Как настроить ilo через powershell hpeilocmdlets

Задача настроить ilo. серверов много. Надо настроить dns, выпустить сертификат , ntp , email , name host ilo, syslog, smtp

Для начала установим hpeilocmdlets

Устанавливаем HPiLOCmdlet

Оставлю локально вдруг что та смениться.  HPiLOCmdlets-x64

После установки

Import-Module HPiLOCmdlets

или

Install-Module -Name HPEiLOCmdlets

Если не хватает прав на запуск

Set-ExecutionPolicy RemoteSigned

Если ошибки

Install-PackageProvider Nuget –Force


Install-Module –Name PowerShellGet –Force


Update-Module -Name PowerShellGet

После этого возьмем настройки с эталонного сервера где настроен лдап и группы

$ILOIp = "172.16.35.20"
$UserName = "iloadmin"
#[securestring]
$Pass="pasword"

get-HPiLODirectory -Server $ILOIp -Username $UserName -Password $pass -DisableCertificateAuthentication

Делаем хмл файл

<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<DIR_INFO MODE="write">
<MOD_DIR_CONFIG>
<DIR_AUTHENTICATION_ENABLED value="Y"/>
<DIR_LOCAL_USER_ACCT value="Y"/>
<DIR_SERVER_ADDRESS value="ldaps"/>
<DIR_SERVER_PORT value="636"/>
<DIR_OBJECT_DN value=""/>
<DIR_USER_CONTEXT_1 value=""/>
<DIR_USER_CONTEXT_2 value=""/>
<DIR_USER_CONTEXT_3 value=""/>
<DIR_USER_CONTEXT_4 value=""/>
<DIR_USER_CONTEXT_5 value=""/>
<DIR_USER_CONTEXT_6 value=""/>
<DIR_USER_CONTEXT_7 value=""/>
<DIR_USER_CONTEXT_8 value=""/>
<DIR_USER_CONTEXT_9 value=""/>
<DIR_USER_CONTEXT_10 value=""/>
<DIR_USER_CONTEXT_11 value=""/>
<DIR_USER_CONTEXT_12 value=""/>
<DIR_USER_CONTEXT_13 value=""/>
<DIR_USER_CONTEXT_14 value=""/>
<DIR_USER_CONTEXT_15 value=""/>
<DIR_ENABLE_GRP_ACCT value = "Y"/>
<DIR_GRPACCT1_NAME VALUE= "ILOAccess"/>
<DIR_GRPACCT1_PRIV VALUE= "1,2,3,4,5,6"/>
<DIR_GRPACCT1_SID VALUE= "S-1-5-21"/>
<DIR_GRPACCT2_NAME VALUE= "ILOAccess Users"/>
<DIR_GRPACCT2_PRIV VALUE= "2,3,6"/>
<DIR_GRPACCT2_SID VALUE= "S-1-5-21"/>
<DIR_KERBEROS_ENABLED value="N"/>
<DIR_KERBEROS_REALM VALUE=""/>
<DIR_KERBEROS_KDC_ADDRESS VALUE=""/>
<DIR_KERBEROS_KDC_PORT VALUE="88"/>
</MOD_DIR_CONFIG>
</DIR_INFO>
</LOGIN>
</RIBCL>

 

После этого выполняем скрипт по замене пользователя ,пароля и настройка ldap с группами.

Find-HPiLO 172.16.50.0-255 | Select-Object ip | Export-Csv C:\1\1.csv


$UserName = "admin" # старый пользователь
#[securestring]
$adminPass="12345677" # старый пароль
$cred = Get-Credential -UserName admin -Message "Enter current standard iLO password"
$Servername
$NewAdmin = "iloadmin" #новый пользователь
#[securestring]
$pass ="311221212121 # новый пароль
$path = "C:\1\1.csv" # путь на файл с ip ilo
$csv = Import-Csv $path

#Добавление нового пользователя
#Write-Verbose "Adding new admin user"
Add-HPiLOUser -Server $csv.IP -Username $UserName -Password $adminPass -NewUsername $newadmin -NewUserLogin $newadmin -NewPassword $pass -AdminPriv Y -ConfigILOPriv Y -RemoteConsPriv Y -ResetServerPriv Y -VirtualMediaPriv Y -DisableCertificateAuthentication




# Удаление старого пользователя
Remove-HPiLOUser -Server $csv.ip -RemoveUserLogin $UserName -DisableCertificateAuthentication -Username $newadmin -Password $pass

# Добавляем настройки ldap и группы
Write-Verbose "Configuring Active Directory Integration"
$ribcmd = ([string](Get-Content "c:\1\ldap_config.xml"))
Invoke-HPiLORIBCLCommand -Server $csv.ip -Username $newadmin -Password $pass -DisableCertificateAuthentication -RIBCLCommand $ribcmd

# Перезагрузка ilo
#Reset-HPiLORIB -Credential $cred -Server $csv.ip

После этого надо настроить все остальное ntp , email , name host ilo, syslog, smtp

#Variables
$iLOIPAddress = '172.16.50.26'
$iLODNSName = 'servs1-ilo'
$iLOFQDN = 'servs1-ilo.voxys.ru'

# Логин локального администратора
$Administrator='iloadmin'

$iLODHCPIP = $iLOIPAddress

#$DefaultiLOPassword = 'Enter default iLO password. Found on label on server'
#$iLOLicenseKey = '****'
$cred = Get-Credential -UserName voxys.iloadmin -Message "Enter current standard iLO password"
$DNSServer = '172.16.321.10'

#$iLOGateway = '172.16.35.1' # поменяй прежде чем раскоментировать
$iLOPrimaryDNS = '172.16.321.10'
$iLOSecondaryDNS ='172.16.321.20'
#$mask='255.255.255.0'
$Zone = 'adminbd.ru'


$TimeZone = 'Europe/Moscow'
$iLOFirmwareFile = "\\fsr\ILO\4\ilo4_282.bin"

$SNMPServer='ntp.adminbd.ru'


Disable-HPiLOCertificateAuthentication




$conn = Connect-HPEiLO -Address $iLOIPAddress -Credential $cred -DisableCertificateAuthenticat


Set-HPEiLORemoteSyslog -Connection $conn -RemoteSyslogEnabled Yes -RemoteSyslogServer "syslog.adminbd.ru" -RemoteSyslogPort 514





# Disable Certificate Authentication
Disable-HPiLOCertificateAuthentication



# Update the iLO firmware
Write-Host "Applying the latest iLO Firmware. This could take a minute"
Update-HPiLOFirmware -Credential $cred -Server $iLODHCPIP -Location $iLOFirmwareFile -DisableCertificateAuthenticat
Start-Sleep -s 60

# Add the iLO license key
#Write-Host "Adding the iLO Advanced License"
#Set-HPiLOLicenseKey -Credential $cred -Server $iLODHCPIP -Key $iLOLicenseKey

# Setup iLO networking
#Write-Host "Setting up network on $iLODNSName"
Set-HPiLOServerName -Credential $cred -Server $iLODHCPIP -ServerName $iLODNSName
Set-HPiLOServerFQDN -Credential $cred -Server $iLODHCPIP -ServerFQDN $iloFQDN
#Set-HPiLOIPv6NetworkSetting -Credential $cred -Server $iLODHCPIP -DHCPv6SNTPSetting No

Set-HPiLONetworkSetting -Credential $cred -Server $iLODHCPIP -DHCPEnable No -DHCPSNTP No -DNSName $iLODNSName -Domain $Zone -IPAddress $iLOIPAddress -PrimDNSServer $iLOPrimaryDNS -RegDDNSServer Yes -RegWINSServer No -SecDNSServer $iloSecondaryDNS -SNTPServer1 $iLOPrimaryDNS -SNTPServer2 $iloSecondaryDNS -Timezone $TimeZone





# Setup SNMP
Write-Host "Configuring SNMP"
Set-HPiLOSNMPIMSetting -Credential $cred -Server $iLODNSName -SNMPAddress1 $SNMPServer -SNMPAddress2 $SNMPServer -WebAgentIPAddress $iLOFQDN -SNMPAddress1ROCommunity 'i_c' -SNMPAccess Enable

# Setup Alertmail
Write-Host "Configuring email alerts"
Set-HPiLOGlobalSetting -Credential $cred -Server $iLODNSName -AlertMail Yes -AlertMailEmail 'admins@adminbd.ru' -AlertMailSenderDomain 'adminbd.ru' -AlertMailSMTPPort 25 -AlertMailSMTPServer 'tech.adminbd.ru'

 

После этого выпускаем сертификат и применяем

param (
[Parameter(
Mandatory = $true
)]
[PSCredential]
$Credential,
[String]

$iLOFQDN="stor01-ilo.voxys.ru",


[Parameter()]
[Switch]
$IncludeShortNameSAN,

[Parameter()]
[Alias(
"C"
)]
[String]
$Country = "RU",

[Parameter()]
[Alias(
"ST", "RU"
)]
[String]
$State = "RU",

[Parameter()]
[Alias(
"L", "Moscow"
)]
[String]
$Locality = "RU",

[Parameter()]
[Alias(
"O"
)]
[String]
$Organization = "adminbd",

[Parameter()]
[Alias(
"OU"
)]
[String]
$OrganizationalUnit = "IT",

[Parameter()]
[Switch]
$IncludeiLOIP,

[Parameter()]
[Alias(
"CA"
)]
[String]
$CertificateAuthorityName = "subca.adminbd.ru\SUBC", #узнать ваш можно certutil -config - -ping

[Parameter()]
[String]
$CertificateTemplateName = "HPILO"

)


#process {
foreach ($ilo in $iLOFQDN) {
try {
$connection = Connect-HPEiLO -IP $ilo -Credential $Credential -DisableCertificateAuthentication -ErrorAction Stop
} catch {
$PSCmdlet.ThrowTerminatingError(
$_
)
exit
}

# Only check the firmware version level for iLO 4.
$firmware = Get-HPEiLOFirmwareVersion -Connection $connection
if ($firmware.ManagerType -ne "iLO 5") {
if ([Version]$firmware.FirmwareVersion -lt [Version]"2.70"){
throw "The HPE iLO Firmware needs to be updated to continue."
exit
}
}

$csrParameters = @{
Connection = $connection
Country = $Country
State = $State
City = $Locality
Organization = $Organization
OrganizationalUnit = $OrganizationalUnit
CommonName = $ilo
}

if ($PSBoundParameters.ContainsKey( "IncludeiLOIP" )) {
$csrParameters.Add(
"IncludeiLOIP", $null
)
}

Start-HPEiLOCertificateSigningRequest @csrParameters |
Out-Null

$csr = $null
while ([String]::IsNullOrEmpty( $csr )) {
$csr = Get-HPEiLOCertificateSigningRequest -Connection $connection |
Select-Object -ExpandProperty CertificateSigningRequest
Start-Sleep -Seconds 5
}

$guid = New-Guid |
Select-Object -ExpandProperty Guid

$csrOutputPath = Join-Path -Path $env:TEMP -ChildPath "${guid}.csr"
Out-File -FilePath $csrOutputPath -InputObject $csr -Encoding ascii

if ($IncludeShortNameSAN.IsPresent) {
$shortName = $ilo.Split(".")[0]
$infInputObject = "[Extensions]`r`n2.5.29.17 = `"{text}`"`r`n_continue_ = `"DNS=${shortName}&`"`r`n_continue_ = `"DNS=${ilo}`""
$infOutputPath = Join-Path -Path $env:TEMP -ChildPath "${guid}.inf"
Out-File -FilePath $infOutputPath -InputObject $infInputObject -Encoding ascii

$csrOutputPathResigned = Join-Path -Path $env:TEMP -ChildPath "${guid}_resigned.csr"
certreq.exe -policy $csrOutputPath $infOutputPath $csrOutputPathResigned
$csrOutputPath = $csrOutputPathResigned
}

$pemOutputPath = Join-Path -Path $env:TEMP -ChildPath "${guid}.pem"
certreq.exe -config $CertificateAuthorityName -submit -attrib "CertificateTemplate:${CertificateTemplateName}" $csrOutputPath $pemOutputPath |
Out-Null

$certificate = Get-Content -Path $pemOutputPath -Raw
$response = Import-HPEiLOCertificate -Connection $connection -Certificate "$certificate"

[PSCustomObject]@{
HostName = $ilo
Result = $response.StatusInfo.Message
}

Get-ChildItem -Path $env:TEMP -Filter "$guid*" |
Remove-Item -Force -Confirm:$false -ErrorAction SilentlyContinue

Disconnect-HPEiLO -Connection $connection
}
#}

 

Все ilo готово

PS:

Установка серт взято от сюда https://gist.github.com/tomohulk/4ddb9a0e8feb3768c742b5cf867a0cb8#file-new-hpeilopkicertificate-ps1

Similar Posts:

• Как поменять логин и пароль на hp ilo и настроить ldap.
• Как cменить пароль локального администратора в домене на серверах через Powershell.
• Как обновить сертификат ssl hp ilo через PowerShell и Windows CA
• Как сделать автоматическую смену пароля у пользователя exchange и отправка нового пароля на email.
• Как создать контакты в exchange из другого домена.