神刀安全网

Configuring HP ILO through Linux automatically

Rate this post

We only use HP servers and we get more and more every week. Someone has to keep track of all those servers and be able to configure them using ILO in case of a disaster

Installation almost runs automatically, except for ILO configuration.

I have to first find the ILO ip, then login to the web interface, create users, set static IP and what not. It takes time, a lot of it.

If only there was some way to automate it without having to use HP’s software.. but wait, THERE IS!

I already posted how to scan for all HP ILO devices in your subnet , but the basics in the following post on how to configure ILO from your guest Linux OS might make everything a little easier for the sysadmins out there

How to configure HP ILO in Linux

First I will show you the useful commands and an example output for each, and then how to automate the configuration of your HP ILO interface using bash scriptingThe script for configuring ILO automatically will be included at the end of this post

Needed packages:

OpenIPMI OpenIPMI-libs OpenIPMI-tools

These packages can be installed through your favorite package manager, below you’ll see the defaults in Debian and CentOS/RHEL

Debian:

apt-get install OpenIPMI OpenIPMI-libs OpenIPMI-tools

CentOS/RHEL:

yum install OpenIPMI OpenIPMI-libs OpenIPMI-tools

Once you got those installed, you can move on and configure or fetch info from ILO through the guest Linux

Get the serial number of the server

Getting the serialnumber might be useful, in case you need to log it to a inventory database, or just need the serial number for a warranty call. This is an easy and quick way to find it, without even logging into ILO.

ipmitool fru | grep Serial

Sample output:

Chassis Serial        : CZAAAAAAAA        Board Serial          : CZAAAAAAAA        Product Serial        : CAAAAAAAAA        Serial Number         : 0BBBBBB

Get network settings configured on the HP ilo port

Maybe you just want to find the DHCP address of the HP ILO controller? you can do this easily, without having to scan the entire network.

ipmitool lan print

Example output:

Set in Progress         : Set Complete Auth Type Support       : IP Address Source       : DHCP Address IP Address              : 123.123.123.123 Subnet Mask             : 255.255.255.0 MAC Address             : de:ad:be:ef:ca:fe BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled Default Gateway IP      : 123.123.123.1 802.1q VLAN ID          : Disabled 802.1q VLAN Priority    : 0 Cipher Suite Priv Max   : Not Available

Restart ilo

If you have any problems connecting to the HP ILO controller, you might need to restart it. But you don’t want to restart the entire server because your have to unplug the power to restart ILO. Nobody wants that on a production server! You can initialize a restart of ILO only by running the below command. This way your server stays online, while doing it. It has saved my butt a couple of times.Remember these two commands will not reboot the OS running on the server, only ILO

For a cold reset (forcefully, in case ilo is not responding in any way including echo requests/ping) use the following:

ipmitool mc reset cold

For a warm reset (in case ilo IS responding) use the following:

ipmitool mc reset warm

Configure network to static ip on the HP ilo port

Without logging into the web interface, you can still set a static IP address to the HP ILO interface using the below commands. Replace the IP, subnet mask and default gateway with what you need it to be.

[root@server ~]# ipmitool lan set 1 ipsrc static [root@server ~]# ipmitool lan set 1 ipaddr 192.168.1.211 [root@server ~]# ipmitool lan set 1 netmask 255.255.255.0 [root@server ~]# ipmitool lan set 1 defgw ipaddr 192.168.1.1

Configuring users

Configuring users might also come in handy. By default there is only the “Administrator” user with a password located on a sticker or elsewhere physically on the server.

Create a user with admin rights.

To create a user with same rights as the “Administrator” user, use the following. This user will be able to do everything in ILO.

Replace “admin” with the username you want.

In case your create multiple users, you have to increment the number “2” with +1 every time. so the second user you create will have ID 3, and the third, ID 4.

[root@server ~]# ipmitool user set name 2 admin [root@server ~]# ipmitool user set password 2 Password for user 2:  Password for user 2:  [root@server ~]# ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4 [root@server ~]# ipmitool user enable 2

Create user with user monitoring rights

If a user should only be used for querying sensor data, for example a user for Nagios, Zabbix or other monitoring software, a custom privilege level can be setup for that. This user can not do any changes to the server through ILO. A user named “monitor” will be created for this in the following example:

[root@server ~]# ipmitool user set name 3 monitor [root@server ~]# ipmitool user set password 3 Password for user 3:  Password for user 3:  [root@server ~]# ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2 [root@server ~]# ipmitool user enable 3

The importance of the various privilege numbers will be displayed when ipmitool channel is called without any additional parameters:

[root@server ~]# ipmitool channel Channel Commands: authcap   <channel number> <max privilege>                   getaccess <channel number> [user id]                   setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]                   info      [channel number]                   getciphers <ipmi | sol> [channel]  Possible privilege levels are:    1   Callback level    2   User level    3   Operator level    4   Administrator level    5   OEM Proprietary level   15   No access [root@server ~]#

Automatically configure HP ILO using bash

Now you know how to use the commands to configure the basic stuff in your ILO controller manually. But what about doing this automatically when you have new servers coming in every other day that needs to be configured? We can do that using bash scripts.

Below is a script that will set the specified ip address, subnetmask, default gateway and create users if you want to.Easy to just run after you installed your OS and even automating using puppet or other deployment tools

#!/bin/bash  # Script written by dev-random.net # Purpose is to automate HP ILO configuration # Feel free to use this script however you like, as long as you leave these top comments    printhelp() {  echo  echo "-i <static ip to set> example: 192.168.1.10"  echo "-s <static subnet mask to set> example: 255.255.255.0, required if -i is set"  echo "-g <static gatewat to set> example: 192.168.1.1, required if -i is set"  echo "-a <username for new admin user> example: admin, dont use if no user should be created"  echo "-p <password for admin user>, required if -a is set, enclose in /"/" if password contains spaces"  echo "-m <username for read-only user>, example: monitor"  echo "-o <password for read-only user>, required if -m is set, enclose in /"/" if password contains spaces"  echo "-y add this to the command to actually do the changes, else the script will just output what you typed in the parameters"  echo  exit 1 }  # Print help if no parameters where set if (($# == 0)); then  printhelp fi  # Get parameters while getopts "i:s:g:a:p:m:o:hy" opt; do  case $opt in   i) # IP to set    IP="$OPTARG"   ;;   s) # Subnetmask to set    SUBNETMASK="$OPTARG"   ;;   g) # Gatway to set    GATEWAY="$OPTARG"   ;;   a) # New admin username    ADMINUSERNAME="$OPTARG"   ;;   p) # New admin password    ADMINPASSWORD="$OPTARG"   ;;   m) # New read-only users username    USERNAME="$OPTARG"   ;;   o) # New read-only users password    PASSWORD="$OPTARG"   ;;   h) # Print help    printhelp   ;;   y) # Just do it, no need to press any key to continue    DOIT=1   ;;   /?) # Default if option is not known    printhelp   ;;   �� # Error if parameter was triggered without value    echo "Option -$opt requires an argument"    printhelp   ;;  esac done  echo # Print empty line    # Check if we have the needed required software installed # required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools if [ `which ipmitool &>/dev/null ; echo $?` -ne 0 ] ; then  echo "ipmitool not available, please install requirements:"  echo "required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools"  echo "See https://dev-random.net/configuring-and-controlling-hp-ilo-through-linux for details"  exit 2 fi    #print serial number, just because we can and then you dont have to do it manually in case you need it ipmitool fru | grep Serial  echo #print empty line  # Check if IP has to be set if [[ "$IP" ]] && [[ "$SUBNETMASK" ]] && [[ "$GATEWAY" ]]; then  echo "IP: $IP"  echo "Subnetmask: $SUBNETMASK"  echo "Gateway: $GATEWAY"  if [[ $DOIT ]]; then   echo "Setting ip"      ipmitool lan set 1 ipsrc static   ipmitool lan set 1 ipaddr $IP   ipmitool lan set 1 netmask $SUBNETMASK   ipmitool lan set 1 defgw ipaddr $GATEWAY      echo # print empty line  fi fi  # Check if admin user has to be created if [[ "$ADMINUSERNAME" ]] && [[ "$ADMINPASSWORD" ]]; then  echo "Admin username: $ADMINUSERNAME"  echo "Admin password: $ADMINPASSWORD"  if [[ $DOIT ]]; then   echo "Creating admin user"      ipmitool user set name 2 $ADMINUSERNAME   ipmitool user set password 2 $ADMINPASSWORD   ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4   ipmitool user enable 2      echo # print empty line  fi fi  # Check if read-only user has to be created if [[ "$USERNAME" ]] && [[ "$PASSWORD" ]]; then  echo "Read-only username: $USERNAME"  echo "Read-only user password: $PASSWORD"  if [[ $DOIT ]]; then   echo "Creating read-only user"      ipmitool user set name 3 $USERNAME   ipmitool user set password 3 $PASSWORD   ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2   ipmitool user enable 3      echo # print empty line  fi fi  # If -y was set if [[ $DOIT ]]; then  # Warm restart ILO  echo "Restarting ILO, it will be accessible in a couple of minutes using the new IP address (if changed)."  ipmitool mc reset warm else # If -y was not set, then ask for it to do the changes  echo # print empty line  echo "add -y to the command to make the changes, this run only showed you the settings you entered so you can make sure they are correct" fi  echo # print empty line exit 0

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Configuring HP ILO through Linux automatically

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址