Exploring the HPE G2 PDU REST API

Lately I’ve been playing around with the Redfish based REST API in the HPE G2 Metered and Switched Power Distribution Units.

Through the API you are able to pull some details about the PDU as well as different utilization data. Based on your PDUs capabilities you should also be able to control different outlets. My focus has been to pull some details about the PDUs, and to pull the load on the different segments.

As I usually do when I set out exploring an API I was looking for the documentation. Surprisingly there was nothing to be found. The only thing I found was a few lines in the PDU User guide regarding authentication. ...  continue reading

Automate disabling of IPMI over LAN access on HPE iLO

This article will describe how you can disable the IPMI over LAN access on HPE iLO.

The IPMI protocol can present a security vulnerability where the authentication process for IPMI requires a server to send a hash of a user password to the client before authentication. This is not a new vulnerability and since this is a part of the specification of the protocol there is no fix for it besides disabling it or accepting it.

Note that iLO versions 2, 3 and 4 have the IPMI over LAN access enabled by default whereas iLO version 5 has disabled this by default. ...  continue reading

Industrialising remote offices with VMware vSAN

Recently we received lots of new hardware destined for a customer that has multiple locations world-wide.

They need a robust server solution for their production environments locally. The environment is small in terms of number of VMs, but there is high demands on the environment and we need local hardware at the sites as the connections to these sites varies and they are not fast enough at all times.

Lots of racks ...  continue reading

HPE iLO affects ESXi management agents – hosts in “not responding”

The last months we have had several issues with ESXi hosts going in a “Not responding” status. The VMs are still active and online in this scenario, but the ESXi cannot be managed. This also affets backup as it won’t be able to reach the VMs through the APIs.

Previously we have normally just restarted the management agents on the host and it has been able to connect to vCenter and after this we have managed to migrate the VMs off the host. Lately this hasn’t worked and we have been forced to boot the host with the result of the VMs getting rebooted by HA and eventually started on a different host.

Almost all of our ESXi hosts is HPE servers. We have also seen in many of these cases that iLO (Integrated Lights-out) management has not been accessible or not responsive. ...  continue reading

Upgrading to HPE OneView 4.1 – Failed!

After the release of the new and shiny version 4.1 of HPE OneView we have tried to upgrade one of our (smaller) OneView instances.

The update process is usually quite straight forward and it gets better in every release. The upgrade to 4.0 from 3.x had some issues with certificate handling post-upgrade, but it was manageable.

The upgrade from 4.0 to 4.1 should not be affected by the same so I had great hopes about a smooth upgrade. ...  continue reading

Automating iLO config and OneView setup for HPE servers

We have quite a few Blade Enclosures with BL460c server blades in them and have been happy with those. For managing these we are primarly using HPE OneView and in some cases the Onboard Administrator (OA).

Our latest batch of new hardware however was DL360 and DL380 rack servers. These will also be managed by OneView primarly, but initially we need to do some iLO config on each server which in the case of blades are done by the OA. They will also have to be added to OneView manually while the blades would be brought in automatically from the chassis. With lots of new servers to configure this is a tedious process, and there are risk for errors and inconsistency when doing it manually.

To the rescue comes the APIs provided by HPE and our favourite tool, Powershell. ...  continue reading

Firmware update HPE Onboard Administrator

In our environment we have several HPE Blade Chassis systems. The chassis is managed with the Onboard Administrator (OA) which consists of one or two management modules.

Like all other hardware these modules have components that needs firmware to run. And firmware needs to be kept updated to fix bugs, add features, new hardware compatibility and mitigate security risks. It’s also a good thing to keep it pretty close to the iLO version updates on your blades as I suspect HPE might not test newer iLO against a lot of old OA version. However I haven’t found that kind of compatibility matrix.

Normally you need to restart the specific hardware after doing a firmware update. This means downtime, but how can you do this on a blade chassis containing up to 16 blade servers running your production load? ...  continue reading