We only use HP servers and we get more and more every week. Someone has to keep track of all those servers and be able to configure them using iLO in case of a disaster

Installation almost runs automatically, except for iLO configuration.

I have to first find the iLO ip, then login to the web interface, create users, set static IP and what not. It takes time, a lot of it.

If only there was some way to automate it without having to use HP’s software.. but wait, THERE IS!

I already posted how to scan for all HP ILO devices in your subnet, but the basics in the following post on how to configure iLO from your guest Linux OS might make everything a little easier for the sysadmins out there

How to configure HP iLO in Linux

First I will show you the useful commands and an example output for each, and then how to automate the configuration of your HP iLO interface using bash scripting

The script for configuring iLO automatically will be included at the end of this post

Needed packages:

OpenIPMI OpenIPMI-libs OpenIPMI-tools

These packages can be installed through your favorite package manager, below you’ll see the defaults in Debian and CentOS/RHEL

Debian:

apt-get install OpenIPMI OpenIPMI-libs OpenIPMI-tools

CentOS/RHEL:

yum install OpenIPMI OpenIPMI-libs OpenIPMI-tools

Once you got those installed, you can move on and configure or fetch info from iLO through the guest Linux

Get the serial number of the server

Getting the serialnumber might be useful, in case you need to log it to a inventory database, or just need the serial number for a warranty call. This is an easy and quick way to find it, without even logging into iLO.

ipmitool fru | grep Serial

Sample output:

Chassis Serial : CZAAAAAAAA Board Serial : CZAAAAAAAA Product Serial : CAAAAAAAAA Serial Number : 0BBBBBB

Get network settings configured on the HP iLO port

Maybe you just want to find the DHCP address of the HP iLO controller? you can do this easily, without having to scan the entire network.

ipmitool lan print

Example output:

Set in Progress : Set Complete Auth Type Support : IP Address Source : DHCP Address IP Address : 123.123.123.123 Subnet Mask : 255.255.255.0 MAC Address : de:ad:be:ef:ca:fe BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled Default Gateway IP : 123.123.123.1 802.1q VLAN ID : Disabled 802.1q VLAN Priority : 0 Cipher Suite Priv Max : Not Available

Restart iLO interface

If you have any problems connecting to the HP ILO controller, you might need to restart it. But you don’t want to restart the entire server because your have to unplug the power to restart iLO. Nobody wants that on a production server! You can initialize a restart of ILO only by running the below command. This way your server stays online, while doing it. It has saved my butt a couple of times.

Remember these two commands will not reboot the OS running on the server, only iLO

For a cold reset (forcefully, in case iLO is not responding in any way including echo requests/ping) use the following:





ipmitool mc reset cold

For a warm reset (in case iLO IS responding) use the following:

ipmitool mc reset warm

Configure network to static ip on the HP iLO port

Without logging into the web interface, you can still set a static IP address to the HP iLO interface using the below commands. Replace the IP, subnet mask and default gateway with what you need it to be.

[root@server ~]# ipmitool lan set 1 ipsrc static [root@server ~]# ipmitool lan set 1 ipaddr 192.168.1.211 [root@server ~]# ipmitool lan set 1 netmask 255.255.255.0 [root@server ~]# ipmitool lan set 1 defgw ipaddr 192.168.1.1

Configuring users

Configuring users might also come in handy. By default there is only the “Administrator” user with a password located on a sticker or elsewhere physically on the server.

Create a user with admin rights.

To create a user with same rights as the “Administrator” user, use the following. This user will be able to do everything in iLO.

Replace “admin” with the username you want.

In case your create multiple users, you have to increment the number “2” with +1 every time. so the second user you create will have ID 3, and the third, ID 4.

[root@server ~]# ipmitool user set name 2 admin [root@server ~]# ipmitool user set password 2 Password for user 2: Password for user 2: [root@server ~]# ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4 [root@server ~]# ipmitool user enable 2

Create user with user monitoring rights

If a user should only be used for querying sensor data, for example a user for Nagios, Zabbix or other monitoring software, a custom privilege level can be setup for that. This user can not do any changes to the server through iLO. A user named “monitor” will be created for this in the following example:

[root@server ~]# ipmitool user set name 3 monitor [root@server ~]# ipmitool user set password 3 Password for user 3: Password for user 3: [root@server ~]# ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2 [root@server ~]# ipmitool user enable 3

The importance of the various privilege numbers will be displayed when ipmitool channel is called without any additional parameters:

[root@server ~]# ipmitool channel Channel Commands: authcap <channel number> <max privilege> getaccess <channel number> [user id] setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level] info [channel number] getciphers <ipmi | sol> [channel] Possible privilege levels are: 1 Callback level 2 User level 3 Operator level 4 Administrator level 5 OEM Proprietary level 15 No access [root@server ~]#

Automatically configure HP iLO using bash

Now you know how to use the commands to configure the basic stuff in your iLO controller manually. But what about doing this automatically when you have new servers coming in every other day that needs to be configured? We can do that using bash scripts.

Below is a script that will set the specified ip address, subnetmask, default gateway and create users if you want to.

Easy to just run after you installed your OS and even automating using puppet or other deployment tools

#!/bin/bash # Script written by dev-random.net # Purpose is to automate HP iLO configuration # Feel free to use this script however you like, as long as you leave these top comments printhelp() { echo echo "-i <static ip to set> example: 192.168.1.10" echo "-s <static subnet mask to set> example: 255.255.255.0, required if -i is set" echo "-g <static gatewat to set> example: 192.168.1.1, required if -i is set" echo "-a <username for new admin user> example: admin, dont use if no user should be created" echo "-p <password for admin user>, required if -a is set, enclose in \"\" if password contains spaces" echo "-m <username for read-only user>, example: monitor" echo "-o <password for read-only user>, required if -m is set, enclose in \"\" if password contains spaces" echo "-y add this to the command to actually do the changes, else the script will just output what you typed in the parameters" echo exit 1 } # Print help if no parameters where set if (($# == 0)); then printhelp fi # Get parameters while getopts "i:s:g:a:p:m:o:hy" opt; do case $opt in i) # IP to set IP="$OPTARG" ;; s) # Subnetmask to set SUBNETMASK="$OPTARG" ;; g) # Gatway to set GATEWAY="$OPTARG" ;; a) # New admin username ADMINUSERNAME="$OPTARG" ;; p) # New admin password ADMINPASSWORD="$OPTARG" ;; m) # New read-only users username USERNAME="$OPTARG" ;; o) # New read-only users password PASSWORD="$OPTARG" ;; h) # Print help printhelp ;; y) # Just do it, no need to press any key to continue DOIT=1 ;; \?) # Default if option is not known printhelp ;; 🙂 # Error if parameter was triggered without value echo "Option -$opt requires an argument" printhelp ;; esac done echo # Print empty line # Check if we have the needed required software installed # required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools if [ `which ipmitool &>/dev/null ; echo $?` -ne 0 ] ; then echo "ipmitool not available, please install requirements:" echo "required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools" echo "See https://dev-random.net/configuring-and-controlling-hp-ilo-through-linux for details" exit 2 fi #print serial number, just because we can and then you dont have to do it manually in case you need it ipmitool fru | grep Serial echo #print empty line # Check if IP has to be set if [[ "$IP" ]] && [[ "$SUBNETMASK" ]] && [[ "$GATEWAY" ]]; then echo "IP: $IP" echo "Subnetmask: $SUBNETMASK" echo "Gateway: $GATEWAY" if [[ $DOIT ]]; then echo "Setting ip" ipmitool lan set 1 ipsrc static ipmitool lan set 1 ipaddr $IP ipmitool lan set 1 netmask $SUBNETMASK ipmitool lan set 1 defgw ipaddr $GATEWAY echo # print empty line fi fi # Check if admin user has to be created if [[ "$ADMINUSERNAME" ]] && [[ "$ADMINPASSWORD" ]]; then echo "Admin username: $ADMINUSERNAME" echo "Admin password: $ADMINPASSWORD" if [[ $DOIT ]]; then echo "Creating admin user" ipmitool user set name 2 $ADMINUSERNAME ipmitool user set password 2 $ADMINPASSWORD ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4 ipmitool user enable 2 echo # print empty line fi fi # Check if read-only user has to be created if [[ "$USERNAME" ]] && [[ "$PASSWORD" ]]; then echo "Read-only username: $USERNAME" echo "Read-only user password: $PASSWORD" if [[ $DOIT ]]; then echo "Creating read-only user" ipmitool user set name 3 $USERNAME ipmitool user set password 3 $PASSWORD ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2 ipmitool user enable 3 echo # print empty line fi fi # If -y was set if [[ $DOIT ]]; then # Warm restart iLO echo "Restarting iLO, it will be accessible in a couple of minutes using the new IP address (if changed)." ipmitool mc reset warm else # If -y was not set, then ask for it to do the changes echo # print empty line echo "add -y to the command to make the changes, this run only showed you the settings you entered so you can make sure they are correct" fi echo # print empty line exit 0