Scripting Techniques: Integrated Lights Out (iLO & iLO 2) for Integrity and HP9000 Entry-Level Servers

Executive Summary .............................................................................................................................. 3

Background: Types of Scripting ............................................................................................................. 3

Execution of iLO commands using SSH-exec ........................................................................................... 4 Supported Firmware and Platforms..................................................................................................... 5 Commands supported over ssh-exec ................................................................................................... 5

BP: Reset BMC Passwords ............................................................................................................ 6 BLADE: Display Blade and Enclosure information ............................................................................ 6 CA: Configure asynchronous local serial port .................................................................................. 6 DATE : Display Date ..................................................................................................................... 6 DC : Default Configuration- reset all parameters............................................................................... 6 DF: Display FRU information .......................................................................................................... 6 DI : Disconnect LAN/WEB/SSH console ......................................................................................... 6 DNS: Domain Name Server settings ............................................................................................... 7 FW : Upgrade the MP Firmware .................................................................................................... 7 ID: System Information settings ....................................................................................................... 7 IT: Inactivity Timeout settings .......................................................................................................... 7 LC: LAN Configuration usage (IP address, etc.) ................................................................................ 8 LDAP: LDAP Directory Settings........................................................................................................ 8 LM: License Management .............................................................................................................. 8 LOC: Locator UID LED configuration ............................................................................................... 8 PC: Power Control ........................................................................................................................ 8 PM: Power Regulator Mode ........................................................................................................... 8 PR: Power Restore policy configuration............................................................................................ 9 PS: Power Status- display the status of the Power Management Module............................................... 9 RB: Reset BMC............................................................................................................................. 9 RS: Reset System through RST signal ............................................................................................... 9 SA: Set Access LAN/WEB/SSH/IPMI over LAN ports....................................................................... 9 SNMP: Configure SNMP parameters ............................................................................................. 9 SO: Security options help (login timeouts, password faults, SSL certificate generation, SSH keys)........... 9 SS: System Status- display the status of the system processors........................................................... 10 SYSREV : Show Firmware Revisions .............................................................................................. 10 TC: System reset through INIT or TOC (Transfer of Control) signal .................................................... 10 UC: User configuration (users, passwords, etc.).............................................................................. 10

2

WHO: Display a list of MP connected users .................................................................................. 11 XD: Diagnostics and/or Reset of MP............................................................................................. 11

Commands not supported over ssh-exec............................................................................................ 11 SMCLP commands and ssh-exec ...................................................................................................... 11

Help: Displays context-sensitive help ............................................................................................. 12 Show: Displays information about managed elements..................................................................... 12 Start: Causes a targeted object to change its state to a higher level .................................................. 14 Stop: Causes a targeted object to change its state to a lower level ................................................... 14 Reset: Causes a target to cycle from enabled to disabled and back to enabled.................................. 14 Set: Sets a property to a specific value.......................................................................................... 15 Load: Moves a binary image to iLO2 from a URI............................................................................ 16 Create: Creates a new instance of an object ................................................................................. 16 Delete: Deletes an instance of a target object................................................................................. 16 Version: Queries the version of the SMCLP implementation.............................................................. 16

Example: Scripted Virtual Media ......................................................................................................... 16 Step 1: Set up the media on a Web server........................................................................................ 17 Step 2: Connect the media to the appropriate iLO ............................................................................. 17 Step 3: Perform the task that was intended with the Media.................................................................. 17 Step 4: Disconnect the media .......................................................................................................... 17

General purpose tools like Expect........................................................................................................ 17

Product Information............................................................................................................................ 20

iLO Advanced License........................................................................................................................ 20 iLO Advanced evaluation license.................................................................................................. 20

Conclusion........................................................................................................................................ 20

Appendix: ........................................................................................................................................ 22 Glossary ....................................................................................................................................... 22

For More Information ......................................................................................................................... 23

Call to action .................................................................................................................................... 23

3

Executive Summary

The Integrated Lights-Out (iLO) management processor for Integrity and HP9000 servers is an autonomous management subsystem embedded directly on the server. When administering many machines in a large datacenter it is convenient to automate simple tasks using scripts so that the same action can be performed many times on a particular server, or on many different servers. The iLO management processor on Integrity systems supports scripting via its text user interface using scripting tools such as Expect, or by allowing execution of commands over SSH-exec.

Background: Types of Scripting

There are two types of scripting - Text-based, and XML. Text-based is done via a telnet or SSH connection, while XML is typically done over an http (web) connection. Some details:

• Script via the Text User Interface: − Open text mode - need “Expect” or some other tool to send/receive commands.

• The script can send and interpret anything that a real person could do. • Works with all iLO user interfaces, legacy MP, GSP, EFI, HPUX, (any text

user interface) − SSH exec mode

• ssh [-l login_name] hostname | user@hostname [command] • Allows single commands to be run, launched from client, much like rcmd or

rsh • Send an XML script over http:

− Requires a launcher application to run on the client • RIBCL on ProLiant uses this method. (See the documentation links for ProLiant

iLO at the end of this paper for more information.)

The future direction for scripting for both ProLiant and Integrity product lines is to use the “SMASH” industry standard. SMASH, “Systems Management Architecture for Server Hardware”, is a DMTF (Distributed Management Task Force) standard that HP helped create. See http://www.dmtf.org/ for more information about SMASH. The standard defines both a text user interface (which supports SSH exec mode or Open text mode), and an XML over http protocol:

• Script via the Text User Interface: − SMASH Command-Line Protocol (CLP)

• Send an XML script over http: − WS-Manage (also a SMASH protocol)

The entry-level Integrity iLO 2 products have a prototype version of the SMASH Command-Line Protocol running on them, and the ProLiant iLO 2 products also have a version of the SMASH CLP, as well as some WS-Manage support.

Following is a summary of the protocols or user interfaces that are on ProLiant and Integrity iLO 2 products, and their relative support level in terms of how many management processor features can be accessed via that method.

4

Figure 1. Summary of ProLiant and Integrity iLO 2 user interface protocols

Key

Green Full supportLt. Green Minimal support- some common features availableGrey No support

As can be seen by the above table, legacy scripting options exist for both ProLiant and Integrity platforms, and the industry standard options are beginning to become available.

For customers wishing to build out an automation infrastructure for the longer-term that will also work now with existing servers, we recommend using either the SMASH CLP or WS Manage solutions where they are supported, combined with legacy options where necessary.

In this paper, we’ll describe how the SSH-exec scripting and the Expect scripting can be used with Integrity management processors.

Execution of iLO commands using SSH-exec

HP designed the iLO management processor for easy configuration and management. Administrators can choose the method that works best for their IT environment in both configuration and management tools. The entry-level Integrity iLO commands can be run via SSH-exec from the command line, by including the command to be executed and by providing the login credentials. For example, using any scripting utility, such as Perl or Unix Shell (ksh, csh, etc.), an administrator might write a script to remotely power on a server. With complete command-line based scripting capabilities, almost all functions or tasks an administrator can do using Lights-Out technology and a SSH or telnet client can also be done in a secure environment (SSH) through a script running at a remote site.

To run a command over ssh-exec from Linux, for example, a user has to provide input as below: ssh <login name>@<mpnameOrIp> <command to be executed>

5

Sample output for a command executed in this manner shown below. The user is prompted to enter the password for the login provided.

Example: [user3@unix1 ~]$ ssh Admin@mp1.hp.com sa -nc Admin@mp1.hp.com's password: Current Set Access Configuration: Telnet : Enabled Web SSL : Enabled SSH : Enabled IPMI over LAN : Disabled Command Mode : MP Menu -> Command successful. [user3@unix1 ~]$

Supported Firmware and Platforms

To learn which firmware release supports SSH-exec on your Integrity server platform, refer to the table below.

Figure 2. Supported Firmware for Integrity server platforms

Server SSH-exec support (Yes/No)

iLO Firmware revision

rx1600, rx2620,

rx1620, rx2600,

rx5670, rx4640,

rp44xx, rp34xx

Yes E.03.32

rx2660, rx3600, rx6600

Yes F.02.23

Bl860c, Bl870c Yes T.03.12

rx8640, rp8440, rx7640, rp7440

No NA

Superdome No NA

Commands supported over ssh-exec

The following list of commands is provided to help with the scripting syntax for each command. Note that the -nc (no confirmation) is mandatory while specifying commands for scripting.

6

Any differences between iLO and iLO2, or those between iLO2 for rack servers and iLO2 for blades are mentioned along with the commands.

BP: Reset BMC Passwords BP -nc

BLADE: Display Blade and Enclosure information

Only for iLO2 blades:

BLADE -nc

CA: Configure asynchronous local serial port

Display the current serial port configuration

CA -nc

For iLO2 blades:

CA -local -bit <n> -flow <software|hardware> -mode <aux|ilo> -nc

This command also allows a user to set the baud rate, flow control and the mode of operation for the local serial port.

For iLO2 rack servers:

CA -local -bit <n> -flow <software|hardware> -nc

For iLO:

To set the baud rate and flow control for the local serial port:

CA -local -bit <n> -flow <software|hardware> -nc

To set the baud rate, flow control, transmit configuration strings, modem protocol and modem presence for the remote/modem serial port:

CA -remote -bit <n> -flow <soft|hard> -transmit <e| d> -protocol <bell|CCITT> -modem <always|not> -nc

DATE : Display Date DATE -nc

DC : Default Configuration- reset all parameters DC -all default -nc

As the network parameters are also set to defaults here, a subsequent access to the iLO via ssh-exec would work only if the iLO has obtained a valid DHCP ip address.

DF: Display FRU information

To display the FRU IDs:

DF -nc

To display information about a specific FRU:

DF -s <fruid> -view <text|hex> -nc

Dumping of all FRU information using the -all option is not supported in SSH exec mode.

DI : Disconnect LAN/WEB/SSH console

To display the number of remote connections via LAN/WEB/SSH:

DI -nc

To disconnect remote connections:

DI -telnet -web -ssh -nc

For iLO

To disconnect remote and modem connections

7

DI -remote -telnet -web -ssh -nc

DNS: Domain Name Server settings

To view current DNS server settings:

DNS -nc

To configure DNS server settings:

DNS -server <e|d> -domain <e|d> -name <text> -regis ter <y|n>

-1ip <ipaddr> -2ip <ipaddr> -3ip <ipaddr> -nc

To set DNS server settings to defaults:

DNS -all default -nc

FW : Upgrade the MP Firmware FW -ip <ip> -path <path> -login <login>/<password> -nc

ID: System Information settings

To view all information available at ID command:

ID -nc

For iLO2:

To view the host system configuration:

ID -host -nc

To set the asset tag information:

ID -tag <text> -nc

For iLO:

To set the host system configuration:

ID -host <text> -nc

For iLO and iLO2 rack servers - To set the SNMP contact person information:

ID -person -name <text> -telephone <text> -email <t ext> -pager <text> -nc

For iLO2 blades - To view the SNMP server information:

ID -server -nc

For iLO and iLO2 rack servers - To set the SNMP server information:

ID -server -location <text> -rackid <text> -positio n <text> -nc

IT: Inactivity Timeout settings

To view the current inactivity timeout settings:

IT -nc

To configure the inactivity timeout:

For iLO2

IT -command <n> -flow <n> -nc

For iLO

IT -command <n> -flow <n> -login <n> -nc

8

LC: LAN Configuration usage (IP address, etc.)

To view current LAN configuration:

LC -nc

Setting of iLO LAN parameters via LC command is not supported in SSH exec mode.

LDAP: LDAP Directory Settings

To view current LDAP configuration:

LDAP -nc

To configure the directory server:

LDAP -directory -ldap <d|x|s> -mp <e|d> -ip <host/i paddr> -port <n>

-dn <text> -1context <text>

-2context <text> -3co ntext <text> -nc

To configure the groups:

LDAP -groups -change <groupNo.> -dn <text> -rights <e|d>

<console|mp|power|user|virtual |all|none> -nc

To view individual group settings:

LDAP -groups -list <groupNo.> -nc

To set LDAP configuration to defaults:

LDAP -all default -nc

LM: License Management

To view current license information:

LM -nc

To install a license key:

LM -key <license key> -nc

LOC: Locator UID LED configuration

To view current LED settings:

LOC -nc

For iLO and iLO2 - To set the server locator LED:

LOC [ -on | -off ] -nc

For iLO2 blades to set the enclosure locator LED:

LOC -enclosure <on|off> -nc

PC: Power Control

To view the power status:

PC -nc

To set the power state:

PC [ -on | -off | -graceful | -cycle ] -nc

PM: Power Regulator Mode

Only for iLO2

To view the power regulator mode:

PM -nc

To set the power regulator mode:

9

PM [ -dynamic | -low | -high | -os ] -nc

PR: Power Restore policy configuration

To view the power restore policy configuration:

PR -nc

To set the power restore policy configuration:

PR [ -on | -off | -previous ] -nc

PS: Power Status- display the status of the Power Management Module PS -nc

RB: Reset BMC RB -nc

RS: Reset System through RST signal RS -nc

SA: Set Access LAN/WEB/SSH/IPMI over LAN ports

To view the current set access configuration:

SA -nc

To set access configuration to defaults:

SA -all default -nc

For iLO2 - To set remote access and configure command mode:

SA -telnet <e|d> -web <e|d> -ssh <e|d> -lanipmi <e| d>

-command <mpmenu|smclp> -nc

For iLO - To set remote access:

SA -remote <locked|os session|management access>

-telnet <e|d> -web <e|d> -ssh <e|d> -lanipmi <e| d> -nc

SNMP: Configure SNMP parameters

To view SNMP configuration:

SNMP -nc

To set the SNMP configuration:

SNMP -status <e|d> -community <text> -nc

To set SNMP configuration to defaults:

SNMP -all default -nc

Only for iLO2 - To set the SNMP traps configuration

SNMP -traps <e|d> -1dest <ipaddr> -2dest <ipaddr> - 3dest <ipaddr>

-4dest <ipaddr> -nc

SO: Security options help (login timeouts, password faults, SSL certificate generation, SSH keys)

To view current settings for security options:

SO -nc

To set the security options:

SO -options -login <n> -number <n> -fwpci <e|d> -re set <e|d>

-pwdreset <e|d> -nc

10

To configure SSL certificate generation:

SO -ssl -name <text> -organization <text> -unit <te xt> -country <text>

-region <text> -locality <text> -email <tex t> -nc

To generate SSH keys:

SO -ssh -nc

To set the security options to defaults:

SO -all default -nc

SS: System Status- display the status of the system processors SS -nc

SYSREV : Show Firmware Revisions

To view the current firmware versions installed, for various firmware components, including the System Firmware (not just iLO):

SR -nc

TC: System reset through INIT or TOC (Transfer of Control) signal TC -nc

UC: User configuration (users, passwords, etc.)

To view the current local user information:

UC -nc

To delete an existing user:

UC -delete <login> -nc

To list details about a specific user:

UC -list <login> -nc

For iLO2:

To configure a new user:

UC -new <login> -user <text> -workgroup <text>

-rights <e|d> <console|mp|power|user| virtual|all|none>

-mode <single|multiple> -enable <e|d> -password <value> -nc

To modify an existing user:

UC -change <login> -login <newlogin> -user <text> - workgroup <text>

-rights <e|d> <console|mp|power|user| virtual|all|none>

-mode <single|multiple> -enable <e|d> -password <value> -nc

For iLO:

To configure a new user:

UC -new <login> -user <text> -workgroup <text>

-rights <e|d> <console|mp|power|user| all|none>

-mode <single|multiple> -enable <e|d>

-dialback <e|d> -telephone <t> -passw ord <value> -nc

11

To modify an existing user:

UC -change <login> -login <newlogin> -user <text> - workgroup <text>

-rights <e|d> <console|mp|power|user| all|none>

-mode <single|multiple> -enable <e|d>

-dialback <e|d> -telephone <t> -passw ord <value> -nc

WHO: Display a list of MP connected users WHO -nc

XD: Diagnostics and/or Reset of MP

To reset the iLO

XD -r -nc

To test an outward ping from iLO

XD -lan <ipaddress> -nc

To test the parameters checksum

XD -parameter -nc

To test the get device id command

XD -i2c -nc

Commands not supported over ssh-exec

The following commands are not supported over SSH-exec, typically because they’re interactive commands.

1. CL 2. HE 3. LS - The “LC -nc” command can be used, as the results are identical to what would be

obtained if LS were executed. 4. SL 5. TE 6. For iLO, the MR, MS and PG commands are not supported over ssh-exec.

SMCLP commands and ssh-exec

The following SMCLP commands are supported over ssh-exec. CD: Changes the current default target cd <some target>

Ex: cd map1

The cd command is used to change the context for subsequent commands. But as SSH-exec is a single command execution, the next SSH-exec starts over.

In a stand-alone session to the iLO, a normal execution sequence would be “cd <target>” followed by the supported command verbs on that target.

Ex: </> hpiLO-> cd system1 status=0 status_tag=COMMAND COMPLETED /system1

12

</system1> hpiLO-> show status=0 status_tag=COMMAND COMPLETED /system1 Targets consoles1 Properties EnabledState=Enabled Verbs cd help show reset start stop </system1> hpiLO->

In order to achieve the same via an SSH-exec, the target on which the verb needs to be run can be specified as part of the command itself.

Ex: [user3@unix1]$ ssh Admin@mp1.hp.com show /system1

Admin@mp1.hp.com's password:

</> hpiLO-> show /system1

status=0

status_tag=COMMAND COMPLETED

/system1

Targets

consoles1

Properties

EnabledState=Enabled

Verbs

cd help show reset start stop

[user3@unix1]$

Help: Displays context-sensitive help

help displays general help and all supported commands

help <some verb> displays help for the specified verb

help <some target> displays help for the specified target

help <some property> displays help for the specified property

SSH-exec can be used to get help based on any of the options above. This is useful, but logging into an interactive session to get the Help on the commands for writing your script is a lot easier.

Show: Displays information about managed elements

Show displays information about managed elements, targets, their supported properties and verbs. The show command can be run with explicit or implicit targets, but in the context of SSH-exec, the targets have to be specified explicitly.

13

Following is a list of supported show commands and what they do.

Command Description

show <target name> Display information about <target name>

show -l <num> <target name>

show -l all <target name>

Display information about <target name> and contained MEs for number of levels specified or for all levels.

show -d targets Display targets at root

show -d targets <target name> Display targets under <target name>

show -d verbs Display verbs at root

show -d verbs <target name> Display verbs at <target name>

show -d properties=<property name> <target name>

Display the property <property name> of <target name> target

show -d properties=enabledstate system1

Display the power state of the system

show -l all -d properties=(name==”<value>”)

Find a target that has a property name with value <value>

show -l all -d properties=(name==”<value>”),verbs

Find a target that has a property name with value <value> and display all the verbs supported for that target.

show -l all -d properties=EnabledState Find and display all targets that have the EnabledState property

show -l all account* Find an display all Account targets in the system and their information

show /map1/group1/account* Display all user accounts on this iLO2

show -l all swid* Display all firmware revisions

show -d properties=ipv4address /map1/enetport1/lanendpt1/ipendpt1

Display the current IP address of iLO2

show -d properties=subnetmask /map1/enetport1/lanendpt1/ipendpt1

Display the current subnet mask

show -d properties=macaddress /map1/enetport1 OR show -d properties=permanentaddress /map1/enetport1

Display the iLO2 MP MAC address

show -d properties=autosense /map1/enetport1

Display Link state (Autosense)

show /map1/settings1/dnssettings1 Determine all DNS settings

show -d properties=AccessInfo map1/dnsserver* OR show -d properties=DNSServerAddresses

Determine IP Address of the DNS servers (primary, secondary and tertiary)

show map1/settings1/oemhp_ldapsettings1

Display the iLO2 LDAP directory configuration settings.

show /map1/oemhp_vm1/cddr1 Display the properties for cddr1 (scriptable virtual media target)

14

Not supported in SSH exec mode

show -l all

show -l all /map1

show -l 2 /map1

show -d properties=accessinfo /map1/enetport1/lanendpt1/ipendpt1/gateway1

Start: Causes a targeted object to change its state to a higher level

Following is a list of supported start commands and what they do.

Command Description

start system1 Turn on system power

start map1/telnetsvc1 Enables iLO2 telnet service

start map1/sshsvc1 Enables iLO2 SSH service

start /map1/dhcpendpt1 Enable DHCP

Not supported (or not relevant) in SSH exec mode.

Start system1/consoles1/textredirectsap1

Not relevant to SSH exec connections- this command is for initiating an interactive console session. Since SSH exec will close the session soon after executing the command. To script commands to the console, use a tool like “Expect.”

start map1/textredirectsap1 Not relevant to SSH exec connections- this command is for initiating an interactive legacy command-line session. SSH exec will close the session soon after executing the command.

Stop: Causes a targeted object to change its state to a lower level

Following is a list of supported stop commands and what they do.

Command Description

stop system1 Perform a graceful shutdown of the system

stop -f system1 Forcefully power off the system

stop map1/telnetsvc1 Disables iLO2 telnet service

stop map1/sshsvc1 Disables iLO2 SSH service

stop /map1/dhcpendpt1 Disable DHCP

Reset: Causes a target to cycle from enabled to disabled and back to enabled

Following is a list of supported reset commands and what they do.

Command Description

reset system1 Reset the system

reset map1 Reset the iLO

15

Set: Sets a property to a specific value

Following is a list of supported set commands and what they do.

Command Description

set /map1/enetport1/lanendpt1/ipendpt1 IPv4Address=<ipaddr> SubnetMask=<subnet>

Set IP Address and Subnet Mask

set /map1/enetport1 autosense=true Set Link (Autosense)

set DNSServerAddresses=<ip1>,<ip2>

Set Primary and Secondary DNS Server IPs

set DNSServerAddresses=,,<ip3> Set Tertiary DNS server IP

set map1/settings1/dnssettings1 DomainName=<domain name> RegisterThisConnectionsAddress=<Yes|No> RequestedHostName=<hostname>

Set the iLO2 domain name and host name, indicates whether iLO2 registers with DDNS server,

set map1/group1/account<num> name=<name> oemhp_privileges==(<console,power,mp,user,virtual>, <all> or <none>)

Set the user name and privileges for user account<num>

set map1/settings1/oemhp_ldapsetting gs1 oemhp_dirauth=<DefaultSchema|ExtendedSchema|Disabled> oemhp_localacct=<Enable|Disable> oemhp_dirsrvaddr=<ip addr> oemhp_ldapport=<portnum> oemhp_dirdn=<object distinguished name> oem mhp_usercntxt1=<user search context> oemhp_usercntxt2=<usc> oemhp_usercntxt3=<usc>

Configure the LDAP parameters

set /map1/oemhp_vm1/cddr1 oemhp_image=http://<Apache server ip address>/cgi-bin/ISO/install_disk1.iso

For scriptable vMedia (target name /map1/oemhp_vm1/cddr1), insert desired image into the drive.

set /map1/oemhp_vm1/cddr1 oemhp_connect=yes

For scriptable vMedia (target name /map1/oemhp_vm1/cddr1), connect to the media.

set /map1/oemhp_vm1/cddr1 oemhp_connect=no

For scriptable vMedia (target name /map1/oemhp_vm1/cddr1), disconnect from the media and clears the oemhp_image value

Not supported for SSH exec mode

Set /map1/enetport1/lanendpt1/ipendpt1/gateway1 AccessInfo=<ipaddrOfGateway>

set map1/dnsserver1 AccessInfo=15.255.100.16

16

Load: Moves a binary image to iLO2 from a URI

Load can be used to initiate an iLO firmware update via the iLO LAN.

Following is a list of supported load commands and what they do.

Command Description

load -source ftp://<ipaddress>/<FilePath> /map1/swinventory1/swid1

Upgrade iLO firmware using anonymous ftp where <ipaddress> is the ip address of the ftp server hosting upgrade files and <FilePath> is the path of the directory with the upgrade files.

load -source ftp://<name:password>@<ipaddress>/<FilePath> /map1/swinventory1/swid1

Upgrade iLO firmware using name: password to login to ftp server

Create: Creates a new instance of an object

Not supported in SSH exec mode

Command Description

Create /map1/group1/account<num> userid=<userid> userpassword=<password> name=<name> oemhp_privileges=(<console,power,mp,user,virtual>, <all> or <none>)

Not supported in SSH exec mode. Refer to the “UC” command in the legacy set for configuring users.

Delete: Deletes an instance of a target object

Following is a list of delete commands and what they do.

Command Description

delete /map1/group1/account<num>

Delete user account<num>.

Version: Queries the version of the SMCLP implementation

This command does not return the system firmware version, it returns the version of the DMTF standard that this implementation is using (this is not interesting for inclusion in scripts at this point in time.)

Example: Scripted Virtual Media

It should be very clear now how to use the SSH exec scripting capability to do simple tasks like powering on and off the server, collect information off the server, and perform setups and configurations. SSH exec commands can be put into a shell script so multiple commands can be executed, one after another, as well.

17

One very useful task that is scriptable is virtual media deployment. Note that it may be necessary to use a tool like Expect (see next section) to run EFI or OS commands to make more use of the media you mount to install software or an OS, but the act of attaching the virtual media in the iLO is easily scriptable using SSH exec.

The SSH commands enable you to configure virtual media in the same manner as the virtual media applet. However, the actual image is located on a Web server on the same network as iLO 2. After the image location is configured, iLO 2 retrieves the virtual media data directly from the web server.

NOTE: Virtual media scripting does not operate Virtual Media using the browser. Likewise, the browser does not support scripting capabilities. For example, an ISO image mounted using the browser cannot later be dismounted using the scripting interface.

Step 1: Set up the media on a Web server

Virtual Media scripting uses a media image that is stored and retrieved from a Web server accessible from the management (iLO) network. Integrity iLO supports Apache server version 2.2 and later. Put the ISO CD/DVD image in a directory that will be accessible from the iLO’s manageability LAN. For this example, suppose it is at location:

http://<Apache server IP address>>/cgi-bin/ISO/inst all_disk1.iso

Step 2: Connect the media to the appropriate iLO

Use two commands- one to tell iLO the target to connect to, and one to tell it to connect:

set /map1/oemhp_vm1/cddr1 oemhp_image=http://<Apach e server ip address>/cgi-bin/ISO/install_disk1.iso

This sets the iLO to the proper address to acquire the vMedia image.

set /map1/oemhp_vm1/cddr1 oemhp_connect=yes

This tells the iLO to connect to the image.

Step 3: Perform the task that was intended with the Media

This step may involve running the iLO SSH exec commands to gracefully shutdown and then reboot the server, or perhaps running some Expect-style scripted commands to connect to the console to interact with EFI or the OS to install software with the vMedia image.

Step 4: Disconnect the media

set /map1/oemhp_vm1/cddr1 oemhp_connect=no

This tells the iLO to disconnect the image.

General purpose tools like Expect

The midrange and high-end Integrated Lights Out management processors for Integrity currently don’t support SSH exec mode. And lots of other interfaces and devices in the datacenter may not either. A useful tool in the Administrator’s toolkit is learning to use a tool like Expect. (Resources:

18

http://sourceforge.net/projects/expect/, http://expect.nist.gov/, and http://en.wikipedia.org/wiki/Expect has a nice description.)

Here is a sample script that appears long because it does several things:

1. It does not contain the password - a bunch of code is here to accept the password from the user “live”

2. Prompts are done using variables, in a more structured way than is necessary for a quick script

3. Ultimately, all this script does is “sysrev”- there’s just more structure here to show what could be done when beginning to start a library of useful functions for later use.

The extras in the sample are really to show that you can build out an infrastructure of scripts that include other scripts, call other scripts, etc. Once you have a robust script to perform MP login and take you to the CM prompt, for instance, you can just call it from any other script, then invoke the MP command you want.

#!/usr/bin/expect -f

#

# Header comments-

# - Try “autoexpect” to capture a script during an interactive

# session

# - Timing – some programs (rn, ksh, zsh, telnet, etc.) and devices

# discard characters that arrive “too quickly” a fter prompts. If

# you find a new script hanging up at one spot, try adding a short

# sleep just before the previous send. Setting “force_conservative”

# to 1 makes Expect do this automaticall – pausi ng briefly before

# each character.

# USER

set mp_user "Admin"

# Get PASSWORD from interactive session rather than storing in script

stty -echo

send_user "For user $mp_user\n"

send_user "Password: "

expect_user -re "(.*)\n"

set mp_password $expect_out(1,string)

stty echo

# Other Constants

set timeout 10

################################################### #####################

## BEGIN

##

spawn $env(SHELL)

match_max 100000

set mp_name "mymp1.hp.com"

send_user "\n\n----- $mp_name -----\n\n"

# Frequently used Strings

set MA_PROMPT "MP>"

19

set CM_PROMPT "MP:CM>"

send "\r"

# Expect the UNIX prompt...

expect ">$"

#### Log into the MP #####

send -- "telnet $mp_name\r"

expect ".*MP login: $"

send -- "$mp_user\r"

expect "MP password: $"

send -- "$mp_password\r"

expect "$MA_PROMPT"

send -- "cm\r"

expect "$CM_PROMPT"

# View the firmware revisions

send "sysrev\r"

# The sysrev output may span more than one screen . Use a loop

# to browse through multiple screens and get to t he MP command

# prompt.

while (1) {

expect {

"$CM_PROMPT" { break; }

"stream:" { send "s\r"; }

timeout { send "\r"; }

}

}

send "ma\r"

expect "$MA_PROMPT"

send "x\r"

expect eof

With this type of tool, you have unlimited opportunities for automating text interfaces. Administrators can automate setting up the MP/iLO, setting up a server at EFI, deploying HPUX, etc. Anything that a person can type into a text session can be automated.

NOTE: HP does not test or offer support for its products with any particular version of utilities such as Expect

20

Product Information

The table below lists the versions of iLO available for Integrity and HP9000 servers.

Figure 3. Summary of iLO versions for Integrity and HP9000 server platforms

Integrity Product HP9000 Product Management Processor

Rx1600, rx2620 iLO for Integrity & HP9000

MP HW purchase is optional

FW upgradeable from non-iLO MP versions

rx2600, rx4640, rx5670, BL60p

rp3440, rp4440 iLO for Integrity & HP9000

FW upgradeable from non-iLO MP versions

Rx3600, rx6600 iLO 2 for Integrity

Rx7…., rx8… rp7…, rp8… Management Processor

Superdome Superdome Management Processor

iLO Advanced License

On newer Integrity servers with iLO 2, SSH is offered for free with the base iLO 2 product. On older Integrity and HP9000 servers with Integrity iLO, SSH functionality may added with purchase of an Integrity iLO Advanced Pack License, p/n AB500A for each iLO. More information on Advanced Pack for Integrity and HP9000 iLO can be found at:

http://www.hp.com/go/integrityilo

iLO Advanced evaluation license

A free 30-day evaluation license is available for download on the HP website: http://h71028.www7.hp.com/enterprise/cache/279991-0-0-0-121.html. Customers with supported Integrity and HP9000 servers can activate and access iLO Advanced features with the evaluation license. Only one evaluation license can be installed per iLO and the iLO Advanced features automatically deactivate when the evaluation license key expires.

Conclusion

Integrated Lights-Out technology provides system administrators a robust, independently operated connection to the managed server. The comprehensive remote management capabilities are always available, regardless of the state of the server—whether the server is powered on, the OS is loaded, or the OS is functioning. The iLO processor is a secure management system, incorporating multiple layers of security that encompass the hardware, firmware, and communication interfaces. Administrators can enable or disable security features as needed.

21

The iLO management processor is designed for scalability: Using directory services or scripting tools, administrators can easily deploy and manage tens or hundreds of iLO processors. Integrated Lights-Out functionality improves the efficiency of system administration so that customer IT groups can operate more productively.

22

Appendix:

Glossary

Arp/ping Method to set up the LAN address of an unconfigured entry-level MP via the LAN BMC Baseboard Management Controller CLP Command-Line Protocol DHCP Dynamic Host Configuration Protocol DMTF Distributed Management Task Force (http://www.dmtf.org/ ) DVR Digital Video Redirection EFI Extensible Firmware Interface, a standardized boot firmware architecture GUI Graphical User Interface HA High Availability iLO Integrated Light's Out iLO 2 Integrated Light's Out 2- newer technology version of iLO with DVR technology KVM Keyboard, Video, Mouse MP Management Processor RIBCL Remote Insight Board Command Language. An XML scripting language used

with iLO management processors for getting data and sending commands. Transport is either http or https.

SIM, HPSIM HP Systems Insight Manager SMASH Systems Management Architecture for Server Hardware SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Sockets Layer TUI Text User Interface UART Universal Asynchronous Receiver Transmitter WBEM Web-Based Enterprise Management, see dmtf.org for more information WS-Manage A specification of a SOAP-based protocol for management, based on DMTF

open standards and internet web services standard XML Extensible Markup Language

23

For More Information

Visit the following links to learn more about Integrated Lights-Out and related remote management technologies.

Description Web Address

Integrated Lights-Out (iLO) for HP Integrity and HP9000 Servers, General Information Page

http://www.hp.com/go/integrityilo

Advanced License Purchase (Same as above)

Advanced License Trial (Same as above)

HP Integrity iLO 2 Operations Guide http://docs.hp.com/en/5991-6024/index.html

Scripting and Command-line Resource Guide for ProLiant iLO

http://h18013.www1.hp.com/products/servers/management/ilo/documentation.html

Deploying HP KVM consoling solutions http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00793971/c00793971.pdf?jumpid=reg_R1002_USEN

Deploying HP serial consoling solutions http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01080873/c01080873.pdf?jumpid=reg_R1002_USEN

HP Integrity Essentials http://h71028.www7.hp.com/integrity/cache/599842-0-0-0-121.html

HP Systems Insight Manager http://h18013.www1.hp.com/products/servers/management/hpsim/index.html

There are also a number of resources describing Directory Services Integration (LDAP). It’s useful to use scripting to set up all the iLO’s in the datacenter to use Directory Services, then manage passwords and users at the datacenter Directory level rather than in each iLO. (Directory Services Integration is an Integrity iLO and Integrity iLO 2 Advanced feature.)

Description Web Address

Integrity iLO Operations Guide, section on LDAP Integration

http://docs.hp.com/en/5991-6024/ch07.html

LDAP-UX Integration http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J4269AA

Integrating HP ProLiant Lights-Out processors with Microsoft Active Directory

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf?jumpid=reg_R1002_USEN

Call to action

Send comments about this paper to TechCom@HP.com.

© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Itanium is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.

4AA2-6329ENW, May 2009