Scribd
Upload
125 views

MP Logs Scripts

mp logs scripts

Uploaded by

Pradeep Shastri
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
125 views

MP Logs Scripts

mp logs scripts

Uploaded by

Pradeep Shastri
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Scripting Techniques: Integrated Lights Out (iLO & iLO 2)

for Integrity and HP9000 Entry-Level Servers


Executive Summary .............................................................................................................................. 3
Background: Types of Scripting ............................................................................................................. 3
Execution of iLO commands using SSH-exec ........................................................................................... 4
Supported Firmware and Platforms..................................................................................................... 5
Commands supported over ssh-exec................................................................................................... 5
BP: Reset BMC Passwords ............................................................................................................ 6
BLADE: Display Blade and Enclosure information ............................................................................ 6
CA: Configure asynchronous local serial port .................................................................................. 6
DATE : Display Date ..................................................................................................................... 6
DC : Default Configuration- reset all parameters............................................................................... 6
DF: Display FRU information .......................................................................................................... 6
DI : Disconnect LAN/WEB/SSH console......................................................................................... 6
DNS: Domain Name Server settings ............................................................................................... 7
FW : Upgrade the MP Firmware .................................................................................................... 7
ID: System Information settings ....................................................................................................... 7
IT: Inactivity Timeout settings .......................................................................................................... 7
LC: LAN Configuration usage (IP address, etc.) ................................................................................ 8
LDAP: LDAP Directory Settings........................................................................................................ 8
LM: License Management .............................................................................................................. 8
LOC: Locator UID LED configuration ............................................................................................... 8
PC: Power Control ........................................................................................................................ 8
PM: Power Regulator Mode........................................................................................................... 8
PR: Power Restore policy configuration............................................................................................ 9
PS: Power Status- display the status of the Power Management Module............................................... 9
RB: Reset BMC............................................................................................................................. 9
RS: Reset System through RST signal ............................................................................................... 9
SA: Set Access LAN/WEB/SSH/IPMI over LAN ports....................................................................... 9
SNMP: Configure SNMP parameters ............................................................................................. 9
SO: Security options help (login timeouts, password faults, SSL certificate generation, SSH keys) ........... 9
SS: System Status- display the status of the system processors........................................................... 10
SYSREV : Show Firmware Revisions .............................................................................................. 10
TC: System reset through INIT or TOC (Transfer of Control) signal .................................................... 10
UC: User configuration (users, passwords, etc.).............................................................................. 10
2
WHO: Display a list of MP connected users .................................................................................. 11
XD: Diagnostics and/or Reset of MP............................................................................................. 11
Commands not supported over ssh-exec............................................................................................ 11
SMCLP commands and ssh-exec ...................................................................................................... 11
Help: Displays context-sensitive help............................................................................................. 12
Show: Displays information about managed elements..................................................................... 12
Start: Causes a targeted object to change its state to a higher level .................................................. 14
Stop: Causes a targeted object to change its state to a lower level ................................................... 14
Reset: Causes a target to cycle from enabled to disabled and back to enabled.................................. 14
Set: Sets a property to a specific value.......................................................................................... 15
Load: Moves a binary image to iLO2 from a URI............................................................................ 16
Create: Creates a new instance of an object ................................................................................. 16
Delete: Deletes an instance of a target object................................................................................. 16
Version: Queries the version of the SMCLP implementation.............................................................. 16
Example: Scripted Virtual Media ......................................................................................................... 16
Step 1: Set up the media on a Web server........................................................................................ 17
Step 2: Connect the media to the appropriate iLO............................................................................. 17
Step 3: Perform the task that was intended with the Media.................................................................. 17
Step 4: Disconnect the media .......................................................................................................... 17
General purpose tools like Expect ........................................................................................................ 17
Product Information............................................................................................................................ 20
iLO Advanced License........................................................................................................................ 20
iLO Advanced evaluation license.................................................................................................. 20
Conclusion........................................................................................................................................ 20
Appendix: ........................................................................................................................................ 22
Glossary ....................................................................................................................................... 22
For More Information ......................................................................................................................... 23
Call to action .................................................................................................................................... 23

3
Executive Summary

The Integrated Lights-Out (iLO) management processor for Integrity and HP9000 servers is an
autonomous management subsystem embedded directly on the server. When administering many
machines in a large datacenter it is convenient to automate simple tasks using scripts so that the same
action can be performed many times on a particular server, or on many different servers. The iLO
management processor on Integrity systems supports scripting via its text user interface using scripting
tools such as Expect, or by allowing execution of commands over SSH-exec.

Background: Types of Scripting
There are two types of scripting - Text-based, and XML. Text-based is done via a telnet or SSH
connection, while XML is typically done over an http (web) connection. Some details:

Script via the Text User Interface:
Open text mode - need Expect or some other tool to send/receive commands.
The script can send and interpret anything that a real person could do.
Works with all iLO user interfaces, legacy MP, GSP, EFI, HPUX, (any text
user interface)
SSH exec mode
ssh [-l login_name] hostname | user@hostname [command]
Allows single commands to be run, launched from client, much like rcmd or
rsh
Send an XML script over http:
Requires a launcher application to run on the client
RIBCL on ProLiant uses this method. (See the documentation links for ProLiant
iLO at the end of this paper for more information.)

The future direction for scripting for both ProLiant and Integrity product lines is to use the SMASH
industry standard. SMASH, Systems Management Architecture for Server Hardware, is a DMTF
(Distributed Management Task Force) standard that HP helped create. See http://www.dmtf.org/ for
more information about SMASH. The standard defines both a text user interface (which supports SSH
exec mode or Open text mode), and an XML over http protocol:
Script via the Text User Interface:
SMASH Command-Line Protocol (CLP)
Send an XML script over http:
WS-Manage (also a SMASH protocol)

The entry-level Integrity iLO 2 products have a prototype version of the SMASH Command-Line
Protocol running on them, and the ProLiant iLO 2 products also have a version of the SMASH CLP, as
well as some WS-Manage support.
Following is a summary of the protocols or user interfaces that are on ProLiant and Integrity iLO 2
products, and their relative support level in terms of how many management processor features can
be accessed via that method.

4


Figure 1. Summary of ProLiant and Integrity iLO 2 user interface protocols


Key
Green
Full support
Lt. Green
Minimal support- some common features available
Grey
No support





As can be seen by the above table, legacy scripting options exist for both ProLiant and Integrity
platforms, and the industry standard options are beginning to become available.
For customers wishing to build out an automation infrastructure for the longer-term that will also work
now with existing servers, we recommend using either the SMASH CLP or WS Manage solutions
where they are supported, combined with legacy options where necessary.
In this paper, well describe how the SSH-exec scripting and the Expect scripting can be used with
Integrity management processors.

Execution of iLO commands using SSH-exec
HP designed the iLO management processor for easy configuration and management. Administrators
can choose the method that works best for their IT environment in both configuration and management
tools. The entry-level Integrity iLO commands can be run via SSH-exec from the command line, by
including the command to be executed and by providing the login credentials. For example, using
any scripting utility, such as Perl or Unix Shell (ksh, csh, etc.), an administrator might write a script to
remotely power on a server. With complete command-line based scripting capabilities, almost all
functions or tasks an administrator can do using Lights-Out technology and a SSH or telnet client can
also be done in a secure environment (SSH) through a script running at a remote site.
To run a command over ssh-exec from Linux, for example, a user has to provide input as below:
ssh <login name>@<mpnameOrIp> <command to be executed>
5
Sample output for a command executed in this manner shown below. The user is prompted to enter
the password for the login provided.

Example:
[user3@unix1 ~]$ ssh [email protected] sa -nc
[email protected]'s password:


Current Set Access Configuration:
Telnet : Enabled
Web SSL : Enabled
SSH : Enabled
IPMI over LAN : Disabled
Command Mode : MP Menu

-> Command successful.
[user3@unix1 ~]$

Supported Firmware and Platforms
To learn which firmware release supports SSH-exec on your Integrity server platform, refer to the table
below.


Figure 2. Supported Firmware for Integrity server platforms

Server SSH-exec support
(Yes/No)
iLO Firmware revision
rx1600, rx2620,
rx1620, rx2600,
rx5670, rx4640,
rp44xx, rp34xx
Yes
E.03.32
rx2660, rx3600,
rx6600
Yes
F.02.23
Bl860c, Bl870c Yes T.03.12
rx8640, rp8440,
rx7640, rp7440
No NA
Superdome
No NA




Commands supported over ssh-exec
The following list of commands is provided to help with the scripting syntax for each command. Note
that the -nc (no confirmation) is mandatory while specifying commands for scripting.
6
Any differences between iLO and iLO2, or those between iLO2 for rack servers and iLO2 for blades
are mentioned along with the commands.
BP: Reset BMC Passwords
BP -nc
BLADE: Display Blade and Enclosure information
Only for iLO2 blades:
BLADE -nc
CA: Configure asynchronous local serial port
Display the current serial port configuration
CA -nc
For iLO2 blades:
CA -local -bit <n> -flow <software|hardware> -mode <aux|ilo> -nc
This command also allows a user to set the baud rate, flow control and the mode of operation for the
local serial port.
For iLO2 rack servers:
CA -local -bit <n> -flow <software|hardware> -nc
For iLO:
To set the baud rate and flow control for the local serial port:
CA -local -bit <n> -flow <software|hardware> -nc
To set the baud rate, flow control, transmit configuration strings, modem protocol and modem
presence for the remote/modem serial port:
CA -remote -bit <n> -flow <soft|hard> -transmit <e|d> -protocol
<bell|CCITT> -modem <always|not> -nc
DATE : Display Date
DATE -nc
DC : Default Configuration- reset all parameters
DC -all default -nc
As the network parameters are also set to defaults here, a subsequent access to the iLO via ssh-exec
would work only if the iLO has obtained a valid DHCP ip address.
DF: Display FRU information
To display the FRU IDs:
DF -nc
To display information about a specific FRU:
DF -s <fruid> -view <text|hex> -nc
Dumping of all FRU information using the -all option is not supported in SSH exec mode.
DI : Disconnect LAN/WEB/SSH console
To display the number of remote connections via LAN/WEB/SSH:
DI -nc
To disconnect remote connections:
DI -telnet -web -ssh -nc
For iLO
To disconnect remote and modem connections
7
DI -remote -telnet -web -ssh -nc
DNS: Domain Name Server settings
To view current DNS server settings:
DNS -nc
To configure DNS server settings:
DNS -server <e|d> -domain <e|d> -name <text> -register <y|n>
-1ip <ipaddr> -2ip <ipaddr> -3ip <ipaddr> -nc
To set DNS server settings to defaults:
DNS -all default -nc
FW : Upgrade the MP Firmware
FW -ip <ip> -path <path> -login <login>/<password> -nc
ID: System Information settings
To view all information available at ID command:
ID -nc
For iLO2:
To view the host system configuration:
ID -host -nc
To set the asset tag information:
ID -tag <text> -nc
For iLO:
To set the host system configuration:
ID -host <text> -nc
For iLO and iLO2 rack servers - To set the SNMP contact person information:
ID -person -name <text> -telephone <text> -email <text> -pager
<text> -nc
For iLO2 blades - To view the SNMP server information:
ID -server -nc
For iLO and iLO2 rack servers - To set the SNMP server information:
ID -server -location <text> -rackid <text> -position <text> -nc

IT: Inactivity Timeout settings
To view the current inactivity timeout settings:
IT -nc
To configure the inactivity timeout:
For iLO2
IT -command <n> -flow <n> -nc
For iLO
IT -command <n> -flow <n> -login <n> -nc

8
LC: LAN Configuration usage (IP address, etc.)
To view current LAN configuration:
LC -nc
Setting of iLO LAN parameters via LC command is not supported in SSH exec mode.
LDAP: LDAP Directory Settings
To view current LDAP configuration:
LDAP -nc
To configure the directory server:
LDAP -directory -ldap <d|x|s> -mp <e|d> -ip <host/ipaddr> -port <n>
-dn <text> -1context <text>
-2context <text> -3context <text> -nc
To configure the groups:
LDAP -groups -change <groupNo.> -dn <text> -rights <e|d>
<console|mp|power|user|virtual|all|none> -nc
To view individual group settings:
LDAP -groups -list <groupNo.> -nc
To set LDAP configuration to defaults:
LDAP -all default -nc
LM: License Management
To view current license information:
LM -nc
To install a license key:
LM -key <license key> -nc
LOC: Locator UID LED configuration
To view current LED settings:
LOC -nc
For iLO and iLO2 - To set the server locator LED:
LOC [ -on | -off ] -nc
For iLO2 blades to set the enclosure locator LED:
LOC -enclosure <on|off> -nc
PC: Power Control
To view the power status:
PC -nc
To set the power state:
PC [ -on | -off | -graceful | -cycle ] -nc
PM: Power Regulator Mode
Only for iLO2
To view the power regulator mode:
PM -nc
To set the power regulator mode:
9
PM [ -dynamic | -low | -high | -os ] -nc
PR: Power Restore policy configuration
To view the power restore policy configuration:
PR -nc
To set the power restore policy configuration:
PR [ -on | -off | -previous ] -nc
PS: Power Status- display the status of the Power Management Module
PS -nc
RB: Reset BMC
RB -nc
RS: Reset System through RST signal
RS -nc
SA: Set Access LAN/WEB/SSH/IPMI over LAN ports
To view the current set access configuration:
SA -nc
To set access configuration to defaults:
SA -all default -nc

For iLO2 - To set remote access and configure command mode:
SA -telnet <e|d> -web <e|d> -ssh <e|d> -lanipmi <e|d>
-command <mpmenu|smclp> -nc
For iLO - To set remote access:
SA -remote <locked|os session|management access>
-telnet <e|d> -web <e|d> -ssh <e|d> -lanipmi <e|d> -nc

SNMP: Configure SNMP parameters
To view SNMP configuration:
SNMP -nc
To set the SNMP configuration:
SNMP -status <e|d> -community <text> -nc
To set SNMP configuration to defaults:
SNMP -all default -nc
Only for iLO2 - To set the SNMP traps configuration
SNMP -traps <e|d> -1dest <ipaddr> -2dest <ipaddr> -3dest <ipaddr>
-4dest <ipaddr> -nc
SO: Security options help (login timeouts, password faults, SSL certificate generation, SSH keys)
To view current settings for security options:
SO -nc
To set the security options:
SO -options -login <n> -number <n> -fwpci <e|d> -reset <e|d>
-pwdreset <e|d> -nc
10
To configure SSL certificate generation:
SO -ssl -name <text> -organization <text> -unit <text> -country
<text>
-region <text> -locality <text> -email <text> -nc
To generate SSH keys:
SO -ssh -nc
To set the security options to defaults:
SO -all default -nc
SS: System Status- display the status of the system processors
SS -nc
SYSREV : Show Firmware Revisions
To view the current firmware versions installed, for various firmware components, including the System
Firmware (not just iLO):
SR -nc
TC: System reset through INIT or TOC (Transfer of Control) signal
TC -nc
UC: User configuration (users, passwords, etc.)
To view the current local user information:
UC -nc
To delete an existing user:
UC -delete <login> -nc
To list details about a specific user:
UC -list <login> -nc
For iLO2:
To configure a new user:
UC -new <login> -user <text> -workgroup <text>
-rights <e|d> <console|mp|power|user|virtual|all|none>
-mode <single|multiple> -enable <e|d> -password
<value> -nc

To modify an existing user:
UC -change <login> -login <newlogin> -user <text> -workgroup <text>
-rights <e|d> <console|mp|power|user|virtual|all|none>
-mode <single|multiple> -enable <e|d> -password
<value> -nc
For iLO:
To configure a new user:
UC -new <login> -user <text> -workgroup <text>
-rights <e|d> <console|mp|power|user|all|none>
-mode <single|multiple> -enable <e|d>
-dialback <e|d> -telephone <t> -password <value> -nc

11
To modify an existing user:
UC -change <login> -login <newlogin> -user <text> -workgroup <text>
-rights <e|d> <console|mp|power|user|all|none>
-mode <single|multiple> -enable <e|d>
-dialback <e|d> -telephone <t> -password <value> -nc

WHO: Display a list of MP connected users
WHO -nc
XD: Diagnostics and/or Reset of MP
To reset the iLO
XD -r -nc
To test an outward ping from iLO
XD -lan <ipaddress> -nc
To test the parameters checksum
XD -parameter -nc
To test the get device id command
XD -i2c -nc

Commands not supported over ssh-exec
The following commands are not supported over SSH-exec, typically because theyre interactive
commands.
1. CL
2. HE
3. LS - The LC -nc command can be used, as the results are identical to what would be
obtained if LS were executed.
4. SL
5. TE
6. For iLO, the MR, MS and PG commands are not supported over ssh-exec.


SMCLP commands and ssh-exec
The following SMCLP commands are supported over ssh-exec.

CD: Changes the current default target
cd <some target>
Ex: cd map1
The cd command is used to change the context for subsequent commands. But as SSH-exec is a single
command execution, the next SSH-exec starts over.
In a stand-alone session to the iLO, a normal execution sequence would be cd <target> followed by
the supported command verbs on that target.
Ex: </> hpiLO-> cd system1
status=0
status_tag=COMMAND COMPLETED

/system1

12
</system1> hpiLO-> show
status=0
status_tag=COMMAND COMPLETED

/system1
Targets
consoles1
Properties
EnabledState=Enabled
Verbs
cd help show reset start stop


</system1> hpiLO->

In order to achieve the same via an SSH-exec, the target on which the verb needs to be run can be
specified as part of the command itself.
Ex:
[user3@unix1]$ ssh [email protected] show /system1
[email protected]'s password:

</> hpiLO-> show /system1
status=0
status_tag=COMMAND COMPLETED

/system1
Targets
consoles1
Properties
EnabledState=Enabled
Verbs
cd help show reset start stop

[user3@unix1]$

Help: Displays context-sensitive help
help displays general help and all supported commands
help <some verb> displays help for the specified verb
help <some target> displays help for the specified target
help <some property> displays help for the specified property
SSH-exec can be used to get help based on any of the options above. This is useful, but logging into
an interactive session to get the Help on the commands for writing your script is a lot easier.
Show: Displays information about managed elements
Show displays information about managed elements, targets, their supported properties and verbs.
The show command can be run with explicit or implicit targets, but in the context of SSH-exec, the
targets have to be specified explicitly.
13
Following is a list of supported show commands and what they do.
Command Description
show <target name> Display information about <target name>
show -l <num> <target name>
show -l all <target name>
Display information about <target name> and contained
MEs for number of levels specified or for all levels.
show -d targets Display targets at root
show -d targets <target name> Display targets under <target name>
show -d verbs Display verbs at root
show -d verbs <target name> Display verbs at <target name>
show -d properties=<property name>
<target name>
Display the property <property name> of <target name>
target
show -d properties=enabledstate
system1
Display the power state of the system
show -l all -d
properties=(name==<value>)
Find a target that has a property name with value <value>
show -l all -d
properties=(name==<value>),verbs
Find a target that has a property name with value <value>
and display all the verbs supported for that target.
show -l all -d properties=EnabledState Find and display all targets that have the EnabledState
property
show -l all account* Find an display all Account targets in the system and their
information
show /map1/group1/account* Display all user accounts on this iLO2
show -l all swid* Display all firmware revisions

show -d properties=ipv4address
/map1/enetport1/lanendpt1/ipendp
t1
Display the current IP address of iLO2
show -d properties=subnetmask
/map1/enetport1/lanendpt1/ipendp
t1
Display the current subnet mask
show -d properties=macaddress
/map1/enetport1
OR
show -d
properties=permanentaddress
/map1/enetport1
Display the iLO2 MP MAC address
show -d properties=autosense
/map1/enetport1
Display Link state (Autosense)
show /map1/settings1/dnssettings1 Determine all DNS settings


show -d properties=AccessInfo
map1/dnsserver*
OR
show -d
properties=DNSServerAddresses

Determine IP Address of the DNS servers (primary,
secondary and tertiary)
show
map1/settings1/oemhp_ldapsettings
1
Display the iLO2 LDAP directory configuration settings.
show /map1/oemhp_vm1/cddr1 Display the properties for cddr1 (scriptable virtual media
target)

14
Not supported in SSH exec mode
show -l all
show -l all /map1
show -l 2 /map1
show -d properties=accessinfo
/map1/enetport1/lanendpt1/ipendp
t1/gateway1


Start: Causes a targeted object to change its state to a higher level
Following is a list of supported start commands and what they do.
Command Description
start system1 Turn on system power
start map1/telnetsvc1 Enables iLO2 telnet service
start map1/sshsvc1 Enables iLO2 SSH service
start /map1/dhcpendpt1 Enable DHCP

Not supported (or not relevant) in SSH exec mode.
Start
system1/consoles1/textredirectsap1
Not relevant to SSH exec connections- this command is for
initiating an interactive console session. Since SSH exec will
close the session soon after executing the command. To
script commands to the console, use a tool like Expect.
start map1/textredirectsap1 Not relevant to SSH exec connections- this command is for
initiating an interactive legacy command-line session. SSH
exec will close the session soon after executing the
command.

Stop: Causes a targeted object to change its state to a lower level
Following is a list of supported stop commands and what they do.
Command Description
stop system1 Perform a graceful shutdown of the system
stop -f system1 Forcefully power off the system
stop map1/telnetsvc1 Disables iLO2 telnet service
stop map1/sshsvc1 Disables iLO2 SSH service
stop /map1/dhcpendpt1 Disable DHCP

Reset: Causes a target to cycle from enabled to disabled and back to enabled
Following is a list of supported reset commands and what they do.
Command Description
reset system1 Reset the system
reset map1 Reset the iLO
15
Set: Sets a property to a specific value
Following is a list of supported set commands and what they do.
Command Description
set
/map1/enetport1/lanendpt1/ipendp
t1 IPv4Address=<ipaddr>
SubnetMask=<subnet>
Set IP Address and Subnet Mask
set /map1/enetport1 autosense=true Set Link (Autosense)
set
DNSServerAddresses=<ip1>,<ip2>
Set Primary and Secondary DNS Server IPs
set DNSServerAddresses=,,<ip3> Set Tertiary DNS server IP
set map1/settings1/dnssettings1
DomainName=<domain name>
RegisterThisConnectionsAddress=<Ye
s|No>
RequestedHostName=<hostname>
Set the iLO2 domain name and host name, indicates
whether iLO2 registers with DDNS server,
set map1/group1/account<num>
name=<name>
oemhp_privileges==(<console,power,
mp,user,virtual>, <all> or <none>)
Set the user name and privileges for user account<num>
set
map1/settings1/oemhp_ldapsetting
gs1
oemhp_dirauth=<DefaultSchema|Ext
endedSchema|Disabled>
oemhp_localacct=<Enable|Disable>
oemhp_dirsrvaddr=<ip addr>
oemhp_ldapport=<portnum>
oemhp_dirdn=<object distinguished
name> oemmhp_usercntxt1=<user
search context>
oemhp_usercntxt2=<usc>
oemhp_usercntxt3=<usc>
Configure the LDAP parameters

set /map1/oemhp_vm1/cddr1
oemhp_image=http://<Apache
server ip address>/cgi-
bin/ISO/install_disk1.iso

For scriptable vMedia (target name
/map1/oemhp_vm1/cddr1), insert desired image into the
drive.

set /map1/oemhp_vm1/cddr1
oemhp_connect=yes

For scriptable vMedia (target name
/map1/oemhp_vm1/cddr1), connect to the media.

set /map1/oemhp_vm1/cddr1
oemhp_connect=no

For scriptable vMedia (target name
/map1/oemhp_vm1/cddr1), disconnect from the media and
clears the oemhp_image value

Not supported for SSH exec mode
Set
/map1/enetport1/lanendpt1/ipendp
t1/gateway1
AccessInfo=<ipaddrOfGateway>

set map1/dnsserver1
AccessInfo=15.255.100.16

16

Load: Moves a binary image to iLO2 from a URI
Load can be used to initiate an iLO firmware update via the iLO LAN.
Following is a list of supported load commands and what they do.
Command Description
load -source
ftp://<ipaddress>/<FilePath>
/map1/swinventory1/swid1
Upgrade iLO firmware using anonymous ftp where
<ipaddress> is the ip address of the ftp server hosting
upgrade files and <FilePath> is the path of the directory with
the upgrade files.
load -source
ftp://<name:password>@<ipaddress
>/<FilePath>
/map1/swinventory1/swid1
Upgrade iLO firmware using name: password to login to ftp
server


Create: Creates a new instance of an object
Not supported in SSH exec mode
Command Description
Create
/map1/group1/account<num>
userid=<userid>
userpassword=<password>
name=<name>
oemhp_privileges=(<console,power,
mp,user,virtual>, <all> or <none>)
Not supported in SSH exec mode. Refer to the UC
command in the legacy set for configuring users.

Delete: Deletes an instance of a target object
Following is a list of delete commands and what they do.
Command Description
delete
/map1/group1/account<num>
Delete user account<num>.


Version: Queries the version of the SMCLP implementation
This command does not return the system firmware version, it returns the version of the DMTF standard
that this implementation is using (this is not interesting for inclusion in scripts at this point in time.)

Example: Scripted Virtual Media
It should be very clear now how to use the SSH exec scripting capability to do simple tasks like
powering on and off the server, collect information off the server, and perform setups and
configurations. SSH exec commands can be put into a shell script so multiple commands can be
executed, one after another, as well.
17
One very useful task that is scriptable is virtual media deployment. Note that it may be necessary to
use a tool like Expect (see next section) to run EFI or OS commands to make more use of the media
you mount to install software or an OS, but the act of attaching the virtual media in the iLO is easily
scriptable using SSH exec.
The SSH commands enable you to configure virtual media in the same manner as the virtual media
applet. However, the actual image is located on a Web server on the same network as iLO 2. After
the image location is configured, iLO 2 retrieves the virtual media data directly from the web server.
NOTE: Virtual media scripting does not operate Virtual Media using the browser. Likewise,
the browser does not support scripting capabilities. For example, an ISO image mounted
using the browser cannot later be dismounted using the scripting interface.


Step 1: Set up the media on a Web server
Virtual Media scripting uses a media image that is stored and retrieved from a Web server accessible
from the management (iLO) network. Integrity iLO supports Apache server version 2.2 and later. Put
the ISO CD/DVD image in a directory that will be accessible from the iLOs manageability LAN. For
this example, suppose it is at location:
http://<Apache server IP address>>/cgi-bin/ISO/install_disk1.iso
Step 2: Connect the media to the appropriate iLO
Use two commands- one to tell iLO the target to connect to, and one to tell it to connect:

set /map1/oemhp_vm1/cddr1 oemhp_image=http://<Apache server ip
address>/cgi-bin/ISO/install_disk1.iso

This sets the iLO to the proper address to acquire the vMedia image.

set /map1/oemhp_vm1/cddr1 oemhp_connect=yes

This tells the iLO to connect to the image.

Step 3: Perform the task that was intended with the Media

This step may involve running the iLO SSH exec commands to gracefully shutdown and then reboot
the server, or perhaps running some Expect-style scripted commands to connect to the console to
interact with EFI or the OS to install software with the vMedia image.

Step 4: Disconnect the media

set /map1/oemhp_vm1/cddr1 oemhp_connect=no

This tells the iLO to disconnect the image.


General purpose tools like Expect
The midrange and high-end Integrated Lights Out management processors for Integrity currently dont
support SSH exec mode. And lots of other interfaces and devices in the datacenter may not either. A
useful tool in the Administrators toolkit is learning to use a tool like Expect. (Resources:
18
http://sourceforge.net/projects/expect/, http://expect.nist.gov/, and http://en.wikipedia.org/wiki/Expect
has a nice description.)

Here is a sample script that appears long because it does several things:
1. It does not contain the password - a bunch of code is here to accept the password from the
user live
2. Prompts are done using variables, in a more structured way than is necessary for a quick
script
3. Ultimately, all this script does is sysrev- theres just more structure here to show what could
be done when beginning to start a library of useful functions for later use.

The extras in the sample are really to show that you can build out an infrastructure of scripts that
include other scripts, call other scripts, etc. Once you have a robust script to perform MP login and
take you to the CM prompt, for instance, you can just call it from any other script, then invoke the MP
command you want.

#!/usr/bin/expect -f
#
# Header comments-
# - Try autoexpect to capture a script during an interactive
# session
# - Timing some programs (rn, ksh, zsh, telnet, etc.) and devices
# discard characters that arrive too quickly after prompts. If
# you find a new script hanging up at one spot, try adding a short
# sleep just before the previous send. Setting force_conservative
# to 1 makes Expect do this automaticall pausing briefly before
# each character.

# USER
set mp_user "Admin"

# Get PASSWORD from interactive session rather than storing in script
stty -echo
send_user "For user $mp_user\n"
send_user "Password: "
expect_user -re "(.*)\n"
set mp_password $expect_out(1,string)
stty echo

# Other Constants
set timeout 10

########################################################################
## BEGIN
##
spawn $env(SHELL)
match_max 100000

set mp_name "mymp1.hp.com"

send_user "\n\n----- $mp_name -----\n\n"
# Frequently used Strings
set MA_PROMPT "MP>"
19
set CM_PROMPT "MP:CM>"

send "\r"
# Expect the UNIX prompt...
expect ">$"

#### Log into the MP #####

send -- "telnet $mp_name\r"
expect ".*MP login: $"
send -- "$mp_user\r"
expect "MP password: $"
send -- "$mp_password\r"

expect "$MA_PROMPT"

send -- "cm\r"
expect "$CM_PROMPT"

# View the firmware revisions
send "sysrev\r"

# The sysrev output may span more than one screen. Use a loop
# to browse through multiple screens and get to the MP command
# prompt.
while (1) {
expect {
"$CM_PROMPT" { break; }
"stream:" { send "s\r"; }
timeout { send "\r"; }
}
}

send "ma\r"
expect "$MA_PROMPT"
send "x\r"

expect eof

With this type of tool, you have unlimited opportunities for automating text interfaces. Administrators
can automate setting up the MP/iLO, setting up a server at EFI, deploying HPUX, etc. Anything that a
person can type into a text session can be automated.

NOTE: HP does not test or offer support for its products with any particular version of utilities
such as Expect


20
Product Information
The table below lists the versions of iLO available for Integrity and HP9000 servers.

Figure 3. Summary of iLO versions for Integrity and HP9000 server platforms

Integrity Product HP9000 Product Management Processor
Rx1600, rx2620
iLO for Integrity & HP9000
MP HW purchase is optional
FW upgradeable from non-iLO MP versions
rx2600, rx4640,
rx5670, BL60p
rp3440, rp4440
iLO for Integrity & HP9000
FW upgradeable from non-iLO MP versions
Rx3600, rx6600 iLO 2 for Integrity
Rx7., rx8 rp7, rp8 Management Processor
Superdome Superdome Management Processor




iLO Advanced License
On newer Integrity servers with iLO 2, SSH is offered for free with the base iLO 2 product. On older
Integrity and HP9000 servers with Integrity iLO, SSH functionality may added with purchase of an
Integrity iLO Advanced Pack License, p/n AB500A for each iLO. More information on Advanced
Pack for Integrity and HP9000 iLO can be found at:
http://www.hp.com/go/integrityilo
iLO Advanced evaluation license
A free 30-day evaluation license is available for download on the HP website:
http://h71028.www7.hp.com/enterprise/cache/279991-0-0-0-121.html. Customers with supported Integrity
and HP9000 servers can activate and access iLO Advanced features with the evaluation license.
Only one evaluation license can be installed per iLO and the iLO Advanced features automatically
deactivate when the evaluation license key expires.

Conclusion
Integrated Lights-Out technology provides system administrators a robust, independently operated
connection to the managed server. The comprehensive remote management capabilities are always
available, regardless of the state of the serverwhether the server is powered on, the OS is loaded,
or the OS is functioning. The iLO processor is a secure management system, incorporating multiple
layers of security that encompass the hardware, firmware, and communication interfaces.
Administrators can enable or disable security features as needed.
21
The iLO management processor is designed for scalability: Using directory services or scripting tools,
administrators can easily deploy and manage tens or hundreds of iLO processors. Integrated Lights-
Out functionality improves the efficiency of system administration so that customer IT groups can
operate more productively.
22
Appendix:
Glossary
Arp/ping Method to set up the LAN address of an unconfigured entry-level MP via the LAN
BMC Baseboard Management Controller
CLP Command-Line Protocol
DHCP Dynamic Host Configuration Protocol
DMTF Distributed Management Task Force (http://www.dmtf.org/ )
DVR Digital Video Redirection
EFI Extensible Firmware Interface, a standardized boot firmware architecture
GUI Graphical User Interface
HA High Availability
iLO Integrated Light's Out
iLO 2 Integrated Light's Out 2- newer technology version of iLO with DVR technology
KVM Keyboard, Video, Mouse
MP Management Processor
RIBCL Remote Insight Board Command Language. An XML scripting language used
with iLO management processors for getting data and sending commands.
Transport is either http or https.
SIM, HPSIM HP Systems Insight Manager
SMASH Systems Management Architecture for Server Hardware
SNMP Simple Network Management Protocol
SSH Secure Shell
SSL Secure Sockets Layer
TUI Text User Interface
UART Universal Asynchronous Receiver Transmitter
WBEM Web-Based Enterprise Management, see dmtf.org for more information
WS-Manage A specification of a SOAP-based protocol for management, based on DMTF
open standards and internet web services standard
XML Extensible Markup Language


23
For More Information
Visit the following links to learn more about Integrated Lights-Out and related remote management
technologies.

Description Web Address
Integrated Lights-Out (iLO) for HP
Integrity and HP9000 Servers, General
Information Page
http://www.hp.com/go/integrityilo
Advanced License Purchase
(Same as above)
Advanced License Trial
(Same as above)
HP Integrity iLO 2 Operations Guide
http://docs.hp.com/en/5991-6024/index.html
Scripting and Command-line Resource
Guide for ProLiant iLO
http://h18013.www1.hp.com/products/servers/management/ilo/documentati
on.html
Deploying HP KVM consoling solutions
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00793971/
c00793971.pdf?jumpid=reg_R1002_USEN
Deploying HP serial consoling solutions
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01080873/
c01080873.pdf?jumpid=reg_R1002_USEN
HP Integrity Essentials
http://h71028.www7.hp.com/integrity/cache/599842-0-0-0-121.html

HP Systems Insight Manager
http://h18013.www1.hp.com/products/servers/management/hpsim/index.htm
l

There are also a number of resources describing Directory Services Integration (LDAP). Its useful to
use scripting to set up all the iLOs in the datacenter to use Directory Services, then manage
passwords and users at the datacenter Directory level rather than in each iLO. (Directory Services
Integration is an Integrity iLO and Integrity iLO 2 Advanced feature.)
Description Web Address
Integrity iLO Operations Guide,
section on LDAP Integration
http://docs.hp.com/en/5991-6024/ch07.html
LDAP-UX Integration http://software.hp.com/portal/swdepot/displayProductInfo.do?pro
ductNumber=J4269AA
Integrating HP ProLiant Lights-Out
processors with Microsoft Active
Directory
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c
00190541/c00190541.pdf?jumpid=reg_R1002_USEN


Call to action
Send comments about this paper to [email protected].


2009 Hewlett-Packard Development Company, L.P. The information contained
herein is subject to change without notice. The only warranties for HP products and
services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or
omissions contained herein.
Itanium is a trademark or registered trademark of Intel Corporation or its
subsidiaries in the United States and other countries.
4AA2-6329ENW, May 2009

You might also like