Technical white paper Remote script execution with Dell EMC OpenManage Enterprise Abstract This technical white paper describes the Remote Script Execution feature of OpenManage Enterprise. It gives an overview of the feature along with a use case to enable and use the feature as a System Administrator.
Revisions Date July 2019 Description Initial release Acknowledgements This paper was produced by the following members of the Dell EMC Enterprise Systems Management Programs: Author: Subhakant (Test Engineer), Soumya Aggarwal (Test Engineer), and Nagaraj K (Test Engineer) The information in this publication is provided “as is.” Dell Inc.
Table of contents Revisions.............................................................................................................................................................................2 Acknowledgements .............................................................................................................................................................2 Table of contents ....................................................................................................................
Executive summary Addressing device alerts manually, especially in large setups, is a time-consuming and laborious exercise for the system administrators. OpenManage Enterprise with the Remote Script Execution feature is a solution to this concern. The Remote Script Execution feature enables the system administrators to run up to 100 scripts, RACADM, or IPMI commands remotely in response to alerts received such as change in device health, power status, and connectivity status.
1 Some use cases for the Remote Script Execution feature Listed below are some of the use cases where the Remote Script Execution feature can be used: USE CASE 1: Remote Script Execution can be used to prevent over heating of servers. When temperature reaches a critical state in a server, alert is generated. In such instances, the user can create an alert policy to trigger a remote IPMI command to shut down the device. USE CASE 2: Remote scripts can be used to get the system event logs using RACADM.
2 Basic details of Remote Script Execution Here are a few facts about the Remote Script Execution feature in OpenManage Enterprise that you need to be aware of before getting started: • Only the OpenManage Enterprise users with Administrator privileges can use this feature Features Manage traps with Alert Polices User levels for accessing Dell EMC OpenManage Enterprise Admin Device Manager Viewer Yes No No • This feature supports up to 4 custom remote commands • Script execution is supported only on
3 Configure, Edit, and Delete scripts for remote execution Scripts for remote execution can be customized to the different types of devices in the data center. This section provides a step-by-step explanation of how to create, edit and delete the scripts or commands for remote execution. 3.1 Configure Remote Script Execution with token substitution • • • • • • • • Select Create button a wizard for “Add Remote Command “will open. Provide a Command name. Select “script” radio button.
Figure: Screen shot from linux terminal. Figure: Screen shot from the Remote Script Execution page.
3.2 Configure Remote Script Execution with password for remote execution. Here are the steps to configure the Remote Script Execution feature in OpenManage Enterprise using SSH with password.
3.3 Configure Remote Script Execution for script with SSH key 3.3.1 Configure SSH key 3.3.2 • In the Linux host, run the following command to generate SSH key: ssh-keygen -b 4096. • Enter path in which you want to save SSH key (/root/.ssh/id_rsa): /root/testKey/redhat_id_rsa • Your public key and private key has been saved in location /root/testKey/ • We get keys private key and public key respectively: redhat_id_rsa redhat_id_rsa.
Figure 2: Configuring Remote Script Execution for script with SSH Key. 3.4 Configure Remote Script Execution for RACADM / IPMI command • Activate the Add Remote Command wizard in OpenManage Enterprise (Application Setting > Script Execution > Create) • Provide a Command Name • For the Remote Command Type, select either RACADM or IPMI • Depending on your selection provide either RACADM or IPMI command in the Command Box.
Figure 3: Configuring Remote Script Execution for IPMI commands Figure 4: Configuring Remote Script Execution for RACADM commands. 3.5 Edit scripts or commands used in Remote Script Execution Listed below are the steps to make changes to the existing scripts or commands meant for remote execution.
• Select the existing remote command from the Script Execution page (Application Setting > Script Execution) • Click Edit to activate the Edit Remote Command wizard. You can edit the Command Name, Remote Command Type and the commands. Note: If any change is made to the “command name”, user would need to link the alert action again to the alert policy 3.
4 Create an alert policy and link to the remote execution scripts and commands To activate the scripts and commands created for remote execution, you need to create alert policies and link those policies to the remote execution scripts or commands. A step-by-step explanation using screenshots is provided on creating alert policies and linking them to the remote-execution scripts or commands. • Click Create on the Alerts > Alert Policies page to activate the Create Alert Policy wizard.
• From the Category page of the wizard, select category(ies) of the devices on which the alert policy would apply. • Select the target devices on the Target page. Only the devices belonging to the earlier-selected category(ies) would be available for selection.
• In the Date and Time page of the Create Alert Policy wizard, specify the Date range, Time Frame or the Days. • On the Severity page, specify the severity of the alerts based on which the alert policy would apply.
• On the Actions page, select Remote Script Execution.
• Once an alerty policy is successfully created, you can view the policy on the Alerts > Alert Policies page.
5 Validate remote script execution Remote scripts/commands are executed when alerts are received specific to the linked alert policy. A job is created whenever a remote script is executed. The status of all jobs can be viewed on the Jobs page (Monitor > Jobs). Following screenshots are of the completed remote-execution jobs. Figure: Completed remote-execution script.
Figure: A completed RACADM job which was remotely executed. Figure: Successful IPMI command remote script execution.
6 Remote script execution using RESTful APIs Remote script execution can also be implemented using RESTful APIs. Using REST APIs you can create remote RACADM commands, IPMI commands and SSH script and link them to alert policies.
"Value": "Ipmi", "DataType": "java.lang.String", "GroupName": "REMOTE_COMMAND_ACTION_SETTING2" }, { "Name": "REMOTE_COMMAND_CMD2", "DefaultValue": "", "Value": "-Ilanplus sel time get", "DataType": "java.lang.String", "GroupName": "REMOTE_COMMAND_ACTION_SETTING2" } ] } 6.2 Create RACADM Commands from Remote Script Execution page using REST APIs • Below payload creates remote racadm command with name test_racadm and Command Used: getniccfg URI: https://100.97.140.
"DataType": "java.lang.String", "GroupName": "REMOTE_COMMAND_ACTION_SETTING3" }, { "Name": "REMOTE_COMMAND_CMD3", "DefaultValue": "", "Value": "getniccfg", "DataType": "java.lang.String", "GroupName": "REMOTE_COMMAND_ACTION_SETTING3" } ] } 6.3 Create scripts with SSH key authentication using REST APIs • Below payload creates remote racadm command with name test_racadm and Command Used: getniccfg URI: https://100.97.140.
}, { "Name": "REMOTE_COMMAND_CMD3", "DefaultValue": "", "Value": "getniccfg", "DataType": "java.lang.String", "GroupName": "REMOTE_COMMAND_ACTION_SETTING3" } ] } 6.4 Create Alert policy and link with action “Remote Script” •Below payload creates remote command with remote command type as Script and authentication method as SSH key and command used as: ./demo.sh $IP $HOSTNAME URI: https://100.97.140.
Ja25/ddp/QF+/HayBEGgZGVgfu\ngB75hBUWk203jlYhVXTlJd5Kzm5e5S1rXwLFP9YEyQcfQiO/+b/o h5r/XgLPo5q5\nrQKBgQCyCt7kPOTfmTpTDmwS0wHYRoWrmdib6qXLeIR4W8k5hxnBMtfcuFwalIMb\n GLUOcW1RVg4X+axQCKc2MpzE6I1ZsuXK5fQTol8Y+8aldRLCTTN6Jb3cJ+jRPwPT\npRk75dAmSFNoUY BU1yJblf7lHMklr5KHgnNZIoUHkgtoLsFSVg==\n-----END RSA PRIVATE KEY-----", "DataType": "java.lang.String", "GroupName": "REMOTE_COMMAND_ACTION_SETTING3" }, { "Name": "REMOTE_COMMAND_NAME3", "DefaultValue": "", "Value": "test_script", "DataType": "java.lang.
{ "Name": "Remote Script", "Enabled": true, "DefaultPolicy": false, "PolicyData": { "Severities": [], "Devices": [], "DeviceTypes": [], "Groups": [500, 1000, 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, 1009, 1010, 1011, 1023, 1024, 1025, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019], "UndiscoveredTargets": [], "Schedule": { "StartTime": "2019-01-22 20:27:49.
A Technical support and resources • • Dell.com/support is focused on meeting customer needs with proven services and support.
