I Just Wanted to ...
So I just wanted to add my HPE ProLiant MicroServer Gen8 Server FreeNAS TrueNAS system – which I brought with me from Vienna when I traveled to my girlfriends place in Cologne – to her local fritz.box network. What I forgot was that I configured both NICs to static IP addresses in my Vienna LAN, so there was no way for me to access the box remotely and reconfigure it.
My first attempt to fix this: connect a display and a USB-keyboard to the server and fix it on the local console. This was unsuccessfull, as my girlfriend is not a hoarder of old, obsolete hardware like me and does not own a single display with a VGA connector. So I had to get a VGA->gt;HDMI adapter.
Once Amazon delivered, I got a picture until all the HW initialized but not afterwards. Apparently, something in the HPE boot selection screen confuses the adapter in very specifc way, so it stops working. Another option gone.
But then I rememberd (yes, it really took me this long), that the Gen8 has a „dedicated” (sort of) ILO4 network port, which is per default configured for DHCP and should therefore be available to me. Furthermore, the ILO4 webinterface allows for a „remote console” to the booted OS, so I could configure my TrueNAS via that „console”.
Plugged the cable into the ILO port, checked in the fritz.box network management interface and „low and behold”, the ILO interfaced fetched an IP address (of course the „.42”). And even more surprisingly, the webinterface responded on that IP, prompting me for username and password. Fortunately, I also brought the toe tag of the server with me, wich had the username and password printed on it. And like a well trained pavel dog, I added these credentials to my KeePassXC database, reminding mysef to change the password later on.
After some clicking around I had to suspend my activities for that evening, due to personal reasons and continued working on this project on the following day. Which started with the ILO interface not accepting my credentials (from the KeePassXC store of course). I double checked the password with the dog tag, entered it manually, nothing helped.
OK, what to do? Thankfully, DuckDuckGo found instructions on how to Reset the HPE ILO Inband Root/Administrator Password in Linux.
OK, so now I need a bootable USB stick with a linux on it, which can facilitate the ProLiant’s NICs to provide a SSH connection over. This, I would be able to use to connect to it, so i can download the hpconf tool on it to reset the ILO4 password of the server.
Linux of choice in such a case is of course the wonderful Austrian/Graz based sysadmin workhorse Linux distribution „grml”. But reading up on it, I realized, that they do not provide an SSH server per default. So some customizing was needed.
Fortunately, the grml project provides a blog entry from 2011 where they describe the steps necessary to create a custom grml ISO with my personal project ssh keys added and the ssh server configured for autostart. Surprisingly, I had a sufficiently sized (slow) USB stick at hand and after abput 30 minutes of creating a new ssh key for this and building and writing the iso to USB stick, I was able to plug it into the ProLiant and boot it.
Thanks to the wonderful people who built grml, I was able to hear that grml has finished booting from the comfort of my couch. So now I only had to download hpconf, create the xml file with the new password and be done with it. Right?
Hahahahhahaha. No.
The easiest way I found to the get hpconf installed was to add it to the apt-sources of grml, which was easier said, then done. The steps I followed to update the password were:
- Grab the signatures, otherwise apt will stop working for security reasons and make your life hell with security prompts:
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
- Add the HP ressources to the apt sources list, as the .debs from the downloadable ISO are way out of date …
echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list echo "deb http://downloads.linux.hpe.com/SDR/repo/mcp stable/current non-free" >>/etc/apt/sources.list.d/hp-nonfree.list
- Finally, install the hponcfg utility:
apt-get update apt-get install hponcfg
- Create the xml file with the password:
cat <<__UND_AUS__ > /root/pwd.xml <RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="x" PASSWORD="x"> <USER_INFO MODE="write"> <MOD_USER USER_LOGIN="Administrator"> <PASSWORD value="horse staple battery"/> </MOD_USER> </USER_INFO> </LOGIN> </RIBCL> __UND_AUS__
- Update the ILO password
hponcfg -f /root/pwd.xml
So after doing that, I unplugged the grml USB stick, plugged in the ILO port, rebooted and …
… again, I was not able to login.
So I looked more closely and guess what …
I misspelled the username
as „Adminstrator” in the KeePassXC entry. Once I fixed this, I was able to log into ILO and change passwords, update BIOS and ILO firmware, etc.
And once I took care of that housekeeping, I was actually able to use the ILO4 „HTML5 console” to reconfigure the NICs to DHCP once TrueNAS has booted. So now I finally have a server in the fritz.box network, that I can actually access.
Again, a lot of shaved yaks, just to fix a typo.
Tagged as: freenas, grml, ilo, it, proliant, rant, server, stupidity | Author: Martin Leyrer
[Samstag, 20210130, 14:26 | permanent link | 0 Kommentar(e)