kiler129 / README.md
This small script lets you start iLO Java-based console from shell.
- iLO 2/3 doesn’t have HTML5 console
- Mounting local (from the client computer) ISOs is PAINFULLY slow via HTML5 client
If you just start it, it will ask you for everything:
% ./ilo-console.sh Connecting to iLO 4 (set ILO_VERSION to change) iLO Host: foo iLO Login: bar iLO Password:
You can set the following environment variables:
- ILO_VERSION : iLO version, 2, 3, and 4 are supported
- ILO_HOST : hostname/IP of the server, optionally with port (e.g. example.com , 10.0.0.3 , example.com:1234 )
- ILO_LOGIN : username for iLO
- ILO_SKIP_DEFAULTS : when set to anything it will auto-assume defaults
# Just use provided values % ILO_SKIP_DEFAULTS=1 ILO_HOST=10.0.0.3 ./ilo-console.sh Connecting to iLO 4 (set ILO_VERSION to change) iLO Host: 10.0.0.3 iLO Login: foo iLO Password: # Suggest provided values % ILO_LOGIN=foo ./ilo-console.sh Connecting to iLO 4 (set ILO_VERSION to change) iLO Host: 10.0.0.3 iLO Login [foo]: iLO Password: # Suggested values can be changed % ILO_LOGIN=foo ./ilo-console.sh Connecting to iLO 4 (set ILO_VERSION to change) iLO Host: 10.0.0.3 iLO Login [foo]: bar iLO Password:
Wait, what about ILO_PASSWORD ?!
ExitException: Unable to load resource .
If you’re getting an error similar to the one below:
It means your JRE has TLSv1.1 disabled. Newer versions disable it automatically upon update. Old iLO versions (<4) cannot use TLSv1.2, so the JRE download fails.
To re-enable TLSv1.1 support open Java Control Panel (e.g. on macOS it’s under -> System Preferences -> Java). Navigate to the «Advanced» tab and check «Use TLS 1.1».
In this case you may be having JRE which doesn’t support TLSv1.1 at all. The script has an option for that too — autoproxy. To make it work you need to have mitmdump (part of mitmproxy package) and socat installed in your system.
Then run the script with ILO_AUTOPROXY=1 . It will automatically:
- Setup local proxy to your iLO web ignoring ancient TLS & self-signed certificates error
- Setup local proxy for iLO remote console
- Setup local proxy for iLO virtual media connection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
after spitting some blood about openssl v1.1 which disable the connection with a protocol lower than TLSv1.2 (openssl.cnf on linux),
On the login page i get:
$ curl -fsS --insecure https://realurl:alternateport/json/login_session --data '' curl: (22) The requested URL returned error: 404
I’m still investigating, but if this is well known. more than keen to hear about it.
Настройка iLO на серверах Hewlett Packard через консоль Linux
ILO (Integrated Lights-Out) — механизм управления серверами в условиях отсутствия физического доступа к ним. Применяется фирмой Hewlett Packard для всех своих серверов. Аналог IPMI.
Случалось у каждого, что терялся доступ к iLO, менялся IP или просто забывался, но при этом нарушать работу сервера перезагрузкой не очень хочется.
Для этого случая можем воспользоваться утилитой hponconfig , непосредственно с установленной Linux системы на борту.
Установим
#CentOS, RHEL
yum install hponcfg
#Debian, Ubuntu
apt-get install hponcfg
Импортируем текущие конфигурации в файл
Настройки хранятся в читаемом XML формате, поэтому не составит особого труда в них разобраться.
RIBCL VERSION=«2.0»>
LOGIN USER_LOGIN=«admin» PASSWORD=«password»>
RIB_INFO mode=«write»>MOD_NETWORK_SETTINGS>
ENABLE_NIC VALUE=«Y»/>
SHARED_NETWORK_PORT VALUE=«N»/>
VLAN_ENABLED VALUE=«N»/>
SPEED_AUTOSELECT VALUE=«Y»/>
DHCP_ENABLE VALUE=«N»/>
DHCP_GATEWAY VALUE=«N»/>
DHCP_DNS_SERVER VALUE=«N»/>
DHCP_WINS_SERVER VALUE=«N»/>
DHCP_STATIC_ROUTE VALUE=«N»/>
DHCP_DOMAIN_NAME VALUE=«N»/>
DHCP_SNTP_SETTINGS VALUE=«N»/>
REG_WINS_SERVER VALUE=«Y»/>
REG_DDNS_SERVER VALUE=«Y»/>
PING_GATEWAY VALUE=«Y»/>
IP_ADDRESS VALUE=«18X.6X.X8.X2X»/>
SUBNET_MASK VALUE=«255.255.255.248»/>
GATEWAY_IP_ADDRESS VALUE=«18X.6X.X8.X»/>
DNS_NAME VALUE=«TESTHPSERVER»/>
DOMAIN_NAME VALUE=«»/>
PRIM_DNS_SERVER VALUE=«0.0.0.0»/>
SEC_DNS_SERVER VALUE=«0.0.0.0»/>
TER_DNS_SERVER VALUE=«0.0.0.0»/>
PRIM_WINS_SERVER VALUE=«0.0.0.0»/>
SEC_WINS_SERVER VALUE=«0.0.0.0»/>
SNTP_SERVER1 VALUE=«»/>
SNTP_SERVER2 VALUE=«»/>
TIMEZONE VALUE=«Europe/London»/>
STATIC_ROUTE_1 DEST=«0.0.0.0» MASK=«0.0.0.0» GATEWAY=«0.0.0.0»/>
STATIC_ROUTE_2 DEST=«0.0.0.0» MASK=«0.0.0.0» GATEWAY=«0.0.0.0»/>
STATIC_ROUTE_3 DEST=«0.0.0.0» MASK=«0.0.0.0» GATEWAY=«0.0.0.0»/>
IPV6_STATIC_ROUTE_1 IPV6_DEST=«::» PREFIXLEN=«0» IPV6_GATEWAY=«::» ADDR_STATUS=«INACTIVE»/>
IPV6_STATIC_ROUTE_2 IPV6_DEST=«::» PREFIXLEN=«0» IPV6_GATEWAY=«::» ADDR_STATUS=«INACTIVE»/>
IPV6_STATIC_ROUTE_3 IPV6_DEST=«::» PREFIXLEN=«0» IPV6_GATEWAY=«::» ADDR_STATUS=«INACTIVE»/>
IPV6_PRIM_DNS_SERVER VALUE=«::»/>
IPV6_SEC_DNS_SERVER VALUE=«::»/>
IPV6_TER_DNS_SERVER VALUE=«::»/>
IPV6_DEFAULT_GATEWAY VALUE=«::»/>
IPV6_PREFERRED_PROTOCOL VALUE=«Y»/>
IPV6_ADDR_AUTOCFG VALUE=«Y»/>
IPV6_REG_DDNS_SERVER VALUE=«N»/>
MOD_NETWORK_SETTINGS> RIB_INFO>
RIB_INFO mode=«write»>MOD_GLOBAL_SETTINGS>
SESSION_TIMEOUT VALUE=«30»/>
ILO_FUNCT_ENABLED VALUE=«Y»/>
F8_PROMPT_ENABLED VALUE=«Y»/>
F8_LOGIN_REQUIRED VALUE=«N»/>
HTTPS_PORT VALUE=«443»/>
HTTP_PORT VALUE=«80»/>
REMOTE_CONSOLE_PORT VALUE=«17990»/>
VIRTUAL_MEDIA_PORT VALUE=«17988»/>
SNMP_ACCESS_ENABLED VALUE=«Y»/>
SNMP_PORT VALUE=«161»/>
SNMP_TRAP_PORT VALUE=«162»/>
SSH_PORT VALUE=«22»/>
SSH_STATUS VALUE=«Y»/>
SERIAL_CLI_STATUS VALUE=«3»/>
SERIAL_CLI_SPEED VALUE=«1»/>
VSP_LOG_ENABLE VALUE=«N»/>
MIN_PASSWORD VALUE=«8»/>
AUTHENTICATION_FAILURE_LOGGING VALUE=«3»/>
RBSU_POST_IP VALUE=«Y»/>
ENFORCE_AES VALUE=«N»/>
IPMI_DCMI_OVER_LAN_ENABLED VALUE=«Y»/>
REMOTE_SYSLOG_ENABLE VALUE=«N»/>
REMOTE_SYSLOG_PORT VALUE=«514»/>
REMOTE_SYSLOG_SERVER_ADDRESS VALUE=«»/>
ALERTMAIL_ENABLE VALUE=«N»/>
ALERTMAIL_EMAIL_ADDRESS VALUE=«»/>
ALERTMAIL_SENDER_DOMAIN VALUE=«»/>
ALERTMAIL_SMTP_SERVER VALUE=«»/>
MOD_GLOBAL_SETTINGS> RIB_INFO>
DIR_INFO mode=«write»>MOD_DIR_CONFIG>
DIR_AUTHENTICATION_ENABLED VALUE=«N»/>
DIR_LOCAL_USER_ACCT VALUE=«Y»/>
DIR_SERVER_ADDRESS VALUE=«»/>
DIR_SERVER_PORT VALUE=«636»/>
DIR_OBJECT_DN VALUE=«»/>
DIR_USER_CONTEXT_1 VALUE=«»/>
DIR_USER_CONTEXT_2 VALUE=«»/>
DIR_USER_CONTEXT_3 VALUE=«»/>
DIR_USER_CONTEXT_4 VALUE=«»/>
DIR_USER_CONTEXT_5 VALUE=«»/>
DIR_USER_CONTEXT_6 VALUE=«»/>
DIR_USER_CONTEXT_7 VALUE=«»/>
DIR_USER_CONTEXT_8 VALUE=«»/>
DIR_USER_CONTEXT_9 VALUE=«»/>
DIR_USER_CONTEXT_10 VALUE=«»/>
DIR_USER_CONTEXT_11 VALUE=«»/>
DIR_USER_CONTEXT_12 VALUE=«»/>
DIR_USER_CONTEXT_13 VALUE=«»/>
DIR_USER_CONTEXT_14 VALUE=«»/>
DIR_USER_CONTEXT_15 VALUE=«»/>
DIR_ENABLE_GRP_ACCT VALUE=«N»/>
DIR_GRPACCT1_NAME VALUE=«Administrators»/>
DIR_GRPACCT1_PRIV VALUE=«1,2,3,4,5,6»/>
DIR_GRPACCT1_SID VALUE=«»/>
DIR_GRPACCT2_NAME VALUE=«Authenticated Users»/>
DIR_GRPACCT2_PRIV VALUE=«6»/>
DIR_GRPACCT2_SID VALUE=«S-1-5-11»/>
DIR_KERBEROS_ENABLED VALUE=«N»/>
DIR_KERBEROS_REALM VALUE=«»/>
DIR_KERBEROS_KDC_ADDRESS VALUE=«»/>
DIR_KERBEROS_KDC_PORT VALUE=«88»/>
MOD_DIR_CONFIG> DIR_INFO>
RIB_INFO mode=«write»>MOD_SNMP_IM_SETTINGS>
SNMP_ADDRESS_1 VALUE=«»/>
SNMP_ADDRESS_1_ROCOMMUNITY VALUE=«»/>
SNMP_ADDRESS_1_TRAPCOMMUNITY VERSION=«» VALUE=«»/>
SNMP_ADDRESS_2 VALUE=«»/>
SNMP_ADDRESS_2_ROCOMMUNITY VALUE=«»/>
SNMP_ADDRESS_2_TRAPCOMMUNITY VERSION=«» VALUE=«»/>
SNMP_ADDRESS_3 VALUE=«»/>
SNMP_ADDRESS_3_ROCOMMUNITY VALUE=«»/>
SNMP_ADDRESS_3_TRAPCOMMUNITY VERSION=«» VALUE=«»/>
SNMP_V3_ENGINE_ID VALUE=«»/>
TRAP_SOURCE_IDENTIFIER VALUE=«iLO Hostname»/>
RIB_TRAPS VALUE=«Y»/>
OS_TRAPS VALUE=«Y»/>
COLD_START_TRAP_BROADCAST VALUE=«Y»/>
SNMP_V1_TRAPS VALUE=«Y»/>
SNMP_PASSTHROUGH_STATUS VALUE=«N»/>
WEB_AGENT_IP_ADDRESS VALUE=«»/>
CIM_SECURITY_MASK VALUE=«3»/>
SNMP_SYS_CONTACT VALUE=«»/>
SNMP_SYS_LOCATION VALUE=«»/>
AGENTLESS_MANAGEMENT_ENABLE VALUE=«Y»/>
SNMP_SYSTEM_ROLE VALUE=«»/>
SNMP_SYSTEM_ROLE_DETAIL VALUE=«»/>
SNMP_USER_PROFILE INDEX=«1»>
SECURITY_NAME VALUE=«»/>
AUTHN_PROTOCOL VALUE=«0»/>
AUTHN_PASSPHRASE VALUE=«»/>
PRIVACY_PROTOCOL VALUE=«0»/>
PRIVACY_PASSPHRASE VALUE=«»/>
SNMP_USER_PROFILE>
SNMP_USER_PROFILE INDEX=«2»>
SECURITY_NAME VALUE=«»/>
AUTHN_PROTOCOL VALUE=«0»/>
AUTHN_PASSPHRASE VALUE=«»/>
PRIVACY_PROTOCOL VALUE=«0»/>
PRIVACY_PASSPHRASE VALUE=«»/>
SNMP_USER_PROFILE>
SNMP_USER_PROFILE INDEX=«3»>
SECURITY_NAME VALUE=«»/>
AUTHN_PROTOCOL VALUE=«0»/>
AUTHN_PASSPHRASE VALUE=«»/>
PRIVACY_PROTOCOL VALUE=«0»/>
PRIVACY_PASSPHRASE VALUE=«»/>
SNMP_USER_PROFILE>
MOD_SNMP_IM_SETTINGS> RIB_INFO>
SERVER_INFO mode=«write»>SET_HOST_POWER_SAVER HOST_POWER_SAVER=«3»/> SERVER_INFO>
USER_INFO mode=«write»>
ADD_USER USER_NAME=«Administrator» USER_LOGIN=«Administrator» PASSWORD=«%user_password%»>ADMIN_PRIV value=«Y»/>REMOTE_CONS_PRIV value=«Y»/>RESET_SERVER_PRIV value=«Y»/>VIRTUAL_MEDIA_PRIV value=«Y»/>CONFIG_ILO_PRIV value=«Y»/> ADD_USER>
ADD_USER USER_NAME=«admin» USER_LOGIN=«admin» PASSWORD=«%user_password%»>ADMIN_PRIV value=«Y»/>REMOTE_CONS_PRIV value=«Y»/>RESET_SERVER_PRIV value=«Y»/>VIRTUAL_MEDIA_PRIV value=«Y»/>CONFIG_ILO_PRIV value=«Y»/> ADD_USER> user_INFO>
USER_INFO>
SSO_INFO mode=«write»>MOD_SSO_SETTINGS>TRUST_MODE VALUE=«DISABLED»/>USER_ROLE LOGIN_PRIV=«Y»/>USER_ROLE REMOTE_CONS_PRIV=«N»/>USER_ROLE VIRTUAL_MEDIA_PRIV=«N»/>USER_ROLE RESET_SERVER_PRIV=«N»/>USER_ROLE CFG_ILO_PRIV=«N»/>USER_ROLE ADMIN_PRIV=«N»/>OPERATOR_ROLE LOGIN_PRIV=«Y»/>OPERATOR_ROLE REMOTE_CONS_PRIV=«Y»/>OPERATOR_ROLE VIRTUAL_MEDIA_PRIV=«Y»/>OPERATOR_ROLE RESET_SERVER_PRIV=«Y»/>OPERATOR_ROLE CFG_ILO_PRIV=«N»/>OPERATOR_ROLE ADMIN_PRIV=«N»/>ADMINISTRATOR_ROLE LOGIN_PRIV=«Y»/>ADMINISTRATOR_ROLE REMOTE_CONS_PRIV=«Y»/>ADMINISTRATOR_ROLE VIRTUAL_MEDIA_PRIV=«Y»/>ADMINISTRATOR_ROLE RESET_SERVER_PRIV=«Y»/>ADMINISTRATOR_ROLE CFG_ILO_PRIV=«Y»/>ADMINISTRATOR_ROLE ADMIN_PRIV=«Y»/> MOD_SSO_SETTINGS> SSO_INFO>
SERVER_INFO mode=«write»>SERVER_AUTO_PWR VALUE=«RESTORE»/> SERVER_INFO>
LOGIN>
RIBCL>
Для того, чтобы назначить статический IP-адрес, необходимо изменить настройки:
DHCP_ENABLE VALUE=«N»/>
IP_ADDRESS VALUE=«18X.6X.X8.X2X»/>
SUBNET_MASK VALUE=«255.255.255.248»/>
GATEWAY_IP_ADDRESS VALUE=«18X.6X.X8.X»/>
После внесения всех изменений импортируем настройки.
Добавим пользователя
Сформируем новый файл user.cfg с содержимым:
ribcl version=«2.0»>
login USER_LOGIN=«admin» PASSWORD=«password»>
user_INFO MODE=«write»>
add_USER
USER_NAME=«your_name»
USER_LOGIN=«login»
PASSWORD=«password»>
reset_SERVER_PRIV value=«Y»/>
admin_PRIV value=«Y»/>
add_USER>
user_INFO>
login>
ribcl>
# hponcfg -f user.cfg
HP Lights-Out Online Configuration utility
Version 4.2.0 Date 6/10/2013 (c) Hewlett-Packard Company, 2013
Firmware Revision = 1.22 Device type = iLO 4 Driver name = hpilo
Script succeeded
Теперь можем авторизоваться с новым логином/паролем в панели iLO.
Модификация существующего пользователя
Для модификации существующего пользователя, сфорумируем файл user_modify.cfg
ribcl VERSION=«2.0»>
login USER_LOGIN=«admin» PASSWORD=«password»>
user_INFO MODE=«write»>
mod_USER USER_LOGIN=«Administrator»>
password value=«newpass»/>
mod_USER>
user_INFO>
login>
ribcl>
По завершении редактирования также экспортируем настройки, как было выполнено на прошлом шаге.
iLO 4 Remote Console in Linux
I had some problems accessing my HP server’s remote console.
I’m using Debian 9.5.. with OpenJDK-8.. it just dont work. I found a workaround so I would like to share it with you!
2. Extract and move it to /opt (as root)
3. Download .jnlp file by clicking “Java Web Start”
4. Run javaws and follow the dialogs.
Optional. You can also associate the .jnlp with /opt/jre1.8.0_181/bin/javaws.
[11-08-2019] Edit: Meantime HPE added HTML 5 Remote Console support for iLO 4, so you will need to upgrade your machine’s iLO.
14 Replies to “iLO 4 Remote Console in Linux”
Thanks a lot. You have saved me too 😉
Your solution ended up in my personal knowledge management system with Obsidian . . for the next time I need it
Thanks! However it seems like the current java version, 8u321, refuses to fetch the jre file from the ILO server. As I previously had trouble even connecting with a web browser due to ILO using old TLS 1.1 or 1.0 I tried editing /opt/jre1.8.0_321/lib/security/java.security to enable TLS 1.0 and 1.1 but that didn’t help. It also seems like Oracle don’t want users to download older versions of the runtime (and since I’m not a developer it seems a bit overkill to download the full devkit). And yes, I’ve upgraded the ILO firmware to the latest version. (This isn’t really super important to me; I’m just playing around with this at home using an old DL380 G7).