Задача настроить ilo. серверов много. Надо настроить dns, выпустить сертификат , ntp , email , name host ilo, syslog, smtp
Для начала установим hpeilocmdlets
Устанавливаем HPiLOCmdlet
Оставлю локально вдруг что та смениться. HPiLOCmdlets-x64
После установки
Import-Module HPiLOCmdlets
или
Install-Module -Name HPEiLOCmdlets
Если не хватает прав на запуск
Set-ExecutionPolicy RemoteSigned
Если ошибки
Install-PackageProvider Nuget –Force Install-Module –Name PowerShellGet –Force Update-Module -Name PowerShellGet
После этого возьмем настройки с эталонного сервера где настроен лдап и группы
$ILOIp = "172.16.35.20" $UserName = "iloadmin" #[securestring] $Pass="pasword" get-HPiLODirectory -Server $ILOIp -Username $UserName -Password $pass -DisableCertificateAuthentication
Делаем хмл файл
<RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="adminname" PASSWORD="password"> <DIR_INFO MODE="write"> <MOD_DIR_CONFIG> <DIR_AUTHENTICATION_ENABLED value="Y"/> <DIR_LOCAL_USER_ACCT value="Y"/> <DIR_SERVER_ADDRESS value="ldaps"/> <DIR_SERVER_PORT value="636"/> <DIR_OBJECT_DN value=""/> <DIR_USER_CONTEXT_1 value=""/> <DIR_USER_CONTEXT_2 value=""/> <DIR_USER_CONTEXT_3 value=""/> <DIR_USER_CONTEXT_4 value=""/> <DIR_USER_CONTEXT_5 value=""/> <DIR_USER_CONTEXT_6 value=""/> <DIR_USER_CONTEXT_7 value=""/> <DIR_USER_CONTEXT_8 value=""/> <DIR_USER_CONTEXT_9 value=""/> <DIR_USER_CONTEXT_10 value=""/> <DIR_USER_CONTEXT_11 value=""/> <DIR_USER_CONTEXT_12 value=""/> <DIR_USER_CONTEXT_13 value=""/> <DIR_USER_CONTEXT_14 value=""/> <DIR_USER_CONTEXT_15 value=""/> <DIR_ENABLE_GRP_ACCT value = "Y"/> <DIR_GRPACCT1_NAME VALUE= "ILOAccess"/> <DIR_GRPACCT1_PRIV VALUE= "1,2,3,4,5,6"/> <DIR_GRPACCT1_SID VALUE= "S-1-5-21"/> <DIR_GRPACCT2_NAME VALUE= "ILOAccess Users"/> <DIR_GRPACCT2_PRIV VALUE= "2,3,6"/> <DIR_GRPACCT2_SID VALUE= "S-1-5-21"/> <DIR_KERBEROS_ENABLED value="N"/> <DIR_KERBEROS_REALM VALUE=""/> <DIR_KERBEROS_KDC_ADDRESS VALUE=""/> <DIR_KERBEROS_KDC_PORT VALUE="88"/> </MOD_DIR_CONFIG> </DIR_INFO> </LOGIN> </RIBCL>
После этого выполняем скрипт по замене пользователя ,пароля и настройка ldap с группами.
Find-HPiLO 172.16.50.0-255 | Select-Object ip | Export-Csv C:\1\1.csv $UserName = "admin" # старый пользователь #[securestring] $adminPass="12345677" # старый пароль $cred = Get-Credential -UserName admin -Message "Enter current standard iLO password" $Servername $NewAdmin = "iloadmin" #новый пользователь #[securestring] $pass ="311221212121 # новый пароль $path = "C:\1\1.csv" # путь на файл с ip ilo $csv = Import-Csv $path #Добавление нового пользователя #Write-Verbose "Adding new admin user" Add-HPiLOUser -Server $csv.IP -Username $UserName -Password $adminPass -NewUsername $newadmin -NewUserLogin $newadmin -NewPassword $pass -AdminPriv Y -ConfigILOPriv Y -RemoteConsPriv Y -ResetServerPriv Y -VirtualMediaPriv Y -DisableCertificateAuthentication # Удаление старого пользователя Remove-HPiLOUser -Server $csv.ip -RemoveUserLogin $UserName -DisableCertificateAuthentication -Username $newadmin -Password $pass # Добавляем настройки ldap и группы Write-Verbose "Configuring Active Directory Integration" $ribcmd = ([string](Get-Content "c:\1\ldap_config.xml")) Invoke-HPiLORIBCLCommand -Server $csv.ip -Username $newadmin -Password $pass -DisableCertificateAuthentication -RIBCLCommand $ribcmd # Перезагрузка ilo #Reset-HPiLORIB -Credential $cred -Server $csv.ip После этого надо настроить все остальное ntp , email , name host ilo, syslog, smtp #Variables $iLOIPAddress = '172.16.50.26' $iLODNSName = 'servs1-ilo' $iLOFQDN = 'servs1-ilo.voxys.ru' # Логин локального администратора $Administrator='iloadmin' $iLODHCPIP = $iLOIPAddress #$DefaultiLOPassword = 'Enter default iLO password. Found on label on server' #$iLOLicenseKey = '****' $cred = Get-Credential -UserName voxys.iloadmin -Message "Enter current standard iLO password" $DNSServer = '172.16.321.10' #$iLOGateway = '172.16.35.1' # поменяй прежде чем раскоментировать $iLOPrimaryDNS = '172.16.321.10' $iLOSecondaryDNS ='172.16.321.20' #$mask='255.255.255.0' $Zone = 'adminbd.ru' $TimeZone = 'Europe/Moscow' $iLOFirmwareFile = "\\fsr\ILO\4\ilo4_282.bin" $SNMPServer='ntp.adminbd.ru' Disable-HPiLOCertificateAuthentication $conn = Connect-HPEiLO -Address $iLOIPAddress -Credential $cred -DisableCertificateAuthenticat Set-HPEiLORemoteSyslog -Connection $conn -RemoteSyslogEnabled Yes -RemoteSyslogServer "syslog.adminbd.ru" -RemoteSyslogPort 514 # Disable Certificate Authentication Disable-HPiLOCertificateAuthentication # Update the iLO firmware Write-Host "Applying the latest iLO Firmware. This could take a minute" Update-HPiLOFirmware -Credential $cred -Server $iLODHCPIP -Location $iLOFirmwareFile -DisableCertificateAuthenticat Start-Sleep -s 60 # Add the iLO license key #Write-Host "Adding the iLO Advanced License" #Set-HPiLOLicenseKey -Credential $cred -Server $iLODHCPIP -Key $iLOLicenseKey # Setup iLO networking #Write-Host "Setting up network on $iLODNSName" Set-HPiLOServerName -Credential $cred -Server $iLODHCPIP -ServerName $iLODNSName Set-HPiLOServerFQDN -Credential $cred -Server $iLODHCPIP -ServerFQDN $iloFQDN #Set-HPiLOIPv6NetworkSetting -Credential $cred -Server $iLODHCPIP -DHCPv6SNTPSetting No Set-HPiLONetworkSetting -Credential $cred -Server $iLODHCPIP -DHCPEnable No -DHCPSNTP No -DNSName $iLODNSName -Domain $Zone -IPAddress $iLOIPAddress -PrimDNSServer $iLOPrimaryDNS -RegDDNSServer Yes -RegWINSServer No -SecDNSServer $iloSecondaryDNS -SNTPServer1 $iLOPrimaryDNS -SNTPServer2 $iloSecondaryDNS -Timezone $TimeZone # Setup SNMP Write-Host "Configuring SNMP" Set-HPiLOSNMPIMSetting -Credential $cred -Server $iLODNSName -SNMPAddress1 $SNMPServer -SNMPAddress2 $SNMPServer -WebAgentIPAddress $iLOFQDN -SNMPAddress1ROCommunity 'i_c' -SNMPAccess Enable # Setup Alertmail Write-Host "Configuring email alerts" Set-HPiLOGlobalSetting -Credential $cred -Server $iLODNSName -AlertMail Yes -AlertMailEmail 'admins@adminbd.ru' -AlertMailSenderDomain 'adminbd.ru' -AlertMailSMTPPort 25 -AlertMailSMTPServer 'tech.adminbd.ru'
После этого выпускаем сертификат и применяем
param ( [Parameter( Mandatory = $true )] [PSCredential] $Credential, [String] $iLOFQDN="stor01-ilo.voxys.ru", [Parameter()] [Switch] $IncludeShortNameSAN, [Parameter()] [Alias( "C" )] [String] $Country = "RU", [Parameter()] [Alias( "ST", "RU" )] [String] $State = "RU", [Parameter()] [Alias( "L", "Moscow" )] [String] $Locality = "RU", [Parameter()] [Alias( "O" )] [String] $Organization = "adminbd", [Parameter()] [Alias( "OU" )] [String] $OrganizationalUnit = "IT", [Parameter()] [Switch] $IncludeiLOIP, [Parameter()] [Alias( "CA" )] [String] $CertificateAuthorityName = "subca.adminbd.ru\SUBC", #узнать ваш можно certutil -config - -ping [Parameter()] [String] $CertificateTemplateName = "HPILO" ) #process { foreach ($ilo in $iLOFQDN) { try { $connection = Connect-HPEiLO -IP $ilo -Credential $Credential -DisableCertificateAuthentication -ErrorAction Stop } catch { $PSCmdlet.ThrowTerminatingError( $_ ) exit } # Only check the firmware version level for iLO 4. $firmware = Get-HPEiLOFirmwareVersion -Connection $connection if ($firmware.ManagerType -ne "iLO 5") { if ([Version]$firmware.FirmwareVersion -lt [Version]"2.70"){ throw "The HPE iLO Firmware needs to be updated to continue." exit } } $csrParameters = @{ Connection = $connection Country = $Country State = $State City = $Locality Organization = $Organization OrganizationalUnit = $OrganizationalUnit CommonName = $ilo } if ($PSBoundParameters.ContainsKey( "IncludeiLOIP" )) { $csrParameters.Add( "IncludeiLOIP", $null ) } Start-HPEiLOCertificateSigningRequest @csrParameters | Out-Null $csr = $null while ([String]::IsNullOrEmpty( $csr )) { $csr = Get-HPEiLOCertificateSigningRequest -Connection $connection | Select-Object -ExpandProperty CertificateSigningRequest Start-Sleep -Seconds 5 } $guid = New-Guid | Select-Object -ExpandProperty Guid $csrOutputPath = Join-Path -Path $env:TEMP -ChildPath "${guid}.csr" Out-File -FilePath $csrOutputPath -InputObject $csr -Encoding ascii if ($IncludeShortNameSAN.IsPresent) { $shortName = $ilo.Split(".")[0] $infInputObject = "[Extensions]`r`n2.5.29.17 = `"{text}`"`r`n_continue_ = `"DNS=${shortName}&`"`r`n_continue_ = `"DNS=${ilo}`"" $infOutputPath = Join-Path -Path $env:TEMP -ChildPath "${guid}.inf" Out-File -FilePath $infOutputPath -InputObject $infInputObject -Encoding ascii $csrOutputPathResigned = Join-Path -Path $env:TEMP -ChildPath "${guid}_resigned.csr" certreq.exe -policy $csrOutputPath $infOutputPath $csrOutputPathResigned $csrOutputPath = $csrOutputPathResigned } $pemOutputPath = Join-Path -Path $env:TEMP -ChildPath "${guid}.pem" certreq.exe -config $CertificateAuthorityName -submit -attrib "CertificateTemplate:${CertificateTemplateName}" $csrOutputPath $pemOutputPath | Out-Null $certificate = Get-Content -Path $pemOutputPath -Raw $response = Import-HPEiLOCertificate -Connection $connection -Certificate "$certificate" [PSCustomObject]@{ HostName = $ilo Result = $response.StatusInfo.Message } Get-ChildItem -Path $env:TEMP -Filter "$guid*" | Remove-Item -Force -Confirm:$false -ErrorAction SilentlyContinue Disconnect-HPEiLO -Connection $connection } #}
Все ilo готово
PS:
Установка серт взято от сюда https://gist.github.com/tomohulk/4ddb9a0e8feb3768c742b5cf867a0cb8#file-new-hpeilopkicertificate-ps1
Similar Posts:
- Как поменять логин и пароль на hp ilo и настроить ldap.
- Как cменить пароль локального администратора в домене на серверах через Powershell.
- Как обновить сертификат ssl hp ilo через PowerShell и Windows CA
- Как сделать автоматическую смену пароля у пользователя exchange и отправка нового пароля на email.
- Как создать контакты в exchange из другого домена.