In OS Build plans we have an option in the API's called ?force=true which allows us to ignore errors on build plans.

I came across this option when trouble shooting a network customization bug that was solved by applying an ICsp 7.5 fix where ICsp could not reach OneView. Sometimes it might become necessary for us to support the force option and allowing us to customize when the force option is used for build plans. Lets add support for that. Here is a quick snipet of what it takes in the rest calls to make the call for force work:

 q        map[string]interface{}
 q = make(map[string]interface{})
 q["force"] = "true"
 c.SetQueryString(q)

Hey, when running the docker-machine create command i get a Status 500 from ICSP. Looking at Debug i see the following.

(swarm-node-04) DBG | RestAPICall POST - https://icsp.test.local/rest/os-deployment-servers
(swarm-node-04) DBG | *** url => https://icsp.test.local/rest/os-deployment-servers
(swarm-node-04) DBG | *** method => �
(swarm-node-04) DBG | *** options => {"port":443,"username":"Administrator","password":"password"}
(swarm-node-04) DBG | Headers -> auth -> KkaOdY4fJlX1n21asQk9KiVFEbA3Jkor
(swarm-node-04) DBG | 
(swarm-node-04) DBG | Headers -> Content-Type -> application/json; charset=utf-8
(swarm-node-04) DBG | 
(swarm-node-04) DBG | Headers -> X-API-Version -> 108
(swarm-node-04) DBG | 
(swarm-node-04) DBG | REQ    --> &{Method:POST URL:https://icsp.test.local/rest/os-deployment-servers Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Content-Type:[application/json; charset=utf-8] X-Api-Version:[108] Auth:[KkaOdY4fJlX1n21asQk9KiVFEbA3Jkor]] Body:{Reader:} ContentLength:61 TransferEncoding:[] Close:false Host:icsp.twlon.com Form:map[] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr: RequestURI: TLS:<nil> Cancel:<nil>}
(swarm-node-04) DBG | 
(swarm-node-04) DBG | RESP   --> &{Status:500 Server Error StatusCode:500 Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Cache-Control:[no-cache] Date:[Mon, 22 Aug 2016 15:00:49 GMT] Content-Type:[application/json;charset=UTF-8] Via:[1.1 icsp.test.local] Vary:[Accept-Encoding]] Body:0xc8201ed640 ContentLength:-1 TransferEncoding:[chunked] Close:true Trailer:map[] Request:0xc82014e380 TLS:0xc8203926e0}

i think this is because it is not passing the IP address of the iLO to ICSP. Looking higher up the output i see.

(swarm-node-04) DBG | GetCurrentPowerState() blade -> {ServerHardwarev200:{IntelligentProvisioningVersion:2.20.219 MpHostInfo:0xc8204a1d10 MpState:OK PortMap:0xc8204f7f60 ServerSettings:0xc820510e80 Signature:0xc820510ea0} AssetTag:[Unknown] Category:server-hardware Created:2016-03-15T10:05:25.671Z Description: ETAG:1471803258698 FormFactor:HalfHeight LicensingIntent:OneView LocationURI:/rest/enclosures/09CZ35293RS1 MemoryMb:163840 Model:ProLiant BL460c Gen9 Modified:2016-08-21T18:14:18.698Z MpFirwareVersion:2.40 Dec 02 2015 MpModel:iLO4 Name:C7000-Rack8, bay 5 PartNumber:727021-B21 Position:5 PowerLock:false PowerState:Off ProcessorCoreCount:6 ProcessorCount:2 ProcessorSpeedMhz:1900 ProcessorType:Intel(R) Xeon(R) CPU E5-2609 v3 @ 1.90GHz RefreshState:NotRefreshing RomVersion:I36 12/28/2015 SerialNumber:CZ35210RS3 ServerGroupURI:/rest/enclosure-groups/8aa07098-ece1-4568-ae9a-bbf9fcde48c9 ServerHardwareTypeURI:/rest/server-hardware-types/B40A6425-B4D2-4467-99BB-059263311F2E ServerProfileURI:/rest/server-profiles/eea9e3f9-6821-4f12-8ee5-66ff1eb5f5aa ShortModel:BL460c Gen9 State:ProfileApplied StateReason:NotApplicable Status:OK Type:server-hardware-4 URI:/rest/server-hardware/30373237-3132-5A43-3335-323933525333 UUID:30373237-3132-5A43-3335-323933525333 VirtualSerialNumber:VCGND6V04K VirtualUUID:eea9e3f9-6821-4f12-8ee5-66ff1eb5f5aa MpDnsName: MpIpAddress: Client:%!v(PANIC=runtime error: index out of range)}

The bit of interest there is MpIpAddress: Client:%!v(PANIC=runtime error: index out of range)}.

If it helps i am running OV version 2.00.07-0250853, and ICSP version 7.5.0-0209204, Aug 3, 2015.

Does anybody know why? Is it API versions?

It might be possible for us to make the ilo user / password options optional, using SSO interfaces from OneView to access ILO API's here:

API: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=c04423967

and data model: http://h22208.www2.hpe.com/eginfolib/servers/docs/HPRestfultool/iLo4/data_model_reference.html

Once we have the api to access ILO, we can then semi implement access by setting up a docker-machine user and secret password that has it's password temporarily set by using the answer to the SSO key. Only 1 docker-machine create + 1 iLO request should be running at any given time, so it's fairley save to know that the current user is authenticated for a given machine run. Subsequent runs should check for the users existence and re-set the password given any new SSO key. The user name can be static, or based on the ilo-user name option, when not provided by an option, we will use docker-machine.

Other helpful information.

How to get the iLO SSO key:

GET https://oneview/rest/server-hardware//remoteConsoleUrl

{"remoteConsoleUrl":"hplocons://addr=127.0.0.1&sessionkey=123abckey"}

Parse query string for sessionkey

Example call usage in iLO api:

https://iloip/rest/v1/Chassis/1/PowerMetrics

Content-Type: application/json
Accept: application/json
X-Auth-Token: 123abckey
Content-Type: application/json
{"PowerLimit": {"LimitInWatts": 250}}

-- response --
200 OK
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 113
Content-Type: application/json
Date: Thu, 28 May 2015 13:56:34 GMT
Etag: W/"12345"
Server: HP-iLO-Server/1.30
X_HP-CHRP-Service-Version: 1.0.3

{"Messages":[{"MessageID":"Base.0.0.Success"}],"Name":"Extended Error Information","Type":"ExtendedError.0.9.5"}

We can now power force off when when the -f flag is specfied

blade selection based on enclosure:
be able to select the blade that is physically bound to the specified enclosure.
use case: have a dedicated enclosure for specific work loads.

When selecting available servers, allow for multiple template profiles to pick from different enclosure groups and hardware types. It would be nice if template profiles also confirmed to regex patterns for selection.

Lets not just ignore tls, lets honor it when a proper ca root is configured. Provide options to configure or setup ca root.

We should update the package manager with something like

sudo yum -y update

or

sudo apt-get install update

If provisioner doesn't find a package it fails...during docker provisioning.

Alternatively we could recommend using --engine-install-url "https://get.docker.com"

The profile template should have a relationship back to the profile. See Don's comments:

There is a serverProfileTemplateUri that should be part of the body. If you look at the Don-Test-Bay6 profile that is what a profile created from a template look like. I think you are using the body from the template to create the profile.

Hi Everybody!

I need feedback regarding the "Setup ICsp boot image". What do you mean with: "The script contents for this step should appear as the following: get script from : drivers/oneview/scripts/docker_os_build_plan.sh"

The technical whitepaper describes that i should add the script from : github.com/HewlettPackard/docker-machine-oneview/blob/master/scripts/docker_os_build_plan.sh but there is a "do not need this anymore"-note.

Please help me!

Add documentation to describe how to use --oneview-public-slotid

Fix the way we get public ip to work around the issue for how we where parsing it from the logs. We should now provision the server with an additional template to execute as the last os build template that sets up the ip. Provide a flag for future use that skips the template setup, ie; --oneview-skip-publicip-template (boolean flag)

Team reports the following missing libs for docker 1.10.1 support

•      libcgroup (just a package missing. The one present in the RHEL7.1 kit is good enough), libcgroup rpm package
  

•      libdevmapper (required 1.02.97 vs 1.02.92 in the RHEL7.1 kit), device-mapper-libs rpm package
  

•      libsystemd (required 209 vs 208 in the RHEL7.1 kit), systemd-libs rpm package
  

When running docker-machine to provide passwords, the passwords we provide should be encrypted. Provide some option to encrypt the password and provide a mechanisum to secure the passwords on disk, so that docker-machine inspect should only provide passwords when we have the correct creds.

In the docker-machine create command (for oneview with docker) how do you specify which blade to use in the oneview infrastructure, for the docker host provision? I would like to provision host on specific blade but in the example command set below..there is no option to specify target blade. Also how to use the docker with oneview plugin...there is no clear document defining all the steps. if you can answer this question ..I am almost done with creating one document for everyone.

docker-machine create \

--engine-env HTTP_PROXY=""
--engine-env HTTPS_PROXY=""
--engine-env NO_PROXY=""
--driver oneview
--oneview-os-plan "RHEL71_DOCKER_18"
--oneview-server-template "SP_template"
--oneview-ov-user=Administrator
--oneview-ov-password=
--oneview-ov-domain=
--oneview-ov-endpoint=https://15.xx.xx.xx/
--oneview-icsp-user=administrator
--oneview-icsp-password=
--oneview-icsp-endpoint=15.215.xx.xx
--oneview-ssh-user=administrator \
--oneview-ilo-user=administrator
--oneview-ilo-password=
docker-ip-node-01

Also what does this mean:
Name: "oneview-ilo-user",
Usage: "ILO User id that is used during ICSP server creation.",

I do not remember using any ilo when creating ICSP vm and then its template.

I am following the steps mentioned in document below(that is rather vague in actual steps)
https://h20195.www2.hp.com/V2/getpdf.aspx/4AA6-2595ENW.pdf

plugin needs to check expired HPE OneView access tokens
It is possible there are old/stale tokens in the host's config.json file. The code needs to
verify the token and refresh (if needed).

Lets add a way to display the driver version

We need to improve how we select the interface to be the last interface first when we don't provide this option

https://github.com/HewlettPackard/docker-machine-oneview/blob/master/oneview/oneview.go#L163

If slotid is provided then we should interpret this as interconnectPort where
"interconnectPort The interconnect port to which the connection will be (or currently is) deployed
integer
Minimum 1 Maximum 16
"

Lets update this area to deal with that: https://github.com/HewlettPackard/docker-machine-oneview/blob/master/oneview/oneview.go#L332

godep: WARNING: Go version (go1.6) & $GO15VENDOREXPERIMENT= wants to enable the vendor experiment, but disabling because a Godep workspace (Godeps/_workspace) exists
�

We should document the fact that we remove Network personilization from the os build plan. Testing should be done with & without this, and determine if we can move the docker build step to the last step instead.

Lets support the ability to configure labels on hardware to select available servers.

1. A server template will select the hardware type and enclosure group
2. a label will limit the selection of available servers to only those servers that have matching labels. If the server does not have the label, then it should not be provided in the available servers api.

Clear up the arguments that are optional vs required. We should have a column that specifies that.

When powering off a server to do a create, if normal power off fails, we should retry with press and hold.

If the user is the root user, the script should still work:

https://github.com/HewlettPackard/docker-machine-oneview/blob/master/scripts/docker_os_build_plan.sh

Try testing with SSH_USER=root, this causes the script to fail.

Just found that we are starting to add SAN support on other plugins: HewlettPackard/chef-provisioning-oneview#30

Our driver should have SAN support options.

Add two new command line options:

1. --oneview-pre-provisioning
   This option will execute os template provisioning plans before the main os-build plan
2. --oneview-post-provisioning
   This option will execute os template provisioning plans after the main os-build plan
   The comma seperated list is a quoted string of templates that are executed in the order for which they are listed.
3. --oneview-server-attributes-config <config.yml>
   This option provides a list of custom attributes to place on the server

After a successful completion of Insight Control Server Provisioning build plan, the command docker-machine create --driver oneview ..., fails "Waiting for SSH to be available...":

(docker01) Job, OS Build Plan completed successfully, completed
(docker01) Saving server attributes for localhost.
(docker01) oneview, Completed all create steps, docker provisioning will continue.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Error creating machine: Error detecting OS: Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded

Any idea on how to troubleshot this problem?

Environment:
docker-machine version 0.8.1, build 41b3b25
HP OneView 2.00.07-0250853
HP Insight Control Server Provisioning 7.5.1-0243931
docker_os_build_plan.sh 4181ff3 on Apr 25 (invoked as step 25 of the build plan and passing parameters as: @docker_user@ '@public_key@' @docker_hostname@ '@proxy_config@' '@proxy_enable@'

Thanks in advance for any answer.

docker-machine has no option to set timeout value for
stateTimeoutDuration

This has been reported here: docker/machine#2534

Workaround for now is to compile a new exe with higher timeout, but we should work to get list to work in under 10 sec.

When we remove a machine with docker-machine rm, there should be an option to avoid removing the profile from OneView. This is to avoid issues with recreation of profiles manually.

docker-machine is now using 1.6, please update to make sure we keep up with golang versions

docker/machine#3053

Lets add support for new auth property:

"loginMsgAck":"true"

Be able to select a blade based on Hardware type criteria:
name, descrption, and model

After upgrading OneView from 2.0 to 3.0, docker-machine create --driver oneview command fails with the following error message:

Error removing host "docker02.bc.local": Attempting to get machine profile information, unable to find machine in oneview: docker02.bc.local

Any idea what is happening?

Thanks,
Angel.

When we post the release notes, they are providing bad download locations. Correct this to read

if [[ ! -d "$HOME/bin" ]]; then mkdir -p "$HOME/bin"; fi && \
  curl -Ls https://github.com/HewlettPackard/docker-machine-oneview/releases/download/v0.5.5/docker-machine-driver-oneview_windows-amd64.exe > "$HOME/bin/docker-machine-driver-oneview.exe" && \
  chmod +x "$HOME/bin/docker-machine-driver-oneview.exe" 

rest package calls should have a proper timeout setup.
Lets make the default 3minutes, and add a configuration option to provide for longer timeouts