Use configuration scripts to simplify new enclosure deployment and configuration, particularly when setting up multiple enclosures, eliminating the need to configure each enclosure manually. Capturing your best practices and compliance rules, HPE OneView copies the script from the enclosure group to the logical enclosure, and then executes it on the physical enclosure. You can create, edit, or delete an enclosure configuration script from either the Enclosure Groups screen or the Logical Enclosures screen.
To create a configuration script, do one of the following:
-
Extract a script from a configured OA.
-
Copy an existing configuration script from the Logical Enclosures or Enclosure Groups screen, and then paste it into a new enclosure group. Edit the script as necessary before clicking OK to apply.
The configuration script is run on the physical enclosure when:
-
You add an enclosure and the associated enclosure group contains a configuration script.
-
You edit the configuration script of a logical enclosure. Clicking OK to save your changes will run the script.
-
You select Logical Enclosures→Actions→Reapply configuration to re-run the OA configuration script associated with the logical enclosure (not the enclosure group). The action also verifies that SSO, SNMP and NTP are configured correctly on the enclosure and that the OA firmware is up to date. The action takes place immediately and requires no other interaction unless there is lost connectivity to the enclosure, in which case you are prompted to re-enter the OA IP address or host name and credentials.
-
You select Logical Enclosures→Actions→Update from group which copies the enclosure configuration script from the associated enclosure group to the logical enclosure and then runs the script.
You can initially enter passwords, SNMP community strings, and pass phrases in plain text as you create an enclosure or enclosure group script. However, all passwords, SNMP community strings, and pass phrases are masked (replaced by *********) in any UI or REST API response and are never displayed in plain text.
If you replace the ********* password string with another string and rerun the script, the password is changed to the new string. Note that some commands cannot be run a second time. For example, if you rerun the ADD USER command on the same enclosure and have changed the username ****************** string, the command will fail because that user already exists. In this situation, remove the newly added user before you rerun the script.
If any part of the command that is returned with ********* is changed, and you do not replace ********* with another string, the value of the password or the SNMP community string becomes *********. For example, if you submit the script with the command SET USER PASSWORD , the script returns user_name1 new_passwordSET USER PASSWORD . If you change the command to SET USER PASSWORD user_name1 *********user_name2 *********, the password for user_name2 is set to *********, and not new_password.
A subset of OA commands is disallowed in the enclosure configuration script to prevent conflicts with the appliance configuration and settings. There is no syntax checking or other validation of the remaining script. See Disallowed OA commands for a list of the OA commands not allowed in a configuration script.
View or download OA command documentation for a complete reference of OA commands.
-
Required privileges: Administrator
Extracting a script from a configured OA
-
Access the Onboard Administrator from the Enclosures screen by clicking the OA link in the Hardware panel.
-
From the OA CLI, enter the
SHOW CONFIGcommand to view the current configuration script for the enclosure. -
Copy the generated script, and then paste it into the Configuration script text box of the Create Enclosure Group screen for a new enclosure group (or the Edit Enclosure Group screen for an existing enclosure group).
For security, the retrieved current configuration does not contain any user passwords. You can manually edit the script to add the user passwords after the user name on the ADD USER lines.
Copy an existing configuration script from the Logical Enclosures or Enclosure Groups screen.
-
Required privileges: Server administrator
Copying an OA configuration script
-
From the main menu. select one of the following:
-
Logical Enclosures→Edit
-
Enclosure Groups→Edit
-
-
Copy the configuration script, and then click Cancel to close the Edit screen.
-
Paste the configuration script into another Logical Enclosures or Enclosure Groups Edit screen.
-
![[NOTE: ]](images/note.gif)
NOTE: Copied configuration scripts could contain disallowed commands that leave the enclosure unusable. When you apply a configuration script to a logical enclosure, you are notified of disallowed commands and the script is not allowed to run. You must edit the configuration script and remove the disallowed commands before the script can be applied. For a list of the disallowed commands, see Disallowed OA commands.
For a complete reference of OA commands, view or download the HPE BladeSystem Onboard Administrator Command Line Interface User Guide from the HPE Support Center.
The following commands are not allowed in an enclosure configuration script because they conflict with the appliance configuration and could prevent the appliance from operating properly and securely.
| Disallowed OA commands | ||
|---|---|---|
| ADD EBIPA | REMOVE CA CERTIFICATE | SET ENCLOSURE NAME |
| ADD EBIPAV6 | REMOVE EBIPA | SET ENCLOSURE SERIAL_NUMBER |
| CLEAR NTP | REMOVE EBIPAV6 | SET ENCRYPTION |
| CLEAR VCMODE | REMOVE HPSIM CERTIFICATE | SET FACTORY |
| DISABLE DHCP_DOMAIN_NAME | REMOVE OA ADDRESS IPV6 | SET FIPS MODE |
| DISABLE EBIPA | REMOVE SNMP TRAPRECEIVER | SET HPSIM TRUST MODE |
| DISABLE EBIPAV6 | REMOVE SNMP TRAPRECEIVER V3 | SET IPCONFIG |
| DISABLE FIRMWARE MANAGEMENT | REMOVE SNMP USER | SET NTP |
| DISABLE HTTPS | REMOVE TRUSTED HOST | SET NTP PRIMARY |
| DISABLE IPV6 | REMOVE USER CERTIFICATE | SET OA DOMAIN_NAME |
| DISABLE IPV6DYNDNS | REMOVE USER vcmuser | SET OA NAME |
| DISABLE NTP | REMOVE USERS ALL | SET PASSWORD |
| DISABLE SLAAC | SAVE EBIPA | SET SNMP COMMUNITY READ |
| DISABLE SNMP | SAVE EBIPAV6 | SET SSO TRUST MODE |
| DISABLE TRUSTED HOST | SET DATE | SET TIMEZONE |
| DISABLE USER vcmuser | SET EBIPA | SET USER ACCESS vcmuser |
| ENABLE DHCP_DOMAIN_NAME | SET EBIPAV6 | SHOW ALL |
| ENABLE EBIPA | SET EBIPA INTERCONNECT | SHOW SYSLOG { OA | HISTORY } |
| ENABLE EBIPAV6 | SET EBIPA SERVER | UNASSIGN { SERVER | INTERCONNECT } { <bay number> | ALL | <bay number range> } vcmuser |
| ENABLE FIRMWARE MANAGEMENT | SET ENCLOSURE ASSET TAG | UNASSIGN OA vcmuser |
Sample OA-Script.cfg script
#Sample script for HPE OneView # #NOTE: Set Enclosure Information SET RACK NAME "Insert_Rack_Name" #Optionally Configure Power SET POWER MODE REDUNDANT SET POWER SAVINGS ON SET ENCLOSURE POWER_CAP OFF SET ENCLOSURE POWER_CAP_BAYS_TO_EXCLUDE None #Set Interconnect PowerDelay Information SET INTERCONNECT POWERDELAY 1-8 0 #Set Server Power Delay Information SET SERVER POWERDELAY 1-16 0 #Optionally Configure Alertmail SET ALERTMAIL SMTPSERVER DISABLE ALERTMAIL #Optionally Configure NTP SET NTP SECONDARY SET NTP POLL 720 #Optionally Set Remote Syslog Information SET REMOTE SYSLOG SERVER "" SET REMOTE SYSLOG PORT 514 DISABLE SYSLOG REMOTE #Optionally ADD a new user account and set as Admin on ALL bays ADD USER "admin" "password" SET USER CONTACT "admin" "" SET USER FULLNAME "admin" "" SET USER ACCESS "admin" ADMINISTRATOR ASSIGN SERVER 1-16 "admin" ASSIGN INTERCONNECT 1-8 "admin" ASSIGN OA "admin" ENABLE USER "admin" #Optionally reset the default Administrator password Set USER Administrator "enter new password here" #Set Login Banner Text Information CLEAR LOGIN_BANNER_TEXT DISABLE LOGIN_BANNER #Set Network Information #NOTE: Setting your network information through a script while # remotely accessing the server could drop your connection. # If your connection is dropped this script may not execute to conclusion. #NOTE: Set the IP address and DNS name for both OA1 and OA2 SET NIC AUTO 1 SET NIC AUTO 2 ENABLE ENCLOSURE_IP_MODE SET LLF INTERVAL 60 ENABLE LLF DISABLE DHCPV6