| gildasio | thanks dbungert, I'll check it out as soon as I have access to the machine I tested it before | 00:19 |
|---|---|---|
| gildasio | an strange behavior because I used abnt2 on ubuntu22.04 and it works just fine as I can see | 00:19 |
| dbungert | if it worked before it may be that you were using the default variant, so deleting the variant may well be the correct answer | 00:19 |
| lblume | Good morning channel | 08:35 |
| lblume | Installing Ubuntu 22.04 on an HPE Proliant DL380 Gen9: is there a way to configure SNMP to include hardware monitoring? (temperature, device states, etc) | 08:35 |
| tomreyn | lblume: ubuntu provides both clients for querying snmp on demand (snmpwalk), and for snmp traps, given you can provide suitable MIBs (I think such are available for HPE land, at least partially) | 10:44 |
| tomreyn | more commonly you'll be using a centralized hardware monitoring tool which directly interfaces with hpe ilom, though | 10:46 |
| tomreyn | that's if you have a fleet of those servers | 10:46 |
| tomreyn | if just one, you *may* still want to do monitoring via snmp or ilom from a different system (just because the OS and thus monitoring may fail in case of some hardware issues) | 10:48 |
| === shokohsc51084 is now known as shokohsc5108 | ||
| tomreyn | i meant s/ilom/iLO/ | 11:16 |
| tomreyn | HPE Systems Insight Manager (SIM) is HPE's solution to manage (and monitor) multiple servers. you can achieve the same with open source software as iLO can provide a (SOAP-XML, IIRC) API. | 11:18 |
| lblume | tomreyn: Thank you for the reply. So you mean it's not possible with Ubuntu? I've only had RHEL installed on those servers so far, where it works fine, this is the first time I try Ubuntu. | 12:05 |
| tomreyn | lblume: i'm not sure where you read me saying "it's not possible with Ubuntu" | 12:05 |
| lblume | So it is? I'm asking, since you provided workarounds, not a way to do what I asked | 12:12 |
| tomreyn | lblume: i'm not sure how it's done on redhat, but assumely it'll also use an snmp client to query the iLO's SNMP interface? | 12:16 |
| tomreyn | i would not consider this a workaround | 12:16 |
| tomreyn | which expectations would you have? | 12:17 |
| tomreyn | what have you tried so far? | 12:19 |
| tomreyn | if you're looking for the HPE provided snmap agents, those are available at https://downloads.linux.hpe.com/SDR/project/mcp/ | 12:26 |
| lblume | On RHEL, there's hp-snmp-agents which plugs into snmpd so it can return those values. On Ubuntu, the last version it was available for is 18.04, which is getting rather long in the tooth, so I'm looking for a way to do it on 22.04. | 12:29 |
| tomreyn | hmm, that's probably something to ask HPE about then | 12:42 |
| tomreyn | (maybe try the contact button on the bottom of the above page) | 12:43 |
| JanC | I have no experience with it, but might need this repo: https://downloads.linux.hpe.com/SDR/repo/mcp/ubuntu/ ? | 13:11 |
| JanC | seems like HPE itself also no longer supports hp-snmp-agents on newer OS versions though | 13:17 |
| JanC | maybe amsd replaces it though? | 13:21 |
| lblume | No, I gave it a try, doesn't seem like it, at least not on Gen9. What's there is for ILO5, not 4. However, I've tried what tomreyn said, set up SNMP on the ILO and looked into, it, there is a lot and at least temperatures there, pretty sure everything will turn up once I find the right MIB. | 13:23 |
| lblume | So I think 22.04 can't, but there's an acceptable alternative. Different from RHEL, but I'm good with that, I've wanted actually wanted use ILO's SNMP for a while, never got around to it at work because always more important things to do. I can toy with it at home now :) | 13:25 |
| JanC | make sure the ILO is up-to-date, as IIRC there have been security bugs in it in the past | 13:34 |
| JanC | or restrict access to it :) | 13:34 |
| tomreyn | lblume: do you have lm-sensors installed, ran sensors-detect and configured the system to load the respective modules at boot? | 13:35 |
| lblume | JanC: Both :) | 13:36 |
| tomreyn | i think this would be picked up by the sensors MIB automatically. if you want this (and possibly more) data via HPE's private MIBs, you'd need to look for those, I think they're available as a download from their website. | 13:37 |
| tomreyn | (but then you'd probably still need their proprietary agent to provide that data - right) | 13:37 |
| JanC | to be honest, the HPE website does not seem to be particularly helpful... :-/ | 13:42 |
| JanC | then again, lots of "enterprise" websites are chaotic mazes like that, of course :-( | 13:44 |
| tomreyn | https://community.hpe.com/t5/server-management-remote-server/ilo-snmp-configuration-and-mib-information/td-p/5943551 | 13:46 |
| tomreyn | https://kb.paessler.com/en/topic/8673-mibs-for-hp-ilo | 13:47 |
| lblume | JanC: It's not, I've had more than a decade using it for RHEL, and while I like the hardware, pretty much everything else sucked with them. | 14:04 |
| lblume | tomreyn: Those are a bit old, Gen9 are ILO4, which is substantially different | 14:06 |
| webchat3 | I was directed here with a question and problem. From what I have learned currently you can't apply choose to apply hardening during installation with an installer option. | 14:06 |
| leftyfb | webchat3: https://ubuntu.com/server/docs/install/autoinstall | 14:07 |
| webchat3 | Specifically if you have a Ubuntu Pro subscription and usg activated as part of the install it would apply the appropriate hardening profile rules. | 14:08 |
| webchat3 | leftyfb Thanks for your reply but that doesn't really answer it. What I was looking for was something similar to RHEL's security profile option, you select a profile in the installer. It would then provide warnings, errors or information necessary to producing a hardened install based on the profile rules. So as soon as the installer has done its | 14:12 |
| webchat3 | work installing installing the Linux distribution, you have a hardened installation. | 14:12 |
| leftyfb | webchat3: then the answer is no, that doesn't exist in the ubuntu installer | 14:13 |
| leftyfb | but you could probably do all/most of that with the autoinstaller | 14:13 |
| tomreyn | lblume: this seem to be the latest and most complete MIB sets HPE provides https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04272529 | 14:17 |
| leftyfb | webchat3: personally, I keep the ubuntu install as simple and stock as possible and focus all my customizations in post-install automation (ansible). That way any major changes I made don't require a reinstallation | 14:17 |
| webchat3 | So if you want to prepare a hardened first server installation you need to go through autoinstall? Along with all that it entails? | 14:17 |
| tomreyn | lblume: https://ixnfo.com/en/snmp-oid-list-for-ilo4.html has snmpwalk output and component <-> MIB mappings | 14:18 |
| tomreyn | (for iLO 4) | 14:18 |
| webchat3 | I really think it could help to have it in the installer, as it will enable certain options for hardening which aren't possible outside of the installer. Plus a stock hardened install choice option for Ubuntu Pro, with usg from install would really help and keep a secure stock simple install. | 14:21 |
| lblume | tomreyn: Yup, I got the bunch of MIBs a;ready, but I need to do some cleanup, it's kind of raw, there's overlap | 14:21 |
| leftyfb | webchat3: feel free to submit a bug report as a suggestion | 14:21 |
| webchat3 | For instance the installer could as part of the choice have it so the UID and GID as in the appropriate range for industry standard hardening. | 14:22 |
| tomreyn | lblume: not the best job by HP there. ;) in the end it might be easier to work with what someone else already 'reverse engineered': https://github.com/PAPAMICA/Templates/blob/master/Zabbix/iLO-4/Template-SNMP-HP-iLO4.xml | 14:26 |
| lblume | I've done work on that in my job some years back, I'm sure I can find something. It's only a matter of picking the right bits out of snmp now, boring, but easy enough. | 14:30 |
| webchat3 | leftyfb I have submitted a bug report https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/2031916 | 14:37 |
| -ubottu:#ubuntu-server- Launchpad bug 2031916 in subiquity (Ubuntu) "subquity hardened install option choice from start" [Undecided, New] | 14:37 | |
| === shokohsc51083 is now known as shokohsc5108 | ||
| lblume | Right, it was only a matter of removing some of the old MIB crap that HPE provides, which were overriding the much more current ones in Ubuntu. Much neater now :) | 14:47 |
| webchat3 | leftyfb Hopefully you saw and read my suggestion (request) on Launchpad. To help improve Ubuntu Server. Have a nice afternoon. | 14:59 |
| webchat3 | Anyway have a nice day. Good Bye. | 15:23 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!