Category Archives: HP

Bulk configuration of HP iLO4

Found myself in a situation where I had 38 new HP DL380 Gen8 servers that needed their iLO4‘s configured to match the standard. While I’m always a fan of repetitive point and clicking (not really), I decided my time would be better spent finding a more efficient way to configure them all at once.

Enter HPQLOCFG.EXE: The HP Lights-Out Configuration Utility. Installed it on a random Win2k8 R2 VM and then downloaded the accompanying scripting examples. Coupled with the HP iLO 4 Scripting and Command Line Guide, it becomes fairly easy to cobble together a master script which remotely fully configures an iLO4 from scratch knowing only the DNS hostname and default Administrator password. Obviously DHCP comes in handy here on the iLO network so the iLO4 can get on the network without ever touching the server.

Reviewing the XML scripting examples, there are many good ones for doing individual configuration of certain features of the iLO4 using RIBXML. Putting them all together in to one script is a fun exercise, but the examples are good and the PDF guide is helpful.

The way it all works is an XML file is prepared by you and then passed to HPLOCFG.exe along with remote iLO4 hostname, Administrator username, and default Administrator password.

Here is an example XML file which fully configures features of the iLO4 to meet the customer’s standard:

<RIBCL VERSION="2.0">
	<LOGIN USER_LOGIN="adminname" PASSWORD="password">
		<RIB_INFO MODE="write">
			<LICENSE>
				<ACTIVATE KEY="1111122222333334444455555"/>
			</LICENSE>
			<ADD_FEDERATION_GROUP GROUP_NAME="Servers" GROUP_KEY="servers">
				<ADMIN_PRIV VALUE="Yes"/>
				<REMOTE_CONS_PRIV VALUE="Yes"/>
				<RESET_SERVER_PRIV VALUE="Yes"/>
				<VIRTUAL_MEDIA_PRIV VALUE="Yes"/>
				<CONFIG_ILO_PRIV VALUE="Yes"/>
				<LOGIN_PRIV VALUE="Yes"/>
			</ADD_FEDERATION_GROUP>
			<MOD_SNMP_IM_SETTINGS>
				<OS_TRAPS value="Yes"/>
				<SNMP_PASSTHROUGH_STATUS value="No"/>
				<RIB_TRAPS value="No"/>
				<CIM_SECURITY_MASK value="3"/>
				<SNMP_ADDRESS_1_ROCOMMUNITY VALUE="public"/>
				<AGENTLESS_MANAGEMENT_ENABLE value="Yes"/>
				<SNMP_SYS_CONTACT VALUE="Server Team"/>
				<SNMP_SYS_LOCATION VALUE="XYZ Corp"/>
				<SNMP_SYSTEM_ROLE VALUE="Server"/>
				<SNMP_SYSTEM_ROLE_DETAIL VALUE=""/>
				<COLD_START_TRAP_BROADCAST value="Yes"/>
				<TRAP_SOURCE_IDENTIFIER value="iLO Hostname"/>
				<SNMP_ACCESS_ENABLED value="Yes"/>
				<SNMP_PORT value="161"/>
				<SNMP_TRAP_PORT value="162"/>
				<SNMP_V1_TRAPS VALUE="Yes"/>
			</MOD_SNMP_IM_SETTINGS>
			<MOD_GLOBAL_SETTINGS>
				<REMOTE_SYSLOG_ENABLE VALUE="Yes"/>
				<REMOTE_SYSLOG_PORT VALUE="514"/>
				<REMOTE_SYSLOG_SERVER_ADDRESS VALUE="%syslogIP%"/>
				<ALERTMAIL_ENABLE VALUE="Y"/>
				<ALERTMAIL_EMAIL_ADDRESS VALUE="[email protected]"/>
				<ALERTMAIL_SENDER_DOMAIN VALUE="example.com"/>
				<ALERTMAIL_SMTP_SERVER VALUE="mail.example.com"/>
				<ALERTMAIL_SMTP_PORT VALUE="25"/>
			</MOD_GLOBAL_SETTINGS>
			<MOD_NETWORK_SETTINGS>
				<ENABLE_NIC value="Yes"/>
				<REG_DDNS_SERVER value="Yes"/>
				<PING_GATEWAY value="Yes"/>
				<DHCP_DOMAIN_NAME value="No"/>
				<SPEED_AUTOSELECT value="YES"/>
				<DHCP_ENABLE value="No"/>
				<IP_ADDRESS value="%iloIP%"/>
				<SUBNET_MASK value="255.255.255.0"/>
				<GATEWAY_IP_ADDRESS value="%iloGW%"/>
				<DNS_NAME value="%servername%-ilo"/>
				<DOMAIN_NAME value="example.com"/>
				<DHCP_GATEWAY value="No"/>
				<DHCP_DNS_SERVER value="No"/>
				<DHCP_WINS_SERVER value="No"/>
				<DHCP_STATIC_ROUTE value="No"/>
				<DHCP_SNTP_SETTINGS value="No"/>
				<DHCPV6_SNTP_SETTINGS value="No"/>
				<REG_WINS_SERVER value="Yes"/>
				<PRIM_WINS_SERVER value="10.10.10.51"/>
				<SEC_WINS_SERVER value="10.10.11.51"/>
				<PRIM_DNS_SERVER value="10.10.10.25"/>
				<SEC_DNS_SERVER value="10.10.11.25"/>
				<SNTP_SERVER1 value="10.10.10.100"/>
				<SNTP_SERVER2 value="10.10.11.100"/>
				<TIMEZONE value="America/Detroit"/>
			</MOD_NETWORK_SETTINGS>
		</RIB_INFO>
		<SERVER_INFO MODE="write">
			<SET_HOST_POWER_SAVER HOST_POWER_SAVER="1"/>
			<SERVER_NAME value="%servername%"/>
			<SERVER_FQDN value="%servername%.example.com"/>
		</SERVER_INFO>
		<USER_INFO MODE="write">
			<MOD_USER USER_LOGIN="Administrator">
				<PASSWORD value="adminpwd"/>
			</MOD_USER>
			<ADD_USER USER_NAME="monitoring" USER_LOGIN="monitoring" PASSWORD="monitoring">
				<ADMIN_PRIV value="N"/>
				<REMOTE_CONS_PRIV value="N"/>
				<RESET_SERVER_PRIV value="N"/>
				<VIRTUAL_MEDIA_PRIV value="N"/>
				<CONFIG_ILO_PRIV value="N"/>
			</ADD_USER>
		</USER_INFO>
		<DIR_INFO MODE="write">
			<MOD_DIR_CONFIG>
				<DIR_AUTHENTICATION_ENABLED value="Yes"/>
				<DIR_LOCAL_USER_ACCT value="Yes"/>
				<DIR_SERVER_ADDRESS value="ldap.example.com"/>
				<DIR_SERVER_PORT value="636"/>
				<DIR_USER_CONTEXT_1 value="OU=Teams,OU=EXAMPLE,DC=example,DC=com"/>
				<DIR_ENABLE_GRP_ACCT value="Yes"/>
				<DIR_GRPACCT1_NAME value="CN=ILO_Admins,OU=EXAMPLE,DC=example,DC=com"/>
				<DIR_GRPACCT1_PRIV value="1,2,3,4,5,6"/>
				<DIR_GRPACCT1_SID value="S-1-0"/>
			</MOD_DIR_CONFIG>
		</DIR_INFO>
		<SSO_INFO MODE="write">
			<MOD_SSO_SETTINGS>
				<TRUST_MODE VALUE="CERTIFICATE"/>
			</MOD_SSO_SETTINGS>
		</SSO_INFO>
	</LOGIN>
</RIBCL>

In the example above, note that some values are represented by variables such as %iloIP%. This allows the actual value to be filled in on the command line dynamically using the -t flag versus hardcoding it in the file. Also note that the <LOGIN> tag is ignored if username & password are used on the HPQLOCFG.exe command line (-u and -p flags).

To run this RIBXML against a virgin iLO4, the command is simply:
C:\Program Files (x86)\HP Lights-Out Configuration Utility>HPQLOCFG.exe -s ILOUSEnnnmmmm.example.com -u administrator -p 12345678 -f c:\scripts\ilo-scripts\my_config.xml
-t servername=SuperServer,iloIP=10.10.15.13,iloGW=10.10.15.1,syslogIP=10.10.15.95

Note the -t flag and its key=value pairs. Any instances of %servername% will be replaced by “SuperServer”, and so on. Very handy.

Pairing this functionality with Powershell and a CSV file of servername, iLO default password, desired iLO Hostname, iLO IP, iLO Gateway, and anything else necessary gives a powerful bulk-configuration tool which can configure all the iLOs in minutes.

Create a CSV as shown:

servername,password,iloHostname,iloIP,iloGW,syslogIP
Server01,12345678,ilouse1112222,10.10.15.12,10.10.15.1,10.10.15.95

Due to some formatting and syntax issues I was running in to with passing values through Powershell, I opted to make a simple “ilo.bat” batch file to take the values from import-csv and ultimately pass them on to HPQLOCFG.exe:

"C:\Program Files (x86)\HP Lights-Out Configuration Utility\HPQLOCFG.exe" -s %1 -u administrator -p %2 -f c:\scripts\ilo-scripts\my_config.xml -t servername=%3,iloIP=%4,iloGW=%5,syslogIP=%6

Then, to run it, use Powershell’s import-csv to parse the CSV, pass the values to the batch file which then passes them to HPQLOCFG.

import-csv -path .\ilo_config.csv | %{ & '.\ilo.bat' $_.iloHostname $_.password $_.servername $_.iloIP $_.iloGW $_.syslogIP }

All iLOs will then be configured! And luckily, if anything gets messed up or the script didn’t work, there is an example Factory_Reset.xml which can set an iLO4 back to defaults (don’t forget the default password – you’ll need it after it’s been reset!)