Linux Notes: iLO access on HP/HPE server hardware
- The information presented here is intended for educational use by qualified computer technologists.
- The information presented here is provided free of charge, as-is, with no warranty of any kind.
back to: my Linux Notes (index)
Introduction
- all modern servers built for "data center use" provide a port for remote maintenance
- on HP/HPE systems this port will be labeled iLO (integrated Lights Out)
- the iLO subsystem and associated management processor will be powered up whenever at least one power supply is connected (but not necessarily powered up). Therefore, it is possible to power-up (and power-down) a chassis over the iLO port
- x86 machines manufactured before 2012 usually:
- allow iLO access via a DB-9 serial port (so you will need a data center survival kit)
- allow ssh access via a password protected network interface (10-base-T or 100-base-T)
- x86 machines manufactured after 2012 usually:
- will not have a DB-9 serial port
- allow ssh access via a password protected network interface which can now handle any speed up to 1-Gb/s
- the iLO port on these machines can only be programmed from firmware (BIOS or EFI/UTEF) during boot
-or- - from the HP/HPE provided maintenance program, named hponcfg, which is only available on Windows or Linux
- the iLO port on these machines can only be programmed from firmware (BIOS or EFI/UTEF) during boot
- Itanium2 machines employ both a DB-9 serial port as well as an network interface
(this was still true with a new rx2800-i2 I worked on which was manufactured in 2015 so you will need a data center survival kit for DB-9 access)
- network access
- all modern 86x systems only support ssh connections to the iLO
- all Itanium2 systems support both telnet and ssh connections to the ILO. Telnet remains because ssh access requires that the connecting ssh client implement a handshake patch which no longer exists in Linux + Windows but is still present in all OpenVMS stacks
HPONCFG
- hponcfg is provided free of charge from here: https://support.hpe.com
- most of the stuff that follows applies to the HP DL385p_gen8 where the iLO system is much more complicated than something you would find on Itanium2 machines like rx2800-2 and rx2660
- once configured, you can access the iLO port via an SSH session so be aware that there are two sections available in the DL385
- system1
- DL385 specific stuff like BOOT ORDER
- map1
- iLO specific stuff like I/P address, account control (users and their passwords), etc.
- system1
- CAVEATS:
- be very careful if you decide to change anything in system1 (for example, I reset the values of system1 which rendered an unbootable system because NETWORK BOOT came up before any internal disks or USB thumb drives)
- many changes to map1 will require a restart of the management processor (which can be done on a running system)
- be sure to only type: restart map1
- if you type: restart then the whole system will restart and this is probably what you did not intend
- so for safety reasons, it might make more sense to do all your changes via XML scripts (read on)
HPONCFG CLI (command line interface)
caveat: this utility must be installed and run by user "root" (sudo will not do)
Installation
==============================================================================================
title : hponcfg-installation.txt
author: Neil Rieck
notes : cut-n-pasted from here:
https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_417dfa95f78547169ad939e26c
==============================================================================================
Prerequisites:
This utility requires the following minimum firmware revisions:
Integrated Lights-Out 3 firmware v1.00 or later
Integrated Lights-Out 4 firmware v1.00 or later
Integrated Lights-Out 5 firmware v1.20 or later
The management interface driver and management agents must be installed on the server.
For iLO 5, openssl v1.0.x or later is required in addition to above packages.
Customers who manually compile and install openssl or intentionally relocate /usr/bin/openssl, need to set the PATH
environment variable to direct HPONCFG to the right/intended openssl.
To ensure the integrity of your download, HPE recommends verifying your results with the following SHA-256 Checksum values:
e993841ed98a74bd3060b275a9b4f8449f38eaa0949c45254d29c41aa510d779 hponcfg-5.5.0-0.x86_64.rpm
bd3812af6028450ecb43846d6f077d972d959264b56677b4fd6d8394ff43c746 hponcfg-5.5.0-0.x86_64.compsig
Reboot Requirement:
Reboot is not required after installation for updates to take effect and hardware stability to be maintained.
Installation:
Login as the system administrator (root), download the RPM to a directory on your hard drive and change to that directory.
If a previous version of the Hponcfg utility has been installed, it must be removed before this package can be installed.
To remove the previous version of the package, type the following :
rpm -e hponcfg
To install the package, type:
rpm -ivh hponcfg-x.x.x.x86_64.rpm
After installation, the executable for hponcfg utility can be found under the directory /sbin.
Introductory Stuff
caveat: this utility must be run by user "root" (sudo will not do)
==========================================================================
title : hponcfg-nsr-notes.txt
author : Neil Rieck
created: 2019-11-19
edit : 2019-11-20
notes : HP Lights-Out Online Configuration Utility for Linux (ver 5.5.0)
==========================================================================
hponcfg -? # display help
#-------------------------------
hponcfg -g # see iLO data (software and firmware)
HP Lights-Out Online Configuration utility
Version 5.5.0 Date 5/30/2019 (c) 2005,2019 Hewlett Packard Enterprise Development LP
Firmware Revision = 2.50 Device type = iLO 4 Driver name = hpilo
Host Information:
Server Name: WYNCTXNA06
Server Serial Number: USE249NAR5
#-------------------------------
hponcfg -a -w hack1.txt # write all iLO data to file
cp hack1.txt hack3.txt # make a working copy
#-------------------------------
#
# dangerous optional hack so DO NOT DO THIS
# CAVEAT: "I think" this can change BIOS boot order
#
hponcfg -r # reset to factory (if desired)
hponcfg -a -w hack2.txt # write all iLO data to file
cp hack2.txt hack3.txt #
#-------------------------------
vi hack3.txt # modify some XML data in file 3
# (delete lines you do not need)
#-------------------------------
hponcfg -f hack3.txt # use file 3 to change iLO settings
#-------------------------------
hponcfg -a -w hack4.txt # write all iLO data to file (second time)
#-------------------------------
diff hack3.txt hack4.txt -y # did the changes take effect?
#-------------------------------
Change network settings
<!-- FILE: hponcfg_mod_network.txt -->
<!-- remember to first modify the IPv4 address -->
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="does-not-matter" PASSWORD="do-not-care">
<RIB_INFO mode="write">
<MOD_NETWORK_SETTINGS>
<SPEED_AUTOSELECT VALUE="N"/>
<NIC_SPEED VALUE="100"/>
<DHCP_ENABLE VALUE="N"/>
<IP_ADDRESS VALUE="192.168.255.41"/>
<SUBNET_MASK VALUE="255.255.255.0"/>
<GATEWAY_IP_ADDRESS VALUE="192.168.255.1"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</login>
</RIBCL>
hponcfg -f hponcfg_mod_network.txt # use XML file to change iLO settings
Change the Administrator Password
- by default, the iLO username and password are on a pull-out-tag on the front of the server
- this script will allow you to change that password to something else (so you might not wish to do this)
<!-- FILE: hponcfg_mod_admin_pw.txt --> <ribcl version="2.0"> <LOGIN USER_LOGIN="does-not-matter" PASSWORD="do-not-care"> <user_info mode="write"> <mod_user user_login="Administrator"> <password value="topsecretinfo"/> </mod_user> </user_info> </login> </RIBCL>
Add a user
<!-- FILE: hponcfg_add_user_neil.txt --> <ribcl version="2.0"> <LOGIN USER_LOGIN="does-not-matter" PASSWORD="do-not-care"> <USER_INFO mode="write"> <ADD_USER USER_NAME="neil" USER_LOGIN="neil" PASSWORD="TopSecretInfo"> <ADMIN_PRIV value="Y"/> <REMOTE_CONS_PRIV value="Y"/> <RESET_SERVER_PRIV value="Y"/> <VIRTUAL_MEDIA_PRIV value="Y"/> <CONFIG_ILO_PRIV value="Y"/> </ADD_USER> </USER_INFO> </login> </ribcl>
Back to HomeNeil Rieck
Waterloo, Ontario, Canada.