Unable to update iLO3 firmware on HP BL465c G7 blades

Leave a reply

We’ve recently needed to upgrade the OA firmware on our HP C7000 blade enclosures to support Gen8 blades. A pre-requisite is to first make sure the ROM/BIOS and iLO firmware is up to a certain level.

While attempting to upgrade iLO on the HP BL465c G7 blades, quite often i’d get an error upgrading from 1.16 and below up to 1.50. I’ve contacted HP about it and they refer to a support document detailing steps on how to perform steps to recover from a failed iLO update. These steps are quite involved and require downing a server, setting DIP switches on the motherboard, then getting to the command line in HP SUM and running a bunch of commands.

There’s an easier way. You’ll need to perform a stepped upgrade firstly to 1.28 and then to 1.50.

  1. Firstly get the ilo2_128.bin firmware from HP.
  2. Upload the firmware from the iLO Web Administration page.
  3. Once that is done I found I needed to clear the browsers cache before going back into iLO, otherwise the page didn’t render correctly.
  4. Once that is done, then complete the upgrade to 1.50.

I hope this helps. Please feel free to drop me a comment to let me know how you went!

Unable to SSH into ESXi server

Leave a reply

You’ve turned on SSH, and even enabled the firewall profile for SSH. But for some reason you still can’t SSH into the ESXi server and get a “Connection Refused” message back when hitting port 22. You’ve also checked your corporate firewall and that’s it’s not blocking comms.

Have a look in Tasks and Events to see if the server’s ramdisk for root is full. There’s a good chance that it is. This is a problem i’ve encountered with vSphere 5.1 recently and is preventing SSH from starting properly.

The cause of the ramdisk filling up is ESXi not truncating /var/log/wtmp properly. That’s another issue, but to fix the immediate problem, vMotion all the VMs off the ESXi server first. You may get errors like “Cannot migrate <vmname>”. It’s all because of the full ramdisk. You can often give it a kick by re-running DRS for the cluster and that gets it going again.

Once all VMs are off the server, reboot it and your problems should go away.

 

Linux Malware Detect, Debian, and Plesk

Leave a reply

Updated on 03/04/2013 for v1.4.2
Now featuring 2 methods to get this working.

Linux Malware Detect will not run out of the box in monitor mode (scan mode works fine) on a Debian system. There are a few things you need to do to get it working.

Method 1 (Recommended)

This method will have LMD monitor mode scanning using the inotifywait binary that comes with LMD. It differs from the Debian native binary in that it’s 32-bit and accepts a different set of parameters. It requires the least amount of work to get going.
We will be adding the path to the LMD version of libinotifytools to the system.

  1. Create the file /etc/ld.so.conf.d/maldet.conf and put the following text in it: 
    /usr/local/maldetect/inotify
  2. Then run ldconfig

Method 2

LMD comes with a 32-bit inotifywait binary. We’ll first need to install the inotify-tools package which will put a 64-bit version on the system. The LMD version of inotifywait seems to support the -d -o and -m parameters, which the Debian version does not. As a result we’ll need to tweak a few files to make LMD work with Debian’s inotifywait. These instructions presume you have LMD already installed in /usr/local/maldetect/.

  1. Install inotify-tools and libinotifytools0.
  2. Replace the line that starts with $nice in the main maldet script with the following: 
    $nice -n $inotify_nice $inotify -r --fromfile $inotify_fpaths $exclude --timefmt "%d %b %H:%M:%S" --format "%w%f %e %T" -m -e create,move,modify >> $inotify_log 2>&1 &
  3. In internals.conf, change the location of the inotifywait path to /usr/bin/inotifywait.

You may need to tweak inotify_base_watches if you have lots of paths/files.

Important!!!: Disable the line in /etc/cron.daily/maldet that updates maldet (maldet -d). When it self updates, it undo all your changes. You are better off updating it manually until the developers adapt LMD to work better with Debian.

Scanning the docroots

Now if you’re working with Plesk, you’ll only want LMD to monitor the docroots. Run the following to create a file with a list of all the docroots:

mysql -s -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "select www_root from hosting;" > /usr/local/maldetect/maldetfilelist

You can then start LMD with:

maldet -m /usr/local/maldetect/maldetfilelist