HP Integrity iLO 2 MP 5991-6005 manual

HP Integrity iLO 2 MP Operations Guide

HP Part Number: 5991-6005

Published: January 2008

Contents

Page Page Table of Contents 3 Setting Up and Connecting the Console 4 Accessing the Host Console 5 Configuring DHCP, DNS, LDAP, and LDAP Lite 6 Using iLO 2 MP VFP SMCLP (Server Management Command Line Protocol): Switch to the SMASH SMCLP BLADE: DATE LOC Page Page 7 Installing and Configuring Directory Services 7 Installing and Configuring Directory Services Glossary Index Page List of Figures 7-22Admin User Gaining Admin Role Right, Example 7-23Admin User Gaining Admin Role Right, Example List of Tables Page About This Document Intended Audience New and Changed Information in This Edition Publishing History Document Organization Typographic Conventions Related Information Warranty Information HP Encourages Your Comments 1 Introduction to iLO 2 MP Features Always-onCapability Virtual Front Panel Multiple Access Methods Security User Access Control The iLO 2 MP supports the following connections simultaneously: •Eight SSH •One local console serial port (RS-232) •Four IPMI over LAN •Four telnet Advanced Features Virtual Media IRC Directory-BasedSecure Authorization Using LDAP Advanced Pack License Supported Systems and Required Components and Cables iLO 2 MP Supported Browsers and Client Operating Systems Security Lights-OutAdvanced/KVM Card 2 Ports and LEDs HP Integrity Server Blade Components Page HP Integrity rx2660 Server Components HP Integrity rx3600 and rx6600 Server Components iLO 2 MP Status LEDs iLO 2 MP Reset Button Console Serial Port and Auxiliary Serial Port iLO 2 MP LAN Port 3 Setting Up and Connecting the Console Setup Checklist Setup Flowchart Preparing to Set Up iLO 2 MP Configuring the iLO 2 MP LAN Using DHCP and DNS Configuring the iLO 2 MP LAN Using ARP Ping ARP Ping has the following operational issues: •The PC and the server must be on the same physical subnet When a new server is first booted, DHCP is automatically available Select one of the following methods to use the ARP Ping utility: 2.Locate an existing server on the network and log in to it Configuring the iLO 2 MP LAN Using the Console Serial Port Logging In to the iLO 2 MP Physically Connecting the Server Blade to the iLO 2 MP Connecting the Server Blade to the iLO 2 MP Using the Onboard Administrator Main Menu Blade or Port Info Auto-Login connect server <bay number> to establish an If iLO 2 MP is rebooted or WHO, UC View and disconnect user connections established through the WHO, DI Administrators Connecting the Server Blade to the iLO 2 MP Using the Console Serial Port Connecting the SUV Cable to the Server Blade Page Additional Setup Setting Up Security Setting Security Access Change the default user name and password. See “Modifying User Accounts and Default Passwords” (page 46) Chapter 7: “Installing and Configuring Directory Services ” (page 147) Page 4 Accessing the Host Console Interacting with the iLO 2 MP Using the Web GUI Accessing the Host Console Using the TUI Accessing the Host Console Using vKVM (Integrated Remote Console) Accessing the Host Console Using SMASH SM CLP Accessing iLO 2 MP Using Onboard Administrator Accessing the Graphic Console Using VGA See“Configuring the iLO 2 MP LAN Using the Console Serial Port” (page 39) To access the graphic console with VGA, follow these steps: 1.Perform preparation tasks Connect the cables. See a.Connect the monitor VGA cable to the appropriate VGA port 5 Configuring DHCP, DNS, LDAP, and LDAP Lite Configuring DHCP Configuring DNS Configuring LDAP Extended Schema Configuring LDAP Lite Default Schema Setting up Directory Security Groups Login Process Using Directory Services Without Schema Extensions 6 Using iLO 2 MP Text User Interface Figure 6-1MP Command Interfaces MP Main Menu The iLO 2 MP can support multiple sessions to perform independent tasks: Table 6-2 lists the MP Main Menu commands Table 6-2MP Main Menu Commands MP Main Menu Commands CO (Console): Leave the Main Menu and enter console mode Ctrl-Ecf Ctrl-B Esc ftp •SEL: High attention events and errors •Forward progress: All events •Boot log: All events between start of boot and boot complete •Previous boot log: The events from the previous boot Table 6-3 shows the events and actions used to navigate within the logs Command Menu Table 6-5 lists the Command Menu commands Table 6-5Command Menu Commands Table 6-5Command Menu Commands (continued) To access the Command menu, enter CM at the MP Main Menu Command Line Interface Scripting 2 MPs. Scripting tools have capabilities that enable you to do the following: •Write scripts that make decisions based on the output of commands •Use variables in the script to customize it for each target automatically •Compensate for delays in output Expect Script Example #Run SL command to dump logs #Run PC command to power on the system send --"pc -on -nc\r Command Menu Commands and Standard Command Line Scripting Syntax -nc BLADE: Normal operation, any issues have been acknowledged Degraded Typically loss of redundancy or partial failure of a component Critical Failure with loss or imminent loss of system function DATE DNS If executed from the If executed in command mode ID: System information settings ID displays and modifies the following: SNMP contact person LDAP Page LOC See also: DNS, LC, SA PC: Power control access Command access level: Power control access is already on OFF Example PR: Power restore policy configuration PS: Power status RB: Reset BMC SNMP To configure a destination IP address for SNMP alerts, enter blank public Command line usage and scripting for server blades: See also: ID SYSREV UC: User Configuration (users, passwords, and so on) Command access level: User administration access UC adds, modifies, re-enables,or deletes any of the following user parameters: •Login ID •Password WHO Web GUI Figure 6-2Status Summary General Page NOTE: The BL c-Class tab is available only on HP Integrity server blades Table 6-6 lists the fields and descriptions Table 6-6Status Summary General Page Description Status Summary > Active Users Figure 6-3Status Summary Active Users Page Table 6-7 lists the fields and descriptions Table 6-7Active Users Page Description Server Status > General Figure 6-4Server Status General Page Table 6-8 lists the fields and descriptions Table 6-8Server Status General Page Description Server Status > Identification Figure 6-5Server Status Identification Page Table 6-9 lists the fields and descriptions Table 6-9Server Status Identification Page Description System Event Log Figure 6-6System Event Log Page Table 6-10 lists the fields, buttons, and descriptions Table 6-10System Event Log Page Description Events Integrated Remote Console (vKVM) IRC Requirements and Usage Administration Before running the IRC, note the following: Remote Console Integrated Remote Console Launch Verify that the system is licensed for IRC use. View this information on the Administration Licensing None •Select Disable Pointer Trails •Deselect Enable Pointer Shadow Motion Pointer Options Figure 6-7Integrated Remote Console Page Table 6-11 lists the fields, buttons, and actions Table 6-11IRC Page Description The IRC displays the host server’s graphics console (Figure 6-8) Figure 6-8Integrated Remote Console Window Table 6-12IRC Window Description Integrated Remote Console Fullscreen 1.To check our desktop properties, right-clickthe desktop and select Properties>Settings>Advanced>Monitor Remote Serial Console View Console Figure 6-9Remote Serial Console Page Ctrl-Ecf •Your emulator can run the supported terminal type •The iLO 2 MP terminal setting in the applet is a supported setting —VT100 —VT100+ Virtual Media Using iLO 2 MP Virtual Media Devices Virtual Devices Virtual CD/DVD “Supported Operating Systems and USB Support for vMedia” (page 102) New Hardware Found NOTE: This features requires that the Java Plug-in1.4.2 or 1.5 is installed Administration 3.Select Local Media Drive Connect Disk>>Image Image>>Disk Create Media Image Local Image File Local Media Drive Figure 6-15Create Media Image Dialog Box Create Disk Image Cancel 2.To continue the installation, click OK on the host server IMPORTANT: Do not click Disconnect to select the next CD/DVD image file 1.Select Local Media Drive in the virtual floppy/USB key section Force read-onlyaccess option option Figure 6-16Virtual Floppy/USB Key To use an image file, follow these steps: Power Management •Power & Reset •Power Meter Readings •Power Regulator Power & Reset Figure 6-17Power & Reset Page Table 6-15 lists the fields, buttons, and descriptions Table 6-15Power & Reset Page Description Table 6-15Power & Reset Page Description (continued) Figure 6-18Power Meter Readings Page Table 6-16 lists the fields, buttons, and descriptions Table 6-16Power Meter Readings Page Description Table 6-16Power Meter Readings Page Description (continued) Power Regulator The following is required in order to use this feature: NOTE: Power regulation does not require the Advanced Pack license Figure 6-19Power Regulator Page Administration The Administration tab enables you to access the following pages: •Firmware Upgrade •Licensing Firmware Upgrade Licensing Figure 6-20Licensing Page •Directory-basedauthentication and authorization using LDAP •LDAP Lite schema-freeintegration •Integrated Remote Console (vKVM) •Virtual Media User Administration > Local Accounts Table 6-19Local Accounts Page Description Group Accounts Figure 6-22Group Accounts Page Table 6-20 lists the fields, buttons, and descriptions Table 6-20Group Accounts Page Description Access Settings The Access Settings tab enables you to access the following pages: •LAN •Serial Table 6-21LAN Page Description Serial Page Figure 6-24Serial Page Table 6-22 lists the fields, buttons, and descriptions Table 6-22Serial Page Description Login Options Page Figure 6-25Login Options Page Table 6-23 lists the fields, buttons, and descriptions Current LDAP Parameters Table 6-24Current LDAP Parameters Page Description Network Settings The Network Settings tab enables you to access the following pages: •Standard •Domain Name Server Figure 6-27Standard Page Table 6-25 lists the fields, buttons, and descriptions Table 6-25Standard Page Description Domain Name Server NOTE: You can only configure the DNS server if DHCP is enabled Figure 6-28Domain Name Server Page Table 6-26 lists the fields, buttons, and descriptions Table 6-26DNS Page Description SNMP Settings Figure 6-29SNMP Settings Page Table 6-27 lists the fields and descriptions Table 6-27SNMP Settings Page Description Reset MP (XD command option ‘R’) for configuration to take effect Click OK and reset the iLO 2 MP BL c-Class Figure 6-30Onboard Administrator Table 6-28 lists the fields and descriptions Table 6-28Onboard Administrator Page Description Table 6-28Onboard Administrator Page Description (continued) Help To access iLO 2 MP help, click the Help tab SMASH Server Management Command Line Protocol •CLP sessions are independent from each other and nonmirrored •Provides a subset of MP CLI commands •Provides access to the MP Main Menu interface and system console interface SM CLP Session Accessing the SM CLP Interface 1.Access the MP Main Menu hpiLO Exiting the SM CLP Interface To terminate an SM CLP session and disconnect from the iLO 2 MP, use the Using the SM CLP Interface <current default target>hpiLO Where <current default target> is your current target Each time a CLI command runs, the output follows this general format: status SM CLP Syntax Command Line Terms <verb> <options> <target> <properties> Where: <verb <options Supported Command Verbs (continued) The following verbs are available for execution from any target: •show •help •cd Command Options Command options control verb behavior show –levelall or show –lall Level Option Forms: Find and display all targets that have the EnabledState property: </map1> hpiLO->show -lall -dproperties=”enabled state” </map1 Find and display all Account targets in the system and their information: </> hpiLO->show -lall account System1 Target Target: SYSTEM1 /system1 system1 Table 6-32 shows system1 target properties Map1 (iLO 2) Target Target: map1 map1 Table 6-33 shows map1 target properties Table 6-33map1 Properties Text Console Services You can invoke the system console and the MP Main Menu from SM CLP textredirectsap map1/textredirectsvc1 Opening the MP Main Menu from SM CLP 6-34 /map1/textredirectsap1Properties Switch to MP Main Menu Switch to Opening the System Console Interface from SM CLP Target: system1/consoles1/textredirectsap1 Firmware Revision Display and Upgrade SM CLP Firmware Targets Changes the current default target Target: map1/swinventory1 Table 6-37 shows swinventory1 target properties Table 6-37swinventory1 Properties Target: map1/swinventory1/swid# Remote Access Configuration Telnet SM CLP Targets SSH Target: map1/sshsvc1 SSH Examples The following examples show specific SSH commands Enable SSH Service Network Configuration Network commands enable you to display or modify network settings SM CLP Network Targets, Properties, and Verbs Target: map1/enetport1 enetport1 Target: map1/enetport1/lanendpt1/ipendpt1 The ipendpt1 target represents the iLO IP endpoint settings Table 6-43 shows ipendpt1 target properties Table 6-43ipendpt1 Properties Target: map1/dhcpendpt1 Page Sets a property to a specific value Target: map1/settings1/dnssettings1 The dnssettings1 target contains iLO 2 MP DNS settings Table 6-48 shows dnssettings1 target properties Table 6-48dnssettings1 Properties Determine Gateway Address Set Gateway Address </>hpiLO->set /map1/enetport1/lanendpt1/ipendpt1/gateway1 AccessInfo=192.0.2.1 Determine Link State (Autosense) </>hpiLO->show -dproperties=autosense /map1/enetport1 User Accounts Configuration Target: map1/group1 The group1 target represents a collection of user accounts on the iLO 2 MP Table 6-50 shows group1 target information Table 6-50group1 Properties LDAP Configuration Target: map1/settings1/oemhp_ldapsettings1 oemhp_ldapsettings1 Table 6-52 shows oemhp_ldapsettings1 target information Table 6-52oemhp_ldapsettings1 Properties LDAP Configuration Examples Configure LDAP parameters This command: Applies the following LDAP settings: Page 7 Installing and Configuring Directory Services Directory Services Features Supported by Directory Integration The iLO 2 MP directory services functionality enables you to do the following: •Authenticate users from a shared, consolidated, scalable user database •Control user privileges (authorization) using the directory service Use roles in the directory service for Schema Documentation Directory Services Support eDirectory Installation Prerequisites http://support.novell.com Required Schema Software http://www.hp.com/servers/lights-out Schema Installer .xml The schema installer includes three important screens: Figure 7-2Schema Setup Screen Directory Server Active Directory Directory Login Setup Directory Services for Active Directory http://www.microsoft.com •Microsoft Knowledge Base articles: —216999 “How to Install the Remote Server Administration Tools in Windows” —321051 “How to Enable LDAP over SSL with a Third-PartyCertification Authority” Preparing Directory Services for Active Directory To set up directory services for use with the iLO 2 MP, follow these steps: Install the Microsoft Admin Pack (the ADMINPAK.MSI 2000 Server Resource Kit), or by doing the following: Installing and Initializing Snap-Insfor Active Directory MPs NewHPObject Device Roles New Object Role Apply Members Lights Out Management Login remoteMonitors Directory Services Objects •iLO •Role •User •Create iLO 2 objects and role objects Remove Setting Login Restrictions Role Restrictions Effective Hours Logon Hours Figure 7-11Logon Hours Screen Defining Client IP Address or DNS Name Access To restrict an IP address, follow these steps: IP/MASK Figure 7-12New IP/Mask Dialog Box Setting User or Group Role Rights Use the Lights Out Management tab (Figure 7-13)to manage rights Figure 7-13Lights Out Management Tab Table 7-1 lists the available Lights Out Management rights Table 7-1Lights Out Management Rights Directory Services for eDirectory From in the region1 organizational unit HP devices a.Select hpqTarget from the list of classes, and click OK Figure 7-15Select Object Subtype Dialog Box c.Select Lights Out Management Device from the list, and click OK remoteAdmins Properties Role Managed Devices HP Management Add users to the role. Click the Directory Services Objects for eDirectory Adding Role Managed Devices Figure 7-17Role Managed Devices Subtab To browse to the specific HP device and add it as a managed device, click Add Adding Members Setting Role Restrictions Setting Time Restrictions Defining Client IP Address or DNS Name Access Add New Restriction Setting Lights-OutManagement Device Rights Figure 7-21 Lights-OutManagement Device Rights Tab Installing Snap-Insand Extending Schema for eDirectory on a Linux Platform Installing the Java Runtime Environment 1.To determine the Java version, execute the following command: #java -version The Java version installed on your system is displayed 2.If Java is not installed on your system, execute the following command: # rpm –iv j2re-1_4_2_04-linux-i586.rpm Using the LDAP Command to Configure Directory Settings in the iLO 2 MP LDAP Command Menu The following is an example of the LDAP command output: User Login Using Directory Services Certificate Services Directory-EnabledRemote Management Directory-enabledremote management enables you to: •Create iLO 2 MP objects: •Configure iLO 2 MP devices: Using Existing Groups Using Multiple Roles Figure 7-22Admin User Gaining Admin Role Right, Example Figure 7-23Admin User Gaining Admin Role Right, Example Creating Roles that Follow Organizational Structure Restricting Roles “Setting Role Restrictions” (page 167) “Setting Time Restrictions” (page 168) Role Time Restrictions How Directory Login Restrictions Are Enforced How User Time Restrictions Are Enforced User Address Restrictions Creating Multiple Restrictions and Roles Directory Services Schema (LDAP) •Core classes •Core attributes Core Classes Table 7-3 lists the core LDAP OID classes Table 7-3Core Classes hpqRole Table 7-6hpqRole hpqPolicy Table 7-7hpqPolicy Core Attribute Definitions hpqTargetMembership Table 7-10hpqTargetMembership hpqRoleIPRestrictionDefault Table 7-11hpqRoleIPRestrictionDefault hpqRoleIPRestrictions iLO 2 MP-SpecificLDAP OID Classes and Attributes iLO 2 MP Classes Table 7-14iLO 2 MP Classes iLO 2 MP Attributes Table 7-15iLO 2 MP Attributes iLO 2 MP Attribute Definitions Table 7-17 through Table 7-22 define the iLO 2 MP core class attributes hpqLOMRightLogin Table 7-17hpqLOMRightLogin hpqLOMRightRemoteConsole hpqLOMRightLocalUserAdmin Table 7-21hpqLOMRightLocalUserAdmin hpqLOMRightConfigureSettings Table 7-22hpqLOMRightConfigureSettings Page Glossary to the client without encroaching upon the standard CLP syntax and semantics Common Information Model (CIM) Domain Protocol (IP) network address Domain Name from right to left Ethernet In-bandSystem Management and the server is functioning properly Integrated Lights Out (iLO) MAP address space encountered Media Access Control (MAC) Schema forms, such as a text file, information in a repository, or diagrams Serial Console configure the system to perform other administrative tasks SM CLP User script interacting with a terminal service such as telnet or SSHv2 User Account system has a user account User Friendly Page Index preparation snap-ininstallation and initialization, 154 snap-ins directory services for eDirectory, 163–171 adding members, 166 adding role-manageddevices creating and configuring directory objects, 163 creating objects