# Server profiles
Server profiles are used to configure the personality of the compute resources. A server profile allows a set of configuration parameters, including firmware recipe, network and SAN connectivity, BIOS tuning, boot order configuration, local storage configuration, and more to be templatized. These templates are the key to delivering the “infrastructure as code” capabilities of the HPE Synergy platform. For the purpose of this solution, a template is created which can be leveraged for OpenShift master nodes and OpenShift worker nodes.
This section consists of Ansible playbooks developed to automate the tasks such as uploading firmware baseline iso package to OneView, creating server profile template and server profiles in HPE OneView and the scripts to create a virtual machine in VMware vCenter server.
Prerequisites
- Ansible engine with Ansible 2.9.x and Python 3.6.x
- Python module for HPE OneView: hpOneView is the Python SDK for the OneView API that allows you to manage OneView functionalities. Download the python repository at https://github.com/HewlettPackard/oneview-python (opens new window).
- Ansible module for HPE OneView: OneView-ansible is the Ansible Module for HPE OneView which utilizes the python SDK to enable infrastructure as a code. Download the repository at https://github.com/HewlettPackard/oneview-ansible/ (opens new window).
- Python SDK for VMware vSphere: PyVmomi is the Python SDK for the VMware vSphere API that allows you to manage ESXi and vCenter.
Note
To run the automation scripts described in this section, it is mandatory to configure the Installer Machine with non-root user access and other prerequisites mentioned in the Installer machine section.
Note
Some pre and post "server profile template and server profile" creation requirements, that need to be executed manually are as follows:
- Before using the profile automation, the user needs to look out if there are any hardware errors or warnings on the compute that will be used for deploying server profile template and server profile. If there are errors or warnings on compute node, the user needs to resolve them or clear them before using the automation scripts.
- Before running automation, reset iLO for the corresponding compute, so that any communication issues between OneView and iLO can be resolved.
- After applying the profile, if there are local storage or Interconnect errors, then the user needs to perform the steps as stated in error resolution.
# Software requirements
Software | Version |
---|---|
HPE OneView | 5 |
Red Hat Enterprise Linux Server | 7.6 |
VMware ESXi | 6.7 |
VMware vCenter Server Appliance | 6.7 |
Red Hat CoreOS | 4.4 |
# Upload firmware bundle
This role consists of Ansible playbooks developed to automate the task of uploading the firmware bundle or firmware baseline for Compute Module of HPE Synergy to HPE OneView.
# Input files
It is mandatory to update all the input files (*inputs.yml, hosts, secret.yml, fw_version_inputs.yml) with appropriate values before running any of the playbooks available in this repository.
Input file name: hosts
- This file is an inventory of host details.
- Variables from "hosts" that are required by playbooks under "infrastructure" directory are listed as follows.
# [server_profile_template] # [server_profile]
- Input file name: inputs.yml
- Variables from "inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
# enclosure_group: <Enclosure group name as per OneView> # deployment_network_name: <Deployment network name as per OneView> # server_profile_template_name: <Custom name for Server Profile Template> # fw_bundle_path: <Firmware Bundle file path> # fw_bundle_file_name: <Firmware file name with extension>
Input file name: secret.yml
- This is an Ansible vault file.
- Variables from "secret.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
# oneview_ip: x.x.x.x # oneview_username: username # oneview_password: password # oneview_api_version: 1200
Input file name: fw_version_inputs.yml
- This file contains the version information of the firmware that should be updated on the server hardware.
- Variables from "fw_version_inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
# innovationengine: < INNOVATION_ENGINE_VERSION > # systemrombios: < SYSTEM_ROM_VERSION > # serverplatformservices: < SERVER_PLATFORM_SERVICES > # powermanagementcontroller: < POWER_MANAGEMENT_CONTROLLER > # ilo5: < iLO_5_VERSION >
Execute the following commands on the installer VM to upload the firmware bundle to HPE OneView.
# cd $BASE_DIR/infrastructure
# ansible-playbook -i hosts playbooks/upload_firmware_bundle.yml --ask-vault-pass
Note
BASE_DIR is defined and set in Installer machine section.
Expected output on installer machine after successful upload of firmware bundle to OneView.
Expected output after Firmware Baseline id uploaded to OneView.
# Create server profile template
This section consists of ansible playbooks developed to automate the task of creating and deploying the Server Profile Template along with attaching the firmware baseline (firmware bundle for updating the firmwares on HPE Synergy compute module) with the profile template in HPE OneView and also updating the BIOS and iLO settings.
# Input files
It is mandatory to update all the input files (inputs.yml, hosts, secret.yml, fw_version_inputs.yml) with appropriate values before running any of the playbooks available in this repository.
Input file name: hosts
- This file is an inventory of host details.
- Variables from "hosts" that are required by playbooks under "infrastructure" directory are as follows.
# [server_profile_template] # [server_profile]
Input file name: inputs.yml
- Variables from "inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
- Details about each of the variable is explained in the comments section of "input.yml".
# os_is_coreos: <true_or_false> # enclosure_group: <Enclosure group name as per OneView> # deployment_network_name: <Deployment network name as per OneView> # server_profile_template_name: <Custom name for SPT> # fw_bundle_path: <Firmware Bundle file path> # fw_bundle_file_name: <Firmware file name with extension> # manageBios: <true_or_false> # bioscomplianceControl: <Checked_or_Unchecked> # manageilo: <true_or_false> # ilocomplianceControl: <Checked_or_Unchecked> # managefw: <true_or_false>
Input file name: secret.yml
- This is an ansible vault file.
- Variables from "secret.yml" that are required by playbooks under "infrastructure" directory are listed as follows. These variables are for OneView access, iLO new user account details and privileges, and BIOS security settings.
# oneview_ip: x.x.x.x # oneview_username: username # oneview_password: password # oneview_api_version: 1200 # ilo_username: <ilo_new_user> # ilo_displayname: <ilo_new_user_display_name> # ilo_password: <ilo_new_user_password> # ilo_user_userConfigPriv: <boolean_true_or_false> # ilo_user_iLOConfigPriv: <boolean_true_or_false> # ilo_user_loginPriv: <boolean_true_or_false> # ilo_user_remoteConsolePriv: <boolean_true_or_false> # ilo_user_virtualMediaPriv: <boolean_true_or_false> # ilo_user_virtualPowerAndResetPriv: <boolean_true_or_false> # ilo_user_hostBIOSConfigPriv: <boolean_true_or_false> # ilo_user_hostNICConfigPriv: <boolean_true_or_false> # ilo_user_hostStorageConfigPriv: <boolean_true_or_false> # bios_ProcAes: <Enabled_or_Disabled> # bios_AssetTagProtection: <Unloacked_or_Locked> # bios_SecStartBackupImage: <Enabled_or_Disabled> # bios_AdvancedMemProtection: <value> # bios_F11BootMenu: <Enabled_or_Disabled> # bios_Workload Profile: <workload_profile>
Input file name: fw_version_inputs.yml
- This file contains the version information of the firmware that should be updated on the server hardware.
- Variables from "fw_version_inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
# innovationengine: < INNOVATION_ENGINE_VERSION > # systemrombios: < SYSTEM_ROM_VERSION > # serverplatformservices: < SERVER_PLATFORM_SERVICES > # powermanagementcontroller: < POWER_MANAGEMENT_CONTROLLER > # ilo5: < iLO_5_VERSION >
Execute the following commands on the installer VM to create the Server Profile Template in OneView.
# cd $BASE_DIR/infrastructure # ansible-playbook -i hosts playbooks/deploy_server_profile_template.yml --ask-vault-pass
Expected output on successful creation of Server Profile Template using "deploy_server_profile_template.yml" playbook.
- In case template is already available, then the expected output on successful updation of Server Profile Template with the Server Profile Facts is specified in the server_profile_template_file.yml.
- Expected output on successful creation or updation of Server Profile Template in OneView using "deploy_server_profile_template.yml" playbook.
# Create server profile
This section consists of Ansible playbooks developed to automate the task of creating and deploying the Server Profile on the Server Hardware in HPE OneView. It also automates the task of applying the firmware updates, iLO and BIOS settings on the Server hardware. Lastly, it automates the task of validating the firmware updates, iLO, and BIOS settings available on server hardware are matching with firmware details available in the firmware baseline or firmware bundle and iLO and BIOS settings specified by user are matching with iLO and BIOS settings on the server hardware.
# Prerequisites
SELINUX: To create server profile using the automation, user should set the value of "SELINUX" to disabled by performing the following steps.
- Switch to root user account on the Ansible Installer Machine using command "su root" # su root
- Enter the root password to login as root user.
- Open the selinux configuration file using the following command:
# vi /etc/selinux/config
- Change the variable "SELINUX" to "disabled" in the "/etc/selinux/config" file as shown : SELINUX=disabled.
- Save and exit the config file.
- Reboot the system and login as root user and check the status of "SELINUX" using the following command.
# getenforce
- Expected output from "getenforce" command is "Disabled." After setting the "SELINUX" to disabled and rebooting the Ansible Installer Machine, user should exit from "root" account and login as "non root" user and activate the python3 virtual environment as listed.
# cd BASE_DIR/installer
# source ocp_venv/bin/activate
# Input files
It is mandatory to update all the input files (*inputs.yml, hosts, secret.yml, fw_version_inputs.yml) with appropriate values before running any of the playbooks available in this repository.
- Input file name: hosts
- This file is an inventory of host details.
- Variables from "hosts" that are required by playbooks under "infrastructure" directory are listed as follows.
```
# [server_profile_template]
# [server_profile]
```
- Input file name: inputs.yml
- Variables from "inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
# enclosure_group: <Enclosure group name as per OneView> # deployment_network_name: <Deployment network name as per OneView> # server_profile_template_name: <Custom name for SPT> # fw_bundle_path: <Firmware Bundle file path> # fw_bundle_file_name: <Firmware file name with extension>
- Input file name: secret.yml
- This is an Ansible vault file.
- Variables from "secret.yml" that are required by playbooks under "infrastructure" directory are listed as follows. These variables are for OneView access, iLO new user account details and privileges, and BIOS security settings.
# oneview_ip: x.x.x.x # oneview_username: username # oneview_password: password # oneview_api_version: 1200 # ilo_username: <ilo_new_user> # ilo_displayname: <ilo_new_user_display_name> # ilo_password: <ilo_new_user_password> # ilo_user_userConfigPriv: <boolean_true_or_false> # ilo_user_iLOConfigPriv: <boolean_true_or_false> # ilo_user_loginPriv: <boolean_true_or_false> # ilo_user_remoteConsolePriv: <boolean_true_or_false> # ilo_user_virtualMediaPriv: <boolean_true_or_false> # ilo_user_virtualPowerAndResetPriv: <boolean_true_or_false> # ilo_user_hostBIOSConfigPriv: <boolean_true_or_false> # ilo_user_hostNICConfigPriv: <boolean_true_or_false> # ilo_user_hostStorageConfigPriv: <boolean_true_or_false> # bios_ProcAes: <Enabled_or_Disabled> # bios_AssetTagProtection: <Unloacked_or_Locked> # bios_SecStartBackupImage: <Enabled_or_Disabled> # bios_AdvancedMemProtection: <value> # bios_F11BootMenu: <Enabled_or_Disabled> # bios_Workload Profile: <workload_profile>
- Input file name: fw_version_inputs.yml
- This file contains the version information of the firmware that should be updated on the server hardware.
- Variables from "fw_version_inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
# innovationengine: < INNOVATION_ENGINE_VERSION > # systemrombios: < SYSTEM_ROM_VERSION > # serverplatformservices: < SERVER_PLATFORM_SERVICES > # powermanagementcontroller: < POWER_MANAGEMENT_CONTROLLER > # ilo5: < iLO_5_VERSION >
- Execute the following commands on the installer VM to upload the firmware bundle to HPE OneView.
# cd $BASE_DIR/infrastructure # ansible-playbook -i hosts playbooks/upload_firmware_bundle.yml --ask-vault-pass
Note
- Firmware update and validation tasks will be executed if user has selected "managefw" variable as "true" in "inputs.yml" file while creating the "server profile template".
- iLO settings update and validation tasks will be executed if user has selected "manageilo" variable as "true" in "inputs.yml" file while creating the "server profile template".
- BIOS settings update and validation tasks will be executed if user has selected "manageBios" variable as "true" in "inputs.yml" file while creating the "server profile template".
Note
BASE_DIR is defined and set in Installer machine section.
- Expected output on successful creation of Server Profile and updation of firmware based on firmware baseline specified by the user.
- Expected output after successful firmware validation based on firmware baseline specified by the user in "fw_versions.yml".
- Expected output in "firmware" section of OneView server profile is as follows.
- Expected output after successful BIOS security settings validation based on security setting specified in "secret.yml".
- Expected output after successful iLO settings validation based on iLO setting specified in "secret.yml".
- Expected output in OneView on successful creation of Server Profile and updation of firmware, BIOS and iLO settings.