Configuring HP iLO through Linux automatically

Thanks to /dev/random

We only use HP servers and we get more and more every week. Someone has to keep track of all those servers and be able to configure them using iLO in case of a disaster
Installation almost runs automatically, except for iLO configuration.
I have to first find the iLO ip, then login to the web interface, create users, set static IP and what not. It takes time, a lot of it.
If only there was some way to automate it without having to use HP’s software.. but wait, THERE IS!

I already posted how to scan for all HP ILO devices in your subnet, but the basics in the following post on how to configure iLO from your guest Linux OS might make everything a little easier for the sysadmins out there

How to configure HP iLO in Linux

First I will show you the useful commands and an example output for each, and then how to automate the configuration of your HP iLO interface using bash scripting
The script for configuring iLO automatically will be included at the end of this post

Needed packages:

OpenIPMI OpenIPMI-libs OpenIPMI-tools

These packages can be installed through your favorite package manager, below you’ll see the defaults in Debian and CentOS/RHEL

Debian:

apt-get install OpenIPMI OpenIPMI-libs OpenIPMI-tools

CentOS/RHEL:

yum install OpenIPMI OpenIPMI-libs OpenIPMI-tools

Once you got those installed, you can move on and configure or fetch info from iLO through the guest Linux

Get the serial number of the server

Getting the serialnumber might be useful, in case you need to log it to a inventory database, or just need the serial number for a warranty call. This is an easy and quick way to find it, without even logging into iLO.

ipmitool fru | grep Serial

Sample output:

Chassis Serial        : CZAAAAAAAA      
 Board Serial          : CZAAAAAAAA      
 Product Serial        : CAAAAAAAAA      
 Serial Number         : 0BBBBBB

Get network settings configured on the HP iLO port

Maybe you just want to find the DHCP address of the HP iLO controller? you can do this easily, without having to scan the entire network.

ipmitool lan print

Example output:

Set in Progress         : Set Complete
Auth Type Support       :
IP Address Source       : DHCP Address
IP Address              : 123.123.123.123
Subnet Mask             : 255.255.255.0
MAC Address             : de:ad:be:ef:ca:fe
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP      : 123.123.123.1
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
Cipher Suite Priv Max   : Not Available

Restart iLO interface

If you have any problems connecting to the HP ILO controller, you might need to restart it. But you don’t want to restart the entire server because your have to unplug the power to restart iLO. Nobody wants that on a production server! You can initialize a restart of ILO only by running the below command. This way your server stays online, while doing it. It has saved my butt a couple of times.
Remember these two commands will not reboot the OS running on the server, only iLO

For a cold reset (forcefully, in case iLO is not responding in any way including echo requests/ping) use the following:

ipmitool mc reset cold

For a warm reset (in case iLO IS responding) use the following:

ipmitool mc reset warm

Configure network to static ip on the HP iLO port

Without logging into the web interface, you can still set a static IP address to the HP iLO interface using the below commands. Replace the IP, subnet mask and default gateway with what you need it to be.

[root@server ~]# ipmitool lan set 1 ipsrc static
[root@server ~]# ipmitool lan set 1 ipaddr 192.168.1.211
[root@server ~]# ipmitool lan set 1 netmask 255.255.255.0
[root@server ~]# ipmitool lan set 1 defgw ipaddr 192.168.1.1

Configuring users

Configuring users might also come in handy. By default there is only the “Administrator” user with a password located on a sticker or elsewhere physically on the server.

Create a user with admin rights.

To create a user with same rights as the “Administrator” user, use the following. This user will be able to do everything in iLO.
Replace “admin” with the username you want.
In case your create multiple users, you have to increment the number “2” with +1 every time. so the second user you create will have ID 3, and the third, ID 4.

[root@server ~]# ipmitool user set name 2 admin
[root@server ~]# ipmitool user set password 2
Password for user 2: 
Password for user 2: 
[root@server ~]# ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4
[root@server ~]# ipmitool user enable 2

Create user with user monitoring rights

If a user should only be used for querying sensor data, for example a user for Nagios, Zabbix or other monitoring software, a custom privilege level can be setup for that. This user can not do any changes to the server through iLO. A user named “monitor” will be created for this in the following example:

[root@server ~]# ipmitool user set name 3 monitor
[root@server ~]# ipmitool user set password 3
Password for user 3: 
Password for user 3: 
[root@server ~]# ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2
[root@server ~]# ipmitool user enable 3

The importance of the various privilege numbers will be displayed when ipmitool channel is called without any additional parameters:

[root@server ~]# ipmitool channel
Channel Commands: authcap   <channel number> <max privilege>
                  getaccess <channel number> [user id]
                  setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]
                  info      [channel number]
                  getciphers <ipmi | sol> [channel]

Possible privilege levels are:
   1   Callback level
   2   User level
   3   Operator level
   4   Administrator level
   5   OEM Proprietary level
  15   No access
[root@server ~]#

Automatically configure HP iLO using bash

Now you know how to use the commands to configure the basic stuff in your iLO controller manually. But what about doing this automatically when you have new servers coming in every other day that needs to be configured? We can do that using bash scripts.

Below is a script that will set the specified ip address, subnetmask, default gateway and create users if you want to.
Easy to just run after you installed your OS and even automating using puppet or other deployment tools

#!/bin/bash

# Script written by dev-random.net
# Purpose is to automate HP iLO configuration
# Feel free to use this script however you like, as long as you leave these top comments



printhelp() {
	echo
	echo "-i <static ip to set> example: 192.168.1.10"
	echo "-s <static subnet mask to set> example: 255.255.255.0, required if -i is set"
	echo "-g <static gatewat to set> example: 192.168.1.1, required if -i is set"
	echo "-a <username for new admin user> example: admin, dont use if no user should be created"
	echo "-p <password for admin user>, required if -a is set, enclose in \"\" if password contains spaces"
	echo "-m <username for read-only user>, example: monitor"
	echo "-o <password for read-only user>, required if -m is set, enclose in \"\" if password contains spaces"
	echo "-y add this to the command to actually do the changes, else the script will just output what you typed in the parameters"
	echo
	exit 1
}

# Print help if no parameters where set
if (($# == 0)); then
	printhelp
fi

# Get parameters
while getopts "i:s:g:a:p:m:o:hy" opt; do
	case $opt in
		i) # IP to set
			IP="$OPTARG"
		;;
		s) # Subnetmask to set
			SUBNETMASK="$OPTARG"
		;;
		g) # Gatway to set
			GATEWAY="$OPTARG"
		;;
		a) # New admin username
			ADMINUSERNAME="$OPTARG"
		;;
		p) # New admin password
			ADMINPASSWORD="$OPTARG"
		;;
		m) # New read-only users username
			USERNAME="$OPTARG"
		;;
		o) # New read-only users password
			PASSWORD="$OPTARG"
		;;
		h) # Print help
			printhelp
		;;
		y) # Just do it, no need to press any key to continue
			DOIT=1
		;;
		\?) # Default if option is not known
			printhelp
		;;
		# Error if parameter was triggered without value
			echo "Option -$opt requires an argument"
			printhelp
		;;
	esac
done

echo # Print empty line



# Check if we have the needed required software installed
# required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools
if [ `which ipmitool &>/dev/null ; echo $?` -ne 0 ] ; then
	echo "ipmitool not available, please install requirements:"
	echo "required packages: OpenIPMI OpenIPMI-libs OpenIPMI-tools"
	echo "See https://dev-random.net/configuring-and-controlling-hp-ilo-through-linux for details"
	exit 2
fi



#print serial number, just because we can and then you dont have to do it manually in case you need it
ipmitool fru | grep Serial

echo #print empty line

# Check if IP has to be set
if [[ "$IP" ]] && [[ "$SUBNETMASK" ]] && [[ "$GATEWAY" ]]; then
	echo "IP: $IP"
	echo "Subnetmask: $SUBNETMASK"
	echo "Gateway: $GATEWAY"
	if [[ $DOIT ]]; then
		echo "Setting ip"
		
		ipmitool lan set 1 ipsrc static
		ipmitool lan set 1 ipaddr $IP
		ipmitool lan set 1 netmask $SUBNETMASK
		ipmitool lan set 1 defgw ipaddr $GATEWAY
		
		echo # print empty line
	fi
fi

# Check if admin user has to be created
if [[ "$ADMINUSERNAME" ]] && [[ "$ADMINPASSWORD" ]]; then
	echo "Admin username: $ADMINUSERNAME"
	echo "Admin password: $ADMINPASSWORD"
	if [[ $DOIT ]]; then
		echo "Creating admin user"
		
		ipmitool user set name 2 $ADMINUSERNAME
		ipmitool user set password 2 $ADMINPASSWORD
		ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4
		ipmitool user enable 2
		
		echo # print empty line
	fi
fi

# Check if read-only user has to be created
if [[ "$USERNAME" ]] && [[ "$PASSWORD" ]]; then
	echo "Read-only username: $USERNAME"
	echo "Read-only user password: $PASSWORD"
	if [[ $DOIT ]]; then
		echo "Creating read-only user"
		
		ipmitool user set name 3 $USERNAME
		ipmitool user set password 3 $PASSWORD
		ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2
		ipmitool user enable 3
		
		echo # print empty line
	fi
fi

# If -y was set
if [[ $DOIT ]]; then
	# Warm restart iLO
	echo "Restarting iLO, it will be accessible in a couple of minutes using the new IP address (if changed)."
	ipmitool mc reset warm
else # If -y was not set, then ask for it to do the changes
	echo # print empty line
	echo "add -y to the command to make the changes, this run only showed you the settings you entered so you can make sure they are correct"
fi

echo # print empty line
exit 0

Running ipmitool was giving the following error

root@linux:~ # ipmitool lan print
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Channel Info command failed
Invalid Channel 255

After loading the following kernel modules, the problem was solved

root@linux:~ # modprobe ipmi_msghandler
root@linux:~ # modprobe ipmi_devintf
root@linux:~ # modprobe ipmi_si
Posted in Hardware