Initial ILOM Setup Procedures Using the ILOM CLI
|
|
Topics
|
|
Description
|
Links
|
|
Log in to ILOM for the first time
|
|
|
Configure the network environment
|
|
|
Add user accounts or configure a directory service
|
|
|
Find information about your next ILOM configuration steps
|
|
Logging In to ILOM for the First Time Using the CLI
To log in to the ILOM CLI for the first time, you use the default root user account and its default password changeme. After you set up your network environment, you can establish an Administrative user account using an assigned user account name and password.
 Log In to ILOM Using the root User Account
|
To log in to the ILOM CLI for the first time, use SSH and the root user account.
1. To log in to the ILOM CLI using the root user account, type:
$ ssh root@system_ipaddress
If ILOM is operating in a dual-stack network environment, the system_ipaddress can be entered using either an IPv4 or IPv6 address format.
For example:
For IPv4 - 10.8.183.106
or
For IPv6 - [fec0:a:8:b7:214:4fff:5eca:5f7e/64]
The ILOM Login prompt appears.
For more information about entering IP addresses in a dual-stack environment, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
2. Type the default user name and password:
<hostname>: root
Password:changeme
The ILOM CLI prompt appears (->).
Configuring an IPv4 and IPv6 Network Environment
The following CLI procedure provides instructions for configuring ILOM to operate in a dual-stack IPv4 and IPv6 network environment. For a detailed description about configuring ILOM in the IPv4 and IPv6 network environment, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
If you are configuring ILOM to operate in an IPv4-only network environment, as is supported in ILOM 3.0.10 and earlier versions of ILOM, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide.
By default, ILOM will attempt to obtain the IPv4 address using DHCPv4 and the IPv6 address using IPv6 stateless.
Configure IPv4 and IPv6 Settings Using the CLI
|
1. Log in to the ILOM SP CLI or the CMM CLI.
Establish a local serial console connection or SSH connection to the server SP or CMM.
2. Perform the network configuration instructions that apply to your network environment:
- To configure IPv4 network settings, perform Step 3 through Step 5 in this procedure.
- To configure IPv6 network settings, perform Step 6 to Step 10 in this procedure.
3. For IPv4 network configurations, use the cd command to navigate to the /x/network working directory for the device.
For example:
- For a rackmount server SP type: cd /SP/network
- For a chassis CMM type: cd /CMM/network
- For a chassis blade server SP type: cd /CH/BLn/network
- For a chassis blade server with multiple SP nodes type:
cd /CH/BLn/Noden/network
4. Type the show command to view the configured IPv4 network settings configured on the device.
5. To set IPv4 network settings for DHCP or static, perform one of the following:
- To configure DHCP IPv4 network settings, set values for the following properties:
|
Property
|
Set Property Value
|
Description
|
|
state
|
set state=enabled
|
The network state is enabled by default for IPv4.
Note - To enable the DHCP network option for IPv4 the state must be set to enabled.
|
|
pendingipdiscovery
|
set pendingipdiscovery=dhcp
|
The property value for ipdiscovery is set to dhcp by default for IPv4.
Note - If the dhcp default property value was changed to static, you will need to set the property value to dhcp.
|
|
commitpending=
|
set commitpending=true
|
Type set commitpending=true to commit the changes made to the state and ipdiscovery property values.
|
- To configure static IPv4 network settings, set values for the following properties:
|
Property
|
Set Property Value
|
Description
|
|
state
|
set state=enabled
|
The network state is enabled by default for IPv4.
Note - To enable the static IPv4 network option the state must be set to enabled.
|
|
pendingipdiscovery
|
set pendingipdiscovery=static
|
To enable a static IPv4 network configuration, you need to set the pendingipdiscovery property value to static.
Note - The property value for ipdiscovery is set to dhcp by default for IPv4.
|
|
pendingipaddress
pendingipnetmask
pendingipgateway
|
set pendingipaddress=<ip_address> pendingipnetmask=<netmask> pendingipgateway=<gateway>
|
To assign multiple static network settings, type the set command followed by the pending command for each property value (IP address, netmask, and gateway), then type the static value that you want to assign.
|
|
commitpending=
|
set commitpending=true
|
Type set commitpending=true to commit the changes made to the state, ipdiscovery, and network settings property values.
|
6. For IPv6 network configurations, use the cd command to navigate to the /x/network/ipv6 working directory for the device.
For example:
- For a rackmount server SP type: cd /SP/network/ipv6
- For a chassis CMM type: cd /CMM/network/ipv6
- For a chassis blade server SP type: cd /CH/BLn/network/ipv6
- For a chassis blade server with multiple SP nodes type:
cd /CH/BLn/Noden/network/ipv6
7. Type the show command to view the configured IPv6 network settings configured on the device.
For example, see the following sample output values for the IPv6 properties on a server SP device:.
-> show
/SP/network/ipv6
Targets:
Properties:
state = enabled
autoconfig = stateless
dhcpv6_server_duid = (none)
link_local_ipaddress = fe80::214:4fff:feca:5f7e/64
static_ipaddress = ::/128
ipgateway = fe80::211:5dff:febe:5000/128
pending_static_ipaddress = ::/128
dynamic_ipaddress_1 = fec0:a:8:b7:214:4fff:feca:5f7e/64
Commands:
cd
show
|
| Note - The default IPv6 autoconfig= property value provided in ILOM 3.0.14 (and later) is autoconfig=stateless. However, if you have ILOM 3.0.12 installed on your CMM or server, the default property value for autoconfig appears as autoconfig=stateless_only.
|
| Note - When the autoconfig= property is set to dhcpv6_stateful or dhcpv6_stateless, the read-only property for dhcpv6_server_duid will identify the DHCP Unique ID of the DHCPv6 server that was last used by ILOM to retrieve the DHCP information.
|
8. To configure an IPv6 auto-configuration option, use the set command to specify the following auto-configuration property values.
|
Property
|
Set Property Value
|
Description
|
|
state
|
set state=enabled
|
The IPv6 network state is enabled by default. To enable an IPv6 auto-configuration option, this state must be set to enabled.
|
|
autoconfig
|
set autoconfig=<value>
|
Specify this command followed by the autoconf value you want to set.
Options include:
- stateless (default setting provided in ILOM 3.0.14 or later)
or
stateless_only (default setting provided in ILOM 3.0.12)
Automatically assigns IP address learned from the IPv6 network router.
- dhcpv6_stateless
Automatically assigns DNS information learned from the DHCP server.
The dhcpv6_stateless property value is available in ILOM as of 3.0.14.
- dhcpv6_stateful
Automatically assigns the IPv6 address learned from the DHCPv6 server.
The dhcpv6_stateful property value is available in ILOM as of 3.0.14.
- disable
Disables all auto-configuration property values and sets the read-only property value for link local address.
|
The following information is relevant to the IPv6 autoconfig options:
- IPv6 auto-config options take affect after they are set. You do not need to commit these changes under the /network target.
- IPv6 auto-config addresses learned for the device will not affect any of the active ILOM sessions to the device. You can verify the newly learned auto-configured addresses under the /network/ipv6 target.
- As of ILOM 3.0.14 or later, you can enable the stateless auto-config option to run at the same time as when the option for dhcpv6_stateless is enabled or as when the option for dhcpv6_stateful is enabled. However, the auto-config options for dhcpv6_stateless and dhcpv6_stateful should not be enabled to run at the same time.
9. To set a pending static IPv6 address, specify the following property values:
|
Property
|
Set Property Value
|
Description
|
|
state
|
set state=enabled
|
The IPv6 network state is enabled by default. To enable a static IP address the state must be set to enabled.
|
|
pendingipaddress
|
set pending_static_ipaddress=<ip_address>/<subnet_mask_length_in _bits>
|
Type this command followed by the property value for the static IPv6 address and net mask that you want to assign to the device.
IPv6 address example:
fec0:a:8:b7:214:4fff:feca:5f7e/64
|
10. To commit the pending IPv6 static network parameters, perform the following steps:
a. Use the cd command to change the directory to the device network target.
For example:
- For rackmount server type: cd /SP/network
- For chassis CMM type: cd /CMM/network
- For chassis blade server SP type: cd /CH/BLn/network
- For chassis blade server SP with multiple nodes type:
cd /CH/BLn/Noden/network
b. Type the following command to commit the changed property values for IPv6:
set commitpending=true
| Note - Assigning a new static IP address to the device (SP or CMM) will end all active ILOM sessions to the device. To log back in to ILOM, you will need to create a new browser session using the newly assigned IP address.
|
To test the IPv4 or IPv6 network configuration from ILOM use the Network Test Tools (Ping and Ping6). For details, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide.
Adding User Accounts or Configuring a Directory Service
After you log in to ILOM using the root user account, you can choose either to create a local user account or to configure a directory service. For detailed information about ILOM user accounts and directory services, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
|
Topics
|
|
Description
|
Links
|
|
Learn how to add a user account and assign user roles (privileges)
|
|
|
Learn how to configure ILOM for Active Directory
|
|
|
Learn how to configure ILOM for LDAP
|
|
|
Learn how to configure ILOM for LDAP/SSL
|
|
|
Learn how to configure ILOM for RADIUS
|
|
|
Learn how to verify that the new user account or directory service is working properly
|
|
|
Learn how to log out of ILOM
|
|
Add User Account and Assign Privileges
|
1. Log in to the ILOM CLI.
2. Type the following command and your password to add a local user account:
--> create /SP/users/username password=password
For example:
-> create /SP/users/user5
Creating user...
Enter new password: ********
Enter new password again: ********
Created /SP/users/user5
3. Type the following command to assign roles to a user account:
--> set /SP/users/username role=aucr
For example:
-> set /SP/users/user5 role=aucr
Set ’role’ to ’aucr’
For a description of the user account roles, see Add User Account and Assign Privileges.
Configure ILOM for Active Directory
|
1. Log in to the ILOM CLI using the root user account.
2. Use the show command to view the top-level properties. Type:
-> cd /SP/clients/activedirectory
/SP/clients/activedirectory
-> show
/SP/clients/activedirectory
Targets:
admingroups
alternateservers
cert
customgroups
dnslocatorqueries
opergroups
userdomains
Properties:
address = 10.5.121.321
defaultrole = Administrator
dnslocatormode = enabled
logdetail = trace
port = 0
state = disabled
strictcertmode = disabled
timeout = 4
Commands:
cd
set
show
|
3. Use the show command to view information in the tables. Type:
-> show /SP/clients/activedirectory/name/n
Where n is 1 through 5, and where name is one of the following:
- admingroups (for Admin Groups properties)
- opergroups (for Operator Groups properties)
- customgroups (for Custom Groups properties)
- userdomains (for User Domains properties)
- alternateservers (for Alternate Servers properties)
- dnslocatorqueries (for DNS Locator Queries properties)
- cert (for certificate properties - cert is not a table; therefore the value of 1 through 5 for n does not apply)
You can use the show command to retrieve the certificate properties:
-> show /SP/clients/activedirectory/cert
/SP/clients/activedirectory/cert
Targets:
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
|
You can also use the show command to retrieve the alternate server certificate properties:
-> show /SP/clients/activedirectory/alternateservers/1/cert
/SP/clients/activedirectory/alternateservers/1/cert
Targets:
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
|
4. Use the set command to configure top-level properties.
For example:
-> set address=10.5.121.321
Set ’address’ to 10.5.121.321
->set ...etc. for defaultrole, dnslocator, logdetail, port, state, stricmode, timeout
|
5. Use the set command to load a certificate or to modify properties.
For example:
- To load an Active Directory certificate:
-> set /SP/clients/activedirectory/cert load_uri=tftp://10.6.143.192/sales/cert.cert
Set ’load_uri’ to ’tftp://10.6.143.192/sales/cert.cert’
|
- To load an Alternate Server certificate:
-> set /SP/clients/activedirectory/alternateservers/1/cert load_uri=tftp://10.6.143.192/sales/cert.cert
Set ’load_uri’ to ’tftp://10.6.143.192/sales/cert.cert’
|
- To modify Admin Groups Table properties:
-> set /SP/clients/activedirectory/admingroups/1 name=CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com
Set 'name' to 'CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com'
|
- To modify Operator Groups table properties:
-> set /SP/clients/activedirectory/opergroups/1 name=CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com
Set 'name' to 'CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com'
|
- To modify Custom Groups Table properties:
| Note - You can set the role to any one or a combination of Admin (a), User Management (u), Console (c), Reset and Host Control (r), or Read Only (o). The legacy roles Administrator or Operator are also supported.
|
-> set /SP/clients/activedirectory/customgroups/1 name=CN=spSuperCust,OU=Groups,DC=sales,DC=oracle,DC=com
Set 'name' to 'CN=spSuperCust,OU=Groups,DC=sales,DC=oracle,DC=com'
-> set /SP/clients/activedirectory/customgroups/1 roles=au
Set ‘roles’ to au
|
- To modify User Domains Table properties:
-> set /SP/clients/activedirectory/userdomains/1 domain=username@sales.oracle.com
Set 'domain' to 'username@sales.oracle.com'
|
- To modify Alternate Servers Table properties:
-> set /SP/clients/activedirectory/alternateservers/1 address=ip_address
|
- To modify DNS Locator Queries table properties:
-> set /SP/clients/activedirectory/dnslocatorqueries/1 service=_ldap._tcp.gc._msdcs.<DOMAIN>.<PORT:3269>
|
The DNS Locator service query identifies the named DNS service. The port ID is generally part of the record, but it can be overridden by using the format <PORT:636>. Also, named services specific for the domain being authenticated can be specified by using the <DOMAIN> substitution marker.
|
Name
|
Domain
|
|
1
|
_ldap._tcp.gc._msdcs.<DOMAIN>.<PORT:3269>
|
|
2
|
_ldap._tcp.dc._msdcs.<DOMAIN>.<PORT:636>
|
Configure ILOM for LDAP
|
1. Log in to the ILOM CLI.
2. Use the set command to enter the proxy user name and password.
For example:
--> set /SP/clients/ldap binddn="cn=proxyuser, ou=people, ou=sales, dc=oracle, dc=com" bindpw=password
3. Enter the IP address or DNS name of the LDAP server. Type:
--> set /SP/clients/ldap address=ldap_ipaddress|DNS_name
4. (Optional) Assign the port used to communicate with the LDAP server; the default port is 389. Type:
--> set /SP/clients/ldap port=ldap_port
5. Enter the Distinguished Name of the branch of your LDAP tree that contains users and groups. Type:
--> set /SP/clients/ldap searchbase="ou=people, ou=sales, dc=oracle, dc=com"
This is the location in your LDAP tree that you want to search for user authentication.
6. Set the state of the LDAP service to enabled. Type:
--> set /SP/clients/ldap state=enabled
7. To verify that LDAP authentication works, log in to ILOM using an LDAP user name and password.
| Note - ILOM searches local users before LDAP users. If an LDAP user name exists as a local user, ILOM uses the local account for authentication.
|
Configure ILOM for LDAP/SSL
|
LDAP/SSL offers enhanced security to LDAP users by way of Secure Socket Layer (SSL) technology. Certificates are optional if Strict Certificate Mode is used.
Follow these steps to configure ILOM for LDAP/SSL:
1. Log in to the ILOM CLI.
2. Use the show command to view top-level properties. Type:
-> cd /SP/clients/ldapssl
/SP/clients/ldapssl
-> show
/SP/clients/ldapssl
Targets:
admingroups
alternateservers
cert
customgroups
opergroups
userdomains
Properties:
address = 10.5.121.321
defaultrole = Administrator
logdetail = trace
port = 0
state = disabled
strictcertmode = disabled
timeout = 4
Commands:
cd
set
show
|
3. Use the show command to view information in the tables. Type:
-> show /SP/clients/ldapssl/name/n
Where n is 1 through 5, and where name is one of the following:
- admingroups (for Admin Groups properties)
- opergroups (for Operator Groups properties)
- customgroups (for Custom Groups properties)
- userdomains (for User Domains properties)
- alternateservers (for Alternate Servers properties)
- cert (for certificate properties - cert is not a table; therefore the value of 1 through 5 for n does not apply)
You can use the show command to retrieve the certificate properties:
-> show /SP/clients/ldapssl/cert
/SP/clients/ldapssl/cert
Targets:
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
|
You can also use the show command to retrieve the alternate server certificate properties:
-> show /SP/clients/ldapssl/alternateservers/1/cert
/SP/clients/ldapssl/alternateservers/1/cert
Targets:
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
|
4. Use the set command to configure top-level properties.
For example:
-> set address=10.5.121.321
Set ’address’ to 10.5.121.321
->set ...etc. for defaultrole, logdetail, port, state, strictmode, timeout
|
5. Use the set command to load a certificate or to modify properties.
For example:
- To load an LDAP/SSL certificate:
-> set /SP/clients/ldapssl/cert load_uri=tftp://10.6.142.192/sales/cert.cert
Set ’load_uri’ to ’tftp://10.6.142.192/sales/cert.cert’
|
- To load an Alternate Server certificate:
-> set /SP/clients/ldapssl/alternateservers/1/cert load_uri=tftp://10.6.142.192/sales/cert.cert
Set ’load_uri’ to ’tftp://10.6.142.192/sales/cert.cert’
|
- To modify Admin Groups properties:
-> set /SP/clients/ldapssl/admingroups/1 name=CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com
Set 'name' to 'CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com'
|
- To modify Operator Groups properties:
-> set /SP/clients/ldapssl/opergroups/1 name=CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com
Set 'name' to 'CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com'
|
- To modify Custom Groups properties:
| Note - You can set the role to any one or a combination of Admin (a), User Management (u), Console (c), Reset and Host Control (r), or Read Only (o). The legacy roles Administrator or Operator are also supported.
|
-> set /SP/clients/ldapssl/customgroups/1 name=CN=spSuperCust,OU=Groups,DC=sales,DC=oracle,DC=com
Set 'name' to 'CN=spSuperCust,OU=Groups,DC=sales,DC=oracle,DC=com'
-> set /SP/clients/ldapssl/customgroups/1 roles=au
Set ‘roles’ to au
|
- To modify User Domains properties:
| Note - In the example below, <USERNAME> represents a user’s login name. During authentication, the user’s login name replaces <USERNAME>.
|
-> set /SP/clients/ldapssl/userdomains/1 name=<USERNAME>@uid=<USERNAME>,OU=people,DC=oracle,DC=com
Set 'domain' to 'uid=<USERNAME>,OU=people,DC=oracle,DC=com’
|
- To modify Alternate Servers properties:
-> set /SP/clients/ldapssl/alternateservers/1 address=ip_address
|
Configure ILOM for RADIUS
|
1. Log in to the ILOM CLI.
2. To display the properties of RADIUS, type:
-> show /SP/clients/radius
For example:
-> show /SP/clients/radius
/SP/clients/radius
Targets:
Properties:
address = 0.0.0.0
defaultrole = Operator
port = 1812
secret = (none)
state = disabled
|
3. Use the set command to modify properties.
For example:
-> set /SP/clients/radius ipaddress=1.2.3.4 port=1812 state=enabled defaultrole=administrator secret=changeme
For a description of the RADIUS settings, see Configure ILOM for RADIUS.
Log In to ILOM Using a New User Account
|
Use this procedure to log in to ILOM to verify that the non-root user account is functioning properly.
Follow these steps to log in to ILOM as a non-root account user:
1. Using a Secure Shell (SSH) session, log in to ILOM by specifying your user name and IP address of the server SP or CMM.
$ ssh root@system_ipaddress
Or
$ ssh -l username ipaddress
If ILOM is operating in a dual-stack network environment, the system_ipaddress can be entered using either an IPv4 or IPv6 address format.
For example:
For IPv4 - 10.8.183.106
or
For IPv6 - [fec0:a:8:b7:214:4fff:5eca:5f7e/64]
The ILOM Login prompt appears.
For more information about entering IP addresses in a dual-stack environment, and for diagnosing connection issues, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
2. Type the user name and password for the user account.
<hostname>: <assigned_username>
Password: <assigned_password>
The ILOM CLI prompt appears (->).
Log Out of ILOM
|
At the command prompt, type:
-> exit
What Next?
You can now continue to customize your ILOM configuration for your system and data center environment. Before you configure ILOM for your environment, refer to the Oracle Integrated Lights Out Manager 3.0 Concepts Guide for an overview of the new ILOM 3.0 features and functionality. Knowing how the new ILOM features will affect your environment will help you configure ILOM settings so that you can access all of ILOM’s capabilities in your system and data center.
Also refer to the Oracle ILOM 3.0 Procedures Guides for descriptions of how to perform ILOM tasks using a specific user interface and to your platform ILOM Supplement or platform Administration guide for platform-specific configuration instructions.
The ILOM 3.0 Documentation Collection can be found at:
http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic
| Oracle Integrated Lights Out Manager (ILOM) 3.0 Getting Started Guide
|
820-5523-12
|
   
|
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.