|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
|
|
There are two major methods of Out-of-Band (OOB) Management for servers:
ILO is an old product which is updated by HP with each new generation of servers.
HP upgrades the capabilities of its management processors with approximately each second generation of servers/blades. “G8” and “G9” server and blades use iLO4. A quick list of features of iLO4 includes:
Licensing is complicated and really is IBM-style mess. See
You need advanced license (see HPE iLO Advanced Licensing ) in order to be able to install OS using ISO on the HTTP server. I hate HP for that. 60 day trial license is available.
Seasoned sysadmins do not expect from vendor documentation much. We are trained to work with manuals written by people who do not understand the product and do not care, but in this area HP still stands out.
Add to this the fact that dignistics is really bad.
For example HP ProLiant Integrated Lights-Out 3 v 1.20 User Guide (HP part number 616301-003) some paragraphs looks like translation from some other language to English, which is an innovative trend, I would say a real breakthrough, for a large US company. As a result some quotes can well be submitted to the Onion (p. 85)
To use a physical CD/DVD-ROM drive in your client PC:
1. Select IRC within the Remote Console section. --[There is no IRC section in Remote control section]
2. Select the Virtual Drive tab --[There is no Virtual tab section]and then select the drive letter of the desired physical CD/DVD-ROM --[There is no drop-menu with drive letters to select from] drive on your client PC from the drop-down menu.
The trick to understand this paragraph is that they are talking about a tab named "Virtual drive" on the remote console screen, not about Remote console/Remote console section of ILO3 main menu :-). Please note that there is no IRC tab on remote console screen either, only "Virtual drive" tab.
Another interesting tidbit is that ILO timeouts no matter what setting you put at Administration/Access/settings. So it takes your current setting for advisory and then does not follow up :-). If you installing OS on a remote server that might have an interesting effect on your mood as logout persistently resets virtual CD/DVD and virtual floppy drive. I agree that it provide an excellent security of this feature in a sense of making it impossible to use. As we all agree that security is important, that well might be implicit HP design goal, although just dropping this feature would be an equally secure and less frustrating solution. .
HP servers are more expensive then servers of competitors, such as Dell. So it is naturally to expect from them more. And HP does include ILO in all of its servers by default; so it's cost is implicitly reflected in the price if, for example you compare the cost of HP server and equivalent Dell server.
But at some point HP brass became way too greedy and decided to "correct" this situation. The method they found is pretty interesting.
Unlike Dell DRAC, remote console capabilities are not free. HP demands additional license fee (around $300 for license with one year support) for the ability to use mount ISO from HTTP.
In any case the price structure HP adopted is somewhat questionable. IMHO there should be no software license at all, as this is a specialized appliance, not a general purpose device.
For example Dell charges for hardware (Drac card) which is more logical: $99 for iDRAC6 express hardware, $349 hardware with enterprise version installed and $448 for version with 8GB SD card (this is 2011 prices without corporate discount). As we can see the price of the device is suspiciously close to the price of the advanced license. truth be told HP provides 60 evaluation license, but this is not enough to correct the situation.
Moreover, much chaeper DRAC (Drac cost in one time, HP advance license is a subsctiotion with per year costs) is much better product which provides some functionality that ILO currently does not have. for example ability to manipulate the *GB flash card, the size enough for putting DVD image into it and that allow you to avoid a slow connection problems when booting the server from the image. DRAC the ability to send SMTP alerts. And the ability to send email alerts directly to sysadmin has great value in a typical enterprise environment if we take into account the amount of red type necessary for accomplishing the same via monitoring system such as HP Operations Manager.
They are really useful for booting an OS. But ILO virtual DVD capabilities when it uses DVD on your PC are not very stable (and slow if you use VPN), They suffer from timeouts, which makes unattended installation problematic. For this pupose they are usable mostly for booting installer (after that you can get ISO image from a nearby server via FTP or HTTP).
If you have advanced license and are attaching virtual CD/DVD drive make sure that you iether use IP address or configure DNS server on ILO. There is no diagnostics for "unvalid URL"
One time book should be set to virtual CDROM.
Red Hat Linux
On servers that have a locally attached IDE CD/DVD-ROM, the Virtual CD/DVD-ROM
device is accessible at
/dev/cdrom1. However, on servers that do not have a locally◦
attached CD/DVD-ROM, such as BL c-Class blade systems, the Virtual CD/DVD-ROM is
the first CD/DVD-ROM accessible at
/dev/cdrom.You can mount the Virtual CD/DVD-ROM as a normal CD/DVD-ROM device by using
the following command:
mount /mnt/cdrom1
Mounting a USB Virtual Media CD/DVD-ROM on Linux systems
1. Log in to iLO through the web interface.
2. Start the .NET IRC or Java IRC.
3. Select the
Virtual Drives menu.4. Select the CD/DVD-ROM to use.
5. Mount the drive by using the following commands:
For Red Hat Linux:
mount /dev/cdrom1 /mnt/cdrom1
For SLES:
mount /dev/scd0 /media/cdrom1
ILO is complex and as such is an extremely attractive target for state-supported hackers as in most corporation ILO are not well protected (generally it should be put on special "ILO-only" segment) and this vector of attack is typically overlooked.
|
From the security standpoint ILO represents a perfect hidden backdoor to your server for state-supported hackers. Nothing more, nothing less. |
Again, ILO should be secured by using a separate protected by firewall segment. For remote installations usage only VPN should be allowed. Which of course means additional cost and complexity.
But please don't overlook this vector of attack. Due to overcomplexity of the codebase, state-supported hackers can breach built-in security as easy as knife enters the butter. If you need to protect corporate assets from this type of hackers in no way you can rely on built-in security features.
On the first login create at least one other user account in addition to Administrator account. This is an insurance that if you change Administrator password and forget it you still will be able to access ILO. At least two additional accounts are recommended (for primary and secondary sysadmin of the server or blade enclosure).
If sysadmin leaves, and ILO credentials are not documented, you need a reboot of the server to rest admin password. The passowrd supplied with the server or enclosure is printed on the card in the back nd as such self-documented. If you change it put a sticker with the new password on the card if access to the server is protected (datacenter or server room with a lock)
In Administration/Access setting screen set "Idle connection Timeout drop-down list to "Indefinite".
Go to the Administration/Network tab and click apply. I think this setting is activated only
on reboot of ILO, while new user setting does not require reboot. This is really Byzantine peace
of equipment.
Restart or power the server on (Important: only removing power from power supplies resets ILO).
Press the F8 key when ILO prompt appears during POST.
Select Network>DNS/DHCP, press the Enter key, and then select DHCP Enable. Press the spacebar to turn off DHCP. Be sure that DHCP Enable is set to Off, and save the changes.
Select Network>NIC>TCP/IP, press the Enter key, and enter the appropriate information in the IP Address, Subnet Mask, and Gateway IP Address fields.
Save the changes.
You can use iLO Online updates for Windows and linux. Packages have different extensions (.exe for Windows and .scexe for Linux). Update can be applied in two ways:
# ./CP016462_ILO3_1_28.scexe FLASH_iLO3 v1.06 for Linux (Jan 17 2012) (C) Copyright 2002-2011 Hewlett-Packard Development Company, L.P. Firmware image: ilo3_128.bin Current iLO 3 firmware version 1.26; Serial number ILOMXQ20909GQ Component XML file: CP016462.xml CP016462.xml reports firmware version 1.28 This operation will update the firmware on the iLO 3 in this server with version 1.28. Continue (y/N)?y Current firmware is 1.26 (Aug 26 2011 ) Firmware image is 0x800000(8388608) bytes Committing to flash part... ******** DO NOT INTERRUPT! ******** Flashing completed. Attempting to reset device. Succeeded. ***** iLO 3 reboot in progress (may take up to 60 seconds.) ***** Please ignore console messages, if any. iLO 3 reboot completed.
| Since web based firmware update supports only the firmware image file (.BIN file) it is important not to forget to extract the .BIN file from the firmware package first. The .BIN firmware update file is not available as a direct download option at HP.com |
Steps
- Download iLO online firmware update package
- Extract the .BIN file from it. For Linux .scexe file can be extracted using command:
sh *.scexe --unpack=directoryFor examplesh CP015458.scexe --unpack=directory.- Load .bin file it into ILO using ILO browser
see Firmware upgrade for details
On Linux you can install it from the SCEXE file. Which actually opens an interesting backdoor for Troyanizing your servers :-).
To update firmware from the Linux operating system on target server:
Download the SCEXE file to the target server.
In older version this method worked on servers but did not work on blades: installation used to freeze with the message "
Flashing is underway... 1 percent programmed.
but it does not destroy the flash ROM. You can still reboot ILO and do it via remote interface
|
Be careful with executing CP016203.scexe in Linux on blades. It might fail and then what? |
The most reliable way to upgrade firmware is to download the SCEXE file to a client running a Linux operating system. Execute:
sh CP016203.scexe --unpack=directory.
This command will unpack the iLO3 bin into a user specified "directory". If the directory does not exist, the unpacker will attempt to create it. Then move .bin file to your windows client and do upgrade from ILO Web interface. See Uploading .bin file via ILO3 Web interface
The most reliable way is to download the SCEXE file to a client running a Linux
operating system. Execute:
sh CP016203.scexe --unpack=directory. This command will unpack the iLO3 bin into a user specified "directory". If the directory does not exist, the unpacker will attempt to create it. Then move .bin file to your windows client and do upgrade from ILO Web interface. See Uploading .bin file via ILO3 Web interface |
In case you screw things up you can use HP Smart Update Firmware DVD of the server to update the iLO firmware. To use HP Smart Update Manager on the Firmware Maintenance CD:
The HP USB Key Utility is a Windows application that will allow the user to copy the following CD contents to a USB memory key: HP SmartStart CD, HP Firmware Maintenance CD, HP Smart Update Firmware DVD, HP Easy Set-up CD. Users may then run the CD applications from a USB key instead of from the CD.
Type: Utility - Tools
The blunders HP committed would be less biting if there were a possibility to reboot ILO separately from server using some hardware button. But there no such capability for stand-alone HP servers. Please note that there is such capability for blades.
HP communicates this blunder to user in a very interesting way:
You can reboot ILO
1) By removing all the power cables from the server.
2) By changing the system maintenance switch 1 on the system board (DL 580). That's convoluted operation:
Power the server OFF.
Disconnect the power cord from the server.
Remove the access panel.
Remove the controller and the riser board.
Push and hold the power button down for about a minute.
Remove and reseat all the memory DIMMS.
Disconnect and reconnect the VGA cable from the server.
Set the System maintenance switch 1 to the ON position.
Power the server back ON.
After the server has completed the Power-On Self Test, power the server OFF (If display is present).
Set the System maintenance switch 1 back to the OFF position.
Power the server back ON.
|
|
Switchboard | ||||
| Latest | |||||
| Past week | |||||
| Past month | |||||
 |
 |
 |
Any HP ProLiant G7 and Gen8 series servers configured with Intel processors; iLO 3 Firmware Version 1.61 (or earlier) and iLO 4 Firmware Version 1.30 (or earlier).RESOLUTION
To prevent the false messages from occurring, update the iLO firmware as follows:
Update the iLO 3 firmware to version 1.65 (or later):
Perform the following steps to obtain the latest iLO 3 firmware version:
- Click on the following link:
- Select the appropriate operating system.
- Click on "Firmware - Lights-Out Management."
- Locate, download, and install iLO 3 Firmware Version 1.65 (or later).
Update the iLO 4 firmware to version 1.32 (or later):
Perform the following steps to obtain the latest iLO 4 firmware version:
- Click on the following link:
- Select the appropriate operating system.
- Click on "Firmware - Lights-Out Management."
- Locate, download, and install iLO 4 Firmware Version 1.32 (or later).
|
|
|
If using HP SUM bundled in the HP Support Pack for ProLiant (SPP) in order to update the HP ProLiant iLO3 firmware from 1.2x to 1.50 remotely, the update will fail.The installation will report as failed, and the HP SUM error log will show the following:
====== HP Smart Update Manager Installation Log ====== Starting ILO firmware update. Initializing connection to ILO 192.168.10.1. Connection established to ILO. Checking the type of ILO. load -source http://192.168.10.20:63000/Rep1/cp016202/3.bin status=1 status_tag=COMMAND SPAWNED Mon Jan 14 11:33:27 2013 Attempting to load iLO3 firmware image. status=2 status_tag=COMMAND PROCESSING FAILED error_tag=COMMAND ERROR-UNSPECIFIED Mon Jan 14 11:33:27 2013 Unable to retrieve a valid iLO3 firmware image. Check file path and login credentials.This issue is due to a bug in the iLO3 firmware.
HP SUM executes the load -source command from iLO3 SSH console, but when the iLO3 web pooler proceeds to download the firmware file, it will fail.Therefore, it is an iLO3 issue and not with HP SUM.
NOTE: This issue does not happen if running HP SUM locally, only when trying remote updates. Solution
This issue does not occur in 1.1x or 1.50 and later firmware.llpadding="0" width="100%">
As a workaround, use the following options:NOTE: In order to update iLO3 to 1.50, the iLO3 firmware must be in the 1.2x versions.
- Run the iLO3 firmware update locally on the server. The firmware will be transferred via the iLO3 driver.
- If need to update several systems remotely, use the iLO RIBCL XML scripts. Use the script Update_Firmware.xml as a template.
|
|
|
Type: Firmware - Lights-Out Management Version: 1.50 (26 Oct 2012) Operating System(s): Red Hat Enterprise Linux 5 Desktop (x86), Red Hat Enterprise Linux 5 Desktop (x86-64), Red Hat Enterprise Linux 5 Server (x86), Red Hat Enterprise Linux 5 Server (x86-64), Red Hat Enterprise Linux 6 Server (x86), Red Hat Enterprise Linux 6 Server (x86-64), SUSE Linux Enterprise Server 10 (AMD64/EM64T), SUSE Linux Enterprise Server 10 (x86), SUSE Linux Enterprise Server 11 (AMD64/EM64T), SUSE Linux Enterprise Server 11 (x86), VMware ESX/ESXi 4.0, VMware ESX/ESXi Server 3.5
|
|
|
SUPPORT COMMUNICATION - CUSTOMER ADVISORY
Document ID: c03573824
Version: 1
Advisory: HP Integrated Lights-Out 3 (iLO 3) - The Command Line Interface (CLI) Command to Create a
New User May Not Function in iLO 3 Firmware Version 1.26 or Version 1.28
NOTICE: The information in this document, including products and software versions, is current as of
the Release Date. This document is subject to change without notice.
Release Date: 2012-11-14
Last Updated: 2012-11-14
|
|
|
12/10/2012
After upgrading HP Integrated Lights-Out 3 (iLO 3) Firmware to Version 1.28 and using the iLO 3 ROM-Based Setup Utility (RBSU) to configure a static IP address using the following steps, the next time that the iLO 3 RBSU Setup Utility is loaded, the iLO 3 Gateway IP address may be incorrectly displayed as 0.0.0.0. This is a "display only" issue in iLO 3 Firmware Version 1.28. No other iLO 3 Firmware versions are affected.
The condition occurs after performing the following steps:
Restart or power on the server. Press the F8 key when prompted during POST. The iLO 3 RBSU runs. Select Network > DNS/DHCP, press the ENTER key, and then select DHCP Enable . Press the spacebar to turn off DHCP. Be sure that DHCP Enable is set to Off, and save the changes. Select Network > NIC > TCP/IP, press the ENTER key, and enter the appropriate information in the IP Address, Subnet Mask, and Gateway IP Address fields. Save the changes. Exit iLO 3 RBSU. The change takes effect after exiting iLO 3 RBSU. SCOPE Any ProLiant server configuration using HP Integrated Lights-Out 3 (iLO 3) Firmware Version 1.28.
RESOLUTION This is a display only issue and can be safely ignored.
HP Integrated Lights-Out 3 (iLO 3) Firmware Version 1.50 (or later) corrects the Gateway IP Address display issue. To access the HP Integrated Lights-Out 3 (iLO 3) driver and software download page, click on the following URL:
http://www.hp.com/support/iLO3
OR
As a workaround, use the iLO 3 web GUI to verify that the Gateway IP address is displaying correctly on the network. The network settings can be checked by looking under Administrator -> Network.
|
|
|
Document ID: c03370645Version: 1
Notice: HP ProLiant Servers - If an HP ProLiant Server Resets Unexpectedly, the Integrated Management Log (IML) Should Be Checked to Determine if the Source of the Reset Is Indicated
NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.Release Date: 2012-06-12
Last Updated: 2012-06-12
DESCRIPTIONIf an HP ProLiant server resets unexpectedly, the Integrated Management Log (IML) should be checked to determine if the source of the reset is indicated. This information can help determine if any action needs to be taken.
The Integrated Management Log (IML) records hardware events and stores them in a formatted table. It records the time of the event and categorizes events in severity levels such as:
DETAILS
- Critical
- Caution
- Repaired
- Status
There are numerous conditions that can result in a server unexpectedly resetting. Whenever such a reset occurs, the Integrated Management Log (IML) should be checked to determine if the cause of the reset is indicated. While the IML will not always indicate the cause of an unexpected reset, it will in most cases.
The IML can be viewed from the HP Integrated Lights-Out (iLO) web page or using other HP Management Tools. Some of the most commonly used methods are:
IML Viewer:
- Click Start->All Programs -> HP System Tools-> HP ProLiant Integrated Management Log Viewer.
- The IML Viewer will open and the IML logs will be displayed on the screen.
From HP Integrated Lights-Out (iLO):
- Open the iLO web interface.
- Enter the iLO Login name and Password.
- From the left menu, access IML Logs .
From the System Management Homepage (SMH):
- Click Start-> All Programs -> HP Management Agents -> HP System Management Homepage.
- Click on Logs . The log screen will be displayed.
- Click on Integrated Management Log .
|
|
|
# ./CP016462_ILO3_1_28.scexe FLASH_iLO3 v1.06 for Linux (Jan 17 2012) (C) Copyright 2002-2011 Hewlett-Packard Development Company, L.P. Firmware image: ilo3_128.bin Current iLO 3 firmware version 1.26; Serial number ILOUSE0504TPN Component XML file: CP016462.xml CP016462.xml reports firmware version 1.28 This operation will update the firmware on the iLO 3 in this server with version 1.28. Continue (y/N)?y Current firmware is 1.26 (Aug 26 2011 ) Firmware image is 0x800000(8388608) bytes Committing to flash part... ******** DO NOT INTERRUPT! ******** / Channel Interface transactions (Linux) returns 21! Channel Interface call status: FIFO empty. ERROR: received errcode 21 / Channel Interface transactions (Linux) returns 21! Channel Interface call status: FIFO empty. Failed(5-21)! ERROR: Unable to commit flash. [ilo3_128.bin]
|
|
|
c03316654Products: HP ProLiant DL Servers, HP ProLiant BL Server Blades, HP ProLiant Scalable Systems, Insight Control Software, HP ProLiant ML Servers
Description: iLO Virtual Media Service May Randomly Stop Responding When Attempting to Connect a Virtual Device in Remote Console
|
|
|
c03327392Products: Software, ProLiant Servers, BladeSystem
Description: Advisory: HP Integrated Lights-Out 3 (iLO 3) - Disabling an iLO 3 NIC May Cause the iLO 3 Link Status to be Incorrectly Displayed as Failed in HP System Management Homepage and HP Systems Insight Manager (HP SIM)
|
|
|
Document ID: c03318935
Version: 1
Advisory: HP Integrated Lights-Out 3 (iLO 3) - iLO 3 Firmware Flash Progress May Intermittently Stop at One Percent or Take Several Hours to Complete
NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.Release Date: 2012-05-07
Last Updated: 2012-05-07
DESCRIPTIONWhile upgrading the HP Integrated Lights-Out 3 (iLO 3) from any previous version prior to version 1.28 (or later), the firmware flash progress may intermittently stop at one percent or take several hours to complete. This occurs due to idle Secure Shell (SSH) connections that are incorrectly closed and then time-out, causing the iLO 3 CPU to become busy and stall or delay the firmware flash progress.
An error in the way SSH sessions are shut down causes iLO 3 to assume that the sessions are fully active and constantly transferring data, delaying the firmware flash progress. HP Systems Insight Manager (HP SIM) servers and other SSH management tools located on the same network as iLO 3 may open these SSH connections.
SCOPE
Any HP ProLiant server with Integrated Lights-Out 3 (iLO 3) Firmware Version 1.26 (or earlier).
RESOLUTION
This is resolved by upgrading Integrated Lights-Out 3 (iLO 3) to firmware version 1.28 (or later).
Note : The issue may occur while upgrading to version 1.28 (or later) if upgrading from a version of the firmware prior to version 1.28.
Until the firmware upgrade is installed, reset iLO 3 to clear the SSH connection state prior to flashing the firmware.
If the firmware flash progress has stopped, connect several simultaneous SSH sessions until no additional SSH connections are allowed. Then close them normally to reset the connection state and allow the flash progress to continue.
Perform the following steps to obtain the latest iLO 3 firmware version:
- Click on the following link:
- Select the appropriate operating system.
- Click "Firmware - Lights-Out Management."
- Locate, download, and install iLO 3 Firmware Version 1.28 (or later).
|
|
|
For ILO3 with firmware 1.26 and 1.28, web GUI and CLI does not show rebuilding status for Drive information .
Web GUI and CLI show only OK or Not installed .
|
|
|
IMPORTANT : The Integrated Lights-Out 3 (iLO 3) firmware upgrade provided in the Resolution is required to prevent unexpected shutdowns, false CPU clock throttled messages, or incorrect values displayed via the PPIC command. HP recommends performing this upgrade at the customer's earliest possible convenience. Neglecting to perform the recommended iLO 3 firmware upgrade could result in the potential for subsequent errors to occur.
On an HP ProLiant SL390s G7 server, after upgrading the Integrated Lights-Out 3 (iLO 3) firmware to version 1.26, the server may experience unexpected shutdowns, false CPU clock throttled messages displayed in the operating system console, or incorrect values displayed via the ProLiant Power Interface Configuration (PPIC) command.
SCOPE
Any HP ProLiant SL390s G7 server (2U or 4U) after upgrading the Integrated Lights-Out 3 (iLO 3) firmware to version 1.26.RESOLUTION
To prevent these issues from occurring, upgrade the Integrated Lights-Out 3 (iLO 3) to Firmware Version 1.28 (or later).
|
|
|
May 03 2012 | c03315526
Products: HP ProLiant BL Server Blades, Insight Control Software
Description: Advisory: HP BladeSystem ProLiant Server Blades - HP Integrated Lights-Out 3 Version 1.25 (or Earlier) Browser Interface and Secure Shell (SSH) May Stop Responding When Attempting to Login to SSH Using a Private SSH-DSA Key Larger Than 2048 Bits
|
|
|
HP Proliant G7 Blade servers might exibit the issue where these servers are not powering On by default any longer when they have HP iLO firmare 1.25 applied.
The issue is that with iLO 3 firmware 1.25 some half height HP Proliant Blade servers get assigned 509 W of power and full height servers get 1800 W of power assigned. Sometimes, it is on an average of 60% more then what it should be.
See the screenshot below for visual indicator...
|
|
|
2012-04-30
The HP Integrated Lights-Out 3 and 4 (iLO 3/iLO 4) User Guides incorrectly state that a new certificate is always created each time that iLO is reset (Diagnostics -> reset on iLO). For example, the iLO 3 Version 1.20 User Guide states the following on page 166:
If the iLO 3 self-signed certificate is installed permanently into some browsers and the iLO 3 is reset, you might not be able to log back in to iLO 3 because iLO 3 generates a new self-signed certificate every time it is reset.
HP ProLiant Integrated Lights-Out 3 Version 1.20 User Guide
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c02774507/c02774507.pdfAny HP ProLiant server with Integrated Lights-Out 3 or 4 (iLO 3/iLO 4)
|
|
|
Products: BladeSystem, Options and Accessories, ProLiant Servers, SoftwareOS: Other Legacy OS,Linux
Description: This is a set of sample XML scripts used to manage the configuration of Integrated Lights-Out (iLO) management processors and to control servers in which iLO devices are in use. Use LOCFG.PL (available in this bundle) to run the XML.
|
|
|
Products: HP ProLiant DL Servers, HP ProLiant BL Server Blades, HP ProLiant ML Servers, HP ProLiant Scalable Systems, Insight Control Software
Description: Advisory: HP Integrated Lights-Out 3 (iLO 3) - The iLO 3 ROM-Based Setup Utility May Incorrectly Display the Gateway IP Address as 0.0.0.0 After Upgrading iLO 3 to Firmware Version 1.28
|
|
|
Sept 12, 2011
IMPORTANT : The Integrated Lights-Out 3 firmware upgrade provided in the Resolution is recommended to prevent Java and Internet Explorer from becoming unresponsive when attempting to acquire an already open Integrated Lights-Out 3 Remote Console session by opening the Java Remote Console applet. HP recommends performing this upgrade at the customer's earliest possible convenience. Neglecting to perform the recommended action and not performing the recommended resolution could result in the potential for subsequent errors to occur.
Attempting to acquire an already open Integrated Lights-Out 3 (iLO 3) Remote Console session by opening the Java Remote Console applet may cause Java and Internet Explorer to stop responding when running iLO 3 firmware version 1.20 (or earlier).
Any ProLiant server with Integrated Lights-Out 3 Version 1.20 (or earlier).
|
|
|
July 17, 2010 | setaOffice
Just ssh to the IP that you configured the iLO
emerson@shellcore:~ $ ssh [email protected]
[email protected]′s password:
User:Emerson Takahashi logged-in to ILO_TESTLABHP.(192.168.50.118)
iLO 2 Advanced Evaluation 1.81 at 11:05:47 Jan 15 2010
Server Name: proliant_g5
Server Power: OnhpiLO->
Since I will access through a text terminal, Linux is configured to use the serial port (configured through the file /boot/grub/grub.conf)
hpiLO-> help
status=0
status_tag=COMMAND COMPLETEDDMTF SMASH CLP Commands:
help : Used to get context sensitive help.
show : Used to show values of a property or contents of a collection target.
create : Used to create new user account in the name space of the MAP.
Example: create /map1/accounts1 username= password=
name=
group=delete : Used to delete user account in the name space of the MAP.
Example: delete /map1/accounts1/load : Used to move a binary image from an URL to the MAP. The URL is
limited to 80 characters
Example : load -source http://192.168.1.1/images/fw/iLO2_130.binreset : Used to cause a target to cycle from enabled to disabled and back to enabled.
set : Used to set a property or set of properties to a specific value.
start : Used to cause a target to change state to a higher run level.
stop : Used to cause a target to change state to a lower run level.
cd : Used to set the current default target.
Example: cd targetnameexit : Used to terminate the CLP session.
version : Used to query the version of the CLP implementation or other CLP
elements.oemhp_ping : Used to determine if an IP address is reachable from this iLO 2.
Example : oemhp_ping 192.168.1.1 , where 192.168.1.1 is the IP address that you wish
to pingoemhp_loadSSHKey : Used to authorize a SSH Key File from an URL The URL is
limited to 80 characters
Example : oemhp_loadSSHKey -source http://UserName:[email protected]/images/SSHkey1.ppkHP CLI Commands:
POWER : Control server power.
UID : Control Unit-ID light.
NMI : Generate an NMI.
VM : Virtual media commands.
VSP : Invoke virtual serial port.Type VSP and you're in. To login as root you need to include the serial port (in this case ttyS1) on your /etc/securetty file or you will be given the error message that your user or password is wrong.
hpiLO-> VSP
Starting virtual serial port.
Press 'ESC (' to return to the CLI Session.hpiLO-> Virtual Serial Port active: IO=0x02F8 INT=3
login as:
|
|
|
Aug 10, 2010 | HP Communities
You can look up what ports are used via the iLO 3 web interface. Expand the "Administration" menu on the left, then click on the "Access Settings" link. That screen will tell you the ports used by the various services.
Here are the defaults:
SSH 22
Web (non-SSL) 80
SSL 443
IPMI-over-LAN 623
Remote Console 17990
Virtual Media 17988You might also need to enable other ports if you're using DHCP, DNS, SNTP, SNMP, and/or LDAP from iLO.
|
|
|
HP
For an iLO device to work properly when going across routers using port blocking and/or firewalls, ports 23, 80, 443, and 17988 must be open.
The directory services LDAP port (636) may be required. The Terminal Services RDP port (3389) may be required.
Port 23 is for the Telnet ports where the remote and graphical Remote Console is used, port 80 is for HTTP communications, port 443 is required for the HTTPS connection, and port 17988 is for Virtual Media.
LDAP traffic from a directory server uses random port numbers to enter the iLO device.
The inability to access the iLO management ports is often confused with incorrect proxy settings. When in doubt, disable proxy in Internet Explorer or Netscape.
|
|
|
HP Communities
Hi Guys,
We have found that the remote console port defined for iLo3 has changed from being 3389 (standard RDP port) to 17990.
Can one of you please ask HP about the reasoning about this change and if it will be an issue if we change this to the standard 3389 port. The alternative is that we get NS to open the port 17990 on the firewall then we do not have to manually change every iLO 3 interface for servers in ecom.
***************************
David responded:
**************************
I think they're confusing 2 different things. Port #3389 is a standard RDP port and was valid for the "iLO Terminal Services Pass-through" but never was the port for accessing the iLO remote console. Since TS Pass-through is no longer available with iLO3, this doesn't apply.
|
|
|
Aug.20, 2009 | NachoTech
If you want to access an iLO behind a firewall, there are some TCP ports that need to be opened on the firewall to allow all iLO traffic to flow through. Here is a list of the default ports used by iLO, but these can be modified on iLO's Administration… Access… Services… tab.
ILO FUNCTION SOCKET TYPE PORT NUMBER ---------------------- ----------- ----------- Secure Shell (SSH) TCP 22 Remote Console/Telnet TCP 23 Web Server Non-SSL TCP 80 Web Server SSL TCP 443 Terminal Services TCP 3389 Virtual Media TCP 17988 Shared Remote Console TCP 9300 Console Replay TCP 17990 Raw Serial Data TCP 3002
|
|
|
Installation:
To update firmware from the Linux operating system on target server:
Download the SCEXE file to the target server. Execute: sh CP015458.scexeTo obtain firmware image for updating via iLO user interface, utilities, or scripting interface:
Download the SCEXE file to a client running a Linux operating system. Execute: sh CP015458.scexe --unpack=directory.This command will unpack the iLO3 bin into a user specified "directory". If the directory does not exist, the unpacker will attempt to create it.
To use HP Smart Update Manager on the Firmware Maintenance CD:
- Place the Firmware Maintenance CD on a USB key using the USB Key Creator Utility.
- Copy CP015458.scexe to /hp/swpackages directory on the USB Key.
- Follow HP Smart Update Manager steps to complete firmware update.
|
|
|
Stracca Blog
Recently I had the necessity to reset the ILO interface of an HP Proliant Server.
I found that you need to connect in ssh (or in telnet) to do it.
One connect give this commands:cd /Map1
resetHere an example:
User:admin logged-in to ILOGB87451B7E(10.1.1.15)
iLO 2 Advanced 1.81 at 11:05:47 Jan 15 2010
Server Name: myserver.mydomain.com
Server Power: OnhpiLO-> cd /Map1
status=0
status_tag=COMMAND COMPLETED/Map1
hpiLO-> reset
status=0
status_tag=COMMAND COMPLETED
Resetting iLO.CLI session stopped
|
|
|
Type: Firmware - Lights-Out Management
Version: 1.28 (6 Mar 2012)Products: HP ProLiant DL Servers, HP ProLiant BL Server Blades, HP ProLiant Scalable Systems, HP ProLiant ML Servers, Insight Control Software
OS: Windows,Linux,Other Legacy OSDescription: This component provides updated iLO firmware that can be installed directly on supported Linux Operating Systems. This component can also be used to obtain the firmware image for updating via iLO user interface, utilities, or through the scripting...
Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.
- iLO 3 web server might run out of SSL sessions. This situation might occur if client opens HTTPS connection to iLO 3 but never does the SSL handshake and keeps the TCP session open forever.
- iLO 3 might disconnect SSH session when using "ServerAliveInterval" option.
- VSP session was restricted to a maximum of 100 characters when pasting text. The limit is now increased to 250 characters.
- iLO 3 might fail to resolve DNS name, if DNS server replies via TCP with a large number of records (100 or more).
- iLO 3 might reject subsequent power ON requests from the OA when the following conditions exist within an enclosure:
- AC power restored to an enclosure where a blade server was auto-powered ON
- When the blade server was manually powered off via the OA
- When an SSH certificate was for an Administrator account, it could not be imported via XML.
- iLO 3 ROM-Based Setup Utility (RBSU) might display "Resetting iLO, please wait" for 10 minutes after exiting iLO RBSU with changes that cause iLO 3 to reset.
- iLO 3 web GUI doesn't show "Drives" information for a second SAS expander in the HP DL385 G7 server.
- iLO 3 might become slow to respond after closing SSH session.
- CLI via SSH might lock up after very quickly typing in commands.
- Unable to generate Certificate Signing Request (CSR) after iLO 3 DNS name was changed.
- Spurious over- temperature readings were seen in HP DL580 G7 and DL980 G7 servers.
- Improper value displayed in Power Meter when the server is OFF.
- Could not install Solaris 10 though Virtual Media.
- Web GUI might stop responding when SSO login contains key larger than 1024 bits.
- Could not change Gateway address.
- The User Administration page exhibited a script vulnerability.
Google matched content |
HP Integrated Lights-Out - Wikipedia, the free encyclopedia
ILO 4
|
Type
|
Size |
Date
|
|---|---|---|---|
| HPE iLO 4 User Guide | 6.7 MB | Oct 2016 | |
| HPE iLO 4 Scripting and Command Line Guide | 3.0 MB | Oct 2016 | |
| HPE iLO Federation User Guide | 1.0 MB | Oct 2016 | |
| HPE iLO IPMI User Guide | 1.7 MB | Oct 2016 | |
| HPE Integrated Lights-Out Security Technology Brief | 4.3 MB | Oct 2016 | |
| HPE iLO Mobile iOS Application User Guide | 1.0 MB | Aug 2016 | |
| HPE iLO Mobile Application for Android User Guide | 835 KB | Aug 2016 | |
| HPE iLO Licensing Guide | 103.9 KB | Jul 2017 |
HP Integrated Lights-Out 3 (iLO 3) - Manuals - HP Business Support Center
The HP ProLiant Integrated Lights-Out 3 v 1.00 User Guide and the HP ProLiant Integrated Lights-Out
3 v 1.00 Scripting and Command Line Guide are on the HP website at: http://www.hp.com/go/
ilo. Select Documentation, and find the latest version of the manuals under the User Guide heading.
Proliant Watch Configuring HP Integrated Lights-Out (iLO) - HP Proliant Server
NachoTech Opening firewall ports for iLO
Setting up ssh tunnel to access a distant iLO - Tin's Journey
Topic: Configuring iLO2 and Debian with serial support
You will have to start an agetty process on the COM2 port in order to use the VSP. RHEL 5 example:
S1:2345:respawn:/sbin/agetty 115200 ttyS1 vt100
In order to see the startup/shutdown messages on the VSP, add the following to the appropriate kernel line in /boot/grub/menu.lst:
... kernel /vmlinuz-2.6.18-8.el5 ro root=LABEL=/ console=tty0 console=ttyS1,115200 ....
The OpenSSH client on my Ubuntu 7.10 system is incompatible with the ssh server on an iLO system with 1.91 firmware. There may be problems with other OpenSSH/iLO versions.
$ ssh -V OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007 $ echo "QUIT" | nc iLO 22 SSH-2.0-mpSSH_0.0.1 $ ssh admin@iLO admin@iLO's password: dispatch_protocol_error: type 100 seq 9 dispatch_protocol_error: type 100 seq 10 buffer_get_ret: trying to get more bytes 4 than in buffer 0 buffer_get_int: buffer error
As a workaround, use PuTTY.
The iLO 2 Virtual Media Java applet does not work well over a low-speed WAN[1]. My Linux ISOs would routinely not boot when using this Java applet.
As an alternative, ISOs may be loaded from an HTTP server using Virtual Media with the iLO command-line interface.
Example:
hutch@hutch:~$ ssh admin@iLO admin@iLO's password: User:admin logged-in to iLO(10.215.14.5) iLO Advanced 1.42 at 08:37:01 Oct 03 2007 Server Name: CZC7124NST00 Server Power: On </>hpiLO-> vm cdrom insert http://10.215.0.35/kickstart/boot_isos/5Server-i386_boot.iso (Note: use IPs when specifying an HTTP server) </>hpiLO-> vm cdrom get VM Applet = Disconnected Boot Option = NO_BOOT Write Protect = Yes Image Inserted = Connected Image URL = http://10.215.0.35/kickstart/boot_isos/5Server-i386_boot.iso (Note: the "NO_BOOT" means that the system will not boot off the "connected" image) </>hpiLO-> vm cdrom set boot_once (Note: The next boot will be from the connected image) </>hpiLO-> power reset
You will likely want to start a Remote Console via the iLO 2's HTTPS interface.
From HP Integrated Lights-Out 2 User Guide for Firmware 1.35:
Retrieved from "http://brandonhutchinson.com/wiki/ILO_Notes"
Linux-BSD SysAdmin and Oracle DBA Guide How to login from serial port under Linux
Environment: Linux server A with at least one com port which is com1
Objective: enable login through com1 using null modem cable from another machine B which can be Windows
or Linux.
Steps:
1. connect null modem cable between A and B at com1 port
2. on Linux server A, vi /etc/inittab and append the followin line:
s0:2345:respawn:/sbin/agetty 115200 ttyS0 vt100
3. If machine B is Linux, use minicom to configure the serial port speed as 115200, then connect
4. If machine B is Windows, use putty to directly connect to serial port, set speed as 115200, then
login
note:
for HP Proliant DL serial servers, you can also use VSP (Virtual Serial Port) with ILO2, you can basically ssh into ILO IP address with Administrator login. Add the following lines to /etc/inittab
sx:2345:respawn:/sbin/agetty 115200 ttyS1 vt100
then run 'init q' to enable it, after that, you can use vsp command to connect to this serial port login.
FAQ:
1. how to change speed? - best practise.
vi /etc/inittab , for example, change 115200 to 9600, then comment out the line first, run 'init q'
to re-read file, after that, uncomment it, issue 'init q' again.
2. how to enable root login through serail port?
Just add ttyS0 or ttyS1 into /etc/securetty.
3. How to use HP virtual serial port(VSP) to login for HP Proliant servers
use ssh connect to ILO ip address:(if there's firewall in between, enable port 22)
for ILO version 1, just run 'REMCONS'.
for ILO2 , type 'vsp' to connect to ttyS0 or ttyS1 to get console screen.
References:
1. HP Proliant server VSP documentation
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00263709/c00263709.pdf
2. Redhat knowledgebase
http://kbase.redhat.com/faq/docs/DOC-7213Useful Commands:
1. setserial -a /dev/ttyS0Posted by Jephe Wu at 9/24/2009 01:57:00 PM
Labels: console, serial port
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: March 12, 2019
