Search our Blogs
Showing results for 
Search instead for 
Do you mean 
 

Automated iLO Management with Chef

Guest blog by Vivek Bhatia - DevOps Consultant, DCIA COE, TS R&D

 

HPE servers have been the first choice for customers around the globe for decades, and there is a pressing need to enable automated configuration of these servers within data centers. Logging into thousands of iLO web UIs and making manual changes just doesn’t cut it in today’s fast-paced environment that requires IT speed and agility.  Tasks like changing iLO administrator passwords on a quarterly basis to comply to security guidelines might take days manually, but the same task can be done in minutes using automation.

 

The HPE DC-IA team has created an easy-to-use solution for customers with HPE Gen8 and Gen9 servers to enable configuration automation with Chef. This blog serves as an introduction to this integration and a spring-board to help customers start using it.

 

In this solution, we combined the key enabling feature of HPE Gen8 and Gen9 servers: iLO4 & Redfish APIs, with the power of one of the industry’s leading configuration management tools: Chef (https://www.chef.io).

Our automation solution combines Chef with two HPE components that work hand-in-hand:

 

iLO Ruby SDK – This software library, known as ilo-sdk-ruby, contains a set of Ruby classes and methods to make it easy to interact with the and perform automation tasks.

 

iLO Chef cookbook-  This cookbook provides the necessary resources to define iLO configurations within Chef recipes. It uses the ilo-sdk-ruby library under the hood to interact with iLOREStful APIs and perform the desired configuration tasks. It also allows users to easily apply these definitions on iLOs across their datacenters; managing entire datacenters becomes as easy as managing a single server

Figure 1, below, shows a how the solution integrates the different components. The chef-client runs on a workstation with a Chef cookbook, which contains the configuration code for any number of iLOs. The chef-client execution will make REST API calls to the iLOs to ensure they match the provided configuration. It’s also intelligent; changes will only be applied if the server configuration does not match what is defined in code.

 

 

chef1.JPG

Figure 1, Shows a how the solution integrates the different components. The chef-client runs on a workstation with a Chef cookbook, which contains the configuration code for any number of iLOs. The chef-client execution will make REST API calls to the iLOs to ensure they match the provided configuration. It’s also intelligent; changes will only be applied if the server configuration does not match what is defined in code. 

 

Figure 2 shows a sample Chef recipe to manage the configuration of multiple iLOs:

chef2.png

 Let’s break the recipe shown in Figure 2 down. First we define an array named ilo_list that contains the information necessary to connect to our iLOs. We’ll pass this array into each of the subsequent resource definitions below, which will result in Chef taking the same actions on each of these iLOs.

 

]
ilo_user ‘bob’ do
  ilos ilo_list
  password ‘password123’
  login_priv true
  remote_console_priv false
end

The ilo_user resource is used to manage user accounts on the iLOs listed in ilo_list. In this case, it is used to manage a user account with the username ‘bob’, password ‘password123’, and permission to login, but not to access a remote console. When the recipe is run, Chef will ensure this user account exists on all the iLOs and that the password and privileges match.

 

 

ilo_date_time 'set time zone and NTP servers' do
  ilos ilo_list
  use_dhcp4 false
  ntp_servers [’10.168.0.2’, ’10.168.0.3’]
  time_zone "US/Pacific"
end

 

The ilo_date_time resource is used to manage date and time settings on the machines listed in ilo_list. With the use_dhcpv4 attribute, we are basically saying not to use the network-supplied time so we can set things manually. Next we declare a list of NTP servers to use with the ntp_servers attribute and set the time zone to ‘US/Pacific’ with the time_zone attribute.

 

 

ilo_bios ‘set a subset of BIOS settings’ do
  ilos ilo_list
  settings (
                Bootmode:  ‘Uefi’,
                NetworkBootRetry: ‘Enabled’,
                NicBoot1: ‘NetworkBoot’,
                UefiShellStartup: ‘Disabled’,
                UefiShellStartupLocation: ‘Auto’
                )
     notifies :resetilo,  ‘ilo_power[reset ilo]’
end

 

Using the ilo_bios resource, we specify a subset of the iLO BIOS settings that we care about. There are many more that we could specify, but only these settings will be maintained by Chef. We also tell Chef to restart the iLO when any of these settings are updated.

 

ilo_power ‘reset ilo’ do
  ilos ilo_list
  action :nothing
end

This resource doesn’t do anything by default because of the action being set to :nothing. However, other resources like the ilo_bios one above can actually notify Chef to change that action to :resetilo. This way the iLOs only get reset if a resource notifies that a change occurred and a reset needs to happen.By leveraging the iLO Chef cookbook you can model your iLO configuration as code and ensure that all of your iLOs consistently meet your technical requirements.

 

There are plethora of opportunities in IT to automate the operations using the principles of Infrastructure as Code. Our DC-IA team is here to assist you in your journey; please refer to the HPE DC-IA Service Link below to find out more.

 

 

iLO Chef Cookbook: https://github.com/HewlettPackard/ilo-chef 

iLO Ruby SDK: https://github.com/HewlettPackard/ilo-sdk-ruby

HPE DC-IA Service Link: http://www8.hp.com/us/en/business-services/it-services/datacenter-infrastructure-automation.html

 

This work would have not been possible without the help of Jared Smartt (Fort Collins, Colorado) who made tremendous contribution to this code as well to accelerate this project.

Comments
Bogdan Katyński
| ‎12-08-2016 06:37 AM

It's typical in chef-managed infrastructures that the chef-client is configuring the very node it runs on. In your example, however, you're using a gateway or in other words a command&control server to manage iLOs of other servers.

 

We were thinking of the same model in my organizaiton, however there're multiple challenges involved with that approach and for us, it would be much better if the server could manage it's own iLO controller using chef.

 

Is it possible to achieve through ipmi? Or maybe another proprietary protocol?

 

You may disagree but in my opinion an approach where a node configures itself as opposed to a node is just a place to run some code which configures remote machines, is more in-line with the chef philosophy and best practises.

JSmartt
| ‎12-08-2016 10:01 AM

Bogdan, you're correct that it is a little different than the typical Chef management model for a node, but there are some systems that just can't be managed in that "typical" way. However, we still think it's worth being able to be managed, and that Chef is a great tool to enable it.

 

The same model can be seen with the OneView and AWS cookbook, as well as other cloud providers that utilize an API. When the API is the authoritative way to manage a resource, it makes just as much sense to run it remotely as it would to run it locally and reach out to that same API via a localhost connection. Additionally, making the iLO natively support the Chef client could have some very serious security, performance, and reliabilty implications; problems you really don't want to have on an iLO or management device.

 

It's still configuration management, but it looks a lot more like Terraform or CloudFormation.

Hope this helps!

Bogdan Katyński
| ‎12-09-2016 01:44 AM

Hi JSmartt,

 

It's great to see every initiative that helps to bridge the gap between managing "the frontend" - operating system side of the server and the "backend" - hardware side.

 

However, in our environment, it would be easier if iLO could be managed from the host's operating system directly by chef-client running on that server. We already do some limited iLO configuration with chef through ipmi.

Level 5 Level 5
‎12-12-2016 11:22 AM - edited ‎12-12-2016 11:22 AM

Hello Bogdan

 

Thank you for your inputs, we take your feedback and will look on ways to improve our offering. In the mean time you might also want to take a look at our update Cookbook for iLO https://github.com/HewlettPackard/chef-ilorest-cookbook 

 

AnaM

Bogdan Katyński
| ‎12-13-2016 07:53 AM

Thank you for the link AnaM.

 

I will definitelly check it out. I'm actually looking for a way to turn on a feature in iLO through chef so the cookbook comes right in time :)

 

I'm looking forward to more chef cookbooks for managing HP servers. They're much appreciated.

 

Bogdan

Vivek Bhatia
| ‎02-16-2017 10:35 AM

Here is the link for the Github repository: https://github.com/HewlettPackard/ilo-chef

Social Media
† The opinions expressed above are the personal opinions of the authors, not of HPE. By using this site, you accept the Terms of Use and Rules of Participation