advertisement
LC1_3.book Page 63 Monday, December 7, 2009 3:14 PM
Remote Service Features
The Dell™ Lifecycle Controller Remote Services are a set of features that allow systems management in a one-to-many mode. Remote Services capabilities use the web services based hardware management interface provided by the Lifecycle Controller firmware. They are aimed at simplifying tasks like operating system deployment, remote update and inventory, and automating the setup and configuration of new Dell systems remotely.
3
Web Services for Management
Web Services for Management (WS-MAN) is a Simple Object Access
Protocol (SOAP)-based protocol designed for systems management.
WS-MAN is published by the Distributed Management Task Force (DMTF) and provides an interoperable protocol for devices to share and exchange data across networks. The WS-MAN implementation complies with the DMTF
WS-MAN specification version 1.0.0.
Dell Lifecycle Controller - Remote Services uses WS-MAN to convey DMTF
Common Information Model (CIM)-based management information; the
CIM information defines the semantics and information types that can be manipulated in a managed system. The Dell-embedded server platform management interfaces are organized into profiles, where each profile defines the specific interfaces for a particular management domain or area of functionality. Additionally, Dell has defined a number of model and profile extensions that provide interfaces for additional capabilities. The data and methods available through WS-MAN are provided by the Lifecycle
Controller - Remote Services’ instrumentation interface mapped to the following DMTF profiles and Dell extension profiles:
Standard DMTF
• Base Server — defines CIM classes for representing the host server.
• Base Metrics — defines CIM classes for providing the ability to model and control metrics captured for managed elements.
Remote Service Features 63
LC1_3.book Page 64 Monday, December 7, 2009 3:14 PM
• Host LAN Network Port — defines CIM classes for representing a network port that provides a LAN interface to a host system, its associated controller, and network interfaces.
• Service Processor — defines CIM classes for modeling service processors.
• USB Redirection — defines CIM classes for describing information about
USB redirections. For keyboard, video, and mouse devices, this profile should be used if the devices are to be managed as USB devices.
• Physical Asset — defines CIM classes for representing the physical aspect of the managed elements.
• SM CLP Admin Domain — defines CIM classes for representing
CLP’s configuration.
• Power State Management — defines CIM classes for power control operations.
• Command Line Protocol Service — defines CIM classes for representing
CLP’s configuration.
• IP Interface — defines CIM classes for representing an IP interface of a managed system.
• DHCP Client — defines CIM classes for representing a DHCP client and its associated capabilities and configuration.
• DNS Client — defines CIM classes for representing a DNS client in a managed system.
• Record Log — defines CIM classes for representing different type of logs.
• Role Based Authorization — defines CIM classes for representing roles.
• SMASH Collections — defines CIM classes for representing
CLP’s configuration.
• Profile Registration — defines CIM classes for advertising the profile implementations.
• Simple Identity Management — defines CIM classes for representing identities.
• SSH Service — defines CIM classes for extending the management capability of referencing profiles by adding the capability to represent an
SSH service and its associated sessions in a managed system.
64 Remote Service Features
LC1_3.book Page 65 Monday, December 7, 2009 3:14 PM
• Battery — defines CIM classes for describing and setting the logical properties of the battery. Such properties include the description of the battery’s charge status and the time it takes for the battery charge to be depleted. The profile also describes operations such as recharging the battery.
Dell Extensions
• Dell Active Directory Client Version 2.0.0 — defines CIM and
Dell extension classes for configuring the Active Directory client and the local privileges for Active Directory groups.
• Dell Virtual Media — defines CIM and Dell extension classes for configuring Virtual Media. Extends the USB Redirection Profile.
• Dell Ethernet Port — defines CIM and Dell extension classes for configuring NIC Side-Band interface for the NIC. Extends the
Ethernet Port Profile.
• Dell Power Utilization Management — defines CIM and Dell extension classes for representing the host server’s power budget and for configuring/monitoring the host server’s power budget.
• Dell OS Deployment — defines CIM and Dell extension classes for representing the configuration of operating system deployment features.
It extends the management capability of referencing profiles by adding the capability to support operating system deployment activities by manipulating operating system deployment features provided by the service processor. For more information on Dell OS Deployment
functions, see "Remote Operating System Deployment Interface."
• Dell Software Update Profile — defines CIM and Dell extensions for representing the service class and methods for updating BIOS, component firmware, Lifecycle Controller firmware, Diagnostics, and Driver Pack.
Update methods support update from CIFS, NFS, FTP, and HTTP network share locations and from update images located in the Lifecycle
Controller. Update requests are formulated as jobs and can be scheduled immediately or at a later time with a choice of types of reboot action to apply the updates.
Remote Service Features 65
LC1_3.book Page 66 Monday, December 7, 2009 3:14 PM
• Dell Software Inventory Profile — Defines CIM and Dell Extensions for representing currently installed BIOS, component firmware, Diagnostics,
Unified Server Configurator, and Driver Pack versions. Also provides representation of versions of BIOS and firmware update images available in Lifecycle Controller for rollback and re-installation.
• Dell Job Control Profile — Defines CIM and Dell extensions for managing jobs generated by update requests. Jobs can be created, deleted, modified and aggregated into job queues to sequence and perform multiple updates in a single reboot.
• Lifecycle Controller Management Profile — Defines CIM and Dell extensions for getting and setting attributes for managing Auto-Discovery and Part Replacement Lifecycle Controller features.
The Lifecycle Controller - Remote Services WS-MAN implementation uses
SSL on port 443 for transport security, and supports basic and digest authentication. Web services interfaces can be utilized by leveraging client infrastructure such as Windows
®
.NET
®
.
®
WinRM and Powershell CLI, open source utilities like WS-MANCLI, and application programming environments like
Microsoft
There are additional implementation guides, white papers, profile specifications, class definition (.mof) files, and code samples available in the Dell Tech Center at www.delltechcenter.com. See:
• Lifecycle Controller area - http://www.delltechcenter.com/page/Lifecycle+Controller
• Dell CIM Extension Specifications http://www.delltechcenter.com/page/DCIM+-+Dell+CIM+Extensions
• Lifecycle Controller WS-MAN Script Center http://www.delltechcenter.com/page/Scripting+the+Dell+Lifecycle+C ontroller
For more information, also see the following:
• DTMF Web site: www.dmtf.org/standards/profiles/
• WS-MAN release notes or Readme file.
66 Remote Service Features
LC1_3.book Page 67 Monday, December 7, 2009 3:14 PM
What’s New in Remote Services 1.3
These are the new features introduced in 1.3:
• Auto-Discovery enhancements
• Remote firmware inventory and update
• Operating system deployment using Dell-licensed vFlash
• Part replacement
Auto-Discovery
The Auto-Discovery feature allows newly installed servers to automatically discover the remote management console that hosts the Provisioning Server.
The Provisioning Server provides custom administrative user credentials to the iDRAC so that the unprovisioned server can be discovered and managed by the management console.
When Auto-Discovery is enabled, the iDRAC6 requests an IP address from
DHCP and either acquires the name of the Provisioning Server host and/or subsequently resolves the address through DNS. After acquiring the
Provisioning Server host address, the iDRAC6 securely handshakes before acquiring custom administrative account credentials. The iDRAC can now be managed through its newly acquired credentials to perform operations, such as remote operating system deployment.
If you ordered a Dell system with the Auto-Discovery feature Enabled
(factory default setting is Disabled), then the iDRAC will be delivered with
DHCP-enabled and no enabled user accounts. If the auto-discovery feature is set to Disabled, you can manually enable this feature and disable the default administrative account from the iDRAC6 Configuration Utility when booting your system. For more information on Enabling and Disabling Auto-
Discovery feature, see "Auto-Discovery Configuration."
Configuring DHCP/DNS
Before adding your Dell system to the network and utilizing the Auto-
Discovery feature, ensure that Dynamic Host Configuration Protocol
(DHCP) server/Domain Name System (DNS) are configured with added
Remote Service Features 67
LC1_3.book Page 68 Monday, December 7, 2009 3:14 PM
68 support for Auto-Discovery. There are several options for enabling the network environment to support discovery of the Provisioning Server host by unprovisioned servers.
One of the following prerequisites must be met for the Auto-Discovery feature to work properly:
• The DHCP server provides a comma separated list of Provisioning Server locations using a vendor scope option of class LifecycleController option 1.
These locations can be a hostname or IP address and optionally include a port. The iDRAC will resolve the hostname of the management console to an IP address with a DNS lookup.
• The DNS server specifies a service option _dcimprovsrv._tcp that will resolve to an IP address.
• The DNS server specifies an IP address for a server with the known name
DCIMCredentialServer.
For more information on configuring DHCP and DNS, see Lifecycle
Controller Auto Discovery Network Setup Specification on the Dell Enterprise
Technology Center at www.delltechcenter.com/page/Lifecycle+Controller.
Auto-Discovery Configuration
Before enabling the Auto-Discovery feature, do the following:
1 Press <Ctrl><e> when prompted within 5 seconds during system start-up.
The iDRAC6 Configuration Utility page displays.
2 Enable NIC (for modular system only)
3 Enable DHCP.
4 Navigate to LAN Parameters.
5 Select Domain Name from DHCP.
6 Select On.
7 Select DNS Server from DHCP.
8 Select On.
9 Navigate to LAN user configuration.
10 Select Account Access.
Remote Service Features
LC1_3.book Page 69 Monday, December 7, 2009 3:14 PM
11 Select Disabled. This disables the default administrative account.
12 Save and exit iDRAC6 Configuration Utility.
13 Restart your system.
Enabling/Disabling Auto-Discovery
1 Press <Ctrl><e> when prompted within 5 seconds during system start-up.
The iDRAC6 Configuration Utility page displays.
2 Navigate to LAN User Configuration.
3 Select Auto-Discovery.
4 Select Enable to enable the Auto-Discovery feature. Select Disable to disable the Auto-Discovery feature
NOTE: Auto-Discovery feature will not run if any administrator accounts are enabled.
Auto-Discovery Workflow
This is the Auto-Discovery workflow once it is configured and enabled:
1 Plug in your new Dell system to your network
2 Plug-in the power cables to turn on the system.
3 iDRAC starts, acquires the Provisioning Server IP addresses/hostnames from DHCP/DNS and announces itself to the Provisioning Server.
4 The Provisioning Server validates and accepts the secure handshake session from the iDRAC.
5 The Provisioning Server provides custom user credentials with administrator privileges to iDRAC.
6 iDRAC receives and completes the secure handshake.
With enhancements to the Auto-Discovery process you can:
• Configure the provisioning server host address through the iDRAC
Configuration utility, USC, or using WinRM commands instead of using
DHCP or DNS.
• Remotely reinitiate Auto-Discovery in new environments.
• Upload custom client and server certificates using WS-MAN.
Remote Service Features 69
LC1_3.book Page 70 Monday, December 7, 2009 3:14 PM
70
Connecting Directly to Provisioning Server for Handshake
This feature allows you to directly connect to a specified Provisioning Server host for handshake and registration of the new server on the network. The provisioning server IP address or host name can be configured through the USC console, iDRAC6 configuration utility or preset at the factory.
Set Provisioning Server IP addresses/resolvable names
There are multiple options for setting the Provisioning Server IP address/hostname used for Auto-Discovery. You can set it through a Web services request using WS-MAN, through the USC console or through the iDRAC6 configuration utility.
Set Provisioning Server Using a WS-MAN Request
The Provisioning Server IP address property string is set by invoking the
SetAttribute() method on the DCIM_LCService class by issuing a Web services request using WS-MAN network management protocol. Command line examples of Microsoft WinRM and WSMANCLI SetAttribute() invocations are provided in the Lifecycle Controller 1.3 Interface Guide on the
Dell TechCenter wiki at www.delltechcenter/page/Lifecycle+Controller.
The following conditions apply to using a command to set the provisioning server IP address/hostname:
• Make sure to enable the Preserve Configuration option while resetting the iDRAC6 to defaults, issuing the racadm racresetcfg or updating the iDRAC6 firmware. If it is disabled, the provisioning server IP/hostname will be erased.
• The information will be used only during the next handshake process and will not be used for any handshakes in progress.
• The string can contain multiple IP addresses and/or hostnames with the following format:
• The string is a list of IP addresses and/or hostnames and ports separated by comma.
• Hostname can be fully qualified.
• IPv4 address – starts with ‘(‘ and ends with ‘)’ when specified at the same time with a hostname.
Remote Service Features
LC1_3.book Page 71 Monday, December 7, 2009 3:14 PM
• Each IP address or hostname can be optionally followed by a ‘:’ and a port number.
• Examples of valid strings are - hostname, hostname.domain.com
Setting Provisioning Server using the USC Console
1 Press <F10> System Services when prompted within 5 seconds during system start-up.
The Unified Server Configurator Lifecycle Controller Enabled page displays.
2 Navigate to Hardware Configuration -> Configuration Wizard ->
iDRAC6 Configuration.
3 Use the Next button to navigate to LAN User Configuration.
4 Navigate to Provisioning Server Addresses.
5 Enter the IP/hostname string of the Provisioning Server host.
6 Click Next and then click Apply.
7 Click Finish.
8 Click Exit and Reboot. Confirm exit.
Set Provisioning Server using iDRAC6 Configuration Utility
1 Press <Ctrl+e> when prompted within 5 seconds during system start-up.
2 The iDRAC6 Configuration Utility page displays.
3 Navigate to LAN User Configuration.
4 Select Provisioning Server.
5 Enter the IP/hostname string of the Provisioning Server host.
6 Click Enter.
7 Save and Exit the iDRAC6 Configuration Utility.
Remotely Reinitiating Auto-Discovery in New Environments
This feature allows you to reinitiate Auto-Discovery through WS-MAN, even though Auto-Discovery has taken place earlier. It can be used when you need to move a server from one data center to another. The Auto-Discovery settings will be persisted using the existing user credentials.
Remote Service Features 71
LC1_3.book Page 72 Monday, December 7, 2009 3:14 PM
72
When the server is powered on in the new data center, Auto-Discovery will run according to the settings, and will download the new user credentials for the new data center. This interface is supported using WS-MAN only, and the
WS-MAN requests require iDRAC administrator username password credentials or credentials for an iDRAC user with Execute Server Command privilege.
The supported WS-MAN interface to reinitiate Auto-Discovery includes these options:
• Whether the iDRAC will be reset to the factory default configuration equivalent to a server with being ordered with the Auto-Discover option.
Only true will be accepted as a value. This is a required input.
• Whether Auto-Discovery will run immediately or at the next iDRAC powercycle. This is a required input.
• Provisioning Server IP address/hostname. This is optional.
Regardless of the options you specify, the operations below will be performed by iDRAC as part of the next Auto-Discovery cycle:
• Enable NIC (modular servers)
• Enable IPv4
• DHCP enable
• Disable all administrator accounts
• Disable Active Directory
• Get DNS server address from DHCP
• Get DNS domain name from DHCP
The reinitiate interface and related interfaces are specified in the Dell
Lifecycle Controller Management Profile available at
www.delltechcenter.com/page/DCIM+Extensions+Library. Managed
Object Format (MOF) files for related class and method definitions are also available in the Dell TechCenter DCIM Extensions Library area. The interfaces are:
ReinitiateDHS(ProvisioningServer, ResetToFactoryDefaults,
PerformAutoDiscovery)
• ProvisioningServer: optional parameter to indicate the Provisioning Server information. This could be an IP address or a hostname.
Remote Service Features
LC1_3.book Page 73 Monday, December 7, 2009 3:14 PM
• ResetToFactoryDefaults: required parameter (TRUE or FALSE) to indicate whether the current configuration data needs to be deleted prior to the next cycle of Auto-Discovery. Only TRUE will be accepted; specifying FALSE will cause an error message indicating the parameter value is not supported. TRUE will reset iDRAC to the default values and then set iDRAC for Auto-Discovery. iDRAC will not be available until the
Auto-Discovery provisioning process is complete and the iDRAC receives the new credentials.
• PerformAutoDiscovery: required parameter to indicate when the next
Auto-Discovery cycle should be performed: immediately or at the next boot. Select Now to run the Auto-Discovery cycle immediately; select Next to run it the next time you boot your system.
SetAttribute(ProvisioningServer)
• ProvisioningServer: parameter to indicate the Provisioning Server IP address/host name.
• ClearProvisioningServer(): Method to clear the Provisioning Server property. No input parameters are required.
Using Custom Certificates
You can now transfer custom-defined certificates to the iDRAC6, and create a unique certificate based on the service tag of your system to ensure enhanced security. You can also have the factory preset the system with the certificate of your choice using the Custom Factory Install (CFI) process available from
Dell.
Creating Custom Client Certificates through WS-MAN
The DownloadClientCerts() method on the DCIM_LCService class can be called to cause a custom signed Auto-Discovery client encryption certificate to be generated. The method takes as input a Certificate Authority generated key certificate and related hash and password parameters. The key certificate provided is used to sign a certificate containing the system service tag as the Certificate Name(CN). The method returns a job ID that can be used to check the success of the download, generation, and installation of the
Auto-Discovery client private certificate. For examples of command line invocations using WinRM and WSMANCLI see the Lifecycle Controller 1.3
Web Services Interface Guide.
Remote Service Features 73
LC1_3.book Page 74 Monday, December 7, 2009 3:14 PM
74
Providing Custom Server Certificates using WS-MAN
The DownloadServerPublicKey() method on the DCIM_LCService class can be called to transfer a Provisioning Server public key certificate. The
Provisioning Server public key can be used as part of strict mutual authentication between the Auto-Discovery client and the provisioning server. The method takes as input a Provisioning Server public key certificate and related hash and hash type parameters. The method returns a job ID that can be used to check the success of the processing and installation of the
Provisioning Server public key. For examples of command line invocations using WinRM and WSMANCLI see the Lifecycle Controller 1.3 Web Services
Interface Guide. DCIM Profile specification and related MOF files are available at Dell TechCenter wiki in the DCIM Extension Library area
(www.DellTechCenter.com).
Remote Firmware Inventory
Remote firmware inventory enables a WS-MAN client to use the Web services interface provided by iDRAC to instantly retrieve the firmware and embedded software inventory of the system. The inventory, however, does not retrieve hardware-related information, such as slot number or hardware settings.
The firmware inventory feature will return an inventory of the installed firmware on devices on the system and the inventory of available
BIOS/firmware on the iDRAC6 express card Lifecycle Controller. It also returns the inventory of both the currently installed version of BIOS
/Firmware on the iDRAC6 Express card and the versions available for rollback
(N and N-1 versions) that can be installed using the remote update Web services interface.
Instant Firmware Inventory
Instant firmware inventory allows you to run an inventory independent of whether the system is turned on or off. Traditionally, the system firmware inventory was performed by downloading an inventory collector onto the operating system, executing it locally, and then gathering the results. Instant firmware inventory allows you to inventory the host platform remotely from a
WS-MAN client, even if the host is not running an operating system. iDRAC user credentials used for the WS-MAN request authentication requires
Execute Server Command privileges to request firmware and embedded
Remote Service Features
LC1_3.book Page 75 Monday, December 7, 2009 3:14 PM software inventory; it is not restricted to administrators. You can get a list of firmware for devices that are installed, and also the firmware that is available for rollback and reinstallation.
Supported Devices
Remote instant firmware inventory is supported on these devices:
• iDRAC6
• Storage controllers (RAID Series 6 and 7)
• NICs and LOMs (Broadcom)
• Power supplies
• BIOS
• Driver Pack
• USC
• Diagnostics
The instant firmware inventory class provides firmware inventory information on:
• The firmware installed in the supported devices
• The firmware versions available for installation for each device
Workflow
The DCIM_SoftwareInventory profile defines the Dell CIM data model extensions that represent installed and available to be installed versions of firmware and embedded software on the server. The firmware inventory can be accessed using the WS-MAN web services protocol.
This is the typical workflow for a request for firmware inventory using
Windows WinRM:
1 Request inventory of the system using the WinRM enumeration command for class DCIM_SoftwareIdentity.
2 Inventory instances are pulled up from the system in both system-off and system-on conditions.
3 Users that have administrator or Execute Server Command privileges can retrieve the firmware and embedded software inventory of the system.
Remote Service Features 75
LC1_3.book Page 76 Monday, December 7, 2009 3:14 PM
76
4 The enumeration request will generate a WinRM error when the UEFI system services are set to Disabled.
5 Requested inventories are collected as "Installed" and "Available" CIM instances.
6 The software currently installed on the component is listed as the
"Installed Software Instance". The key property value of this instance,
InstanceID represented as DCIM: INSTALLED :<
COMPONENTTYPE> :< COMPONENTID> :< Version> and the status value of this instance is represented as "Installed"
7 The available software in the persistent storage is listed as the Available
Software Instance. The key property value of the instance, InstanceID represented as DCIM: AVAILABLE :< COMPONENTTYPE> :<
COMPONENTID> :< Version> and the status value of this instance is represented as “Available”. Current installed software instances are also represented as available software instances.
8 Inventory instances provide input values for the update and rollback operations. To perform the update operation, pick the InstanceID value from the Installed Instance, DCIM: INSTALLED :< comptype> :< compid> :< version>. For the rollback operation pick the InstanceID
Value from the Available instance,
DCIM:AVAILABLE:<comptype>:<compid>:<version>. You will not be able to edit InstanceID values.
9 If the "version string" property value of "Available Software Instance" is equal to the "Installed Software Instance," then the InstanceID value of that Available Software Instance should not be used for the rollback operation.
10 If Unified Server Configurator (USC) is being run on the system during the inventory operation, only "Installed Instances" will be returned.
Important
• There may be DCIM_SoftwareIdentity instances for hardware that was previously installed and then removed still listed in the inventory as
"available."
• When you perform an inventory of updates using remote enablement while the system is booted to USC, the inventory may not be complete.
Some components could be missing from the list.
Remote Service Features
LC1_3.book Page 77 Monday, December 7, 2009 3:14 PM
Remote Update
Remote update, also known as out-of-band update or operating systemindependent platform update, allows you to update the system independent of the state of the operating system or the power on/off state.
Benefits of Remote Update
With Operating System independent platform update, an operating system need not be running on the system. Multiple updates can be scheduled together along with a graceful or power-cycle reboot into USC to perform the updates. Although the updates may involve intermediate BIOS restarts,
Lifecycle Controller will automatically handle them until the updates are complete.
This feature supports two methods to perform updates:
• Install from Uniform Resource Identifier (URI): This method allows a
WS-MAN request to install or update software on a host platform using a
URI. The URI consists of a string of characters used to identify or name a resource on the network. The URI is used to specify the location of the
Dell Update Package image on the network that can be downloaded to the
Lifecycle Controller and then installed.
• Install from Software Identity: This method allows update or rollback to a version that is already available on the Lifecycle Controller.
You can use a WS-MAN capable application, script or command line utility to perform a remote update. The application or script performs WS-MAN invoke method request using one of the remote update interface methods.
The iDRAC then downloads the firmware from the network share (local network share, CIFS, NFS, FTP, TFTP, http, https) URI and stages the updates to be performed at the specified time and utilizing the specified graceful, power cycle or none system reboot types.
Important
• When you perform a remote update on the Driver Pack for the system it will replace the current driver pack. The replaced driver pack will no longer be available.
Remote Service Features 77
LC1_3.book Page 78 Monday, December 7, 2009 3:14 PM
• If you have NIC cards of different families on your system, different tasks will be displayed for each NIC card family. For example, if the LOMS and the add-in NIC card are both 5709, you will see two tasks. If you have 5709
LOMS and 5710 add-in NIC card, four tasks will be displayed.
Supported Devices
Remote Update is supported on the following devices:
• iDRAC6
• RAID Series 6 and 7
• NICs and LOMs (Broadcom)
• Power supplies
• BIOS
• Driver Pack
• USC
• Diagnostics
Workflow for Remote Update from URI
1 Use the appropriate WS-MAN client to send a method invocation request to the iDRAC IP address. The WS-MAN command includes the
UpdateFromURI() method on the DCIM_SoftwareInstallationService, and the location from where iDRAC should download the Dell Update
Package (DUP). The download protocols that are supported are FTP,
HTTP, CIFS, NFS and TFTP.
2 When the WS-MAN command is invoked successfully, a Job ID will be returned back.
3 Additional UpdateFromURI() method invocation requests can be sent using WS-MAN to create other update jobs.
4 A reboot job can be created by invoking the CreateRebootJob() method on the DCIM_SoftwareInstallationService and specifying the desired reboot type. The reboot type can be graceful, power cycle or graceful with power cycle after 10 minutes.
78 Remote Service Features
LC1_3.book Page 79 Monday, December 7, 2009 3:14 PM
5 Using the update and reboot Job IDs, you can use the DCIM_JobService profile to schedule these jobs to run immediately or at future date and time. You can also use the Job ID to query the status of a job or to cancel a job.
6 All jobs will be marked successful or, if an error occurred during downloading or updating, failed. For failed jobs, the error message and error message ID for the failure are available in the job information.
Important
• After successfully downloading the DUP and extracting it, the downloader will update the status of the job as "Downloaded" and the job can then be scheduled. If the signature is invalid or if download/extraction fails then the Job status is set to "Failed" with an appropriate error code.
• Updated firmware can be viewed by requesting firmware inventory after firmware update jobs have completed.
Scheduling Remote Update
The remote update scheduling capability provides the ability to schedule or stage firmware updates now or in the future. Updates for Diagnostics and
USC can be performed directly and do not require any staging. These updates will be applied as soon as they are downloaded and do not need the Job
Scheduler. All other remote updates are staged updates, and require scheduling, using different scheduling options. The DUPs are downloaded to the Lifecycle Controller and staged, and the actual update is performed by rebooting the system into UEFI System Services.
There are multiple options for scheduling updates:
• Run updates on the desired components at a desired time.
• Run the reboot command to get a reboot job ID.
• Check on the status of any of the jobs by enumerating
DCIM_SoftUpdateConcreteJob instances and checking the JobStatus property value.
• Schedule the job using the SetupJobQueue() method on the
DCIM_JobService.
• Delete existing jobs using the DeleteJobQueue() method on the
DCIM_JobService.
Remote Service Features 79
LC1_3.book Page 80 Monday, December 7, 2009 3:14 PM
Important
USC, Diagnostics and Driver Pack updates cannot be rolled back.
Rolling Back to Previous Versions
Use the InstallFromSoftwareIdentity() method to reinstall from previous versions of firmware for a component that are stored in the Lifecycle
Controller. Instead of downloading the DUP, the
InstallFromSoftwareIdentity() creates a job and returns the job ID.
Remote Scheduling Types
Immediate Update
To immediately update component firmware, schedule the update and reboot jobs with start time as TIME_NOW. Scheduling a reboot or update is not required for updates to the Lifecycle controller partitions (USC, Diagnostics).
The updates are immediate for these partitions.
Scheduled Update
Specifying a scheduled start time for one or more jobs using the
SetupJobQueue() method involves specifying a datetime value for the
StartTimeInterval parameter. Optionally, a datetime value can be also be specified for the UntilTime parameter.
Specifying an UntilTime defines a maintenance window to run the updates within a time-bound slot. If the time window expires and the updates have not completed, any update jobs that are currently running will complete, but any unprocessed jobs whose scheduled start time has begun will be failed.
Setting the Scheduling Reboot Behavior
The DCIM_SoftwareInstallationService.CreateRebootJob() method takes one of the following reboot types as an input parameter and a reboot job ID is returned as an output parameter. The reboot Job ID is used as the first Job ID in the JobArray parameter of the DCIM_JobService.SetupJobQueue() method along with other update Job IDs.
80 Remote Service Features
LC1_3.book Page 81 Monday, December 7, 2009 3:14 PM
• Reboot 1 - Power cycle - Performs the iDRAC PowerCycle that will power down the system and power it back up. This is not a graceful reboot. The system will power off the system without sending a shutdown request to an operating system running on the system. Only reboot type 1 will power on the system if the system is in an Off state, but A/C power is still applied.
• Reboot 2 - Graceful reboot without forced shutdown - Performs the iDRAC Graceful Shutdown command and if the system is powered off within the PowerCycle Wait Time, it powers the system back up and marks the reboot job as Reboot Completed. If the system is not powered off within the PowerCycle WaitTime, the reboot job is marked as failed.
• Reboot 3 - Graceful reboot with forced shutdown - Performs the iDRAC
Graceful Shutdown command and if the system is powered off within the
PowerCycle Wait Time, it powers the system back up and marks the reboot job as Reboot Completed. If the system is not powered off within the
PowerCycle WaitTime, the system is Power Cycled.
Remote Operating System Deployment
The remote operating system deployment capabilities enable deployment of an operating system remotely using WS-MAN web services protocols and
CIFS and NFS network file sharing protocols.
Remote Operating System Deployment Main Features
These are the main capabilities of remote operating system deployment:
• Remote activation of local exposure of embedded drivers as a USB device
• Remote acquisition of embedded drivers per selected operating system.
• Boot to an ISO image located on a network share.
• Download an boot to ISO image to vFlash.
Remote Operating System Deployment Interface
Dell Operating System Deployment web services interface provides the capability to support operating system deployment activities by manipulating operating system deployment features provided by the iDRAC service processor.
Detailed interface specifications and class definition (.mof) files can be found at the Lifecycle Controller area on the Dell Enterprise Technology Center at
Remote Service Features 81
LC1_3.book Page 82 Monday, December 7, 2009 3:14 PM
www.delltechcenter.com. Using CIM and Dell extension classes using the web services protocols WS-MAN, Dell Operating System Deployment feature provides the following capabilities:
• Get the embedded driver pack (a package of all supported operating system drivers for all supported operating systems for the platform) version:
Remote management consoles, applications, and scripts request driver pack version and list of supported operating systems from iDRAC through
WS-MAN.
The GetDriverPackInfo() method on the DCIM_OSDeploymentService class returns the embedded driver pack version and the list of operating systems supported by the driver pack.
• After determining which operating system the drivers are needed for, one of the following methods can be invoked through WS-MAN to unpack the appropriate drivers and expose them locally or acquire them remotely.
a The UnpackAndAttach() method on the
DCIM_OSDeploymentService class extracts the drivers for the requested operating system and places them on an internal USB device labeled OEMDRV. The OEMDRV appears as a locally attached USB device to the system. The method takes the operating system name and an expose duration time as input parameters and returns a job identification that can be subsequently checked for the status of the unpack and attach activity.
b The UnpackAndShare() method on the DCIM_OSDeploymentService class extracts the drivers for the requested operating system and copies them to a network share. The method takes the operating system name and network share information as input parameters and returns a job identification that can be subsequently checked for the status of the unpack and share activity. Network share information includes the IP address of the share, the share name, share type, and username, password and workgroup data for secure shares.
82 Remote Service Features
LC1_3.book Page 83 Monday, December 7, 2009 3:14 PM
Important
• The drivers unpacked and attached are removed after the time specified in ExposeDuration parameter or if no time is specified in the method invocation then by default the OEMDRV USB device will be removed after 18 hours.
• Ensure that ISO images attached during the process are detached before you use system services.
• When installing Red Hat Linux 5.3 using remote enablement commands, the installation will fail whenever there is an OEM drive
(for driver source) attached. To avoid failure, do not attach the OEM drive when using remote enablement commands to install Red Hat
Enterprise Linux 5.3.
• The following methods can be used to boot the system from an ISO image on a network share or to initiate PXE boot mechanisms: a b
The BootToNetworkISO() method on the
DCIM_OSDeploymentService class will boot the system using an
ISO image that has been made available on a CIFS or NFS network share.
The method takes the ISO image name, network share information, and exposure duration as input parameters and returns a job identification that can be subsequently checked for the status of the unpack and share activity. Network share information includes the IP address of the share, the share name, share type, and username, password and workgroup data for secure shares. For additional security a hash value can be calculated using well known hash algorithms and this value along with the type of the hash used can be provided as input parameters.
The BootToPXE() method on the DCIM_OSDeploymentService class initiates a Pre-Boot Execution Environment (PXE) boot of the system. The method requires no input parameters.
Important
• The drivers unpacked and attached are removed after the time specified in ExposeDuration parameter. If no time is specified in the method invocation, then by default the OEMDRV USB device will be removed after 18 hours.
• Ensure that ISO images attached during the process are detached before you use system services.
Remote Service Features 83
LC1_3.book Page 84 Monday, December 7, 2009 3:14 PM
84
• The following methods are used to directly detach the local OEMDRV device or the network ISO image. These can be used before the previously set exposure durations time out: a The DetachDrivers() method on the DCIM_OSDeploymentService class detaches and removes the OEMDRV device that had been previously attached by an invocation of the UnpackAndAttach() method. b The DetachISOImage() method on the
DCIM_OSDeploymentService class detaches and removes the network share based ISO image that had been previously attached by an invocation of the BootToNetworkISO() method.
• Several methods described in this document return job identifiers as output parameters. The jobs provide a means of keeping track of a requested action that cannot be performed immediately and, because of underlying technology constraints, will take longer than standard web service request response timeouts. The returned job identifier can subsequently be used in WS-MAN Enumerate or Get requests to retrieve job object instances. Job object instances contain a job status property that can be checked to see what state the job is in and whether it completed successfully or encountered a problem and failed. If a job failure occurs, the job instance also contains an error message property that provides detailed information on the nature of the failure. Other properties contain other error identification information that can be used to localize the error message to the supported languages and get more detailed error descriptions and recommended response action descriptions.
• The GetHostMACInfo() method on the DCIM_OSDeploymentService class returns an array of physical network port MAC addresses representing all the LAN on Motherboard (LOM) ports in the system. The method requires no input parameters.
• All the DCIM_OSDeploymentService methods described in this document return error codes indicating whether the method successfully executed, an error occurred, or a job was created. Job creation occurs if the action being performed in the method cannot be completed immediately.
Additionally, if an error occurs, the methods will also return output parameters that include an error message (in English) and other error identifiers that can be used to localize the error to languages supported by the USC. The other error identifiers can be used to index into and process
Remote Service Features
LC1_3.book Page 85 Monday, December 7, 2009 3:14 PM
Dell Message Registry XML files. The Dell Message Registry files are available in the six supported languages, one file per language. In addition to translated error messages, the Message Registry files contain additional detailed error descriptions and recommended response actions for each error returned by the Lifecycle Controller Remote Services web service interface.
Operating System Deployment Typical Use Case Scenario
This section contains a typical scenario for deploying an operating system remotely.
Prerequisites and Dependencies
The following are the prerequisites and dependencies for deploying the operating system remotely:
• Boot disk is available to install operating system, or the operating system
ISO image on the network share.
• It is recommended that the latest driver pack is installed and available in
USC-LCE.
• Provisioning console, application or appropriate scripts that are capable of sending WS-MAN Web services requests and method invocations.
Workflow
The following is a typical workflow for remote operating system deployment:
• Create the custom pre-operating system/operating system image and share it on the network, or create the required operating system media ISO image.
• Get the list of supported operating system and driver pack version information.
• Stage the operating system drivers by unpacking and attaching drivers for operating system deployment. These drivers will be installed during the operating system deployment process.
• Remotely boot to the custom pre-operating system/operating system image to initiate the operating system deployment process.
• Run detach commands to detach the ISO media and driver device.
Remote Service Features 85
LC1_3.book Page 86 Monday, December 7, 2009 3:14 PM
86
For more information on the Lifecycle Controller Remote Operating Systems
Deployment feature including the Lifecycle Controller 1.3 Web Services
Interface Guideline, white papers, the Dell OS Deployment Profile data model specification, class definition (.mof) files, sample code and scripts, see the Lifecycle Controller area on the Dell Enterprise Technology Center at
www.delltechcenter.com.
Staging and Booting to Operating System Image on vFlash
This feature allows you to download an ISO image to the vFlash SD Card on the target system and booting the system to this ISO image.
Prerequisite
This feature is available only if you have Dell-licensed vFlash present on your system.
WS-MAN Methods
Important
• If the supported SD card is installed and not formatted, executing the download ISO command will first format the SD card and then download to ISO image.
• If you try to download an ISO image larger than the available space on the vFlash of your system using the TFTP protocol, the task will fail, but will not be reported through an error message. Subsequent commands that try to access this ISO will fail.
The new WS-MAN methods added to the operating system deployment profile for vFlash are:
• DownloadISOToVFlash - Downloads the image to the vFlash. Support is available for CIFS, TFTP and NFS.
• BootToISOFromVFlash - Boots to the ISO image that has been staged on the vFlash. You cannot perform this action if you are using the iDRAC
GUI or RACADM commands to communicate with the vFlash. This command will also reboot or power on your system if it is in an Off state once executed.
• DetachISOFromVFlash - Detaches the partition so that the console cannot access it anymore.
Remote Service Features
LC1_3.book Page 87 Monday, December 7, 2009 3:14 PM
• DeleteISOFromVFlash - Deletes the ISO image from the vFlash partition. It provides the capability to download an ISO image to the vFlash and then boot from it, allowing you to download custom install images to run from. This command will execute only if the ISO is detached.
You will need to perform the following steps to complete the process:
1 Download the ISO image to the vFlash.
2 Get the concrete job ID and poll for the completion of this job.
3 Run the BootToISOFromVFlash command. This will attach the image as a CD ROM, boot to the attached image and then continue with the operating system installation.
4 Detach the partition on the vFlash.
5 Delete the ISO image from the partition.
Part Replacement
Part Replacement provides the automated change of firmware of a newly replaced component, such as a PowerEdge™ RAID controller, NIC or power supply, to match that of the original part. This feature is disabled by default and may be enabled if required. It is a licensed feature and requires the Dell vFlash SD card. When a component is replaced and the Part Replacement feature is enabled, the actions taken by the Lifecycle Controller are displayed locally on the system monitor.
The presence of the vFlash SD Card and configuration of Part Replacement related properties can be accomplished remotely through the Web services interface using the WS-MAN protocol. For examples of command line invocations using WinRM and WSMANCLI see the Lifecycle Controller 1.3
Web Services Interface Guide. DCIM Profile specification and related MOF files are available at Dell TechCenter wiki in the DCIM Extension Library area (www.DellTechCenter.com).
Important
Part replacement is supported on modular systems with the following
Broadcom devices:
• Broadcom NetXExtreme II 5709 Quad Port Ethernet Mezzanine Card for
M-Series
Remote Service Features 87
LC1_3.book Page 88 Monday, December 7, 2009 3:14 PM
88
• Broadcom NetXtreme II 57711 Dual Port 10 Gb Ethernet Mezzanine Card with TOE and iSCSI Offload for M-Series
• Broadcom 57710 10 Gb Ethernet card
Validating vFlash presence Using WS-MAN
To ensure that the system is equipped with a Dell-licensed vFlash card follow these steps:
1 Using an application, script or command line shell that can process WS-
MAN based web services requests, send a get instance request for the
DCIM_LCEnumeration class instance with the InstanceID of
"DCIM_LCEnumeration:CCR1".
2 If the vFlash is present, the output will have the following attribute values:
• AttributeName = Licensed
• CurrentValue = Yes
3 If the vFlash is not present on the system, or if it is not Dell-licensed, the output will have the following attribute values:
• AttributeName = Licensed
• CurrentValue = No
Using WS-MAN to get/set Part Firmware Update Attributes
To get the current Part Firmware Update and Collect System Inventory On
Restart property values using WS-MAN, an enumerate command request may be sent to get instances of the class DCIM_LCEnumeration. An instance object representing each attribute is returned per attribute where the
AttributeName string property on the object will contain the name of the Part
Replacement related property, such as Part Firmware Update. The
CurrentValue property will contain the current setting of the property.
See the Dell Lifecycle Controller Management Profile specification for specific attribute names and values.
To configure a Part Replacement related property value, set and apply actions are requested using the WS-MAN Web services protocol.
The set action is performed by invoking the SetAttribute() method on the
DCIM_LCService class. The SetAttribute() method takes as input parameters the property names and values. The possible values of the Part
Firmware Update are:
Remote Service Features
LC1_3.book Page 89 Monday, December 7, 2009 3:14 PM
• Allow version upgrade only - If the input for the CurrentValue is Allow
version upgrade only, firmware update on replaced parts will be performed if the firmware version of the new part is lower than the original part.
• Match firmware of replaced part - If the input for the CurrentValue is
Match firmware of replaced part, firmware on the new part will be updated to the version of the original part.
• Disable - If the input is Disable, the firmware upgrade actions will not occur.
The apply action is performed by invoking the CreateConfigJob() method on the DCIM_LCService class. The CreateConfigJob() method takes as parameters the scheduled start time (which can be TIME_NOW) and a reboot if required flag. A job ID is returned as a parameter and can be used to check on the job completion status.
To check job completion status, enumerate instances of the
DCIM_LifecycleJob class and check for the instance where the
InstanceID = job ID returned by the CreateConfigJob() method. The
JobStatus property on the job instance will indicate the job is completed when the part replacement properties have been set.
Remote Service Features 89
LC1_3.book Page 90 Monday, December 7, 2009 3:14 PM
90 Remote Service Features
advertisement
Related manuals
advertisement
Table of contents
- 7 Overview
- 7 Remote Services
- 8 Unified Server Configurator (USC)
- 11 Unified Server Configurator and Unified Server Configurator - Lifecycle Controller Enabled
- 11 What’s new in USC/USC-LCE 1.3
- 12 USC-LCE
- 12 USC and USC-LCE Support for:
- 12 Common Features
- 12 Launching the Product
- 13 Using the Wizards
- 13 Wizard Description
- 14 Launching a Wizard
- 14 Wizard Task Flow USC
- 14 Wizard Task Flow USC - LCE
- 15 Accessing Help
- 15 Viewing Readme
- 15 Disabling USC or USC-LCE
- 15 Canceling a Request to Enter System Services
- 16 Using USC Settings Wizard
- 17 Deploying the Operating System Using the OS Deployment Wizard
- 18 Launch the Operating System Deployment Wizard
- 18 Select the Operating System Driver Source Location (for USC only)
- 20 Optional RAID Configuration
- 20 Deploy the Operating System
- 20 Select an Operating System
- 21 Kickstart Installation for the Linux Operating System
- 22 Insert the Operating System Media
- 22 Reboot the System
- 23 Red Hat Enterprise Linux version 5.x Installation Warning
- 23 Update Drivers for Linux Systems Only
- 24 Assign a Windows-Bootable System Partition to the C: Drive
- 24 Installing Red Hat Enterprise Linux 5.3 or Red Hat Enterprise Linux 4.8 on a system with SAS7 (H200) controller
- 25 Hardware Diagnostics
- 25 Performing Hardware Diagnostics
- 25 Updating the Hardware Diagnostics Utility
- 26 Repairing USC
- 26 Repairing USC - LCE
- 27 How to Upgrade to an iDRAC6 Express Card
- 27 Installing the iDRAC6 Express Card
- 28 Transferring an iDRAC6 Express Card
- 28 Removing the iDRAC6 Express Card
- 28 Unified Server Configurator - Lifecycle Controller Enabled Unique Features
- 28 Updating USC - LCE
- 29 Updating the Platform using the Platform Update Wizard
- 29 Version Compatibility
- 29 View Current Version Information
- 29 Launch the Platform Update Wizard
- 30 Select Download Method
- 31 Select and Apply Updates
- 32 Rolling Back to Previous BIOS and Firmware Versions
- 32 Launch the Rollback Wizard
- 33 Select and Apply Rollbacks
- 33 Updating Devices That Affect Trusted Platform Module Settings
- 34 Hardware Configuration
- 34 Configuring RAID
- 35 Viewing Secure Capability Status and Virtual Disks of the Series 7 Controller
- 35 Creating a Secure Virtual Disk on Series 7 Controller
- 36 Updating RAID Controller Firmware
- 37 Physical Security Configuration
- 37 System Date/Time Configuration
- 38 iDRAC Configuration
- 47 RAID Configuration
- 54 Advanced Configuration
- 56 Part Replacement
- 56 Prerequisites
- 56 Supported Devices
- 57 Collect System Inventory on Restart
- 57 Configuring a Local FTP Server
- 57 Requirements for a Local FTP Server
- 58 Creating the Local FTP Server Using Dell Server Updates DVD
- 58 Creating the Local FTP Server Using Dell Repository Update Manager
- 58 Accessing Updates on a Local FTP Server
- 58 Configuring a Local USB Device
- 59 Creating the Local USB Repository Using Dell Server Updates DVD
- 59 Creating the Local USB Repository Using Dell Repository Update Manager
- 61 Remote Service Features
- 61 Web Services for Management
- 61 Standard DMTF
- 63 Dell Extensions
- 65 What’s New in Remote Services 1.3
- 65 Auto-Discovery
- 65 Configuring DHCP/DNS
- 66 Auto-Discovery Configuration
- 67 Enabling/Disabling Auto-Discovery
- 67 Auto-Discovery Workflow
- 68 Connecting Directly to Provisioning Server for Handshake
- 68 Set Provisioning Server IP addresses/resolvable names
- 68 Set Provisioning Server Using a WS-MAN Request
- 69 Setting Provisioning Server using the USC Console
- 69 Set Provisioning Server using iDRAC6 Configuration Utility
- 69 Remotely Reinitiating Auto-Discovery in New Environments
- 71 Using Custom Certificates
- 71 Creating Custom Client Certificates through WS-MAN
- 72 Providing Custom Server Certificates using WS-MAN
- 72 Remote Firmware Inventory
- 72 Instant Firmware Inventory
- 73 Supported Devices
- 73 Workflow
- 75 Remote Update
- 75 Benefits of Remote Update
- 76 Supported Devices
- 76 Workflow for Remote Update from URI
- 77 Scheduling Remote Update
- 78 Rolling Back to Previous Versions
- 78 Remote Scheduling Types
- 78 Immediate Update
- 78 Scheduled Update
- 79 Remote Operating System Deployment
- 79 Remote Operating System Deployment Main Features
- 79 Remote Operating System Deployment Interface
- 83 Operating System Deployment Typical Use Case Scenario
- 83 Prerequisites and Dependencies
- 83 Workflow
- 84 Staging and Booting to Operating System Image on vFlash
- 84 Prerequisite
- 84 WS-MAN Methods
- 85 Part Replacement
- 85 Important
- 86 Validating vFlash presence Using WS-MAN
- 86 Using WS-MAN to get/set Part Firmware Update Attributes
- 89 Troubleshooting and Frequently Asked Questions
- 89 Error Messages
- 103 Frequently Asked Questions
- 103 When USC - LCE downloads updates, where are the files stored?
- 103 Is a virtual media device or vFlash card required to store data for updates?
- 103 What is virtual media?
- 103 What should I do if an update fails?
- 103 What is vFlash or virtual flash?
- 103 Can I add my own drivers to use for operating system installation?
- 104 Can I update the drivers used by an installed operating system through USC or USC - LCE?
- 104 Can I add my own drivers and firmware for updating USC or USC - LCE to a local USB device?
- 104 Can I delete USC or USC - LCE?
- 104 Can I use virtual media for the operating system media source during installation?
- 104 Can I use a virtual USB for my update repository?
- 104 What is UEFI? With which version does USC or USC - LCE comply?
- 105 Within Hardware Configuration, what is the difference between the Configuration Wizards and Advanced Configuration?
- 105 Does USC or USC - LCE support configuration of all RAID levels and all RAID cards for xx1x systems?
- 105 Does USC - LCE support rollback of BIOS and firmware?
- 105 Which devices support system updates?
- 106 Which devices are supported in Advanced Configuration within Hardware Configuration?
- 106 What should I do if my system crashes while using USC or USC - LCE?
- 106 How do I find out the current installed version details of the USC-LCE product?
- 106 What should I do if I have an issue with mouse synchronization when I access USC LCE over the iDRAC KVM?
- 107 Index