24.04.2022

Implementing a simple HTML5 server control panel with an IPMI

server one
HOSTKEY

For remote access to physical servers, hosting clients use software tools that work only with an operating system and special software.

If the system is not installed, or there are some problems with its configuration (for example, when trying to change firewall rules), access can be lost. In these situations, specialized controllers come to the rescue, allowing you to manage servers without an OS, as if you were sitting at a physical console. We will tell you how it works with us at HOSTKEY.

Rent dedicated and virtual servers with instant deployment in reliable TIER III class data centers in the Netherlands and the USA. Free protection against DDoS attacks included, and your server will be ready for work in as little as 15 minutes. 24/7 Customer Support.

The problems with traditional solutions

The usual method of organizing remote access to rented servers is IPMI-based management - running the KVM Java plugin

running the KVM Java plugin

* IPMI — Intelligent Platform Management Interface (industry standard).

To access the console, our customers had to go through a lot of steps: start the connection, wait for the system to forward the network address, create a temporary account, follow the link with the IP address, log in to the web interface and use the IPMI module integrated into the server.

To access the console To access the console

Java software needed to be installed on the client device, which often led to an increased load on the support service: not all users were able to launch the downloaded console, there were problems with software versions, running on Mac, etc.

These shortcomings inspired us to develop a more convenient and easy-to-use method of control. The solution presented itself: so that the client does not have to install and configure software, everything needs to be done on the host's side in a secure virtual environment.

We have created HOSTKEY INVAPI - a service panel that allows you to take any hardware management actions from ordering servers to reinstalling the OS. The panel is implemented as a single-page web application, and all its functions are also available through the API. User actions and API requests can be tracked in the browser through the developer console (accessed by Ctrl + Shift + I). This allows you to analyze all calls to debug the integration. We will go into more detail about the concept of Invapi and its development process in a separate article.

How invAPI works

To spare users a bunch of unnecessary body movements, we implemented a direct call to the HTML5 web console from a personal account without the need for the local installation of Java. We used Docker for the practical implementation of the concept, and the NoJava-IPMI-KVM-Server and ipmi-kvm-docker assemblies formed the basis of the solution. The panel supports Supermicro motherboards up to and including the 10X generation, as the eleventh generation is already equipped with the Supermicro iKVM/IPMI HTML5 viewer.

Access the console with just one button:

Access the console

You can also access the console with a direct request through the API:

curl -s "https://invapi.hostkey.com/eq.php" -X POST \
--data "action=novnc" \
--data "token=SESSION_TOKEN" \
--data "id=SERVER_ID" \
--data "pin=PIN_CODE"

Example of response:

{
"result":"OK",
"scope":"http://rcnl1.hostkey.com:32800/vnc.html?host=IP ?????&port=32800&autoconnect=true&password=YVhMxxhiuTpe3mH6y3ry",
"context":{"action":"novnc","id":"25250","location":"NL"},
"debug":"debug",
"key":"71ccb18b1fa499458526acc15fb6a40b"
}

You just need to wait for the console to boot and you can work, although the internal schematic of the whole process for getting access looks more complicated. For example, consider launching the HTML5 console for the server with an IPMI.

General HTML5 Web Console launch Scheme from the Client Area

General HTML5 Web Console launch Scheme

When requesting via INVAPI, a command is given in the API to open the console for a specific server through the message broker (Rabbitmq) cluster. To launch the console, it is enough to send the server's IP address and its location to the message broker (our servers are located in the Netherlands, the USA and Russia).

RabbitMQ transmits server data and tasks to open consoles and the auxiliary service-receiver created by our specialists. The receiver takes data, converts all the necessary information, shares out the tasks (for example, Cisco, IPMI, etc.) and directs them to agents.

Agents (Fence Agents) correspond to the types of equipment used in our infrastructure. They appeal to the server with docker-novnc, which has access to the closed network IPMI. The agent talks to the server with the Docker-Novnc GET request, which contains an IP address and server ID, session token, and a session closing link.

Request Structure:

http://rcnl1.hostkey.com:PORT/api/v1/server/SERVER_IP/skey/REQUEST_KEY/SERVER_ID/closeurl/CLOSE_URL

Container Content:

Container Content
  • Xvfb — X11 in a virtual frame-buffer;
  • x11vnc — VNC server which cleans the specified X11 server;
  • noNVC — HTML5 VNC viewer;
  • Fluxbox — window manager;
  • Firefox — browser for viewing IPMI consoles;
  • Java-plugin — Java is required for access to most IPMI KVM consoles.

Nojava-IPMI-KVM-Server is a Python-based server that enables centrally providing SCIAPP / Nojava-IPMI-KVM through the browser. The solution does not require the installation of Java or Nojava-IPMI-KVM on local devices.

The link to automatically complete the session was added for the convenience of the user and to ensure the security of the equipment: inactivity for a certain amount of time will cause the console to close automatically. This starts a service that runs the Docker-NOVNC container, which contains an external IP address to open the console. A full description of the assembly and the installation process for the Nojava-IPMI-KVM container can be found on GitHub.

Configuration File Example (~/.nojava-ipmi-kvmrc.yaml):

templates:
  kvm-openjdk-7u51:
    skip_login: False
    login_user: ADMIN
    login_endpoint: rpc/WEBSES/create.asp
    allow_insecure_ssl: False
    user_login_attribute_name: WEBVAR_USERNAME
    password_login_attribute_name: WEBVAR_PASSWORD
    send_post_data_as_json: False
    session_cookie_key: SessionCookie
    download_endpoint: Java/jviewer.jnlp
    java_version: 7u51
    format_jnlp: False

Launch Docker container:

usr/bin/nojava-ipmi-kvm -i 10.77.21.239 -u ADMIN -p PASSWD mykvmhost
[INFO] Check if 'http://10.77.21.239/' is reachable...
[INFO] The url 'http://10.77.21.239/' is reachable.
[INFO] Starting the Docker container...
[INFO] Waiting for the Docker container to be up and ready...
[INFO] Docker container is up and running.
[INFO] Url to view kvm console: http://IP_SERV:ID_SERV/vnc.html?host=IP_SERV&port=32769&autoconnect=true&password=PASSWD
http://IP_SERV:ID_SERV/vnc.html?host=IP_SERV&port=ID_SERV&autoconnect=true&password=PASSWD
Launch Docker container

Script to launch the service:

#/bin/python3
# EASY-Install-Entry_Script: 'nojava-ipmi-kvm==0.9.0', 'console_scripts', 'nojava-ipmi-kvm'
__requires__ = 'nojava-ipmi-kvm==0.9.0'
import re
import sys
from pkg_resources import load_entry_point

if __name__ == ' __main__ ':
    sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
    sys.exit(
        load_entry_point('nojava-ipmi-kvm==0.9.0', 'console_scripts', 'nojava-ipmi-kvm')()
    )

Results

Implementation of this new solution has greatly simplified things for the end users of the Supermicro equipment management process, and it has also reduced the load on our Tech Support Team. For servers with access via VNC protocol, we have implemented the HTML5 console using Apache Guacamole, which also made it possible to simplify the management of other hardware.

By the way, aside from the features described here for our HOSTKEY Server Management panel, we plan on further expanding our functionality. If you are interested in any extra features as well as the features of the panel or our API, please write to us in the comments.

Rent dedicated and virtual servers with instant deployment in reliable TIER III class data centers in the Netherlands and the USA. Free protection against DDoS attacks included, and your server will be ready for work in as little as 15 minutes. 24/7 Customer Support.

Other articles

01.08.2022

Multiple FreeIPA hosts for HTTP proxy: configuring HAProxy 2+

FreeIPA administration panel proxying through HAProxy

20.06.2022

Multithreaded encoding: Pay twice as much or go for built-in?

Will we be able to multiply the performance with a professional video card, which costs twice as much? Let's check it out.

03.06.2022

How to choose a web hosting service

To choose the best hosting solution for your needs, you should assess several parameters: availability, reliability and service security, as well as the quality of support.

03.06.2022

NVIDIA A5500: real power or just a facelift

Testing the new NVIDIA RTX5500 professional GPU card for tasks related to encoding, machine learning, rendering.

22.05.2022

Integrating FreeIPA with Active Directory

We're going to tell you how we integrated FreeIPA with Active Directory to manage office computers with Windows and Cisco Systems equipment.

HOSTKEY Dedicated servers and cloud solutions Pre-configured and custom dedicated servers. AMD, Intel, GPU cards, Free DDoS protection amd 1Gbps unmetered port 30
4.3 67 67
Upload