HP ProLiant Lights Out-100 User Guide For HP ProLiant G6 and G7 Servers Abstract This User Guide describes configuring and using HP ProLiant Lights Out-100 for ProLiant ML110 G6, ML150 G6, DL120 G6, DL160 G6, DL160se G6, DL170h G6, DL170e G6, DL180 G6, SL160z G6, SL170z G6, SL2x170z G6, SL170s G6, DL165 G7, and SL165z G7 servers.
© Copyright 2010 Hewlett-Packard Development Company, L.P. Notices The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software.
Contents 1 Operational overview.................................................................................5 Overview................................................................................................................................5 New features...........................................................................................................................5 Server management..........................................................................................................
Viewing sensor data from the BIOS Setup Utility.....................................................................28 Platform event filtering configuration.....................................................................................29 Platform event trap configuration..........................................................................................30 Using the system event log.......................................................................................................
1 Operational overview Overview This guide explains the standard and optional operational features of the HP Onboard Administrator Powered by Lights-Out 100 (LO100) available for the following HP ProLiant server models: • ML110 G6 server • ML150 G6 server • DL120 G6 server • DL160 G6 server • DL160se G6 server • DL170h G6 server • DL180 G6 server • SL160z G6 server • SL170z G6 server • SL2x170z G6 server • ML110 G6 server • DL120 G6 server • HP ProLiant DL165 G7 Server • HP ProLia
• Remotely monitor fan speed and system power state (S0 or S5) • Access the system event log • Access virtual media • Configure TCP/IP settings for the LO100 NIC • Control user access • Discover, identify, and launch LO100 from HP Systems Insight Manager • Access LO100 and server controls using a standard browser or new industry-standard SMASH CLP command line interface • Access command line help • Manage the server with IPMI 2.0 and DCMI 1.
2 Configuration Configuring LO100 with the LO100CFG utility The SmartStart Scripting Toolkit is a server deployment product that delivers unattended automated installation for high volume ProLiant server installations. Available in Win32 and Linux editions, the Toolkit supports ProLiant DL and ML 300, 500, 700 and ProLiant BL servers in both Windows and Linux environments and now includes limited ProLiant 100 series support.
To set up a static IP address, see "Setting up a static IP address from the BIOS Setup Utility". Configuring user accounts LO100 supports four accounts types, with varying levels of permissions to view and control features. For more information on user accounts, see the “User administration” (page 44) section. Two accounts are available by default, one of type administrator and one of type operator.
a. b. 5. Press the down arrow (↓) key to scroll to Console Redirection. Set the BIOS Serial Console Port to Enabled. • On a. b. c. d. • On DL160 G6, DL160se G6, DL170h, DL180 G6, SL160z G6, SL170z G6, SL 170s G6, SL2x170z, DL170e G6 servers and DL165 and SL165z G7 servers: a. Press the down arrow (↓) key to scroll to IPMI Configuration. Press the Enter key. b. Scroll down to Serial Port Configuration. c. Set Serial Port Assignment to BMC. d. Set Serial Port Connection Mode to Direct.
Using TCP/IP over Ethernet management port You can configure LO100 LAN port access using two different Ethernet ports: the dedicated 10/100 LO100 management port or through a side-band connection using the server embedded NIC. The side-band, shared, or UMP options utilize one server Ethernet port for both server network traffic and LO100 network traffic reducing the number of network cables that you must attach to the server.
a. b. c. 5. Press the down arrow (↓) key to navigate to IPMI. Press the Enter key. Press the down arrow (↓) key to navigate to LAN Settings. Press the Enter key. Set IP Address Assignment to DHCP. • On ML150 G6 servers: a. Press the down arrow (↓) key to navigate to IPMI. b. Scroll to BMC LAN Configuration. Press the Enter key. • On DL160 G6, DL160se G6, DL180 G6, and SL160z G6 servers: a. Press the down arrow (↓) key to navigate to IPMI Configuration. b.
Setting up a static IP address from the BIOS Setup Utility By default, LO100 has DHCP enabled and automatically negotiates an IP address. To disable DHCP and enable a static IP address: 1. 2. 3. Press the F10 key during POST to enter the BIOS Setup Utility. Press the right arrow (→) key to navigate to the Advanced menu. To set your network BIOS settings, choose one of these options: • On a. b. c. • On ML150 G6 servers: a. Press the down arrow (↓) key to scroll to IPMI. Press the Enter key. b.
Enabling or disabling Telnet and HTTP services from the BIOS Setup Utility On ML110 G6 and DL120 G6 servers: 1. 2. 3. Press the down arrow (↓) key to scroll to IPMI. Press the Enter key. Press the down arrow (↓) key to scroll to the LAN Settings menu. Press the Enter key. Press the down arrow (↓) key to scroll to the Telnet Services and HTTP Services. Press the Enable or Disable key as appropriate. On ML150 G6 servers: 1. 2. Select Advanced>IPMI.
Port number Protocol Support Embedded by default 664 Secure IPMI RMCP+ IPMI-over-LAN connections Yes 5901 Storage Storage Yes Updating the firmware To update the LO100 firmware, use the ROMPaq utility. Downloads for the ROMPaq utility are available on the HP website at http://www.hp.com/support. For more information about using the ROMPaq utility, see the HP website at http://www.hp.com/servers/manage. NOTE: LO100 does not support ROMPAQ flashing from virtual media.
3. 4. 5. Reset xinetd to allow it update. Open a terminal and type service xinetd restart. On non-RHEL Linux platforms, open the Services menu and reset xinetd manually. If a firewall is enabled, disable it or modify the settings to allow the firewall to connect to the TFTP port. To change the firewall settings, navigate to Applications>System Settings>Security Level, and enter 69:udp in the parameter of the other port.
4. 5. 6. 7. Enter the file name of the firmware image in the File Name field. Include the path relative to the TFTP server root in the file name. If you are using Linux to install the firmware: a. Place the image file in the /tftpboot folder, which is in the TFTP servers root directory. b. Enter the file name of the firmware image in the Firmware File name field. Include the path to the TFTP server root in the file name. Click Apply. The BMC is reset. Reconnect to the web browser.
NOTE: This may take up to 45 minutes on some servers. Do not shut down the server or interrupt the flash process. 5. Click “Finish.” No restart is necessary upon completion. To use the online flash component on a Linux operating system, perform the following steps: 1. Copy the LO-100 online flash utility to a directory on the server file system. 2. Open a bash shell at the directory where the online flash component is located. 3. Execute the following commands: chmod 777 CPxxxxxx.scexe ./CPxxxxxx.scexe 4.
3 Using LO100 Using SSL SSL is a protocol used to transmit private documents through the Internet and uses a private key or certificate to encrypt data transferred over the SSL connection. The Lights-Out 100 provides security for remote management in distributed IT environments by using an industry-standard encryption protocol for data traveling on unsecured networks. SSL is available by default. LO100 comes preinstalled with a certificate.
Using the PuTTY utility PuTTY 0.54 is a terminal emulation product that includes support for telnet and the SSH protocol. PuTTY 0.54 is available for download from the Internet. • To start a PuTTY session, double-click the PuTTY icon in the directory in which PuTTY is installed. • To start a PuTTY session from the command line: ◦ To start a connection to a server called host, enter: putty.
◦ load ◦ reset ◦ set ◦ show ◦ start ◦ stop ◦ exit ◦ version • Target —The default target is the /. The target can be changed by the cd command or by specifying a target on the command line. • Options — The following options are valid: ◦ -help/-h ◦ -all/-a • Properties are the attributes of the target that can be modified. • Output —The output syntax is text. The valid Boolean values for any command are true and false.
Unsupported Command message. The following examples are all valid ways to call help for a verb. – /./-> help show Usage: show [][][] – /./-> show -h Usage: show [][][] – /./-> show -help Usage: show [][][] – ◦ /./-> Help for targets Calling help for a target returns any information about the target and its contents.
show reset start stop help /./system1/-> help name Unsupported Command /./system1/-> help enabledstate Unsupported Command /./system1/-> help properties Unsupported Command /./system1/-> name -h Invalid command /./system1/-> • The exit command terminates the CLP session. • The cd command sets the current default target. The context works similar to a directory path. The root context for the server and the starting point for a CLP system is /. (forward slash period).
firmware downloads a full image file using TFTP from the specified location and programs flash with the image. In a remote management processor implementation, /map1/firmware is a valid target. The load command supports usage only with the following options. ◦ -source — This option must be specified. ◦ (h)elp — This option appears on the command line. The command ignores all options and properties except -output (for terse or verbose output).
Version 1.00 /./map1/firmware/-> show /./map1/firmware Targets Properties fwversion=0.59 Verbs cd version exit show reset load help /./map1/firmware/-> show fwversion fwversion=0.59 /./map1/firmware/-> fwversion Invalid command /./map1/firmware/-> Specific commands CLP syntax for specific commands is found in the sections that also describe the functionality through the Web interface. DCMI 1.0 support LO100 supports Data Center Manageability Interface (DCMI).
• • • Authentication algorithms ◦ RAKP-none ◦ RAKP-HMAC-SHA1 Integrity algorithms ◦ None ◦ HMAC-SHA1-96 Confidentiality algorithms ◦ None ◦ AES-CBC-128 Logging in to LO100 You can log in to the remote management processor through a web browser or through the CLP. If you are unsure of your DHCP IP address, see the “Configuring network access” (page 7) section. Logging in through a web browser 1. 2. Browse to the IP address of the remote management processor to access the login screen.
Option Description Summary Accesses or returns you to the main menu navigation bar. Virtual Power Accesses system power and UID control options. Monitoring Sensors Lists all sensor information, including type, name, status, reading, and PEF settings. System Event Log Displays the system event log. Virtual KVM/Media Accesses virtual media or the remote graphic console. Hardware Inventory Displays system hardware information. User Administration Accesses the user configuration screen.
Controlling server power from a browser The Virtual Power screen displays current power status, how long the server has been powered on, and the reason for the last server restart. To display the Virtual Power screen, on the main menu navigation bar, click Virtual Power. To modify Chassis Actions, select a Power Control Option in the Chassis Actions section, and then click Apply.
4. To power off the server, enter stop /system1. For example: /./system1/> stop /system1 System1 stopped. The -force option can also be used with the stop command. This option forces the implementation to stop the target, ignoring any policy that might cause the implementation to normally not execute the command. In remote management processor implementation, this process is equivalent to a hard power down. 5. To reset the server, enter reset /system1. For example: /./system1/> reset System1 reset.
3. 4. Press the down arrow (↓) key to scroll to IPMI. Press the Enter key. Choose one of these options based on server model: • ML110 G6 and DL120 G6 servers: a. Press the down arrow (↓) key to scroll to IPMI. Press the Enter key. b. Press the down arrow (↓) key to scroll to Realtime Sensor Data. Press the Enter key. • On ML150 G6 servers, scroll to Hardware Health Information by pressing the down arrow (↓) key. Press the Enter key.
To configure an action (PEF entry), select the desired Event Offsets, select the desired PEF Action settings, and then click Add. • Event Offsets—Are trip points (movements across thresholds) that define what type of sensor event triggers an action. The information in the Events Offsets section varies with the type of sensor. Not all options are available for all sensors. You can select any of the available options.
The Global PEF Enable section enables you to set a global PEF action. To create a global PEF action, select Enabled in the PEF Enable box, select the PEF action, and then click Apply. The PET Destinations section indicates where LO100 sends the PET (if configured.) This section has up to eight entries specifying IP and MAC addresses. In the PET Destinations section, enter either an IP address or a MAC address and then click Apply. If both the MAC and an IP address are entered, the IP address is used.
To access the System Event Log from a web browser, on the main menu navigation bar, click System Event Log. To clear the system event log, click Clear Event Log. Accessing the system event log from the CLP 1. 2. 3. 4. Log in to the CLP as described in the “Logging in to LO100” (page 25) section. Enter cd /./system1/log1 Enter show to display the total number of system event records. Enter show record to display the details of a specific record. For example: /.
a. b. 5. 6. Press the down arrow (↓) key to scroll to IPMI. Press the Enter key. Press the down arrow (↓) key to scroll to System Event Log. Press the Enter key. • On ML150 G6 servers, scroll to the bottom of the IPMI page. • On DL160 G6, DL160se G6, DL170h G6, DL170e G6, DL180 G6, SL160z G6, SL170z G6, SL170s G6,and SL2x170z G6 servers, and DL165 and SL165z G7 servers: a. Scroll to the System Event Log Configuration menu by pressing the down arrow (↓) key. Press the Enter key. b.
Using the remote graphic console The Remote KVM/Media Viewer displays a virtual desktop and provides full control over the display, keyboard, and mouse of the host server. There are three different menus in the remote graphic console menu bar: Control, Preferences, and Help. • Control—Enables you to access virtual media devices and the virtual keyboard, refresh the screen, and exit the client. • Preferences—Enables you to set mouse, keyboard, and logging options.
NOTE: The Keyboard, Refresh Screen, Take Full Control, Disconnect Session, and Relinquish Full Control menu options are an advanced feature available with full Virtual KVM access only. Remote graphic console settings To change the mouse, keyboard, and logging settings, select Preferences. • The Mouse tab enables you to set the Mouse mode.
Mouse synchronization To synchronize the local mouse pointer and the server mouse pointer, bring the local mouse to the top left corner to attract the server mouse pointer to the top left corner. Both pointers become synchronized when they overlap as one pointer. For mouse synchronization to work correctly, you must change the Enhance Mouse pointer and Hardware Acceleration options on the remote machine (server side) using the LO100 remote graphic console.
graphic console Task Manager. You can use any combination of virtual and physical Alt, Ctrl, and Del keys. • Lock and special buttons, when pressed, remain in a pressed state until released. To release special buttons, click [Lock], and press the system buttons. • Selecting or pairing LCtrl and RCtrl, LAlt and RAlt, LWin and RWin function as they would on an English language keyboard. However, they might function differently on keyboards of other languages.
To add a new virtual media device, click Add on the Virtual Media page. The Add Virtual Media Devices window appears. This window has the following options: • The Look In list enables you to change your directory or drive. • The Virtual Media Type list enables you to specify the file type that you want to share. You must declare a Virtual Media Type before LO100 recognizes they type of device it is sharing. • The File Name textbox is the shared name of the image.
To remove a shared virtual media device, do the following: 1. 2. 3. 4. Before removing a shared device, verify the device is safe to remove. If necessary, perform any required steps necessary to ensure the safe removal of removable media devices on the server. On the Virtual KVM menu, select Virtual Media from the Control menu. The Virtual Media window appears. Select the device you want to remove and click Remove. A dialog box appears, indicating that the device has been successfully disconnected.
a. • • 4. 5. 6. 7. 8. b. Press the down arrow (↓) key to scroll down to the Console Redirection option, and press the Enter key. Set BIOS Server console to Enabled. ◦ Baud Rate—9600 (this is the only setting that can be changed) On ML150 G6 servers: a. Press the down arrow (↓) key to scroll down to the Console Redirection option, and press the Enter key. b.
NOTE: If you encounter problems logging in to the remote console, be aware that some telnet programs might require you to enable their send line feed at end of line option. If the remote console does not respond to the Enter key, try setting this option in your telnet program. NOTE: You must follow the instructions in the “Network settings” (page 46) section to configure the network access properly.
◦ Flow Control—None ◦ Redirection after BIOS POST—Always SuperIO Configuration 2. ◦ Serial Port Address—3F8 ◦ Serial Port IRQ—IRQ 4 In the /boot/grub/menu.lst file, append the following to the kernel startup line: console=ttyS0 115200 Comment out the line GRAPHICAL DISPLAY LINE # splashimage=(hd0,0)/grub/splash.xpm.gz 3. Add an entry to allow serial console login in /etc/inittab. For example: S0:12345:respawn:/sbin/agetty -L 115200 ttyS0 vt102 4. 5.
• 4. ◦ Remote Access—Enabled ◦ EMS support (SPCR)—Enabled ◦ Serial Port Mode—9600 8,n,1 ◦ Flow Control—None ◦ Console Type—VT100 ◦ Continue C.R. after POST—Always On DL160 G6, DL160se G6, DL170h G6, DL170e G6, DL180 G6, SL160z G6, SL170z G6, SL170s G6,SL2x170z G6 servers, and DL165 and SL165z G7 servers: a. Press the down arrow (↓) key to scroll down to the Remote Access Configuration option, and then press the Enter key. b.
User administration The User Administration option on the main menu navigation bar enables you (if authorized) to edit the user name and password for existing users. You cannot create a new user. The user password is stored in nonvolatile memory and can be changed through a web browser (see “Changing user settings through a web browser”) or through the CLP. When using CLP, if you do not have the correct privileges a warning message appears.
the properties of the first user or use it to log in. Only the first two users (after the fixed null value) are enabled for login by default. Users can only be enabled from the browser interface. WARNING! Do not disable all user accounts. If you disable all user accounts you will not be able to log in to LO100. HP recommends always leaving at least one user with administrative privileges. To modify user settings: 1. 2. 3. 4. 5. On the main menu navigation bar, click User Administration.
Passwords are case-sensitive and can contain up to 16 characters, including quotation marks and &. 6. To change the group name enter, set group=. Valid group settings are administrator, user, oemhp, and operator. For example: /./map1/accounts/user2/> set group=user Network settings You can view and modify network settings for LO100 using a web browser, CLP, or the BIOS Setup Utility. If you change the IP address, the connection to the server terminates.
• DHCP—Enables you to set the BMC IP to DHCP by selecting the Enabled box, or to Static by clearing the Enabled box. For the changes to take effect, click Apply. When setting the BMC IP to Static, to set a valid static IP, you must enter a static IP into the IP Address field before you click Apply. • DNS Server IP Address—Displays IP address of the DNS server. • DNS Server Alternate IP Address—Displays secondary DNS IP address.
a. b. c. • 5. Press the down arrow (↓) key to scroll to the end, and select BMC LAN Configuration. On BMC LAN Configuration, select Static. Press the down arrow (↓) key to scroll down and enter a valid IP address, subnet mask, and gateway address (press the Tab key to move between address fields). On DL160 G6, DL160se G6, DL170h G6, DL180 G6, SL160z G6, SL170z G6, SL170s G6, and SL2x170z G6 servers, and DL165 and SL165z G7 servers: a.
Applying a license key 1. 2. Log in to LO100 through a supported browser. To display the license activation screen, click Application License Key. If the Application License Key option is not available, you must update the LO100 firmware. For more information, see "Updating the firmware." 3. Enter the license key in the spaces provided. To move between fields, click inside a field or press the Tab key. The Activation License Key field advances automatically as you enter data. Click Apply. 4.
and the commands issued in a DOS window to generate the certificate. To generate a certificate using Win32 OpenSSL: 1. 2. 3. Download Win32 OpenSSL. Install and set up OpenSSL. Using OpenSSL, generate a DSA parameters file: openssl dsaparam -out server_dsaparam.pem 1024 4. Generate the DSA private key file, called server_privkey.pem: openssl gendsa -out server_privkey.pem server_dsaparam.pem 5. Generate the DSA certificate (public key) file, called server cacert.
5. 6. Enter the file name of the certificate created (server_cacert.pem) in the File Name field. Include the path relative to the TFTP server root in the file name. Click Apply. To install the private key through the browser: 1. 2. 3. 4. 5. 6. Log in to LO100 as an administrator. On the browser main menu navigation bar, click Security Settings. In the TFTP server IP address field, enter the IP address of the TFTP server. On the menu under File type, select Key.
LO100 checks the validity of the key/certificate pair after you reset the BMC. You can also find these commands in /map1/firmware directory. To successfully establish SSH/SSL connections after loading a key or certificate through the CLI or the GUI, and after you click Apply, you must reset the BMC by choosing either of the following: • Issuing the following command from the CLI (/.
LO100 has a default of 0x08 (input) and 0x03 (output) filter setting that must not be changed. If the default settings are changed, functionality issues might occur and you must restore the default settings. After the defaults are reset, you must log out and back in to the shell to restore normal functionality.
3. Set input default to 0x08 using the command: oemhp I 20 c0 20 18 00 29 01 00 00 02 00 08 b4 4. Set output default to 0x03 using the command: oemhp I 20 c0 20 18 00 29 01 00 00 02 01 03 b8 5. Log out. Using VLAN Tagging VLAN tagging is used to isolate the (internal) management traffic from the production traffic (for security and configuration simplicity) without running multiple Ethernet drops to each server.
4 Technical support Software technical support and update service HP LO100i Advanced Packs are available with Technical Support and Update licenses that provide for optional future upgrades. For more information about these options, see the HP website at http://www.hp.com/servers/lights-out. A license entitlement certificate is delivered in place of a license activation key.
Acronyms and abbreviations BIOS Basic Input/Output System BMC baseboard management controller CLI Command Line Interface CLP command line protocol CMS central management server CR carriage return DCMI Data Center Manageability Interface DHCP Dynamic Host Configuration Protocol DSA Digital Signature Algorithm EMS Emergency Management Services HTTP hypertext transfer protocol IP Internet Protocol IPMI Intelligent Platform Management Interface JVM Java Virtual Machine KVM keyboard,
Index A administration, 7 alert messages, 30 authorized reseller HP contact information, 55 Technical support, 55 B base management controller (BMC), 10 BIOS configuration, 10 BIOS Setup Utility Monitoring sensors, 28 Obtaining a DHCP IP address from the BIOS Setup Utility, 10 Updating the firmware, 14 BIOS upgrade, 14 BMC (base management controller), 10 browser-based setup, 46 C certificates Creating a certificate, 49 Importing a certificate, 49 Installing a certificate or private key through a web brow
help resources, 55 HP Systems Insight Manager, support, 52 HP technical support, 55 HP website, 55 HP, contacting, 55 I importing, certificates, 49 Intelligent Platform Management Interface (IPMI) IPMI 2.
Installing a certificate or private key through the CLP, 51 power control options Controlling server power from a browser, 27 Controlling server power remotely, 26 Controlling server power through the CLP, 27 Privacy Enhanced Mail (PEM) Creating a certificate, 49 Installing a certificate or private key through a web browser, 50 Installing a certificate or private key through the CLP, 51 private key Installing a certificate or private key through a web browser, 50 Installing a certificate or private key thro
Technical support, 55 telephone numbers Before you contact HP, 55 HP contact information, 55 Technical support, 55 telnet Accessing the remote console through Telnet, 39 Resolving character and line feed issues, 52 TFTP (Trivial File Transfer Protocol) Creating a certificate, 49 Importing a certificate, 49 Installing a certificate or private key through a web browser, 50 Installing a certificate or private key through the CLP, 51 Trivial File Transfer Protocol (TFTP) Creating a certificate, 49 Importing a c
