The Endian UTM firewall/router is a custom security distribution of Linux. In this video I use Virtualbox to install Endian Firewall (EFW) in a.
If you are installing Linux® on your IBM® Power® System LC server or are configuring a preinstalled system, then the instructions in this article help you to start and run your system. These instructions are specific to installing Ubuntu on an IBM Power System S821LC (8001-12C) or IBM Power System S822LC (8001-22C) server but can be easily adapted to a different Power System LC system or supported operating system. For a list of supported distributions, see Supported Linux distributions for POWER8 Linux on Power systems.
Prerequisites
Before you power on the system, ensure that you have the following items:
- Ethernet cables
- VGA monitor (the VGA resolution must be set to 1024x768-60Hz)
- USB keyboard
- Power cords and outlet for your system
- PC or notebook that has IPMItool level 1.8.15 or greater
If you are planning to use a USB device or a virtual wizard, download your ISO files from the Ubuntu release website. Look for the PowerPC64 Little-Endian server install image. Supported Ubuntu releases include:
- Ubuntu 14.04.4: http://cdimage.ubuntu.com/releases/14.04/release/
- Ubuntu 16.04: http://cdimage.ubuntu.com/releases/16.04/release/
If you are planning to use a network boot, verify that the URL to the network boot server has not changed. As updates become available, the URLs can change and it is much easier to verify the path from your notebook or PC before attempting to connect from your system.
If you are using the Ubuntu netboot server, the URLs are currently at the following locations:
- Ubuntu 14.04.4: http://ports.ubuntu.com/ubuntu-ports/dists/trusty-updates/main/installer-ppc64el/current/images/netboot/ubuntu-installer/ppc64el/
- Ubuntu 16.04: http://ports.ubuntu.com/ubuntu-ports/dists/xenial-updates/main/installer-ppc64el/current/images/netboot/ubuntu-installer/ppc64el/
Look for the vmlinux and initrd.gz files. If they are not available at the URLs given, then go to http://cdimage.ubuntu.com/netboot/ and select your release->ppc64el->ubuntu-installer->ppc6el. You should find the vmlinux and initrd.gz files. If this URL is different from the paths given previously, record them for future use.
Preparing to power on your system
Follow these steps to prepare and power on your system:
- If your system belongs in a rack, install your system into that rack. For instructions, see IBM POWER8 Systems information.
- Connect an Ethernet cable to the left embedded Ethernet port next to the serial port on the back of your system. Connect the other end to your network.
Note: This Ethernet port is eth0 and should be used for BMC/IPMI interface. Use the right Ethernet port for network connection for the operating system. - Connect your VGA monitor to the VGA port at the back of the system.
- Connect your USB keyboard to an available USB port in the system
- Connect the power cords to the system and plug them into the outlets.
At this point, your firmware is booting.
Configuring the BMC firmware IP address
Perform the following steps to set up or enable your network connection to the baseboard management controller (BMC) firmware using the Petitboot bootloader interface:
- Power on your server using the power button at the front of your system. Your system will open the Petitboot bootloader menu. This process takes about 1 to 2 minutes to complete. Do not walk away from your system! When Petitboot loads, your monitor will become active and you will need to press any key in order to interrupt the boot process.
- In the Petitboot bootloader main menu, select Exit to Shell.
- Run
ipmitool lan print 1
. If this command returns an IP address, verify that it is correct and continue. To set a static IP address, follow these steps:- Set the mode to static by running this command:
ipmitool lan set 1 ipsrc static
- Set your IP address by running this command:
ipmitool lan set 1 ipaddr
ip_address
where ip_address is the static IP address that you are assigning to this system. - Set your netmask by running this command:
ipmitool lan set 1 netmask
netmask_address
where netmask_address is the netmask for the system. - Set your gateway server by running this command:
ipmitool lan set 1 defgw ipaddr
gateway_server
where gateway_server is the gateway for this system. - Confirm the IP address by again runnning the following command:
ipmitool lan print 1
Note: This network interface is not active until you perform the following steps.
- Set the mode to static by running this command:
- To reset your firmware, run the following command:
ipmitool mc reset cold
This command must complete before continuing the process; however, it does not return any information. To verify that this command has completed, ping your system BMC address (the same IP address used in your IPMItool command). When the ping returns successfully, continue to the next step.
Note: If your ping does not return successfully within a reasonable amount of time (2 to 3 minutes), try these additional steps:- Power your system off with this command:
ipmitool power off
. - Unplug the power cords from the back of the system. Wait for 30 seconds and then apply power to boot BMC.
- Power your system off with this command:
Connecting to the BMC firmware with IPMItool
![Install Endian Firewall On Ubuntu Install Endian Firewall On Ubuntu](/uploads/1/2/6/2/126248478/594979907.jpg)
After you have a network connection set up for your BMC firmware, you can connect using Intelligent Platform Management Interface (IPMI) and unplug your VGA monitor and keyboard. IPMI is the default console to use when connecting to the Open Power Abstraction Layer (OPAL) firmware.
Use the default values for IPMI:
- Default user:
ADMIN
- Default password:
admin
Note: After powering on your system, the Petitboot interface loads. If you do not interrupt the boot process by pressing any key within 10 seconds, Petitboot automatically boots the first option.
To power on your server from a PC or notebook that is running Linux, follow these steps:
- Open a terminal program on your PC or notebook.
- To power on your server, run the following command:
ipmitool -I lanplus -H server_ip_address -U ipmi_user -P ipmi_password chassis power on
where server_ip_ipaddress is the IP address of the BMC and ipmi_user and ipmi_password are the default user ID and password for IPMItool.Note: If your system is already powered on, continue to active your IPMI console. - Activate your IPMI console by running this command:
ipmitool -I lanplus -H server_ip_address -U ipmi_user -P ipmi_password sol activate
Note: Use your keyboard up arrow to display the previousipmitool
command. You can edit previous commands to avoid typing the entire command again. If you need to power off or reboot your system, deactivate the console by running this command:ipmitool -I lanplus -H server_ip_address -U user-name -P ipmi_password sol deactivate
To reboot the system, run this command:ipmitool -I lanplus -H server_ip_address -U user-name -P ipmi_password chassis power reset
At this point, your IPMI console should be paused in the Petitboot bootloader menu and you are ready to install Ubuntu on your server.
Choose your installation method
There are several different options that you can choose from, including:
Creating a USB device
Use one of the following USB devices:
- USB attached DVD player with a single USB cable to stay under 1.0 Amps
- 8 GB 2.0 USB flash drive
- To create the bootable USB device, follow the instructions in the Ubuntu Community Help Wiki.
- Insert your bootable USB device into the front USB port. Debian GNU/Linux installer will automatically appear as a boot option on the Petitboot main screen.Note: Select Rescan devices if the USB device does not appear. If your device is not detected, you might have to try a different type.
- On the Petitboot main screen, select the Debian GNU/Linux installer boot option and then press Enter.
Configuring Petitboot for a network boot installation
A network boot installation requires a connection to the Internet. If you set up your BMC firmware to connect to an internal IP address, you need to configure an external Ethernet port. If your firmware IP address can access the Internet, you can skip these steps.
To configure an IP address, follow these steps:
- Connect an Ethernet cord to the Ethernet port eth1 and the other end to your network.
- On the Petitboot main screen, select System configuration.
- In the network section, select to use either DHCP on a specific interface or Static IP configuration.
- Select the port in the Devices section.
- If you selected Static IP configuration, enter the IP/mask and gateway information.
- Select OK and press Enter.
- Reconnect to your server through IPMItool using the IP address that you configured.
Provide the network boot detail to Petitboot by following these steps:
- On the Petitboot main screen, select
n
to create new options. - Choose your boot device or select Specify paths/URLs manually and then enter your boot options.
For Ubuntu 14.04:- In the Kernel field, enter the path to the kernel. This field is mandatory. Enter a URL similar to this one for a network:
http://ports.ubuntu.com/ubuntu-ports/dists/trusty-updates/main/installer-ppc64el/current/images/netboot/ubuntu-installer/ppc64el/vmlinux
- In the Initrd field, enter the path to the init ramdisk. Enter a URL similar to this one for a network:
http://ports.ubuntu.com/ubuntu-ports/dists/trusty-updates/main/installer-ppc64el/current/images/netboot/ubuntu-installer/ppc64el/initrd.gz
You can accept the default values for the rest of the fields.
For Ubuntu 16.04:- In the Kernel field, enter the path to the kernel. This field is mandatory. Enter a URL similar to this one for a network:
http://ports.ubuntu.com/ubuntu-ports/dists/xenial-updates/main/installer-ppc64el/current/images/netboot/ubuntu-installer/ppc64el/vmlinux
- In the Initrd field, enter the path to the init ramdisk. Enter a URL similar to this one for a network:
http://ports.ubuntu.com/ubuntu-ports/dists/xenial-updates/main/installer-ppc64el/current/images/netboot/ubuntu-installer/ppc64el/initrd.gz
You can accept the default values for the rest of the fields.
- In the Kernel field, enter the path to the kernel. This field is mandatory. Enter a URL similar to this one for a network:
- After you set your network boot options, select OK and press Enter.
- On the Petitboot main window, select User Item 1 as your boot option and press Enter.
Configuring the virtual wizard in the BMC Advanced System Management interface
BMC Advanced Systems Management is a remote management controller used to access system information, status, and other process for your server. You can use the BMC Advanced System Management interface to set up your installation and provide the CD image as virtual media to the Power System. However, the actual installation requires a serial-over-LAN (SOL) connection through IPMItool.
To access the BMC Advanced Systems Management, open a web browser and enter: http://ip_address where ip_address is the IP address for the BMC. Log in using these default values:
- Default user name: ADMIN
- Default password: ADMIN
In order to fully use the BMC Advanced System Management, you need to add the IP address of the BMC firmware to the Exceptions list in the Java™ Control Panel of your notebook or PC. On a Microsoft® Windows® system, click Control Panel --> Control Panel for Java. On a Linux system, this is usually located by selecting the Control Center and then selecting the Java web browser plug-in. After accessing Control Panel for Java, click the Security tab. Then add the IP address of the BMC firmware to the Exceptions list, by clicking Edit Site List and then clicking Add. Enter the IP address and click OK.
To create a virtual CD/DVD, follow these steps:
- Log into the BMC Advanced System Management interface from a PC or notebook using the default user name and password.
- Click Remote Control --> Console Redirection.
Figure 1. Selecting Remote Control
- Select Java Console. As the console opens, you might need to direct your browser to open the jviewer.jnlp file by selecting Open with Java Web Start and clicking OK. Accept the warning and click Run.
- In the Console Redirection window, click Media --> Virtual Media wizard from the menu.
Figure 2. Opening the Virtual Media wizard
- In the Virtual Media wizard, select CD Image under CD/DVD Media:1. Then, select CD Image from the menu and specify the path to the Linux distribution ISO file. For example, C:workubuntu-14.04.3-server-ppc64el.iso. Click Connect CD/DVD. If the connection is successful, the message
Device redirected in Read Only Mode
is displayed.Figure 3. Virtual Media wizard
- Verify that CD/DVD is shown as an option in Petitboot as
sr0
:CD/DVD: sr0
Install
Repair
Note: Click Rescan devices if CD/DVD does not appear. - Click Install. You might find that your remote console may become inactive. Open or reactivate your IPMI console to complete the installation.Note: Be patient! It can sometimes take a couple of minutes for the installation to begin.
Complete your installation
After you select to boot the Ubuntu installer, the installer wizard walks you through the following steps.
- Follow the installation wizard for Ubuntu to set up disk options, your user name and password, time zones, and so on. The last step is to restart your system.Note: The Ubuntu installation process uses DHCP by default during installation. If you are not using DHCP, you need to configure the network manually by following these steps:
- On the Configuring the network with DHCP screen, click Cancel.
- Click Continue.
- Select Configure your network manually.
- Enter your IP address and click Continue.
- Enter your netmask and click Continue.
- Enter or confirm the gateway for your IP address and click Continue.
- Optionally, enter the name server address and click Continue.
- Enter a host name for your system and click Continue.
- Select a mirror of the Ubuntu archive.
- Confirm the Ubuntu archive mirror.
- Optionally, enter the HTTP proxy information and click Continue.
- After the system restarts, Petitboot displays the option to boot the Ubuntu with Linux release number. Select this option and press Enter.
Conclusion
After you have booted Ubuntu, your server is ready to go!
For more information, see the following resources:
- Follow us on Twitter @IBMPowerLinux
Downloadable resources
Comments
Sign in or register to add and subscribe to comments.