Server Profiles

Server profiles are used to configure the personality of the compute resources. A server profile allows a set of configuration parameters, including firmware recipe, network and SAN connectivity, BIOS tuning, boot order configuration, local storage configuration, and more to be templatized. These templates are the key to delivering the "infrastructure as code" capabilities of the HPE Synergy platform. For the purpose of this solution, a template is created which can be leveraged for OpenShift master nodes and OpenShift worker nodes.

This section consists of Ansible playbooks developed to automate the tasks such as uploading firmware baseline iso package to OneView, creating server profile template and server profiles in HPE OneView and the scripts to create a virtual machine in VMware vCenter server.

PREREQUISITES

• Ansible engine with Ansible 2.9.x and Python 3.6.x
• Python module for HPE OneView: hpOneView is the Python SDK for the OneView API that allows you to manage OneView functionalities. Download the python repository at https://github.com/HewlettPackard/oneview-python (opens new window).
• Ansible module for HPE OneView: OneView-ansible is the Ansible Module for HPE OneView which utilizes the python SDK to enable infrastructure as a code. Download the repository at https://github.com/HewlettPackard/oneview-ansible/ (opens new window).
• Python SDK for VMware vSphere: PyVmomi is the Python SDK for the VMware vSphere API that allows you to manage ESXi and vCenter.

NOTE

To run the automation scripts described in this section, it is mandatory to configure the Installer Machine with non-root user access and other prerequisites mentioned in the Installer machine section.

NOTE

Some pre and post "server profile template and server profile" creation requirements that need to be executed manually are as follows: - Before using the profile automation, the user needs to look out if there are any hardware errors or warnings on the compute that will be used for deploying server profile template and server profile. If there are errors or warnings on compute node, the user needs to resolve them or clear them before using the automation scripts. - Before running automation, reset iLO for the corresponding compute, so that any communication issues between OneView and iLO can be resolved. - After applying the profile, if there are local storage or Interconnect errors, then the user needs to perform the steps as stated in error resolution.

Software requirements

Software	Version
HPE OneView	5
Red Hat Enterprise Linux Server	7.6
VMware ESXi	6.7
VMware vCenter Server Appliance	6.7
Red Hat CoreOS	4.6

Upload firmware bundle

This role consists of Ansible playbooks developed to automate the task of uploading the firmware bundle or firmware baseline for Compute Module of HPE Synergy to HPE OneView.

Input files

It is mandatory to update all the input files (*inputs.yml, hosts, secret.yml, fw_version_inputs.yml) with appropriate values before running any of the playbooks available in this repository.

• Input file name: hosts

  • This file is an inventory of host details.
  • Variables from "hosts" that are required by playbooks under "infrastructure" directory are listed as follows.

  # [server_profile_template]
  # [server_profile]
  

• Input file name: inputs.yml

  • Variables from "inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.

  enclosure_group: <Enclosure group name as per OneView> 
  # deployment_network_name: <Deployment network name as per OneView>
  # server_profile_template_name: <Custom name for Server Profile Template>
  # fw_bundle_path: <Firmware Bundle file path>
  # fw_bundle_file_name: <Firmware file name with extension>
  

• Input file name: secret.yml

  • This is an Ansible vault file.
  • Variables from "secret.yml" that are required by playbooks under "infrastructure" directory are listed as follows.

  # oneview_ip: x.x.x.x 
  # oneview_username: username
  # oneview_password: password
  # oneview_api_version: 1200
  

• Input file name: fw_version_inputs.yml

  • This file contains the version information of the firmware that should be updated on the server hardware.
  • Variables from "fw_version_inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.

  # innovationengine: < INNOVATION_ENGINE_VERSION >
  # systemrombios: < SYSTEM_ROM_VERSION >
  # serverplatformservices: < SERVER_PLATFORM_SERVICES >
  # powermanagementcontroller: < POWER_MANAGEMENT_CONTROLLER >
  # ilo5: < iLO_5_VERSION >
  

NOTE

The firmware version information in this file is derived from "content.html" file that comes as part of firmware baseline package (.iso file) for Compute Module of HPE Synergy to HPE OneView. The following two variables available in the "inputs.yml" file, inform the playbook from about the location and name of the firmware bundle that should be uploaded to OneView. Details about these variables are available in the "inputs.yml" file. fw_bundle_path: fw_bundle_file_name:

• Execute the following commands on the installer VM to upload the firmware bundle to HPE OneView.

> cd BASE_DIR/infrastructure
> ansible-playbook -i hosts playbooks/upload_firmware_bundle.yml --ask-vault-pass

NOTE

BASE_DIR is defined and set in Installer machine section.

Expected output on installer machine after successful upload of firmware bundle to OneView.(Open image in New Tab for Higher Clarity)

Expected output after Firmware Baseline id uploaded to OneView.

Create server profile template

This section consists of ansible playbooks developed to automate the task of creating and deploying the Server Profile Template along with attaching the firmware baseline (firmware bundle for updating the firmware's on HPE Synergy compute module) with the profile template in HPE OneView and also updating the BIOS and iLO settings.

Input files

It is mandatory to update all the input files (inputs.yml, hosts, secret.yml, fw_version_inputs.yml) with appropriate values before running any of the playbooks available in this repository.

• Input file name: hosts

  • This file is an inventory of host details.
  • Variables from "hosts" that are required by playbooks under "infrastructure" directory are as follows.

  # [server_profile_template]
  # [server_profile]
  

• Input file name: inputs.yml

  • Variables from "inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.
  • Details about each of the variable is explained in the comments section of "input.yml".

  os_is_coreos: <true_or_false>
  enclosure_group: <Enclosure group name as per OneView> 
  deployment_network_name: <Deployment network name as per OneView>
  server_profile_template_name: <Custom name for SPT>
  fw_bundle_path: <Firmware Bundle file path>
  fw_bundle_file_name: <Firmware file name with extension>
  manageBios: <true_or_false>
  bioscomplianceControl: <Checked_or_Unchecked>
  manageilo: <true_or_false>
  ilocomplianceControl: <Checked_or_Unchecked>
  managefw: <true_or_false>
  

• Input file name: secret.yml

  • This is an ansible vault file.
  • Variables from "secret.yml" that are required by playbooks under "infrastructure" directory are listed as follows. These variables are for OneView access, iLO new user account details and privileges, and BIOS security settings.

  oneview_ip: x.x.x.x 
  oneview_username: username
  oneview_password: password
  oneview_api_version: 1200
  ilo_username: <ilo_new_user>
  ilo_displayname: <ilo_new_user_display_name>
  ilo_password: <ilo_new_user_password>
  ilo_user_userConfigPriv: <boolean_true_or_false>
  ilo_user_iLOConfigPriv: <boolean_true_or_false>
  ilo_user_loginPriv: <boolean_true_or_false>
  ilo_user_remoteConsolePriv: <boolean_true_or_false>
  ilo_user_virtualMediaPriv: <boolean_true_or_false>
  ilo_user_virtualPowerAndResetPriv: <boolean_true_or_false>
  ilo_user_hostBIOSConfigPriv: <boolean_true_or_false>
  ilo_user_hostNICConfigPriv: <boolean_true_or_false>
  ilo_user_hostStorageConfigPriv: <boolean_true_or_false>
  bios_ProcAes: <Enabled_or_Disabled>
  bios_AssetTagProtection: <Unloacked_or_Locked>
  bios_SecStartBackupImage: <Enabled_or_Disabled>
  bios_AdvancedMemProtection: <value>
  bios_F11BootMenu: <Enabled_or_Disabled>
  bios_Workload Profile: <workload_profile>
  

• Input file name: fw_version_inputs.yml

  • This file contains the version information of the firmware that should be updated on the server hardware.
  • Variables from "fw_version_inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.

  innovationengine: < INNOVATION_ENGINE_VERSION >
  systemrombios: < SYSTEM_ROM_VERSION >
  serverplatformservices: < SERVER_PLATFORM_SERVICES >
  powermanagementcontroller: < POWER_MANAGEMENT_CONTROLLER >
  ilo5: < iLO_5_VERSION >
  

• Execute the following commands on the installer VM to create the Server Profile Template in OneView.

  > cd $BASE_DIR/infrastructure
  > ansible-playbook -i hosts playbooks/deploy_server_profile_template.yml --ask-vault-pass
  

NOTE

BASE_DIR is defined and set in Installer machine section.

• Expected output on successful creation of Server Profile Template using "deploy_server_profile_template.yml" playbook. (Open image in New Tab for Higher Clarity)

• In case template is already available, then the expected output on successful updation of Server Profile Template with the Server Profile Facts is specified in the server_profile_template_file.yml. (Open image in New Tab for Higher Clarity)

• Expected output on successful creation or updation of Server Profile Template in OneView using "deploy_server_profile_template.yml" playbook.

Create server profile

This section consists of Ansible playbooks developed to automate the task of creating and deploying the Server Profile on the Server Hardware in HPE OneView. It also automates the task of applying the firmware updates, iLO and BIOS settings on the Server hardware. Lastly, it automates the task of validating the firmware updates, iLO, and BIOS settings available on server hardware are matching with firmware details available in the firmware baseline or firmware bundle and iLO and BIOS settings specified by user are matching with iLO and BIOS settings on the server hardware.

PREREQUISITES

• SELINUX: To create server profile using the automation, user should set the value of "SELINUX" to disabled by performing the steps as follows:

  • Switch to root user account on the Ansible Installer Machine using command "su root" # su root

  • Enter the root password to login as root user.

  • Open the selinux configuration file using the following command:

  > vi /etc/selinux/config
  

  • Change the variable "SELINUX" to "disabled" in the "/etc/selinux/config" file as shown : SELINUX=disabled

  • Save and exit the config file.

  • Reboot the system and login as root user and check the status of "SELINUX" using the following command

  > getenforce 
  

  • Expected output from "getenforce" command is "Disabled"

• After setting the "SELINUX" to disabled and rebooting the Ansible Installer Machine, user should exit from "root" account and login as "non root" user and activate the python3 virtual environment as listed.

  > cd $BASE_DIR/installer
  > source ocp_venv/bin/activate`
  

Input files

It is mandatory to update all the input files (*inputs.yml, hosts, secret.yml, fw_version_inputs.yml) with appropriate values before running any of the playbooks available in this repository.

• Input file name: hosts

  • This file is an inventory of host details.
  • Variables from "hosts" that are required by playbooks under "infrastructure" directory are listed as follows.

  # [server_profile_template]
  
  # [server_profile]
  

• Input file name: inputs.yml

  • Variables from "inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.

  enclosure_group: <Enclosure group name as per OneView> 
  deployment_network_name: <Deployment network name as per OneView>
  server_profile_template_name: <Custom name for SPT>
  fw_bundle_path: <Firmware Bundle file path>
  fw_bundle_file_name: <Firmware file name with extension>
  

• Input file name: secret.yml

  • This is an Ansible vault file.
  • Variables from "secret.yml" that are required by playbooks under "infrastructure" directory are listed as follows. These variables are for OneView access, iLO new user account details and privileges, and BIOS security settings.

  oneview_ip: x.x.x.x 
  oneview_username: username
  oneview_password: password
  oneview_api_version: 1200
  ilo_username: <ilo_new_user>
  ilo_displayname: <ilo_new_user_display_name>
  ilo_password: <ilo_new_user_password>
  ilo_user_userConfigPriv: <boolean_true_or_false>
  ilo_user_iLOConfigPriv: <boolean_true_or_false>
  ilo_user_loginPriv: <boolean_true_or_false>
  ilo_user_remoteConsolePriv: <boolean_true_or_false>
  ilo_user_virtualMediaPriv: <boolean_true_or_false>
  ilo_user_virtualPowerAndResetPriv: <boolean_true_or_false>
  ilo_user_hostBIOSConfigPriv: <boolean_true_or_false>
  ilo_user_hostNICConfigPriv: <boolean_true_or_false>
  ilo_user_hostStorageConfigPriv: <boolean_true_or_false>
  bios_ProcAes: <Enabled_or_Disabled>
  bios_AssetTagProtection: <Unloacked_or_Locked>
  bios_SecStartBackupImage: <Enabled_or_Disabled>
  bios_AdvancedMemProtection: <value>
  bios_F11BootMenu: <Enabled_or_Disabled>
  bios_Workload Profile: <workload_profile>
  

• Input file name: fw_version_inputs.yml

  • This file contains the version information of the firmware that should be updated on the server hardware.
  • Variables from "fw_version_inputs.yml" that are required by playbooks under "infrastructure" directory are listed as follows.

  innovationengine: < INNOVATION_ENGINE_VERSION > 
  
  systemrombios: < SYSTEM_ROM_VERSION >
  
  serverplatformservices: < SERVER_PLATFORM_SERVICES >
  
  powermanagementcontroller: < POWER_MANAGEMENT_CONTROLLER >
  
  ilo5: < iLO_5_VERSION >
  

• Execute the following commands on the installer VM to upload the firmware bundle to HPE OneView.

  > cd BASE_DIR/infrastructure
  > ansible-playbook -i hosts playbooks/upload_firmware_bundle.yml --ask-vault-pass
  

NOTE

• Firmware update and validation tasks will be executed if user has selected "managefw" variable as "true" in "inputs.yml" file while creating the "server profile template".

• iLO settings update and validation tasks will be executed if user has selected "manageilo" variable as "true" in "inputs.yml" file while creating the "server profile template".

• BIOS settings update and validation tasks will be executed if user has selected "manageBios" variable as "true" in "inputs.yml" file while creating the "server profile template".

NOTE

BASE_DIR is defined and set in Installer machine section.

• Expected output on successful creation of Server Profile and updation of firmware based on firmware baseline specified by the user.

• Expected output after successful firmware validation based on firmware baseline specified by the user in "fw_versions.yml".

• Expected output in "firmware" section of OneView server profile is as follows.

• Expected output after successful BIOS security settings validation based on security setting specified in "secret.yml".

• Expected output after successful iLO settings validation based on iLO setting specified in "secret.yml".

• Expected output in OneView on successful creation of Server Profile and updation of firmware, BIOS and iLO settings.