Issue with verify_sll on rest_command

Configuration
1

I would like to remote start and shutdown a server. The server motherboard is from Asrock and has an IPMI interface, which I was able to address via Postman. Now I wanted to translate the Postman command into a HA rest_command. This is the rest_command:

asrock_central_commandpure:
  url: https://xxx.xxx.xxx.xxx/redfish/v1/Chassis/Self/Actions/Chassis.Reset
  method: POST
  username: **********
  password: **********
  payload: '{"ResetType":"{{command}}"}'
  content_type: "application/json"
  verify_ssl: false

The variable “command” is given via a template switch:

- platform: template
  switches:
    asrock_central:
      friendly_name: "Asrock Server"
      value_template: "{{ is_state('binary_sensor.myserver', 'on') }}"
      turn_on:
        action: rest_command.asrock_central_command
        data:
          command: On
      turn_off:
        action: rest_command.asrock_central_command
        data:
          command: GracefulShutdown

Here I get always an error with SSL, so it seems that the “verify_sll: false” is ignored. As I am using OPNsense with HAproxy, I tried to construct a workaround and setup a ssl-verified connection via HAproxy:

asrock_central_command:
  url: https://asrock.mydomain.org/redfish/v1/Chassis/Self/Actions/Chassis.Reset
  method: POST
  username: **********
  password: **********
  payload: '{"ResetType":"{{command}}"}'
  content_type: "application/json"

And using the SSL verified connection, the rest_command works flawless. As I don’t want to rely on the the HAproxy and prefer to work with the IP directly, it would be better to get it somehow working with verify_ssl: false.

Am I doing something wrong? I have other rest_command were “verify_ssl: false” is working.

2

verify_ssl typically ignores the fact that the domain of the certificate is not the one you use in the url. If the certificate is expired, it might still fails.

What is your situation? curl -v will tell you that.

1 Like
3

I just solved it in a different way. The Asrock rack mainboard and their IPMI is a p*** in the a**… As I am lucky to have an APC PDU with switchable outlets, I simply sending a shutdown command (template switch) to the server, then wait for some time and switch the PDU plug off. To start the server, I simply switch on the plug as I set the power policy after power restore to “on”.

Not that elegant, but works much better than fighting with the redfish API of the Asrock rack mainboard. If you have the choice: choose Supermicro :slight_smile: