x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
hp_mgmt_install(7) Miscellaneous Information Manual hp_mgmt_install(7)
NAME
hp_mgmt_install - Installation options for the hp-health, hp-snmp-
agents, hp-smh-templates and related packages
DESCRIPTION
The hp-health, hp-snmp-agents, & hp-smh-templates packages provide
Advanced Server Management capabilities for HP ProLiant servers. These
packages can be configured in multiple ways and are the key component
of the integrated HP ProLiant Advanced Server Management solution that
includes monitoring of storage and networking.
This document will describe configuration options available for the hp-
health, hp-snmp-agents, hp-smh-templates packages:
1 Installation and configuration
2 Minimal Installation
3 Installation with HP System Management Homepage (hpsmh) support
4 Preconfigured installation (e.g. silent installation) for hpsmh
5 Integration into a SNMP View-Based Access Control Model (VACM)
environment
INSTALLATION AND CONFIGURATION
In order for the HP management to function, various desired levels of
software must be installed and configured.
The installation of this software is the packaging method native to the
Linux distribution such as RPM or Debian dpkg. After the package has
been installed, a secondary configuration step is performed to guide
the user through the configuration process. This process allows the
user to create a custom configuration to meet the organization's server
management requirements. For full installation install the following
packages.
1 hp-OpenIPMI or the Stock OpenIPMI driver - provide access to the
embedded IPMI device.
2 hp-ilo - Provide an interface to the Integrated Lights out
device.
3 hp-health - Provides basic system health monitoring and logging
service and a set of console utilities to view data.
4 hp-snmp-agents - Provides a set of snmp agents that present
server health, storage and networking data to the SNMP stack.
5 hp-smh-templates - Provides a set of html/javascript/php pages
for viewing the SNMP data via the web via hpsmh.
6 hpsmh - Provide a web server for hp's management data.
Configuration of SNMP when hp-snmp-agents is installed
The hp-snmp-agents package requires the configuration of the SNMP stack
to operate properly. The following script is provided to assist with
this SNMP configuration.
/sbin/hpsnmpconfig
Answer the following questions.
Do you wish to use an existing snmpd.conf (y/n) (Blank is n):
The configuration script can either walk you through the SNMP
configuration process or will use an existing
"/etc/snmp/snmpd.conf" file that you have already configured for
the SNMP service. The default is to guide you through the SNMP
configuration process. If you answer "y" to this option, you
must insure that you have a fully configured "snmpd.conf" file
and that either this file or a symbolic link exists in the
"/etc/snmp" directory. There is more information later on in
this document describing how to enable the HP Advanced Server
Management agents in a SNMP View-Based Access Control Model
(VACM) environment.
Enter the localhost SNMP Read/Write community string (one word,
required, no default):
This will create the "rwcommunity" string with access limited to
the local host (127.0.0.1) IP address. This is a mandatory
parameter of your choosing. This will be masked as you enter the
string and you will be asked to confirm your entry.
Enter localhost SNMP Read Only community string (one word, Blank to
skip):
This will create the "rocommunity" string with access limited to
the local host (127.0.0.1) IP address. This will be masked as
you enter the string and you will be asked to confirm your
entry. You may press "Enter" to skip this.
Enter Read/Write Authorized Management Station IP or DNS name (Blank to
skip):
If you plan to access this server from a remote client (or HP
SIM), you need to either put in the fully qualified server name
or IP address. This will set the "rwcommunity" to be limited to
this address (plus the local host)
Enter SNMP Read/Write community string for Management Station
client.my.domain.com (one word, required, no default):
Each remote client can have a unique community string to access
this server.
Enter Read Only Authorized Management Station IP or DNS name (Blank to
skip):
Same as above except this is read only.
Enter SNMP Read/Write community string for Management Station
client.my.domain.com (one word, required, no default):
Same as above except this is read only.
Enter default SNMP trap community string
This sets the "trapcommunity" string used to send traps to a
SNMP server (such as HP System Insight Manager) if no specific
trap destination is specified.
Enter SNMP trap destination IP or DNS name
This is the destination of where the SNMP trap will be routed.
Enter trap community string for trap destination
Each trap destination can have a unique string if required.
Enter system contact information
This allows you to indentify this server or describe who is the
manager. This and the following option are "user defined" and
can be anything.
Enter system location information
User defined as needed
The HP Advanced Server Management agents will now complete the configu-
ration process and begin execution. You may change your configuration
by entering the command:
hpsnmpconfig
MINIMAL INSTALLATION
This option enables only a minimal installation with just the server
monitoring agent and manual tools such as hplog(8) or hpasmcli(4)
enabled.
To enable just the basic server management with no SNMP enabled:
1 On HP ProLiant servers with Integrated Lights-Out 2 (iLO 2) man-
agement controller, install hp-OpenIPMI or insure the stock IPMI
driver is available. On HP ProLiant servers with Integrated
Lights-Out 3 (iLO 3) management controller, check if the distri-
bution provides "hpilo" driver. If not, install the "hp-ilo"
package.
2 Install hp-health
3 reboot the server or run
/etc/init.d/hp-health start
"Light Weight Management Example Scripts"
The hp-health RPM includes a directory that has examples of how to use
the hplog(7) and hpasmcli(4) in shell scripts. These command line tools
are designed to allow easy integration into popular Open Source manage-
ment solutions such as Nagios and Ganglia. These are typically used for
system monitoring solutions that do not use the "net-snmp" SNMP stack.
The base directory is "/opt/hp/hp-health/examples". NOTE: These are
examples and are expected to be customized for your unique system moni-
toring infrastructure.
INSTALLATION WITH SNMP SUPPORT
This option enables the minimal installation plus remote access to the
data via SNMP. To enable this option do the following.
1 On HP ProLiant servers with Integrated Lights-Out 2 (iLO 2) man-
agement controller, install hp-OpenIPMI or insure the stock IPMI
driver is available. On HP ProLiant servers with Integrated
Lights-Out 3 (iLO 3) management controller, check if the distri-
bution provides "hpilo" driver. If not, install the "hp-ilo"
package.
2 Install hp-health
3 Install hp-snmp-agents
4 Configure SNMP by running "hpsnmpconfig"
5 reboot the server or run
/etc/init.d/snmpd restart
/etc/init.d/hp-snmp-agents start
NOTE: hp-ilo driver should be installed before step 4 if it is needed.
Refer to the man page for that package for more information.
NOTE: A subset of the snmp agents can be excluded from running by
including individual agents on the "exclude" line in the
"/opt/hp/hp-snmp-agents/cma.conf" file. Here is an example:
exclude cmaided cmarackd cmanicd
INSTALLATION WITH SYSTEM MANAGEMENT HOMEPAGE (SMH) SUPPORT
This option enables SNMP support plus the ability to view gathered date
via a web browser user interface. To enable this option do the follow-
ing.
1 On HP ProLiant servers with Integrated Lights-Out 2 (iLO 2) man-
agement controller, install hp-OpenIPMI or insure the stock IPMI
driver is available. On HP ProLiant servers with Integrated
Lights-Out 3 (iLO 3) management controller, check if the distri-
bution provides "hpilo" driver. If not, install the "hp-ilo"
package.
2 Install hp-health
3 Install hp-snmp-agents
4 Configure SNMP by running "hpsnmpconfig"
5 Install hpsmh and Configure hpsmhd(see the hpsmh documentation
for configuration options)
6 Install hp-smh-templates
7 reboot the server or run
/etc/init.d/snmpd restart
/etc/init.d/hp-snmp-agents start
/etc/init.d/hpsmhd start
NOTE: There is no HP ProLiant System Management Homepage (hpsmh) sup-
port available if the SNMP service is disabled.
PRECONFIGURED OR SILENT INSTALLATION FOR SNMP AGENTS AND HPSMH
The snmp agents and hpsmh packages may be preconfigured for silent and
automatic installation using standard Linux installation methods. There
are two configuration files that drive the automatic and silent instal-
lation process:
1 /etc/hp-snmp-agents.conf
2 /usr/local/hp/hpsmh.cfg
/etc/hp-snmp-agents.conf
The recommended way to create the initial "/etc/hp-snmp-agents.conf"
file is to use the "hpsnmpconfig" command. This will provide a basic
template that you can then customize. Each configuration variable is
documented in the file.
After the "/etc/hp-snmp-agents.conf" file has been created and custom-
ized, you need to save this file for future installations. This is the
same for the "/usr/local/hp/hpsmh.cfg" file. The "/etc/hp-snmp-
agents.conf" file must be installed BEFORE the hp-snmp-agents package
is installed to initiate the automatic silent installation.
/usr/local/hp/hpsmh.cfg
The recommended way to create the initial "/usr/local/hp/hpsmh.cfg",
use the "perl /usr/local/hp/hpSMHSetup.pl" configuration tool. The HP
ProLiant System Management Homepage (hpsmh) uses standard Linux authen-
tication including Pluggable Authentication Modules (PAM). User privi-
leges are assigned based on Linux "group" association. You create
groups for Administrator (full access), Operator (limited access) and
User (read only) access using standard Linux tools such as groupadd.
The hpsmh uses secure SSH protocols to authenticate and is suitable for
use on a public network provided trusted certificates are used. More
information can be found at:
http://www.hp.com/go/proliant
http://h18013.www1.hp.com/products/servers/management/agents/index.html
As with the "/etc/hp-snmp-agents.conf" configuration file, the
"/usr/local/hp/hpsmh.cfg" file must be installed BEFORE installing the
hpsmh package. The installation script that will install the hpsmh
package must also export the shell environment variable:
export HPSMHSILENT=true
The hpsmh package should be installed before any other HP ProLiant
software to insure proper ownership of the "/opt/hp/hpsmh" directory.
If you are utilizing a SNMP View-based Access Control Model environ-
ment, you should also have either a preconfigured
"/etc/snmp/snmpd.conf" file ( In case of SuSE Linux 9, the preconfig-
ured file will be "/etc/snmpd.conf" ) or a symbolic link in "/etc/snmp"
( /etc for SuSE Linux 9 ) to the SNMP configuration file used in your
environment.
INTEGRATION INTO A SNMP VACM ENVIRONMENT
The detailed description of how to configure Net-SNMP for a VACM envi-
ronment is documented in the snmpd.conf(5) man page. This section will
provide a brief overview and an example of a secure environment.
There are very specific "com2sec", "group", "view" and "access" direc-
tives to enable the HP Management Software (including the HP System
Management Homepage) to coexist in a VACM enabled SNMP environment. The
"view" directives can limit read and write access to just the HP SNMP
MIB items (sub-MIB 232 and below).
1 Enable a "Read / Write User"
rwuser <UserName>
2 Limit this user to access only on the local host
com2sec <UserName> 127.0.0.1 <community string>
3 Assign user "<UserName>" to a V1 and V2c group
group <GroupName> v1 <UserName>
group <GroupName> v2c <UserName>
4 Create a view for the HP SIM MIB items. Note that this view can
be .included. into other views.
view <MyView> included .1.3.6.1.4.1.232
5 Finally, create the R/W access for this group and view
access <GroupName> "" any noauth exact <MyView> <MyView> none
VACM enabled SNMPD.CONF example
#This Line MUST be present to load the SIM Agent Extensions
dlmod cmaX /usr/lib/libcmaX.so
#Create Read / Write users. This are internal to SNMP (e.g. not real
user names)
rwuser MyUser1
rwuser hpsim
#Enable Trap
trapcommunity MyTrapCommStr
trapsink 127.0.0.1 MyTrapCommStr 6102
syscontact John Smith, System Administrator for ThisSystem
syslocation Rack A50, Houston, TX
# First, map the community names into a "security name"
# sec.name source community
com2sec hpsim 127.0.0.1 MyRWCommStr
com2sec MyUser1 16.120.250.45 MySecureV3CommStr
# Second, map the security name into a group name:
# groupName securityModel sec.name
group cimGroup v1 hpsim
group cimGroup v2c hpsim
group MyGroup MySecModel MyUser1
# Third, create a view for us to let the group have rights to:
# name incl/excl subtree mask(optional)
view MyRWView included .1.3.6.1.4.1.232
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write
notif
access cimGroup "" any noauth exact MyRWView MyR-
WView none
Notes on snmpd.conf example
* There must be a rwuser defined if you want to have full func-
tionality. If you only want to view events, you can just define
a rouser. Either user may be restricted to the local host
(127.0.0.1)
* There must be a com2sec created for the defined rwuser / rouser.
The recommendation is to limit this to the local host
(127.0.0.1)
* There must be one group defined as V1 for the defined user. The
restriction to the local host access eliminates outside security
risks.
* There must be a VIEW defined for the HP SIM MIB:
view MyRWView included .1.3.6.1.4.1.232
* The above view can be restricted by excluding certain MIB items.
For example, the following line shows how to disable remote
reboot or shutdown:
view MyRWView excluded .1.3.6.1.4.1.232.2.2.4.13
* The view that defines the HP SIM MIB must has Read and Write
access to allow full HP System Management Homepage Functionality
(as in this example). Note that Read Only is permitted by just
setting a "read" access for the view.
# group context sec.model sec.level prefix read
write notif
access cimGroup "" any noauth exact MyRWView
MyRWView none
* The file, "/etc/snmp/snmpd.conf", must exist. The file, how-
ever, may be a symbolic link to the actual "snmpd.conf" file
used by the snmpd service.
SEE ALSO
HP System Management Homepage Installation Guide HP-UX, Linux and Win-
dows Systems
http://h20000.www2.hp.com/bc/docs/support/SupportMan-
ual/c00293371/c00293371.pdf
HP ProLiant Support Pack and Deployment Utilities User Guide
http://h20000.www2.hp.com/bc/docs/support/SupportMan-
ual/c00472061/c00472061.pdf
Managing ProLiant servers with Linux
http://h20000.www2.hp.com/bc/docs/support/SupportMan-
ual/c00223285/c00223285.pdf
HP Systems Insight Manager Information
http://h18004.www1.hp.com/products/servers/management/hpsim/index.html
HP ProLiant Server Advantage
http://h18004.www1.hp.com/products/servers/proliant-advan-
tage/index.html
HP ProLiant Support Packs
http://www.hp.com/servers/psp
AUTHOR
Hewlett-Packard Company
COPYRIGHT
Copyright (c) 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company 21 April 2008 hp_mgmt_install(7)
Want to link to this manual page? Use this URL:
<http://star2.abcm.com/cgi-bin/bsdi-man?query=hp_mgmt_install&sektion=7&manpath=>