Personalize network settings

SA supports complete network personalization, both during the provisioning process and for the installed operating system. Network settings for existing servers can be also changed.

Network personalization is achieved using the hpsa_netconfig custom attribute using simple JSON (http://json.org/) syntax to specify the network configuration to be configured on the target system. For example:

{

"hostname" : "testname",

"domain" : "test.domain.com",

"workgroup" : "someWorkgroup",

"interfaces" : [

{

"macAddress": "11:22:33:44:55:66",

"enabled": true,

"dhcpv4": true,

"ipv6Autoconfig": true,

"provisioning": true,

"dnsServers" : [ "192.168.0.30", "192.168.0.31", "FC00:2::30", "FC00:2::31" ],

"dnsSearch" : [ "test.domain.com", "domain.com" ],

"winsServers" : [ "192.168.0.34" ],

"staticNetworks": [

"192.168.0.123/24",

"192.168.0.124/255.255.255.0",

"FC00:2::123/64"

],

"vlanid" : 2,

"ipv4gateway": "192.168.0.1",

"ipv6gateway": "FC00:2::1"

}

],

"virtualInterfaces" : [

{

"interfaceName" : "br0",

}

]

}

Mandatory and optional fields

If you do not specify the hpsa_netconfig custom attribute, SA automatically determines the interface used by the SA Agent to communicate with the SA Core when the personalization runs. This interface, called the Provisioning Interface, is configured automatically through DHCP.

If the hpsa_netconfig custom attribute is present and contains interfaces, the macAddress field defaults to the MAC address of the provisioning interface if one is not present. Because there is a single provisioning interface, there can only be one interface definition in hpsa_netconfig that does not have a MAC address.

MAC addresses are needed to uniquely identify the server's network interfaces. All other fields are optional and have default values.

The hpsa_netconfig format does not make any assumptions about how the networks to which the server is joined are configured. For this reason, only minimal validation is performed. SA does not verify that the settings lead to valid connectivity between the SA Agent and the SA Core. You should verify that the specified network settings will allow the SA Agent to connect to the SA Core after they are applied. Other obvious error cases, such as disabling the provisioning interface, are validated.

Description of individual fields

enabled

The enabled value handles the state in which the interface will be after the network is configured. If the value is false, the interface will still be configured as intended, but it will be deactivated.

hostname, domain

The host name (also known as the computer name) is used to identify the node on the network. The domain name is the DNS registered domain of the server. Together they account for the fully qualified domain name (FQDN) of the server.

interfaces

A list of the system's physical network interfaces that are to be configured. Each interface (as identified by the MAC address) can have a single entry in the list.

macAddress

The Media Access Control (MAC) address of the network interface. Multiple formats are accepted, colon or dash separated, or just a string of hexadecimal numbers.

dhcpv4

Controls the use of DHCP for acquiring IPv4 network addresses.

ipv6Autoconfig

Controls the use of IPv6 stateless address autoconfiguration (SLAAC) and DHCPv6 simultaneously. The IPv6 router should be configured to advertise DHCPv6 configuration. If not specified, depending on how the SA Agent is connected to the SA Core, it will be set to true (an IPv6 connection) or false (an IPv4 connection).

provisioning

This field is used to explicitly specify the interface to be used for provisioning. Only one provisioning interface is supported. Use of this field is not recommended outside of complex scenarios. In most cases, SA will be able to (and will) configure this automatically.

dnsServers, dnsSearch, winsServers

Controls the name resolution settings. The order in which the values are specified will be the order of configuration. The first dns nameserver, dns domain or winserver in the list will be the primary selection. DNS servers can be a combination of both IPv4 and IPv6 addresses. For WINS servers only, IPv4 addresses are supported.

staticNetworks

A list of static networks to configure on the interface. IPv4 addresses can use the CIDR notation, or IP address / network mask notation. IPv6 addresses will use the IP address / prefix length notation. The first address in the list will be the first one to be applied.

ipv4gateway/ipv6gateway

The IP version 4 default gateway or IP version 6 (next hop) address. <<Could these be changed to IPv4 and IPv6 here?>>

vlanid

The VLAN ID used to tag packets for this interface.

virtualInterfaces

This section configures the non physical interfaces. These are not identified by their MAC address but by their interfaceName. The virtual interfaces are configured similarly to the physical ones (using fields as dhcpv4, staticNetworks, etc.)

interfaceName

Identifier for the configured virtual interface. This field is not necessary for the physical interfaces which are identified by their MAC address.

Where is hpsa_netconfig used?

You can personalize the network settings at different stages of the provisioning process. The network can be personalized across all these stages, or selectively. For example it can start out with DHCP-based provisioning and switch to static networking after the system is provisioned.

Service OS with personalized network settings

Servers can be brought in Maintenance mode using the static provisioning images that provide a boot configuration screen used to configure these network settings. These settings will also be saved in the hpsa_netconfig custom attribute on the server, overwriting any existing settings. As a result, the settings will be used throughout the provisioning process and will also be applied to the installed OS. Note also that a Build Plan level hpsa_netconfig custom attribute will be ignored since the server one has higher priority.

For more automation, one can also connect a floppy-disk and specify in hpsa_response_file.txt the boot configuration settings as such:

{

"agwIpPort" : ["fc00:2::123:3001", "192.168.0.1:3001"],

"forceUI" : false,

"mid" : "100001",

... network settings ...

}

Where:

agwIpPort

The SA Agent gateways that should be used for the ogfs-agent to register with SA.

forceUI

Flag to decide if the boot configuration screen should show regardless. Defaults to false.

mid

The SA machine identifier that the server represents. Must be set.

The network settings are mandatory. Also note this is independent from the hpsa_netconfig custom attribute, which should be set if network personalization is desired throughout the provisioning process.

For HPE ProLiant Gen8 or newer servers, you can also use the embedded service OS for PXE-less and DHCP-less provisioning by registering the server with its iLO address and setting the hpsa_netconfig custom attribute. In this case, the MAC address is mandatory, since the SA Agent has not reported hardware information to the SA Core yet so the MAC address can not be determined automatically.

The ability to configure the service OS statically allows you to provision without DHCP and network boot infrastructure (PXE and TFTP server).

During the provisioning process

Using the information from the hpsa netconfig custom attribute, SA automatically injects the required settings in the OS installation profile for the provisioning interface to run the vendor OS installer with the specified network settings. This is the only interface configured this way, and only one IP address will be configured for it. Depending on whether the Service OS used is IPv4- or IPv6-based, the OS installer will have an IPv4 or IPv6 address as configured in hpsa_neconfig for the provisioning interface.

For the OS installer on IPv6, although the protocol supports multiple IPs on the same interface, you cannot have static and dynamic (SLAAC and DHCP) IPs at the same time. If you have both static and dynamic (ipv6Autoconfig) defined in hpsa_netconfig for the provisioning interface, only the static IP settings will be used.

This configuration only allows SA to install in an environment that does not use DHCP. The network configuration is completed after the OS is installed.

Network personalization of an installed system

The complete configuration of all network interfaces and all addresses (IPv4 and IPv6) can be accomplished using Personalize Network Settings of Installed System script as a Run Script step.

This step already exists in most baseline Build Plans. It can be added to any Build Plan or you can create a separate Build Plan intended only for network configuration.

Because this step can lead to loss of connection to the SA Agent, it must always be followed by a Wait for SA Agent step.

Running the personalization step configures the targeted device in a series of steps: updating the computer name (hostname), the domain and DNS information and the specified network settings. After updating the network settings for a persistent configuration, a network stack reset is executed. Then the SA Agent is forced to report the new hardware changes. All changes are platform-specific, as the Personalize Network Settings of Installed System step can detect the targeted platform.

Applying the new configuration must handle different possible scenarios. Updating the DNS and domain information means reorganizing the previous configuration so that the new configuration will act as the primary (for example, setting the new DNS IP as the first nameserver in /etc/resolv.conf). Updating the network settings requires clearing up the old configuration (only the fields that are handled by the hpsa_netconfig custom attribute) before committing to the new configuration, clearing and creating aliases if needed (one of the cases would be if multiple static IPv4 networks are specified), and enabling or disabling the dual-stack network interface.

In all scenarios, the old configuration is preserved if you do not intentionally modify it.

Example:

Assume that the device already has three configured interfaces ("eth0", "eth1" with "eth1:1" alias, "eth2"). If the hpsa_netconfig custom attribute is set to configure "eth0" to static with an alias and "eth1" to dhcp, the step applies the personalization to "eth0", creating the alias, and to "eth1", deleting the existing alias (the result being: "eth0" with "eth0:1" alias, "eth1", "eth2"). Other interfaces will remain unchanged (in this case, "eth2").

Red Hat Enterprise Linux, CentOS, Oracle Enterprise Linux platform

• Updated configuration files for the new computer name : /etc/hosts, /etc/sysconfig/network.

  • The hostname command is also executed for the runtime configuration.
• Updated configuration files for the domain and DNS information: /etc/resolv.conf.
• Updated configuration files for the network specific configuration : /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg-ethXX.
• Restarting network : /etc/init.d/network restart (this step could lead to loss of connection to the SA Agent).

Ubuntu platform

Network configuration does not support mapping in /etc/network/interfaces because hpsa_netconfig does not support multiple naming. Example of unsupported configuration:

mapping eth0
        

script /usr/local/sbin/map-scheme
        

map HOME eth0-home
        

map WORK eth0-work
        

iface eth0-home inet static
        

address 192.168.1.1
        

netmask 255.255.255.0
        

up flush-mail
        

iface eth0-work inet dhcp
        

• Updated configuration files for the new computer name : /etc/hosts, /etc/hostname.

  • The hostname command will be also executed for runtime configuration.

• Updated configuration files for the domain and DNS information: /etc/resolv.conf and /etc/resolvconf/resolv.conf.d/original

• Updated configuration files for the network specific configuration : /etc/network/interfaces

• Restarting network : /etc/init.d/networking restart (this step could lead to loss of connection to the SA Agent)

SUSE platform

• Updated configuration files for the new computer name : /etc/hosts and /etc/HOSTNAME.

  • The hostname command is also executed for the runtime configuration.
• Updated configuration files for the domain and DNS information: /etc/resolv.conf and /etc/sysconfig/network/config.
• Updated configuration files for the network specific configuration : /etc/sysconfig/network/routes, /etc/sysconfig/network/ifcfg-ethXX and /etc/sysctl.conf.
• Restarting network : /etc/init.d/networking restart (this step could lead to loss of connection to the SA Agent).

VMware ESXi Platform

Static network configuration is applied during installation by injecting it into the Kickstart file.

Windows platforms

The same configuration process can be used to apply persistent settings or to configure the device when running the installer.

Applying personalization implies executing a series of Windows-specific commands that configure the system with the specified information.

This also means that the configuration is visible immediately without the necessity to apply it after reboot.

Personalize network settings of installed systems Build Plan

The Build Plan is created especially for network personalization of installed systems. It requires the SA Agent to be in production after installation.

The network personalization is done as described in the sections above.

The Build Plan contains the Skip steps based on Custom Attribute step. This step allows the Build Plan to take advantage of the Flow Control feature to skip or execute the Reboot step. It has an predefined custom attribute : skip_reboot, with a default value of no and, as argument, the number of steps to skip. If the value of skip_reboot is set to yes, the Reboot step is not executed. See Flow control mechanism.