24.04.2022

Implementing a simple HTML5 server control panel with an IPMI

server one
HOSTKEY

For remote access to physical servers, hosting clients use software tools that work only with an operating system and special software.

If the system is not installed, or there are some problems with its configuration (for example, when trying to change firewall rules), access can be lost. In these situations, specialized controllers come to the rescue, allowing you to manage servers without an OS, as if you were sitting at a physical console. We will tell you how it works with us at HOSTKEY.

Rent dedicated and virtual servers with instant deployment in reliable TIER III class data centers in the Netherlands and the USA. Free protection against DDoS attacks included, and your server will be ready for work in as little as 15 minutes. 24/7 Customer Support.

The problems with traditional solutions

The usual method of organizing remote access to rented servers is IPMI-based management - running the KVM Java plugin

running the KVM Java plugin

* IPMI — Intelligent Platform Management Interface (industry standard).

To access the console, our customers had to go through a lot of steps: start the connection, wait for the system to forward the network address, create a temporary account, follow the link with the IP address, log in to the web interface and use the IPMI module integrated into the server.

To access the console To access the console

Java software needed to be installed on the client device, which often led to an increased load on the support service: not all users were able to launch the downloaded console, there were problems with software versions, running on Mac, etc.

These shortcomings inspired us to develop a more convenient and easy-to-use method of control. The solution presented itself: so that the client does not have to install and configure software, everything needs to be done on the host's side in a secure virtual environment.

We have created HOSTKEY INVAPI - a service panel that allows you to take any hardware management actions from ordering servers to reinstalling the OS. The panel is implemented as a single-page web application, and all its functions are also available through the API. User actions and API requests can be tracked in the browser through the developer console (accessed by Ctrl + Shift + I). This allows you to analyze all calls to debug the integration. We will go into more detail about the concept of Invapi and its development process in a separate article.

How invAPI works

To spare users a bunch of unnecessary body movements, we implemented a direct call to the HTML5 web console from a personal account without the need for the local installation of Java. We used Docker for the practical implementation of the concept, and the NoJava-IPMI-KVM-Server and ipmi-kvm-docker assemblies formed the basis of the solution. The panel supports Supermicro motherboards up to and including the 10X generation, as the eleventh generation is already equipped with the Supermicro iKVM/IPMI HTML5 viewer.

Access the console with just one button:

Access the console

You can also access the console with a direct request through the API:

curl -s "https://invapi.hostkey.com/eq.php" -X POST \
--data "action=novnc" \
--data "token=SESSION_TOKEN" \
--data "id=SERVER_ID" \
--data "pin=PIN_CODE"

Example of response:

{
"result":"OK",
"scope":"http://rcnl1.hostkey.com:32800/vnc.html?host=IP ?????&port=32800&autoconnect=true&password=YVhMxxhiuTpe3mH6y3ry",
"context":{"action":"novnc","id":"25250","location":"NL"},
"debug":"debug",
"key":"71ccb18b1fa499458526acc15fb6a40b"
}

You just need to wait for the console to boot and you can work, although the internal schematic of the whole process for getting access looks more complicated. For example, consider launching the HTML5 console for the server with an IPMI.

General HTML5 Web Console launch Scheme from the Client Area

General HTML5 Web Console launch Scheme

When requesting via INVAPI, a command is given in the API to open the console for a specific server through the message broker (Rabbitmq) cluster. To launch the console, it is enough to send the server's IP address and its location to the message broker (our servers are located in the Netherlands, the USA and Russia).

RabbitMQ transmits server data and tasks to open consoles and the auxiliary service-receiver created by our specialists. The receiver takes data, converts all the necessary information, shares out the tasks (for example, Cisco, IPMI, etc.) and directs them to agents.

Agents (Fence Agents) correspond to the types of equipment used in our infrastructure. They appeal to the server with docker-novnc, which has access to the closed network IPMI. The agent talks to the server with the Docker-Novnc GET request, which contains an IP address and server ID, session token, and a session closing link.

Request Structure:

http://rcnl1.hostkey.com:PORT/api/v1/server/SERVER_IP/skey/REQUEST_KEY/SERVER_ID/closeurl/CLOSE_URL

Container Content:

Container Content
  • Xvfb — X11 in a virtual frame-buffer;
  • x11vnc — VNC server which cleans the specified X11 server;
  • noNVC — HTML5 VNC viewer;
  • Fluxbox — window manager;
  • Firefox — browser for viewing IPMI consoles;
  • Java-plugin — Java is required for access to most IPMI KVM consoles.

Nojava-IPMI-KVM-Server is a Python-based server that enables centrally providing SCIAPP / Nojava-IPMI-KVM through the browser. The solution does not require the installation of Java or Nojava-IPMI-KVM on local devices.

The link to automatically complete the session was added for the convenience of the user and to ensure the security of the equipment: inactivity for a certain amount of time will cause the console to close automatically. This starts a service that runs the Docker-NOVNC container, which contains an external IP address to open the console. A full description of the assembly and the installation process for the Nojava-IPMI-KVM container can be found on GitHub.

Configuration File Example (~/.nojava-ipmi-kvmrc.yaml):

templates:
  kvm-openjdk-7u51:
    skip_login: False
    login_user: ADMIN
    login_endpoint: rpc/WEBSES/create.asp
    allow_insecure_ssl: False
    user_login_attribute_name: WEBVAR_USERNAME
    password_login_attribute_name: WEBVAR_PASSWORD
    send_post_data_as_json: False
    session_cookie_key: SessionCookie
    download_endpoint: Java/jviewer.jnlp
    java_version: 7u51
    format_jnlp: False

Launch Docker container:

usr/bin/nojava-ipmi-kvm -i 10.77.21.239 -u ADMIN -p PASSWD mykvmhost
[INFO] Check if 'http://10.77.21.239/' is reachable...
[INFO] The url 'http://10.77.21.239/' is reachable.
[INFO] Starting the Docker container...
[INFO] Waiting for the Docker container to be up and ready...
[INFO] Docker container is up and running.
[INFO] Url to view kvm console: http://IP_SERV:ID_SERV/vnc.html?host=IP_SERV&port=32769&autoconnect=true&password=PASSWD
http://IP_SERV:ID_SERV/vnc.html?host=IP_SERV&port=ID_SERV&autoconnect=true&password=PASSWD
Launch Docker container

Script to launch the service:

#/bin/python3
# EASY-Install-Entry_Script: 'nojava-ipmi-kvm==0.9.0', 'console_scripts', 'nojava-ipmi-kvm'
__requires__ = 'nojava-ipmi-kvm==0.9.0'
import re
import sys
from pkg_resources import load_entry_point

if __name__ == ' __main__ ':
    sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
    sys.exit(
        load_entry_point('nojava-ipmi-kvm==0.9.0', 'console_scripts', 'nojava-ipmi-kvm')()
    )

Results

Implementation of this new solution has greatly simplified things for the end users of the Supermicro equipment management process, and it has also reduced the load on our Tech Support Team. For servers with access via VNC protocol, we have implemented the HTML5 console using Apache Guacamole, which also made it possible to simplify the management of other manufacturers’ iron.

By the way, aside from the features described here for our HOSTKEY Server Management panel, we plan on further expanding our functionality. If you are interested in any extra features as well as the features of the panel or our API, please write to us in the comments.

Rent dedicated and virtual servers with instant deployment in reliable TIER III class data centers in the Netherlands and the USA. Free protection against DDoS attacks included, and your server will be ready for work in as little as 15 minutes. 24/7 Customer Support.

Other articles

09.05.2022

10 simple steps: migrating from CentOS 8 to RockyLinux or AlmaLinux

A step-by-step guide on how to switch to RockyLinux or AlmaLinux - popular free distributions that are binary compatible with RedHat Enterprise Linux (RHEL).

08.05.2022

What is the best GPU for deep learning?

Learn how to use a GPU for the deep learning process in machine learning.

03.05.2022

What is the best Cloud GPU?

Read about how to use a Cloud GPU to bring high-load computing to the cloud. Pay attention to this guide, which will discuss GPUs in the cloud and dedicated servers. Choose the best option.

24.04.2022

Linux LiveCD based on CentOS and techniques for using it in a PXE boot via Foreman

We are going to tell you how we created our own LiveCD based on CentOS.

10.04.2022

Multi-threaded video encoding on a professional GPU

A waste of resources or an opportunity for non-Intel servers?

HOSTKEY Dedicated servers and cloud solutions Pre-configured and custom dedicated servers. AMD, Intel, GPU cards, Free DDoS protection amd 1Gbps unmetered port 30
4.3 67 67
Upload