Fujitsu PRIMERGY: How to update BIOS and iRMC firmware remotely

There is a HTTP interface in iRMC for system BIOS and iRMC firmware updates. That means you can send firmware images to iRMC remotely to flash BIOS and iRMC. What you need is just to do a HTTP POST to /irmcupdate or /biosupdate with an update image.

Here are some examples using curl or PowerShell. In the examples, I used PRIMERGY BX2580 M1 BIOS and iRMC images for my PRIMERGY BX2580 M1 server. You can download BIOS and iRMC firmware files from Fujitsu download site

• BIOS update using curl

$ curl -k --digest -u <iRMC username>:<iRMC password> -F "file=@<BIOS file>" http://<iRMC IP address>/biosupdate

example)

$ curl -k --digest -u admin:admin -F "file=@D3321-A1.UPC" http://192.168.10.21/biosupdate

The above command stages the BIOS file to iRMC. If the server is powered off, then iRMC powers it on and starts BIOS flash. If it is not powered off, BIOS flash will be started after you shut down the OS.

To check the update status, you can do a HTTP GET to /biosprogress. It will return the status in XML.

example)

$ curl -k --digest -u admin:admin http://192.168.10.21/biosprogress
<?xml version="1.0" encoding="UTF-8"?>
<Status>
<Value>8</Value>
<Severity>Information</Severity>
<Message>FLASH programming in progress 33 Percent</Message>
</Status>

• iRMC firmware update using PowerShell

PS> $username="<iRMC username>"
PS> $password=ConvertTo-SecureString "<iRMC password>" -AsPlainText -Force 
PS> $credential = New-Object System.Management.Automation.PSCredential $username, $password
PS> Invoke-WebRequest -Uri "http://<iRMC IP address>/irmcupdate?flashSelect=255" -Method Post -Credential $credential -InFile "<iRMC firmware image>" -Verbose

example)

PS> $username="admin"
PS> $password=ConvertTo-SecureString "admin" -AsPlainText -Force 
PS> $credential = New-Object System.Management.Automation.PSCredential $username, $password
PS> Invoke-WebRequest -Uri "http://192.168.10.21/irmcupdate?flashSelect=255" -Method Post -Credential $credential -InFile "C:\FW\BX2580M1_0824F.BIN" -Verbose

An iRMC firmware update does not require a system reboot. It will be updated while the OS is running.

To check the update status, send a HTTP GET request to /irmcprogress. It will return the status in XML.

example)

PS> $username="admin"
PS> $password=ConvertTo-SecureString "admin" -AsPlainText -Force 
PS> $credential = New-Object System.Management.Automation.PSCredential $username, $password
PS> [xml]$response = Invoke-WebRequest -Uri "http://192.168.10.21/irmcprogress" -Method Get -Credential $credential -Verbose
PS> $response.status |fl

Value    : 8
Severity : Information
Message  : FLASH programming in progress 48 Percent

Fujitsu PRIMERGY: How to change BIOS settings remotely

If you have multiple servers and you need to change BIOS settings, it is not wise to bring up BIOS setup screen on each server and change the values. It's time consuming. Also you easily make a mistake like forget to change a value on one of the servers.

To avoid this, we normally automate a process with a tool or a script to replicate the changes on all target servers, but is there an interface to do this on Fujitsu PRIMERGY servers? Yes, there is. You can change BIOS settings through iRMC (integraded Remote Management Controller) which is similar to DELL iDRAC or HP iLO. iRMC accepts an XML file as a BIOS configuration file, and it will enable the changes after a reboot.

Here is an example. I will change the CPU Hyper-Threading setting from "Enable" to "Disable" through iRMC on PRIMERGY BX2580 M2.

1. Create a BIOS configuration change XML file. To disable Hyper-Threading, create a file like this:

$ cat input.xml
<?xml version="1.0" encoding="utf-8"?>
<config>
  <sysId>BX2580M2</sysId>
  <configuration>
    <token api="BSPBR"></token>
    <supportedSetting>
      <id>HyperThreading</id>
      <name>Hyper-Threading</name>
      <setupItemID>0x0057</setupItemID>
      <value>Disabled</value>
    </supportedSetting>
  </configuration>
</config>

2. Send the XML file to the iRMC BIOS restore interface. I use the curl command to do an HTTP POST to iRMC.

$ curl --basic -u <iRMC username>:<iRMC password> --data @<XML file> http://<iRMC IP address>/biosrestore

example)

$ curl --basic -u admin:admin --data @input.xml http://192.168.10.21/biosrestore

3. Reboot the server. You can see the value is changed to Disabled in BIOS after the reboot.

If you need to change multiple settings, you just need to add "<supportedSetting>(BIOS setting you want to change)</supportedSetting>" to the XML file like the following (change both "HT" and "Hardware Prefetcher" to "Disabled":

$ cat input.xml
<?xml version="1.0" encoding="utf-8"?>
<config>
  <sysId>BX2580M2</sysId>
  <configuration>
    <token api="BSPBR"></token>
    <supportedSetting>
      <id>HyperThreading</id>
      <name>Hyper-Threading</name>
      <setupItemID>0x0057</setupItemID>
      <value>Disabled</value>
    </supportedSetting>
    <supportedSetting>
      <id>HardwarePrefetcher</id>
      <name>Hardware Prefetcher</name>
      <setupItemID>0x012E</setupItemID>
      <value>Disabled</value>
    </supportedSetting>
  </configuration>
</config>

If you need to change multiple servers, you can create a script to send the same XML file to iRMC.

Fujitsu BX900: How to save MMB System Event Log remotely

I know MMB SEL can be saved using Web GUI, or log in to MMB via SSH and follow the menu. These methods require several mouse clicks or keyboard interactions. It would be nice to automate this process using a script or one-liner commands, wouldn't it?

Here are some examples.

• CIM (This method requires WS-MAN enabled in MMB)

$ wbemcli ei 'http://<mmb user name>:<password>@<mmb IP address>:5988/root/cimv2:Linux_MgmtBladeLog' |awk -F[,\"] '{print sprintf("%04d", $30), $27,$24}'

Example)

$ wbemcli ei 'http://admin:admin@192.168.10.10:5988/root/cimv2:Linux_MgmtBladeLog' | awk -F[,\"] '{print sprintf("%04d", $30), $27,$24}'
0001 2016-07-19 10:44:44 The IPv4 NTP server 2 is recovered.
0002 2016-07-19 10:19:09 The IPv4 NTP server 2 is inaccessible.
0003 2016-06-09 15:07:27 The IPv4 NTP server 2 is recovered.
0004 2016-06-09 15:01:57 The IPv4 NTP server 2 is inaccessible.
0005 2016-06-06 15:08:17 Server Blade-10 was removed.
0006 2016-06-06 15:06:55 Server Blade-10 power on.
0007 2016-06-06 15:06:04 Server Blade-10 power off.
0008 2016-06-06 15:01:49 Server Blade-10 power on.
0009 2016-06-06 15:01:01 Server Blade-10 power on.
0010 2016-06-06 15:00:53 Server Blade-10 was added.
...

• SSH
  1. Create a file containing the following:

  7
  2
  0
  0
  5
  

  Or just run

  $ echo -e "7\n2\n0\n0\n5" > input_file

  2. Execute SSH using the file created as input. plink can be downloaded from PuTTY download page.

  $ ssh -T <mmb user name>@<mmb IP address> < input_file

  or

  $ plink -ssh -T -l <mmb user name> -pw <password> <mmb IP address> < input_file

  Example)

  $ plink -ssh -T -l admin -pw admin 192.168.10.10 < input_file
  ...
  SEL entry number:511, Free space of SEL entry:0
  2016-07-19 10:44:44 Info/Normal The IPv4 NTP server 2 is recovered.
  2016-07-19 10:19:09  Minor      The IPv4 NTP server 2 is inaccessible.
  2016-06-09 15:07:27 Info/Normal The IPv4 NTP server 2 is recovered.
  2016-06-09 15:01:57  Minor      The IPv4 NTP server 2 is inaccessible.
  2016-06-06 15:08:17 Info/Normal Server Blade-10 was removed.
  2016-06-06 15:06:55 Info/Normal Server Blade-10 power on.
  2016-06-06 15:06:04 Info/Normal Server Blade-10 power off.
  ...
  

  3. If needed, you can redirect the output to a file to save the contents.

Also you can use the above SSH method to save MMB System Information Dump remotely.The difference is that the input file needs to contain the following:

7
5
0
0
5

Or just run

$ echo -e "7\n5\n0\n0\n5" > input_file

Then execute ssh or plink against MMB.

Example)

$ plink -ssh -T -l admin -pw admin 192.168.10.10 < input_file
...
+----------------------------------------------+
+             System Control Information
+----------------------------------------------+
System Name        : BX900-2
Housing Type       : BX900S1
System Location    : Data Center
System Contact     : dc-admin@example.com
Chassis Part Number: A3C40119934


+----------------------------------------------+
+             MMB
+----------------------------------------------+
Management Blade Run Mode             : master
Management Blade Status               : ok
Management Blade Manufacture          : FUJITSU
Management Blade Manufacture Date     : 04/02/2010 10:17:00
...

EFI Shell on Fujitsu PRIMERGY servers

Fujitsu removed the EFI shell access from their BIOS images some time ago for PRIMERGY servers (I believe Ivy Bridge generation or later models), so you cannot bring up EFI Shell in UEFI mode. In normal cases, this is not a problem. However in some cases, EFI shell makes your life easier.
For example, if the OS boot entry is somehow lost, without EFI Shell, you probably need to boot off of a Linux live CD or something to recreate a boot entry. If EFI shell is available, you don't need to do that. You just simple bring up the shell, and mount the EFI partition to execute the OS boot image.
Another example is that if you want to update PCIe card firmware image such as RAID card firmware before installing an OS, you have to use Fujitsu's Update Manager Express to do the update. It will take long time as it will update the whole system (BIOS, iRMC FW, PCIe FW, etc.). If you have EFI Shell, you can run EFI utilities to update firmware, and it will take less time.
Although Fujitsu disabled EFI Shell, there is still a way to use EFI shell on PRIMERGY servers.

Here are the instructions.

1. Download the EFI shell binary from tianocore.
2. Format your USB flash drive in FAT32.
3. Create the \efi\boot folder.
4. Copy the downloaded binary to \efi\boot, and rename the file to bootx64.efi.
5. Boot the PRIMERGY server off of the USB device in UEFI mode.

You can extract the USB EFI shell environment as a HDD image, and mount it via iRMC Remote Storage. It's handy.

I put EFI utilities like LSI's storcli, Intel's bootutil, etc. to this, and created a HDD image as "efitools.img", so I can flash Fujitsu RAID firmware (ROM file), or change the boot mode (PXE or iSCSI) for Intel-based network cards on any PRIMERGY servers.

Fujitsu ServerView Agents and ServerView RAID Manager for Ubuntu

Fujitsu ServerView Agents is a server management agent for Fujitsu PRIMERGY servers, and Fujitsu ServerView RAID Manager is a RAID management utility for RAID controllers in PRIMERGY. The latest ServerView Agents and RAID Manager for Ubuntu published on Fujitsu download site are old, and does not support the latest platforms. I have ported SV Agents 7.20.28 for Linux and SV RAID Manager 6.4.3 for Linux to Ubuntu 14.04 and 16.04 and created deb packages to manage Fujitsu PRIMERGY servers running Ubuntu.

Here are the packages I ported.

• serverview-raid-manager_6.4-3_amd64.deb
• serverview-connectorservice_2.10.03-01_amd64.deb
• serverview-eecd_7.20-28_amd64.deb
• serverview-agents_7.20-28_amd64.deb
• serverview-ssmwebui_7.20-28_all.deb

I am not authorized to distribute these packages, so if you need deb packages, please ask Fujitsu support. Fujitsu may have the latest packages. I just could not find them on the Fujitsu site.

Here are some screenshots.

• ServerView System Monitor Web GUI

• ServerView RAID Manager


• ServerView Agents status check command output (srvmagt status)

# srvmagt status

Installation script for ServerView Agents Linux v7.20-28
(c) Fujitsu Technology Solutions 2016

Getting status of ServerView Agents Linux ...
               Server model: PRIMERGY BX2580 M2
                   Hostname: bx900s1-u-b8 (192.168.64.148)
           Operating system: Ubuntu 16.04 LTS [UBUNTU1604]
               Linux kernel: 4.4.0-28-generic on x86_64, SELinux unknown, EDAC enabled, target system
            ServerView eecd: serverview-eecd    7.20-28
  ServerView SNMP subagents: serverview-agents  7.20-28
      System Monitor Web UI: serverview-ssmwebui        7.20-28
ServerView Remote Connector: serverview-connectorservice        2.10.03-01
            ServerView Raid: serverview-raid-manager    6.4-3
               SNMP service: snmpd      5.7.3+dfsg-1ubuntu4

    ServerView module smbus: exists, loaded, /dev/pci/smbus exists
        Native IPMI modules: requested, loaded, /dev/ipmi0 exists

        SNMP daemon (snmpd): running (1629), UDP #161 OK, AgentX socket OK SNMP communication OK
     RAID daemon (amDaemon): running (1646), TCP 3173 OK
     ServerView eecd daemon: running (40798), /dev/eecd[as] OK
          SVRemoteConnector: running (17877), TCP 3172 OK
           ServerView scagt: running (42222), status OK (1)
          ServerView sc2agt: running (42234), status OK (1)
          ServerView busagt: running (42246), status OK (1)
           ServerView hdagt: running (42256), status OK (1)
         ServerView unixagt: running (42266), status OK (1)
        ServerView etheragt: running (42276), status OK (1)
         ServerView biosagt: running (42286), status OK (1)
        ServerView securagt: running (42298), status OK (1)
       ServerView statusagt: running (42308), status OK (1)
          ServerView invagt: running (42318), status OK (1)
          ServerView thragt: running (42329), status OK (1)
           ServerView vvagt: running (42340), status OK (1)
        ServerView hpsimagt: running (42350), status OK (1)
          ServerView vmeagt: running (42394), status OK (1)
     ServerView svupdateagt: running (42360), status OK (1)
           ServerView osagt: running (42370), status OK (1)
      ServerView vmesnmpagt: running (42417), status OK (1)
Getting status completed with result 0 (OK status).