[QUESTION]: Factory Reset iDRAC & wait_for_idrac?

[dhekimian]

How can the team help?

We'd like to do the following in a single playbook:

1. Factory Reset BIOS Settings
2. Factory Reset iDRAC via reset_to_default: "ALL" (including network & user)
3. Change Root Password

Issue:

When resetting the iDRAC to default root password back to 'calvin', we can't use dellemc.openmanage.idrac_reset with wait_for_idrac: True to guarantee the iDRAC is ready before we try to reset the password since the credentials used to call the role are different half way through execution.

Question:

Is there an easy way to call the lcstatuscheck Task separately before Change Root Password or is there an example of how to call the URI /redfish/v1/Dell/Managers/iDRAC.Embedded.1/DellLCService/Actions/DellLCService.GetRemoteServicesAPIStatus on its own?

Playbook

- hosts: '{{ host }}'
  gather_facts: false
  tasks:
    - name: Factory Reset Dell BIOS
      dellemc.openmanage.idrac_bios:
        idrac_ip: '{{ idrac_ip }}'
        idrac_password: '{{ idrac_password }}'
        idrac_user: '{{ idrac_user }}'
        validate_certs: False
        reset_bios: yes
      delegate_to: localhost

    - name: Factory Reset the iDRAC (keep network and user settings) and wait for the idrac to be ready
      ansible.builtin.include_role:
        name: dellemc.openmanage.idrac_reset       
      vars:
        hostname: '{{ idrac_ip }}'
        username: '{{ idrac_user }}'
        password: '{{ idrac_password }}'
        reset_to_default: "All"
        validate_certs: False
        wait_for_idrac: False # Wish this could be True

   - name: Change Root Password
     community.general.idrac_redfish_config:
       category: Manager
       command: SetManagerAttributes
       manager_attributes:
         Users.2.AuthenticationProtocol: "SHA"
         Users.2.EmailAddress: ""
         Users.2.Enable: "Enabled"
         Users.2.IpmiLanPrivilege: "Administrator"
         Users.2.IpmiSerialPrivilege: "Administrator"
         Users.2.Password: "{{ idrac_password }}"
         Users.2.PrivacyProtocol: "AES"
         Users.2.Privilege: 511
         Users.2.ProtocolEnable: "Disabled"
         Users.2.Simple2FA: "Disabled"
         Users.2.SolEnable: "Enabled"
         Users.2.UseEmail: "Disabled"
         Users.2.UserName: "root"
       baseuri: "{{ idrac_ip }}"
       username: "{{ idrac_user }}"
       password: "calvin"
     delegate_to: localhost

[sachin-apa]

@dhekimian You can have a task as below added in playbook before setting a password for root user it will fetch the LC status with a default username and password. But before this you need to track for idrac to be up.

     - name: Get lifecycle controller status for iDRAC9
      ansible.builtin.uri:
        url: "https://{{ hostname }}:{{ https_port }}/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DellLCService/Actions/DellLCService.GetRemoteServicesAPIStatus"
        user: "{{ default_username}}"
        password: "{{ default_password }}"
        validate_certs: "{{ validate_certs }}"
        headers:
          Accept: "application/json"
          Content-Type: "application/json"
          OData-Version: "4.0"
        body_format: "json"
        return_content: true
        force_basic_auth: true
        timeout: 30
        method: "POST"
        body: "{}"
        status_code: 200
      delegate_to: localhost
      register: result

Let me think about enhancing a idrac_reset role to support track with a default username and password and get back

[sachin-apa]

@dhekimian we are in plan to add the params 'reset_usernameandreset_password` to the module/role, which will be used to authenticate after the Reset is performed. This way user will have a choice of sending the default credentials that idrac would have when reset all is performed.

let me know your view.

cc : @anupamaloke