Tag Archives: HP

Using vSphere Update Manager to deploy HP Drivers and Patches for ESXi 5

05 Sunday Jan 2014

Posted by in ESXi, HP, VMware

Leave a comment

Tags

, ,

This post demonstrates how to add your server vendor’s (in this case HP) VMware VIBs to VMware vSphere Update Manager. This allows you to apply drivers, patches and updates specific to your server platform directly to ESXi. You use the same workflow as you would a VMware patch: scan for updates and remediate host. Its that simple.

Many server vendors release OEM Customized Installers for ESXi5. Its a good idea to use them because they include the necessary drivers and integration for ESXi. Ever wonder why you don’t have good detection of hardware on the Host’s Hardware Status tab (View: Sensors)?  Use the OEM version of ESXi and you will. For this post I use ESXi5.1 on HP DL360G5 servers.

For reference, using the URL below, you go to the VMware ESXi download site, select your ESXi version, click the Custom ISO tab and then click >OEM Installer CDs to expand the category. Select your vendor and that’s the ISO you should use when you install or upgrade ESXi.

HPvibdepot-000

For ESXi 5.1 the URL is:
https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_1#custom_iso

Now, on to the reason for this post. The HP VIBs are posted to the sites below.

HP VIBs Home page:
http://vibsdepot.hp.com/

Root of the HP VIBs.
http://vibsdepot.hp.com/hpq/

VIBs index used in this post for ESXi 5.1:
http://vibsdepot.hp.com/hpq/sep2013/index.xml

1) Login to vCenter. Select Home > under Solutions and Applications select Update Manager.

HPvibdepot-00

2) On the Configuration tab, select Download Settings. Under Download Sources, click Add Download Sources on the right.

HPvibdepot-01

3) Enter your Source URL and a description. In this case its http://vibsdepot.hp.com/hpq/sep2013/index.xml. Click Validate URL and when successful click OK.

HPvibdepot-02

a) Note: as of the date of this post, Sept 2013 is the latest VIB update for ESXi 5.1. Using the root URL above (http://vibsdepot.hp.com/hpq/) you simply select the latest date in the directory for the version of ESXi you are running. That way you only download what you need.

4) Back on the Download Settings page, click Apply. This creates the Download source.

HPvibdepot-03

5) Click the Download Now button to start the download. Click OK on the Download Task pop-up window.

HPvibdepot-04

6) Select the Events tab. This is where you can see how many patches were downloaded.

HPvibdepot-05

7) On the patch repository page, sort by vendor and you can see the patches that were downloaded. Note that the patches are automatically added to the Critical and Non-Critical Host Patches baselines. Make sure they are attached to your Datacenter or Hosts.

HPvibdepot-06

8) Right-click your Cluster and select Scan for Updates. Select Patches and Extensions as well as Upgrades and click Scan to scan your hosts.

9) Since this process will update drivers and possibly the ESXi kernel (security and bug fixes), its a good idea to patch one host to verify stability. Place a Host into maintenance mode (right-click Host > Enter Maintenance Mode). When done right-click the host and select Remediate. Select Critical and Non Critical Baselines (on the right) and then complete the Wizard based on your shop’s patching practices.

10) After the host reboots and comes online in vCenter, make sure it’s functional. Verify vMotion, VMkernel Ports, Datastores, etc., check the Host’s Hardware Status tab and see if you notice that additional hardware sensors are now available. If everything is good, continue to remediate your Hosts.

As a side note, if you are in a secure location that does not allow internet access, you could download the patches and index file, stage them with HFS and and download them into Update Manager. For reference, see my HFS post for NetApp’s ONTAP upgrade here.

Install HP ArcSight Logger v5.3.1

08 Saturday Jun 2013

Posted by in HP, Linux, Security

Leave a comment

Tags

, ,

This is a follow-up post from a previous post here: http://slice2.com/2013/06/05/tweaking-the-hp-arcsight-logger-centos-vmware-appliance/

You can continue the installation with the post below. Once you get to the step to run the installer script, I have colored the answers in red text. The final post to be completed soon will show installation of connectors and Logger configuration.

Note: the default factory root password is arcsight.

1) Login as root and install man pages.
-> yum install man -y

2) Create user for services that cant run as root.
-> useradd -d /home/arcsvcadm -c “Arcsight Service Accoint” arcsvcadm
-> passwd arcsvcadm

3) Change hostname and set a static IP.
-> vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=<your hostname>
GATEWAY=<your gateway IP address>
-> wq!

-> vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
IPADDR=”<your IP address>”
NETMASK=”255.255.255.0″
BROADCAST=”<your broadcast address>”
IPV6INIT=”no”
ONBOOT=”yes”
TYPE=”Ethernet”
-> wq!

-> vi /etc/hosts
<your IP address> <your hostname> <your FQDN>
->wq!
-> reboot

4) Add another disk to the VM. Right-click VM and selet Edit Settings.
a) Click Add on the Hardware tab.
b) Select Hardrive and click Next.
c) Create a New Virtual Disk and click Next.
d) Edit your disk size (20 gigs is fine to test), whether think or thin and click Next.
e) Accept defaults on Advanced options and click Next.
f) Click Finish.
g) Wait a minute and reboot the VM.

5) Log in as root and copy the binary to the correct execution location.
-> cd /opt/arcsight/installers
-> ls -l
-rwxr—–. 1 arcsight arcsight 467865676 Apr 16 08:00 ArcSight-logger-5.3.1.6838.0.bin
-rwxr—–. 1 arcsight arcsight        67 Apr 16 08:00 ArcSight-logger-5.3.1.6838.0.bin.md5
-> cp ArcSight-logger-5.3.1.6838.0.bin /opt/arcsight/logger/

6) Run the installer.
-> cd /opt/arcsight/logger/
-> ./ArcSight-logger-5.3.1.6838.0.bin

Preparing to install…
Extracting the JRE from the installer archive…
Unpacking the JRE…
Extracting the installation resources from the installer archive…
Configuring the installer for this system’s environment…

Launching installer…
Graphical installers are not supported by the VM. The console mode will be used instead…
=========================================================================
ArcSight Logger 5.3 SP1                          (created with InstallAnywhere)
——————————————————————————-

Preparing CONSOLE Mode Installation…

=========================================================================
Introduction
————

InstallAnywhere will guide you through the installation of ArcSight Logger 5.3 SP1.

It is strongly recommended that you quit all programs before continuing with this installation.

Respond to each prompt to proceed to the next step in the installation.  If you want to change something on a previous step, type ‘back’.

You may cancel this installation at any time by typing ‘quit’.

PRESS <ENTER> TO CONTINUE: (pres enter)

=========================================================================
License Agreement
—————–

Installation and Use of ArcSight Logger 5.3 SP1 Requires Acceptance of the Following License Agreement:

END USER LICENSE AGREEMENT

PLEASE READ CAREFULLY: THE USE OF THE SOFTWARE IS SUBJECT TO THE TERMS AND
CONDITIONS THAT FOLLOW (“AGREEMENT”), UNLESS THE SOFTWARE IS SUBJECT TO A
SEPARATE LICENSE AGREEMENT BETWEEN YOU AND HP OR ITS SUPPLIERS.  BY
DOWNLOADING, INSTALLING, COPYING, ACCESSING, OR USING THE SOFTWARE, OR BY
CHOOSING THE “I ACCEPT” OPTION LOCATED ON OR ADJACENT TO THE SCREEN WHERE THIS
AGREEMENT MAY BE DISPLAYED, YOU AGREE TO THE TERMS OF THIS AGREEMENT, ANY
APPLICABLE WARRANTY STATEMENT AND THE TERMS AND CONDITIONS CONTAINED IN THE
“ANCILLARY SOFTWARE”  (as defined below). IF YOU ARE ACCEPTING THESE TERMS ON
BEHALF OF ANOTHER PERSON OR A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND
WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY, OR LEGAL
ENTITY TO THESE TERMS.  IF YOU DO NOT AGREE TO THESE TERMS, DO NOT DOWNLOAD,
INSTALL, COPY, ACCESS, OR USE THE SOFTWARE, AND PROMPTLY RETURN THE SOFTWARE
WITH PROOF OF PURCHASE TO THE PARTY FROM WHOM YOU ACQUIRED IT AND OBTAIN A
REFUND OF THE AMOUNT YOU PAID, IF ANY.  IF YOU DOWNLOADED THE SOFTWARE, CONTACT
THE PARTY FROM WHOM YOU ACQUIRED IT.

This Software may be provided to you by Electronic Delivery. “Electronic
Delivery” means any delivery of Software to you that is made solely by remote

PRESS <ENTER> TO CONTINUE: (press enter about 14 times to get to the end)

DO YOU ACCEPT THE TERMS OF THIS LICENSE AGREEMENT? (Y/N): Y

Custom code execution Started…
Custom code execution Completed…
Custom code execution Started…
Custom code execution Completed…

=========================================================================
Choose Install Folder
———————

Provide a location for ArcSight Logger 5.3 SP1 that has a minimum of 30GB of storage available.

Where would you like to install?

Default Install Folder: /opt

ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
: /opt/arcsight/logger

INSTALL FOLDER IS: /opt/arcsight/logger
IS THIS CORRECT? (Y/N): y

=========================================================================
Select License Type
——————-

This installation package includes a trial license that can be used for a limited period to evaluate the product. For deploying in a production environment, you need a license file from HP.

Do you have license file for this installation?

1- No, use the trial license
->2- Yes

ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT:: 1

=========================================================================
Pre-Install Summary
——————-

Please Review the Following Before Continuing:

Product Name:
ArcSight Logger 5.3 SP1

Install Folder:
/opt/arcsight/logger

PRESS <ENTER> TO CONTINUE: (press enter)

=========================================================================
Installing…
————-

[=================|=================|=================|=================]
[—————————————————————————-

=========================================================================
User Settings
————-

Due to product security requirements, certain Logger processes cannot be run as a root user. Therefore, a non-root user account is required even when you install Logger as a root user.

Enter a non-root user name that exists on this system. Optionally, enter an alternate HTTPS port.

NOTE: Once you press [Enter], you cannot change the entered values.

User Name (DEFAULT: ): arcsvcadm

HTTPS Port (DEFAULT: 443): 443

Custom code execution Started…
Custom code execution Completed…

=========================================================================
User Settings
————-

Choose if you want to run Logger as a system service.

NOTE: Once you press [Enter], you cannot change the entered value.

->1- Configure as a service
2- Configure as standalone

ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT:: 1

=========================================================================
Locale Setting
————–

Select the Locale setting.
The Locale setting ensures that the user interface displays information such as date, time, numbers, and messages in the format and language appropriate for the selected country.

Once configured, Locale cannot be changed.

->1- English (United States)
2- Japanese (Japan)
3- Simplified Chinese
4- Traditional Chinese

ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT:: 1

Custom code execution Started…
Custom code execution Completed…

=========================================================================
Begin Initialization
——————–

The installation of Logger software was successful…

Initialization will begin after pressing [Enter].  This may take several minutes.

PRESS <ENTER> TO CONTINUE: (press enter)

=========================================================================
Begin Configuration
——————-

The initialization of Logger software was successful…

Configuration of Logger will start after pressing [Enter].

The Configuration Complete screen is displayed once configuration is complete and Logger has started up.

PRESS <ENTER> TO CONTINUE: (press enter)

=========================================================================

Custom code execution Started…
Custom code execution Completed…

=========================================================================
Configuration Is Complete
————————-

Logger has started. Press [Enter] to close the installer.

Use this URL to access the Logger User Interface.

https://10.10.10.34:443/  (note – your URL will show your IP address)

PRESS <ENTER> TO CONTINUE: (press enter)

7) Launch a browser and login to the URL above as the factory default admin/password.

Tweaking the HP ArcSight Logger CentOS VMware Appliance

05 Wednesday Jun 2013

Posted by in HP, Linux

Leave a comment

Tags

,

So, HP ArcSight Logger is a CentOS 6.2 VMWare appliance. If you want to kick the tires, patch it and add a GUI desktop, perform the following steps.

– Note that this probably voids your support and is totally unsupported by HP.

1) Download the VM appliance from the URL below. I selected the VMware appliance. Extract the zip file and import the OVA into vCenter.

Click Trials and Demos here:
http://www8.hp.com/us/en/software-solutions/software.html?compURI=1314386

2) The The default root password is arcsight. They have configured ssh to allow remote root logins which is odd for a Security related product.

-> ssh root@<your logger vm IP>

3) Add the CentOS repository to yum.conf.

-> vi /etc/yum.conf and add the section below to the bottom of the file.

[base]
name=CentOS-$releasever – Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos6
enabled=1
#released updates

-> wq!

4) Import the key.

-> rpm –import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

4) Update yum.

-> yum update  (enter no to update all packages)

5) Install the Desktop.

For a Gnome desktop run:
-> yum groupinstall Desktop

For a KDE desktop run:
-> yum groupinstall “kde desktop”

When done installing, fix a bug and add a few rpms.

-> mkdir -p /var/run/dbus/system_bus_socket;chmod 775 /var/run/dbus/system_bus_socket

-> yum install perl

-> yum install gpm

-> -yum install xorg-x11-drv-intel

6)  Install VMware tools. Copy the vmware tools for linux iso file over to the vm via scp or Winscp, place in /tmp and mount.

-> mount -o loop VMware-tools-linux-9.0.5-1065307.iso /mnt

-> cd /mnt

-> cp VMwareTools-9.0.5-1065307.tar.gz /tmp/

-> cd /tmp/

-> umount /mnt

-> tar -zxvf VMwareTools-9.0.5-1065307.tar.gz

-> cd vmware-tools-distrib

-> ./vmware-install.pl  (and follow the prompts – defaults are fine for now)

-> reboot

7) Increase the size of /boot so the patches can be applied. Download the systemrescuecd ISO, attach to the VM and boot into it. Note that you may have to boot into the VM bios and change the boot order by moving the CDROM device to the top.
a) once the ISO boots, at the prompt enter: startx.
b) Click the CD icon in the lower left corner (like the Start menu in Windows), System > GParted.
c) Right-click /dev/sda3 and select Resize/move. Reduce the size by 2 Gigs and click Resize/Move. At the top under Partition, click the green Check Mark to apply the changes. This will take about 5 minutes. Right-click /dev/sda3 and select Resize/Move. On the slider bar, click the partition itself and move it to the right as far as it will go. This changes the start of the partition and allows you to resize /boot. Click the green check mark and ignore the warning about moving the partition.
d) Right-click /dev/sda2 and select Resize/Move. Increase the size by the remaining space available clicking the small up arrow in the New Size field and click Resize/Move. At the top under Partition, click the green Check Mark to apply the changes. This will take about 5 minutes.
e) Click the CD Icon and click Log Out > Log Out.
f) Shutdown the VM and disconnect the ISO from within Edit Settings. When done power on the VM.

8) Log in as root and update the rest of the VM.

-> yum upgrade

-> reboot

Integrating HP iLO with Microsoft AD and Certificate Services

25 Monday Mar 2013

Posted by in HP, Security

Leave a comment

Tags

,

Although HP has come a long way with iLO, it is still quite picky when it comes to AD integration and certificate management. This document is an attempt to make it easier to accomplish. Updating your firmware is the most important step. Don’t skip it.

I created a document detailing the steps. Download the pdf here: Integrating HP ILO with AD and CS