1 Rookie
•
2 Posts
0
74
redfish DelliDRACCardService.ImportCertificate RSYSLOG_SERVER_CA enforce Telemetry license
Hi
We are facing issues with uploading a "Rsyslog Server CA" certificate via redfish.
Error message is "Unable to complete the current operation. The currently installed license does not support the following features: Telemetry."
MessageId: IDRAC.2.9.LIC503
But this has nothing to do with the Telemetry feature (from our point of view)
We configure the "Remote Syslog Settings" via ansible like this:
community.general.idrac_redfish_config:
category: Manager
command: SetManagerAttributes
resource_id: iDRAC.Embedded.1
manager_attributes:
SysLog.1.securesyslogenable: Enabled
SysLog.1.secureclientauth: Anonymous
SysLog.1.secureport: "{{ xxx }}"
SysLog.1.secureserver1: "{{ xxx }}"and the eventfilters via racadm like:
racadm eventfilters set -c idrac.alert.all -a none -n remotesyslogThen if we upload a "CA Certificate" in the GUI via "Configuration" - "System Settings" - "Alert Configuration" - "Remote Syslog Settings" - "SSL/TLS Certificate Signing Request" - "CA Certificate" - "Upload CA Certificate".
It ends up in the correct place:
racadm>>sslcertview -t 12
Serial Number : XXXWith this process the syslog with TLS works as expected but we want to automate the final step.
Output of https://x.x.x.x/redfish/v1/Managers/iDRAC.Embedded.1/Oem/Dell/DelliDRACCardService/ shows:
"#DelliDRACCardService.ImportCertificate" :
{
"CertificateType@Redfish.AllowableValues" :
[
"IEEE8021xCSC",
"IEEE8021xClient",
"KMS_SERVER_CA",
"RSA_CA_CERT",
"RSYSLOG_SERVER_CA",
"SCEP_CA_CERT",
"SEKM_CUSTOM_CERT",
"SEKM_SSL_CERT",
"SMARTCARD_CA_CERT",
"SMARTCARD_USER_CERT"
],
"target" : "/redfish/v1/Managers/iDRAC.Embedded.1/Oem/Dell/DelliDRACCardService/Actions/DelliDRACCardService.ImportCertificate"
},and this action (with CertificateType = RSYSLOG_SERVER_CA) fails with error mentioned above https://x.x.x.x/redfish/v1/Managers/iDRAC.Embedded.1/Oem/Dell/DelliDRACCardService/Actions/DelliDRACCardService.ImportCertificate
Tested on different versions and now running 7.10.30.00 on a R650
Reference documentation:
https://developer.dell.com/apis/2978/versions/7.xx/openapi.yaml/paths/~1redfish~1v1~1Managers~1%7BManagerId%7D~1Oem~1Dell~1DelliDRACCardService~1Actions~1DelliDRACCardService.ImportCertificate/post
DELL-Marco B
Moderator
Moderator
•
3.5K Posts
0
March 22nd, 2024 09:45
I'm sorry but we don't know if this feature will be supported and any plan related to that.
Thanks
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
March 19th, 2024 14:22
Joelsvensson,
Unfortunatly you wouldn't be able to using that method, you would have to upload the CA via the racadm tool or SCP. I say that as it isn't supported to upload CA's via redfish, as seen on page 8 here.
Let me know if this helps.
joelsvensson
1 Rookie
1 Rookie
•
2 Posts
0
March 22nd, 2024 09:16
Alright, but from a Telemetry point of view I guess it is actually supported as the feature is there. (referenced doc is quite old)
It's just that it's not supported without the specific extra licence.
Are there any plans to fix it?
It would be nice to have support added here:
https://docs.ansible.com/ansible/latest/collections/dellemc/openmanage/idrac_certificates_module.html#parameter-certificate_type
https://github.com/dell/dellemc-openmanage-ansible-modules/blob/collections/plugins/modules/idrac_certificates.py