+31 20 820 3777
Support 
Documentation 
Login 
For remote access to physical servers, hosting clients use software tools that work only with an operating system and special software.
If the system is not installed, or there are some problems with its configuration (for example, when trying to change firewall rules), access can be lost. In these situations, specialized controllers come to the rescue, allowing you to manage servers without an OS, as if you were sitting at a physical console. We will tell you how it works with us at HOSTKEY.
The problems with traditional solutions
The usual method of organizing remote access to rented servers is IPMI-based management - running the KVM Java plugin
* IPMI — Intelligent Platform Management Interface (industry standard).
To access the console, our customers had to go through a lot of steps: start the connection, wait for the system to forward the network address, create a temporary account, follow the link with the IP address, log in to the web interface and use the IPMI module integrated into the server.
Java software needed to be installed on the client device, which often led to an increased load on the support service: not all users were able to launch the downloaded console, there were problems with software versions, running on Mac, etc.
These shortcomings inspired us to develop a more convenient and easy-to-use method of control. The solution presented itself: so that the client does not have to install and configure software, everything needs to be done on the host's side in a secure virtual environment.
We have created HOSTKEY INVAPI - a service panel that allows you to take any hardware management actions from ordering servers to reinstalling the OS. The panel is implemented as a single-page web application, and all its functions are also available through the API. User actions and API requests can be tracked in the browser through the developer console (accessed by Ctrl + Shift + I). This allows you to analyze all calls to debug the integration. We will go into more detail about the concept of Invapi and its development process in a separate article.
How invAPI works
To spare users a bunch of unnecessary body movements, we implemented a direct call to the HTML5 web console from a personal account without the need for the local installation of Java. We used Docker for the practical implementation of the concept, and the NoJava-IPMI-KVM-Server and ipmi-kvm-docker assemblies formed the basis of the solution. The panel supports Supermicro motherboards up to and including the 10X generation, as the eleventh generation is already equipped with the Supermicro iKVM/IPMI HTML5 viewer.
Access the console with just one button:
You can also access the console with a direct request through the API:
curl -s "https://invapi.hostkey.com/eq.php" -X POST \
--data "action=novnc" \
--data "token=SESSION_TOKEN" \
--data "id=SERVER_ID" \
--data "pin=PIN_CODE"Example of response:
{
"result":"OK",
"scope":"http://rcnl1.hostkey.com:32800/vnc.html?host=IP ?????&port=32800&autoconnect=true&password=YVhMxxhiuTpe3mH6y3ry",
"context":{"action":"novnc","id":"25250","location":"NL"},
"debug":"debug",
"key":"71ccb18b1fa499458526acc15fb6a40b"
}You just need to wait for the console to boot and you can work, although the internal schematic of the whole process for getting access looks more complicated. For example, consider launching the HTML5 console for the server with an IPMI.
General HTML5 Web Console launch Scheme from the Client Area
When requesting via INVAPI, a command is given in the API to open the console for a specific server through the message broker (Rabbitmq) cluster. To launch the console, it is enough to send the server's IP address and its location to the message broker (our servers are located in the Netherlands, the USA and Russia).
RabbitMQ transmits server data and tasks to open consoles and the auxiliary service-receiver created by our specialists. The receiver takes data, converts all the necessary information, shares out the tasks (for example, Cisco, IPMI, etc.) and directs them to agents.
Agents (Fence Agents) correspond to the types of equipment used in our infrastructure. They appeal to the server with docker-novnc, which has access to the closed network IPMI. The agent talks to the server with the Docker-Novnc GET request, which contains an IP address and server ID, session token, and a session closing link.
Request Structure:
http://rcnl1.hostkey.com:PORT/api/v1/server/SERVER_IP/skey/REQUEST_KEY/SERVER_ID/closeurl/CLOSE_URLContainer Content:
- Xvfb — X11 in a virtual frame-buffer;
- x11vnc — VNC server which cleans the specified X11 server;
- noNVC — HTML5 VNC viewer;
- Fluxbox — window manager;
- Firefox — browser for viewing IPMI consoles;
- Java-plugin — Java is required for access to most IPMI KVM consoles.
Nojava-IPMI-KVM-Server is a Python-based server that enables centrally providing SCIAPP / Nojava-IPMI-KVM through the browser. The solution does not require the installation of Java or Nojava-IPMI-KVM on local devices.
The link to automatically complete the session was added for the convenience of the user and to ensure the security of the equipment: inactivity for a certain amount of time will cause the console to close automatically. This starts a service that runs the Docker-NOVNC container, which contains an external IP address to open the console. A full description of the assembly and the installation process for the Nojava-IPMI-KVM container can be found on GitHub.
Configuration File Example (~/.nojava-ipmi-kvmrc.yaml):
templates:
kvm-openjdk-7u51:
skip_login: False
login_user: ADMIN
login_endpoint: rpc/WEBSES/create.asp
allow_insecure_ssl: False
user_login_attribute_name: WEBVAR_USERNAME
password_login_attribute_name: WEBVAR_PASSWORD
send_post_data_as_json: False
session_cookie_key: SessionCookie
download_endpoint: Java/jviewer.jnlp
java_version: 7u51
format_jnlp: FalseLaunch Docker container:
usr/bin/nojava-ipmi-kvm -i 10.77.21.239 -u ADMIN -p PASSWD mykvmhost
[INFO] Check if 'http://10.77.21.239/' is reachable...
[INFO] The url 'http://10.77.21.239/' is reachable.
[INFO] Starting the Docker container...
[INFO] Waiting for the Docker container to be up and ready...
[INFO] Docker container is up and running.
[INFO] Url to view kvm console: http://IP_SERV:ID_SERV/vnc.html?host=IP_SERV&port=32769&autoconnect=true&password=PASSWD
http://IP_SERV:ID_SERV/vnc.html?host=IP_SERV&port=ID_SERV&autoconnect=true&password=PASSWD
Script to launch the service:
#/bin/python3
# EASY-Install-Entry_Script: 'nojava-ipmi-kvm==0.9.0', 'console_scripts', 'nojava-ipmi-kvm'
__requires__ = 'nojava-ipmi-kvm==0.9.0'
import re
import sys
from pkg_resources import load_entry_point
if __name__ == ' __main__ ':
sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
sys.exit(
load_entry_point('nojava-ipmi-kvm==0.9.0', 'console_scripts', 'nojava-ipmi-kvm')()
)Results
Implementation of this new solution has greatly simplified things for the end users of the Supermicro equipment management process, and it has also reduced the load on our Tech Support Team. For servers with access via VNC protocol, we have implemented the HTML5 console using Apache Guacamole, which also made it possible to simplify the management of other hardware.
By the way, aside from the features described here for our HOSTKEY Server Management panel, we plan on further expanding our functionality. If you are interested in any extra features as well as the features of the panel or our API, please write to us in the comments.