Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Configure SNMP Service on HPE ILO Redfish Rest API using PowerShell

In our team, a colleague was tasked with configuring SNMP settings on multiple HPE ILO portals. To streamline this process and avoid manual labor, they sought my expertise in automation. I leveraged the HPE ILO Redfish REST API with PowerShell to automate the task, utilizing the comprehensive API documentation available at https://hewlettpackard.github.io/ilo-rest-api-docs/ilo5/#snmp-ports-configuration.

The HPE ILO Redfish REST API offers a robust and flexible solution for managing and configuring HPE ILO settings, and I highly recommend exploring its capabilities for your automation needs.

This resource provides detailed guidance on configuring various settings on HPE ILO via REST API, making it an invaluable tool for future automation projects. By harnessing the power of automation, we significantly reduced the time and effort required to complete the task, ensuring efficient management of our HPE ILO infrastructure.

SNMP (Simple Network Management Protocol) is a protocol for:

  • Monitoring network devices (routers, switches, servers)
  • Configuring device settings
  • Receiving alerts for issues or errors

It's used for network management, monitoring, and security, with versions SNMPv1, SNMPv2c, and SNMPv3 offering increasing levels of security and functionality.

SNMP has several versions, including:

  • SNMPv1: The original version, with limited security features.
  • SNMPv2c: An updated version with improved performance and security.
  • SNMPv3: The latest version, with enhanced security features, such as encryption and authentication.

Step 1: Enable SNMP in HPE ILO

  1. Log in to the HPE ILO portal.
  2. In the navigation pane, click on Security.
  3. Select Edit Network from the dropdown menu.
  4. Locate the SNMP option and toggle the switch to Enable.
  5. Click Apply or Save to confirm the changes.

By completing these steps, you will have successfully enabled SNMP in HPE ILO, allowing you to proceed with further configuration and automation using the Redfish REST API.

Configure SNMP Service on HPE ILO Redfish Rest API using PowerShell service port ssh certificate mapping ssl certificate directory encryption hpe sso login security banner.png

Step 2: Configure SNMP Version Settings

  1. In the HPE ILO portal, navigate to the Management section on the left side pane.
  2. Click on Management to expand the menu.
  3. Deselect the checkboxes for:
    • SNMPv1 Request
    • SNMPv1 Trap
  4. Select the checkboxes for:
    • SNMPv3 Request
    • SNMPv3 Trap
  5. Click Apply to save the changes.

By completing these steps, you will have configured HPE ILO to use SNMPv3, which offers enhanced security features compared to SNMPv1. This setup is essential for secure SNMP communication.

Step 3: Restart ILO to Apply Changes

  1. Once you have completed the above configurations, navigate to the System section on the left side pane.
  2. Click on System to expand the menu.
  3. Select Reset or Restart (depending on the ILO version).
  4. Confirm the action to restart the ILO.
  5. Wait for the ILO to reboot and complete its self-test.

By restarting the ILO, you ensure that all the configured changes take effect, and the SNMP settings are applied correctly. This step is crucial to finalize the configuration process.

Configure SNMP Service on HPE ILO Redfish Rest API using PowerShell service port ssh certificate mapping ssl certificate directory encryption hpe sso login security banner Alerts settings snmp administration v1 v3.png

All the above steps I have performed using below PowerShell script. At the core it is using Invoke-WebRequest to leverage Rest API.

Download this script Set-HPEILOSNMPConfiguration.ps1 here or it is also available on github.com.

Configure SNMP Service on HPE ILO Redfish Rest API using PowerShell invoke-restmethod webrequest configuration snmp verion 3 version 1 enable disable.png

Below is the complete script you can copy from.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
[CmdletBinding()]
param (
    [Parameter(Mandatory=$true,Position=0,ValueFromPipeline=$true)]
    [string[]]
    $ilo
)

begin {
    #ILO5 Details and credentials
    #$ilo = '192.168.34.100'
    $username = 'Administrator'
    $password = 'Computer!123'
}
process {
    Write-Host $ilo -BackgroundColor DarkGreen
    # Approve self signed SSL certificate

    $code = @"
        using System;
        using System.Net;
        using System.Security.Cryptography.X509Certificates;

        public class TrustAllCertsPolicy {
            public static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
                // Always accept SSL certificates
                return true;
            }
        }
"@
    Add-Type -TypeDefinition $code -Language CSharp

    # Set the callback to trust all certificates
    #[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [TrustAllCertsPolicy]::ValidateCertificate  
    [System.Net.ServicePointManager]::CertificatePolicy =  New-Object TrustAllCertPolicy

    # ILO 5 common API url
    $uri = "https://$ilo/redfish/v1"

    # ILO5 - Login
    $credBody = @{UserName = $username; Password=$password} | ConvertTo-Json
    $loginUri = "$uri/Sessions/"
    $hpeSession = Invoke-WebRequest -Uri $loginUri -Method Post -Body $credBody -ContentType 'application/json' -SessionVariable webSession

    $authHeaders = @{'X-Auth-Token' =  $hpeSession.Headers.'X-Auth-Token'}
    $snmpURI = "$uri/Managers/1/SnmpService"
    $snmpInfo = Invoke-WebRequest -Uri $snmpURI -Method Get -Headers $authHeaders -WebSession $webSession
    $snmpStatus = $snmpInfo.Content | ConvertFrom-Json

    if ($snmpStatus.Status.State -ne 'Enabled') 
    {
        $snmpEnableURI = "$uri/Managers/1/NetworkProtocol"
        $snmpBody = @{
            SNMP = @{
                ProtocolEnabled = $true
            }
        } | ConvertTo-Json -Compress
        $newSNMPinfo = Invoke-WebRequest -Uri $snmpEnableURI -Method Patch -Body $snmpBody -Headers $authHeaders -ContentType 'application/json'
        ($newSNMPinfo.Content | ConvertFrom-Json).error."@Message.ExtendedInfo".MessageId
    }
    else {
        Write-Host "SNMP is already enabled"
    }

    if (($snmpStatus.SNMPv1Enabled -eq $true) -or ($snmpStatus.SNMPv1RequestsEnabled -eq $true) -or ($snmpStatus.SNMPv1TrapEnabled -eq $true))
    {
        $snmpV1DisableURI = "$uri/Managers/1/SnmpService"
        $snmpV1Body = @{}
        foreach ($v1 in $('SNMPv1Enabled', 'SNMPv1RequestEnabled', 'SNMPv1TrapEnabled'))
        {
            $v1Value = $snmpStatus | Select-Object -ExpandProperty $v1
            if ($v1Value -eq $true) {
                $snmpV1Body.Add($v1, $false)
            }
        }
        $snmpV1Info = Invoke-WebRequest -Uri $snmpV1DisableURI -Method Patch -Body $($snmpBody | ConvertTo-Json) -Headers $authHeaders -ContentType 'application/json'
        ($snmpV1Info.Content | ConvertFrom-Json).error."@Message.ExtendedInfo".MessageId
    }
    else {
        Write-Host "SNMPv1 is already Disabled"
    }


    if (($snmpStatus.SNMPv3RequestsEnabled -eq $true) -or ($snmpStatus.SNMPv3TrapEnabled -eq $true))
    {
        $snmpV3EnableURI = "$uri/Managers/1/SnmpService"
        $snmpV3Body = @{
            SNMPv3RequestsEnabled = $true
            SNMPv3TrapEnabled = $true
        } | ConvertTo-Json
        $snmpV3Info = Invoke-WebRequest -Uri $snmpV3EnableURI -Method Patch -Body $($snmpV3Body | ConvertTo-Json) -Headers $authHeaders -ContentType 'application/json'
        ($snmpV3Info.Content | ConvertFrom-Json).error."@Message.ExtendedInfo".MessageId
    }
    else {
        Write-Host "SNMPv3 is already enabled"
    }

    $iloResetURI = "$uri/Managers/1/Actions/Manager.Reset"
    $resetBody = @{
        ResetType = "ForceRestart"
    } | ConvertTo-Json
    $resetInfo = Invoke-WebRequest -Uri $iloResetURI -Method Post -Body $resetBody -Headers $authHeaders -ContentType 'application/json'
    ($resetInfo.Content | ConvertFrom-Json).error."@Message.ExtendedInfo".MessageId
}
end {}

Useful Articles
Find Dell iDrac, HPE ilo IPMI ip address on VMware ESXi
Reset Dell iDRAC password from ESXi server
Install Update VIB Zip files software on VMware ESXi server
Uninstall Remove VIB software from ESXi server
Build custom ESXi image using VMware Image Builder
Update ESXi servers in VMware Cluster using vCenter Lifecycle Manager
Update offline bundle zip on standalone ESXi host using commandline without vCenter
Resolved: HP ILO this page cannot be displayed ERR_SSL_BAD_RECORD_MAC_ALERT
Reset/Restart HP ILO (Integrated Lights-outs) using putty
Reset HP ILO password from Esxi server
ESXi HP Blade start issue Enclosure power event detected, System Halted until power condition is corrected
Esxi update individual component firmware on HP hardware: disk degraded not authenticated

Go Back

Comment

Blog Search

Page Views

12086093

Follow me on Blogarama