Webko Wiki - Вклад участника [ru]

Network Tuning - 10G

2023-01-31T13:26:55Z

Sol: /* Soft interrupt issued by a device driver */

[[Категория:Linux]]

== Рекомендації ==
* Відключити HT
* Розмежувати приривання
== Підвищення продуктивності мережевого стеку Linux ==
=== CPU ===
* Встановити максимально продуктивний профіль роботи ЦП
=== NIC ===
==== INTEL ixgbe ====
Встановити останню стабільну версію драйверу мережевої карти
https://sourceforge.net/projects/e1000/files/ixgbe%20stable/
<syntaxhighlight lang="bash">
wget https://sourceforge.net/projects/e1000/files/ixgbe%20stable/5.18.6/
rpmbuild -tb ixgbe-<x.x.x>.tar.gz
yum localinstall <RPM>
</syntaxhighlight>
Налаштування драйверу(модулю)
<syntaxhighlight lang="bash">
vim /etc/modprobe.d/ixgbe.conf
options ixgbe IntMode=2,2 RSS=6,6 VMDQ=0,0 InterruptThrottleRate=1,1 allow_unsupported_sfp=1
</syntaxhighlight>
Застосовуємо драйвер(модуль)
modprobe ixgbe
Вимикаємо контроль перевантаження
ethtool -K eth0 lro off
Вимикаємо системне керування перериваннями та передаємо контроль NAPI
ethtool -C eth0 adaptive-rx off
Дізнатися розмір буферу
ethtool -g eth0
Встановити розмір буферу
ethtool -G eth0 rx 4096
Встановити розмір черги
ip link set eth0 txqueuelen 10000

=== Soft interrupt issued by a device driver ===
Так як ми налаштували розподілення черги за перериваннями (msi-x , rss ), тому тепер їх потрібно зозпреділити по ядрам smp_affinity. В стандартній поставці драйверу йде скрипт ''set_irq_affinity'' за допомогою якого можливо розподілити ядра для відпрацювання перериваннь.
<syntaxhighlight lang="bash">
./set_irq_affinity 0-4 enp3s0f0 # ядра з 0 по 4 для enp3s0f0
./set_irq_affinity 5-8 enp3s0f1 # ядра з 5 по 8 для enp3s0f1
</syntaxhighlight>
Також потрібно вимкнути сервіс розподілення перериваннь
systemctl disable irqbalance --now

<syntaxhighlight lang="bash">
echo “0” > /sys/class/net/ens2f0/queues/rx-0/rps_cpus
echo “1” > /sys/class/net/ens2f0/queues/rx-0/rps_cpus
echo “2” > /sys/class/net/ens2f0/queues/rx-1/rps_cpus
echo “4” > /sys/class/net/ens2f0/queues/rx-2/rps_cpus
echo “8” > /sys/class/net/ens2f0/queues/rx-3/rps_cpus
echo “10” > /sys/class/net/ens2f0/queues/rx-4/rps_cpus
echo “20” > /sys/class/net/ens2f0/queues/rx-5/rps_cpus
echo “40” > /sys/class/net/ens2f0/queues/rx-6/rps_cpus
echo “80” > /sys/class/net/ens2f0/queues/rx-7/rps_cpus

sysctl -w net.core.rps_sock_flow_entries=32768

echo 2048 > /sys/class/net/ens2f0/queues/rx-0/rps_flow_cnt
echo 2048 > /sys/class/net/ens2f0/queues/rx-1/rps_flow_cnt
echo 2048 > /sys/class/net/ens2f0/queues/rx-2/rps_flow_cnt
echo 2048 > /sys/class/net/ens2f0/queues/rx-3/rps_flow_cnt
echo 2048 > /sys/class/net/ens2f0/queues/rx-4/rps_flow_cnt
echo 2048 > /sys/class/net/ens2f0/queues/rx-5/rps_flow_cnt
echo 2048 > /sys/class/net/ens2f0/queues/rx-6/rps_flow_cnt
echo 2048 > /sys/class/net/ens2f0/queues/rx-7/rps_flow_cnt
</syntaxhighlight>

=== Kernel buffers ===
=== The network layer (IP, TCP or UDP) ===

Network Tuning - 10G

2023-01-31T13:17:25Z

Sol: /* Soft interrupt issued by a device driver */

Network Tuning - 10G

2023-01-31T13:11:35Z

Sol: /* Soft interrupt issued by a device driver */

Network Tuning - 10G

2023-01-31T13:00:48Z

Sol: /* INTEL ixgbe */

Network Tuning - 10G

2023-01-31T12:54:58Z

Sol:

Network Tuning - 10G

2023-01-31T12:54:32Z

Sol: Новая страница: «Категория:Linux == Рекомендації == * Відключити HT * Розмежувати приривання == Підвищення пр...»

LetsEncrypt SSL

2022-10-17T11:08:19Z

Sol:

[[Файл:Letsencrypt-logo-horizontal.svg]]

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.

We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.

The key principles behind Let’s Encrypt are:
* '''Free''': Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
* '''Automatic''': Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
* '''Secure''': Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
* '''Transparent''': All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
* '''Open''': The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
* '''Cooperative''': Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

== Установка приложения ==
=== Centos ===
<syntaxhighlight lang="bash">
yum install epel-release -y
yum install certbot
</syntaxhighlight>
=== Arch Linux ===
<syntaxhighlight lang="bash">
pacman -Syu certbot
</syntaxhighlight>
=== Debian/Ubuntu ===
<syntaxhighlight lang="bash">
sudo apt-get update
sudo apt-get install letsencrypt
</syntaxhighlight>
== Получение сертификата ==
В силу того что в своей работе я отдаю предпочтение веб серверу Nginx все примеры будат заточены под него.

Для примера возьмем домен wiki.webko.net.ua, у него есть конфиг вида
<syntaxhighlight lang="nginx">
server {
listen 212.26.146.24:80;
server_name wiki.webko.net.ua;
root /srv/http/wiki;
index index.php;
access_log /var/log/nginx/domains/wiki.webko.net.ua.log combined;
error_log /var/log/nginx/domains/wiki.webko.net.ua.error.log error;

client_max_body_size 5m;
client_body_timeout 60;

location / {
...
}
}
</syntaxhighlight>
Для того чтобы полчуть сертификат для домена первым делом нужно удостовить LE в том что вы имеете право на запрос сертификата для домена. Я использую acme-challenge. Для упрощения админисрирования, возможно, большего хазяйства я использую шаблон для проведения удостоверения, его основная функция - переадресация всех запросов к урлу .well-known/acme-challenge/ приложению проводящему удостоверение (тоесть letsencrypt или certbot), его мы сможем подключать к любому виртуальному хосту, выглядит он так.
<syntaxhighlight lang="bash">
mkdir /etc/nginx/template
vim /etc/nginx/template/letsencrypt.conf
</syntaxhighlight>
<syntaxhighlight lang="nginx">
location ~ ^/(.well-known/acme-challenge/.*)$ {
proxy_pass http://127.0.0.1:9999/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
</syntaxhighlight>
Дальше подключаем его к виртуальному хосту нашего домена.
<syntaxhighlight lang="nginx">
server {
listen 212.26.146.24:80;
server_name wiki.webko.net.ua;
root /srv/http/wiki;
index index.php;
access_log /var/log/nginx/domains/wiki.webko.net.ua.log combined;
error_log /var/log/nginx/domains/wiki.webko.net.ua.error.log error;

client_max_body_size 5m;
client_body_timeout 60;

include template/letsencrypt.conf; # <---

location / {
...
}
}
</syntaxhighlight>
Перезагружаем конфиг Nginx для применения изменений.
<syntaxhighlight lang="bash">
nginx -t
nginx -s reload
</syntaxhighlight>

<syntaxhighlight lang="bash">
letsencrypt --agree-tos --renew-by-default --standalone --http-01-port 9999 --server https://acme-v02.api.letsencrypt.org/directory certonly -d wiki.webko.net.ua --register-unsafely-without-email
</syntaxhighlight>

Подготовка завершена, переходим непосредственно к запросу сертификата. В зависимости от вашего дистрибютива приложение может иметь разные названия (letsencrypt или certbot).
<syntaxhighlight lang="bash">
letsencrypt --agree-tos --renew-by-default --standalone --standalone-supported-challenges \
http-01 --http-01-port 9999 --server https://acme-v01.api.letsencrypt.org/directory \ #запуск внутреннего http сервера для проведения аутентификации
certonly \ #получаем сертификаты без автоматической правки конфигов вебсервера(возможно при помощи отдельных плагинов для LE)
-d wiki.webko.net.ua -d www.wiki.webko.net.ua \ #перечислены домены для которых запрашивается сертификат
--rsa-key-size 4096
</syntaxhighlight>
Дальше начнется удостоверенеие, в ходе так же у вас будет запршен "контактный" емейл, для отправки вам уведомлений об окончании срока действия сертификата.

Если все прошло успешно вы увидите уведомление об успешном создании сертификатов и пути их расположения.
<syntaxhighlight lang="bash">
/etc/letsencrypt/renewal/wiki.webko.net.ua.conf - конфиг
/etc/letsencrypt/archive/wiki.webko.net.ua/ - архив сертификатов
/etc/letsencrypt/live/wiki.webko.net.ua/ - актуальные сертификаты
</syntaxhighlight>

Следубщим шагом создадим виртуальный конфиг для нашего домена с поддержкой SSL.
<syntaxhighlight lang="nginx">
# постоянный редирект на https
server {
listen 212.26.146.24:80;
server_name wiki.webko.net.ua;
return 301 https://$server_name$request_uri;
}
# конфиг виртуального хоста
server {
listen 212.26.146.24:443 ssl;
server_name wiki.webko.net.ua;
root /srv/http/wiki;
index index.php;
access_log /var/log/nginx/domains/wiki.webko.net.ua.log combined;
error_log /var/log/nginx/domains/wiki.webko.net.ua.error.log error;

# включение ssl и подключение сертификатов
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/wiki.webko.net.ua/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.webko.net.ua/privkey.pem;

client_max_body_size 5m;
client_body_timeout 60;

include template/letsencrypt.conf;

location / {
...
}
}
</syntaxhighlight>
Перезагружаем конфиг Nginx для применения изменений.
<syntaxhighlight lang="bash">
nginx -t
nginx -s reload
</syntaxhighlight>
Теперь наш сайт доступен по https соединению, при переходе по http будет срабатывать редирект на https.
=== Получение сертификата не для WEB ===
В случае когда нам нужен сертификат для почтового сервера (на пример) у которого по у молчанию нет служб сшающих http соединения (для прохождения удостоверения) мы можем использовать дефолтный конфиг Nginx для своих нужд.
<syntaxhighlight lang="bash">
yum install nginx | pacman -Syu nginx | apt install nginx
vim /etc/nginx/conf.d/default.conf
</syntaxhighlight>
<syntaxhighlight lang="nginx">
server {
listen 80 default_server;
server_name _;
include template/letsencrypt.conf # наш шаблон
}
</syntaxhighlight>
<syntaxhighlight lang="bash">
nginx -t
systemctl start nginx
systemctl enable nginx
</syntaxhighlight>

Дальше генерируем наш сертификат как описано выше, главное условие, у вас должна быть коректно настроена А запись для интересующего домена (субдомена).

По завершению сертификат можно использовать например для exim, postfix, dovecot.
== Обновление сертифкатов ==
Для обновления сертификатов срок годности которых подходит или подошел к концу можно воспользоватся командой
<syntaxhighlight lang="bash">
letsencrypt renew
</syntaxhighlight>
Она обновит все нуждающееся в обновлении сертификаты, после чего нужно перезагрузить всех демонов использующих обновленные сертификаты для применения изменений.

Для автоматического обновления можно использовать крон.
<syntaxhighlight lang="bash">
echo "0 0 * * 7 /usr/bin/letsencrypt > /dev/null && systemctl restart nginx" >> /var/spool/cron/root
</syntaxhighlight>
Такое задание будет пытатся обновить сертификаты каждое воскресенье в 0 часов 0 минут.
== Ограничения ==
У Let’s Encrypt действуют такие ограничения:
* 20 сертификатов на 1н домен в неделю;
* 100 сабдоменов на 1н сертификат;
* 5 повторяющихся запросов для домена/сабдомена в неделю;
* 5 неудачных попыток верификации на аккаунт, доменное имя в час;
* 500 аккаунтов на IP за 3 часа;
* 300 ожидающих авторизации запросов на аккаунт.

Здесь [https://crt.sh/ crt.sh] можно просмотреть количество сертификатов выпущеных для домена.
[[Категория:Web]]

TLS check

2022-04-21T12:44:47Z

Sol:

[[Категория:Web]][[Категория:Mail]]
== CLI ==
<syntaxhighlight lang="bash">
nmap -sV --script ssl-enum-ciphers -p 443 EXAMPLE.COM
</syntaxhighlight>
<syntaxhighlight lang="bash">
curl -kv --tls-max 1.0 -0 https://EXAMPLE.COM
</syntaxhighlight>
== Web ==
[https://www.ssllabs.com/ssltest/analyze.html ssllabs.com]

Traefik in Kubernetes

2022-04-20T20:43:39Z

Sol: /* TLS options */

[[Категория:Kubernetes]][[Категория:Web]]

=== TLS options ===
'''only one TLSOption per Kubernetes cluster'''
<syntaxhighlight lang="bash">
kubectl -n default apply -f traefik_TLSopt.yaml
</syntaxhighlight>
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
</syntaxhighlight>

[[TLS check]]

=== Headers ===
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: headers-back-office
spec:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
- "POST"
- "DELETE"
accessControlAllowHeaders:
- '*'
accessControlAllowOriginList:
- "*"
accessControlMaxAge: 100
accessControlExposeHeaders:
- '*'
addVaryHeader: true
customResponseHeaders:
Server: "" # Remove web server name and version
</syntaxhighlight>
===Security middleware===
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: security
spec:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
#HSTS
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
</syntaxhighlight>

TLS check

2022-04-20T20:42:58Z

Sol: Новая страница: «Категория:WebКатегория:Mail <syntaxhighlight lang="bash"> nmap -sV --script ssl-enum-ciphers -p 443 EXAMPLE.COM </syntaxhighlight> <syn...»

[[Категория:Web]][[Категория:Mail]]

<syntaxhighlight lang="bash">
nmap -sV --script ssl-enum-ciphers -p 443 EXAMPLE.COM
</syntaxhighlight>
<syntaxhighlight lang="bash">
curl -kv --tls-max 1.0 -0 https://EXAMPLE.COM
</syntaxhighlight>

Traefik in Kubernetes

2022-04-20T20:39:23Z

Sol:

[[Категория:Kubernetes]][[Категория:Web]]

=== TLS options ===
'''only one TLSOption per Kubernetes cluster'''
<syntaxhighlight lang="bash">
kubectl -n default apply -f traefik_TLSopt.yaml
</syntaxhighlight>
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
</syntaxhighlight>

=== Headers ===
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: headers-back-office
spec:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
- "POST"
- "DELETE"
accessControlAllowHeaders:
- '*'
accessControlAllowOriginList:
- "*"
accessControlMaxAge: 100
accessControlExposeHeaders:
- '*'
addVaryHeader: true
customResponseHeaders:
Server: "" # Remove web server name and version
</syntaxhighlight>
===Security middleware===
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: security
spec:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
#HSTS
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
</syntaxhighlight>

Traefik in Kubernetes

2022-04-20T19:03:13Z

Sol: /* Headers */

[[Категория:Kubernetes]][[Категория:Web]]

=== TLS options ===
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
</syntaxhighlight>

=== Headers ===
<syntaxhighlight lang="yaml">
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: headers-back-office
spec:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
- "POST"
- "DELETE"
accessControlAllowHeaders:
- '*'
accessControlAllowOriginList:
- "*"
accessControlMaxAge: 100
accessControlExposeHeaders:
- '*'
addVaryHeader: true
customResponseHeaders:
Server: "" # Remove web server name and version
</syntaxhighlight>

Traefik in Kubernetes

2022-04-20T18:59:33Z

Sol: /* TLS options */

Traefik in Kubernetes

2022-04-20T18:54:12Z

Sol:

[[Категория:Kubernetes]][[Категория:Web]]

=== TLS options ===
=== Headers ===

Kubectl

2022-04-20T18:53:47Z

Sol: Новая страница: «Категория:Kubernetes»

[[Категория:Kubernetes]]

Traefik in Kubernetes

2022-04-20T18:52:30Z

Sol: Новая страница: «Категория:Kubernetes === TLS options === === Headers ===»

[[Категория:Kubernetes]]

=== TLS options ===
=== Headers ===

Категория:Kubernetes

2022-04-20T18:50:47Z

Sol: Новая страница: «Категория:Cluster»

[[Категория:Cluster]]

Cisco. ASA5512-X

2021-09-13T08:17:28Z

Sol:

[[Категория:Hardware]]
== Установка ios через tftp ==
Конфигурирование tftp клиента и загрузка ios.
<syntaxhighlight lang="Bash">
rommon #0> ADDRESS=51.51.51.51
rommon #2> SERVER=51.51.51.50
rommon #3> GATEWAY=51.51.51.50
rommon #4> IMAGE=asa9-12-4-18-smp-k8.bin
rommon #5> PORT=Management0/0
rommon #6> set
rommon #7> tftp
</syntaxhighlight>
Загрузка ios на системный диск и установка его загрузочным
<syntaxhighlight lang="Bash">
asa# copy tftp flash
Address or name of remote host []? 51.51.51.50
Source filename []? asa9-12-4-18-smp-k8.bin
Destination filename [asa9-12-4-18-smp-k8.bin]?
Accessing tftp://51.51.51.50/asa9-12-4-18-smp-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
asa# show flash:
--#-- --length-- -----date/time------ path
9822 107606016 Sep 13 2021 08:26:08 asa9-12-4-18-smp-k8.bin
9809 60 Sep 13 2021 08:19:48 coredumpinfo
9810 59 Sep 13 2021 08:19:48 coredumpinfo/coredump.cfg
9726 40 Sep 13 2021 08:19:47 crypto_archive
9579 40 Sep 13 2021 08:19:18 log
asa# conf t
asa(config)# boot system disk0:/asa9-12-4-18-smp-k8.bin
asa(config)# wri me
Building configuration...
Cryptochecksum: 8681bfd1 05e7280a 22cac3b9 bfda24c9

3603 bytes copied in 0.770 secs
[OK]
asa(config)# reload
</syntaxhighlight>

Cisco. ASA5512-X

2021-09-13T07:38:45Z

Sol:

[[Категория:Hardware]]
== Установка ios через tftp ==

Cisco. ASA5512-X

2021-09-13T07:33:47Z

Sol: Новая страница: «Категория:Hardware»

[[Категория:Hardware]]

PfSense

2021-01-19T09:26:37Z

Sol: /* Configuring OpenVPN on PFSense */

[[Категория:Cluster]][[Категория:Hardware]][[Категория:BSD]]

== IPsec duble 2 phase (split connections)==

(IKEv2 Only) When an IKEv2 tunnel has multiple Phase 2 definitions, by default the settings are collapsed in the IPsec configuration such that all P2 combinations are held in a single child SA.

'''Split Connections''' changes this behavior to be more like IKEv1 where each P2 is its configured by the daemon as own separate child SA.

Certain scenarios require this behavior, such as:
* The remote peer does not properly handle multiple addresses in single traffic selectors. This is especially common in Cisco equipment.
* Each child SA must have unique traffic selector or proposal settings. This could be due to the peer only allowing specific combinations of local/remote subnet pairs or different encryption options for each child SA.

[[Файл:Pfsense split connections.png|800px|none|none|split connections]]

== Setting Up OpenVPN on PFSense 2.4. ==
=== Creating the Certificate Infrastructure needed for PFSense and OpenVPN ===
OpenVPN uses certificates to secure the VPN service for authentication and encryption purposes. The first thing we need to do on PFSense is create a Certificate Authority. If you already have one configured you can skip this step.
==== Creating a Certificate Authority on PFSense ====
The first step in the process is to navigate to the built-in PFSense Certificate Manager

[[Файл:PFSense OpenVPN01.png|200px|none|none|Certificate Manager]]

You will then be presented with a dashboard detailing the list of CA’s installed on the server. In the example below there isn’t one so click on '''+Add''' to create a new one.

[[Файл:PFSense OpenVPN02.png|600px|none|none]]

Next we need to ''fill out the form'' which PFSense will use to create the Certificate Authority. Since we are building an Internal Certificate Authority, select this option from the drop-down list as highlighted in the image below and then fill out the necessary details about your organization in the fields provided. Remember to give you CA a useful common name which you can use to identify it. In my example I used PFSense_RootCA. Once done, click on '''Save''' and your Internal Certificate Authority will be created.

[[Файл:PFSense OpenVPN03.png|600px|none|none]]

==== Creating the OpenVPN Server Certificate on PFSense ====

The next step is to create the certificate for the OpenVPN server which clients will use to verify the identity of the server when connecting to it. Under System – Certificate Manager navigate to the Certificates tab and click on '''+ Add/Sign'''.

[[Файл:PFSense OpenVPN04.png|600px|none|none]]

Next complete the form to create the certificate. Note you need to select the '''Create an internal Certificate''' method and ensure you select '''Server Certificate''' as the certificate type. Fill in the rest of the relevant information and once complete, click on '''Save'''.

[[Файл:PFSense OpenVPN05.png|600px|none|none]]

The certificate infrastructure needed for OpenVPN is now complete so we can move onto the next phase, creating the OpenVPN service

=== Configuring OpenVPN on PFSense ===

We will be using the OpenVPN configuration wizard for this step. To start go to VPN in the main menu and then click on OpenVPN.

[[Файл:PFSense OpenVPN06.png|200px|none|none]]

Next click on the '''Wizards''' tab to start the configuration sequence.

[[Файл:PFSense OpenVPN07.png|600px|none|none]]

We now need to select type of server. In the drop-down list provided, select '''Local User Access''' and then click '''Next'''

[[Файл:PFSense OpenVPN08.png|600px|none|none]]

Next Select the Certificate Authority and click '''Next'''. If you have not created one, follow the steps above.

[[Файл:PFSense OpenVPN09.png|600px|none|none]]

The next step is to select the VPN Server Certificate. Once completed click '''Next'''. Again, if you have not created one, follow the steps above.

[[Файл:PFSense OpenVPN10.png|600px|none|none]]

Next you will need to complete the Server Setup form which consists of four sections: General OpenVPN Server Information, Cryptographic Settings, Tunnel Settings and Client Settings. As each environment is different, you may need to adjust these to meet your specific requirements. The settings below are the default settings which ensure privacy and use PFSense as your DNS server etc.

First, let’s configure the '''General OpenVPN Server Information'''. Leave everything as default and give your VPN a description if you so choose as per the example below.

[[Файл:PFSense OpenVPN11.png|800px|none|none]]

Under '''Cryptographic Settings''', leave everything as default but change the Auth Digest Algorithm to SHA256 as per the example below since SHA1 is not that secure.

[[Файл:PFSense OpenVPN11b.png|600px|none|none]]

Under '''Tunnel Settings''', enter the IP address range in CIDR notation for the Tunnel network (this will be the IP address range OpenVPN will use to assign IP’s to VPN clients). You also need to tick the checkbox labeled Redirect Gateway to ensure all clients only use the VPN for all their traffic. Next enter the local network IP address range in CIDR notation (this is usually your LAN) and then set your maximum number of concurrent connections.

[[Файл:PFSense OpenVPN12.png|600px|none|none]]

In my configuration example I have left all '''Client Settings''' in their default state. Here you may want to specify a DNS server etc. Once completed click on '''Next'''.

[[Файл:PFSense OpenVPN12b.png|800px|none|none]]

Next the wizard will want to create the Firewall rule configuration. Select the Firewall rule and the OpenVPN rule as per the example below and click '''Next'''

[[Файл:PFSense OpenVPN13.png|800px|none|none]]

Finally, the configuration is complete. Click '''Finish'''.

[[Файл:PFSense OpenVPN14.png|800px|none|none]]

You should now have a configured OpenVPN server, a newly created WAN Firewall Rule and an OpenVPN tab under Firewall rules with the OpenVPN rule configured. Examples below.

[[Файл:PFSense OpenVPN15.png|800px|none|none]]

=== Installing the OpenVPN Client Export Package ===

== routing between IPsec and openVPN tunnels ==

PfSense

2021-01-19T09:22:58Z

Sol:

[[Категория:Cluster]][[Категория:Hardware]][[Категория:BSD]]

== IPsec duble 2 phase (split connections)==

(IKEv2 Only) When an IKEv2 tunnel has multiple Phase 2 definitions, by default the settings are collapsed in the IPsec configuration such that all P2 combinations are held in a single child SA.

'''Split Connections''' changes this behavior to be more like IKEv1 where each P2 is its configured by the daemon as own separate child SA.

Certain scenarios require this behavior, such as:
* The remote peer does not properly handle multiple addresses in single traffic selectors. This is especially common in Cisco equipment.
* Each child SA must have unique traffic selector or proposal settings. This could be due to the peer only allowing specific combinations of local/remote subnet pairs or different encryption options for each child SA.

[[Файл:Pfsense split connections.png|800px|none|none|split connections]]

== Setting Up OpenVPN on PFSense 2.4. ==
=== Creating the Certificate Infrastructure needed for PFSense and OpenVPN ===
OpenVPN uses certificates to secure the VPN service for authentication and encryption purposes. The first thing we need to do on PFSense is create a Certificate Authority. If you already have one configured you can skip this step.
==== Creating a Certificate Authority on PFSense ====
The first step in the process is to navigate to the built-in PFSense Certificate Manager

[[Файл:PFSense OpenVPN01.png|200px|none|none|Certificate Manager]]

You will then be presented with a dashboard detailing the list of CA’s installed on the server. In the example below there isn’t one so click on '''+Add''' to create a new one.

[[Файл:PFSense OpenVPN02.png|600px|none|none]]

Next we need to ''fill out the form'' which PFSense will use to create the Certificate Authority. Since we are building an Internal Certificate Authority, select this option from the drop-down list as highlighted in the image below and then fill out the necessary details about your organization in the fields provided. Remember to give you CA a useful common name which you can use to identify it. In my example I used PFSense_RootCA. Once done, click on '''Save''' and your Internal Certificate Authority will be created.

[[Файл:PFSense OpenVPN03.png|600px|none|none]]

==== Creating the OpenVPN Server Certificate on PFSense ====

The next step is to create the certificate for the OpenVPN server which clients will use to verify the identity of the server when connecting to it. Under System – Certificate Manager navigate to the Certificates tab and click on '''+ Add/Sign'''.

[[Файл:PFSense OpenVPN04.png|600px|none|none]]

Next complete the form to create the certificate. Note you need to select the '''Create an internal Certificate''' method and ensure you select '''Server Certificate''' as the certificate type. Fill in the rest of the relevant information and once complete, click on '''Save'''.

[[Файл:PFSense OpenVPN05.png|600px|none|none]]

The certificate infrastructure needed for OpenVPN is now complete so we can move onto the next phase, creating the OpenVPN service

=== Configuring OpenVPN on PFSense ===

We will be using the OpenVPN configuration wizard for this step. To start go to VPN in the main menu and then click on OpenVPN.

[[Файл:PFSense OpenVPN06.png|200px|none|none]]

Next click on the '''Wizards''' tab to start the configuration sequence.

[[Файл:PFSense OpenVPN07.png|600px|none|none]]

We now need to select type of server. In the drop-down list provided, select '''Local User Access''' and then click '''Next'''

[[Файл:PFSense OpenVPN08.png|600px|none|none]]

Next Select the Certificate Authority and click '''Next'''. If you have not created one, follow the steps above.

[[Файл:PFSense OpenVPN9.png|600px|none|none]]

The next step is to select the VPN Server Certificate. Once completed click '''Next'''. Again, if you have not created one, follow the steps above.

[[Файл:PFSense OpenVPN10.png|600px|none|none]]

Next you will need to complete the Server Setup form which consists of four sections: General OpenVPN Server Information, Cryptographic Settings, Tunnel Settings and Client Settings. As each environment is different, you may need to adjust these to meet your specific requirements. The settings below are the default settings which ensure privacy and use PFSense as your DNS server etc.

First, let’s configure the '''General OpenVPN Server Information'''. Leave everything as default and give your VPN a description if you so choose as per the example below.

[[Файл:PFSense OpenVPN11.png|800px|none|none]]

Under '''Cryptographic Settings''', leave everything as default but change the Auth Digest Algorithm to SHA256 as per the example below since SHA1 is not that secure.

[[Файл:PFSense OpenVPN11b.png|600px|none|none]]

Under '''Tunnel Settings''', enter the IP address range in CIDR notation for the Tunnel network (this will be the IP address range OpenVPN will use to assign IP’s to VPN clients). You also need to tick the checkbox labeled Redirect Gateway to ensure all clients only use the VPN for all their traffic. Next enter the local network IP address range in CIDR notation (this is usually your LAN) and then set your maximum number of concurrent connections.

[[Файл:PFSense OpenVPN12.png|600px|none|none]]

In my configuration example I have left all '''Client Settings''' in their default state. Here you may want to specify a DNS server etc. Once completed click on '''Next'''.

[[Файл:PFSense OpenVPN12b.png|800px|none|none]]

Next the wizard will want to create the Firewall rule configuration. Select the Firewall rule and the OpenVPN rule as per the example below and click '''Next'''

[[Файл:PFSense OpenVPN13.png|800px|none|none]]

Finally, the configuration is complete. Click '''Finish'''.

[[Файл:PFSense OpenVPN14.png|800px|none|none]]

You should now have a configured OpenVPN server, a newly created WAN Firewall Rule and an OpenVPN tab under Firewall rules with the OpenVPN rule configured. Examples below.

[[Файл:PFSense OpenVPN15.png|800px|none|none]]

=== Installing the OpenVPN Client Export Package ===

== routing between IPsec and openVPN tunnels ==

PfSense

2021-01-19T09:15:35Z

Sol:

[[Категория:Cluster]][[Категория:Hardware]][[Категория:BSD]]

== IPsec duble 2 phase (split connections)==

(IKEv2 Only) When an IKEv2 tunnel has multiple Phase 2 definitions, by default the settings are collapsed in the IPsec configuration such that all P2 combinations are held in a single child SA.

'''Split Connections''' changes this behavior to be more like IKEv1 where each P2 is its configured by the daemon as own separate child SA.

Certain scenarios require this behavior, such as:
* The remote peer does not properly handle multiple addresses in single traffic selectors. This is especially common in Cisco equipment.
* Each child SA must have unique traffic selector or proposal settings. This could be due to the peer only allowing specific combinations of local/remote subnet pairs or different encryption options for each child SA.

[[Файл:Pfsense split connections.png|800px|none|none|split connections]]

== Setting Up OpenVPN on PFSense 2.4. ==
=== Creating the Certificate Infrastructure needed for PFSense and OpenVPN ===
OpenVPN uses certificates to secure the VPN service for authentication and encryption purposes. The first thing we need to do on PFSense is create a Certificate Authority. If you already have one configured you can skip this step.
==== Creating a Certificate Authority on PFSense ====
The first step in the process is to navigate to the built-in PFSense Certificate Manager

[[Файл:PFSense OpenVPN01.png|200px|none|none|Certificate Manager]]

You will then be presented with a dashboard detailing the list of CA’s installed on the server. In the example below there isn’t one so click on '''+Add''' to create a new one.

[[Файл:PFSense OpenVPN02.png|600px|none|none]]

Next we need to ''fill out the form'' which PFSense will use to create the Certificate Authority. Since we are building an Internal Certificate Authority, select this option from the drop-down list as highlighted in the image below and then fill out the necessary details about your organization in the fields provided. Remember to give you CA a useful common name which you can use to identify it. In my example I used PFSense_RootCA. Once done, click on '''Save''' and your Internal Certificate Authority will be created.

[[Файл:PFSense OpenVPN03.png|600px|none|none]]

==== Creating the OpenVPN Server Certificate on PFSense ====

The next step is to create the certificate for the OpenVPN server which clients will use to verify the identity of the server when connecting to it. Under System – Certificate Manager navigate to the Certificates tab and click on '''+ Add/Sign'''.

[[Файл:PFSense OpenVPN04.png|600px|none|none]]

Next complete the form to create the certificate. Note you need to select the '''Create an internal Certificate''' method and ensure you select '''Server Certificate''' as the certificate type. Fill in the rest of the relevant information and once complete, click on '''Save'''.

[[Файл:PFSense OpenVPN05.png|600px|none|none]]

The certificate infrastructure needed for OpenVPN is now complete so we can move onto the next phase, creating the OpenVPN service

=== Configuring OpenVPN on PFSense ===

We will be using the OpenVPN configuration wizard for this step. To start go to VPN in the main menu and then click on OpenVPN.

[[Файл:PFSense OpenVPN06.png|200px|none|none]]

Next click on the '''Wizards''' tab to start the configuration sequence.

[[Файл:PFSense OpenVPN07.png|600px|none|none]]

We now need to select type of server. In the drop-down list provided, select '''Local User Access''' and then click '''Next'''

[[Файл:PFSense OpenVPN08.png|600px|none|none]]

Next Select the Certificate Authority and click '''Next'''. If you have not created one, follow the steps above.

[[Файл:PFSense OpenVPN9.png|600px|none|none]]

The next step is to select the VPN Server Certificate. Once completed click '''Next'''. Again, if you have not created one, follow the steps above.

[[Файл:PFSense OpenVPN10.png|600px|none|none]]

Next you will need to complete the Server Setup form which consists of four sections: General OpenVPN Server Information, Cryptographic Settings, Tunnel Settings and Client Settings. As each environment is different, you may need to adjust these to meet your specific requirements. The settings below are the default settings which ensure privacy and use PFSense as your DNS server etc.

First, let’s configure the '''General OpenVPN Server Information'''. Leave everything as default and give your VPN a description if you so choose as per the example below.

[[Файл:PFSense OpenVPN11.png|800px|none|none]]

Under '''Cryptographic Settings''', leave everything as default but change the Auth Digest Algorithm to SHA256 as per the example below since SHA1 is not that secure.

[[Файл:PFSense OpenVPN11b.png|600px|none|none]]

Under '''Tunnel Settings''', enter the IP address range in CIDR notation for the Tunnel network (this will be the IP address range OpenVPN will use to assign IP’s to VPN clients). You also need to tick the checkbox labeled Redirect Gateway to ensure all clients only use the VPN for all their traffic. Next enter the local network IP address range in CIDR notation (this is usually your LAN) and then set your maximum number of concurrent connections.

[[Файл:PFSense OpenVPN12.png|600px|none|none]]

In my configuration example I have left all '''Client Settings''' in their default state. Here you may want to specify a DNS server etc. Once completed click on '''Next'''.

[[Файл:PFSense OpenVPN12b.png|800px|none|none]]

Next the wizard will want to create the Firewall rule configuration. Select the Firewall rule and the OpenVPN rule as per the example below and click '''Next'''

[[Файл:PFSense OpenVPN13.png|800px|none|none]]

Finally, the configuration is complete. Click '''Finish'''.

[[Файл:PFSense OpenVPN14.png|800px|none|none]]

You should now have a configured OpenVPN server, a newly created WAN Firewall Rule and an OpenVPN tab under Firewall rules with the OpenVPN rule configured. Examples below.

[[Файл:PFSense OpenVPN15.png|800px|none|none]]

== routing between IPsec and openVPN tunnels ==

Файл:PFSense OpenVPN15.png

2021-01-19T09:10:54Z

Sol:

Файл:PFSense OpenVPN14.png

2021-01-19T09:10:45Z

Sol:

Файл:PFSense OpenVPN13.png

2021-01-19T09:10:34Z

Sol:

Файл:PFSense OpenVPN12b.png

2021-01-19T09:05:53Z

Sol:

Файл:PFSense OpenVPN12.png

2021-01-19T09:05:41Z

Sol:

Файл:PFSense OpenVPN11b.png

2021-01-19T09:05:28Z

Sol:

Файл:PFSense OpenVPN11.png

2021-01-19T08:58:31Z

Sol:

Файл:PFSense OpenVPN10.png

2021-01-19T08:58:22Z

Sol:

Файл:PFSense OpenVPN09.png

2021-01-19T08:58:10Z

Sol:

Файл:PFSense OpenVPN08.png

2021-01-19T08:53:12Z

Sol:

Файл:PFSense OpenVPN07.png

2021-01-19T08:53:02Z

Sol:

Файл:PFSense OpenVPN06.png

2021-01-19T08:52:51Z

Sol:

Файл:PFSense OpenVPN05.png

2021-01-19T08:48:56Z

Sol:

Файл:PFSense OpenVPN04.png

2021-01-19T08:48:46Z

Sol:

Файл:PFSense OpenVPN03.png

2021-01-19T08:46:43Z

Sol:

PfSense

2021-01-19T08:20:38Z

Sol: Новая страница: «Категория:ClusterКатегория:HardwareКатегория:BSD == IPsec duble 2 phase (split connections)== (IKEv2 Only) When an IKEv2…»

Файл:PFSense OpenVPN02.png

2021-01-19T08:14:54Z

Sol:

Файл:PFSense OpenVPN01.png

2021-01-19T08:13:07Z

Sol:

Файл:Pfsense split connections.png

2021-01-19T08:05:33Z

Sol:

HP ProLiant G8

2021-01-08T14:14:32Z

Sol: /* iLO pwd reset */

[[Категория:Hardware]]
__TOC__
= Management Component Pack =
[https://downloads.linux.hpe.com/SDR/project/mcp/ HPE]

The Linux Management Component Pack provides agent software for use on community-supported distributions.

'''hp-health''' HPE System Health Application and Command line Utilities (Gen9 and earlier) 
'''hponcfg''' HPE RILOE II/iLO online configuration utility 
'''amsd''' HPE Agentless Management Service (Gen10 only) 
'''hp-ams''' HPE Agentless Management Service (Gen9 and earlier) 
'''hp-snmp-agents''' Insight Management SNMP Agents for HPE ProLiant Systems (Gen9 and earlier) 
'''hpsmh''' HPE System Management Homepage (Gen9 and earlier) 
'''hp-smh-templates''' HPE System Management Homepage Templates (Gen9 and earlier) 
'''ssacli''' HPE Command Line Smart Storage Administration Utility 
'''ssaducli''' HPE Command Line Smart Storage Administration Diagnostics 
'''ssa''' HPE Array Smart Storage Administration Service 
=== rpm install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into ''/etc/yum.repos.d/mcp.repo'' on your system:
<syntaxhighlight lang="Bash">
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/dist/dist_ver/arch/project_ver
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
Download GPG [http://downloads.linux.hpe.com/SDR/keys public]
<syntaxhighlight lang="Bash">
rpm --import http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
</syntaxhighlight>
Where: 
'''dist''': centos, fedora, opensuse, oracle, asianux 
'''dist_ver''': Browse repo to identify supported distribution versions 
'''arch''': i386, x86_64 
'''project_ver''': current, 11.30, 11.21, 11.05, 10.62, 10.50, 10.40, 10.20, 10.00, 9.30, 9.25 

List the packages in the repository
<syntaxhighlight lang="Bash">
$ yum --disablerepo="*" --enablerepo="short_repo_name" list available
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
$ yum install <packagename>
</syntaxhighlight>
==== CentOS 7 ====
<syntaxhighlight lang="Bash">
cat <<'EOF' >>/etc/yum.repos.d/mcp.repo
[HP-mcp]
name=HP Management Component Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/mcp/centos/7.3/x86_64/current/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
EOF
</syntaxhighlight>
<syntaxhighlight lang="Bash">
wget http://downloads.linux.hpe.com/SDR/repo/mcp/GPG-KEY-mcp -O /etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
=== deb install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into /etc/apt/sources.list.d/mcp.list on your system:
<syntaxhighlight lang="Bash">
# HPE Management Component Pack
deb http://downloads.linux.hpe.com/SDR/repo/mcp dist/project_ver non-free
</syntaxhighlight>

Where:
'''dist''': bionic, xenial, trusty, precise, stretch, jessie, squeeze, wheezy
'''project_ver''': current, 11.30, 11.21, 11.05, 10.80, 10.60, 10.50, 10.40, 9.50, 9.40

Install the HPE [http://downloads.linux.hpe.com/SDR/keys public] gpg key
<syntaxhighlight lang="Bash">
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

Update the local apt indexes
<syntaxhighlight lang="Bash">
# apt-get update
</syntaxhighlight>

Search for a specific package
<syntaxhighlight lang="Bash">
# apt-cache search <packagename> # browse debs
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
# apt-get install <packagename>
</syntaxhighlight>
==== Debian 9 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp jessie/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>
==== Debian 10 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp buster/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

== iLO pwd reset ==
[https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03487111 HPE]

<syntaxhighlight lang="Bash">
yum install hponcfg -y
apt-get install hponcfg -y
</syntaxhighlight>

=== reset Administrator pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="pa$$word"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>

where ?newpass? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_set_password.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

=== reset other user pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<ribcl version="2.0">
<login user_login="Administrator" password="boguspassword">
<user_info mode="write">
<mod_user user_login="root">
<password value="root123">
</password>
</mod_user>
</user_info>
</login>
</RIBCL>
</syntaxhighlight>

where ?root? - user login
where ?root123? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f passwd_reset_ilo.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

=== create admin user ===

vim ''iLO4_add_user.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="Dontcare" PASSWORD="UsingAutologin">
<USER_INFO MODE="write">
<ADD_USER
USER_NAME="daniel"
USER_LOGIN="daniel"
PASSWORD="daniel123">
<ADMIN_PRIV value ="Yes"/>
<REMOTE_CONS_PRIV value ="Yes"/>
<RESET_SERVER_PRIV value ="No"/>
<VIRTUAL_MEDIA_PRIV value ="Yes"/>
<CONFIG_ILO_PRIV value="Yes"/>
</ADD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>
<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_add_user.xml
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

== iLO set ip ==
vim ''iLO4_set_ip.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<RIB_INFO MODE="WRITE" >
<MOD_NETWORK_SETTINGS>
<IP_ADDRESS VALUE = "10.10.10.10"/>
<SUBNET_MASK VALUE = "255.255.255.0"/>
<GATEWAY_IP_ADDRESS VALUE = "10.10.10.1"/>
<PRIM_DNS_SERVER value = "0.0.0.0"/>
<DHCP_ENABLE VALUE = "N"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>
$ hponcfg -f iLO4_set_ip.xml

== ssacli ==
Raid control CLI tool

Show configuration
ssacli ctrl all show config

Controller status
ssacli ctrl all show status

Show detailed controller information for all controllers
ssacli ctrl all show detail

Show detailed controller information for controller in slot 0
ssacli ctrl slot=0 show detail

Rescan for New Devices
ssacli rescan

Physical disk status
ssacli ctrl slot=0 pd all show status

Show detailed physical disk information
ssacli ctrl slot=0 pd all show detail

Logical disk status
ssacli ctrl slot=0 ld all show status

View Detailed Logical Drive Status
ssacli ctrl slot=0 ld 2 show

Create New RAID 0 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:2 raid=0

Create New RAID 1 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2 raid=1

Create New RAID 5 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2,2I:1:6,2I:1:7,2I:1:8 raid=5

Delete Logical Drive
ssacli ctrl slot=0 ld 2 delete

Add New Physical Drive to Logical Volume
ssacli ctrl slot=0 ld 2 add drives=2I:1:6,2I:1:7

Add - All unassigned drives to logical drive 1
ssacli ctrl slot=1 ld 1 add drives=allunassigned

Add Spare Disks
ssacli ctrl slot=0 array all add spares=2I:1:6,2I:1:7

Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
ssacli ctrl slot=1 ld 2 modify size=max forced

Enable Drive Write Cache
ssacli ctrl slot=0 modify dwc=enable

Disable Drive Write Cache
ssacli ctrl slot=0 modify dwc=disable

Erase Physical Drive
ssacli ctrl slot=0 pd 2I:1:6 modify erase

Turn on Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=on

Turn off Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=off

Modify smart array cache read and write ratio (cacheratio=readratio/writeratio)
ssacli ctrl slot=0 modify cacheratio=100/0

Enable smart array write cache when no battery is present (No-Battery Write Cache option)
ssacli ctrl slot=0 modify nbwc=enable

Disable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=disable

Enable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=enable

Enable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=enable

Disable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=disable

= SNMP OID List for iLO4 =
Below is a list and description for OID coolers, processors, temperature sensors, logical drives (RAID), hard disks, network controller iLO, RAM.

'''Fans:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.7.1.2.0 (Fan Index)
.1.3.6.1.4.1.232.6.2.6.7.1.3.0 (Fan Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card, 14=management board, 15=backplane, 16=network slot, 17=blade slot, 18=virtual)
.1.3.6.1.4.1.232.6.2.6.7.1.4.0 (Fan Present (1=other, 2=absent, 3=present)
.1.3.6.1.4.1.232.6.2.6.7.1.5.0 (Fan Present (1=other, 2=tachOutput, 3=spinDetect)
.1.3.6.1.4.1.232.6.2.6.7.1.6.0 (Fan Speed (1=other, 2=normal, 3=high)
.1.3.6.1.4.1.232.6.2.6.7.1.9.0 (Fan Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Temperature:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.8.1.2.0 (Temperature Sensor Index)
.1.3.6.1.4.1.232.6.2.6.8.1.3.0 (Temperature Sensor Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card)
.1.3.6.1.4.1.232.6.2.6.8.1.7.0 (Threshold Type (1=other, 5=blowout, 9=caution, 15=critical, 16=noreaction)
.1.3.6.1.4.1.232.6.2.6.8.1.4.0 (Temperature Celsius)
.1.3.6.1.4.1.232.6.2.6.8.1.5.0 (TemperatureThreshold)
.1.3.6.1.4.1.232.6.2.6.8.1.6.0 (TemperatureCondition)
</syntaxhighlight>
'''CPU:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.1.2.2.1.1.1 (CPU Index)
.1.3.6.1.4.1.232.1.2.2.1.1.3 (CPU Name)
.1.3.6.1.4.1.232.1.2.2.1.1.4 (CPU Speed in MHz)
.1.3.6.1.4.1.232.1.2.2.1.1.5 (CPU Step)
.1.3.6.1.4.1.232.1.2.2.1.1.6 (CPU status (1=unknown, 2=ok, 3=degraded, 4=failed, 5=disabled)
.1.3.6.1.4.1.232.1.2.2.1.1.15 (Number of enabled CPU cores)
.1.3.6.1.4.1.232.1.2.2.1.1.25 (Number of available CPU threads)
.1.3.6.1.4.1.232.1.2.2.1.1.26 (CPU power status (1=unknown, 2=Low Powered, 3=Normal Powered, 4=High Powered)
</syntaxhighlight>
'''Logical Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.3.1.1.2.0 (Logical Drive Index)
.1.3.6.1.4.1.232.3.2.3.1.1.1.0 (Logical Drive Controller)
.1.3.6.1.4.1.232.3.2.3.1.1.3.0 (Logical Drive Fault Tolerance (1=other, 2=none, 3=RAID 1/RAID 1+0 (Mirroring), 4=RAID 4 (Data Guard), 5=RAID 5 (Distributed Data Guard), 7=RAID 6 (Advanced Data Guarding), 8=RAID 50, 9=RAID 60, 10=RAID 1 ADM (Advanced Data Mirroring), 11=RAID 10 ADM (Advanced Data Mirroring with Striping))
.1.3.6.1.4.1.232.3.2.3.1.1.9.0 (Logical Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.3.1.1.4.0 (Logical Drive Status (1=other, 2=ok, 3=Failed, 4=Unconfigured, 5=Recovering, 6=Ready Rebuild, 7=Rebuilding, 8=Wrong Drive, 9=Bad Connect, 10=Overheating, 11=Shutdown, 12=Expanding, 13=Not Available, 14=Queued For Expansion, 15=Multi-path Access Degraded, 16=Erasing, 17=Predictive Spare Rebuild Ready, 18=Rapid Parity Initialization In Progress, 19=Rapid Parity Initialization Pending, 20=No Access – Encrypted with No Controller Key, 21=Unencrypted to Encrypted Transformation in Progress, 22=New Logical Drive Key Rekey in Progress, 23=No Access – Encrypted with Controller Encryption Not Enabled, 24=Unencrypted To Encrypted Transformation Not Started, 25=New Logical Drive Key Rekey Request Received)
.1.3.6.1.4.1.232.3.2.3.1.1.11.0 (Logical Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.5.1.1.2.0 (Drive Index)
.1.3.6.1.4.1.232.3.2.5.1.1.5.0 (Drive Bay)
.1.3.6.1.4.1.232.3.2.5.1.1.64.0 (Drive Location)
.1.3.6.1.4.1.232.3.2.5.1.1.3.0 (Drive Vendor)
.1.3.6.1.4.1.232.3.2.5.1.1.51.0 (Drive Serial Number)
.1.3.6.1.4.1.232.3.2.5.1.1.45.0 (Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.5.1.1.65.0 (Drive Link Rate (1=other, 2=1.5Gbps, 3=3.0Gbps, 4=6.0Gbps, 5=12.0Gbps))
.1.3.6.1.4.1.232.3.2.5.1.1.70.0 (Drive Current Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.71.0 (Drive Temperature Threshold)
.1.3.6.1.4.1.232.3.2.5.1.1.72.0 (Drive Maximum Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.6.0 (Drive Status (1=Other, 2=Ok, 3=Failed, 4=Predictive Failure, 5=Erasing, 6=Erase Done, 7=Erase Queued, 8=SSD Wear Out, 9=Not Authenticated)
.1.3.6.1.4.1.232.3.2.5.1.1.37.0 (Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
.1.3.6.1.4.1.232.3.2.5.1.1.9.0 (Drive Reference Time in hours)
</syntaxhighlight>
'''iLO NIC:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.9.2.5.2.1.1 (iLO location)
.1.3.6.1.4.1.232.9.2.5.1.1.2 (iLO NIC model)
.1.3.6.1.4.1.232.9.2.5.1.1.4 (iLO NIC MAC)
.1.3.6.1.4.1.232.9.2.5.1.1.5 (iLO NIC IPv4)
.1.3.6.1.4.1.232.9.2.5.1.1.9 (iLO NIC speed)
.1.3.6.1.4.1.232.9.2.5.1.1.14 (iLO NIC FQDN)
.1.3.6.1.4.1.232.9.2.5.2.1.2 (Tx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.3 (Tx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.6 (Tx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.7 (Tx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.9 (Rx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.10 (Rx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.13 (Rx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.14 (Rx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.15 (Rx unknown packets)
</syntaxhighlight>
'''Memory:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.14.13.1.1 (Memory Index)
.1.3.6.1.4.1.232.6.2.14.13.1.13 (Location)
.1.3.6.1.4.1.232.6.2.14.13.1.9 (Manufacturer)
.1.3.6.1.4.1.232.6.2.14.13.1.10 (Part Number)
.1.3.6.1.4.1.232.6.2.14.13.1.6 (Size in Kbytes)
.1.3.6.1.4.1.232.6.2.14.13.1.8 (Memory Technology)
.1.3.6.1.4.1.232.6.2.14.13.1.7 (Memory Type)
.1.3.6.1.4.1.232.6.2.14.13.1.19 (Memory status (1=other, 2=notPresent, 3=present, 4=good, 5=add, 6=upgrade, 7=missing, 8=doesNotMatch, 9=notSupported, 10=badConfig, 11=degraded, 12=spare, 13=partial)
.1.3.6.1.4.1.232.6.2.14.13.1.20 (Memory condition (1=other, 2=ok, 3=degraded, 4=degradedModuleIndexUnknown)
</syntaxhighlight>

HP ProLiant G8

2020-12-24T13:00:53Z

Sol: /* iLO set ip */

[[Категория:Hardware]]
__TOC__
= Management Component Pack =
[https://downloads.linux.hpe.com/SDR/project/mcp/ HPE]

The Linux Management Component Pack provides agent software for use on community-supported distributions.

'''hp-health''' HPE System Health Application and Command line Utilities (Gen9 and earlier) 
'''hponcfg''' HPE RILOE II/iLO online configuration utility 
'''amsd''' HPE Agentless Management Service (Gen10 only) 
'''hp-ams''' HPE Agentless Management Service (Gen9 and earlier) 
'''hp-snmp-agents''' Insight Management SNMP Agents for HPE ProLiant Systems (Gen9 and earlier) 
'''hpsmh''' HPE System Management Homepage (Gen9 and earlier) 
'''hp-smh-templates''' HPE System Management Homepage Templates (Gen9 and earlier) 
'''ssacli''' HPE Command Line Smart Storage Administration Utility 
'''ssaducli''' HPE Command Line Smart Storage Administration Diagnostics 
'''ssa''' HPE Array Smart Storage Administration Service 
=== rpm install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into ''/etc/yum.repos.d/mcp.repo'' on your system:
<syntaxhighlight lang="Bash">
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/dist/dist_ver/arch/project_ver
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
Download GPG [http://downloads.linux.hpe.com/SDR/keys public]
<syntaxhighlight lang="Bash">
rpm --import http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
</syntaxhighlight>
Where: 
'''dist''': centos, fedora, opensuse, oracle, asianux 
'''dist_ver''': Browse repo to identify supported distribution versions 
'''arch''': i386, x86_64 
'''project_ver''': current, 11.30, 11.21, 11.05, 10.62, 10.50, 10.40, 10.20, 10.00, 9.30, 9.25 

List the packages in the repository
<syntaxhighlight lang="Bash">
$ yum --disablerepo="*" --enablerepo="short_repo_name" list available
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
$ yum install <packagename>
</syntaxhighlight>
==== CentOS 7 ====
<syntaxhighlight lang="Bash">
cat <<'EOF' >>/etc/yum.repos.d/mcp.repo
[HP-mcp]
name=HP Management Component Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/mcp/centos/7.3/x86_64/current/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
EOF
</syntaxhighlight>
<syntaxhighlight lang="Bash">
wget http://downloads.linux.hpe.com/SDR/repo/mcp/GPG-KEY-mcp -O /etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
=== deb install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into /etc/apt/sources.list.d/mcp.list on your system:
<syntaxhighlight lang="Bash">
# HPE Management Component Pack
deb http://downloads.linux.hpe.com/SDR/repo/mcp dist/project_ver non-free
</syntaxhighlight>

Where:
'''dist''': bionic, xenial, trusty, precise, stretch, jessie, squeeze, wheezy
'''project_ver''': current, 11.30, 11.21, 11.05, 10.80, 10.60, 10.50, 10.40, 9.50, 9.40

Install the HPE [http://downloads.linux.hpe.com/SDR/keys public] gpg key
<syntaxhighlight lang="Bash">
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

Update the local apt indexes
<syntaxhighlight lang="Bash">
# apt-get update
</syntaxhighlight>

Search for a specific package
<syntaxhighlight lang="Bash">
# apt-cache search <packagename> # browse debs
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
# apt-get install <packagename>
</syntaxhighlight>
==== Debian 9 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp jessie/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>
==== Debian 10 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp buster/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

== iLO pwd reset ==
[https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03487111 HPE]

<syntaxhighlight lang="Bash">
yum install hponcfg -y
apt-get install hponcfg -y
</syntaxhighlight>

=== reset Administrator pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="pa$$word"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>

where ?newpass? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_set_password.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

=== reset other user pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<ribcl version="2.0">
<login user_login="Administrator" password="boguspassword">
<user_info mode="write">
<mod_user user_login="root">
<password value="root123">
</password>
</mod_user>
</user_info>
</login>

</RIBCL>
</syntaxhighlight>

where ?root? - user login
where ?root123? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f passwd_reset_ilo.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

== iLO set ip ==
vim ''iLO4_set_ip.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<RIB_INFO MODE="WRITE" >
<MOD_NETWORK_SETTINGS>
<IP_ADDRESS VALUE = "10.10.10.10"/>
<SUBNET_MASK VALUE = "255.255.255.0"/>
<GATEWAY_IP_ADDRESS VALUE = "10.10.10.1"/>
<PRIM_DNS_SERVER value = "0.0.0.0"/>
<DHCP_ENABLE VALUE = "N"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>
$ hponcfg -f iLO4_set_ip.xml

== ssacli ==
Raid control CLI tool

Show configuration
ssacli ctrl all show config

Controller status
ssacli ctrl all show status

Show detailed controller information for all controllers
ssacli ctrl all show detail

Show detailed controller information for controller in slot 0
ssacli ctrl slot=0 show detail

Rescan for New Devices
ssacli rescan

Physical disk status
ssacli ctrl slot=0 pd all show status

Show detailed physical disk information
ssacli ctrl slot=0 pd all show detail

Logical disk status
ssacli ctrl slot=0 ld all show status

View Detailed Logical Drive Status
ssacli ctrl slot=0 ld 2 show

Create New RAID 0 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:2 raid=0

Create New RAID 1 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2 raid=1

Create New RAID 5 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2,2I:1:6,2I:1:7,2I:1:8 raid=5

Delete Logical Drive
ssacli ctrl slot=0 ld 2 delete

Add New Physical Drive to Logical Volume
ssacli ctrl slot=0 ld 2 add drives=2I:1:6,2I:1:7

Add - All unassigned drives to logical drive 1
ssacli ctrl slot=1 ld 1 add drives=allunassigned

Add Spare Disks
ssacli ctrl slot=0 array all add spares=2I:1:6,2I:1:7

Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
ssacli ctrl slot=1 ld 2 modify size=max forced

Enable Drive Write Cache
ssacli ctrl slot=0 modify dwc=enable

Disable Drive Write Cache
ssacli ctrl slot=0 modify dwc=disable

Erase Physical Drive
ssacli ctrl slot=0 pd 2I:1:6 modify erase

Turn on Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=on

Turn off Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=off

Modify smart array cache read and write ratio (cacheratio=readratio/writeratio)
ssacli ctrl slot=0 modify cacheratio=100/0

Enable smart array write cache when no battery is present (No-Battery Write Cache option)
ssacli ctrl slot=0 modify nbwc=enable

Disable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=disable

Enable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=enable

Enable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=enable

Disable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=disable

= SNMP OID List for iLO4 =
Below is a list and description for OID coolers, processors, temperature sensors, logical drives (RAID), hard disks, network controller iLO, RAM.

'''Fans:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.7.1.2.0 (Fan Index)
.1.3.6.1.4.1.232.6.2.6.7.1.3.0 (Fan Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card, 14=management board, 15=backplane, 16=network slot, 17=blade slot, 18=virtual)
.1.3.6.1.4.1.232.6.2.6.7.1.4.0 (Fan Present (1=other, 2=absent, 3=present)
.1.3.6.1.4.1.232.6.2.6.7.1.5.0 (Fan Present (1=other, 2=tachOutput, 3=spinDetect)
.1.3.6.1.4.1.232.6.2.6.7.1.6.0 (Fan Speed (1=other, 2=normal, 3=high)
.1.3.6.1.4.1.232.6.2.6.7.1.9.0 (Fan Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Temperature:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.8.1.2.0 (Temperature Sensor Index)
.1.3.6.1.4.1.232.6.2.6.8.1.3.0 (Temperature Sensor Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card)
.1.3.6.1.4.1.232.6.2.6.8.1.7.0 (Threshold Type (1=other, 5=blowout, 9=caution, 15=critical, 16=noreaction)
.1.3.6.1.4.1.232.6.2.6.8.1.4.0 (Temperature Celsius)
.1.3.6.1.4.1.232.6.2.6.8.1.5.0 (TemperatureThreshold)
.1.3.6.1.4.1.232.6.2.6.8.1.6.0 (TemperatureCondition)
</syntaxhighlight>
'''CPU:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.1.2.2.1.1.1 (CPU Index)
.1.3.6.1.4.1.232.1.2.2.1.1.3 (CPU Name)
.1.3.6.1.4.1.232.1.2.2.1.1.4 (CPU Speed in MHz)
.1.3.6.1.4.1.232.1.2.2.1.1.5 (CPU Step)
.1.3.6.1.4.1.232.1.2.2.1.1.6 (CPU status (1=unknown, 2=ok, 3=degraded, 4=failed, 5=disabled)
.1.3.6.1.4.1.232.1.2.2.1.1.15 (Number of enabled CPU cores)
.1.3.6.1.4.1.232.1.2.2.1.1.25 (Number of available CPU threads)
.1.3.6.1.4.1.232.1.2.2.1.1.26 (CPU power status (1=unknown, 2=Low Powered, 3=Normal Powered, 4=High Powered)
</syntaxhighlight>
'''Logical Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.3.1.1.2.0 (Logical Drive Index)
.1.3.6.1.4.1.232.3.2.3.1.1.1.0 (Logical Drive Controller)
.1.3.6.1.4.1.232.3.2.3.1.1.3.0 (Logical Drive Fault Tolerance (1=other, 2=none, 3=RAID 1/RAID 1+0 (Mirroring), 4=RAID 4 (Data Guard), 5=RAID 5 (Distributed Data Guard), 7=RAID 6 (Advanced Data Guarding), 8=RAID 50, 9=RAID 60, 10=RAID 1 ADM (Advanced Data Mirroring), 11=RAID 10 ADM (Advanced Data Mirroring with Striping))
.1.3.6.1.4.1.232.3.2.3.1.1.9.0 (Logical Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.3.1.1.4.0 (Logical Drive Status (1=other, 2=ok, 3=Failed, 4=Unconfigured, 5=Recovering, 6=Ready Rebuild, 7=Rebuilding, 8=Wrong Drive, 9=Bad Connect, 10=Overheating, 11=Shutdown, 12=Expanding, 13=Not Available, 14=Queued For Expansion, 15=Multi-path Access Degraded, 16=Erasing, 17=Predictive Spare Rebuild Ready, 18=Rapid Parity Initialization In Progress, 19=Rapid Parity Initialization Pending, 20=No Access – Encrypted with No Controller Key, 21=Unencrypted to Encrypted Transformation in Progress, 22=New Logical Drive Key Rekey in Progress, 23=No Access – Encrypted with Controller Encryption Not Enabled, 24=Unencrypted To Encrypted Transformation Not Started, 25=New Logical Drive Key Rekey Request Received)
.1.3.6.1.4.1.232.3.2.3.1.1.11.0 (Logical Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.5.1.1.2.0 (Drive Index)
.1.3.6.1.4.1.232.3.2.5.1.1.5.0 (Drive Bay)
.1.3.6.1.4.1.232.3.2.5.1.1.64.0 (Drive Location)
.1.3.6.1.4.1.232.3.2.5.1.1.3.0 (Drive Vendor)
.1.3.6.1.4.1.232.3.2.5.1.1.51.0 (Drive Serial Number)
.1.3.6.1.4.1.232.3.2.5.1.1.45.0 (Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.5.1.1.65.0 (Drive Link Rate (1=other, 2=1.5Gbps, 3=3.0Gbps, 4=6.0Gbps, 5=12.0Gbps))
.1.3.6.1.4.1.232.3.2.5.1.1.70.0 (Drive Current Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.71.0 (Drive Temperature Threshold)
.1.3.6.1.4.1.232.3.2.5.1.1.72.0 (Drive Maximum Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.6.0 (Drive Status (1=Other, 2=Ok, 3=Failed, 4=Predictive Failure, 5=Erasing, 6=Erase Done, 7=Erase Queued, 8=SSD Wear Out, 9=Not Authenticated)
.1.3.6.1.4.1.232.3.2.5.1.1.37.0 (Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
.1.3.6.1.4.1.232.3.2.5.1.1.9.0 (Drive Reference Time in hours)
</syntaxhighlight>
'''iLO NIC:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.9.2.5.2.1.1 (iLO location)
.1.3.6.1.4.1.232.9.2.5.1.1.2 (iLO NIC model)
.1.3.6.1.4.1.232.9.2.5.1.1.4 (iLO NIC MAC)
.1.3.6.1.4.1.232.9.2.5.1.1.5 (iLO NIC IPv4)
.1.3.6.1.4.1.232.9.2.5.1.1.9 (iLO NIC speed)
.1.3.6.1.4.1.232.9.2.5.1.1.14 (iLO NIC FQDN)
.1.3.6.1.4.1.232.9.2.5.2.1.2 (Tx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.3 (Tx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.6 (Tx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.7 (Tx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.9 (Rx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.10 (Rx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.13 (Rx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.14 (Rx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.15 (Rx unknown packets)
</syntaxhighlight>
'''Memory:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.14.13.1.1 (Memory Index)
.1.3.6.1.4.1.232.6.2.14.13.1.13 (Location)
.1.3.6.1.4.1.232.6.2.14.13.1.9 (Manufacturer)
.1.3.6.1.4.1.232.6.2.14.13.1.10 (Part Number)
.1.3.6.1.4.1.232.6.2.14.13.1.6 (Size in Kbytes)
.1.3.6.1.4.1.232.6.2.14.13.1.8 (Memory Technology)
.1.3.6.1.4.1.232.6.2.14.13.1.7 (Memory Type)
.1.3.6.1.4.1.232.6.2.14.13.1.19 (Memory status (1=other, 2=notPresent, 3=present, 4=good, 5=add, 6=upgrade, 7=missing, 8=doesNotMatch, 9=notSupported, 10=badConfig, 11=degraded, 12=spare, 13=partial)
.1.3.6.1.4.1.232.6.2.14.13.1.20 (Memory condition (1=other, 2=ok, 3=degraded, 4=degradedModuleIndexUnknown)
</syntaxhighlight>

HP ProLiant G8

2020-12-24T12:57:55Z

Sol: /* Debian 9 */

[[Категория:Hardware]]
__TOC__
= Management Component Pack =
[https://downloads.linux.hpe.com/SDR/project/mcp/ HPE]

The Linux Management Component Pack provides agent software for use on community-supported distributions.

'''hp-health''' HPE System Health Application and Command line Utilities (Gen9 and earlier) 
'''hponcfg''' HPE RILOE II/iLO online configuration utility 
'''amsd''' HPE Agentless Management Service (Gen10 only) 
'''hp-ams''' HPE Agentless Management Service (Gen9 and earlier) 
'''hp-snmp-agents''' Insight Management SNMP Agents for HPE ProLiant Systems (Gen9 and earlier) 
'''hpsmh''' HPE System Management Homepage (Gen9 and earlier) 
'''hp-smh-templates''' HPE System Management Homepage Templates (Gen9 and earlier) 
'''ssacli''' HPE Command Line Smart Storage Administration Utility 
'''ssaducli''' HPE Command Line Smart Storage Administration Diagnostics 
'''ssa''' HPE Array Smart Storage Administration Service 
=== rpm install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into ''/etc/yum.repos.d/mcp.repo'' on your system:
<syntaxhighlight lang="Bash">
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/dist/dist_ver/arch/project_ver
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
Download GPG [http://downloads.linux.hpe.com/SDR/keys public]
<syntaxhighlight lang="Bash">
rpm --import http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
</syntaxhighlight>
Where: 
'''dist''': centos, fedora, opensuse, oracle, asianux 
'''dist_ver''': Browse repo to identify supported distribution versions 
'''arch''': i386, x86_64 
'''project_ver''': current, 11.30, 11.21, 11.05, 10.62, 10.50, 10.40, 10.20, 10.00, 9.30, 9.25 

List the packages in the repository
<syntaxhighlight lang="Bash">
$ yum --disablerepo="*" --enablerepo="short_repo_name" list available
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
$ yum install <packagename>
</syntaxhighlight>
==== CentOS 7 ====
<syntaxhighlight lang="Bash">
cat <<'EOF' >>/etc/yum.repos.d/mcp.repo
[HP-mcp]
name=HP Management Component Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/mcp/centos/7.3/x86_64/current/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
EOF
</syntaxhighlight>
<syntaxhighlight lang="Bash">
wget http://downloads.linux.hpe.com/SDR/repo/mcp/GPG-KEY-mcp -O /etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
=== deb install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into /etc/apt/sources.list.d/mcp.list on your system:
<syntaxhighlight lang="Bash">
# HPE Management Component Pack
deb http://downloads.linux.hpe.com/SDR/repo/mcp dist/project_ver non-free
</syntaxhighlight>

Where:
'''dist''': bionic, xenial, trusty, precise, stretch, jessie, squeeze, wheezy
'''project_ver''': current, 11.30, 11.21, 11.05, 10.80, 10.60, 10.50, 10.40, 9.50, 9.40

Install the HPE [http://downloads.linux.hpe.com/SDR/keys public] gpg key
<syntaxhighlight lang="Bash">
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

Update the local apt indexes
<syntaxhighlight lang="Bash">
# apt-get update
</syntaxhighlight>

Search for a specific package
<syntaxhighlight lang="Bash">
# apt-cache search <packagename> # browse debs
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
# apt-get install <packagename>
</syntaxhighlight>
==== Debian 9 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp jessie/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>
==== Debian 10 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp buster/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

== iLO pwd reset ==
[https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03487111 HPE]

<syntaxhighlight lang="Bash">
yum install hponcfg -y
apt-get install hponcfg -y
</syntaxhighlight>

=== reset Administrator pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="pa$$word"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>

where ?newpass? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_set_password.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

=== reset other user pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<ribcl version="2.0">
<login user_login="Administrator" password="boguspassword">
<user_info mode="write">
<mod_user user_login="root">
<password value="root123">
</password>
</mod_user>
</user_info>
</login>

</RIBCL>
</syntaxhighlight>

where ?root? - user login
where ?root123? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f passwd_reset_ilo.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

== iLO set ip ==
vim ''iLO4_set_ip.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<RIB_INFO MODE="WRITE" >
<MOD_NETWORK_SETTINGS>
<IP_ADDRESS VALUE = "10.10.10.10"/>
<SUBNET_MASK VALUE = "255.255.255.0"/>
<GATEWAY_IP_ADDRESS VALUE = "10.10.10.1"/>
<PRIM_DNS_SERVER value = "0.0.0.0"/>
<DHCP_ENABLE VALUE = "N"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>
<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_set_ip.xml

== ssacli ==
Raid control CLI tool

Show configuration
ssacli ctrl all show config

Controller status
ssacli ctrl all show status

Show detailed controller information for all controllers
ssacli ctrl all show detail

Show detailed controller information for controller in slot 0
ssacli ctrl slot=0 show detail

Rescan for New Devices
ssacli rescan

Physical disk status
ssacli ctrl slot=0 pd all show status

Show detailed physical disk information
ssacli ctrl slot=0 pd all show detail

Logical disk status
ssacli ctrl slot=0 ld all show status

View Detailed Logical Drive Status
ssacli ctrl slot=0 ld 2 show

Create New RAID 0 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:2 raid=0

Create New RAID 1 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2 raid=1

Create New RAID 5 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2,2I:1:6,2I:1:7,2I:1:8 raid=5

Delete Logical Drive
ssacli ctrl slot=0 ld 2 delete

Add New Physical Drive to Logical Volume
ssacli ctrl slot=0 ld 2 add drives=2I:1:6,2I:1:7

Add - All unassigned drives to logical drive 1
ssacli ctrl slot=1 ld 1 add drives=allunassigned

Add Spare Disks
ssacli ctrl slot=0 array all add spares=2I:1:6,2I:1:7

Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
ssacli ctrl slot=1 ld 2 modify size=max forced

Enable Drive Write Cache
ssacli ctrl slot=0 modify dwc=enable

Disable Drive Write Cache
ssacli ctrl slot=0 modify dwc=disable

Erase Physical Drive
ssacli ctrl slot=0 pd 2I:1:6 modify erase

Turn on Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=on

Turn off Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=off

Modify smart array cache read and write ratio (cacheratio=readratio/writeratio)
ssacli ctrl slot=0 modify cacheratio=100/0

Enable smart array write cache when no battery is present (No-Battery Write Cache option)
ssacli ctrl slot=0 modify nbwc=enable

Disable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=disable

Enable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=enable

Enable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=enable

Disable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=disable

= SNMP OID List for iLO4 =
Below is a list and description for OID coolers, processors, temperature sensors, logical drives (RAID), hard disks, network controller iLO, RAM.

'''Fans:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.7.1.2.0 (Fan Index)
.1.3.6.1.4.1.232.6.2.6.7.1.3.0 (Fan Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card, 14=management board, 15=backplane, 16=network slot, 17=blade slot, 18=virtual)
.1.3.6.1.4.1.232.6.2.6.7.1.4.0 (Fan Present (1=other, 2=absent, 3=present)
.1.3.6.1.4.1.232.6.2.6.7.1.5.0 (Fan Present (1=other, 2=tachOutput, 3=spinDetect)
.1.3.6.1.4.1.232.6.2.6.7.1.6.0 (Fan Speed (1=other, 2=normal, 3=high)
.1.3.6.1.4.1.232.6.2.6.7.1.9.0 (Fan Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Temperature:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.8.1.2.0 (Temperature Sensor Index)
.1.3.6.1.4.1.232.6.2.6.8.1.3.0 (Temperature Sensor Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card)
.1.3.6.1.4.1.232.6.2.6.8.1.7.0 (Threshold Type (1=other, 5=blowout, 9=caution, 15=critical, 16=noreaction)
.1.3.6.1.4.1.232.6.2.6.8.1.4.0 (Temperature Celsius)
.1.3.6.1.4.1.232.6.2.6.8.1.5.0 (TemperatureThreshold)
.1.3.6.1.4.1.232.6.2.6.8.1.6.0 (TemperatureCondition)
</syntaxhighlight>
'''CPU:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.1.2.2.1.1.1 (CPU Index)
.1.3.6.1.4.1.232.1.2.2.1.1.3 (CPU Name)
.1.3.6.1.4.1.232.1.2.2.1.1.4 (CPU Speed in MHz)
.1.3.6.1.4.1.232.1.2.2.1.1.5 (CPU Step)
.1.3.6.1.4.1.232.1.2.2.1.1.6 (CPU status (1=unknown, 2=ok, 3=degraded, 4=failed, 5=disabled)
.1.3.6.1.4.1.232.1.2.2.1.1.15 (Number of enabled CPU cores)
.1.3.6.1.4.1.232.1.2.2.1.1.25 (Number of available CPU threads)
.1.3.6.1.4.1.232.1.2.2.1.1.26 (CPU power status (1=unknown, 2=Low Powered, 3=Normal Powered, 4=High Powered)
</syntaxhighlight>
'''Logical Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.3.1.1.2.0 (Logical Drive Index)
.1.3.6.1.4.1.232.3.2.3.1.1.1.0 (Logical Drive Controller)
.1.3.6.1.4.1.232.3.2.3.1.1.3.0 (Logical Drive Fault Tolerance (1=other, 2=none, 3=RAID 1/RAID 1+0 (Mirroring), 4=RAID 4 (Data Guard), 5=RAID 5 (Distributed Data Guard), 7=RAID 6 (Advanced Data Guarding), 8=RAID 50, 9=RAID 60, 10=RAID 1 ADM (Advanced Data Mirroring), 11=RAID 10 ADM (Advanced Data Mirroring with Striping))
.1.3.6.1.4.1.232.3.2.3.1.1.9.0 (Logical Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.3.1.1.4.0 (Logical Drive Status (1=other, 2=ok, 3=Failed, 4=Unconfigured, 5=Recovering, 6=Ready Rebuild, 7=Rebuilding, 8=Wrong Drive, 9=Bad Connect, 10=Overheating, 11=Shutdown, 12=Expanding, 13=Not Available, 14=Queued For Expansion, 15=Multi-path Access Degraded, 16=Erasing, 17=Predictive Spare Rebuild Ready, 18=Rapid Parity Initialization In Progress, 19=Rapid Parity Initialization Pending, 20=No Access – Encrypted with No Controller Key, 21=Unencrypted to Encrypted Transformation in Progress, 22=New Logical Drive Key Rekey in Progress, 23=No Access – Encrypted with Controller Encryption Not Enabled, 24=Unencrypted To Encrypted Transformation Not Started, 25=New Logical Drive Key Rekey Request Received)
.1.3.6.1.4.1.232.3.2.3.1.1.11.0 (Logical Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.5.1.1.2.0 (Drive Index)
.1.3.6.1.4.1.232.3.2.5.1.1.5.0 (Drive Bay)
.1.3.6.1.4.1.232.3.2.5.1.1.64.0 (Drive Location)
.1.3.6.1.4.1.232.3.2.5.1.1.3.0 (Drive Vendor)
.1.3.6.1.4.1.232.3.2.5.1.1.51.0 (Drive Serial Number)
.1.3.6.1.4.1.232.3.2.5.1.1.45.0 (Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.5.1.1.65.0 (Drive Link Rate (1=other, 2=1.5Gbps, 3=3.0Gbps, 4=6.0Gbps, 5=12.0Gbps))
.1.3.6.1.4.1.232.3.2.5.1.1.70.0 (Drive Current Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.71.0 (Drive Temperature Threshold)
.1.3.6.1.4.1.232.3.2.5.1.1.72.0 (Drive Maximum Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.6.0 (Drive Status (1=Other, 2=Ok, 3=Failed, 4=Predictive Failure, 5=Erasing, 6=Erase Done, 7=Erase Queued, 8=SSD Wear Out, 9=Not Authenticated)
.1.3.6.1.4.1.232.3.2.5.1.1.37.0 (Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
.1.3.6.1.4.1.232.3.2.5.1.1.9.0 (Drive Reference Time in hours)
</syntaxhighlight>
'''iLO NIC:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.9.2.5.2.1.1 (iLO location)
.1.3.6.1.4.1.232.9.2.5.1.1.2 (iLO NIC model)
.1.3.6.1.4.1.232.9.2.5.1.1.4 (iLO NIC MAC)
.1.3.6.1.4.1.232.9.2.5.1.1.5 (iLO NIC IPv4)
.1.3.6.1.4.1.232.9.2.5.1.1.9 (iLO NIC speed)
.1.3.6.1.4.1.232.9.2.5.1.1.14 (iLO NIC FQDN)
.1.3.6.1.4.1.232.9.2.5.2.1.2 (Tx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.3 (Tx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.6 (Tx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.7 (Tx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.9 (Rx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.10 (Rx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.13 (Rx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.14 (Rx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.15 (Rx unknown packets)
</syntaxhighlight>
'''Memory:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.14.13.1.1 (Memory Index)
.1.3.6.1.4.1.232.6.2.14.13.1.13 (Location)
.1.3.6.1.4.1.232.6.2.14.13.1.9 (Manufacturer)
.1.3.6.1.4.1.232.6.2.14.13.1.10 (Part Number)
.1.3.6.1.4.1.232.6.2.14.13.1.6 (Size in Kbytes)
.1.3.6.1.4.1.232.6.2.14.13.1.8 (Memory Technology)
.1.3.6.1.4.1.232.6.2.14.13.1.7 (Memory Type)
.1.3.6.1.4.1.232.6.2.14.13.1.19 (Memory status (1=other, 2=notPresent, 3=present, 4=good, 5=add, 6=upgrade, 7=missing, 8=doesNotMatch, 9=notSupported, 10=badConfig, 11=degraded, 12=spare, 13=partial)
.1.3.6.1.4.1.232.6.2.14.13.1.20 (Memory condition (1=other, 2=ok, 3=degraded, 4=degradedModuleIndexUnknown)
</syntaxhighlight>

ExtremeXOS

2020-12-23T09:53:17Z

Sol:

[[Категория:Hardware]]

= Решение различных задач на коммутаторах Summit-X480 от Extreme Networks =

== Управление конфигурациями ==
show configuration {<module-name>} [detail] - показывает весь активный конфиг, или только конфиг модуля. detail - не только изменённые значения.
save configuration [primary | secondary] - сохранить runing-config в primary.cfg
use configuration [pri | sec | <filename>] - выбрать активный файл конфигурации, который будет использован после ребута.
tftp put <ip> -vr <name> <src-file> [<dst-file>]- загрузка файла конфигурации со свича на tftp-сервер (xml).
tftp get <ip> {-vr <name>} <src-file> <dst-file>- загрузка файла конфигурации с tftp-сервера на свич (xml).
upload configuration <ip> <file.xsf> vr <name> - загрузка текущей конфигурации со свича на tftp-сервер (asci).
tftp get <ip> <remote-file> - загрузка изменённого командного скрипта с tftp на свич (asci).
load script newscript.xsf - загрузка командного скрипта в текущую конфигурацию (после этого надо сохранить текущий конф в pri или sec.
edit script newscript.xsf - редактирование командного скрипта прямо на свиче.
unconfigure switch [all] - вернуть конфиг к заводским настройкам кроме аккаунтов, паролей, даты и времени all - кроме даты и времени.
reboot - перезагрузка свича.
show switch - сводная информация по свичу.

== Файловая система ==
ls,cp,mv,rm - список файлов, копирование, переименовывание, удаление.
edit policy <filename> - редактирование файлов политик.
edit <file-type> <file-name> - внутренний редактор свича. По командам очень похож на vi.

== BootStrap ==
Для входа надо подключиться с консоли, перезагрузить свич и во время загрузки держать нажатым space пока не появится приглашение «BootStrap>».
h — для отображения помощи по командам.
download bootrom <tftp-ip> summitX450-<version>.xbr - обновление BootROMa. Требуется осторожность, прерывание может повредить BootROM и тогда хана.

== Управление Image-файлами ==
show version - посмотреть текущую версию имиджа.
download image <ip> <file> vr <name> {pri|sec} - загрузить файл имиджа на свич в позицию pri или sec.
use image <primary | secondary> - установка активного имиджа, который будет загружен после перезагрузки.

== Настройка управления свичём ==
show management - сводная информация по настройке функций управления.
show account - показать существующие учётные записи.
create account [admin | user] <name> <pass> - создать аккаунт.
delete account test - удалить аккаунт.
configure account test - задать пароль для пользователя test. (обязательно установить пароль для admin)
configure failsafe-account - для доступа к свичу, если пароль админа утерян. Никогда не отображается, всегда присутствует.
пароль невозможно восстановить. Сразу же сохраняется в NVRAM (не в конфиг).
configure cli max-sessons <n> - макс. число одновременных пользовательских сессий.
configure cli max-failed-logins <n> - макс. число неудачных попыток ввода пароля.
configure account [all|<name>] password-policy lockout-in-ligin-failures on - блокировать аккаунт после достижения предела неудачных попыток входа.
clear account [all|<name>] lockout - снять блокировку аккаунта (из-под другого админского акка).
configure telnet vr admin_vrouter - определяет виртуальные интерфейсы, по которым можно доступиться через telnet.
enable ssh2 - включить возможность доступа по ssh (установка модуля ssh так же добавляет функциональность https).
scp2 {cipher [3des|blowfish]} {port <n>} {debug <level>} <user>@<host>:<remote_file> <local_file> {vr <name>} - копирование файла по scp.
disable clipaging - отключить постраничный вывод.
[no-refresh] - опция обеспечивает вывод инфы без циклического обновления.
show session {{detail} {<sessID>}} {history}
clear session [<sessID> | all]

== SNMP ==
enable snmp access - включает snmp
configure snmp sysname <str> - задаёт имя узла
configure snmp syslocation <str> - задаёт расположение узла
configure snmp syscontact <str> - контактная информация.
configure snmp add community [readonly|readwrite] <str> - добавляет комьюнити.
configure snmp traps - включает рассылку трапов.
configure snmp add trapreceiver <ip> community <str> - определяет получателя трапов.

== Логгирование ==
configure syslog {add} [ip] {vr <name>} [local0 .. local7] {<severity>}
enable syslog
show log {<severity>} - посмотреть локальный лог. Локальное логгирование: до 20000 сообщений (по по умолчанию 1000).

== SNTP (периодический опрос серверов NTP) ==
configure sntp-client [pri|sec] server <host> {vr <name>}
enable sntp-client

== Настройка слотов расширений ==
configure slot <num> module [ G48T | G48P | G24X | 10G4X ] - настройка типа модуля, установленного в данном слоте расширения.
unconfiugre slot - сброс конфигурации указанного модуля.
clear slot <num> - удалить всю конфигурацию слота.

== SVI (L3-интерфейсы во вланах) ==
configure vlan mgmt ipaddress 10.0.0.1 255.255.255.0 - повесить ip-адрес на SVI влана
configure vlan default ipaddress 10.0.0.1/24 - повесить ip-адрес на SVI влана
unconfigure vlan mgmt ipaddress - убрать ip-адрес с SVI влана

== Настройка портов ==
Обозначения для модульных свичей:
2:4 — второй слот, четвёртый порт;
3:6-8,11 — с группа с 6 по 8 порты и 11 порт в модуле 3.
* Диагностика
show ports <port-list> configuration - отображение конфигурации порта.
show ports <port-list> information - отображение информации о работе порта.
* Настройка:
enable ports <port-list> - включить группу портов.
disable ports <port-list> - отключить группу портов.
configure ports 1 auto off speed 100 duplex full - настройка неготиации, скорости и дуплекса.
configure ports 1 auto-polariry - настройка автоопределения типа кабеля.
enable jumbo-frame ports [all | <port-list>] - разрешение jubmo-фреймов.
configure jumbo-frame size <jumbo_frame_mtu> - установка размера (1523-9216).

== Функции таблицы коммутации ==
show fdb - посмотреть всю таблицу коммутации.
create fdbentry <dst-mac> vlan <name> [ports <port_list>|blackhole] - создание статической fdb-записи.
delete fdbentry {all | <mac> [vlan <name>] } - удаление статической fdb-записи.
clear fdb { <mac> | blackhole | ports <port-list> | vlan <name>} - удаление динамической(их) fdb-записи(ей).
disable learning drop-packets port 5 - на порту 5(in) форвардить пакеты только по статической fdb. Остальные отбрасывать.
disable learning forward-packets port 5 - не запоминать маки на 5 порту, но форвардить входящий трафик.
show ports 5 information - проверить настроенный режим обучения (флаг m говорит, что функция запоминания активна).
configure fdb agingtime <15-1000000> - время жизни записи в таблице коммутации. 0 - бесконечно.

==== Функции безопасности уровня коммутации ====
1. Egress Flood Control — ограничивает исходящий флуд разного типа трафика (unknown-unicast, broadcast, multicast).
disable flooding unicast port 1 - запретить флуд юникаст пакетов с неизвестным dst-mac в порт 1.
enable flooding broadcast port all - разрешить флудить бродкастом на всех портах.
show port 1 info detail - проверить настроенные режимы функции на порту 1.
2. Limit-Learning — ограничивает число маков, которые могут быть запомнены на порту в определённом влане. Трафик незапомненных маков блокируется (в обоих направлениях).
configure ports <port> vlan <name> learning-limit 3 - во влане <name> на порту <port> может быть запомнено не более 3 маков.
configure ports <port> vlan <name> unlimited-learnings - снять ограничение для связки порт/влан.
3. Lock-Learning — запоминает текущие маки на порту во влане и блокирует трафик всех остальных маков.
configure ports <port> vlan <name> lock-learning - запомнить текущие маки на порту <port> во влане <name>
configure ports <port> vlan <name> unlock-learning - снять блокировку.
для диагностики работы функций:
show fdb
show vlan <name> security
4. Extreme Link Status Monitoring (ELSM)
Проприетарный протокол, который следит за сбоями CPU и удалённых линков, предотвращая возможное образование колец.
Работает по принципу point-to-point, настраивается на обоих конечных точках (свичах), соединённых через L2-облако.
Если ELSM ложится, пакеты данных не принемаются и не передаются через этот порт.
show elsm port 3 - проверка работы функции на порту 3.
configure ports <port_list> rate-limit flood [broadcast | multicast | unknown-destmac] [no-limit | <pps>]

== VLAN ==
show vlan [detail] [<name>] - посмотреть список существующих вланов, либо инфу по конкретному влану.
* Port-Based VLAN
create vlan <name> - создание port-based влана <name>
delete vlan <name> - удаление port-based влана <name>
enable vlan <name> - активизация работы port-based влана на свиче.
disable vlan <name> - отключение работы port-based влана.
configure vlan <old_name> name <new_name> - переименовывание влана.
configure vlan <name> add port <port-list> - добавление портов в port-based влан.
configure vlan <name> delete port <port-list> - удаление портов из port-based влана.
* Tagged VLAN
create vlan <name> - создание влана
configure vlan <name> tag <number> - назначение влану тэга
configure vlan <name> delete port <port-list> - удаление влана из указанных портов.
configure vlan <name> add port <port-list> ['''tagged'''|untagged] - добавление влана в указанные порты. По-умолчанию нетегировано, поэтому помним про tagged.

== STP ==

=== Настройка в режиме 802.1w ===
create stpd <name> [description <stpd-description>] - создаём домен STP c именем <name>. По-умолчанию присутствует домен s0.
configure stpd <stpd_name> mode dot1w - задание режима работы STP домену.
configure stpd <stpd_name> add vlan <name> port <port-list> - добавляет вланы в домен STP на портах (перед этим вланы должны быть выброшены в эти
порты). Порты, на которых обеспечивать работу STP задаются в ручную. ИЛИ...
configure stpd <name> auto-bind vlan <name> - или можно автоматически включать в домен stp все порты, куда выбрасываются вланы.
configure stpd <stpd_name> priority <pri> - Для RSTP и MSTP должны быть кратными 4096.
configure stpd <stpd_name> ports cost <auto|cost> <port-list> - Задание специфичной стоимости линков на портах.
configure stpd <stpd_name> ports priority <pri> <port-list> - задание значения приоритета порта (для определения назначенного).
confugure stpd <stpd_name> hellotime <sec>
configure stpd <stpd_name> forwarddelay <sec>
configure stpd <stpd_name> maxage <sec>
enable stpd <stpd_name> - включает использование протокола STP. Домен по-умолчанию s0.
disable stpd {<stpd_name>} - отключить STP
unconfig stpd {<stpd_name>} - восстановить умолчательные настройки работы STP.

=== Настройка в режиме 802.1s (MSTP) ===

==== I) Настройка домена MSTP CIST ====
create stpd <name> [description <stpd-description>] - создаём домен
configure stpd <name> mode mstp cist - говорим, что этот домен будет MSTP CIST
enable stpd <name> - включаем stp домен cist
HINT: Чтобы расконфигурить домен из CIST надо поставить ему режим dot1d.

==== II) Настройка MSTI (инстансов) в регионе ====
create stpd <iname> - создаём домен инстанса
configure stpd <iname> mode mstp msti <inst_num> - назначаем домену ID инстанса <1-4096>. max(MSTIs) для региона = 64.
ID должны быть уникальны только в пределах региона.
configure stpd <iname> add vlan <name> ports <port-list> - привязка вланов к MSTI на указанных портах (влан на портах должен уже присутствовать).
или с помощью auto-bind:
enable stpd <iname> auto-bind vlan <name>
enable stpd <iname> - включаем msti домен.

==== III) Настройка MSTP аттрибутов (идентификаторы региона) ====
Следующие параметры должны быть идентичны на всех свичах в регионе.
* имя региона;
* номер ревизии конфигурации;
* таблица соответствия привязки номеров вланов к MSTI-инстансам;
configure mstp region <RegionName> - обозначение принадлежности свича к региону
configure mstp revision <rev_num> - номер ревизии конфигурации.
configure mstp format <format_id> - <0-255> - номер, определяющий формат MSTP BPDUs. по-умолчанию 0.

=== Диагностика ===
show configurateion stp - отобразить секцию конфига, посвященного stp
show stpd - общая инфа о настройке STP + список и основные параметры доменов.
show stpd <domain-name> - общая инфа о работе конкретного домена STP.
show stpd <domain-name> ports [detail] - информация о настройках, ролях и статусах портов в указанном домене STP.
show stpd <domain-name> {[detail | <port_list> {detail}]} - подробная информация о домене или статусах портов.
show vlan <vlan_name> stpd - информация, к какому инстансу относится влан.

== Link-Aggregation ==
configure sharing address-based custom ipv4 source-and-destination - выбор алгоритма распределения нагрузки по портам.
enable sharing <port> grouping <port-list> {algorithm address-based {L2|L3|L3_L4}} {lacp}
Сформировать канальную группу. Первый порт в группе настраивается как логический порт
группы и представляет собой группу с т.з. конфигурации.
disable sharing <logic-port> - расформировать канальную группу.
configure sharing lacp system-priority 3 - установить приоритет lacp у свича. 0 - удаляет на стройку. По-умолчанию приоритет = MAC.
configure sharing <logic-port> add ports <port-list> - динамически добавить порт к группе (должен быть предварительно enabled).
configure sharing <logic-port> delete ports <port-list> - динамически удалить порты из канальной группы.
configure sharing <logic-port> lacp activity-mode <{active|passive}> - установка режима работы LACP в канальной группе.
configure sharing <logic-port> lacp system-priority <1..65535> - установить приоритет lacp свича в конкретной канальной группе.
clear lacp counters - сбросить счётчики.

==== Диагностика ====
show lacp - список групп и их статус.
show lacp lag <masterport> [detail] - подробный статус lacp конкретной группы (представляемой мастер-портом).
show ports sharing - информация по группе агрегации (не обязательно с lacp).
show lacp member-port <port-list> - информация о статусе lacp на конкретных портах из группы.
show lacp counters - счётчики PDU.

== LLDP ==
enable lldp ports [all|<port-list>] {receive-only|transmit-only} - включает LLDP TLVs на портах.
configure lldp transmit-interval <seconds>
configure lldp transmit-hold <hold>
configure lldp transmit-delay [auto|<seconds>]
configure lldp ports [all|<port-list>] [advertise|no-advertise] system-name

==== Диагностика ====
show lldp {port [all|<port-list>]} {neighbors} {detailed}

==== Extreme Discovery Protocol (EDP) ====
enable edp ports all
show edp ...

== ACL ==
edit policy <PNAME> - редактировать политику (ACL).
configure access-list <PNAME> ports 1 ingress - навесить лист на порт
unconfigure access-list ports <port-list> - снять лист с порта

==== Пример: аналог BPDU-filter на портах ====
<code>
entry BPDUfilter1 {
if {
ethernet-destination-address 01:00:0c:cc:cc:cd;
} then {
deny;
}
}
entry BPDUfilter2 {
if {
ethernet-destination-address 01:80:C2:00:00:00;
} then {
deny;
}
}
</code>

== Сервисные фичи ==

==== Время ====
configure timezone 420 noautodst
configure sntp-client primary 195.49.169.1 vr "VR-Default"
enable sntp-client

==== Баннеры ====
configure banner { after-login | { before-login } { acknowledge } }

==== Таймаут простоя консоли ====
conf idletimeout <min>

== Настройка Egress Port Rate Limits ==
configure ports <port_list> rate-limit egress [no-limit | <cir-rate> [Kbps | Mbps | Gbps] {max-burst-size <burst-size> [Kb | Mb]}]

== Мирроринг ==

==== Настройка зеркалирование трафика в один мониторинговый порт ====
<code>
enable mirroring to port 4 - включает мирроринг в 4 порт.
configure mirroring add port 8 [ingress] - мирорит весь [входящий] трафик порта 8 на порт 4
configure mirroring add vlan red - мирорить трафик влана red на порт 4
configure mirroring add vlan red port 5 - мирорить трафик влана red на порту 5 в порт 4
</code>

==== Настройка зеркалирование трафика в несколько мониторинговых портов ====
Следующий пример демонстрирует как зеркалировать трафик в более чем один мониторинговый порт (порты 5, 6, 7).
Для этого необходимо назначить какой-нибудь свободный порт (в примере 1) как loopback-port. После настройки этот loopback порт не может быть использован для передачи трафика, но так как его ресурсы используются для зеркалирования, на нём горит линк независимо от присутствия провода.
<code>
enable mirroring to port-list 5-7 loopback-port 1
configure mirroring add port 10 ingress
</code>

== QoS ==
show ports 24 qosmonitor - статистика по сброшенным из-за QoSa пакетам
show ports 24 information
configure port <list> shared-packet-buffer <1-100> - задать % буфера, который может использовать порт для буферизации пакетов в очереди.

configure dot1p replacement {qosprofile} <qosprofile> priority <vpri> {ports <port_list>}
enable dot1p replacement ports [<port_list> | all] - To enable 802.1p priority replacement on egress.
disable dot1p replacement ports [<port_list> | all]

enable diffserv replacement ports [<port_list> | all] - To enable replace DSCPs
disable diffserv replacement ports [<port_list> | all]
show diffserv replacement
configure diffserv replacement [{qosprofile} <qosprofile> | priority <priority>] code-point <code_point>
unconfigure diffserv replacement

==== Пример установки DSCP ====
configure access-list qp3sub any

entry QP3-subnet {
if {
source-address 10.1.2.0/24
} then {
Qosprofile qp3;
replace-dscp;
}
}

enable diffserv examination ports all

==== Настройка исходящего QoS Profile Rate Shaping ====
create qosprofile [QP2| QP3 | QP4 | QP5 | QP6 | QP7] - создавать/удалять дополнительные очереди.
delete qosprofile [QP2| QP3 | QP4 | QP5 | QP6 | QP7]

configure qosprofile egress <qosprofile> [{minbw <minbw_number>} {maxbw <maxbw_number>} | {peak_rate <peak_bps> [K|M]}] [ports [<port_list>|all]]
configure qosprofile <qosprofile> [{minbw <minbw_number>} {maxbw <maxbw_number>} | {{committed_rate <committed_bps> [K|M]} {peak_rate <peak_bps> [K|M]} | [ports [<port_list>|all]]
configure {qosprofile} <qosprofile> [[{maxbuffer <buffer_percentage>} {weight <weight_value> | use-strict-priority}] | [maxbuffer <buffer_percentage> ports [<port-list> | all]]]
configure qosprofile {egress} <qosprofile> [{minbw <minbw_number>} {qos-weight <weight>} {maxbw <maxbw_number>} | {{committed_rate <committed_bps> [K | M]} {qos-weight <weight>} {peak_rate <peak_bps> [K | M]}] {priority [<priority> | <priority_number>]} [ports [<port_list> | all]]
show qosprofile {ingress | egress} ports [ all | <port_list>] - посмотреть, как настроено.

ExtremeXOS

2020-12-23T09:48:57Z

Sol: Новая страница: «Категория:Hardware»

[[Категория:Hardware]]

HP ProLiant G8

2020-11-24T08:03:56Z

Sol: /* iLO pwd reset */

[[Категория:Hardware]]
__TOC__
= Management Component Pack =
[https://downloads.linux.hpe.com/SDR/project/mcp/ HPE]

The Linux Management Component Pack provides agent software for use on community-supported distributions.

'''hp-health''' HPE System Health Application and Command line Utilities (Gen9 and earlier) 
'''hponcfg''' HPE RILOE II/iLO online configuration utility 
'''amsd''' HPE Agentless Management Service (Gen10 only) 
'''hp-ams''' HPE Agentless Management Service (Gen9 and earlier) 
'''hp-snmp-agents''' Insight Management SNMP Agents for HPE ProLiant Systems (Gen9 and earlier) 
'''hpsmh''' HPE System Management Homepage (Gen9 and earlier) 
'''hp-smh-templates''' HPE System Management Homepage Templates (Gen9 and earlier) 
'''ssacli''' HPE Command Line Smart Storage Administration Utility 
'''ssaducli''' HPE Command Line Smart Storage Administration Diagnostics 
'''ssa''' HPE Array Smart Storage Administration Service 
=== rpm install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into ''/etc/yum.repos.d/mcp.repo'' on your system:
<syntaxhighlight lang="Bash">
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/dist/dist_ver/arch/project_ver
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
Download GPG [http://downloads.linux.hpe.com/SDR/keys public]
<syntaxhighlight lang="Bash">
rpm --import http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
</syntaxhighlight>
Where: 
'''dist''': centos, fedora, opensuse, oracle, asianux 
'''dist_ver''': Browse repo to identify supported distribution versions 
'''arch''': i386, x86_64 
'''project_ver''': current, 11.30, 11.21, 11.05, 10.62, 10.50, 10.40, 10.20, 10.00, 9.30, 9.25 

List the packages in the repository
<syntaxhighlight lang="Bash">
$ yum --disablerepo="*" --enablerepo="short_repo_name" list available
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
$ yum install <packagename>
</syntaxhighlight>
==== CentOS 7 ====
<syntaxhighlight lang="Bash">
cat <<'EOF' >>/etc/yum.repos.d/mcp.repo
[HP-mcp]
name=HP Management Component Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/mcp/centos/7.3/x86_64/current/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
EOF
</syntaxhighlight>
<syntaxhighlight lang="Bash">
wget http://downloads.linux.hpe.com/SDR/repo/mcp/GPG-KEY-mcp -O /etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
=== deb install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into /etc/apt/sources.list.d/mcp.list on your system:
<syntaxhighlight lang="Bash">
# HPE Management Component Pack
deb http://downloads.linux.hpe.com/SDR/repo/mcp dist/project_ver non-free
</syntaxhighlight>

Where:
'''dist''': bionic, xenial, trusty, precise, stretch, jessie, squeeze, wheezy
'''project_ver''': current, 11.30, 11.21, 11.05, 10.80, 10.60, 10.50, 10.40, 9.50, 9.40

Install the HPE [http://downloads.linux.hpe.com/SDR/keys public] gpg key
<syntaxhighlight lang="Bash">
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

Update the local apt indexes
<syntaxhighlight lang="Bash">
# apt-get update
</syntaxhighlight>

Search for a specific package
<syntaxhighlight lang="Bash">
# apt-cache search <packagename> # browse debs
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
# apt-get install <packagename>
</syntaxhighlight>
==== Debian 9 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp jessie/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

== iLO pwd reset ==
[https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03487111 HPE]

<syntaxhighlight lang="Bash">
yum install hponcfg -y
apt-get install hponcfg -y
</syntaxhighlight>

=== reset Administrator pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="pa$$word"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>

where ?newpass? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_set_password.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

=== reset other user pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<ribcl version="2.0">
<login user_login="Administrator" password="boguspassword">
<user_info mode="write">
<mod_user user_login="root">
<password value="root123">
</password>
</mod_user>
</user_info>
</login>

</RIBCL>
</syntaxhighlight>

where ?root? - user login
where ?root123? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f passwd_reset_ilo.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

== iLO set ip ==
vim ''iLO4_set_ip.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<RIB_INFO MODE="WRITE" >
<MOD_NETWORK_SETTINGS>
<IP_ADDRESS VALUE = "10.10.10.10"/>
<SUBNET_MASK VALUE = "255.255.255.0"/>
<GATEWAY_IP_ADDRESS VALUE = "10.10.10.1"/>
<PRIM_DNS_SERVER value = "0.0.0.0"/>
<DHCP_ENABLE VALUE = "N"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>
<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_set_ip.xml

== ssacli ==
Raid control CLI tool

Show configuration
ssacli ctrl all show config

Controller status
ssacli ctrl all show status

Show detailed controller information for all controllers
ssacli ctrl all show detail

Show detailed controller information for controller in slot 0
ssacli ctrl slot=0 show detail

Rescan for New Devices
ssacli rescan

Physical disk status
ssacli ctrl slot=0 pd all show status

Show detailed physical disk information
ssacli ctrl slot=0 pd all show detail

Logical disk status
ssacli ctrl slot=0 ld all show status

View Detailed Logical Drive Status
ssacli ctrl slot=0 ld 2 show

Create New RAID 0 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:2 raid=0

Create New RAID 1 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2 raid=1

Create New RAID 5 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2,2I:1:6,2I:1:7,2I:1:8 raid=5

Delete Logical Drive
ssacli ctrl slot=0 ld 2 delete

Add New Physical Drive to Logical Volume
ssacli ctrl slot=0 ld 2 add drives=2I:1:6,2I:1:7

Add - All unassigned drives to logical drive 1
ssacli ctrl slot=1 ld 1 add drives=allunassigned

Add Spare Disks
ssacli ctrl slot=0 array all add spares=2I:1:6,2I:1:7

Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
ssacli ctrl slot=1 ld 2 modify size=max forced

Enable Drive Write Cache
ssacli ctrl slot=0 modify dwc=enable

Disable Drive Write Cache
ssacli ctrl slot=0 modify dwc=disable

Erase Physical Drive
ssacli ctrl slot=0 pd 2I:1:6 modify erase

Turn on Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=on

Turn off Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=off

Modify smart array cache read and write ratio (cacheratio=readratio/writeratio)
ssacli ctrl slot=0 modify cacheratio=100/0

Enable smart array write cache when no battery is present (No-Battery Write Cache option)
ssacli ctrl slot=0 modify nbwc=enable

Disable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=disable

Enable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=enable

Enable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=enable

Disable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=disable

= SNMP OID List for iLO4 =
Below is a list and description for OID coolers, processors, temperature sensors, logical drives (RAID), hard disks, network controller iLO, RAM.

'''Fans:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.7.1.2.0 (Fan Index)
.1.3.6.1.4.1.232.6.2.6.7.1.3.0 (Fan Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card, 14=management board, 15=backplane, 16=network slot, 17=blade slot, 18=virtual)
.1.3.6.1.4.1.232.6.2.6.7.1.4.0 (Fan Present (1=other, 2=absent, 3=present)
.1.3.6.1.4.1.232.6.2.6.7.1.5.0 (Fan Present (1=other, 2=tachOutput, 3=spinDetect)
.1.3.6.1.4.1.232.6.2.6.7.1.6.0 (Fan Speed (1=other, 2=normal, 3=high)
.1.3.6.1.4.1.232.6.2.6.7.1.9.0 (Fan Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Temperature:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.8.1.2.0 (Temperature Sensor Index)
.1.3.6.1.4.1.232.6.2.6.8.1.3.0 (Temperature Sensor Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card)
.1.3.6.1.4.1.232.6.2.6.8.1.7.0 (Threshold Type (1=other, 5=blowout, 9=caution, 15=critical, 16=noreaction)
.1.3.6.1.4.1.232.6.2.6.8.1.4.0 (Temperature Celsius)
.1.3.6.1.4.1.232.6.2.6.8.1.5.0 (TemperatureThreshold)
.1.3.6.1.4.1.232.6.2.6.8.1.6.0 (TemperatureCondition)
</syntaxhighlight>
'''CPU:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.1.2.2.1.1.1 (CPU Index)
.1.3.6.1.4.1.232.1.2.2.1.1.3 (CPU Name)
.1.3.6.1.4.1.232.1.2.2.1.1.4 (CPU Speed in MHz)
.1.3.6.1.4.1.232.1.2.2.1.1.5 (CPU Step)
.1.3.6.1.4.1.232.1.2.2.1.1.6 (CPU status (1=unknown, 2=ok, 3=degraded, 4=failed, 5=disabled)
.1.3.6.1.4.1.232.1.2.2.1.1.15 (Number of enabled CPU cores)
.1.3.6.1.4.1.232.1.2.2.1.1.25 (Number of available CPU threads)
.1.3.6.1.4.1.232.1.2.2.1.1.26 (CPU power status (1=unknown, 2=Low Powered, 3=Normal Powered, 4=High Powered)
</syntaxhighlight>
'''Logical Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.3.1.1.2.0 (Logical Drive Index)
.1.3.6.1.4.1.232.3.2.3.1.1.1.0 (Logical Drive Controller)
.1.3.6.1.4.1.232.3.2.3.1.1.3.0 (Logical Drive Fault Tolerance (1=other, 2=none, 3=RAID 1/RAID 1+0 (Mirroring), 4=RAID 4 (Data Guard), 5=RAID 5 (Distributed Data Guard), 7=RAID 6 (Advanced Data Guarding), 8=RAID 50, 9=RAID 60, 10=RAID 1 ADM (Advanced Data Mirroring), 11=RAID 10 ADM (Advanced Data Mirroring with Striping))
.1.3.6.1.4.1.232.3.2.3.1.1.9.0 (Logical Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.3.1.1.4.0 (Logical Drive Status (1=other, 2=ok, 3=Failed, 4=Unconfigured, 5=Recovering, 6=Ready Rebuild, 7=Rebuilding, 8=Wrong Drive, 9=Bad Connect, 10=Overheating, 11=Shutdown, 12=Expanding, 13=Not Available, 14=Queued For Expansion, 15=Multi-path Access Degraded, 16=Erasing, 17=Predictive Spare Rebuild Ready, 18=Rapid Parity Initialization In Progress, 19=Rapid Parity Initialization Pending, 20=No Access – Encrypted with No Controller Key, 21=Unencrypted to Encrypted Transformation in Progress, 22=New Logical Drive Key Rekey in Progress, 23=No Access – Encrypted with Controller Encryption Not Enabled, 24=Unencrypted To Encrypted Transformation Not Started, 25=New Logical Drive Key Rekey Request Received)
.1.3.6.1.4.1.232.3.2.3.1.1.11.0 (Logical Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.5.1.1.2.0 (Drive Index)
.1.3.6.1.4.1.232.3.2.5.1.1.5.0 (Drive Bay)
.1.3.6.1.4.1.232.3.2.5.1.1.64.0 (Drive Location)
.1.3.6.1.4.1.232.3.2.5.1.1.3.0 (Drive Vendor)
.1.3.6.1.4.1.232.3.2.5.1.1.51.0 (Drive Serial Number)
.1.3.6.1.4.1.232.3.2.5.1.1.45.0 (Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.5.1.1.65.0 (Drive Link Rate (1=other, 2=1.5Gbps, 3=3.0Gbps, 4=6.0Gbps, 5=12.0Gbps))
.1.3.6.1.4.1.232.3.2.5.1.1.70.0 (Drive Current Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.71.0 (Drive Temperature Threshold)
.1.3.6.1.4.1.232.3.2.5.1.1.72.0 (Drive Maximum Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.6.0 (Drive Status (1=Other, 2=Ok, 3=Failed, 4=Predictive Failure, 5=Erasing, 6=Erase Done, 7=Erase Queued, 8=SSD Wear Out, 9=Not Authenticated)
.1.3.6.1.4.1.232.3.2.5.1.1.37.0 (Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
.1.3.6.1.4.1.232.3.2.5.1.1.9.0 (Drive Reference Time in hours)
</syntaxhighlight>
'''iLO NIC:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.9.2.5.2.1.1 (iLO location)
.1.3.6.1.4.1.232.9.2.5.1.1.2 (iLO NIC model)
.1.3.6.1.4.1.232.9.2.5.1.1.4 (iLO NIC MAC)
.1.3.6.1.4.1.232.9.2.5.1.1.5 (iLO NIC IPv4)
.1.3.6.1.4.1.232.9.2.5.1.1.9 (iLO NIC speed)
.1.3.6.1.4.1.232.9.2.5.1.1.14 (iLO NIC FQDN)
.1.3.6.1.4.1.232.9.2.5.2.1.2 (Tx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.3 (Tx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.6 (Tx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.7 (Tx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.9 (Rx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.10 (Rx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.13 (Rx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.14 (Rx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.15 (Rx unknown packets)
</syntaxhighlight>
'''Memory:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.14.13.1.1 (Memory Index)
.1.3.6.1.4.1.232.6.2.14.13.1.13 (Location)
.1.3.6.1.4.1.232.6.2.14.13.1.9 (Manufacturer)
.1.3.6.1.4.1.232.6.2.14.13.1.10 (Part Number)
.1.3.6.1.4.1.232.6.2.14.13.1.6 (Size in Kbytes)
.1.3.6.1.4.1.232.6.2.14.13.1.8 (Memory Technology)
.1.3.6.1.4.1.232.6.2.14.13.1.7 (Memory Type)
.1.3.6.1.4.1.232.6.2.14.13.1.19 (Memory status (1=other, 2=notPresent, 3=present, 4=good, 5=add, 6=upgrade, 7=missing, 8=doesNotMatch, 9=notSupported, 10=badConfig, 11=degraded, 12=spare, 13=partial)
.1.3.6.1.4.1.232.6.2.14.13.1.20 (Memory condition (1=other, 2=ok, 3=degraded, 4=degradedModuleIndexUnknown)
</syntaxhighlight>

HP ProLiant G8

2020-11-24T08:01:12Z

Sol: /* reset Administrator pwd */

[[Категория:Hardware]]
__TOC__
= Management Component Pack =
[https://downloads.linux.hpe.com/SDR/project/mcp/ HPE]

The Linux Management Component Pack provides agent software for use on community-supported distributions.

'''hp-health''' HPE System Health Application and Command line Utilities (Gen9 and earlier) 
'''hponcfg''' HPE RILOE II/iLO online configuration utility 
'''amsd''' HPE Agentless Management Service (Gen10 only) 
'''hp-ams''' HPE Agentless Management Service (Gen9 and earlier) 
'''hp-snmp-agents''' Insight Management SNMP Agents for HPE ProLiant Systems (Gen9 and earlier) 
'''hpsmh''' HPE System Management Homepage (Gen9 and earlier) 
'''hp-smh-templates''' HPE System Management Homepage Templates (Gen9 and earlier) 
'''ssacli''' HPE Command Line Smart Storage Administration Utility 
'''ssaducli''' HPE Command Line Smart Storage Administration Diagnostics 
'''ssa''' HPE Array Smart Storage Administration Service 
=== rpm install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into ''/etc/yum.repos.d/mcp.repo'' on your system:
<syntaxhighlight lang="Bash">
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/dist/dist_ver/arch/project_ver
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
Download GPG [http://downloads.linux.hpe.com/SDR/keys public]
<syntaxhighlight lang="Bash">
rpm --import http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
</syntaxhighlight>
Where: 
'''dist''': centos, fedora, opensuse, oracle, asianux 
'''dist_ver''': Browse repo to identify supported distribution versions 
'''arch''': i386, x86_64 
'''project_ver''': current, 11.30, 11.21, 11.05, 10.62, 10.50, 10.40, 10.20, 10.00, 9.30, 9.25 

List the packages in the repository
<syntaxhighlight lang="Bash">
$ yum --disablerepo="*" --enablerepo="short_repo_name" list available
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
$ yum install <packagename>
</syntaxhighlight>
==== CentOS 7 ====
<syntaxhighlight lang="Bash">
cat <<'EOF' >>/etc/yum.repos.d/mcp.repo
[HP-mcp]
name=HP Management Component Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/mcp/centos/7.3/x86_64/current/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
EOF
</syntaxhighlight>
<syntaxhighlight lang="Bash">
wget http://downloads.linux.hpe.com/SDR/repo/mcp/GPG-KEY-mcp -O /etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
=== deb install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into /etc/apt/sources.list.d/mcp.list on your system:
<syntaxhighlight lang="Bash">
# HPE Management Component Pack
deb http://downloads.linux.hpe.com/SDR/repo/mcp dist/project_ver non-free
</syntaxhighlight>

Where:
'''dist''': bionic, xenial, trusty, precise, stretch, jessie, squeeze, wheezy
'''project_ver''': current, 11.30, 11.21, 11.05, 10.80, 10.60, 10.50, 10.40, 9.50, 9.40

Install the HPE [http://downloads.linux.hpe.com/SDR/keys public] gpg key
<syntaxhighlight lang="Bash">
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

Update the local apt indexes
<syntaxhighlight lang="Bash">
# apt-get update
</syntaxhighlight>

Search for a specific package
<syntaxhighlight lang="Bash">
# apt-cache search <packagename> # browse debs
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
# apt-get install <packagename>
</syntaxhighlight>
==== Debian 9 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp jessie/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

== iLO pwd reset ==
[https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03487111 HPE]

<syntaxhighlight lang="Bash">
yum install hponcfg -y
apt-get install hponcfg -y
</syntaxhighlight>

=== reset Administrator pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="pa$$word"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>

where ?newpass? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f iLO4_set_password.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

=== reset other user pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<ribcl version="2.0">
<login user_login="Administrator" password="boguspassword">
<user_info mode="write">
<mod_user user_login="root">
<password value="root123">
</password>
</mod_user>
</user_info>
</login>

</RIBCL>
</syntaxhighlight>

where ?root? - user login
where ?root123? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f passwd_reset_ilo.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

== ssacli ==
Raid control CLI tool

Show configuration
ssacli ctrl all show config

Controller status
ssacli ctrl all show status

Show detailed controller information for all controllers
ssacli ctrl all show detail

Show detailed controller information for controller in slot 0
ssacli ctrl slot=0 show detail

Rescan for New Devices
ssacli rescan

Physical disk status
ssacli ctrl slot=0 pd all show status

Show detailed physical disk information
ssacli ctrl slot=0 pd all show detail

Logical disk status
ssacli ctrl slot=0 ld all show status

View Detailed Logical Drive Status
ssacli ctrl slot=0 ld 2 show

Create New RAID 0 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:2 raid=0

Create New RAID 1 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2 raid=1

Create New RAID 5 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2,2I:1:6,2I:1:7,2I:1:8 raid=5

Delete Logical Drive
ssacli ctrl slot=0 ld 2 delete

Add New Physical Drive to Logical Volume
ssacli ctrl slot=0 ld 2 add drives=2I:1:6,2I:1:7

Add - All unassigned drives to logical drive 1
ssacli ctrl slot=1 ld 1 add drives=allunassigned

Add Spare Disks
ssacli ctrl slot=0 array all add spares=2I:1:6,2I:1:7

Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
ssacli ctrl slot=1 ld 2 modify size=max forced

Enable Drive Write Cache
ssacli ctrl slot=0 modify dwc=enable

Disable Drive Write Cache
ssacli ctrl slot=0 modify dwc=disable

Erase Physical Drive
ssacli ctrl slot=0 pd 2I:1:6 modify erase

Turn on Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=on

Turn off Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=off

Modify smart array cache read and write ratio (cacheratio=readratio/writeratio)
ssacli ctrl slot=0 modify cacheratio=100/0

Enable smart array write cache when no battery is present (No-Battery Write Cache option)
ssacli ctrl slot=0 modify nbwc=enable

Disable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=disable

Enable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=enable

Enable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=enable

Disable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=disable

= SNMP OID List for iLO4 =
Below is a list and description for OID coolers, processors, temperature sensors, logical drives (RAID), hard disks, network controller iLO, RAM.

'''Fans:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.7.1.2.0 (Fan Index)
.1.3.6.1.4.1.232.6.2.6.7.1.3.0 (Fan Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card, 14=management board, 15=backplane, 16=network slot, 17=blade slot, 18=virtual)
.1.3.6.1.4.1.232.6.2.6.7.1.4.0 (Fan Present (1=other, 2=absent, 3=present)
.1.3.6.1.4.1.232.6.2.6.7.1.5.0 (Fan Present (1=other, 2=tachOutput, 3=spinDetect)
.1.3.6.1.4.1.232.6.2.6.7.1.6.0 (Fan Speed (1=other, 2=normal, 3=high)
.1.3.6.1.4.1.232.6.2.6.7.1.9.0 (Fan Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Temperature:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.8.1.2.0 (Temperature Sensor Index)
.1.3.6.1.4.1.232.6.2.6.8.1.3.0 (Temperature Sensor Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card)
.1.3.6.1.4.1.232.6.2.6.8.1.7.0 (Threshold Type (1=other, 5=blowout, 9=caution, 15=critical, 16=noreaction)
.1.3.6.1.4.1.232.6.2.6.8.1.4.0 (Temperature Celsius)
.1.3.6.1.4.1.232.6.2.6.8.1.5.0 (TemperatureThreshold)
.1.3.6.1.4.1.232.6.2.6.8.1.6.0 (TemperatureCondition)
</syntaxhighlight>
'''CPU:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.1.2.2.1.1.1 (CPU Index)
.1.3.6.1.4.1.232.1.2.2.1.1.3 (CPU Name)
.1.3.6.1.4.1.232.1.2.2.1.1.4 (CPU Speed in MHz)
.1.3.6.1.4.1.232.1.2.2.1.1.5 (CPU Step)
.1.3.6.1.4.1.232.1.2.2.1.1.6 (CPU status (1=unknown, 2=ok, 3=degraded, 4=failed, 5=disabled)
.1.3.6.1.4.1.232.1.2.2.1.1.15 (Number of enabled CPU cores)
.1.3.6.1.4.1.232.1.2.2.1.1.25 (Number of available CPU threads)
.1.3.6.1.4.1.232.1.2.2.1.1.26 (CPU power status (1=unknown, 2=Low Powered, 3=Normal Powered, 4=High Powered)
</syntaxhighlight>
'''Logical Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.3.1.1.2.0 (Logical Drive Index)
.1.3.6.1.4.1.232.3.2.3.1.1.1.0 (Logical Drive Controller)
.1.3.6.1.4.1.232.3.2.3.1.1.3.0 (Logical Drive Fault Tolerance (1=other, 2=none, 3=RAID 1/RAID 1+0 (Mirroring), 4=RAID 4 (Data Guard), 5=RAID 5 (Distributed Data Guard), 7=RAID 6 (Advanced Data Guarding), 8=RAID 50, 9=RAID 60, 10=RAID 1 ADM (Advanced Data Mirroring), 11=RAID 10 ADM (Advanced Data Mirroring with Striping))
.1.3.6.1.4.1.232.3.2.3.1.1.9.0 (Logical Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.3.1.1.4.0 (Logical Drive Status (1=other, 2=ok, 3=Failed, 4=Unconfigured, 5=Recovering, 6=Ready Rebuild, 7=Rebuilding, 8=Wrong Drive, 9=Bad Connect, 10=Overheating, 11=Shutdown, 12=Expanding, 13=Not Available, 14=Queued For Expansion, 15=Multi-path Access Degraded, 16=Erasing, 17=Predictive Spare Rebuild Ready, 18=Rapid Parity Initialization In Progress, 19=Rapid Parity Initialization Pending, 20=No Access – Encrypted with No Controller Key, 21=Unencrypted to Encrypted Transformation in Progress, 22=New Logical Drive Key Rekey in Progress, 23=No Access – Encrypted with Controller Encryption Not Enabled, 24=Unencrypted To Encrypted Transformation Not Started, 25=New Logical Drive Key Rekey Request Received)
.1.3.6.1.4.1.232.3.2.3.1.1.11.0 (Logical Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.5.1.1.2.0 (Drive Index)
.1.3.6.1.4.1.232.3.2.5.1.1.5.0 (Drive Bay)
.1.3.6.1.4.1.232.3.2.5.1.1.64.0 (Drive Location)
.1.3.6.1.4.1.232.3.2.5.1.1.3.0 (Drive Vendor)
.1.3.6.1.4.1.232.3.2.5.1.1.51.0 (Drive Serial Number)
.1.3.6.1.4.1.232.3.2.5.1.1.45.0 (Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.5.1.1.65.0 (Drive Link Rate (1=other, 2=1.5Gbps, 3=3.0Gbps, 4=6.0Gbps, 5=12.0Gbps))
.1.3.6.1.4.1.232.3.2.5.1.1.70.0 (Drive Current Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.71.0 (Drive Temperature Threshold)
.1.3.6.1.4.1.232.3.2.5.1.1.72.0 (Drive Maximum Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.6.0 (Drive Status (1=Other, 2=Ok, 3=Failed, 4=Predictive Failure, 5=Erasing, 6=Erase Done, 7=Erase Queued, 8=SSD Wear Out, 9=Not Authenticated)
.1.3.6.1.4.1.232.3.2.5.1.1.37.0 (Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
.1.3.6.1.4.1.232.3.2.5.1.1.9.0 (Drive Reference Time in hours)
</syntaxhighlight>
'''iLO NIC:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.9.2.5.2.1.1 (iLO location)
.1.3.6.1.4.1.232.9.2.5.1.1.2 (iLO NIC model)
.1.3.6.1.4.1.232.9.2.5.1.1.4 (iLO NIC MAC)
.1.3.6.1.4.1.232.9.2.5.1.1.5 (iLO NIC IPv4)
.1.3.6.1.4.1.232.9.2.5.1.1.9 (iLO NIC speed)
.1.3.6.1.4.1.232.9.2.5.1.1.14 (iLO NIC FQDN)
.1.3.6.1.4.1.232.9.2.5.2.1.2 (Tx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.3 (Tx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.6 (Tx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.7 (Tx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.9 (Rx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.10 (Rx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.13 (Rx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.14 (Rx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.15 (Rx unknown packets)
</syntaxhighlight>
'''Memory:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.14.13.1.1 (Memory Index)
.1.3.6.1.4.1.232.6.2.14.13.1.13 (Location)
.1.3.6.1.4.1.232.6.2.14.13.1.9 (Manufacturer)
.1.3.6.1.4.1.232.6.2.14.13.1.10 (Part Number)
.1.3.6.1.4.1.232.6.2.14.13.1.6 (Size in Kbytes)
.1.3.6.1.4.1.232.6.2.14.13.1.8 (Memory Technology)
.1.3.6.1.4.1.232.6.2.14.13.1.7 (Memory Type)
.1.3.6.1.4.1.232.6.2.14.13.1.19 (Memory status (1=other, 2=notPresent, 3=present, 4=good, 5=add, 6=upgrade, 7=missing, 8=doesNotMatch, 9=notSupported, 10=badConfig, 11=degraded, 12=spare, 13=partial)
.1.3.6.1.4.1.232.6.2.14.13.1.20 (Memory condition (1=other, 2=ok, 3=degraded, 4=degradedModuleIndexUnknown)
</syntaxhighlight>

HP ProLiant G8

2020-11-24T08:00:41Z

Sol: /* reset Administrator pwd */

[[Категория:Hardware]]
__TOC__
= Management Component Pack =
[https://downloads.linux.hpe.com/SDR/project/mcp/ HPE]

The Linux Management Component Pack provides agent software for use on community-supported distributions.

'''hp-health''' HPE System Health Application and Command line Utilities (Gen9 and earlier) 
'''hponcfg''' HPE RILOE II/iLO online configuration utility 
'''amsd''' HPE Agentless Management Service (Gen10 only) 
'''hp-ams''' HPE Agentless Management Service (Gen9 and earlier) 
'''hp-snmp-agents''' Insight Management SNMP Agents for HPE ProLiant Systems (Gen9 and earlier) 
'''hpsmh''' HPE System Management Homepage (Gen9 and earlier) 
'''hp-smh-templates''' HPE System Management Homepage Templates (Gen9 and earlier) 
'''ssacli''' HPE Command Line Smart Storage Administration Utility 
'''ssaducli''' HPE Command Line Smart Storage Administration Diagnostics 
'''ssa''' HPE Array Smart Storage Administration Service 
=== rpm install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into ''/etc/yum.repos.d/mcp.repo'' on your system:
<syntaxhighlight lang="Bash">
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/dist/dist_ver/arch/project_ver
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
Download GPG [http://downloads.linux.hpe.com/SDR/keys public]
<syntaxhighlight lang="Bash">
rpm --import http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
</syntaxhighlight>
Where: 
'''dist''': centos, fedora, opensuse, oracle, asianux 
'''dist_ver''': Browse repo to identify supported distribution versions 
'''arch''': i386, x86_64 
'''project_ver''': current, 11.30, 11.21, 11.05, 10.62, 10.50, 10.40, 10.20, 10.00, 9.30, 9.25 

List the packages in the repository
<syntaxhighlight lang="Bash">
$ yum --disablerepo="*" --enablerepo="short_repo_name" list available
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
$ yum install <packagename>
</syntaxhighlight>
==== CentOS 7 ====
<syntaxhighlight lang="Bash">
cat <<'EOF' >>/etc/yum.repos.d/mcp.repo
[HP-mcp]
name=HP Management Component Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/mcp/centos/7.3/x86_64/current/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
EOF
</syntaxhighlight>
<syntaxhighlight lang="Bash">
wget http://downloads.linux.hpe.com/SDR/repo/mcp/GPG-KEY-mcp -O /etc/pki/rpm-gpg/GPG-KEY-mcp
</syntaxhighlight>
=== deb install ===
Cut-n-paste the following section (substituting distribution, architecture and project version) into /etc/apt/sources.list.d/mcp.list on your system:
<syntaxhighlight lang="Bash">
# HPE Management Component Pack
deb http://downloads.linux.hpe.com/SDR/repo/mcp dist/project_ver non-free
</syntaxhighlight>

Where:
'''dist''': bionic, xenial, trusty, precise, stretch, jessie, squeeze, wheezy
'''project_ver''': current, 11.30, 11.21, 11.05, 10.80, 10.60, 10.50, 10.40, 9.50, 9.40

Install the HPE [http://downloads.linux.hpe.com/SDR/keys public] gpg key
<syntaxhighlight lang="Bash">
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

Update the local apt indexes
<syntaxhighlight lang="Bash">
# apt-get update
</syntaxhighlight>

Search for a specific package
<syntaxhighlight lang="Bash">
# apt-cache search <packagename> # browse debs
</syntaxhighlight>

Install a specific package
<syntaxhighlight lang="Bash">
# apt-get install <packagename>
</syntaxhighlight>
==== Debian 9 ====
<syntaxhighlight lang="Bash">
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp jessie/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
</syntaxhighlight>

== iLO pwd reset ==
[https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03487111 HPE]

<syntaxhighlight lang="Bash">
yum install hponcfg -y
apt-get install hponcfg -y
</syntaxhighlight>

=== reset Administrator pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="xxx" PASSWORD="xxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="pa$$word"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
</syntaxhighlight>

where ?newpass? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f passwd_reset_ilo.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

=== reset other user pwd ===

vim ''iLO4_set_password.xml''
<syntaxhighlight lang="xml">
<ribcl version="2.0">
<login user_login="Administrator" password="boguspassword">
<user_info mode="write">
<mod_user user_login="root">
<password value="root123">
</password>
</mod_user>
</user_info>
</login>

</RIBCL>
</syntaxhighlight>

where ?root? - user login
where ?root123? - new pwd

<syntaxhighlight lang="Bash">
$ hponcfg -f passwd_reset_ilo.xml -l log.txt
Firmware Revision = 1.92 Device type = iLO Driver name = hpilo
</syntaxhighlight>

== ssacli ==
Raid control CLI tool

Show configuration
ssacli ctrl all show config

Controller status
ssacli ctrl all show status

Show detailed controller information for all controllers
ssacli ctrl all show detail

Show detailed controller information for controller in slot 0
ssacli ctrl slot=0 show detail

Rescan for New Devices
ssacli rescan

Physical disk status
ssacli ctrl slot=0 pd all show status

Show detailed physical disk information
ssacli ctrl slot=0 pd all show detail

Logical disk status
ssacli ctrl slot=0 ld all show status

View Detailed Logical Drive Status
ssacli ctrl slot=0 ld 2 show

Create New RAID 0 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:2 raid=0

Create New RAID 1 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2 raid=1

Create New RAID 5 Logical Drive
ssacli ctrl slot=0 create type=ld drives=1I:1:1,1I:1:2,2I:1:6,2I:1:7,2I:1:8 raid=5

Delete Logical Drive
ssacli ctrl slot=0 ld 2 delete

Add New Physical Drive to Logical Volume
ssacli ctrl slot=0 ld 2 add drives=2I:1:6,2I:1:7

Add - All unassigned drives to logical drive 1
ssacli ctrl slot=1 ld 1 add drives=allunassigned

Add Spare Disks
ssacli ctrl slot=0 array all add spares=2I:1:6,2I:1:7

Modify - Extend logical drive 2 size to maximum (must be run with the "forced" flag)
ssacli ctrl slot=1 ld 2 modify size=max forced

Enable Drive Write Cache
ssacli ctrl slot=0 modify dwc=enable

Disable Drive Write Cache
ssacli ctrl slot=0 modify dwc=disable

Erase Physical Drive
ssacli ctrl slot=0 pd 2I:1:6 modify erase

Turn on Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=on

Turn off Blink Physical Disk LED
ssacli ctrl slot=0 ld 2 modify led=off

Modify smart array cache read and write ratio (cacheratio=readratio/writeratio)
ssacli ctrl slot=0 modify cacheratio=100/0

Enable smart array write cache when no battery is present (No-Battery Write Cache option)
ssacli ctrl slot=0 modify nbwc=enable

Disable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=disable

Enable smart array cache for certain Logical Volume
ssacli ctrl slot=0 logicaldrive 1 modify arrayaccelerator=enable

Enable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=enable

Disable SSD Smart Path
ssacli ctrl slot=0 array a modify ssdsmartpath=disable

= SNMP OID List for iLO4 =
Below is a list and description for OID coolers, processors, temperature sensors, logical drives (RAID), hard disks, network controller iLO, RAM.

'''Fans:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.7.1.2.0 (Fan Index)
.1.3.6.1.4.1.232.6.2.6.7.1.3.0 (Fan Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card, 14=management board, 15=backplane, 16=network slot, 17=blade slot, 18=virtual)
.1.3.6.1.4.1.232.6.2.6.7.1.4.0 (Fan Present (1=other, 2=absent, 3=present)
.1.3.6.1.4.1.232.6.2.6.7.1.5.0 (Fan Present (1=other, 2=tachOutput, 3=spinDetect)
.1.3.6.1.4.1.232.6.2.6.7.1.6.0 (Fan Speed (1=other, 2=normal, 3=high)
.1.3.6.1.4.1.232.6.2.6.7.1.9.0 (Fan Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Temperature:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.6.8.1.2.0 (Temperature Sensor Index)
.1.3.6.1.4.1.232.6.2.6.8.1.3.0 (Temperature Sensor Locale (1=other, 2=unknown, 3=system, 4=systemBoard, 5=ioBoard, 6=cpu, 7=memory, 8=storage, 9=removable media, 10=power supply, 11=ambent, 12=chassis, 13=bridge card)
.1.3.6.1.4.1.232.6.2.6.8.1.7.0 (Threshold Type (1=other, 5=blowout, 9=caution, 15=critical, 16=noreaction)
.1.3.6.1.4.1.232.6.2.6.8.1.4.0 (Temperature Celsius)
.1.3.6.1.4.1.232.6.2.6.8.1.5.0 (TemperatureThreshold)
.1.3.6.1.4.1.232.6.2.6.8.1.6.0 (TemperatureCondition)
</syntaxhighlight>
'''CPU:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.1.2.2.1.1.1 (CPU Index)
.1.3.6.1.4.1.232.1.2.2.1.1.3 (CPU Name)
.1.3.6.1.4.1.232.1.2.2.1.1.4 (CPU Speed in MHz)
.1.3.6.1.4.1.232.1.2.2.1.1.5 (CPU Step)
.1.3.6.1.4.1.232.1.2.2.1.1.6 (CPU status (1=unknown, 2=ok, 3=degraded, 4=failed, 5=disabled)
.1.3.6.1.4.1.232.1.2.2.1.1.15 (Number of enabled CPU cores)
.1.3.6.1.4.1.232.1.2.2.1.1.25 (Number of available CPU threads)
.1.3.6.1.4.1.232.1.2.2.1.1.26 (CPU power status (1=unknown, 2=Low Powered, 3=Normal Powered, 4=High Powered)
</syntaxhighlight>
'''Logical Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.3.1.1.2.0 (Logical Drive Index)
.1.3.6.1.4.1.232.3.2.3.1.1.1.0 (Logical Drive Controller)
.1.3.6.1.4.1.232.3.2.3.1.1.3.0 (Logical Drive Fault Tolerance (1=other, 2=none, 3=RAID 1/RAID 1+0 (Mirroring), 4=RAID 4 (Data Guard), 5=RAID 5 (Distributed Data Guard), 7=RAID 6 (Advanced Data Guarding), 8=RAID 50, 9=RAID 60, 10=RAID 1 ADM (Advanced Data Mirroring), 11=RAID 10 ADM (Advanced Data Mirroring with Striping))
.1.3.6.1.4.1.232.3.2.3.1.1.9.0 (Logical Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.3.1.1.4.0 (Logical Drive Status (1=other, 2=ok, 3=Failed, 4=Unconfigured, 5=Recovering, 6=Ready Rebuild, 7=Rebuilding, 8=Wrong Drive, 9=Bad Connect, 10=Overheating, 11=Shutdown, 12=Expanding, 13=Not Available, 14=Queued For Expansion, 15=Multi-path Access Degraded, 16=Erasing, 17=Predictive Spare Rebuild Ready, 18=Rapid Parity Initialization In Progress, 19=Rapid Parity Initialization Pending, 20=No Access – Encrypted with No Controller Key, 21=Unencrypted to Encrypted Transformation in Progress, 22=New Logical Drive Key Rekey in Progress, 23=No Access – Encrypted with Controller Encryption Not Enabled, 24=Unencrypted To Encrypted Transformation Not Started, 25=New Logical Drive Key Rekey Request Received)
.1.3.6.1.4.1.232.3.2.3.1.1.11.0 (Logical Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
</syntaxhighlight>
'''Drives:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.3.2.5.1.1.2.0 (Drive Index)
.1.3.6.1.4.1.232.3.2.5.1.1.5.0 (Drive Bay)
.1.3.6.1.4.1.232.3.2.5.1.1.64.0 (Drive Location)
.1.3.6.1.4.1.232.3.2.5.1.1.3.0 (Drive Vendor)
.1.3.6.1.4.1.232.3.2.5.1.1.51.0 (Drive Serial Number)
.1.3.6.1.4.1.232.3.2.5.1.1.45.0 (Drive Size in Mb)
.1.3.6.1.4.1.232.3.2.5.1.1.65.0 (Drive Link Rate (1=other, 2=1.5Gbps, 3=3.0Gbps, 4=6.0Gbps, 5=12.0Gbps))
.1.3.6.1.4.1.232.3.2.5.1.1.70.0 (Drive Current Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.71.0 (Drive Temperature Threshold)
.1.3.6.1.4.1.232.3.2.5.1.1.72.0 (Drive Maximum Temperature)
.1.3.6.1.4.1.232.3.2.5.1.1.6.0 (Drive Status (1=Other, 2=Ok, 3=Failed, 4=Predictive Failure, 5=Erasing, 6=Erase Done, 7=Erase Queued, 8=SSD Wear Out, 9=Not Authenticated)
.1.3.6.1.4.1.232.3.2.5.1.1.37.0 (Drive Condition (1=other, 2=ok, 3=degraded, 4=failed)
.1.3.6.1.4.1.232.3.2.5.1.1.9.0 (Drive Reference Time in hours)
</syntaxhighlight>
'''iLO NIC:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.9.2.5.2.1.1 (iLO location)
.1.3.6.1.4.1.232.9.2.5.1.1.2 (iLO NIC model)
.1.3.6.1.4.1.232.9.2.5.1.1.4 (iLO NIC MAC)
.1.3.6.1.4.1.232.9.2.5.1.1.5 (iLO NIC IPv4)
.1.3.6.1.4.1.232.9.2.5.1.1.9 (iLO NIC speed)
.1.3.6.1.4.1.232.9.2.5.1.1.14 (iLO NIC FQDN)
.1.3.6.1.4.1.232.9.2.5.2.1.2 (Tx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.3 (Tx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.6 (Tx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.7 (Tx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.9 (Rx bytes)
.1.3.6.1.4.1.232.9.2.5.2.1.10 (Rx packets)
.1.3.6.1.4.1.232.9.2.5.2.1.13 (Rx discard packets)
.1.3.6.1.4.1.232.9.2.5.2.1.14 (Rx error packets)
.1.3.6.1.4.1.232.9.2.5.2.1.15 (Rx unknown packets)
</syntaxhighlight>
'''Memory:'''
<syntaxhighlight lang="bash">
.1.3.6.1.4.1.232.6.2.14.13.1.1 (Memory Index)
.1.3.6.1.4.1.232.6.2.14.13.1.13 (Location)
.1.3.6.1.4.1.232.6.2.14.13.1.9 (Manufacturer)
.1.3.6.1.4.1.232.6.2.14.13.1.10 (Part Number)
.1.3.6.1.4.1.232.6.2.14.13.1.6 (Size in Kbytes)
.1.3.6.1.4.1.232.6.2.14.13.1.8 (Memory Technology)
.1.3.6.1.4.1.232.6.2.14.13.1.7 (Memory Type)
.1.3.6.1.4.1.232.6.2.14.13.1.19 (Memory status (1=other, 2=notPresent, 3=present, 4=good, 5=add, 6=upgrade, 7=missing, 8=doesNotMatch, 9=notSupported, 10=badConfig, 11=degraded, 12=spare, 13=partial)
.1.3.6.1.4.1.232.6.2.14.13.1.20 (Memory condition (1=other, 2=ok, 3=degraded, 4=degradedModuleIndexUnknown)
</syntaxhighlight>