HP iLO 4 Scripting and Command Line Guide Abstract This document describes the syntax and tools available for use with the HP iLO firmware through the command line or a scripted interface. This document is for the person who installs, administers, and troubleshoots servers and storage systems. HP assumes you are qualified in the servicing of computer equipment and trained in recognizing hazards in products with hazardous energy levels.
© Copyright 2012, 2014 Hewlett-Packard Development Company, L.P Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents 1 Introduction.............................................................................................13 Scripting and command line guide overview..............................................................................13 Scripting and command line utilities..........................................................................................13 HPQLOCFG Utility.............................................................................................................14 LOCFG.
SMASH CLP command line access............................................................................................35 Using the command line..........................................................................................................35 Escape commands..................................................................................................................36 Base commands................................................................................................................
MOD_USER runtime errors.............................................................................................74 GET_ALL_USERS................................................................................................................74 GET_ALL_USERS parameters...........................................................................................75 GET_ALL_USERS runtime errors.......................................................................................
MOD_NETWORK_SETTINGS..............................................................................................89 MOD_NETWORK_SETTINGS runtime errors.....................................................................92 MOD_NETWORK_SETTINGS parameters........................................................................92 GET_GLOBAL_SETTINGS....................................................................................................96 GET_GLOBAL_SETTINGS parameters..............................
CERTIFICATE_SIGNING_REQUEST errors.......................................................................116 IMPORT_CERTIFICATE......................................................................................................116 IMPORT_CERTIFICATE parameters.................................................................................117 IMPORT_CERTIFICATE errors.........................................................................................117 AHS_CLEAR_DATA.................................
GET_SECURITY_MSG.......................................................................................................125 GET_SECURITY_MSG parameters..................................................................................125 GET_SECURITY_MSG return messages...........................................................................126 GET_SECURITY_MSG runtime errors..............................................................................126 SET_SECURITY_MSG....................................
MOD_DIR_CONFIG........................................................................................................141 MOD_DIR_CONFIG parameters...................................................................................143 MOD_DIR_CONFIG runtime errors................................................................................145 MOD_KERBEROS........................................................................................................145 RACK_INFO....................................
GET_SERVER_FQDN/GET_SMH_FQDN return messages.................................................158 SERVER_FQDN/SMH_FQDN............................................................................................158 SERVER_FQDN/SMH_FQDN parameters......................................................................158 SERVER_FQDN/SMH_FQDN return messages................................................................158 SERVER_FQDN/SMH_FQDN runtime errors.......................................................
COLD_BOOT_SERVER......................................................................................................177 COLD_BOOT_SERVER parameters.................................................................................177 COLD_BOOT_SERVER runtime errors.............................................................................177 WARM_BOOT_SERVER....................................................................................................177 WARM_BOOT_SERVER parameters...................
XML enhancements...............................................................................................................193 Opening an SSL connection...................................................................................................193 Sending the XML header and script body................................................................................194 11 iLO 4 ports...........................................................................................
1 Introduction Scripting and command line guide overview HP iLO 4 provides multiple ways to configure, update, and operate HP ProLiant servers remotely. The HP iLO User Guide describes each feature and explains how to use these features with the browser-based interface and RBSU. For more information, see the HP iLO User Guide on the HP website at http://www.hp.com/go/ilo/docs.
Table 1 HP iLO 4 1.40 scripting and command line utilities required versions Utility Version Version notes for iLO 4 1.40 HPQLOCFG 1.1 HP Lights-Out Configuration Utility. This replaces the CPQLOCFG utility. HPONCFG 4.3.0 To use this version of the HP Lights-Out Online Configuration Utility you must also upgrade your Channel Interface Driver (CHIF) to version 3.9.0.0. LOCFG.PL 4.30 This utility is available in the HP Lights-Out XML Scripting Sample 4.2.0 bundle. HPLOMIG 4.
IPMI The IPMI specification is a standard that defines a set of common interfaces to a computer system. System administrators can use IPMI to monitor system health and manage the system. IPMI 2.0 defines a mandatory system interface, and an optional LAN interface. The iLO processor supports both interfaces. The IPMI specification defines a standardized interface for platform management.
◦ ◦ ◦ • – MOD_FEDERATION_GROUP – SET_FEDERATION_MULTICAST Insight Remote Support Direct Connect commands: – DC_REGISTRATION_COMPLETE – SET_ERS_DIRECT_CONNECT – SET_ERS_WEB_PROXY Boot configuration commands: – GET_CURRENT_BOOT_MODE – GET_PENDING_BOOT_MODE – GET_SUPPORTED_BOOT_MODE – SET_PENDING_BOOT_MODE Encryption commands: – GET_ENCRYPT_SETTINGS – GET_TPM_STATUS – MOD_ENCRYPT_SETTINGS Updated the following commands: ◦ SET_ONE_TIME_BOOT ◦ SET_PERSISTENT_BOOT HP Insight Contr
2 HPQLOCFG usage The HPQLOCFG.EXE utility is a Windows-based utility that connects to iLO using a secure connection over the network. RIBCL scripts are passed to iLO over the secure connection to HPQLOCFG. This utility requires a valid user ID and password with the appropriate privileges. Launch the HPQLOCFG utility from HP SIM for Group Administration, or launch it independently from a command prompt for batch processing. Download this utility from the HP website at: http://www.hp.com/support/ilo4.
https:///xmldata?item=all Alternatively, you can select option 1) Enabled (iLO+Server Association Data) from iLO.
0 3.0 0 1 1 Onboard Administrator 123.456.78.90 TestRACK TestRACKEnc-C 2 Creating a system collection in HP SIM To quickly see all system management processors, login to SIM and in the System and Event Collections panel, scroll down to and select All Management Processors.
HPQLOCFG -S RIB1 -F C:\...SCRIPT.XML -L RIB1LOG.TXT -V HPQLOCFG -S RIB2 -F C:\...SCRIPT.XML -L RIB2LOG.TXT -V HPQLOCFG -S RIB3 -F C:\...SCRIPT.XML -L RIB3LOG.TXT -V . . . RIBNLOG -S RIBN -F C:\...SCRIPT.XML -L LOGFILE.TXT -V HPQLOCFG overwrites any existing log files. HPQLOCFG command line parameters For information on the syntax of the XML data files, see “RIBCL XML Scripting Language” (page 64). Download sample XML scripts from the HP website at http://www.hp.com/go/ilo. .
Command line switches The following command line switches are available to be used with HPQLOCFG.EXE: Table 2 HPQLOCFG command line switches Switch Effect -S Determines the iLO that is to be updated. This switch is followed by either the DNS name or IP address of the target server. When using IPv6 addresses, you can optionally add the port number preceded by a colon (). NOTE: Do not use this switch if you are launching from HP SIM.
Example 2 Web agent example (Mod_SNMP_IM_Settings.xml): PAGE 23
3 LOCFG.PL usage LOCFG.PL Utility To use the LOCFG.PL utility, you must have the following PERL modules: • Net::SSLeay • IO::Socket::SSL You must also have a valid iLO user account and password for each XML script to use LOCFG.PL. To process the request, your account must have the appropriate iLO privileges. The LOCFG.PL script connects to iLO using an SSL connection. For example: perl locfg.pl -s {servername|ipaddress}[:port] [-l logfilename]-f input_filename [-u username -p password] [iLO 4] LOCFG.
4 HPONCFG online configuration utility HPONCFG The HPONCFG utility is an online configuration tool used to set up and configure iLO from within Windows and Linux operating systems without requiring a reboot of the server operating system. HPONCFG runs in a command line mode and must be executed from an operating system command line using an account with administrator or root access. HPONCFG provides a limited graphical interface for servers that use Windows operating systems.
it is included as an RPM package file. HPONCFG packages are included in the Service Pack for ProLiant (SPP). Windows server installation HPONCFG installs automatically when the Service Pack for ProLiant is installed. To install HPONCFG manually, run the self-extracting executable. HPONCFG creates a directory at: %Program files%\HP\hponcfg. Linux server installation HPONCFG is installed automatically when Service Pack for ProLiant is installed.
HPONCFG command line parameters HPONCFG accepts the following command line parameters: Table 4 HPONCFG command line parameters Parameter Effect /help or ? Displays the help page /reset Resets the iLO to factory default values /f filename Sets and receives the iLO configuration from the information given in the XML input file that has name filename /i filename Sets and receives iLO configuration from XML input received through the standard input stream /w filename Writes the iLO configuration obta
| | | | [/xmlverbose or /v][/m firmwarelevel] [/a] /w filename [/m firmwarelevel] /get_hostinfo [/m firmwarelevel] /mouse [/dualcursor][/allusers] /display [/allusers] For more information on using these parameters, see “HPONCFG command line parameters” (page 26). Using HPONCFG on Linux servers Invoke the HPONCFG configuration utility from the command line. HPONCFG displays a usage page if it is entered with no command line parameters.
PAGE 29
PAGE 30
Specify values for the variables when you run HPONCFG by using the substitute option.
hponcfg /f config.
5 SMASH CLP usage SMASH CLP The DMTF SMASH initiative is a suite of specifications that deliver architectural semantics, industry standard protocols and profiles to unify the management of the data center. The SMASH CLP specification enables simple and intuitive management of heterogeneous servers in the data center. For more information, see “SMASH CLP Scripting Language” (page 35).
6 IPMI usage The IPMI utility Use the Linux IPMI tool and Windows IPMI util applications to test the IPMI interfaces on server platforms. The Linux IPMI tool is used in environments where scripting is used as the base for platform monitoring. The Windows IPMI util has a dependency on the IPMI driver if using "in-band" (or from a command prompt). The Windows IPMI driver is delivered in Windows Server 2008 R2. IPMI support might be available in later updates of Windows Server 2003 R2.
Most Linux IPMI tool commands can be issued remotely, including retrieving the IML entries and current sensor readings. The following parameter is required to enable the IPMI 2.0 RMCP+ protocol: -l lanplus Advanced IPMIutil usage on Windows Use the Windows IPMIutil.exe application for remote IPMI access to iLO. The commands, although different, provide similar functionality. • To retrieve the general status of iLO, enter: C:\> ipmiutil.
7 SMASH CLP Scripting Language SMASH CLP command line overview SMASH CLP provides a standardized set of commands for the configuration and control of management processors (called Management Access Points) and host systems. On iLO, SMASH CLP is accessed through the SSH port. SMASH CLP command line access The iLO 4 firmware features enable you to execute the supported commands from a SMASH CLP command line.
status is set to Enabled-No Authentication, then all the commands are executed without verifying the privilege level. The general syntax of a CLP command is:
ESC ESC Erases the current line. There is a one second timeout for entering any of the escape sequence characters. Base commands Following are the base commands for use on the command line: help Displays context-sensitive help and all supported commands command help/? Displays the help message specific to that command exit Terminates the CLP session cd The command sets the current default target. The context works like a directory path.
set Sets a property or set of properties to a specific value, and resets iLO to implement the changes. start Causes a target to change the state to a higher run level. stop Causes a target to change the state to a lower run level. version The command queries the version of the CLP implementation or other CLP elements. For example: hpiLO-> version status=0 status_tag=COMMAND COMPLETED SM-CLP Version 1.0 oemhp_ping The command determines if an IP address is reachable from the current iLO session.
Targets All local users are valid targets. For example, if three local users have the login names Administrator, admin, and test, then valid targets are: • Administrator • admin • test Table 5 User Command Properties Property Access Description username read/write Corresponds to the iLO 4 login name. password read/write Corresponds to the password for the current user. name read/write Displays the name of the user.
Table 6 HP SSO Properties Property Access Description oemhp_ssotrust Read/write The Single Sign-On required trust level. Valid values are: • disabled • all • name • certificate oemhp_ssouser Read/write The privileges associated with the user role. Valid values are: • login • oemhp_rc • oemhp_power • oemhp_vm • config • admin oemhp_ssooperator Read/write The privileges associated with the operator role.
• To load an SSO certificate from an HP SIM 7.
Verbs ◦ cd ◦ version ◦ exit ◦ show ◦ set For example set /map1/enetport1 Speed=100 set /map1/enetport1/lanendpt1/ipendpt1 IPv4Address=15.255.102.245 SubnetMask=255.255.248.
• dnsserver2 Properties • ◦ AccessInfo ◦ AccessContext dnsserver3 Properties • ◦ AccessInfo ◦ AccessContext settings1 ◦ Targets DNSSettings1 Properties – DNSServerAddress – RegisterThisConnection – DomainName – DHCPOptionToUse WINSSettingData1 Properties ◦ • – WINSServerAddress – RegisterThisConnection – DHCPOptionToUse Verbs – cd – version – exit – show StaticIPSettings1 Properties ◦ oemhp_SRoute1Address ◦ oemhp_Mask1Address ◦ oemhp_Gateway1Address ◦ oemhp_
◦ oemhp_Gateway3Address ◦ DHCPOptionToUse Specify one or more properties on the command line. If multiple properties are on the same command line, they must be separated by a space. The iLO firmware resets after the network settings have been applied. For example, the following command sets the iLO network port to the shared network port NIC on the server motherboard. This NIC is referred to as the LOM elsewhere in iLO documentation. Not all servers have this hardware.
Table 7 iLO Properties (continued) Property Access Description oemhp_serialclistatus Read/Write Enables or disables CLP session through serial port. Boolean values are accepted. oemhp_serialcliauth Read/Write Enables or disables authorization requirement for CLP session through serial port. Boolean values are accepted. oemhp_serialclispeed Read/Write Sets the serial port speed for the CLP session. The valid values are 9600, 19200, 38400, 57600, and 115200.
The iLO 4 embedded health CLP settings are: • /system1/fan* • /system1/sensor* • /system1/powersupply* Targets • Fan • Sensor • Powersupply Table 8 Embedded Health Properties Property Access Description DeviceID Read Displays fan, sensor, or power supply label number ElementName Read Displays fan, sensor, or power supply location OperationalStatus Read Displays fan, sensor, or power supply operational status VariableSpeed Read Displays if fan is operating at variable speed Desired
/system1/sensor1 Targets Properties DeviceID=VRM 1 ElementName=CPU 1 OperationalStatus=Ok RateUnits=Volts CurrentReading=0 SensorType=Voltage HealthState=Ok oemhp_CautionValue=0 oemhp_CriticalValue=0 Other sensor targets show system temperatures.
Table 9 SNMP Command Properties (continued) Property Access Description oemhp_imdatalevel Read/Write Determines if the LOM device responds to anonymous XML queries. Enable or disable valid selections. oemhp_agentlessenable Read/Write Displays or modifies the SNMP Agentless Management. Valid values are 'yes', or 'no'. If Agentless Management is disabled, SNMP passthru will be enabled. oemhp_systemlocation Read/Write Displays or modifies SNMP System Location for when Agentless Management is enabled.
Specify one or more properties on the command line. If multiple properties are on the same command line, they must be separated by a space. License commands License commands enable you to display and modify the iLO license. Table 10 (page 49) shows the License command properties.
Table 12 Directory Command Properties Property Access Description oemhp_dirauth Read/Write Enables or disables directory authentication. Valid settings are as follows: • extended_schema Uses HP extended schema • default_schema Uses schema-free directories • disabled Directory-based authentication is disabled oemhp_localacct Read/Write Enables or disables local account authentication. This property can be disabled only if directory authentication is enabled. Boolean values accepted.
Virtual Media commands Access to the iLO virtual media is supported through the CLP. Table 13 (page 51) shows the Virtual Media command targets. Table 14 (page 51) shows the Virtual Media command properties. The virtual media subsystem is located at: /map1/oemhp_vm1. For more information, see the HP iLO User Guide on the HP website at: http://www.hp.com/go/ ilo/docs. Targets The virtual media targets are shown in Table 13 (page 51).
• hostname—Mandatory field • port—Optional field • filename—Mandatory field The CLP performs only a cursory syntax verification of the URL value. You must visually verify that the URL is valid. For example • set oemhp_image=http://imgserver.company.com/image/dosboot.bin • set oemhp_image=http://john:abc123@imgserver.company.com/VMimage/ installDisk.iso Tasks • To insert a floppy USB key image into the Virtual Floppy/USBKey, enter: cd /map1/oemhp_vm1/floppydr1 show set oemhp_image=http://my.
• To eject a CD-ROM image from the Virtual CD-ROM, enter: cd /map1/oemhp_vm1/cddr1 set oemhp_boot=disconnect This example executes the following commands: • ◦ Changes the current context to the CD-ROM drive ◦ Issues the disconnect command that disconnects the media and clears the oemhp_image To insert a CD-ROM image and set for single boot, enter: cd /map1/oemhp_vm1/cddr1 set oemhp_image=http://my.imageserver.com/ISO/install_disk1.
The following commands are supported if the current target is: /system1 • start • stop The following commands are supported if the current target is: /map1 • reset Set the status of the manual_iLO_reset property using the following commands: • set /map1/ manual_ilo_reset=yes • set /map1/ manual_ilo_reset=no Firmware commands Firmware commands enable you to display and modify the iLO 4 firmware version. Table 17 (page 54) shows the Firmware Update properties.
NOTE: Firmware components loaded will be flashed onto the system, replacing the existing versions. If the firmware flash was successful, then the status_tag of COMMAND COMPLETED will be shown. If iLO firmware was flashed, then a reset of iLO will occur. If a Trusted Platform Module (TPM) is installed and enabled the load command must include the '-TPM_force' option after the URL. Otherwise the command will fail.
record:1..n Where n is the total number of records. Table 18 Eventlog Command Properties Property Access Description number read Displays the record number for the event. severity read Displays the severity of the event. Severity levels are informational, noncritical, critical, or unknown. date read Displays the event date. time read Displays the event time. description read Displays a description of the event. For example • show /system1/log1—Displays the IML.
The boot source targets and matching boot source values do not change. The values for bootsource are: • bootsource1: BootFmCd • bootsource2: BootFmFloppy • bootsource3: BootFmDrive • bootsource4: BootFmUSBKey • bootsource5: BootFmNetwork Table 21 Boot Command Properties Property Access Description bootorder Read/write Configures the boot order for a given boot source For example When configuring bootorder, first list the current boot order by entering show -all /system1/bootconfig1.
Properties bootorder=5 Verbs cd version exit show set To change the boot order, enter the following command: set /system1/bootconfig1/bootsource bootorder=. For example, to move bootsource1 (BootfmCd) to be the primary boot device: hpiLO-> set bootsource1 bootorder=1 Bootorder being set.
Targets Properties bootorder=2 oemhp_description=Embedded FlexibleLOM 1 Port 1 : HP FlexFabric 10Gb 2-port 534FLB Adapter (IPv6) Verbs cd version exit show set To change the boot order for UEFI enabled systems, enter the following command: set /system1/bootconfig1/oemhp_uefibootsource bootorder=. For example, to move uefibootsource2 to be the primary boot device: hpiLO-> set oemhp_uefibootsource2 bootorder=1 Bootorder being set.
System properties and targets The properties and targets described in this section provide information about the server. Table 23 (page 60) shows the System targets. Table 24 (page 61) shows the System properties.
The following properties are available in: /system1 Table 24 System Properties Property Access Description name Read Displays the system name. number Read Displays the system serial number. oemhp_server_name Read Displays the host server name string. This string can be up to 50 characters in length, and requires the Configure iLO Settings privilege to change. enabledstate Read Appears if the server is powered up. processor_number Read Displays the number of logical processors in the system.
memory_technology=64-bit Capable cachememory1=256KB cachememory2=2048KB cachememory3=20480KB The memory property displays information about the system memory. Table 26 (page 62) shows the System memory properties. The properties are available at: /system1/memoryn Where n is the memory DIMM number. Table 26 System Memory Properties Property Access Description size Read Displays the memory size. speed Read Displays the memory speed. location Read Displays the location of the memory.
Other commands Other commands include the following: start /system1/oemhp_vsp1 Starts a virtual serial port session. Press Esc ( to return to the CLI session. nmi server Generates and sends an NMI to the server. It is limited to users with the Virtual Power and Reset privilege.
8 RIBCL XML Scripting Language Overview of the RIBCL RIBCL enables you to write XML scripts to configure and manage iLO 4 configuration settings, user accounts, directory settings, server settings, and HP SSO settings. Download the sample scripts from the HP website at http://www.hp.com/go/ilo. Click iLO Sample Scripts for Windows or Lights-Out XML scripting sample for Linux on the Resources tab, under Support..
Table 30 XMLILO output (GET_FW_VERSION) (continued) Output with header Output without header /> PAGE 66
Unsupported Microsoft Windows quote characters: Support for Windows-specific smart-quotes (“ ” and ‘ ’) as content delimiters in XML is being phased out. Be sure to replace any smart-quote characters in your script with normal double or single quotes (" and '). Specific string A specific string is one that is required to contain certain characters. In general, you have a choice of words that are accepted as correct syntax and all other words produce an error.
The RIBCL version is incorrect. The correct version is or later. Update the RIBCL script to be compatible with the current RIBCL version. RIBCL runtime errors The possible RIBCL error messages include: • Version must not be blank. • The RIBCL version is incorrect. The correct version is X.XX or later. Combining multiple commands in one RIBCL script To combine multiple commands in a single RIBCL script, enclose each command in a top level *_INFO tag.
Example 3 Incorrectly combined script PAGE 69
execute RIBCL commands. The user privileges are verified against the required privilege for a particular command, and an error is returned if the privilege level does not match. For example: Alternatively, the HPQLOCFG utility allows you to specify the login information as parameters on the command line using switches: hpqlocfg -u username -p password LOGIN parameters USER_LOGIN is the login name of the user account.
ADD_USER parameters USER_NAME is the actual name of the user. This parameter can be a combination of any printable characters up to a maximum length of 39 characters.
• Password is too long. • User table is full. No room for new user. • Cannot add user. The user name already exists. • User information is open for read-only access. Write access is required for this operation. • User name cannot be blank. • User login ID cannot be blank. • Boolean value not specified. • User does not have correct privilege for action. ADMIN_PRIV required. DELETE_USER The DELETE_USER command is used to remove an existing local user account.
DEL_SSH_KEY parameters None DEL_SSH_KEY runtime errors Possible DEL_SSH_KEY runtime errors include: • User login name must not be blank • User does not have correct privilege for action. ADMIN_PRIV required. • Unable to clear the SSH key. GET_USER The GET_USER command returns local user information, excluding the password. The USER_LOGIN parameter must exist in the current user database.
MOD_USER The MOD_USER command is used to modify an existing local user account. The USER_LOGIN parameter must exist in the current user database. For this command to parse correctly, the command must appear within a USER_INFO command block, and USER_INFO MODE must be set to write. The user must have the Administer User Accounts privilege. Otherwise, the user can only modify their individual account password.
USER_NAME is the actual name of the user to be modified. This parameter is not case sensitive, can be any valid string, and has a maximum length of 39 characters. This string is used for display only and must not be left blank. PASSWORD is the password associated with the user. This parameter is case sensitive and can be a combination of any printable characters. The length is user defined and can be a minimum of zero characters and a maximum of 39 characters.
GET_ALL_USERS parameters None GET_ALL_USERS runtime errors The possible GET_ALL_USERS error messages include: • User does not have correct privilege for action. ADMIN_PRIV required.
GET_ALL_USER_INFO runtime errors The possible GET_ALL_USER_INFO error messages include: User does not have correct privilege for action. ADMIN_PRIV required. GET_ALL_USER_INFO return messages A possible GET_ALL_USER_INFO return message is: ...... The same information will be repeated for all the users.
RESET_RIB The RESET_RIB command is used to reset iLO. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE can be set to read or write. The user must have the Configure iLO Settings privilege to execute this command. For example: PAGE 78
GET_EVENT_LOG runtime errors GET_EVENT_LOG returns a runtime error if it is not called from within the RIB_INFO or SERVER_INFO block. For example: GET_EVENT_LOG return messages The response includes all of the events recorded, in the order that they occurred. Events are not sorted by severity or other criteria.
COUNT="1" DESCRIPTION="POST Error: 1775-Drive Array ProLiant Storage System not Responding" /> ... GET_FEDERATION_MULTICAST Use the GET_FEDERATION_MULTICAST command to retrieve the current federation multicast options. The response includes values for Multicast Discovery, Multicast Announcement Interval, IPv6 Multicast Scope, and Multicast TTL. The command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to read. For example: PAGE 80
SET_FEDERATION_MULTICAST parameters MULTICAST_DISCOVERY_ENABLED enables or disables multicast discovery. Value must be either Yes (enabled) or No (disabled). When enabled, this parameters makes the iLO discoverable as federated on the network.
GET_FEDERATION_ALL_GROUPS return messages The following response is typical of the data returned from the GET_FEDERATION_ALL_GROUPS command: PAGE 82
<
GET_FEDERATION_GROUP return messages The following response is typical of the data returned from the GET_FEDERATION_GROUP command: PAGE 84
RESET_SERVER_PRIV—Virtual Power and Reset—Enables members of a group to power-cycle or reset the local iLO system. VIRTUAL_MEDIA_PRIV—Virtual Media—Enables members of a group to use scripted Virtual Media with the local iLO system. CONFIG_ILO_PRIV—Configure iLO Settings—Enables members of a group to configure most iLO settings, including security settings, and to remotely update firmware. LOGIN_PRIV—Login—Enables members of a group to log in to iLO.
RESET_SERVER_PRIV—Virtual Power and Reset—Enables members of a group to power-cycle or reset the local iLO system. VIRTUAL_MEDIA_PRIV—Virtual Media—Enables members of a group to use scripted Virtual Media with the local iLO system. CONFIG_ILO_PRIV—Configure iLO Settings—Enables members of a group to configure most iLO settings, including security settings, and to remotely update firmware. LOGIN_PRIV—Login—Enables members of a group to log in to iLO.
CLEAR_EVENTLOG The CLEAR_EVENTLOG command clears the iLO Event Log. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write. The user must have the Configure iLO Settings privilege to execute this command. For example: PAGE 87
COMPUTER_LOCK_CONFIG parameters COMPUTER_LOCK value— You can customize Windows, Linux and other operating systems by setting the value: • windows—Sets the command to define the computer lock for a Windows based operating system. The computer lock on Windows based operating systems defaults to the Windows logo + L keys. • custom—Sets the command to define the computer lock for a non-Windows based operating system. • disabled—Disables the computer lock feature.
GET_NETWORK_SETTINGS return messages A possible GET_NETWORK_SETTINGS return message is:
IPV6_GATEWAY="::" ADDR_STATUS="INACTIVE"/> If the request is unsuccessful, y
PAGE 91
RBSU POST IP example: Shared network port example: PAGE 92
NIC_SPEED is used to set the transceiver speed if SPEED_AUTOSELECT is set to No. The possible values are 10, 100, or Automatic. If SPEED_AUTOSELECT is set to N, and NIC_SPEED is set to Automatic, the current value is retained. In other words, if SPEED_AUTOSELECT is set to N, then Automatic is not an applicable value for NIC_SPEED. FULL_DUPLEX is used to decide if iLO is to support full-duplex or half-duplex mode. It is only applicable if SPEED_AUTOSELECT was set to No.
STATIC_ROUTE_1, STATIC_ROUTE_2, and STATIC_ROUTE_3 are used to specify the destination and gateway IP addresses of the static routes. The following two parameters are used within the static route commands. If an empty string is entered, the current value is deleted. • DEST specifies the destination IP addresses of the static route. This parameter is only relevant if the DHCP-assigned static route feature is disabled. If an empty string is entered, the current value is deleted.
IPV6_PRIM_DNS_SERVER, IPV6_SEC_DNS_SERVER, and IPV6_TER_DNS_SERVER are used to specify primary, secondary, and tertiary IPv6 DNS server addresses. Values must be valid literal IPv6 addresses in string form. These addresses are used in addition to the IPv4 DNS server addresses. Clear address entries by specifying blank IPv6 addresses (“::”). When iLO Client applications are configured to prefer IPv6 (see IPV6_PREFFERED_PROTOCOL) the order of use will be: 1. IPV6_PRIM_DNS_SERVER 2. PRIM_DNS_SERVER 3.
addresses. DHCPv6 database errors may result if more than one server can assign iLO an IPv6 address and Rapid Commit mode is enabled. Value must be either Y (enabled) or N (disabled). DHCPV6_SNTP_SETTINGS specifies whether DHCPv6 Stateless-assigned NTP server addresses are used or whether the user enters that information manually. Value must be either Y (enabled) or N (disabled). DHCPV6_DNS_SERVER specifies whether the DHCPv6 Stateless-assigned DNS server adresses are used.
MOD_GLOBAL_SETTINGS The MOD_GLOBAL_SETTINGS command modifies global settings. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write. The user must have the Configure iLO Settings privilege to execute this command. The iLO device (not the server) resets automatically to make changes to port settings effective. Setting the ILO_FUNCT_ENABLED to No disables the iLO management functions.
--> --> As of release iLO 4 version 1.01, the Virtual Serial Port supports automatically enabling and disabling software flow control. By default, this behavior is disabled. You can enable this configuration option using the RIBCL only. To enable this option, execute the following script: Example: PAGE 99
Possible values include: • 0—Disabled • 1—Enabled (records every authentication failure) • 2—Enabled (records every second authentication failure) • 3—Enabled (records every third authentication failure: this is the default value.) • 5—Enabled (records every fifth authentication failure) SSH_STATUS—Determines if SSH is enabled. The valid values are Yes or No, which enable or disable SSH functionality. SSH_PORT—Specifies the port used for SSH connection on iLO 4.
ALERTMAIL_EMAIL_ADDRESS—Sets the destination email address for iLO email alerts. Value must be a single email address no longer than 63 characters, and must be in standard email address format. ALERTMAIL_SENDER_DOMAIN—Sets the domain name to be used in the sender (From) email address. Value is formed by using the iLO name as the hostname and the subject string as the domain name. If this value is left blank or not specified, the iLO domain name is used (which may not be accepted by all SMTP servers.
Possible MOD_GLOBAL_SETTINGS warning messages include: • SNMP_ACCESS is disabled, SNMP_PORT and SNMP_TRAP_PORT will not be changed. • SNMP_ACCESS is being disabled, SNMP_PORT and SNMP_TRAP_PORT will not be changed. • SNMP_ACCESS is disabled, SNMP_PORT and SNMP_TRAP_PORT will not be changed. BROWNOUT_RECOVERY The BROWNOUT_RECOVERY command turns the brownout recovery feature on or off.
GET_SNMP_IM_SETTINGS return messages A possible GET_SNMP_IM_SETTINGS return message is:
MOD_SNMP_IM_SETTINGS parameters All of the following parameters are optional. If a parameter is not specified, then the parameter value for the specified setting is preserved. SNMP_ADDRESS_1, SNMP_ADDRESS_2, and SNMP_ADDRESS_3 are the addresses that receive traps sent to the user. Each of these parameters can be any valid IP address. SNMP_ADDRESS_1_ROCOMMUNITY, SNMP_ADDRESS_2_ROCOMMUNITY, and SNMP_ADDRESS_3_ROCOMMUNITY configure the SNMP read-only community string.
SNMP_USER_PROFILE INDEX sets the number (1, 2, or 3) for one of three available user profiles for SNMPv3 authentication, and includes the following: • SECURITY_NAME sets the user profile name. Value must be 1 to 32 alphanumeric characters long. • AUTHN_PROTOCOL sets the message digest algorithm to use for encoding the authorization passphrase. The message digest is calculated over an appropriate portion of an SNMP message and included as part of the message sent to the recipient.
PAGE 107
• The ESKM_PRIMARY_SERVER_ADDRESS VALUE is too long. • The ESKM_PRIMARY_SERVER_ADDRESS VALUE must not be left blank. • The ESKM_PRIMARY_SERVER_PORT VALUE specified is invalid. Values supported are between 1 and 65535. • The ESKM_PRIMARY_SERVER_PORT VALUE must not be left blank. • The ESKM_SECONDARY_SERVER_ADDRESS VALUE is too long. • The ESKM_SECONDARY_SERVER_PORT VALUE specified is invalid. Values supported are between 1 and 65535.
NOTE: Do not use both the UPDATE_RIB_FIRMWARE and the UPDATE_FIRMWARE commands in the same script. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write. The user must have the Configure iLO Settings privilege to execute this command. Example 1:
• IMAGE_LOCATION must not be blank. • User does not have correct privilege for action. CONFIG_ILO_PRIV required. UPDATE_LANG_PACK The UPDATE_LANG_PACK command updates the language of an iLO device with a specified language pack file. Replace USER_LOGIN and PASSWORD with values appropriate for your environment. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write.
GET_FW_VERSION runtime errors None GET_FW_VERSION return messages The following information is returned within the response: LICENSE The LICENSE command activates or deactivates iLO advanced features. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write.
INSERT_VIRTUAL_MEDIA This command notifies iLO of the location of a diskette image. The INSERT_VIRTUAL_MEDIA command must display within a RIB_INFO element, and RIB_INFO must be in write mode. You must purchase the iLO Advanced license to enable this feature. For example:
INSERT_VIRTUAL_MEDIA runtime errors The possible INSERT_VIRTUAL_MEDIA error messages include: • RIB information is open for read-only access. Write access is required for this operation. • IMAGE_URL must not be blank. • User does not have correct privilege for action. VIRTUAL_MEDIA_PRIV required. • Unable to parse Virtual Media URL • An invalid Virtual Media option has been given. • Virtual Media already connected through a script. You must eject or disconnect before inserting new media.
--> --> --> --> GET_VM_STATUS parameters DEVICE specifies the Virtual Media device target. The possible values are FLOPPY or CDROM. If the DEVICE is not specified, FLOPPY is assumed. These values are not case-sensitive.
--> --> --> --> SET_VM_STATUS parameters DEVICE specifies the Virtual Media device target. The possible values are FLOPPY or CDROM. If the DEVICE is not specified, FLOPPY is assumed. The value is not case-sensitive.
VM_BOOT_OPTION to CONNECT, the VM_GET_STATUS command shows the VM_BOOT_OPTION as BOOT_ALWAYS. This is by design and shows that the Virtual Media device is connected like the Virtual Media device in the applet which is always connected during all server boots. • DISCONNECT sets the VM_BOOT_OPTION to DISCONNECT. The Virtual Media device is immediately disconnected from the server. Setting the VM_BOOT_OPTION to DISCONNECT is equivalent to clicking the device Disconnect button on the Virtual Media Applet.
CERTIFICATE_SIGNING_REQUEST parameters (for custom CSR) CSR_STATE - Specifies state in which the company or organization that owns the iLO subsystem is located. CSR_COUNTRY - Specifies the two-character country code for the country in which the company or organization that owns the iLO subsystem is located.
-----BEGIN CERTIFICATE---- -----END CERTIFICATE---- PAGE 121
TRIGGER_TEST_EVENT parameters MESSAGE_ID—Message UUID format used to match the test Service Event with this request. It is returned in the submission package SOAP envelope header. TRIGGER_TEST_EVENT runtime errors None SET_ERS_DIRECT_CONNECT Enter this command to begin the registration of your device to HP Insight Online using Direct Connect. You must have the Configure iLO Settings privilege to modify iLO Remote Support settings, and a valid HP Passport Account is required to run this command.
• HP Passport account is locked out due to excessive login authentication failures. • User has reached half the maximum allowed HP Passport login authentication failures. • HP Passport password has expired. • Invalid Proxy Settings • Cannot connect to proxy server. • Cannot connect to remote host.
SET_ERS_WEB_PROXY parameters To configure your device to use a web proxy server to access the Internet, enter the following: • ERS_WEB_PROXY_URL—Web proxy server host name or IP address. • ERS_WEB_PROXY_PORT—Port number on which to communicate with the web proxy server. • ERS_WEB_PROXY_USERNAME—Username for web proxy server authentication. • ERS_WEB_PROXY_PASSWORD—Password for web proxy server authentication.
GET_LANGUAGE parameters None GET_LANGUAGE runtime errors None GET_ALL_LANGUAGES Use this command to read all languages on iLO. Use HPQLOCFG.EXE version 1.00 or later with this command. GET_ALL_LANGUAGES parameters None GET_ALL_LANGUAGES runtime errors None GET_ASSET_TAG Use this command to get the asset tag. Use HPQLOCFG.EXE version 1.
You must have the following privileges to execute this command: Virtual Media, Virtual Power and Reset, Remote Console. --> SET_ASSET_TAG parameters SET_ASSET_TAG sets or clears the asset tag.
GET_SECURITY_MSG return messages The following information is returned with the response: • SECURITY_MSG value=”Enabled” or “Disabled” • SECURITY_MSG_TEXT: GET_SECURITY_MSG runtime errors None SET_SECURITY_MSG Use this command to configure the security text message in the iLO Login Banner.
GET_SPATIAL parameters None GET_SPATIAL return messages The following response is typical of the data returned: DL/ML Supported Valid 1 2CJ20500XC BW946A 00000000-0000-0000-0000-000000000000 HP I Series 42U Rack Location Option 42 6
HP ProLiant SL specific data Bay —Server location in the enclosure. SL Chassis UUID —UUID of the enclosure. GET_SPATIAL runtime errors Possible GET_SPATIAL runtime errors include: • This feature requires an installed license key • Unknown error. • Feature not supported HOTKEY_CONFIG The HOTKEY_CONFIG command configures the remote console hot key settings in iLO.
Supported hot keys The Program Remote Console Hot Keys page allows you to define up to six different sets of hot keys for use during a Remote Console session. Each hot key represents a combination of up to five different keys which are sent to the host machine whenever the hot key is pressed during a Remote Console session. The selected key combination (all keys pressed at the same time) are transmitted in its place. The following table lists keys available to combine in a Remote Console hot key sequence.
GET_HOTKEY_CONFIG parameters None GET_HOTKEY_CONFIG runtime errors A possible GET_HOTKEY_CONFIG error message is: Unable to get the hot keys.
• PROFILE_OPTIONS is too long. • PROFILE_ACTION is too long. • Problem manipulating EV • There are missing parameters in the xml script. • The PROFILE_ACTION does not have a valid value. • User does NOT have correct privilege for action. CONFIG_ILO_PRIV required. • The value specified is invalid. • Internal error. • Retry later. • Invalid, do not repeat. • Profile descriptor name is not correct. • Profile descriptor too large. • Profile Descriptor is read only or write only.
PROFILE_APPLY_GET_RESULTS runtime errors These errors may appear: • The value specified is invalid. • Internal error. • Retry later. • Invalid, do not repeat. • Profile descriptor name is not correct. • Profile descriptor too large. • Profile Descriptor is read only or write only. • Profile descriptor has not been found. • Profile descriptor is currently unavailable. • The iLO is not configured for this command. • Blob Store is not yet initialized.
• Invalid, do not repeat. • Profile descriptor name is not correct. • Profile descriptor too large. • Profile Descriptor is read only or write only. • Profile descriptor has not been found. • Profile descriptor is currently unavailable. • The iLO is not configured for this command. • Blob Store is not yet initialized.
• Feature not supported • No data available PROFILE_DESC_DOWNLOAD Use this command to write a deployment profile description, download a specific blob, and write the blob to the blobstore. Use HPQLOCFG.EXE version 1.00 or later with this command. Replace USER_LOGIN and PASSWORD values with values that are appropriate for your environment. PAGE 135
• PROFILE_DESCRIPTION is too long. • PROFILE_SCHEMA is too long. • There are missing parameters in the xml script. • Need a value for the PROFILE_URL tag. • Need a value for the PROFILE_DESC_NAME tag. • Incorrect url. • Failed to connect to the url. • User does NOT have correct privilege for action. CONFIG_ILO_PRIV required. • The value specified is invalid. • Internal error. • Retry later. • Invalid, do not repeat. • Profile descriptor name is not correct.
FIPS_ENABLE runtime errors When running the FIPS_ENABLE command, FIPS status is checked. If FIPS is already enabled, the following message appears: FIPS is already enabled. GET_FIPS_STATUS Use this script to retrieve the current Enforce AES/3DES Encryption status, in iLO 4 v1.20 or later. Use HPQLOCFG.EXE version 1.00 or later with this command. Replace USER_LOGIN and PASSWORD values with values that are appropriate for your environment. PAGE 137
MESSAGE='No error' /> FACTORY_DEFAULTS Use this command to set the iLO device to factory default settings. Use HPQLOCFG.EXE version 1.00 or later with this command. Replace USER_LOGIN and PASSWORD values with values that are appropriate for your environment.
PAGE 139
GET_DIR_CONFIG parameters None GET_DIR_CONFIG runtime errors None GET_DIR_CONFIG return messages Starting with iLO 4 1.01, directory integration can work with HP Lights-Out schema with or without extensions (schema-free). Depending on your directory configuration, the response to GET_DIR_CONFIG contains different data.
PAGE 141
1234567890-1234"/> MOD_DIR_CONFIG The MOD_DIR_CONFIG command modifies the directory settings on iLO. For this command to parse correctly, the MOD_DIR_CONFIG command must appear within a DIR_INFO command block, and DIR_INFO MODE must be set to write.
PAGE 143
--> -->
DIR_ENABLE_GRP_ACCT causes iLO to use schema-less directory integration. The possible values are Yes and No. When using schema-free directory integration, iLO supports variable privileges associated with different directory groups. These groups are contained in the directory, and the corresponding member iLO privileges are stored in iLO. DIR_KERBEROS_ENABLED enables or disables Kerberos authentication. The possible values are Yes and No.
DIR_SERVER_ADDRESS specifies the location of the directory server. The directory server location is specified as an IP address or DNS name. DIR_SERVER_PORT specifies the port number used to connect to the directory server. This value is obtained from the directory administrator. The secure LDAP port is 636, but the directory server can be configured for a different port number. DIR_OBJECT_DN specifies the unique name of iLO 4 in the directory server. This value is obtained from the directory administrator.
the database was successfully read. If the database is open for writing by another application, then this call will fail. This command block is only valid on ProLiant BL Class Servers, and requires the MODE parameter with a value of read or write. The MODE parameter value is a specific string with a maximum length of 10 characters that specifies what you intend to do with the information. Write mode enables both reading and writing of iLO information. Read mode prevents modification of the iLO information.
This command block is only valid on ProLiant BL c-Class blade servers. BLADESYSTEM_INFO requires the MODE parameter with a value of read or write. MODE is a specific string parameter with a maximum length of 10 characters that specifies what you intend to do with the information. Write mode enables both reading and writing of information to the blade system. Read mode prevents modification of the blade system information.
SERVER_INFO requires the MODE parameter with a value of read or write. MODE is a specific string parameter with a maximum length of 10 characters that specifies what you intend to do with the information. Write mode enables both the reading and writing of iLO information. Read mode prevents modification of iLO information. For example: ……… SERVER_INFO commands ……… Reset server example: PAGE 149
GET_CURRENT_BOOT_MODE Use GET_CURRENT_BOOT_MODE to retrieve the current boot mode. The specified user must have a valid iLO account to execute RIBCL commands. For this command to parse correctly, the command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to read.
Possible return values are LEGACY, UEFI, or UNKNOWN. GET_PENDING_BOOT_MODE parameters None GET_PENDING_BOOT_MODE runtime errors None GET_PENDING_BOOT_MODE return messages SET_PENDING_BOOT_MODE Use SET_PENDING_BOOT_MODE to set the mode for the next server boot.
GET_PERSISTENT_BOOT return messages A possible GET_PERSISTENT_BOOT return message when LEGACY is enabled includes: PAGE 152
SET_PERSISTENT_BOOT parameters The value sets the default boot order. Valid values are: • CDROM • FlexibleLOM • EmbeddedLOM • NIC • HDD • SA_HDD • USB_HDD • PCI_DEVICE SET_PERSISTENT_BOOT runtime errors Some possible error messages you may see when running this command: • Post in progress, EV unavailable. • EV name too large.
NOTE: Before using the SET_PERSISTENT_BOOT command in UEFI mode, use GET_PERSISTENT_BOOT to retrieve the list of available boot selections. A server in UEFI mode does not have unique selections, as opposed to a non-UEFI server, or a UEFI server running in legacy mode. SET_PERSISTENT_BOOT parameters Base the parameters sent with the SET_PERSISTENT_BOOT command on the BootXXXX values available returned by the GET_PERSISTENT_BOOT command.
For example: GET_ONE_TIME_BOOT return messages A possible GET_ONE_TIME_BOOT return message includes: PAGE 155
SET_ONE_TIME_BOOT parameters The value sets a specified device as the source for a single boot. Valid values include the following: • NORMAL • FLOPPY • CDROM • HDD • USB • RBSU • NETWORK • UEFI_SHELL NOTE: UEFI_SHELL is only valid on systems that support UEFI.
GET_SUPPORTED_BOOT_MODE Use GET_SUPPORTED_BOOT_MODE to retrieve the supported boot modes. The specified user must have a valid iLO account to execute RIBCL commands. For this command to parse correctly, the command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to read. For example: PAGE 157
Normally, HP ProLiant Management Agents are used to forward the server name attribute to iLO. This command can be used in instances where management agents are not used. However, the host operating system remains unaffected. GET_SERVER_NAME return message GET_SERVER_NAME returns the currently stored server name, operating system name, and the operating system version, if available. The server name is a quoted ASCII string and cannot be a network name.
GET_SERVER_FQDN/GET_SMH_FQDN parameters None GET_SERVER_FQDN/GET_SMH_FQDN return messages A typical response for these commands might include the following: PAGE 159
SERVER_FQDN/SMH_FQDN runtime errors • User does NOT have correct privilege for action. CONFIG_ILO_PRIV required. GET_PRODUCT_NAME The GET_PRODUCT_NAME command returns the name and model of the queried server. The specified user must have a valid iLO account to execute RIBCL commands. For this command to parse correctly, the command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to read. For example: PAGE 160
An expanded version is also available (see example below). Not all tags are required, however if no tags are specified then the command operates as if all the tags are listed and outputs all of the embedded health data: PAGE 161
PAGE 164
PAGE 165
PAGE 166
PAGE 168
Variable POWER_SUPPLIES tags: • The POWER_SUPPLIES tags HP_POWER_DISCOVERY_SERVICES_REDUNDANCY_STATUS and HIGH_EFFICIENCY_MODE appear only for blade servers.
GET_POWER_READINGS return messages Two types of responses are available from the GET_POWER_READINGS command, depending on whether or not an advanced license is applied. If an advanced license is not applied, a typical response is: If an advanced license is applied, a typical response is:
Where: • PCAP mode is either set to MAN followed by a positive integer, or set to OFF. • EFFICIENCY_MODE is a number between 1 and 4: • ◦ 1 — PWRREGMODE_OS_CONTROL ◦ 2 — PWRREGMODE_STATIC_LOW ◦ 3 — PWRREGMODE_DYNAMIC ◦ 4 — PWRREGMODE_STATIC_HIGH GET_HOST_POWER reports whether the virtual power button is enabled. GET_PWREG runtime errors Possible GET_PWREG runtime errors: • Feature not supported. • This feature requires an installed license key.
SET_PWREG runtime errors Possible SET_PWREG error messages include: • Server information is open for read-only access. Write access is required for this operation. • Internal error. • The value specified is invalid. • This feature requires an installed license key. • User does NOT have correct privilege for action. CONFIG_ILO_PRIV required. • The PWRALERT value is invalid. • The THRESHOLD value is invalid. • The DURATION value is invalid. Values supported are between 1 and 240.
SET_POWER_CAP parameters SET_POWER_CAP POWER_CAP is the power cap on the server. Valid power cap values are determined using a power test run on the server at boot. The possible values are 0 to disable the power cap, or a numeric value in watts (as determined in the power test.) SET_POWER_CAP runtime errors The possible SET_POWER_CAP error messages include: • Server information is open for read-only access.
SET_HOST_POWER_SAVER The SET_HOST_POWER_SAVER command is used to set the Power Regulator Setting for the server processor. For this command to parse correctly, the SET_HOST_POWER_SAVER command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to write. The user must have the Virtual Power and Reset privilege to execute this command. For example: PAGE 174
GET_HOST_POWER_STATUS runtime errors The possible GET_HOST_POWER_STATUS error messages include: • Host power is OFF. • Host power is ON. GET_HOST_POWER_STATUS Return Messages The following information is returned within the response: SET_HOST_POWER The SET_HOST_POWER command is used to toggle the power button of server.
GET_HOST_PWR_MICRO_VER parameters None GET_HOST_PWR_MICRO_VER runtime errors The possible GET_HOST_PWR_MICRO_VER error messages include: • Error—if the power micro cannot be read (hardware problem). • Power Off—if the server is powered off. • N/A—if the server does not support a power micro.
RESET_SERVER error messages The possible RESET_SERVER error messages include: • Server information is open for read-only access. Write access is required for this operation. • Server is currently powered off. • User does NOT have correct privilege for action. RESET_SERVER_PRIV required. RESET_SERVER parameters None PRESS_PWR_BTN The PRESS_PWR_BTN command is used to simulate a physical press (or press and hold) of the server power button.
HOLD_PWR_BTN parameters Without the TOGGLE parameter, the HOLD_PWR_BTN command powers off a running server. If the server power is off, the server power will remain off. The affect of using the command with the TOGGLE parameter defines the action to take based on the current power state of the server. The following occurs based on the value of TOGGLE: • When the server power is on, a Yes value for TOGGLE will turn the power off.
WARM_BOOT_SERVER parameters None WARM_BOOT_SERVER runtime errors Possible error messages include: • Server information is open for read-only access. Write access is required for this operation. • Host power is already OFF. • User does not have correct privilege for action. RESET_SERVER_PRIV required.
SERVER_AUTO_PWR runtime errors The possible errors include: • User does not have correct privilege for action. Configure iLO privilege is required • SERVER_INFO mode is not WRITE • The value specified for SERVER_AUTO_PWR is invalid or not accepted on blades GET_SERVER_AUTO_PWR The GET_SERVER_AUTO_PWR command is used to get the automatic power on and power on delay settings of the server. The command is supported by all iLO 4 firmware versions. For example: PAGE 180
GET_UID_STATUS parameters None GET_UID_STATUS response The following information is returned within the response: UID_CONTROL The UID_CONTROL command toggles the server UID. For this command to parse correctly, the UID_CONTROL command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to write. For example: PAGE 181
SET_PERS_MOUSE_KEYBOARD_ENABLED parameters SET_PERS_MOUSE_KEYBOARD_ENABLED—Configures persistent keyboard and mouse. Valid values are Y (enabled) and N (disabled). SET_PERS_MOUSE_KEYBOARD_ENABLED runtime errors The possible runtime errors are: • There was an error on setting the persistent mouse and keyboard. • iLO information is open for read-only access. Write access is required for this operation. • User does NOT have correct privilege for action. CONFIG_ILO_PRIV required.
GET_SERVER_POWER_ON_TIME parameters None GET_SERVER_POWER_ON_TIME return message A possible GET_SERVER_POWER_ON_TIME return is: CLEAR_SERVER_POWER_ON_TIME The CLEAR_SERVER_POWER_ON_TIME command is used to clear the virtual clock counter without power-cycling the server. For this command to parse correctly, the CLEAR_SERVER_POWER_ON_TIME command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to write.
GET_SSO_SETTINGS The GET_SSO_SETTINGS command is used to retrieve SSO settings for iLO. For this command to parse correctly, the GET_SSO_SETTINGS command must appear within a SSO_INFO command block, and SSO_INFO MODE can be set to read or write. For example: PAGE 184
MOD_SSO_SETTINGS The MOD_SSO_SETTINGS command is used to modify the HP SSO settings for iLO 4. For this command to parse correctly, the MOD_SSO_SETTINGS command must appear within a SSO_INFO command block, and SSO_INFO MODE must be set to write. The user must have the Configure iLO Settings privilege to execute this command. For example: PAGE 185
There are three roles for privilege assignment. Omitting a role leaves the current assignment unchanged: • USER_ROLE—Privileges associated with User • OPERATOR_ROLE—Privileges associated with Operator • ADMINISTRATOR_ROLE—Privileges associated with Administrator For each role, you can manipulate multiple privileges. The privilege is specified within the role tag. If a privilege is omitted, the current value is unchanged.
ilo/docs, or the HP SIM User Guide on the HP website at: http://h18000.www1.hp.com/ products/servers/management/hpsim/infolibrary.html. For example: PAGE 187
The certificate is validated by iLO to ensure that it can be decoded before it is stored. An error results if the certificate is a duplicate or corrupt. The iLO firmware does not support certificate revocation and does not honor certificates that appear expired. You must remove revoked or expired certificates. SSO_SERVER runtime errors A runtime error is generated if the: • Certificate is a duplicate. • Certificate is corrupt. • HP SIM server cannot be contacted using IMPORT_FROM.
9 Secure Shell SSH overview SSH is a Telnet-like program for logging into and executing commands on a remote machine, which includes security with authentication, encryption, and data integrity features. The iLO firmware can support simultaneous access from five SSH clients. After SSH is connected and authenticated, the command line interface is available. iLO 4 supports: • SSH protocol version 2 • PuTTY is a free version of the SSH protocol, and is available for download on the Internet.
Using PuTTY • To start a PuTTY session, double-click the PuTTY icon in the directory where PuTTY is installed. • To start a PuTTY session from the command line, do the following: ◦ Start a connection to a server called host by entering: putty.exe [-ssh | -rlogin | -raw] [user@]host ◦ Start an existing saved session called sessionname by entering: putty.
Mxagentconfig makes an SSH connection to iLO, authenticates with a user name and password, and transmits the necessary public key. The iLO firmware stores this key as a trusted SSH client key. Importing SSH keys from PuTTY The public key file format generated by PuTTY is not compatible with iLO 4.
Figure 2 PuTTY Key Generator 4. 5. 6. 7. 8. Click Save public key and then enter a file name when prompted. Click Save private key and then enter a file name when prompted. Note that you have the option to enter and confirm a Key passphrase. Open your public key in a text editor, and copy the contents to the clipboard. Log in to iLO (if not already open). On the iLO SSH Key Adminstration page, select a user from the Authorized SSH Keys list, and then click Authorize New Key.
Figure 3 PuTTY Configuration window 14. Click Open. The iLO firmware prompts for a user name. 15. Enter the logon name associated with the public key. The public key in iLO authenticates with the private key in PuTTY. If the keys match, you are logged in to iLO without using a password. Keys can be created with a key passphrase. If a key passphrase was used to generate the public key, you are prompted for the key passphrase before you log in to iLO.
10 PERL scripting Using PERL with the XML scripting interface The scripting interface provided enables administrators to manage virtually every aspect of the device in an automated fashion. Primarily, administrators use tools like HPQLOCFG to assist deployment efforts. Administrators using a non-Windows client can use PERL scripts to send XML scripts to the iLO devices. Administrators can also use PERL to perform more complex tasks than HPQLOCFG can perform.
For example: use Socket; use Net::SSLeay qw(die_now die_if_ssl_error); Net::SSLeay::load_error_strings(); Net::SSLeay::SSLeay_add_ssl_algorithms(); Net::SSLeay::randomize(); # # opens an ssl connection to port 443 of the passed host # sub openSSLconnection($) { my $host = shift; my ($ctx, $ssl, $sin, $ip, $nip); if (not $ip = inet_aton($host)) { print "$host is a DNS Name, performing lookup\n" if $debug; $ip = gethostbyname($host) or die "ERROR: Host $hostname not found.
READLOOP: while(1) { $n++; $reply .= $lastreply; $lastreply = Net::SSLeay::read($ssl); die_if_ssl_error("ERROR: ssl read"); if($lastreply eq "") { sleep(2); # wait 2 sec for more text. $lastreply = Net::SSLeay::read($ssl); last READLOOP if($lastreply eq ""); } sleep(2); # wait 2 sec for more text. $lastreply = Net::SSLeay::read($ssl); last READLOOP if($lastreply eq ""); } print "READ: $lastreply\n" if $debug; if($lastreply =~ m/STATUS="(0x[0-9A-F]+)"[\s]+MESSAGE='(.*) '[\s]+\/>[\s]*(([\s]|.
11 iLO 4 ports Enabling the Shared Network Port feature through XML scripting For information on how to use the SHARED_NETWORK_PORT command to enable the iLO 4 Shared Network Port through XML scripting, see “RIBCL XML Scripting Language” (page 64). The following sample script configures the iLO 4 to select the Shared Network Port. You can customize this script to your needs. All non-blade platforms support some variation of this script. Use LOM or FlexibleLOM for the SHARED_NETWORK_PORT VALUE.
Re-enabling the dedicated NIC management port 197
12 Support and other resources Information to collect before contacting HP Be sure to have the following information available before you contact HP: • Software product name • Hardware product model number • Operating system type and version • Applicable error message • Third-party hardware or software • Technical support registration number (if applicable) How to contact HP Use the following methods to contact HP technical support: • In the United States, see the Customer Service / Contact HP
The service also provides access to software updates and reference manuals in electronic form as they are made available from HP. Customers who purchase an electronic license are eligible for electronic updates. With this service, Insight Management customers benefit from expedited problem resolution as well as proactive notification and delivery of software updates. For more information about this service, see the following website: http://www.hp.
• Intel IPMI specification website: http://www.intel.com/design/servers/ipmi/tools.htm • Timezone information: ftp://ftp.iana.org/tz/ • HP iLO videos: http://www.hp.
13 Documentation feedback HP is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hp.com). Include the document title and part number, version number, or the URL when submitting your feedback.
A Sample script and command reference The HP Lights-Out XML Scripting Sample bundle contains sample scripts that you can modify as needed for use in your environment. Table 32 (page 202) lists all the available sample scripts and the related command for each. Table 32 Sample scripts and related commands Sample script Related Command Add_Federation_Group.xml ADD_FEDERATION_GROUP add_sso_rec.xml SSO_SERVER Add_User.xml ADD_USER Administrator_reset_pw.xml MOD_USER Cert_Request.
Table 32 Sample scripts and related commands (continued) Get_Asset_Tag.xml GET_ASSET_TAG Get_Boot_Mode.xml GET_PENDING_BOOT_MODE Get_Current_Boot_Mode.xml GET_CURRENT_BOOT_MODE Get_Directory.xml GET_DIR_CONFIG get_discovery_services.xml GET_SPATIAL Get_Embedded_Health.xml GET_EMBEDDED_HEALTH Get_EmHealth.xml GET_EMBEDDED_HEALTH Get_Encrypt.xml GET_ENCRYPT_SETTINGS Get_Federation_All_Groups.xml GET_FEDERATION_ALL_GROUPS Get_Federation_All_Groups_Info.
Table 32 Sample scripts and related commands (continued) Get_Server_Name.xml GET_SERVER_NAME Get_SNMP_IM.xml GET_SNMP_IM_SETTINGS Get_SSO_Settings.xml GET_SSO_SETTINGS Get_Supported_Boot_Mode.xml GET_SUPPORTED_BOOT_MODE Get_TPM_Status.xml GET_TPM_STATUS Get_UID_Status.xml GET_UID_STATUS Get_User.xml GET_USER Get_VM_Status.xml GET_VM_STATUS Hotkey_Config.xml HOTKEY_CONFIG Import_Cert.xml IMPORT_CERTIFICATE Import_SSH_Key.xml IMPORT_SSH_KEY Insert_Virtual_Media.
Table 32 Sample scripts and related commands (continued) Set_Brownout.xml MOD_GLOBAL_SETTINGS Set_Federation_Multicast_Options.xml SET_FEDERATION_MULTICAST Set_FIPS_Enable.xml FIPS_ENABLE Set_Host_APO.xml SERVER_AUTO_PWR Set_Host_Power.xml SET_HOST_POWER Set_Host_Power_Saver.xml SET_HOST_POWER_SAVER Set_Language.xml SET_LANGUAGE Set_One_Time_Boot_Order.xml SET_ONE_TIME_BOOT Set_Persistent_Boot_Order.xml SET_PERSISTENT_BOOT Set_Persmouse_Status.
Glossary AHS Active Health System ARP Address Resolution Protocol ASCII American Standard Code for Information Interchange. CGI Common Gateway Interface. CLI Command-line interface. An interface comprised of various commands which are used to control operating system responses. CLP Command Line Protocol. CPQLOCFG Compaq Lights-Out Configuration Utility DAD Duplicate Address Detection DDNS Dynamic Domain Name System. DHCP Dynamic Host Configuration Protocol.
RILOE Remote Insight Lights-Out Edition. RILOE II Remote Insight Lights-Out Edition II. RMCP Remote Management and Control Protocol RSA An algorithm for public-key cryptography. RSM Remote Server Management. SAID Service Agreement Identifier SLAAC Stateless Address Auto Configuration SMASH Systems Management Architecture for Server Hardware. SNMP Simple Network Management Protocol. SSH Secure Shell. SSL Secure Sockets Layer.
Index A ADD_USER, 69 obtaining the basic configuration, 27 parameters, 70 runtime errors, 70 AHS_CLEAR_DATA, 117 parameters, 117 runtime errors, 117 authorized resellers, 199 B BLADESYSTEM_INFO, 146 boot commands, 56 BROWNOUT_RECOVERY, 101 parameters, 101 runtime errors, 101 C certificate, settings CERTIFICATE_SIGNING_REQUEST parameters, 116 IMPORT_CERTIFICATE, 116 CERTIFICATE_SIGNING_REQUEST, 115 errors, 116 parameters, 116 CLEAR_EVENTLOG, 86 parameters, 86 runtime errors, 86 CLEAR_SERVER_POWER_ON_TIME,
eventlog commands, CLP, 55 eventlog commands, RIBCL CLEAR_EVENT_LOG, 86 GET_EVENT_LOG, 77 F FACTORY_DEFAULTS, 137 features, SSH, 188 FIPS_ENABLE, 135 firmware, 54 firmware commands, 54 G GET_AHS_STATUS , 117 parameters, 118 runtime errors, 118 GET_ALL_LANGUAGES, 124 parameters, 124 runtime errors, 124 GET_ALL_LICENSES, 136 GET_ALL_USERS, 74 parameters, 75 return messages, 75 runtime errors, 75 GET_ALL_USERS_INFO, 75 parameters, 75 return messages, 76 runtime errors, 76 GET_ASSET_TAG, 124 parameters, 124 r
H help obtaining, 198 HOLD_PWR_BTN, 176 parameters, 177 runtime errors, 177 HP technical support, 198 HP Insight Control server deployment, 16 HP Insight Control software, 16 HP SIM, application launch, 19 HP SIM, grouping LOM devices, 19 HP SIM, integration, 189 HP SSO settings, 39 HPONCFG, 24 HPONCFG, commands, 26 HPONCFG, configuration examples obtaining the basic configuration, 27 Setting a configuration, 29 HPONCFG, iLO configuration examples Capturing and restoring a configuration, 30 Obtaining a spec
overview, HPONCFG, 24 overview, PERL scripting, 193 overview, SSH, 188 P Perl, sending XML scripts, 194 Perl, SSL connection, 193 PERL, using, 193 power management HP Insight Control Software deployment, 16 PRESS_PWR_BTN parameters, 176 runtime errors, 176 PROFILE_APPLY, 130 parameters, 130 runtime errors, 130 PROFILE_APPLY_GET_RESULTS, 131 parameters, 131 runtime errors, 132 PROFILE_DESC_DOWNLOAD, 134 PuTTY utility, 188 PuTTY, importing SSH keys, 190 R RACK_INFO GET_OA_INFO, 147 RESET_RIB, 77 parameters,
GET_SERVER_POWER_ON_TIME, 181 GET_SMH_FQDN, 157 GET_SNMP_IM_SETTINGS, 101 GET_SPATIAL, 126 GET_SSO_SETTINGS, 183 GET_UID_STATUS, 179 GET_VM_STATUS, 112 HOLD_PWR_BTN, 176 IMPORT_CERTIFICATE, 116 IMPORT_SSH_KEY, 137 INSERT_VIRTUAL_MEDIA, 111 license commands, 110 LOGIN, 68 MOD_DIR_CONFIG, 141 MOD_GLOBAL_SETTINGS, 97 MOD_NETWORK_SETTINGS, 89 MOD_SNMP_IM_SETTINGS, 102 MOD_SSO_SETTINGS, 184 overview, 64 parameters, 66 PRESS_PWR_BTN, 176 PROFILE_APPLY, 130 PROFILE_APPLY_GET_RESULTS, 131 PROFILE_DESC_DOWNLOAD, 134
parameters, 157 return messages, 157 runtime errors, 157 SET_AHS_STATUS , 118 parameters, 118 runtime errors, 118 SET_ASSET_TAG, 124 parameters, 125 runtime errors, 125 SET_ERS_IRS_CONNECT, 120 parameters, 120 runtime errors, 120 SET_HOST_POWER, 174 parameters, 173, 174 runtime errors, 173, 174 SET_HOST_POWER_SAVER, 173 SET_LANGUAGE, 123 parameters, 123 runtime errors, 123 SET_PERS_MOUSE_KEYBOARD_ENABLED, 180 SET_POWER_CAP, 171 parameters, 172 runtime errors, 172 SET_SECURITY_MSG, 126 parameters, 126 runtim