About Onboard Administrator configuration scripts

Use configuration scripts to simplify new enclosure deployment and configuration, particularly when setting up multiple enclosures, eliminating the need to configure each enclosure manually. Capturing your best practices and compliance rules, HPE OneView copies the script from the enclosure group to the logical enclosure, and then executes it on the physical enclosure. You can create, edit, or delete an enclosure configuration script from either the Enclosure Groups screen or the Logical Enclosures screen.

To create a configuration script, do one of the following:
The configuration script is run on the physical enclosure when:
  • You add an enclosure and the associated enclosure group contains a configuration script.

  • You edit the configuration script of a logical enclosure. Clicking OK to save your changes will run the script.

    You GET the configuration script of a logical enclosure, make changes and then update (PUT) the script.

  • You select Logical Enclosures > Actions > Reapply configuration to re-run the OA configuration script associated with the logical enclosure (not the enclosure group). The action also verifies that SSO, SNMP and NTP are configured correctly on the enclosure and that the OA firmware is up to date. The action takes place immediately and requires no other interaction unless there is lost connectivity to the enclosure, in which case you are prompted to re-enter the OA IP address or host name and credentials.

  • You select Logical Enclosures > Actions > Update from group which copies the enclosure configuration script from the associated enclosure group to the logical enclosure and then runs the script.

You can initially enter passwords, SNMP community strings, and pass phrases in plain text as you create an enclosure or enclosure group script. However, all passwords, SNMP community strings, and pass phrases are masked (replaced by *********) in any UI or REST API response and are never displayed in plain text.

If you replace the ********* password string with another string and rerun the script, the password is changed to the new string. Note that some commands cannot be run a second time. For example, if you rerun the ADD USER username ********* command on the same enclosure and have changed the ********* string, the command will fail because that user already exists. In this situation, remove the newly added user before you rerun the script.

If any part of the command that is returned with ********* is changed, and you do not replace ********* with another string, the value of the password or the SNMP community string becomes *********. For example, if you submit the script with the command SET USER PASSWORD user_name1 new_password , the script returns SET USER PASSWORD user_name1 ********* . If you change the command to SET USER PASSWORD user_name2 *********, the password for user_name2 is set to *********, and not new_password.

A subset of OA commands is disallowed in the enclosure configuration script to prevent conflicts with the appliance configuration and settings. There is no syntax checking or other validation of the remaining script. See Disallowed Onboard Administrator commands for a list of the OA commands not allowed in a configuration script.

View or download OA command documentation for a complete reference of OA commands.

iLO passwords

iLO passwords embedded in HPONCFG RIBCL scripts are masked provided certain conditions are met:
  • For the LOGIN command, the LOGIN, USER_LOGIN, and PASSWORD tags must appear on the same line

  • For the ADD_USER command, the ADD_USER, USER_LOGIN, and PASSWORD tags must appear on the same line

  • For the MOD_USER command, the MOD_USER, USER_LOGIN, and PASSWORD tags must appear on the same line