Configurazione HP ILO da command line Linux

From RVM Wiki
Revision as of 10:58, 17 October 2024 by Gabriele.vivinetto (talk | contribs) (Articolo Originale)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  • Installare IPMI Tools:
apt install openipmi ipmitool
  • Su debian Bookworm, scaricare un file mancante, altrimenti si ottiene l'errore "IANA PEN registry open failed: No such file or directory":
wget -O /usr/share/misc/enterprise-numbers.txt https://jff.email/cgit/ipmitool.git/plain/debian/enterprise-numbers.txt?h=debian/1.8.19-5
  • Stampare la configurazione:
ipmitool lan print
  • Impostare i parametri:
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 192.168.6.192
ipmitool lan set 1 netmask 255.255.255.0
ipmitool lan set 1 defgw ipaddr 192.168.6.254
  • Se necessario, resettare l'ILO:
ipmitool mc reset cold

Riferimenti

Articolo Originale

Configuring HP iLO through Linux automatically

1 Reply

We only use HP servers and we get more and more every week. Someone has to keep track of all those servers and be able to configure them using iLO in case of a disaster
 Installation almost runs automatically, except for iLO configuration.

 I have to first find the iLO ip, then login to the web interface, create users, set static IP and what not. It takes time, a lot of it.

 If only there was some way to automate it without having to use HP’s software.. but wait, THERE IS!
I already posted how to scan for all HP ILO devices in your subnet, but the basics in the following post on how to configure iLO from your guest Linux OS might make everything a little easier for the sysadmins out there

How to configure HP iLO in Linux

First I will show you the useful commands and an example output for each, and then how to automate the configuration of your HP iLO interface using bash scripting
 The script for configuring iLO automatically will be included at the end of this post
Needed packages:

OpenIPMI OpenIPMI-libs OpenIPMI-tools

These packages can be installed through your favorite package manager, below you’ll see the defaults in Debian and CentOS/RHEL

Debian:

apt-get install OpenIPMI OpenIPMI-libs OpenIPMI-tools

CentOS/RHEL:

yum install OpenIPMI OpenIPMI-libs OpenIPMI-tools

Once you got those installed, you can move on and configure or fetch info from iLO through the guest Linux

Get the serial number of the server

Getting the serialnumber might be useful, in case you need to log it to a inventory database, or just need the serial number for a warranty call. This is an easy and quick way to find it, without even logging into iLO.

ipmitool fru | grep Serial

Sample output:
 Chassis Serial        : CZAAAAAAAA
 Board Serial          : CZAAAAAAAA
 Product Serial        : CAAAAAAAAA
 Serial Number         : 0BBBBBB
Get network settings configured on the HP iLO port

Maybe you just want to find the DHCP address of the HP iLO controller? you can do this easily, without having to scan the entire network.

ipmitool lan print

Example output:

Set in Progress         : Set Complete Auth Type Support       : IP Address Source       : DHCP Address IP Address              : 123.123.123.123 Subnet Mask             : 255.255.255.0 MAC Address             : de:ad:be:ef:ca:fe BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled Default Gateway IP      : 123.123.123.1 802.1q VLAN ID          : Disabled 802.1q VLAN Priority    : 0 Cipher Suite Priv Max   : Not Available

Restart iLO interface

If you have any problems connecting to the HP ILO controller, you might need to restart it. But you don’t want to restart the entire server because your have to unplug the power to restart iLO. Nobody wants that on a production server! You can initialize a restart of ILO only by running the below command. This way your server stays online, while doing it. It has saved my butt a couple of times.
 Remember these two commands will not reboot the OS running on the server, only iLO
For a cold reset (forcefully, in case iLO is not responding in any way including echo requests/ping) use the following:

ipmitool mc reset cold

For a warm reset (in case iLO IS responding) use the following:

ipmitool mc reset warm

Configure network to static ip on the HP iLO port

Without logging into the web interface, you can still set a static IP address to the HP iLO interface using the below commands. Replace the IP, subnet mask and default gateway with what you need it to be.

[root@server ~]# ipmitool lan set 1 ipsrc static [root@server ~]# ipmitool lan set 1 ipaddr 192.168.1.211 [root@server ~]# ipmitool lan set 1 netmask 255.255.255.0 [root@server ~]# ipmitool lan set 1 defgw ipaddr 192.168.1.1

Configuring users

Configuring users might also come in handy. By default there is only the “Administrator” user with a password located on a sticker or elsewhere physically on the server.

Create a user with admin rights.

To create a user with same rights as the “Administrator” user, use the following. This user will be able to do everything in iLO.
 Replace “admin” with the username you want.

 In case your create multiple users, you have to increment the number “2” with +1 every time. so the second user you create will have ID 3, and the third, ID 4.
[root@server ~]# ipmitool user set name 2 admin [root@server ~]# ipmitool user set password 2 Password for user 2: Password for user 2: [root@server ~]# ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4 [root@server ~]# ipmitool user enable 2

Create user with user monitoring rights

If a user should only be used for querying sensor data, for example a user for Nagios, Zabbix or other monitoring software, a custom privilege level can be setup for that. This user can not do any changes to the server through iLO. A user named “monitor” will be created for this in the following example:

[root@server ~]# ipmitool user set name 3 monitor [root@server ~]# ipmitool user set password 3 Password for user 3: Password for user 3: [root@server ~]# ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2 [root@server ~]# ipmitool user enable 3

The importance of the various privilege numbers will be displayed when ipmitool channel is called without any additional parameters:

[root@server ~]# ipmitool channel Channel Commands: authcap   <channel number> <max privilege>
                  getaccess <channel number> [user id]
                  setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]
                  info      [channel number]
                  getciphers <ipmi | sol> [channel]
Possible privilege levels are:
   1   Callback level
   2   User level
   3   Operator level
   4   Administrator level
   5   OEM Proprietary level
  15   No access
[root@server ~]#

Automatically configure HP iLO using bash

Now you know how to use the commands to configure the basic stuff in your iLO controller manually. But what about doing this automatically when you have new servers coming in every other day that needs to be configured? We can do that using bash scripts.

Below is a script that will set the specified ip address, subnetmask, default gateway and create users if you want to.
 Easy to just run after you installed your OS and even automating using puppet or other deployment tools

# !/bin/bash
# Script written by dev-random.net
# Purpose is to automate HP iLO configuration
# Feel free to use this script however you like, as long as you leave these top comments

printhelp() {	echo	echo "-i <static ip to set> example: 192.168.1.10"	echo "-s <static subnet mask to set> example: 255.255.255.0, required if -i is set"	echo "-g <static gatewat to set> example: 192.168.1.1, required if -i is set"	echo "-a <username for new admin user> example: admin, dont use if no user should be created"	echo "-p <password for admin user>, required if -a is set, enclose in \"\" if password contains spaces"	echo "-m <username for read-only user>, example: monitor"	echo "-o <password for read-only user>, required if -m is set, enclose in \"\" if password contains spaces"	echo "-y add this to the command to actually do the changes, else the script will just output what you typed in the parameters"	echo	exit 1 }

# Print help if no parameters where set

if (($# == 0)); then	printhelp fi

# Get parameters

while getopts "i:s:g:a:p:m:o:hy" opt; do	case $opt in		i) # IP to set			IP="$OPTARG"		;;		s) # Subnetmask to set			SUBNETMASK="$OPTARG"		;;		g) # Gatway to set			GATEWAY="$OPTARG"		;;		a) # New admin username			ADMINUSERNAME="$OPTARG"		;;		p) # New admin password			ADMINPASSWORD="$OPTARG"		;;		m) # New read-only users username			USERNAME="$OPTARG"		;;		o) # New read-only users password			PASSWORD="$OPTARG"		;;		h) # Print help			printhelp		;;		y) # Just do it, no need to press any key to continue			DOIT=1		;;		\?) # Default if option is not known			printhelp		;;		 # Error if parameter was triggered without value			echo "Option -$opt requires an argument"			printhelp		;;	esac done echo # Print empty line

# Check if we have the needed required software installed
# required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools

if [ `which ipmitool &>/dev/null ; echo $?` -ne 0 ] ; then	echo "ipmitool not available, please install requirements:"	echo "required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools"	echo "See https://dev-random.net/configuring-and-controlling-hp-ilo-through-linux for details"	exit 2 fi

# print serial number, just because we can and then you dont have to do it manually in case you need it

ipmitool fru | grep Serial echo #print empty line

# Check if IP has to be set

if [[ "$IP"]] && [[ "$SUBNETMASK"]] && [[ "$GATEWAY"]] ; then	echo "IP: $IP"	echo "Subnetmask: $SUBNETMASK"	echo "Gateway: $GATEWAY"	if [[ $DOIT]] ; then		echo "Setting ip"		ipmitool lan set 1 ipsrc static		ipmitool lan set 1 ipaddr $IP		ipmitool lan set 1 netmask $SUBNETMASK		ipmitool lan set 1 defgw ipaddr $GATEWAY		echo # print empty line	fi fi

# Check if admin user has to be created

if [[ "$ADMINUSERNAME"]] && [[ "$ADMINPASSWORD"]] ; then	echo "Admin username: $ADMINUSERNAME"	echo "Admin password: $ADMINPASSWORD"	if [[ $DOIT]] ; then		echo "Creating admin user"		ipmitool user set name 2 $ADMINUSERNAME		ipmitool user set password 2 $ADMINPASSWORD		ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4		ipmitool user enable 2		echo # print empty line	fi fi

# Check if read-only user has to be created

if [[ "$USERNAME"]] && [[ "$PASSWORD"]] ; then	echo "Read-only username: $USERNAME"	echo "Read-only user password: $PASSWORD"	if [[ $DOIT]] ; then		echo "Creating read-only user"		ipmitool user set name 3 $USERNAME		ipmitool user set password 3 $PASSWORD		ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2		ipmitool user enable 3		echo # print empty line	fi fi

# If -y was set

if [[ $DOIT]] ; then	# Warm restart iLO	echo "Restarting iLO, it will be accessible in a couple of minutes using the new IP address (if changed)."	ipmitool mc reset warm else # If -y was not set, then ask for it to do the changes	echo # print empty line	echo "add -y to the command to make the changes, this run only showed you the settings you entered so you can make sure they are correct" fi echo # print empty line exit 0
Retrieved from "https://kb.rvmgroup.it/index.php?title=Configurazione_HP_ILO_da_command_line_Linux&oldid=11307"