can select one of the following values:

    • on: Powers on the system.
    • off: Powers off the system without notifying the operating system.
    • shutdown: Requests a shutdown from the operating system.
    • reset: Performs a hard reset.
    • boot: Powers on the system if it was switched off, or resets the system if it was switched off.

    For details about all variables used in the playbook, use the ansible-doc redhat.rhel_mgmt.ipmi_power command on the control node to display the documentation of the module.

  3. Validate the playbook syntax: 

    $ ansible-playbook --ask-vault-pass --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • The ansible-doc redhat.rhel_mgmt.ipmi_power command on the control node
  • Ansible vault

23.3. Managing out-of-band controllers by using the rhel_mgmt.redfish_command module

You can send commands to the Redfish API to remotely manage out-of-band (OOB) controllers by using the redfish_command module of the redhat.rhel_mgmt collection. With this module, you can perform a large number of management operations, for example:

  • Performing power management actions
  • Managing virtual media
  • Managing users of the OOB controller
  • Updating the firmware
Important

When you use this Ansible module, three hosts are involved: the control node, the managed node, and the host with the OOB controller on which the actual operation is performed. The control node executes the playbook on the managed node, and the managed host connects to the remote OOB controller by using the Redfish API to execute the operation. For example, if you set hosts: managed-node-01.example.com and baseuri: server.example.com in the playbook, then managed-node-01.example.com executes the operation on server.example.com.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The ansible-collection-redhat-rhel_mgmt package is installed on the control node.
  • You have credentials to access the OOB controller, and these credentials have permissions to change settings.
  • The managed node can access the remote OOB controller over the network.

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <vault_password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      redfish_usr: <username>
redfish_pwd: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Send commands to OOB controller by using the Redfish API
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Power on the system
      redhat.rhel_mgmt.redfish_command:
        baseuri: <uri>
        username: "{{ redfish_usr }}"
        password: "{{ redfish_pwd }}"
        category: Systems
        command: PowerOn

    The settings specified in the example playbook include the following:

    baseuri: <uri>
    Defines the URI of the OOB controller. This is the OOB controller of the host on which the managed node performs the action.
    category: <value>

    Sets the category of the command to execute. The following categories are available:

    • Accounts: Manages user accounts of the OOB controller.
    • Chassis: Manages chassis-related settings.
    • Manager: Provides access to Redfish services.
    • Session: Manages Redfish login sessions.
    • Systems (default): Manages machine-related settings.
    • Update: Manages firmware update-related actions.
    command: <command>
    Sets the command to execute. Depending on the command, it can be necessary to set additional variables.

    For details about all variables used in the playbook, use the ansible-doc redhat.rhel_mgmt.redfish_command command on the control node to display the documentation of the module.

  3. Validate the playbook syntax: 

    $ ansible-playbook --ask-vault-pass --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • The ansible-doc redhat.rhel_mgmt.ipmi_command command on the control node
  • Ansible vault

23.4. Querying information from out-of-band controllers by using the rhel_mgmt.redfish_info module

You can remotely query information from of out-of-band (OOB) controllers through the Redfish API by using the redfish_info module of the redhat.rhel_mgmt collection. To display the returned value, register a variable with the fetched information, and display the content of this variable.

Important

When you use this Ansible module, three hosts are involved: the control node, the managed node, and the host with the OOB controller on which the actual operation is performed. The control node executes the playbook on the managed node, and the managed host connects to the remote OOB controller by using the Redfish API to execute the operation. For example, if you set hosts: managed-node-01.example.com and baseuri: server.example.com in the playbook, then managed-node-01.example.com executes the operation on server.example.com.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The ansible-collection-redhat-rhel_mgmt package is installed on the control node.
  • You have credentials to access the OOB controller, and these credentials have permissions to query settings.
  • The managed node can access the remote OOB controller over the network.

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <vault_password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      redfish_usr: <username>
redfish_pwd: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Query information by using the Redfish API
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Get CPU inventory
      redhat.rhel_mgmt.redfish_info:
        baseuri: <uri>
        username: "{{ redfish_usr }}"
        password: "{{ redfish_pwd }}"
        category: Systems
        command: GetCpuInventory
      register: result

    - name: Display the fetched information
      ansible.builtin.debug:
        msg: "{{ result.redfish_facts.cpu.entries | to_nice_json }}"

    The settings specified in the example playbook include the following:

    baseuri: <uri>
    Defines the URI of the OOB controller. This is the OOB controller of the host on which the managed node performs the action.
    category: <value>

    Sets the category of the information to query. The following categories are available:

    • Accounts: User accounts of the OOB controller
    • Chassis: Chassis-related settings
    • Manager: Redfish services
    • Session: Redfish login sessions
    • Systems (default): Machine-related settings
    • Update: Firmware-related settings
    • All: Information from all categories.

    You can also set multiple categories if you use a list, for example ["Systems", "Accounts"].

    command: <command>
    Sets the query command to execute.

    For details about all variables used in the playbook, use the ansible-doc redhat.rhel_mgmt.redfish_info command on the control node to display the documentation of the module.

  3. Validate the playbook syntax: 

    $ ansible-playbook --ask-vault-pass --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • The ansible-doc redhat.rhel_mgmt.redfish_info command on the control node
  • Ansible vault

23.5. Managing BIOS, UEFI, and out-of-band controllers by using the rhel_mgmt.redfish_config module

You can configure BIOS, UEFI, and out-of-band (OOB) controllers settings through the Redfish API by using the redfish_config module of the redhat.rhel_mgmt collection. This enables you to modify the settings remotely with Ansible.

Important

When you use this Ansible module, three hosts are involved: the control node, the managed node, and the host with the OOB controller on which the actual operation is performed. The control node executes the playbook on the managed node, and the managed host connects to the remote OOB controller by using the Redfish API to execute the operation. For example, if you set hosts: managed-node-01.example.com and baseuri: server.example.com in the playbook, then managed-node-01.example.com executes the operation on server.example.com.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The ansible-collection-redhat-rhel_mgmt package is installed on the control node.
  • You have credentials to access the OOB controller, and these credentials have permissions to change settings.
  • The managed node can access the remote OOB controller over the network.

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <vault_password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      redfish_usr: <username>
redfish_pwd: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Configure BIOS/UEFI settings by using the Redfish API
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Change the boot mode to UEFI
      redhat.rhel_mgmt.redfish_config:
        baseuri: <uri>
        username: "{{ redfish_usr }}"
        password: "{{ redfish_pwd }}"
        category: Systems
        command: SetBiosAttributes
        bios_attributes:
          BootMode: "Uefi"

    The settings specified in the example playbook include the following:

    baseuri: <uri>
    Defines the URI of the OOB controller. This is the OOB controller of the host on which the managed node performs the action.
    category: <value>

    Sets the category of the command to execute. The following categories are available:

    • Accounts: Manages user accounts of the OOB controller.
    • Chassis: Manages chassis-related settings.
    • Manager: Provides access to Redfish services.
    • Session: Manages Redfish login sessions.
    • Systems (default): Manages machine-related settings.
    • Update: Manages firmware update-related actions.
    command: <command>
    Sets the command to execute. Depending on the command, it can be necessary to set additional variables.

    For details about all variables used in the playbook, use the ansible-doc redhat.rhel_mgmt.redfish_config command on the control node to display the documentation of the module.

  3. Validate the playbook syntax: 

    $ ansible-playbook --ask-vault-pass --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • The ansible-doc redhat.rhel_mgmt.redfish_config command on the control node
  • Ansible vault
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.