iDRAC Skill
Monitor and manage Dell PowerEdge servers via iDRAC Redfish API.
First-Time Setup
Create a config file at ~/.config/idrac-skill/config:
CODEBLOCK0
Authentication
The helper script supports three credential sources:
| Source | Config | How It Works |
|---|
| 1password | INLINECODE1 | Pulls username:password via op CLI, caches to �INLINECODE3 |
| file |
(default) | Reads
~/.idrac-credentials (format:
user:pass, mode 600) |
|
env | — | Uses
$IDRAC_USER and
$IDRAC_PASS environment variables |
Helper Script
Location: scripts/idrac.sh (relative to this skill directory)
CODEBLOCK1
Workflow
- 1. Load config from �INLINECODE9
- Hydrate credentials (JIT pattern) if needed
- Determine operation type:
-
Read-only (status, health, logs, inventory) → Execute directly
-
Destructive (power off, restart, BIOS changes) → Confirm with user first
- 4. Query Redfish API via curl + Basic Auth (or session token for batch ops)
- Parse JSON with jq
- Surface findings to user in natural language
- Never expose credentials in responses
Endpoint Reference
For raw Redfish API endpoints (system info, thermal, storage, network, logs, power ops, BIOS, firmware, session auth, Dell OEM attributes):
→ See references/endpoints.md
Security Notes
- - Never log or display credentials — use
--silent and pipe to jq - Credential file must be mode 600 (
chmod 600 ~/.idrac-credentials) - TLS verification disabled (
-k) — iDRAC uses self-signed certs (acceptable for private networks) - Power operations are destructive — confirm with user before executing shutdown/restart
Compatibility
Works with Dell iDRAC 8 (Redfish 1.0–1.4) and iDRAC 9 (Redfish 1.6+). Covers PowerEdge 13th gen (R630/R730) through current gen. See endpoints reference for version-specific notes.
Note: iDRAC 8 API responses can take 5–10s per call. The test command makes 4 sequential calls (~30–40s total). Set exec timeouts accordingly. iDRAC 9 is significantly faster.
iDRAC 技能
通过 iDRAC Redfish API 监控和管理 Dell PowerEdge 服务器。
首次设置
在 ~/.config/idrac-skill/config 创建配置文件:
bash
mkdir -p ~/.config/idrac-skill
cat > ~/.config/idrac-skill/config <
iDRAC 连接设置
IDRAC_IP=<你的-idrac-ip>
凭据来源:1password | file | env
CREDS_SOURCE=file
对于 CREDS_SOURCE=1password:
OP_ITEM=<1password-项目名称>
# 对于 CREDS_SOURCE=file:
创建 ~/.idrac-credentials,内容格式为:用户名:密码
chmod 600 ~/.idrac-credentials
# 对于 CREDS_SOURCE=env:
导出 IDRACUSER 和 IDRACPASS 环境变量
EOF
身份认证
辅助脚本支持三种凭据来源:
| 来源 | 配置 | 工作原理 |
|---|
| 1password | OP_ITEM=项目名称 | 通过 op 命令行工具获取用户名:密码,缓存到 ~/.idrac-credentials |
| 文件 |
(默认) | 读取 ~/.idrac-credentials(格式:用户:密码,权限 600) |
|
环境变量 | — | 使用 $IDRAC
USER 和 $IDRACPASS 环境变量 |
辅助脚本
位置:scripts/idrac.sh(相对于此技能目录)
bash
idrac.sh test # 测试连接和身份认证
idrac.sh status # 系统摘要(型号、电源、CPU、内存)
idrac.sh health # 健康检查(温度、风扇、电源)
idrac.sh power # 当前电源状态
idrac.sh inventory # 完整硬件清单
idrac.sh logs # 最近系统事件日志条目(最近10条)
idrac.sh thermal # 详细温度和风扇状态
idrac.sh storage # RAID/磁盘状态
idrac.sh reset-types # 可用的电源重置类型
工作流程
- 1. 加载配置 从 ~/.config/idrac-skill/config
- 注入凭据(即时模式)如果需要
- 确定操作类型:
-
只读(状态、健康、日志、清单)→ 直接执行
-
破坏性(关机、重启、BIOS更改)→ 先与用户确认
- 4. 查询 Redfish API 通过 curl + 基本认证(或批量操作的会话令牌)
- 解析 JSON 使用 jq
- 以自然语言向用户呈现结果
- 绝不暴露凭据在响应中
端点参考
关于原始 Redfish API 端点(系统信息、热管理、存储、网络、日志、电源操作、BIOS、固件、会话认证、Dell OEM 属性):
→ 参见 references/endpoints.md
安全说明
- - 绝不记录或显示凭据 — 使用 --silent 并管道到 jq
- 凭据文件 权限必须为 600(chmod 600 ~/.idrac-credentials)
- TLS 验证已禁用(-k)— iDRAC 使用自签名证书(私有网络可接受)
- 电源操作具有破坏性 — 执行关机/重启前需与用户确认
兼容性
适用于 Dell iDRAC 8(Redfish 1.0–1.4)和 iDRAC 9(Redfish 1.6+)。涵盖 PowerEdge 第13代(R630/R730)至当前代。参见端点参考了解版本特定说明。
注意: iDRAC 8 API 每次调用响应可能需要 5-10 秒。test 命令会进行 4 次连续调用(总共约 30-40 秒)。请相应设置执行超时时间。iDRAC 9 速度显著更快。
