gildasiothanks dbungert, I'll check it out as soon as I have access to the machine I tested it before00:19
gildasioan strange behavior because I used abnt2 on ubuntu22.04 and it works just fine as I can see00:19
dbungertif it worked before it may be that you were using the default variant, so deleting the variant may well be the correct answer00:19
lblumeGood morning channel08:35
lblumeInstalling Ubuntu 22.04 on an HPE Proliant DL380 Gen9: is there a way to configure SNMP to include hardware monitoring? (temperature, device states, etc)08:35
tomreynlblume: ubuntu provides both clients for querying snmp on demand (snmpwalk), and for snmp traps, given you can provide suitable MIBs (I think such are available for HPE land, at least partially)10:44
tomreynmore commonly you'll be using a centralized hardware monitoring tool which directly interfaces with hpe ilom, though10:46
tomreynthat's if you have a fleet of those servers10:46
tomreynif just one, you *may* still want to do monitoring via snmp or ilom from a different system (just because the OS and thus monitoring may fail in case of some hardware issues)10:48
=== shokohsc51084 is now known as shokohsc5108
tomreyni meant s/ilom/iLO/11:16
tomreynHPE Systems Insight Manager (SIM) is HPE's solution to manage (and monitor) multiple servers. you can achieve the same with open source software as iLO can provide a (SOAP-XML, IIRC) API.11:18
lblumetomreyn: Thank you for the reply. So you mean it's not possible with Ubuntu? I've only had RHEL installed on those servers so far, where it works fine, this is the first time I try Ubuntu. 12:05
tomreynlblume: i'm not sure where you read me saying "it's not possible with Ubuntu"12:05
lblumeSo it is? I'm asking, since you provided workarounds, not a way to do what I asked12:12
tomreynlblume: i'm not sure how it's done on redhat, but assumely it'll also use an snmp client to query the iLO's SNMP interface?12:16
tomreyni would not consider this a workaround12:16
tomreynwhich expectations would you have?12:17
tomreynwhat have you tried so far?12:19
tomreynif you're looking for the HPE provided snmap agents, those are available at https://downloads.linux.hpe.com/SDR/project/mcp/12:26
lblumeOn RHEL, there's hp-snmp-agents which plugs into snmpd so it can return those values. On Ubuntu, the last version it was available for is 18.04, which is getting rather long in the tooth, so I'm looking for a way to do it on 22.04.12:29
tomreynhmm, that's probably something to ask HPE about then12:42
tomreyn(maybe try the contact button on the bottom of the above page)12:43
JanCI have no experience with it, but might need this repo: https://downloads.linux.hpe.com/SDR/repo/mcp/ubuntu/ ?13:11
JanCseems like HPE itself also no longer supports hp-snmp-agents on newer OS versions though13:17
JanCmaybe amsd replaces it though?13:21
lblumeNo, I gave it a try, doesn't seem like it, at least not on Gen9. What's there is for ILO5, not 4. However, I've tried what tomreyn said, set up SNMP on the ILO and looked into, it, there is a lot and at least temperatures there, pretty sure everything will turn up once I find the right MIB. 13:23
lblumeSo I think 22.04 can't, but there's an acceptable alternative. Different from RHEL, but I'm good with that, I've wanted actually wanted use ILO's SNMP for a while, never got around to it at work because always more important things to do. I can toy with it at home now :)13:25
JanCmake sure the ILO is up-to-date, as IIRC there have been security bugs in it in the past13:34
JanCor restrict access to it  :)13:34
tomreynlblume: do you have lm-sensors installed, ran sensors-detect and configured the system to load the respective modules at boot?13:35
lblumeJanC: Both :)13:36
tomreyni think this would be picked up by the sensors MIB automatically. if you want this (and possibly more) data via HPE's private MIBs, you'd need to look for those, I think they're available as a download from their website.13:37
tomreyn(but then you'd probably still need their proprietary agent to provide that data - right)13:37
JanCto be honest, the HPE website does not seem to be particularly helpful...  :-/13:42
JanCthen again, lots of "enterprise" websites are chaotic mazes like that, of course  :-(13:44
lblumeJanC: It's not, I've had more than a decade using it for RHEL, and while I like the hardware, pretty much everything else sucked with them.14:04
lblumetomreyn: Those are a bit old, Gen9 are ILO4, which is substantially different14:06
webchat3I was directed here with a question and problem. From what I have learned currently you can't apply choose to apply hardening during installation with an installer option.14:06
leftyfbwebchat3: https://ubuntu.com/server/docs/install/autoinstall14:07
webchat3Specifically if you have a Ubuntu Pro subscription and usg activated as part of the install it would apply the appropriate hardening profile rules.14:08
webchat3leftyfb Thanks for your reply but that doesn't really answer it. What I was looking for was something similar to RHEL's security profile option, you select a profile in the installer. It would then provide warnings, errors or information necessary to producing a hardened install based on the profile rules. So as soon as the installer has done its14:12
webchat3work installing installing the Linux distribution, you have a hardened installation.14:12
leftyfbwebchat3: then the answer is no, that doesn't exist in the ubuntu installer14:13
leftyfbbut you could probably do all/most of that with the autoinstaller14:13
tomreynlblume: this seem to be the latest and most complete MIB sets HPE provides https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c0427252914:17
leftyfbwebchat3: personally, I keep the ubuntu install as simple and stock as possible and focus all my customizations in post-install automation (ansible). That way any major changes I made don't require a reinstallation 14:17
webchat3So if you want to prepare a hardened first server installation you need to go through autoinstall? Along with all that it entails?14:17
tomreynlblume: https://ixnfo.com/en/snmp-oid-list-for-ilo4.html has snmpwalk output and component <-> MIB mappings14:18
tomreyn(for iLO 4)14:18
webchat3I really think it could help to have it in the installer, as it will enable certain options for hardening which aren't possible outside of the installer. Plus a stock hardened install choice option for Ubuntu Pro, with usg from install would really help and keep a secure stock simple install.14:21
lblumetomreyn: Yup, I got the bunch of MIBs a;ready, but I need to do some cleanup, it's kind of raw, there's overlap 14:21
leftyfbwebchat3: feel free to submit a bug report as a suggestion 14:21
webchat3For instance the installer could as part of the choice have it so the UID and GID as in the appropriate range for industry standard hardening.14:22
tomreynlblume: not the best job by HP there. ;) in the end it might be easier to work with what someone else already 'reverse engineered': https://github.com/PAPAMICA/Templates/blob/master/Zabbix/iLO-4/Template-SNMP-HP-iLO4.xml14:26
lblumeI've done work on that in my job some years back, I'm sure I can find something. It's only a matter of picking the right bits out of snmp now, boring, but easy enough.14:30
webchat3leftyfb I have submitted a bug report https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/203191614:37
-ubottu:#ubuntu-server- Launchpad bug 2031916 in subiquity (Ubuntu) "subquity hardened install option choice from start" [Undecided, New]14:37
=== shokohsc51083 is now known as shokohsc5108
lblumeRight, it was only a matter of removing some of the old MIB crap that HPE provides, which were overriding the much more current ones in Ubuntu. Much neater now :)14:47
webchat3leftyfb Hopefully you saw and read my suggestion (request) on Launchpad. To help improve Ubuntu Server. Have a nice afternoon.14:59
webchat3Anyway have a nice day. Good Bye.15:23

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!