How to get HP ILO ip address?

Jephe Wu - http://linuxtechres.blogspot.com

Objective: get the HP Proliant server IP address online or offline
Environment: Windows and/or Linux


Steps:

1. hponcfg
search google 'HP Lights-Out Online Configuration Utility for Windows' or 'HP Lights-Out Online Configuration Utility for Linux' to access the following site:

http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=1135772&prodTypeId=18964&prodSeriesId=1146658&swLang=8&taskId=135&swEnvOID=1005

C:\Program Files\HP\hponcfg>hponcfg /w iLo.xml

This will export the current settings from ILO, you can modify it then import it:

C:\Program Files\HP\hponcfg>hponcfg /f ilo.xml

2. web interface
Install HP PSP on Windows/Linux, access it through http://localhost:2301 or https://localhost:2381, management processor part to find out the IP address and link status.


3. Reboot the server and press the F8 key when the server is booting and displays the HP integrated Lights Out text.


4. References:

a. http://www.itaspirin.com/node/10 - Reconfigure iLo network settings using HPONCFG

b. HP Lights-Out Online Configuration Utility for Linux
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&swItem=MTX-da4fdbec8db549b8a98de5d9c3&mode=4&idx=1

c. HP Lights-Out Online Configuration Utility for Windows Server 2003/2008
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=18964&prodSeriesId=1146658&prodNameId=1135772&swEnvOID=1114&swLang=8&mode=2&taskId=135&swItem=MTX-ea306043175c40bcb35952a862

How to use ILO and vsp to login HP Proliant Linux server

Jephe Wu - http://linuxtechres.blogspot.com

Enrionment: Production HP Proliant server installed with CentOS. ILO2 is connected and enabled
Objective: directly login to Linux console through vsp/ilo, so that you can change server IP address without worries etc


Steps:
1. enable firewalls so  that you can ssh into the ILO ip address from office to data center where the production server resides

2. configure vsp port as com1 or com2 on hp proliant server bios screen (bios: system option)

3. configure Linux server to accept serial port login (let's assume vsp uses com2 which is ttyS1)

add this to /etc/inittab:
sx:2345:respawn:/sbin/agetty 115200 ttyS1 vt100
then init q to take affect

4. add  ttyS0 or ttyS1 into /etc/securetty to enable root direct login through serial port

5. login to ILO2 from putty,  then type in vsp to get Linux login console
6. use ESC key followed by ( to exit from login console , back to vsp command line

References:
a. HP Integrated Lights-Out 2 (iLO 2) - Unable to Use Virtual Serial Port (VSP) -
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=1146658&prodTypeId=18964&objectID=c01702793

How to use HP ILO to do NFS diskless installation of RHEL 5.1 remotely

Objective: install RHEL 5.1 OS for one of HP server in datacenter remotely from office with DVD ISO file and NFS method, it won't require you to have any disk from office.


Steps:

• download RHEL 5.1 DVD ISO file, put it on the one of datacenter NFS server, can be different network segment from the destination server. (In this case, during installation, you might need to set default gateway properly so that the destination sever can talk to this NFS server)
• configuring NFS server export, in /etc/exports, put this:

/sourcefile/rh51 *(ro)

• put rhel-5.1-server-i386-dvd.iso to /sourcefile/rh51 folder
• mount this iso somewhere to copy out boot.iso to your local Windows PC in office which will be used for HP ILO virtual CDROM media image for booting up RHEL installation
• startup NFS server - service portmap start; service nfs start
  
• use IE to access HP ILO address
• go to virtual media to mount this boot.iso image
  
• use virtual power to reset the server
• press enter to boot up OS installation virtual boot.iso disk
• untick high performance mouse, and close the virutal media window to make USB mouse to work
• continue to install until finish
• that's it, done.
  

HP ILO2 Authentication through OpenLDAP on HP DL385G2

Jephe Wu http://linuxtechres.blogspot.com

Many companies are using HP servers because of the easier management of ILO(Integrated Lights-Out). After you deployed a large number of HP servers, you'll find one problem which is to manage all the ILO administrator password. Since the ILO provides the directory setting which you can use the centralized LDAP database for authentication, but HP doesn't documented how to configure it through OpenLDAP.

This articles guides you to configure a openldap server specially for doing HP ILO2 authentication. I'm using RedHat Enterprise Linux 4 update 5 and OpenLDAP. It's only being tested on HP DL385G2 server although it might be working for other models too.


The following is the some important concept for enabling ilo2 authentication through openldap.

On OpenLDAP:

• Adding ‘memberOf’ attribute and ‘user’ objectclass into openldap (details later)

• Allow version 2 binding in /etc/openldap/slapd.conf which is ‘allow bind_v2’

• Slapd must also listen on port 636(ldaps)

On ILO2:

• Using schema-free configuration in ILO

• Specify port 636 and OpenLDAP servername or IP address

• Configuring user context and group DN

Special schema for ilo auth in /etc/openldap/slapd.conf

[root@repo openldap]# grep -e ilo.schema -e bind_v2 /etc/openldap/slapd.conf
include /etc/openldap/schema/ilo.schema
allow bind_v2

[root@repo openldap]# grep TLS /etc/openldap/slapd.conf
TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
Note: must enable TLS for listening on port 636 for ilo ldaps connection

[root@repo openldap]# more /etc/openldap/schema/ilo.schema
attributetype ( 1.3.6.1.4.1.15959.9.1.1
NAME 'memberOf'
DESC 'Group which user belongs to'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

objectclass ( 1.3.6.1.4.1.15959.9.2.1
NAME 'memberOf'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP '
MUST ( memberOf )
)

objectclass ( 1.3.6.1.4.1.15959.9.2.2
NAME 'user'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP '
)

Import ldif

Note: replace ou=linuxtechres and dc=blogspot,dc=com with your organization ones.

[root@repo ldif]# more base.ldif
dn: dc=blogspot,dc=com
dc: blogspot
description: Root LDAP entry
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=linuxtechres,dc=blogspot,dc=com
objectclass: top
objectclass: organizationalunit
ou: linuxtechres

dn: ou=groups,ou=linuxtechres,dc=blogspot,dc=com
objectclass: top
objectclass: organizationalunit
ou: groups
dn: ou=users,ou=linuxtechres,dc=blogspot,dc=com
objectclass: top
objectclass: organizationalunit
ou: users
[root@repo ldif]# more user.ldif
dn: cn=jephe.wu,ou=users,ou=linuxtechres,dc=blogspot,dc=com
cn: jephe.wu
uid: jephe.wu
sn: Wu
uidnumber: 1000
homedirectory: /home/jephe.wu
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectclass: inetorgperson
objectClass: memberOf
objectClass: user
shadowLastChange: 13650
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
gidNumber: 100
displayname: Jephe Wu
userPassword: {SSHA}7znBGbK5/GMGWVryUuunxgQ87N8L38/b
memberOf: cn=iloadmin,ou=groups,ou=linuxtechres,dc=blogspot,dc=com
[root@repo ldif]# more groups.ldif
dn: cn=iloadmin,ou=groups,ou=linuxtechres,dc=blogspot,dc=com
cn: iloadmin
objectClass: top
objectClass: groupofnames
member: cn=jephe.wu,ou=linuxtechres,dc=blogspot,dc=com

ILO Configuration

Enable the following options on ILO2 (Administration-Security- Directory Settings)
Use Directory Default Schema
Local User Accounts Enabled
Directory Server Address: FQDN of openldap server or ip address
Directory Server LDAP Port 636
Directory User Context 1 ou=users,ou=linuxtechres,dc=blogspot,dc=com
 
Then go to ‘Administrator Groups’:
Security Group Distinguished Name cn=iloadmin,ou=groups,ou=linuxtechres,dc=blogspot,dc=com
Administer Group Accounts Allowed
Remote Console Access Allowed
Virtual Power and Reset Allowed
Virtual Media Allowed
Configure iLO 2 Settings Allowed

That's it. Now you can login ILO2 as jephe.wu with your openldap entry password for every HP servers in your data center which are configured with openldap authentication.