Pages

Tuesday, November 6, 2018

Remotely Login & Run Commands on ILOMs

Logging into Oracle's Integrated Lights Out Manager (ILOM) to get info can be a real pain, so I wrote this script to do it for me. Normally one would use use Simple Network Management Protocol (SNMP) or Intelligent Platform Management Interface (IPMI), but due to security concerns I was not able to use either of these options. Even with the latest firmware installed the ILOMs would not support modern security practices. So I was forced to find anther way. I needed to write a script that would wait for a prompt and then fill it in for me. Expect an extension to the Tcl scripting language is great for this kind of stuff, but I decided to use HERE which is even easier.

In order to make this work I created the user mancnt on the local system and on all the ILOMs. I also created a SSH key and setup an SSH agent on the local system and then I copied the key over to the ILOMs. If you don't know how to setup SSH keys check out my last post on how to do it  "A Better Way to Setup SSH Keys". You will also need a file containing the hostnames of the ILOMs you want access. In the example script below I use two such files, lsILOMb and lsILOMc, one for the blades and one for the chassis.


#!/bin/bash
#
# This section is for the ILOM blades
 HERE-ILOM(){
ssh $1 2>/dev/null <show /SP/network macaddress
HERE
}
# This section is for the ILOM Chassis
HERE-ILOMc(){
ssh $1 2>/dev/null <show /CMM/network macaddress
HERE


# To get IP address from hostname
Ping-to-IP(){
ping -c1 $1 |grep PING|awk '{print $3}'|sed -e 's/(//' -e 's/)//'
}

# Main section
ps aux|grep manacnt|grep -v grep |grep agent &>/dev/null || echo "Need to have an agent running"

# Section for ILOMs on Oracle Blades
for s in $(cat lsILOMb)
do echo -e "$(Ping-to-IP $s),$(HERE-ILOM $s),Embedded Linux,$s"
done

# Section for ILOMs on Oracle Chassis
for s in $(cat lsILOMc)
do echo -e "$(Ping-to-IP $s),$(HERE-ILOMc $s),Embedded Linux,$s,FALSE,ILOM,N611"
done

So the script generates a comma-separated values (CVS) file, which contains the IP address, MAC address, OS, and hostname. I then give this file to the network security people.

Example output: 10.0.1.20,00:10:e0:40:c2,Embedded Linux,server-ilom

If you have any questions feel free to ask them below.


at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)