mp logs scripts
Post on 08-Apr-2016
27 Views
Preview:
DESCRIPTION
TRANSCRIPT
Scripting Techniques: Integrated Lights Out (iLO & iLO 2) for Integrity and HP9000 Entry-Level Servers
Executive Summary .............................................................................................................................. 3
Background: Types of Scripting ............................................................................................................. 3
Execution of iLO commands using SSH-exec ........................................................................................... 4 Supported Firmware and Platforms..................................................................................................... 5 Commands supported over ssh-exec ................................................................................................... 5
BP: Reset BMC Passwords ............................................................................................................ 6 BLADE: Display Blade and Enclosure information ............................................................................ 6 CA: Configure asynchronous local serial port .................................................................................. 6 DATE : Display Date ..................................................................................................................... 6 DC : Default Configuration- reset all parameters............................................................................... 6 DF: Display FRU information .......................................................................................................... 6 DI : Disconnect LAN/WEB/SSH console ......................................................................................... 6 DNS: Domain Name Server settings ............................................................................................... 7 FW : Upgrade the MP Firmware .................................................................................................... 7 ID: System Information settings ....................................................................................................... 7 IT: Inactivity Timeout settings .......................................................................................................... 7 LC: LAN Configuration usage (IP address, etc.) ................................................................................ 8 LDAP: LDAP Directory Settings........................................................................................................ 8 LM: License Management .............................................................................................................. 8 LOC: Locator UID LED configuration ............................................................................................... 8 PC: Power Control ........................................................................................................................ 8 PM: Power Regulator Mode ........................................................................................................... 8 PR: Power Restore policy configuration............................................................................................ 9 PS: Power Status- display the status of the Power Management Module............................................... 9 RB: Reset BMC............................................................................................................................. 9 RS: Reset System through RST signal ............................................................................................... 9 SA: Set Access LAN/WEB/SSH/IPMI over LAN ports....................................................................... 9 SNMP: Configure SNMP parameters ............................................................................................. 9 SO: Security options help (login timeouts, password faults, SSL certificate generation, SSH keys)........... 9 SS: System Status- display the status of the system processors........................................................... 10 SYSREV : Show Firmware Revisions .............................................................................................. 10 TC: System reset through INIT or TOC (Transfer of Control) signal .................................................... 10 UC: User configuration (users, passwords, etc.).............................................................................. 10
2
WHO: Display a list of MP connected users .................................................................................. 11 XD: Diagnostics and/or Reset of MP............................................................................................. 11
Commands not supported over ssh-exec............................................................................................ 11 SMCLP commands and ssh-exec ...................................................................................................... 11
Help: Displays context-sensitive help ............................................................................................. 12 Show: Displays information about managed elements..................................................................... 12 Start: Causes a targeted object to change its state to a higher level .................................................. 14 Stop: Causes a targeted object to change its state to a lower level ................................................... 14 Reset: Causes a target to cycle from enabled to disabled and back to enabled.................................. 14 Set: Sets a property to a specific value.......................................................................................... 15 Load: Moves a binary image to iLO2 from a URI............................................................................ 16 Create: Creates a new instance of an object ................................................................................. 16 Delete: Deletes an instance of a target object................................................................................. 16 Version: Queries the version of the SMCLP implementation.............................................................. 16
Example: Scripted Virtual Media ......................................................................................................... 16 Step 1: Set up the media on a Web server........................................................................................ 17 Step 2: Connect the media to the appropriate iLO ............................................................................. 17 Step 3: Perform the task that was intended with the Media.................................................................. 17 Step 4: Disconnect the media .......................................................................................................... 17
General purpose tools like Expect........................................................................................................ 17
Product Information............................................................................................................................ 20
iLO Advanced License........................................................................................................................ 20 iLO Advanced evaluation license.................................................................................................. 20
Conclusion........................................................................................................................................ 20
Appendix: ........................................................................................................................................ 22 Glossary ....................................................................................................................................... 22
For More Information ......................................................................................................................... 23
Call to action .................................................................................................................................... 23
3
Executive Summary
The Integrated Lights-Out (iLO) management processor for Integrity and HP9000 servers is an autonomous management subsystem embedded directly on the server. When administering many machines in a large datacenter it is convenient to automate simple tasks using scripts so that the same action can be performed many times on a particular server, or on many different servers. The iLO management processor on Integrity systems supports scripting via its text user interface using scripting tools such as Expect, or by allowing execution of commands over SSH-exec.
Background: Types of Scripting
There are two types of scripting - Text-based, and XML. Text-based is done via a telnet or SSH connection, while XML is typically done over an http (web) connection. Some details:
• Script via the Text User Interface: − Open text mode - need “Expect” or some other tool to send/receive commands.
• The script can send and interpret anything that a real person could do. • Works with all iLO user interfaces, legacy MP, GSP, EFI, HPUX, (any text
user interface) − SSH exec mode
• ssh [-l login_name] hostname | user@hostname [command] • Allows single commands to be run, launched from client, much like rcmd or
rsh • Send an XML script over http:
− Requires a launcher application to run on the client • RIBCL on ProLiant uses this method. (See the documentation links for ProLiant
iLO at the end of this paper for more information.)
The future direction for scripting for both ProLiant and Integrity product lines is to use the “SMASH” industry standard. SMASH, “Systems Management Architecture for Server Hardware”, is a DMTF (Distributed Management Task Force) standard that HP helped create. See http://www.dmtf.org/ for more information about SMASH. The standard defines both a text user interface (which supports SSH exec mode or Open text mode), and an XML over http protocol:
• Script via the Text User Interface: − SMASH Command-Line Protocol (CLP)
• Send an XML script over http: − WS-Manage (also a SMASH protocol)
The entry-level Integrity iLO 2 products have a prototype version of the SMASH Command-Line Protocol running on them, and the ProLiant iLO 2 products also have a version of the SMASH CLP, as well as some WS-Manage support.
Following is a summary of the protocols or user interfaces that are on ProLiant and Integrity iLO 2 products, and their relative support level in terms of how many management processor features can be accessed via that method.
4
Figure 1. Summary of ProLiant and Integrity iLO 2 user interface protocols
Key
Green Full supportLt. Green Minimal support- some common features availableGrey No support
As can be seen by the above table, legacy scripting options exist for both ProLiant and Integrity platforms, and the industry standard options are beginning to become available.
For customers wishing to build out an automation infrastructure for the longer-term that will also work now with existing servers, we recommend using either the SMASH CLP or WS Manage solutions where they are supported, combined with legacy options where necessary.
In this paper, we’ll describe how the SSH-exec scripting and the Expect scripting can be used with Integrity management processors.
Execution of iLO commands using SSH-exec
HP designed the iLO management processor for easy configuration and management. Administrators can choose the method that works best for their IT environment in both configuration and management tools. The entry-level Integrity iLO commands can be run via SSH-exec from the command line, by including the command to be executed and by providing the login credentials. For example, using any scripting utility, such as Perl or Unix Shell (ksh, csh, etc.), an administrator might write a script to remotely power on a server. With complete command-line based scripting capabilities, almost all functions or tasks an administrator can do using Lights-Out technology and a SSH or telnet client can also be done in a secure environment (SSH) through a script running at a remote site.
To run a command over ssh-exec from Linux, for example, a user has to provide input as below: ssh <login name>@<mpnameOrIp> <command to be executed>
5
Sample output for a command executed in this manner shown below. The user is prompted to enter the password for the login provided.
Example: [user3@unix1 ~]$ ssh Admin@mp1.hp.com sa -nc Admin@mp1.hp.com's password: Current Set Access Configuration: Telnet : Enabled Web SSL : Enabled SSH : Enabled IPMI over LAN : Disabled Command Mode : MP Menu -> Command successful. [user3@unix1 ~]$
Supported Firmware and Platforms
To learn which firmware release supports SSH-exec on your Integrity server platform, refer to the table below.
Figure 2. Supported Firmware for Integrity server platforms
Server SSH-exec support (Yes/No)
iLO Firmware revision
rx1600, rx2620,
rx1620, rx2600,
rx5670, rx4640,
rp44xx, rp34xx
Yes E.03.32
rx2660, rx3600, rx6600
Yes F.02.23
Bl860c, Bl870c Yes T.03.12
rx8640, rp8440, rx7640, rp7440
No NA
Superdome No NA
Commands supported over ssh-exec
The following list of commands is provided to help with the scripting syntax for each command. Note that the -nc (no confirmation) is mandatory while specifying commands for scripting.
6
Any differences between iLO and iLO2, or those between iLO2 for rack servers and iLO2 for blades are mentioned along with the commands.
BP: Reset BMC Passwords BP -nc
BLADE: Display Blade and Enclosure information
Only for iLO2 blades:
BLADE -nc
CA: Configure asynchronous local serial port
Display the current serial port configuration
CA -nc
For iLO2 blades:
CA -local -bit <n> -flow <software|hardware> -mode <aux|ilo> -nc
This command also allows a user to set the baud rate, flow control and the mode of operation for the local serial port.
For iLO2 rack servers:
CA -local -bit <n> -flow <software|hardware> -nc
For iLO:
To set the baud rate and flow control for the local serial port:
CA -local -bit <n> -flow <software|hardware> -nc
To set the baud rate, flow control, transmit configuration strings, modem protocol and modem presence for the remote/modem serial port:
CA -remote -bit <n> -flow <soft|hard> -transmit <e| d> -protocol <bell|CCITT> -modem <always|not> -nc
DATE : Display Date DATE -nc
DC : Default Configuration- reset all parameters DC -all default -nc
As the network parameters are also set to defaults here, a subsequent access to the iLO via ssh-exec would work only if the iLO has obtained a valid DHCP ip address.
DF: Display FRU information
To display the FRU IDs:
DF -nc
To display information about a specific FRU:
DF -s <fruid> -view <text|hex> -nc
Dumping of all FRU information using the -all option is not supported in SSH exec mode.
DI : Disconnect LAN/WEB/SSH console
To display the number of remote connections via LAN/WEB/SSH:
DI -nc
To disconnect remote connections:
DI -telnet -web -ssh -nc
For iLO
To disconnect remote and modem connections
7
DI -remote -telnet -web -ssh -nc
DNS: Domain Name Server settings
To view current DNS server settings:
DNS -nc
To configure DNS server settings:
DNS -server <e|d> -domain <e|d> -name <text> -regis ter <y|n>
-1ip <ipaddr> -2ip <ipaddr> -3ip <ipaddr> -nc
To set DNS server settings to defaults:
DNS -all default -nc
FW : Upgrade the MP Firmware FW -ip <ip> -path <path> -login <login>/<password> -nc
ID: System Information settings
To view all information available at ID command:
ID -nc
For iLO2:
To view the host system configuration:
ID -host -nc
To set the asset tag information:
ID -tag <text> -nc
For iLO:
To set the host system configuration:
ID -host <text> -nc
For iLO and iLO2 rack servers - To set the SNMP contact person information:
ID -person -name <text> -telephone <text> -email <t ext> -pager <text> -nc
For iLO2 blades - To view the SNMP server information:
ID -server -nc
For iLO and iLO2 rack servers - To set the SNMP server information:
ID -server -location <text> -rackid <text> -positio n <text> -nc
IT: Inactivity Timeout settings
To view the current inactivity timeout settings:
IT -nc
To configure the inactivity timeout:
For iLO2
IT -command <n> -flow <n> -nc
For iLO
IT -command <n> -flow <n> -login <n> -nc
8
LC: LAN Configuration usage (IP address, etc.)
To view current LAN configuration:
LC -nc
Setting of iLO LAN parameters via LC command is not supported in SSH exec mode.
LDAP: LDAP Directory Settings
To view current LDAP configuration:
LDAP -nc
To configure the directory server:
LDAP -directory -ldap <d|x|s> -mp <e|d> -ip <host/i paddr> -port <n>
-dn <text> -1context <text>
-2context <text> -3co ntext <text> -nc
To configure the groups:
LDAP -groups -change <groupNo.> -dn <text> -rights <e|d>
<console|mp|power|user|virtual |all|none> -nc
To view individual group settings:
LDAP -groups -list <groupNo.> -nc
To set LDAP configuration to defaults:
LDAP -all default -nc
LM: License Management
To view current license information:
LM -nc
To install a license key:
LM -key <license key> -nc
LOC: Locator UID LED configuration
To view current LED settings:
LOC -nc
For iLO and iLO2 - To set the server locator LED:
LOC [ -on | -off ] -nc
For iLO2 blades to set the enclosure locator LED:
LOC -enclosure <on|off> -nc
PC: Power Control
To view the power status:
PC -nc
To set the power state:
PC [ -on | -off | -graceful | -cycle ] -nc
PM: Power Regulator Mode
Only for iLO2
To view the power regulator mode:
PM -nc
To set the power regulator mode:
9
PM [ -dynamic | -low | -high | -os ] -nc
PR: Power Restore policy configuration
To view the power restore policy configuration:
PR -nc
To set the power restore policy configuration:
PR [ -on | -off | -previous ] -nc
PS: Power Status- display the status of the Power Management Module PS -nc
RB: Reset BMC RB -nc
RS: Reset System through RST signal RS -nc
SA: Set Access LAN/WEB/SSH/IPMI over LAN ports
To view the current set access configuration:
SA -nc
To set access configuration to defaults:
SA -all default -nc
For iLO2 - To set remote access and configure command mode:
SA -telnet <e|d> -web <e|d> -ssh <e|d> -lanipmi <e| d>
-command <mpmenu|smclp> -nc
For iLO - To set remote access:
SA -remote <locked|os session|management access>
-telnet <e|d> -web <e|d> -ssh <e|d> -lanipmi <e| d> -nc
SNMP: Configure SNMP parameters
To view SNMP configuration:
SNMP -nc
To set the SNMP configuration:
SNMP -status <e|d> -community <text> -nc
To set SNMP configuration to defaults:
SNMP -all default -nc
Only for iLO2 - To set the SNMP traps configuration
SNMP -traps <e|d> -1dest <ipaddr> -2dest <ipaddr> - 3dest <ipaddr>
-4dest <ipaddr> -nc
SO: Security options help (login timeouts, password faults, SSL certificate generation, SSH keys)
To view current settings for security options:
SO -nc
To set the security options:
SO -options -login <n> -number <n> -fwpci <e|d> -re set <e|d>
-pwdreset <e|d> -nc
10
To configure SSL certificate generation:
SO -ssl -name <text> -organization <text> -unit <te xt> -country <text>
-region <text> -locality <text> -email <tex t> -nc
To generate SSH keys:
SO -ssh -nc
To set the security options to defaults:
SO -all default -nc
SS: System Status- display the status of the system processors SS -nc
SYSREV : Show Firmware Revisions
To view the current firmware versions installed, for various firmware components, including the System Firmware (not just iLO):
SR -nc
TC: System reset through INIT or TOC (Transfer of Control) signal TC -nc
UC: User configuration (users, passwords, etc.)
To view the current local user information:
UC -nc
To delete an existing user:
UC -delete <login> -nc
To list details about a specific user:
UC -list <login> -nc
For iLO2:
To configure a new user:
UC -new <login> -user <text> -workgroup <text>
-rights <e|d> <console|mp|power|user| virtual|all|none>
-mode <single|multiple> -enable <e|d> -password <value> -nc
To modify an existing user:
UC -change <login> -login <newlogin> -user <text> - workgroup <text>
-rights <e|d> <console|mp|power|user| virtual|all|none>
-mode <single|multiple> -enable <e|d> -password <value> -nc
For iLO:
To configure a new user:
UC -new <login> -user <text> -workgroup <text>
-rights <e|d> <console|mp|power|user| all|none>
-mode <single|multiple> -enable <e|d>
-dialback <e|d> -telephone <t> -passw ord <value> -nc
11
To modify an existing user:
UC -change <login> -login <newlogin> -user <text> - workgroup <text>
-rights <e|d> <console|mp|power|user| all|none>
-mode <single|multiple> -enable <e|d>
-dialback <e|d> -telephone <t> -passw ord <value> -nc
WHO: Display a list of MP connected users WHO -nc
XD: Diagnostics and/or Reset of MP
To reset the iLO
XD -r -nc
To test an outward ping from iLO
XD -lan <ipaddress> -nc
To test the parameters checksum
XD -parameter -nc
To test the get device id command
XD -i2c -nc
Commands not supported over ssh-exec
The following commands are not supported over SSH-exec, typically because they’re interactive commands.
1. CL 2. HE 3. LS - The “LC -nc” command can be used, as the results are identical to what would be
obtained if LS were executed. 4. SL 5. TE 6. For iLO, the MR, MS and PG commands are not supported over ssh-exec.
SMCLP commands and ssh-exec
The following SMCLP commands are supported over ssh-exec. CD: Changes the current default target cd <some target>
Ex: cd map1
The cd command is used to change the context for subsequent commands. But as SSH-exec is a single command execution, the next SSH-exec starts over.
In a stand-alone session to the iLO, a normal execution sequence would be “cd <target>” followed by the supported command verbs on that target.
Ex: </> hpiLO-> cd system1 status=0 status_tag=COMMAND COMPLETED /system1
12
</system1> hpiLO-> show status=0 status_tag=COMMAND COMPLETED /system1 Targets consoles1 Properties EnabledState=Enabled Verbs cd help show reset start stop </system1> hpiLO->
In order to achieve the same via an SSH-exec, the target on which the verb needs to be run can be specified as part of the command itself.
Ex: [user3@unix1]$ ssh Admin@mp1.hp.com show /system1
Admin@mp1.hp.com's password:
</> hpiLO-> show /system1
status=0
status_tag=COMMAND COMPLETED
/system1
Targets
consoles1
Properties
EnabledState=Enabled
Verbs
cd help show reset start stop
[user3@unix1]$
Help: Displays context-sensitive help
help displays general help and all supported commands
help <some verb> displays help for the specified verb
help <some target> displays help for the specified target
help <some property> displays help for the specified property
SSH-exec can be used to get help based on any of the options above. This is useful, but logging into an interactive session to get the Help on the commands for writing your script is a lot easier.
Show: Displays information about managed elements
Show displays information about managed elements, targets, their supported properties and verbs. The show command can be run with explicit or implicit targets, but in the context of SSH-exec, the targets have to be specified explicitly.
13
Following is a list of supported show commands and what they do.
Command Description
show <target name> Display information about <target name>
show -l <num> <target name>
show -l all <target name>
Display information about <target name> and contained MEs for number of levels specified or for all levels.
show -d targets Display targets at root
show -d targets <target name> Display targets under <target name>
show -d verbs Display verbs at root
show -d verbs <target name> Display verbs at <target name>
show -d properties=<property name> <target name>
Display the property <property name> of <target name> target
show -d properties=enabledstate system1
Display the power state of the system
show -l all -d properties=(name==”<value>”)
Find a target that has a property name with value <value>
show -l all -d properties=(name==”<value>”),verbs
Find a target that has a property name with value <value> and display all the verbs supported for that target.
show -l all -d properties=EnabledState Find and display all targets that have the EnabledState property
show -l all account* Find an display all Account targets in the system and their information
show /map1/group1/account* Display all user accounts on this iLO2
show -l all swid* Display all firmware revisions
show -d properties=ipv4address /map1/enetport1/lanendpt1/ipendpt1
Display the current IP address of iLO2
show -d properties=subnetmask /map1/enetport1/lanendpt1/ipendpt1
Display the current subnet mask
show -d properties=macaddress /map1/enetport1 OR show -d properties=permanentaddress /map1/enetport1
Display the iLO2 MP MAC address
show -d properties=autosense /map1/enetport1
Display Link state (Autosense)
show /map1/settings1/dnssettings1 Determine all DNS settings
show -d properties=AccessInfo map1/dnsserver* OR show -d properties=DNSServerAddresses
Determine IP Address of the DNS servers (primary, secondary and tertiary)
show map1/settings1/oemhp_ldapsettings1
Display the iLO2 LDAP directory configuration settings.
show /map1/oemhp_vm1/cddr1 Display the properties for cddr1 (scriptable virtual media target)
14
Not supported in SSH exec mode
show -l all
show -l all /map1
show -l 2 /map1
show -d properties=accessinfo /map1/enetport1/lanendpt1/ipendpt1/gateway1
Start: Causes a targeted object to change its state to a higher level
Following is a list of supported start commands and what they do.
Command Description
start system1 Turn on system power
start map1/telnetsvc1 Enables iLO2 telnet service
start map1/sshsvc1 Enables iLO2 SSH service
start /map1/dhcpendpt1 Enable DHCP
Not supported (or not relevant) in SSH exec mode.
Start system1/consoles1/textredirectsap1
Not relevant to SSH exec connections- this command is for initiating an interactive console session. Since SSH exec will close the session soon after executing the command. To script commands to the console, use a tool like “Expect.”
start map1/textredirectsap1 Not relevant to SSH exec connections- this command is for initiating an interactive legacy command-line session. SSH exec will close the session soon after executing the command.
Stop: Causes a targeted object to change its state to a lower level
Following is a list of supported stop commands and what they do.
Command Description
stop system1 Perform a graceful shutdown of the system
stop -f system1 Forcefully power off the system
stop map1/telnetsvc1 Disables iLO2 telnet service
stop map1/sshsvc1 Disables iLO2 SSH service
stop /map1/dhcpendpt1 Disable DHCP
Reset: Causes a target to cycle from enabled to disabled and back to enabled
Following is a list of supported reset commands and what they do.
Command Description
reset system1 Reset the system
reset map1 Reset the iLO
15
Set: Sets a property to a specific value
Following is a list of supported set commands and what they do.
Command Description
set /map1/enetport1/lanendpt1/ipendpt1 IPv4Address=<ipaddr> SubnetMask=<subnet>
Set IP Address and Subnet Mask
set /map1/enetport1 autosense=true Set Link (Autosense)
set DNSServerAddresses=<ip1>,<ip2>
Set Primary and Secondary DNS Server IPs
set DNSServerAddresses=,,<ip3> Set Tertiary DNS server IP
set map1/settings1/dnssettings1 DomainName=<domain name> RegisterThisConnectionsAddress=<Yes|No> RequestedHostName=<hostname>
Set the iLO2 domain name and host name, indicates whether iLO2 registers with DDNS server,
set map1/group1/account<num> name=<name> oemhp_privileges==(<console,power,mp,user,virtual>, <all> or <none>)
Set the user name and privileges for user account<num>
set map1/settings1/oemhp_ldapsetting gs1 oemhp_dirauth=<DefaultSchema|ExtendedSchema|Disabled> oemhp_localacct=<Enable|Disable> oemhp_dirsrvaddr=<ip addr> oemhp_ldapport=<portnum> oemhp_dirdn=<object distinguished name> oem mhp_usercntxt1=<user search context> oemhp_usercntxt2=<usc> oemhp_usercntxt3=<usc>
Configure the LDAP parameters
set /map1/oemhp_vm1/cddr1 oemhp_image=http://<Apache server ip address>/cgi-bin/ISO/install_disk1.iso
For scriptable vMedia (target name /map1/oemhp_vm1/cddr1), insert desired image into the drive.
set /map1/oemhp_vm1/cddr1 oemhp_connect=yes
For scriptable vMedia (target name /map1/oemhp_vm1/cddr1), connect to the media.
set /map1/oemhp_vm1/cddr1 oemhp_connect=no
For scriptable vMedia (target name /map1/oemhp_vm1/cddr1), disconnect from the media and clears the oemhp_image value
Not supported for SSH exec mode
Set /map1/enetport1/lanendpt1/ipendpt1/gateway1 AccessInfo=<ipaddrOfGateway>
set map1/dnsserver1 AccessInfo=15.255.100.16
16
Load: Moves a binary image to iLO2 from a URI
Load can be used to initiate an iLO firmware update via the iLO LAN.
Following is a list of supported load commands and what they do.
Command Description
load -source ftp://<ipaddress>/<FilePath> /map1/swinventory1/swid1
Upgrade iLO firmware using anonymous ftp where <ipaddress> is the ip address of the ftp server hosting upgrade files and <FilePath> is the path of the directory with the upgrade files.
load -source ftp://<name:password>@<ipaddress>/<FilePath> /map1/swinventory1/swid1
Upgrade iLO firmware using name: password to login to ftp server
Create: Creates a new instance of an object
Not supported in SSH exec mode
Command Description
Create /map1/group1/account<num> userid=<userid> userpassword=<password> name=<name> oemhp_privileges=(<console,power,mp,user,virtual>, <all> or <none>)
Not supported in SSH exec mode. Refer to the “UC” command in the legacy set for configuring users.
Delete: Deletes an instance of a target object
Following is a list of delete commands and what they do.
Command Description
delete /map1/group1/account<num>
Delete user account<num>.
Version: Queries the version of the SMCLP implementation
This command does not return the system firmware version, it returns the version of the DMTF standard that this implementation is using (this is not interesting for inclusion in scripts at this point in time.)
Example: Scripted Virtual Media
It should be very clear now how to use the SSH exec scripting capability to do simple tasks like powering on and off the server, collect information off the server, and perform setups and configurations. SSH exec commands can be put into a shell script so multiple commands can be executed, one after another, as well.
17
One very useful task that is scriptable is virtual media deployment. Note that it may be necessary to use a tool like Expect (see next section) to run EFI or OS commands to make more use of the media you mount to install software or an OS, but the act of attaching the virtual media in the iLO is easily scriptable using SSH exec.
The SSH commands enable you to configure virtual media in the same manner as the virtual media applet. However, the actual image is located on a Web server on the same network as iLO 2. After the image location is configured, iLO 2 retrieves the virtual media data directly from the web server.
NOTE: Virtual media scripting does not operate Virtual Media using the browser. Likewise, the browser does not support scripting capabilities. For example, an ISO image mounted using the browser cannot later be dismounted using the scripting interface.
Step 1: Set up the media on a Web server
Virtual Media scripting uses a media image that is stored and retrieved from a Web server accessible from the management (iLO) network. Integrity iLO supports Apache server version 2.2 and later. Put the ISO CD/DVD image in a directory that will be accessible from the iLO’s manageability LAN. For this example, suppose it is at location:
http://<Apache server IP address>>/cgi-bin/ISO/inst all_disk1.iso
Step 2: Connect the media to the appropriate iLO
Use two commands- one to tell iLO the target to connect to, and one to tell it to connect:
set /map1/oemhp_vm1/cddr1 oemhp_image=http://<Apach e server ip address>/cgi-bin/ISO/install_disk1.iso
This sets the iLO to the proper address to acquire the vMedia image.
set /map1/oemhp_vm1/cddr1 oemhp_connect=yes
This tells the iLO to connect to the image.
Step 3: Perform the task that was intended with the Media
This step may involve running the iLO SSH exec commands to gracefully shutdown and then reboot the server, or perhaps running some Expect-style scripted commands to connect to the console to interact with EFI or the OS to install software with the vMedia image.
Step 4: Disconnect the media
set /map1/oemhp_vm1/cddr1 oemhp_connect=no
This tells the iLO to disconnect the image.
General purpose tools like Expect
The midrange and high-end Integrated Lights Out management processors for Integrity currently don’t support SSH exec mode. And lots of other interfaces and devices in the datacenter may not either. A useful tool in the Administrator’s toolkit is learning to use a tool like Expect. (Resources:
18
http://sourceforge.net/projects/expect/, http://expect.nist.gov/, and http://en.wikipedia.org/wiki/Expect has a nice description.)
Here is a sample script that appears long because it does several things:
1. It does not contain the password - a bunch of code is here to accept the password from the user “live”
2. Prompts are done using variables, in a more structured way than is necessary for a quick script
3. Ultimately, all this script does is “sysrev”- there’s just more structure here to show what could be done when beginning to start a library of useful functions for later use.
The extras in the sample are really to show that you can build out an infrastructure of scripts that include other scripts, call other scripts, etc. Once you have a robust script to perform MP login and take you to the CM prompt, for instance, you can just call it from any other script, then invoke the MP command you want.
#!/usr/bin/expect -f
#
# Header comments-
# - Try “autoexpect” to capture a script during an interactive
# session
# - Timing – some programs (rn, ksh, zsh, telnet, etc.) and devices
# discard characters that arrive “too quickly” a fter prompts. If
# you find a new script hanging up at one spot, try adding a short
# sleep just before the previous send. Setting “force_conservative”
# to 1 makes Expect do this automaticall – pausi ng briefly before
# each character.
# USER
set mp_user "Admin"
# Get PASSWORD from interactive session rather than storing in script
stty -echo
send_user "For user $mp_user\n"
send_user "Password: "
expect_user -re "(.*)\n"
set mp_password $expect_out(1,string)
stty echo
# Other Constants
set timeout 10
################################################### #####################
## BEGIN
##
spawn $env(SHELL)
match_max 100000
set mp_name "mymp1.hp.com"
send_user "\n\n----- $mp_name -----\n\n"
# Frequently used Strings
set MA_PROMPT "MP>"
19
set CM_PROMPT "MP:CM>"
send "\r"
# Expect the UNIX prompt...
expect ">$"
#### Log into the MP #####
send -- "telnet $mp_name\r"
expect ".*MP login: $"
send -- "$mp_user\r"
expect "MP password: $"
send -- "$mp_password\r"
expect "$MA_PROMPT"
send -- "cm\r"
expect "$CM_PROMPT"
# View the firmware revisions
send "sysrev\r"
# The sysrev output may span more than one screen . Use a loop
# to browse through multiple screens and get to t he MP command
# prompt.
while (1) {
expect {
"$CM_PROMPT" { break; }
"stream:" { send "s\r"; }
timeout { send "\r"; }
}
}
send "ma\r"
expect "$MA_PROMPT"
send "x\r"
expect eof
With this type of tool, you have unlimited opportunities for automating text interfaces. Administrators can automate setting up the MP/iLO, setting up a server at EFI, deploying HPUX, etc. Anything that a person can type into a text session can be automated.
NOTE: HP does not test or offer support for its products with any particular version of utilities such as Expect
20
Product Information
The table below lists the versions of iLO available for Integrity and HP9000 servers.
Figure 3. Summary of iLO versions for Integrity and HP9000 server platforms
Integrity Product HP9000 Product Management Processor
Rx1600, rx2620 iLO for Integrity & HP9000
MP HW purchase is optional
FW upgradeable from non-iLO MP versions
rx2600, rx4640, rx5670, BL60p
rp3440, rp4440 iLO for Integrity & HP9000
FW upgradeable from non-iLO MP versions
Rx3600, rx6600 iLO 2 for Integrity
Rx7…., rx8… rp7…, rp8… Management Processor
Superdome Superdome Management Processor
iLO Advanced License
On newer Integrity servers with iLO 2, SSH is offered for free with the base iLO 2 product. On older Integrity and HP9000 servers with Integrity iLO, SSH functionality may added with purchase of an Integrity iLO Advanced Pack License, p/n AB500A for each iLO. More information on Advanced Pack for Integrity and HP9000 iLO can be found at:
http://www.hp.com/go/integrityilo
iLO Advanced evaluation license
A free 30-day evaluation license is available for download on the HP website: http://h71028.www7.hp.com/enterprise/cache/279991-0-0-0-121.html. Customers with supported Integrity and HP9000 servers can activate and access iLO Advanced features with the evaluation license. Only one evaluation license can be installed per iLO and the iLO Advanced features automatically deactivate when the evaluation license key expires.
Conclusion
Integrated Lights-Out technology provides system administrators a robust, independently operated connection to the managed server. The comprehensive remote management capabilities are always available, regardless of the state of the server—whether the server is powered on, the OS is loaded, or the OS is functioning. The iLO processor is a secure management system, incorporating multiple layers of security that encompass the hardware, firmware, and communication interfaces. Administrators can enable or disable security features as needed.
21
The iLO management processor is designed for scalability: Using directory services or scripting tools, administrators can easily deploy and manage tens or hundreds of iLO processors. Integrated Lights-Out functionality improves the efficiency of system administration so that customer IT groups can operate more productively.
22
Appendix:
Glossary
Arp/ping Method to set up the LAN address of an unconfigured entry-level MP via the LAN BMC Baseboard Management Controller CLP Command-Line Protocol DHCP Dynamic Host Configuration Protocol DMTF Distributed Management Task Force (http://www.dmtf.org/ ) DVR Digital Video Redirection EFI Extensible Firmware Interface, a standardized boot firmware architecture GUI Graphical User Interface HA High Availability iLO Integrated Light's Out iLO 2 Integrated Light's Out 2- newer technology version of iLO with DVR technology KVM Keyboard, Video, Mouse MP Management Processor RIBCL Remote Insight Board Command Language. An XML scripting language used
with iLO management processors for getting data and sending commands. Transport is either http or https.
SIM, HPSIM HP Systems Insight Manager SMASH Systems Management Architecture for Server Hardware SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Sockets Layer TUI Text User Interface UART Universal Asynchronous Receiver Transmitter WBEM Web-Based Enterprise Management, see dmtf.org for more information WS-Manage A specification of a SOAP-based protocol for management, based on DMTF
open standards and internet web services standard XML Extensible Markup Language
23
For More Information
Visit the following links to learn more about Integrated Lights-Out and related remote management technologies.
Description Web Address
Integrated Lights-Out (iLO) for HP Integrity and HP9000 Servers, General Information Page
http://www.hp.com/go/integrityilo
Advanced License Purchase (Same as above)
Advanced License Trial (Same as above)
HP Integrity iLO 2 Operations Guide http://docs.hp.com/en/5991-6024/index.html
Scripting and Command-line Resource Guide for ProLiant iLO
http://h18013.www1.hp.com/products/servers/management/ilo/documentation.html
Deploying HP KVM consoling solutions http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00793971/c00793971.pdf?jumpid=reg_R1002_USEN
Deploying HP serial consoling solutions http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01080873/c01080873.pdf?jumpid=reg_R1002_USEN
HP Integrity Essentials http://h71028.www7.hp.com/integrity/cache/599842-0-0-0-121.html
HP Systems Insight Manager http://h18013.www1.hp.com/products/servers/management/hpsim/index.html
There are also a number of resources describing Directory Services Integration (LDAP). It’s useful to use scripting to set up all the iLO’s in the datacenter to use Directory Services, then manage passwords and users at the datacenter Directory level rather than in each iLO. (Directory Services Integration is an Integrity iLO and Integrity iLO 2 Advanced feature.)
Description Web Address
Integrity iLO Operations Guide, section on LDAP Integration
http://docs.hp.com/en/5991-6024/ch07.html
LDAP-UX Integration http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J4269AA
Integrating HP ProLiant Lights-Out processors with Microsoft Active Directory
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf?jumpid=reg_R1002_USEN
Call to action
Send comments about this paper to TechCom@HP.com.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Itanium is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.
4AA2-6329ENW, May 2009
top related