Redfish OOBM integration is broken in cloudstack

[kiranchavala]

problem

Redfish OOBM integration is broken in cloudstack

Red fish implementation was done with this PR

#4175

versions

Cloudstack 4.20

The steps to reproduce the bug

Steps to reproduce the issue

1. Configure redfish emulator or the mock up server based on your choice on el8 system


   https://hub.docker.com/r/dmtf/redfish-interface-emulator
   
https://github.com/DMTF/Redfish-Interface-Emulator/
   
https://github.com/DMTF/Redfish-Mockup-Server

   https://www.redhat.com/en/blog/redfish-manage-servers-automatically



2. I have used the redfish-interface-emulator to test the integration .



Clone the repo https://github.com/DMTF/Redfish-Interface-Emulator/


pip3 install -r requirements.txt

mv emulator-config_dynamic_populate.json emulator-config.json

python emulator.py 


By default it will run on port 5000


3. Disable the following global setting redfish.ignore.ssl and redfish.use.https




4. Navigate to cloudstack >host > configure oobm > select the driver as redfish


5. Enable OOBM

cloudstack >host > enable oobm


6. Check the logs, even though the port is configured as 5000 , Cloudstack still sends the request on default 80 port 



2025-02-21 06:02:30,485 WARN  [o.a.c.u.r.RedfishClient] (API-Job-Executor-72:[ctx-f9877630, job-661, ctx-06b862cd]) (logid:64cb0d54) Failed to execute HTTP GET request retry attempt 1/2 [URL: http://10.0.35.45/redfish/v1/Systems/] due to exception org.apache.http.conn.HttpHostConnectException: Connect to 10.0.35.45:80 [/10.0.35.45] failed: Connection refused 



2025-02-21 06:02:32,486 DEBUG [o.a.c.u.r.RedfishClient] (API-Job-Executor-72:[ctx-f9877630, job-661, ctx-06b862cd]) (logid:64cb0d54) HTTP GET request retry attempt 2/2 [URL: http://10.0.35.45/redfish/v1/Systems/].



7. Run the redfish-interface-emulator on port 80

python emulator.py -port 80


8. Check the logs , cloudstack fails to get Systems from the redfish emulator , it looks http://10.0.35.45/redfish/v1/Systems/ (extra slash) and finds no response

2025-02-21 08:19:25,848 WARN  [o.a.c.o.PowerOperationTask] (pool-6-thread-13:[ctx-f95f02a2]) (logid:) Out-of-band management background task operation=STATUS for host ol8.localdomain failed with: Failed to get System ID for host '10.0.35.45' with request 'GET: http://10.0.35.45/redfish/v1/Systems/'. HTTP status code expected '200' but it got '404'.


9. Using curl you can get the api responses



[root@ol8 Redfish-Interface-Emulator]# curl -s localhost:80/redfish/v1/Systems
{
    "@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
    "Name": "Computer System Collection",
    "Members@odata.count": 1,
    "Members": [
        {
            "@odata.id": "/redfish/v1/Systems/437XR1138R2"
        }
    ],
    "@odata.context": "/redfish/v1/$metadata#Systems",
    "@odata.id": "/redfish/v1/Systems",
    "@Redfish.Copyright": "Copyright 2014-2016 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright


[root@ol8 ~]# curl s localhost:80/redfish/v1/Systems/437XR1138R2     | jq .Actions'
{
  "#ComputerSystem.Reset": {
    "target": "/redfish/v1/Systems/437XR1138R2/Actions/ComputerSystem.Reset",
    "ResetType@Redfish.AllowableValues": [
      "On",
      "ForceOff",
      "GracefulShutdown",
      "GracefulRestart",
      "ForceRestart",
      "Nmi",
      "ForceOn",
      "PushPowerButton"
    ]
  },
  "Oem": {
    "#Contoso.Reset": {
      "target": "/redfish/v1/Systems/437XR1138R2/Oem/Contoso/Actions/Contoso.Reset"
    }
  }
}

What to do about it?

The integration with the redfish oobm should be fixed as redfish is more secure than ipmi and is widely considered as a replacement for ipmi

https://community.hpe.com/t5/servers-systems-the-right/redfish-a-more-secure-alternative-to-ipmi/ba-p/7044568

[rohityadavcloud]

Raised an experimental PR solely based on @kiranchavala 's findings - thanks!