Prototype-X/README.md

## README.md

      
    Raw
  

              README.md
            
          
    iLO Remote Console

This small script lets you start iLO Java-based console from shell.
But why not HTML5?


iLO 2/3 doesn't have HTML5 console
Mounting local (from the client computer) ISOs is PAINFULLY slow via HTML5 client

TL;DR

If you just start it, it will ask you for everything:
% ./ilo-console.sh
Connecting to iLO 4 (set ILO_VERSION to change)
iLO Host: foo
iLO Login: bar
iLO Password:

Config

You can set the following environment variables:

ILO_VERSION: iLO version, 2, 3, and 4 are supported
ILO_HOST: hostname/IP of the server, optionally with port (e.g. example.com, 10.0.0.3, example.com:1234)
ILO_LOGIN: username for iLO
ILO_SKIP_DEFAULTS: when set to anything it will auto-assume defaults

Examples

# Just use provided values
% ILO_SKIP_DEFAULTS=1 ILO_HOST=10.0.0.3 ./ilo-console.sh
Connecting to iLO 4 (set ILO_VERSION to change)
iLO Host: 10.0.0.3
iLO Login: foo
iLO Password:

# Suggest provided values
% ILO_LOGIN=foo ./ilo-console.sh
Connecting to iLO 4 (set ILO_VERSION to change)
iLO Host: 10.0.0.3
iLO Login [foo]:
iLO Password:

# Suggested values can be changed
% ILO_LOGIN=foo ./ilo-console.sh
Connecting to iLO 4 (set ILO_VERSION to change)
iLO Host: 10.0.0.3
iLO Login [foo]: bar
iLO Password:

Wait, what about ILO_PASSWORD?!

No.

Stop creating security nightmares.
ExitException: Unable to load resource ....

If you're getting an error similar to the one below:

It means your JRE has TLSv1.1 disabled. Newer versions disable it automatically
upon update. Old iLO versions (<4) cannot use TLSv1.2, so the JRE download
fails.
To re-enable TLSv1.1 support open Java Control Panel (e.g. on macOS it's under
 -> System Preferences -> Java). Navigate to the "Advanced" tab and check
"Use TLS 1.1".

It still doesn't work!

In this case you may be having JRE which doesn't support TLSv1.1 at all. The script has an option for that too - autoproxy.
To make it work you need to have mitmdump (part of mitmproxy package) and socat installed in your system.
Then run the script with ILO_AUTOPROXY=1. It will automatically:

Setup local proxy to your iLO web ignoring ancient TLS & self-signed certificates error
Setup local proxy for iLO remote console
Setup local proxy for iLO virtual media connection


## ilo-console.sh
#!/bin/bash

### HANDLE VERSION PICK
if [[ -z "$ILO_VERSION" ]]; then ILO_VERSION="4"; fi;
case $ILO_VERSION in
    "2")
        ILO_JAR=html/intgapp_228.jar; ;;
    "3")
        ILO_JAR=html/intgapp3_231.jar; ;;
    "4")
        ILO_JAR=html/intgapp4_231.jar; ;;
    *)
        echo "iLO $ILO_VERSION is not supported"
        exit 1;
esac
echo "Connecting to iLO $ILO_VERSION (set ILO_VERSION to change)"

### HOST
echo -n 'iLO Host'
if [[ ! -z "$ILO_HOST" ]]; then
    if [[ -z "$ILO_SKIP_DEFAULTS" ]]; then
        echo -n " [$ILO_HOST]: "
        read ILO_NEW_HOST
        if [[ ! -z $ILO_NEW_HOST ]]; then ILO_HOST=$ILO_NEW_HOST; fi;
    else
        echo ": $ILO_HOST"
    fi;
else
    echo -n ': '
    read ILO_HOST
fi;
if [[ -z "$ILO_HOST" ]]; then
    echo "Empty host - aborted."
    exit 1
fi;

### LOGIN
# While -i exists it's not portable
echo -n 'iLO Login'
if [[ ! -z "$ILO_LOGIN" ]]; then
    if [[ -z "$ILO_SKIP_DEFAULTS" ]]; then
        echo -n " [$ILO_LOGIN]: "
        read ILO_NEW_LOGIN;
        if [[ ! -z $ILO_NEW_LOGIN ]]; then ILO_LOGIN=$ILO_NEW_LOGIN; fi;
    else
        echo ": $ILO_LOGIN"
    fi;
else
    echo -n ': '
    read ILO_LOGIN
fi;
if [[ -z "$ILO_LOGIN" ]]; then
    echo "Empty login - aborted."
    exit 1
fi;

### PASSWORD
echo -n 'iLO Password: '
read -s ILO_PASSWORD
echo;

ILO_ADDRESS="$ILO_HOST"
if [[ ! "$ILO_ADDRESS" =~ ^"https://".* ]]; then ILO_ADDRESS="https://$ILO_ADDRESS"; fi;
if [[ ! "$ILO_ADDRESS" =~ .*"/$" ]]; then ILO_ADDRESS="$ILO_ADDRESS/"; fi;

### AUTO-PROXY
if [[ ! -z "$ILO_AUTOPROXY" ]]; then
    ILO_AUTOPROXY_HOST=$(echo $ILO_ADDRESS|cut -d/ -f3)

   if ! command -v mitmdump &> /dev/null; then
       echo "Cannot find mitmdump (part of mitmproxy package) - it is required for ILO_AUTOPROXY"
       exit 1
   fi

   if ! command -v socat &> /dev/null; then
       echo "Cannot find socat - it is required for ILO_AUTOPROXY"
       exit 1
   fi

   trap "kill 0" EXIT
   # See https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00045334en_us
   mitmdump --ssl-insecure -p 9443 --mode reverse:$ILO_ADDRESS &
   socat TCP4-LISTEN:17988,fork,reuseaddr,bind=127.0.0.1 TCP4:$ILO_AUTOPROXY_HOST:17988 &
   socat TCP4-LISTEN:17990,fork,reuseaddr,bind=127.0.0.1 TCP4:$ILO_AUTOPROXY_HOST:17990 &
   sleep 2 # let mitmdump start
   ILO_ADDRESS="https://127.0.0.1:9443/"
fi;

ILO_SESSKEY=$(
  curl -fsS \
    --insecure \
    "${ILO_ADDRESS}json/login_session" \
    --data "{\"method\":\"login\",\"user_login\":\"$ILO_LOGIN\",\"password\":\"$ILO_PASSWORD\"}" |
      sed 's/.*"session_key":"\([a-f0-9]\{32\}\)".*/\1/'
);
if [[ -z "$ILO_SESSKEY" ]]; then
    echo "Failed to retrieve key. Wrong password or banned?"
    exit 1
fi;


# normal mktemp will not work with higher Java security settings
ILO_JNLP="$HOME/.iLO.jnlp"

cat >"$ILO_JNLP" <<eof
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="$ILO_ADDRESS" href="">
<information>
    <title>Integrated Remote Console</title>
    <vendor>HPE</vendor>
    <offline-allowed></offline-allowed>
</information>
<security>
    <all-permissions></all-permissions>
</security>
<resources>
    <j2se version="1.5+" href="http://java.sun.com/products/autodl/j2se"></j2se>
    <jar href="${ILO_ADDRESS}${ILO_JAR}" main="false" />
</resources>
<property name="deployment.trace.level property" value="basic"></property>
<applet-desc main-class="com.hp.ilo2.intgapp.intgapp" name="iLOJIRC" documentbase="${ILO_ADDRESS}html/java_irc.html" width="1" height="1">
    <param name="RCINFO1" value="$ILO_SESSKEY"/>
    <param name="RCINFOLANG" value="en"/>
    <param name="INFO0" value="7AC3BDEBC9AC64E85734454B53BB73CE"/>
    <param name="INFO1" value="17988"/>
    <param name="INFO2" value="composite"/>
</applet-desc>
 <update check="background"></update>
</jnlp>
eof


echo "Starting iLO console..."
if [[ ! -z "$ILO_AUTOPROXY" ]]; then
    echo "Console will appear soon. DO NOT close this window! (using autoproxy)"
    javaws -wait $ILO_JNLP; rm $ILO_JNLP
else
    nohup sh -c "/usr/bin/env javaws -wait $ILO_JNLP; rm $ILO_JNLP" >/dev/null 2>&1 &
    echo "Console started. You CAN close this window."
fi;
	#!/bin/bash

	### HANDLE VERSION PICK
	if [[ -z "$ILO_VERSION" ]]; then ILO_VERSION="4"; fi;
	case $ILO_VERSION in
	"2")
	ILO_JAR=html/intgapp_228.jar; ;;
	"3")
	ILO_JAR=html/intgapp3_231.jar; ;;
	"4")
	ILO_JAR=html/intgapp4_231.jar; ;;
	*)
	echo "iLO $ILO_VERSION is not supported"
	exit 1;
	esac
	echo "Connecting to iLO $ILO_VERSION (set ILO_VERSION to change)"

	### HOST
	echo -n 'iLO Host'
	if [[ ! -z "$ILO_HOST" ]]; then
	if [[ -z "$ILO_SKIP_DEFAULTS" ]]; then
	echo -n " [$ILO_HOST]: "
	read ILO_NEW_HOST
	if [[ ! -z $ILO_NEW_HOST ]]; then ILO_HOST=$ILO_NEW_HOST; fi;
	else
	echo ": $ILO_HOST"
	fi;
	else
	echo -n ': '
	read ILO_HOST
	fi;
	if [[ -z "$ILO_HOST" ]]; then
	echo "Empty host - aborted."
	exit 1
	fi;

	### LOGIN
	# While -i exists it's not portable
	echo -n 'iLO Login'
	if [[ ! -z "$ILO_LOGIN" ]]; then
	if [[ -z "$ILO_SKIP_DEFAULTS" ]]; then
	echo -n " [$ILO_LOGIN]: "
	read ILO_NEW_LOGIN;
	if [[ ! -z $ILO_NEW_LOGIN ]]; then ILO_LOGIN=$ILO_NEW_LOGIN; fi;
	else
	echo ": $ILO_LOGIN"
	fi;
	else
	echo -n ': '
	read ILO_LOGIN
	fi;
	if [[ -z "$ILO_LOGIN" ]]; then
	echo "Empty login - aborted."
	exit 1
	fi;

	### PASSWORD
	echo -n 'iLO Password: '
	read -s ILO_PASSWORD
	echo;

	ILO_ADDRESS="$ILO_HOST"
	if [[ ! "$ILO_ADDRESS" =~ ^"https://".* ]]; then ILO_ADDRESS="https://$ILO_ADDRESS"; fi;
	if [[ ! "$ILO_ADDRESS" =~ .*"/$" ]]; then ILO_ADDRESS="$ILO_ADDRESS/"; fi;

	### AUTO-PROXY
	if [[ ! -z "$ILO_AUTOPROXY" ]]; then
	ILO_AUTOPROXY_HOST=$(echo $ILO_ADDRESS\|cut -d/ -f3)

	if ! command -v mitmdump &> /dev/null; then
	echo "Cannot find mitmdump (part of mitmproxy package) - it is required for ILO_AUTOPROXY"
	exit 1
	fi

	if ! command -v socat &> /dev/null; then
	echo "Cannot find socat - it is required for ILO_AUTOPROXY"
	exit 1
	fi

	trap "kill 0" EXIT
	# See https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00045334en_us
	mitmdump --ssl-insecure -p 9443 --mode reverse:$ILO_ADDRESS &
	socat TCP4-LISTEN:17988,fork,reuseaddr,bind=127.0.0.1 TCP4:$ILO_AUTOPROXY_HOST:17988 &
	socat TCP4-LISTEN:17990,fork,reuseaddr,bind=127.0.0.1 TCP4:$ILO_AUTOPROXY_HOST:17990 &
	sleep 2 # let mitmdump start
	ILO_ADDRESS="https://127.0.0.1:9443/"
	fi;

	ILO_SESSKEY=$(
	curl -fsS \
	--insecure \
	"${ILO_ADDRESS}json/login_session" \
	--data "{\"method\":\"login\",\"user_login\":\"$ILO_LOGIN\",\"password\":\"$ILO_PASSWORD\"}" \|
	sed 's/."session_key":"\([a-f0-9]\{32\}\)"./\1/'
	);
	if [[ -z "$ILO_SESSKEY" ]]; then
	echo "Failed to retrieve key. Wrong password or banned?"
	exit 1
	fi;


	# normal mktemp will not work with higher Java security settings
	ILO_JNLP="$HOME/.iLO.jnlp"

	cat >"$ILO_JNLP" <<eof
	<?xml version="1.0" encoding="UTF-8"?>
	<jnlp spec="1.0+" codebase="$ILO_ADDRESS" href="">
	<information>
	<title>Integrated Remote Console</title>
	<vendor>HPE</vendor>
	<offline-allowed></offline-allowed>
	</information>
	<security>
	<all-permissions></all-permissions>
	</security>
	<resources>
	<j2se version="1.5+" href="http://java.sun.com/products/autodl/j2se"></j2se>
	<jar href="${ILO_ADDRESS}${ILO_JAR}" main="false" />
	</resources>
	<property name="deployment.trace.level property" value="basic"></property>
	<applet-desc main-class="com.hp.ilo2.intgapp.intgapp" name="iLOJIRC" documentbase="${ILO_ADDRESS}html/java_irc.html" width="1" height="1">
	<param name="RCINFO1" value="$ILO_SESSKEY"/>
	<param name="RCINFOLANG" value="en"/>
	<param name="INFO0" value="7AC3BDEBC9AC64E85734454B53BB73CE"/>
	<param name="INFO1" value="17988"/>
	<param name="INFO2" value="composite"/>
	</applet-desc>
	<update check="background"></update>
	</jnlp>
	eof



	echo "Starting iLO console..."
	if [[ ! -z "$ILO_AUTOPROXY" ]]; then
	echo "Console will appear soon. DO NOT close this window! (using autoproxy)"
	javaws -wait $ILO_JNLP; rm $ILO_JNLP
	else
	nohup sh -c "/usr/bin/env javaws -wait $ILO_JNLP; rm $ILO_JNLP" >/dev/null 2>&1 &
	echo "Console started. You CAN close this window."
	fi;