Configuring the Management Processor (MP)

There is a built-in processor on most HP systems, including Integrity servers, that can be used for either local or remote system administration functions called the Management Processor (MP). Occasionally, you may hear it referred to as the Service Processor (SP) or Guardian Service Processor (GSP), but MP is by far the most commonly used name. MP functionality gets enhanced on a regular basis so what you'll see in the upcoming examples may not be the same as the MP functionality you see on your system. Still, it should be very close. This section provides a quick overview of MP, including listing the overview supplied with the tool. Note that initial MP configuration is important because the first person to gain access to MP before it has been configured is a MP administrator by default.

You gain access to the MP with ^b (ctrl b). If MP has not been configured, anyone who gets access to the console can type ^b and gain access to the system. Because of this, perform MP configuration as soon as possible after installing your system.

After you issue ^b, you see the MP> prompt. The following listing shows the output from the he ov (help overview) command:

 ------------------------------------------------------------------------- Service Processor login: Service Processor password:                       Hewlett-Packard Management Processor      (c) Copyright Hewlett-Packard Company 1999-2002. All Rights Reserved.                             System Name: uninitialized *************************************************************************                          MP ACCESS IS NOT SECURE      No MP users are currently configured and remote access is enabled.                Set up a user with a password (see SO command)                                      OR          Disable all types of remote access (see EL and ER commands) ************************************************************************* MP Host Name: uninitialized MP> he       Hardware Revision a1 Firmware Revision E.02.07 Aug 8 2002,23:00:38                         MP Help System      Enter a command at the help prompt:             OVerview  : Launch the help overview             LIst      : Show the list of MP commands             <COMMAND> : Enter the command name for help on individual command             TOPics    : Show all MP Help topics and commands             HElp      : Display this screen             Q         : Quit help ==== MP HELP: ov ov ==== MP Help Overview ===================================================== The Management Processor (MP) is an independent support processor for the system console. MP provides services that facilatate the management of the host system. Its major features are:   * Always-on capability: The MP is alive as long as the power cord is      plugged in.   * User/password access control: Supports operator and administrator users   * Multiple access methods:      Local Port        - use terminal or laptop computer for direct connect      Remote/modem Port - use dedicated modem RS-232 port and external modem      LAN               - use telnet or web to access MP LAN   * Mirrored console: the system console output stream is reflected to all      of the connected console users, and any user can provide input.   * Display and/or logging of:      The system console, System event logs (chassis codes), Virtual      Front Panel (VFP), and system power and configuration status   * An independent, non-mirrored session:      Available from local and modem ports for MP connection (CSP) or OS      login (SE).   * Power control, system reset, and TOC capabilities. MORE Help (Q to go back to main, <CR> for more): ==== MP Help ==============================================================                                 HELP TOPICS The following topics can be entered for general information:  * ADMINistrator           LIst of commands      PASSword resetting  * CHASsis codes         * MODEM               * PORT summary  * COMmand summary       * MODES of the MP     * SESsion  * CONSole               * OVERview            * TOPics  * HPterm and VT100                     (* topics which are included in the OVERview) The following commands can be entered for help on the command: AC  AR  CA  CL  CO  CSP  DC  DF  DI  EL  ER  EX  HE  IT  LC  LS  MR MS  PC  PG  PS  RS  SDM  SE  SL  SO  SR  SS  TC  TE  VFP WHO XD  XU MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                                  MP MODES THE MIRRORED MP SESSION:   When first logging on, the user is part of the mirrored MP session. The   mirrored MP session has three modes:      1) MP Command Mode   2) Console Mode   3)  VFP or Alert Mode   1.  You are in the MP Command Mode right now. In this mode all the MP       commands can be executed. Typically this mode is entered by typing       CTRL-B from console mode.   2.  In Console Mode the user gets access to the Unix console. This mode is       entered from the MP Command Mode using the CO command.   3.  In the VFP or Alert Mode the MP displays a representation of the front       pannel leds, called the Virtual Front Panel (VFP). This mode is entered       from MP Command Mode using the VFP command.   See the help on those commands for more information. LEAVING MIRRORED MP SESSION:   From the local or remote/modem ports, it is also possible to leave the   mirrored MP session and connect to either the OS (see the "SE" command)   or to another MP on the network (see the "CSP" command). MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                              MP COMMAND HELP The MP commands can be grouped into the following categories:    * STATUS COMMANDS- Provide status on the server and the MP.            CL, DF, LS, MS, PS, SL, SR, SS, VFP    * SERVER CONTROL- Alter the state of the server            MR, PC, RB, RS, TC    * GENERAL MP CONFIGURATION            AC, BP, CG, DC, IT, LOC, PR, SDM, SO, XD, XU    * MP PORT CONFIGURATION- Configure LAN/WEB, remote/modem, and local ports            CA, EL, ER, LC, PG    * CONNECTIONS- Examine and make connections or change mode            CO, CSP, DI, EX, SE, TE, VFP, WHO MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                      OPERATOR / ADMINISTRATOR HELP Administrators have more capabilities than Operators:   Administrator-Only Commands:   AR (Automatic system Restart), DC (Default Configuration), IT (Inactivity   Timeout), LC (LAN Configuration), PG (PaGing), SO (Security Options) The MP Command interface permission/access level:   The MP Command interface permission/access level is set by the first   user that types CTRL-B to initiate it. If that user is an operator-   user, then the command interface runs at operator access level. Even if an   administrator-user logs in later or the operator-user disconnects, the   access level stays the same. The access level can be changed by leaving MP   command mode and and typing CTRL-B again to return. MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                              CONSOLE MODE HELP Typing "CO" from the MP Command interface provides a mirrored version of the OS console. All mirrored users see the same output. At any time, only one of the mirrored users has write access to the console. To get write access to the console, type CTRL-e c f (not CTRL-e CTRL-c CTRL-f). SEE ALSO: CO (COnsole) MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                              SESSION MODE HELP Typing "SE" from the MP Command interface provides a non-mirrored, normal OS login. The session is not the console; it is a separate login to the OS, and the messages that the OS sends to the console will not be seen. RECOMMENDATION: Use the session for ASCII screen-oriented applications (SAM) or file transfer programs (ftp) from the local or modem ports. To use these applications from the LAN, telnet directly to the system for a private login. SEE ALSO: SE (SEssion) MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                              CHASSIS CODES Chassis codes are encoded data that provide system information to the user. Some well-known names for similar data would be Event Logs or Post Codes. Chassis codes are produced by intelligent hardware modules, the O/S, and system firmware. Use VFP to view the live chassis codes. Use SL to view the chassis code log. The following severity (or alert) levels are defined:   0) Minor Forward Progress   4) Reserved   1) Major Forward Progress   5) Critical   2) Informational            6) Reserved   3) Warning                  7) Fatal SEE ALSO: SL, VFP (Show Logs, Virtual Front Panel) MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                                 PORTS HELP The local, remote/modem, and LAN ports are actual connections on the back of the server.  All ports can be used even when the server is non-functional.   * Local port       : Provides serial port terminal access. To configure,                        see the CA (Configure Asynchronous) command.   * Remote/Modem port: Provides external modem access. Related commands                        are ER, MS, and MR (Enable Remote/modem, Modem                        Status, Modem Reset)   * LAN port         : Provides telnet and web access into the MP. Related                        commands are EL, LC, and LS (Enable LAN, LAN                        Configuration, and LAN Status). MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                          REMOTE/MODEM PORT HELP The remote/modem port can be used for dial-in access to the MP or the OS, and can be configured so that the OS or the MP can activate a pager. The remote/modem port is configured via the CA command. The ER command enables/disables the port and gives the modem control over to the MP or the OS. See the help on those commands for more details. SEE ALSO: CA, ER, DI, MR, MS, PG (Configure Asynchronous, Enable Remote,           DIsconnect remote or LAN, Modem Reset, Modem Status, PaGing) MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                             INTERNAL PORT HELP The Internal Port has been obsoleted. MORE Help (Q to go back to main, <CR> for more): ==== MP Help Overview =====================================================                             HPTERM & VT100 HELP RECOMMENDATION: Do not mix HP and vt100 terminal types at the same time. The MP mirrors the system console to the MP local, remote/modem, and LAN ports. One console output stream is reflected to all of the connected console users. If several different terminal types are used simultaneously by the users, some users may see strange results. HP-UX example: Applications which care about the terminal type (install, SAM, vi, etc.) running on HP-UX use three methods to determine the terminal type:   1) The application takes the terminal information from the OS. This      value is set in the CA command and takes effect for all MP ports.   2) The $TERM shell environment variable   3) The application directly queries the terminal (in this case, the      write enabled terminal will establish the terminal type.) Make sure that settings #1 and #2 agree with your terminal type. ==== (HE for main help, enter command name, or Q to quit) MP HELP: ==== MP Help ============================================(Administrator)===       Hardware Revision a1 Firmware Revision E.02.07 Aug 8 2002,23:00:38                         MP Help System     Enter a command at the help prompt:            OVerview : Launch the help overview            LIst : Show the list of MP commands            <COMMAND> : Enter the command name for help on individual command            TOPics : Show all MP Help topics and commands            HElp : Display this screen            Q : Quit help ==== MP HELP: 

It is important to note that neither a login name or password were required to log in after the ^b was issued. This is because at startup, no MP users have yet been configured. At this point, any user can get access to this menu by typing ^b at the system console. Newer versions of the MP require a login name and password.

The MP overview provides a wealth of information. Although this was a long output, I included it because it describes many MP commands and functions. As previously mentioned, at startup any user can get access to the MP menu. Because you don't want unauthorized users to have access to many of theses commands, the first step we'll take is to set up security options using the Security Options command, SO. SO begins by summarizing its parameters after which it asks you a series of security related questions. I have listed them here. In the example, I answered y when asked if I wanted to modify the parameters so that we could see each one individually. I answered n when asked if I wanted to modify each individual parameter. Your answers should reflect your own security preferences:

 MP> SO This command allow you to modify the security options and access control. MP wide parameters are:    . Login Timeout: 1  minutes.    . Number of Password Faults allowed: 3    . Flow Control Timeout: 5  minutes.    . SSL for Web Access: Disabled    . Contact Information:        ->contact person :        ->contact phone number :        ->contact email address :        ->contact pager number :    . Location Information:        ->server location :        ->server rack ID :        ->server position : Do you want to modify the MP wide parameters? (Y/[N]) y    Current Login Timeout: 1 minutes.    Do you want to modify it? (Y/[N]) n    Current Number of Password Faults allowed: 3    Do you want to modify it? (Y/[N]) n    Current Flow Control Timeout: 5 minutes.    Do you want to modify it? (Y/[N]) n    Current SSL for Web Access: Disabled    Do you want to modify it? (Y/[N]) n    Do you want to modify the contact information? (Y/[N]) n    Do you want to modify the location information? (Y/[N]) n User number 1 parameters are:    . User's Name:    . User's Login:    . Organization's Name:    . Dial-back configuration: Disabled    . Access Level: Operator    . Mode: Single    . User's state: Disabled Do you want to modify the user number 1 parameters? (Y/[N]/Q to quit) q MP Host Name:  uninitialized MP> 

You can see that there are many Security Options. Because you have unlimited access to the system through the console, you will want to review these to ensure that they meet your requirements. You can add users and perform other security-related tasks.

In addition to configuring users and security, there are many useful features of MP. I encourage you to experiment with it. One command I often use is cl. I use cl to display a console history, as shown in the following listing for the rx2600 system used throughout the examples in this chapter:

 MP> cl EFI Boot Maintenance Manager ver 1.10 [14.60] Select the Console Output Device(s)       Acpi(PNP0501,0)/Uart(9600 N81)/VenMsg(PcAnsi)       Acpi(PNP0501,0)/Uart(9600 N81)/VenMsg(Vt100)       Acpi(PNP0501,0)/Uart(9600 N81)/VenMsg(Vt100+)       Acpi(PNP0501,0)/Uart(9600 N81)/VenMsg(VtUtf8)       Acpi(HWP0002,700)/Pci(1|1)/Uart(9600 N81)/VenMsg(PcAnsi)       Acpi(HWP0002,700)/Pci(1|1)/Uart(9600 N81)/VenMsg(Vt100)     * Acpi(HWP0002,700)/Pci(1|1)/Uart(9600 N81)/VenMsg(Vt100+)       Acpi(HWP0002,700)/Pci(1|1)/Uart(9600 N81)/VenMsg(VtUtf8)     * Acpi(HWP0002,700)/Pci(2|0)     Save Settings to NVRAM     Exit EFI Boot Maintenance Manager ver 1.10 [14.60] Select the Console Output Device(s) Press Q/q to quit, Enter to continue: 

This listing shows the last console task we completed, which was to enable the graphics console (the second entry with an * in front of it), which you did at the end of the last section.

You can also use MP to obtain the status of power modules with ps, as shown in the following listing:

 MP> ps PS System Power state: On            Power Switch      : On Temperature       : Low OverTemp  Selected fan state: Normal           Power supplies          | Fan  #  State               Type      | States ----------------------------------------------------------- 0  Normal               Type 0    | Normal 1  Not Installed           -      | Normal 2    -                     -      | Normal 3    -                     -      | Normal 4    -                     -      | Normal 5    -                     -      | Normal 6    -                     -      | Normal 7    -                     -      | Normal MP Host Name: uninitialized MP> 

This shows output that you have one power supply and that our many fans are operating Normal. The second power supply is not installed.

You can view processor status with ss, as shown in the following listing:

 MP> ss       (This command will not run on Integrity               Superdome in the future) SS System Processor Status:    Monarch Processor: 0    Processor 0 is : Installed and Configured    Processor 1 is : Installed and Configured MP Host Name: uninitialized MP> 

This listing shows that there are two processors installed and the Monarch Processor is 0. This is the main controlling processor from the perspective of the operating system. This processor is designated as CPU 0. The Low Priority Machine Check (LPMC) monitor will not deactivate or replace a failing monarch processor.

Although they weren't shown in any examples, you can power on or off the system using the PC command, for Power Control.

After you complete your MP-related work you can return to console mode from the MP prompt simply by issuing co, as shown in the following listing:

 MP> co 

Anytime that you are on the console, you can issue ^b and get access to MP and then get back to console mode using co.

Table 1-3 contains a list of high-level MP commands available on Integrity servers at the time of this writing. The commands in this table include co to select the console and vfp to select the virtual front panel. These are high-level commands and descriptions only. A more detailed list of commands is included in later tables. Keep in mind the MP commands for your Integrity system may be somewhat different from those listed.

The following three tables (1-4 through 1-6) provide more detail about the commands that are issued at the MP:CM> prompt for specific users. Tables 1-7 through 1-9 provide detailed information about additional boot topics such as Cell Local Memory (CLM) and the HPUX boot loader.

Tables 1-4 through 1-6 provide a lot of information about the com- mands that specific users can issue at the MP:CM> prompt. Although the commands issued in Tables 1-7 through 1-9 are beyond the scope of this book, I have found that these tables are an excellent reference for Integrity servers especially when running additional operating systems beyond Linux.

The next chapter discusses loading Linux on an Integrity server.