Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/HewlettPackard/POSH-HPEOneView/llms.txt

Use this file to discover all available pages before exploring further.

Two sample scripts cover initial appliance configuration:
ScriptTarget appliance
ApplianceConfig_Sample.ps1HPE OneView Virtual Appliance (VM)
ComposerApplianceConfig_Sample.ps1HPE Synergy Composer (physical appliance, HA pair)
Both scripts follow the same overall sequence. The Composer variant adds service IP parameters required for the two-node Composer cluster.

Parameters

[CmdletBinding()]
param
(
    [IPAddress]$vm_ipaddr,       # DHCP address assigned after first boot
    [String]$Hostname,           # Target FQDN after static IP is set
    [Object]$NewPassword,        # New Administrator password ([String] or [SecureString])
    [IPAddress]$IPv4Address,     # Static management IP
    [String]$IPv4SubnetMask,     # Subnet mask (dotted-decimal)
    [IPAddress]$IPv4Gateway,     # Default gateway
    [Array]$IPv4DnsServers,      # One or more DNS server IPs
    [String]$DnsDomainName,      # DNS domain (e.g. corp.local)
    [Array]$IPv4NtpServers,      # NTP server IPs (optional)
    [IPAddress]$IPv6Address,     # Static IPv6 address (optional)
    [Int]$IPv6CidrMask           # IPv6 CIDR prefix length (optional)
)

Script walkthrough

1

Wait for the appliance to become reachable

The script polls the DHCP address with Test-Connection before proceeding, so it is safe to invoke immediately after powering on the VM or Composer.
Write-Host 'Waiting for appliance to respond to network test.' -NoNewline

While (-not (Test-Connection -ComputerName $vm_ipaddr.IPAddressToString -Quiet))
{
    Write-Host '.' -NoNewline
}
2

Accept the EULA

The script checks whether the EULA has already been accepted (useful for re-runs) before calling Set-OVEulaStatus.
if (-not (Get-OVEulaStatus -Appliance $vm_ipaddr.IPAddressToString).Accepted)
{
    Write-Host "Accepting EULA..."
    $ret = Set-OVEulaStatus -SupportAccess "yes" -Appliance $vm_ipaddr.IPAddressToString
}
3

Set the initial Administrator password

A brand-new appliance requires a password change on the first login. The script catches the PasswordChangeRequired exception and handles it inline.
Try
{
    Connect-OVMgmt -appliance $vm_ipaddr.IPAddressToString -user "Administrator" -password "admin"
}
catch [HPEOneView.Appliance.PasswordChangeRequired]
{
    Write-Host "Set initial password"
    Set-OVInitialPassword -OldPassword "admin" -NewPassword $NewPassword `
        -Appliance $vm_ipaddr.IPAddressToString
}
After the password change, the script reconnects with the new password:
$ApplianceConnection = Connect-OVMgmt -appliance $vm_ipaddr.IPAddressToString `
    -user Administrator -password $NewPassword
The ComposerApplianceConfig_Sample.ps1 also catches HPEOneView.Appliance.AuthSessionException for cases where the default password was already changed in a previous run.
4

Configure static networking

Set-OVApplianceNetworkConfig configures the hostname, static IP, subnet, gateway, DNS, and optionally IPv6. After this call the appliance restarts its network stack, so the script reconnects using the new hostname.
$params = @{
    Hostname        = $Hostname
    IPv4Addr        = $IPv4Address.IPAddressToString
    IPv4Subnet      = $IPv4SubnetMask
    IPv4Gateway     = $IPv4Gateway.IPAddressToString
    DomainName      = $DnsDomainName
    IPv4NameServers = $IPv4DnsServers
}

# Add IPv6 when provided
if ($IPv6Address)
{
    $params.Add('IPv6Type',   'STATIC')
    $params.Add('IPv6Addr',   $IPv6Address)
    $params.Add('IPv6Subnet', $IPv6CidrMask)
}

$task = Set-OVApplianceNetworkConfig @params
For a Synergy Composer, the per-node service IPs are also included:
$params = @{
    Hostname         = $Hostname
    IPv4Addr         = $IPv4Address.IPAddressToString
    IPv4Subnet       = $IPv4SubnetMask
    IPv4Gateway      = $IPv4Gateway.IPAddressToString
    DomainName       = $DnsDomainName
    IPv4NameServers  = $IPv4DnsServers
    ServiceIPv4Node1 = $ServiceIPv4Node1   # Physical IP, Composer node 1
    ServiceIPv4Node2 = $ServiceIPv4Node2   # Physical IP, Composer node 2
}
5

Configure NTP

Write-Host 'Setting Appliance NTP Servers'
$Results = Set-OVApplianceDateTime -NtpServers $IPv4NtpServers
6

Generate and install an appliance certificate

The script generates a CSR, submits it to an internal Windows CA using certreq.exe, and installs the signed certificate. Adapt the $CA and $template variables for your PKI.
$template = "WebServer"                          # Windows certificate template name
$CA       = "MyCA.domain.local\domain-MyCA-CA"  # CA config string
$csrdir   = "C:\Certs\Requests"                  # Local path for CSR and cert files

$CSR = @{
    Country         = "US"
    State           = "California"
    City            = "Palo Alto"
    Organization    = "Hewlett-Packard"
    CommonName      = $Hostname
    AlternativeName = "$Hostname,hpov,$IPv4Address"
}

$request = New-OVApplianceCsr @CSR -ApplianceConnection $ApplianceConnection
Set-Content -path (Join-Path $csrdir $csrFileName) -value $request.base64Data -Force

# Submit to Windows CA
$parameters = "-config {0} -submit -attrib CertificateTemplate:{1} {2}\{3}.csr {2}\{3}.cer {2}\{3}.p7b" `
    -f $CA, $template, $csrdir, $baseName
$req = [System.Diagnostics.Process]::Start("certreq", $parameters)
$req.WaitForExit()

# Install the signed certificate
$Task = gc $csrdir\$cerFileName | Install-OVApplianceCertificate -ApplianceConnection $ApplianceConnection | Wait-OVTaskComplete
Certificate management applies only to ApplianceConfig_Sample.ps1. The Composer sample omits this section because Synergy Composer certificate workflows differ.
7

Configure LDAP / Active Directory authentication

Both scripts configure an Active Directory LDAP directory and map four AD groups to OneView roles.
$dc1 = New-OVLdapServer -Name dc1.domain.local
$dc2 = New-OVLdapServer -Name dc2.domain.local

$AuthParams = @{
    UserName = "ftoomey@domain.local"
    Password = ConvertTo-SecureString -AsPlainText "HPinv3nt" -Force
}

$LdapAuthDirectory = New-OVLdapDirectory -Name 'domain.local' -AD `
    -BaseDN 'dc=domain,dc=local' -servers $dc1,$dc2 @AuthParams

$LdapGroups = $LdapAuthDirectory | Show-OVLdapGroups @AuthParams

$InfrastructureAdminGroup = $LdapGroups | Where-Object Name -match 'CI Manager Full'
$ServerAdminGroup         = $LdapGroups | Where-Object Name -match 'CI Manager Server'
$StorageAdminGroup        = $LdapGroups | Where-Object Name -match 'CI Manager Storage'
$NetworkAdminGroup        = $LdapGroups | Where-Object Name -match 'CI Manager Network'

New-OVLdapGroup -d $LdapAuthDirectory -GroupName $InfrastructureAdminGroup `
    -Roles "Infrastructure administrator" @AuthParams
New-OVLdapGroup -d $LdapAuthDirectory -GroupName $NetworkAdminGroup `
    -Roles "Network administrator" @AuthParams
New-OVLdapGroup -d $LdapAuthDirectory -GroupName $ServerAdminGroup `
    -Roles "Server administrator" @AuthParams
New-OVLdapGroup -d $LdapAuthDirectory -GroupName $StorageAdminGroup `
    -Roles "Storage administrator" @AuthParams
8

Upload an SPP firmware baseline

# Upload a Service Pack for ProLiant ISO from a network share
Get-ChildItem \\Server\SPP\bp-Default-Baseline-0-1.iso | Add-OVBaseline
9

Create local users

New-OVUser Nat   -fullName "Nat Network Admin"  -password hpinvent -roles "Network administrator"
New-OVUser Sally -fullName "Sally Server Admin" -password hpinvent -roles "Server administrator"
New-OVUser Sandy -fullName "Sandy SAN Admin"    -password hpinvent -roles "Storage administrator"
New-OVUser Rheid -fullName "Rheid Read-Only"    -password hpinvent -roles "Read only"
New-OVUser Bob   -fullName "Bob Backup"         -password hpinvent -roles "Backup administrator"
New-OVUser admin -fullName "admin"              -password hpinvent -roles "Infrastructure administrator"
Change all passwords to meet your organization’s password policy before running this script.
10

Resource configuration (networks, LIG, enclosure group, storage)

After core appliance setup, the scripts continue with resource provisioning. See the Networking and Storage sample pages for detailed explanations of those sections.The ApplianceConfig_Sample.ps1 concludes by adding an enclosure:
$EnclosureAddParams = @{
    Hostname       = '172.18.1.11'
    Username       = 'administrator'
    Password       = 'password'
    EnclosureGroup = $EnclosureGroup
}

$Results = Add-OVEnclosure @EnclosureAddParams

Adapting for your environment

PlaceholderWhere to change
domain.local, dc1.domain.localLDAP server and directory configuration
ftoomey@domain.local / HPinv3ntBind account used to query AD groups
CI Manager Full, CI Manager Server, etc.AD group names mapped to OneView roles
MyCA.domain.local\domain-MyCA-CAWindows CA for certificate signing
172.18.1.11 / administrator / passwordEnclosure OA address and credentials
172.18.15.1 / BNA credentialsSAN Manager address and credentials
172.18.11.11 / 3paradm / 3pardataStorage array address and credentials
Run the script in a single elevated PowerShell session. The $ApplianceConnection object is reused throughout, so do not close the session between steps.