How to update HP Integrated Lights-Out firmware

Integrated Lights-Out (iLO) is an integrated hardware component installed on all HP Proliant and Blade Servers. iLO facilitates remote management of the server. Latest HP Proliant G7 Servers are installed with Integrated Lights-Out 3 (iLO3). Compared to older versions of iLO and iLO2, iLO3 is much faster and gives more advanced features. Today, we will discuss about firmware updation of iLO3.

HP released frequent iLO firmware updates and most of the iLO3 firmware upgrade contains new features and enhanced functionality. There are different methods to update the iLO firmware. You can use iLO Online updates for Windows and linux (.exe or .scexe files); you can use HP Smart Update Firmware DVD of the server to update the iLO firmware OR you can use iLO browser based option to update the iLO firmware. Today we will be discussing about updating iLO 3 firmware using the browser based option.

Since web based firmware update supports only the firmware image file (.BIN file); we need to extract the .BIN file from one of the online firmware package available on HP driver download page. The .BIN firmware update file is not available as a direct download option at HP.com, instead you need to extract the .BIN file from the online firmware update files (.exe files)

Today, I am updating one of the HP Proliant DL360 G7 Server hence I am updating iLO3 firmware. Similar steps are applied for iLO2 as well (HP G6 series and older servers).

Steps we need to follow:

1. Download iLO online firmware update file to your computer. Then extract the .BIN file from it.
2. Login to iLO web interface and update the firmware by uploading the .BIN file.

Step 1: Download online Firmware update file and extract the .BIN file

1. Go to HP Driver download page of your Server
2. Select one of the Windows OS from the list and download the online iLO Firmware

3. Once you download the file, just execute it (Example file name: cp015457.exe)
4. Online ROM Flash installation window will be open in your computer (as shown below)
5. Click on the Extract button and extract the files to a folder on your computer

6. Open the folder in which you have extracted the files ( Here my folder name: iLO3 Firmware)

7. You could find the .BIN file listed in the folder (File name: ilo3_126.bin)

Step 2: Login to iLO browser window and update the firmware (using the .BIN file)

1. Enter the IP address of iLO in your browser window, it will open iLO web interface
2. Enter the iLO User name and Password and login to the iLO3. Click on Administration and iLO 3 Firmware. The iLO 3 Firmware page will appear.

4. At iLO 3 Firmware page, click Browse button and select the .BIN file we have extracted

5. Now, we need to click the Upload button.

6. You will receive a Warning about iLO firmware update process, Click on OK!

7. Now iLO Firmware image file (.BIN file) will be uploaded (shown below)

8. Later you will find a screen saying Receive image (Shown below)

9. Now iLO firmware will be flashed (Shown below)

9. Congrats, now the iLO3 firmware is updated. You will be logged out of iLO session and needs to log-in back.

Freebsd 9 Vmware Tools Kurulumu

How to install vmware tools in FreeBSD 9

To install vmware tools in FreeBSD 9, follow these instructions…

First, ensure that you have perl and compat6x ports/packages installed.

You can use pkg_add -r perl5 compat6x (or pkg_add -r perl compat6x-amd64 if the previous command does not work – substitute amd64 for i386 if installing i386 edition!) for pre-compiled, or use the ports tree.

Next, in vSphere client go to guest -> install vmware tools.  This will mount the tools CDROM in the virtual machine.

Next, we need to mount the cd drive, extract the data, unmount the cd drive and install the tools – do the following as root:

mkdir -p /cdrom
mount -t cd9660 /dev/cd0 /cdrom
cd /tmp
gunzip -c /cdrom/vmware-freebsd-tools.tar.gz | tar xf –
umount /cdrom
cd vmware-tools-distrib/
./vmware-install.pl

At this point, accept all the defaults (press enter to all questions) until you are returned to a shell prompt.  Ignore the ‘failed’ service start, and the fact that it says the process has been aborted.

Next, you need to use your favourite editor to edit the file /usr/local/etc/rc.d/vmware-tools.sh and locate the following 3 lines of code (they are separated by a few lines of code but are all in the same general area):

if [ “$vmdb_answer_VMHGFS_CONFED” = ‘yes’ ]; then
if [ “$vmdb_answer_VMMEMCTL_CONFED” = ‘yes’ ]; then
if [ “$?” -eq 0 -a “$vmdb_answer_VMXNET_CONFED” = ‘yes’ ]; then

There will also be (not grouped together like the above line) the following line in the file:

if [ “$vmdb_answer_VMBLOCK_CONFED” = ‘yes’ ]; then

Change each of the above lines where it says yes to be xyes (add the letter X before the word yes) – then save&exit the file.

Now we need to tell vmtools that it is configured by typing the following:

rm /etc/vmware-tools/not_configured

Now you can restart vmtools without rebooting like so:

/usr/local/etc/rc.d/vmware-tools.sh restart

Now, you will need to Edit Settings in vSphere client and set your cdrom drive back to the client device.

Each time your virtual machine boots up, it will boot the vmtools and work as expected.

Zimbra Dkim Settings

Configuring for DKIM Signing

Zimbra Server with DKIM Signing

Contents [hide] 1 Zimbra Server with DKIM Signing 2 Configuring ZCS for DKIM signing 2.1 The zmdkimkeyutil utility 2.1.1 Adding DKIM data to a domain with no existing DKIM configuration 2.1.2 Updating DKIM data for a domain 2.1.3 Removing DKIM data for a domain 2.1.4 Retrieving the stored DKIM data for a domain 2.2 Updating DNS 2.2.1 Revoking a DKIM key in DNS

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication

Configuring ZCS for DKIM signing

Starting with Zimbra 8.0, the ability to add DKIM signing to outgoing mail is available. Signing is done at the domain level, including alias domains. Setting up signing consists of two steps:

1. Running zmdkimkeyutil to generate the DKIM keys and selector. The generated data is stored in the LDAP server as part of the domain LDAP entry.
2. Updating the DNS server with the public DNS entry

The zmdkimkeyutil utility

The zmdkimkeyutil script allows you to do the following:

1. Add DKIM data to a domain that does not currently have DKIM enabled
2. Update DKIM data for a domain that already has DKIM enabled
3. Query the DKIM data for a domain
4. Remove the DKIM data for a domain

The domain “example.com” will be used throughout this wiki. Substitute it with your domain.

Adding DKIM data to a domain with no existing DKIM configuration

 /opt/zimbra/libexec/zmdkimkeyutil -a -d example.com

After the data is generated, the public DNS record data that must be added for the domain to your DNS server will be displayed:

 zimbra@example.com:~$ /opt/zimbra/libexec/zmdkimkeyutil -a -d example.com
 DKIM Data added to LDAP for domain example.com with selector 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB
 Public key to enter into DNS:
 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;=rsa;
 p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ
 /6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for example.com

Updating DKIM data for a domain

 /opt/zimbra/libexec/zmdkimkeyutil -u -d example.com

Whenthe DKIM keys are updated, the DNS server will need to be reloaded with the new TXT record. It is advised to leave the previous TXT record in DNS for a period of time to allow verification of emails that were signed with the previous key to continue to succeed.

Removing DKIM data for a domain

 /opt/zimbra/libexec/zmdkimkeyutil -r -d example.com

This command deletes the DKIM data from LDAP. New emails will no longer be signed for the domain. The DNS TXT record should remain for a period of time to allow verification of emails signed with this key.

Retrieving the stored DKIM data for a domain

 /opt/zimbra/libexec/zmdkimkeyutil -q -d example.com

This command will output all the stored DKIM information, specifically

 DKIM Domain
 DKIM Selector
 DKIM Private Key
 DKIM Public Signature
 DKIM Identity

Updating DNS

1. The public key DNS record should appear as a TXT resource record at:

SELECTOR._domainkey.DOMAIN
The Selector is the first portion of the output from zmdkimkeyutil In the above example, it is 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB

1. Once you have added the record to your nameserver, reload DNS.
2. Verify that the DNS server is returning the DNS record.

 dig -t txt SELECTOR._domainkey.DOMAIN NAMESERVER
 Example:
 dig -t txt 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey.example.com ns.example.com

1. If the key is retrieved correctly, then use /opt/zimbra/opendkim/bin/opendkim-testkey to verify that the public key matches the private key.

 /opt/zimbra/opendkim/bin/opendkim-testkey -d example.com -s 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB -x /opt/zimbra/conf/opendkim.conf

Revoking a DKIM key in DNS

If it becomes necessary to revoke a DKIM signing key, this can be easily done in DNS by using an empty “p=” tag in the TXT record.