Ingesting Hosts (REST API)
Ingesting Hosts (REST API)
Ingesting Hosts (REST API)
Provider-side hardware onboarding for NICo using the REST API and nicocli. This is the Day 0 prequel to the Typical API Call Flows in the REST API Reference — it covers how physical machines become discoverable so that subsequent calls like Retrieve All Machines return real hardware to allocate and provision.
Make sure the following are in place before you begin:
nicocli installed (make nico-cli from the infra-controller repo) and a working config under ~/.nico/. For setup, authentication, and config conventions, see the Quick Start Guide and the nicocli reference guide.PROVIDER_ADMIN role in the org you are operating in. Tenant Admins with targetedInstanceCreation capability can also register Expected Machines, but the canonical path is provider-side.Verify connectivity:
nicocli site list returns the Sites the calling org has access to. Pick the Site UUID for the data center you are onboarding hardware into — you will pass it as --site-id in every Expected Machine create call.
An Expected Machine pre-registers a physical machine so NICo can authenticate to it on discovery and accept it for ingestion. Each Expected Machine carries the factory default BMC credentials NICo uses for first contact, plus identifying information (chassis serial, optional rack/SKU metadata).
The Expected Machine endpoints are scoped per-org per-site. All requests require PROVIDER_ADMIN (or TENANT_ADMIN with targetedInstanceCreation).
Create one Expected Machine with explicit flags:
Required flags: --site-id, --bmc-mac-address, --chassis-serial-number. The BMC credentials are optional on the REST schema but required in practice — without them NICo cannot authenticate to the BMC for discovery.
Optional flags add metadata or pre-allocate resources:
You can also pass the entire request body as JSON:
fallbackDPUSerialNumbers is JSON-only (no flag form) and is needed for DGX-H100 or other machines where the NetworkAdapter serial number is not available in the host Redfish.
For multiple machines, prefer batch-create. The endpoint accepts up to 100 Expected Machines per request and validates the whole batch atomically:
Where expected-machines.json is a JSON array of ExpectedMachineCreateRequest objects:
Two constraints apply to every batch request, both enforced at the API gateway:
batch-create calls.siteId. You cannot mix sites within a single batch.Once Expected Machines are registered and the trust policy is in place, NICo’s Site Explorer automatically discovers and ingests each machine. No further operator action is required under normal circumstances.
The high-level flow:
ManagedHost object is created and the state machine starts.DpuDiscoveringState / DPUInit: NICo configures Secure Boot on the DPU, installs the DPU OS (BFB image), and power-cycles the host to apply the new DPU configuration.HostInit: NICo configures BIOS, sets the host boot order, optionally collects TPM attestation measurements, waits for hardware discovery via the scout agent, and applies UEFI lockdown. When scout reports back, NICo replaces the temporary predicted host ID (prefix fm100p) with a stable host ID (prefix fm100h) derived from the host’s DMI serial data or TPM certificate.BomValidating / Validation: NICo validates discovered hardware against the expected SKU. If hardware validation is enabled, the host is rebooted and tested before proceeding.Ready: the host transitions through HostInit/Discovered and enters the available pool, ready for an instance to be assigned.For the full DPU lifecycle, see DPU Lifecycle Management. For the complete state transitions, see Managed Host State Diagrams.
Once machines reach Ready, they show up in the Machine REST endpoint. List all machines on a site:
Inspect a single machine:
Include hardware metadata (CPU, memory, interfaces, etc.):
A Ready machine has status: Ready and isUsableByTenant: true. Once at least one machine is Ready, you can continue with the rest of the Provider or Service Account flow.
With machines ingested and Ready, follow the relevant API flow in the REST API Getting Started reference:
Both flows assume hardware ingestion is complete — which this page covers.
When a machine is not being created or is stuck in a pre-Ready state, start with the Machine REST endpoint:
For deeper investigation, carbide-api logs filtered by the host BMC IP or DPU BMC IP are the fastest way to understand where ingestion or pairing is failing.
Before pairing can occur, Site Explorer must successfully explore each BMC endpoint. Exploration failures are logged in carbide-api and the NICo Grafana dashboard. Common error types:
For a complete reference of all Redfish endpoints and required response fields, see Redfish Endpoints Reference.
The following are the conditions in which Site Explorer cannot complete pairing and logs a host_dpu_pairing_blockers_count metric. Each requires operator investigation.
For more DPU-specific troubleshooting (Secure Boot configuration, BMC password resets, firmware version checks), see Adding New Machines to an Existing Site.
Pagination is on by default (--page-number, --page-size); use --all to fetch every page. Sort order is controlled by --order-by (see --help for the supported enum values).
update accepts the same flags as create (all optional on update). For complex updates, use --data-file with the full ExpectedMachineUpdateRequest JSON.
Where updates.json is a JSON array of ExpectedMachineUpdateRequest objects. Each entry must include the id field identifying which Expected Machine to update; other fields are merged onto the existing record.
To dump the current table as JSON:
Suitable for backup or import-into-another-site workflows.