html
Integrated Lights-Out (iLO) is HP's remote management interface that allows administrators to control servers even when the operating system is unresponsive. The iLO port (usually a dedicated RJ-45 connector) provides out-of-band management capabilities.
Before configuring remote access, ensure:
- iLO port is connected to your management network
- Server has iLO Advanced license for full remote console functionality
- You have physical access to note down the default iLO address (usually printed on server label)
Connect to the default IP (commonly 192.168.1.1) using HTTPS in your browser. Default credentials are typically:
Username: Administrator Password: (check server documentation sticker)
For remote access, configure static IP or DHCP reservation:
# Example of setting static IP via iLO web interface: 1. Login to iLO web interface 2. Navigate to Administration → Network 3. Select "Static IP Address" option 4. Enter IP, subnet mask, gateway 5. Apply changes
While most configuration happens via web interface, you can use the hponcfg utility for scripting:
# Install hponcfg on Debian Squeeze:
apt-get install hp-health hpacucli
# Example XML configuration file (network_settings.xml):
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="admin" PASSWORD="password">
<RIB_INFO MODE="write">
<SET_NETWORK_SETTINGS>
<IP_ADDRESS VALUE="192.168.10.100"/>
<SUBNET_MASK VALUE="255.255.255.0"/>
<GATEWAY_IP_ADDRESS VALUE="192.168.10.1"/>
</SET_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>
# Apply configuration:
hponcfg -f network_settings.xml
Essential security measures for remote iLO access:
- Change default credentials immediately
- Enable SSL certificate (generate or import your own)
- Configure IP address restrictions if possible
- Consider using VPN for iLO access rather than direct internet exposure
Connection problems: Verify network settings and physical connection. Check ARP tables to confirm iLO is responding.
Authentication failures: Reset iLO password using the physical server's iLO reset button (consult your server's manual for location).
Certificate errors: Either import the iLO's self-signed certificate to your trusted store or replace it with a properly signed certificate.
For managing multiple servers, consider these automation approaches:
# Python example using python-ilorest-library
from redfish import RedfishClient
# Initialize connection
ilorest = RedfishClient(base_url='https://ilo-ip', username='admin', password='password')
ilorest.login()
# Configure network
network_uri = "/redfish/v1/Managers/1/NetworkProtocol/"
body = {
"Oem": {
"Hp": {
"HostName": "myserver-ilo",
"DHCPv4": {
"Enabled": False,
"UseDNSServers": False,
"UseDomainName": False,
"UseGateway": False,
"UseNTPServers": False,
"UseStaticRoutes": False,
"UseWINSServers": False
},
"IPv4": {
"Address": "192.168.10.100",
"Gateway": "192.168.10.1",
"SubnetMask": "255.255.255.0"
}
}
}
}
response = ilorest.patch(network_uri, body=body)
HP Integrated Lights-Out (iLO) provides out-of-band management capabilities for ProLiant servers. To configure remote access, you'll need:
- iLO Advanced license (for full remote console functionality)
- Network connectivity to the iLO dedicated port
- Administrator credentials for the iLO interface
- Debian system with hponcfg package installed
First, set up basic network parameters through the physical server console:
# Install necessary tools
apt-get install hp-scripting-tools hp-health hponcfg
# Check iLO firmware version
hponcfg -a -w /tmp/ilo_info.xmlSample configuration file (ilo_network.xml):
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="admin" PASSWORD="your_temp_password">
<RIB_INFO MODE="write">
<SET_NETWORK_SETTINGS>
<IP_ADDRESS VALUE="192.168.1.100"/>
<SUBNET_MASK VALUE="255.255.255.0"/>
<GATEWAY_IP_ADDRESS VALUE="192.168.1.1"/>
<DHCP_ENABLE VALUE="N"/>
</SET_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>Apply the configuration:
hponcfg -f ilo_network.xmlFor production environments, enhance security with these measures:
# Generate SSL certificate
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
-keyout /tmp/ilo.key -out /tmp/ilo.crt \
-subj "/C=US/ST=California/L=Palo Alto/O=YourOrg/CN=ilo.yourdomain.com"
# Convert to DER format for iLO
openssl x509 -in /tmp/ilo.crt -outform DER -out /tmp/ilo.der<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="admin" PASSWORD="your_temp_password">
<RIB_INFO MODE="write">
<IMPORT_CERTIFICATE>
<CERTIFICATE_TYPE VALUE="1"/>
<CERTIFICATE_BLOB VALUE="$(cat /tmp/ilo.der | base64 -w0)"/>
</IMPORT_CERTIFICATE>
<MOD_USER USER_LOGIN="admin">
<USER_NAME VALUE="NewAdminName"/>
<USER_PASSWORD VALUE="StrongPassword123!"/>
</MOD_USER>
<SET_IPMI_DCMI_ACCESS>
<PRIVILEGE_LEVEL VALUE="4"/>
</SET_IPMI_DCMI_ACCESS>
</RIB_INFO>
</LOGIN>
</RIBCL>Create a script to monitor iLO health status:
#!/bin/bash
# ilo_health_check.sh
ILO_IP="192.168.1.100"
ILO_USER="admin"
ILO_PASS="StrongPassword123!"
response=$(curl -s -k "https://$ILO_IP/xmldata?item=all" \
--user "$ILO_USER:$ILO_PASS")
if [[ $response == *"Server powered On"* ]]; then
echo "Server status: Online"
else
echo "Server status: Offline or Error"
fi
# Check temperature sensors
temp=$(echo "$response" | grep -oP 'TEMPERATURE="\K[^"]+')
echo "Current temperature: $temp°C"If you encounter connection problems:
- Verify physical network connection to iLO port
- Check for IP conflicts
- Test with different browsers (Chrome/Firefox recommended)
- Reset iLO to factory defaults if needed:
hponcfg -rFor advanced debugging:
tcpdump -i eth0 -n port 17990 -w ilo_packets.pcap