Oracle / Sun X-series ILOM & BIOS updates, Linux access, Firefox and more

We used to install Sun Servers at Green Tree Systems, but since the takeover by Oracle we were forced to abandon this, since Oracle only kept the big resellers on board. 😦
But that didn’t mean that we abandoned the servers.  The show must go on and so it did!

Firstly, we run Linux on all our servers and desktops.  Secondly, Sun Integrated Lights Out Management (ILOM) modules use Java to allow Remote Console access.  This poses some challenges, although they have become less in never versions of Linux.  Here is a summary of the issues we had and how we overcame them.

Let me just say: If you’re using a windows client, please don’t ask me for help.  There are lots of windows people out there that can help and I don’t want to.

1. ILOM & BIOS updates

Since Oracle will only supply software updates to maintenance contract customers, getting ILOM and BIOS firmware update means you have to “phone a friend”.  Once you have that, the rest is plain sailing.

2. Firefox & Chrome sub-window woes

Later releases of Firefox & Chrome do not display the content in the bottom half of the screen, but only the menu of the ILOM interface and the descriptive text.  It is possible to bypass the problem by right-clicking on the a menu item and selecting “open in new tab”, which is what I did, until I found this gem:

http://rich-notes.blogspot.com/2012/10/make-firefox-load-ilom-pages.html

The crux of the solution is this:

Add the following file to your home directory.
In ~/.mozilla/firefox/profile_id.default/chrome add a file called userContent.css

@media print {
 }
@namespace url(http:www.w3.org/1999/xhtml);
 #mainpage { visibility: visible !important; }

Note – The profile_id.default will be the only file with .default at the end in the Firefox directory. You may have to create the chrome directory.

That fixes the problem of the sub-window not showing in the main ILOM window.

3. Very slow leading ILOM webpages

This problem stems from an expired certificate it seems. I presume each web call has to time out before the next is done, or something like that.  Changing the ILOM web port to port 80, instead of 443, will allow fast normal access, which will allow you to update the ILOM and certificate.

4. Expired ILOM certificate

The older ILOM’s had certificates that expired on 2010, so accessing the web interface with Java 7 or later is a problem.  There is no simple way to ignore expired certificates any more.  Big Brother Oracle cannot allow you to make your own choices, or at least that’s what it feels like. :-]

I tried installing a self-signed certificate, but Oracle Java doesn’t fall for that either.

Eventually, updating to the latest ILOM firmware actually installed a new certificate which is valid till 2030!  Incidentally, version ILOM 3.0.6.21 r50234 was the last version with the old certificate.  I installed v3.0.16.15.h r93405 and that fixed the certificate as well as install the latest ILOM update.

5. IcedTea and OpenJDK to the rescue

The later version of Ubuntu come with OpenJDK and IcedTea instead of Oracle Java Webstart and Java. In the IcedTea Web Control Panel, the settings can be changed to ignore the expired certificate.

Pick the JRE you wish to use.  I have tested both the 32 and 64bit versions and they work equally well for me.

IcedTea-WebThen select the Security tab and set it to you liking.  Mine looked like this.

IcedTea-SecurityThis will hopefully give you less trouble than Oracle Java for the purpose of this exercise.

I will be adding additional tip and tricks wrt to Sun Servers here in time.

Hope it helps someone as it has helped me.