Add deployment target doc + ipmitool to live ISO packages

ISO-DEPLOYMENT-TARGET-ZFS.md: HPE ML350p Gen8 tower, iLO 4 discovery, network layout (10.x sanitised), 5-phase deployment plan, iLO firmware upgrade procedure, password recovery guide. pkg-list-live-operator.txt: added ipmitool for BMC management (power control, sensor readout, boot device, Serial-over-LAN).
2026-06-04 15:41:19 +00:00 · 2026-06-04 15:41:19 +00:00 · 8709d3e9e5
commit 8709d3e9e5
parent db5a65a523
2 changed files with 155 additions and 0 deletions
--- a/docs/ISO-DEPLOYMENT-TARGET-ZFS.md
+++ b/docs/ISO-DEPLOYMENT-TARGET-ZFS.md
@ -0,0 +1,151 @@
+# ISO Deployment Target — ZFS Disk Install
+
+> Internal document. IPs use 10.0.0.0/8 placeholder range; real addresses
+> are in the live USB's ARP table at build time.
+
+**Date:** 4 Jun 2026  
+**Milestone:** v1.0.0 — USB live → ZFS disk deploy  
+**Repo:** `clawdie-iso`
+
+---
+
+## Target machine
+
+| Detail | Value |
+|---|---|
+| **Make / Model** | HPE ProLiant ML350p Gen8 tower |
+| **Serial** | `CZ22160QQY` |
+| **Product ID** | `646676-421` |
+| **Management** | iLO 4 (firmware 2.76 → needs 2.82 update) |
+| **iLO License** | Advanced (remote console + virtual media) |
+| **iLO IP** | `10.0.0.2` (dedicated iLO management port) |
+| **Server NICs** | 4× onboard GbE (MAC 9c:8e:99:4c:43:e6–e9) |
+| **Server IP** | DHCP from LAN port 1 (currently no OS booted) |
+| **iLO password** | Physical pull-tab tag on chassis (factory default) |
+
+## Network layout (sanitised)
+
+```
+  10.0.0.1  — gateway / DHCP server
+  10.0.0.2  — iLO 4 management (dedicated port)
+  10.0.0.7  — operator USB laptop (ue0, FreeBSD 15)
+  10.0.0.?  — server LAN port 1 (DHCP, TBD once OS boots)
+```
+
+## Current state
+
+- Server powered on, iLO reachable at `https://10.0.0.2/`
+- No host OS installed or booted — no server NIC has an IP
+- iLO 4 firmware 2.76 (CVEs fixed in 2.82 — upgrade required)
+- iLO Advanced license installed (remote console active)
+- Disks unknown (requires iLO login or OS boot)
+
+## Deployment plan
+
+### Phase 1 — pre-flight (on USB live)
+
+```sh
+# Verify iLO access
+curl -sk -u Administrator:<tag-password> https://10.0.0.2/xmldata?item=all
+
+# Check server health
+ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> sdr list
+ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> power status
+
+# Mount ISO via iLO virtual media
+# → iLO web UI → Remote Console → Virtual Drives → Mount clawdie-iso
+
+# Boot from virtual ISO
+ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> chassis bootdev cdrom
+ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> chassis power reset
+```
+
+### Phase 2 — USB live boots on server
+
+Once the ISO boots on the server hardware:
+1. Server gets DHCP on its LAN port (visible in ARP)
+2. `colibri-daemon` starts, skills catalog loaded
+3. `service clawdie health` passes
+4. `tailscale up` for mesh access (if auth key available)
+
+### Phase 3 — disk survey + ZFS pool create
+
+```sh
+# List disks
+camcontrol devlist
+geom disk list
+
+# Create ZFS pool (single disk or mirror, TBD after survey)
+zpool create -o ashift=12 zroot /dev/ada0
+zfs create -o mountpoint=/ zroot/ROOT/default
+```
+
+### Phase 4 — install FreeBSD to ZFS + clawdie
+
+```sh
+# Bootstrap FreeBSD base system onto ZFS
+# Install clawdie service + colibri-daemon
+# Copy config, skills DB, pi sessions from USB
+# Set boot environment
+```
+
+### Phase 5 — reboot to disk + validate
+
+```sh
+# On reboot, server boots from local ZFS
+service clawdie health    # daemon ✓, skills ✓, glasspane ✓
+service clawdie inventory # runtime manifest
+colibri list-skills       # catalog intact
+# Tailscale mesh active, operator can SSH in
+```
+
+## iLO firmware upgrade
+
+Current: 2.76 (Dec 2019)  
+Target: 2.82 (Aug 2023)  
+Download: https://support.hpe.com/ → ProLiant ML350p Gen8 → Firmware → iLO 4
+
+**Method A (from USB live):**
+```sh
+# Upload firmware via iLO REST API
+curl -sk -u Administrator:<pw> -X POST \
+  -F "file=@ilo4_282.bin" \
+  https://10.0.0.2/json/upload_firmware
+```
+
+**Method B (via iLO web UI):**
+1. Log into `https://10.0.0.2/`
+2. Administration → Firmware → Upload
+3. Select `ilo4_282.bin`, apply, iLO reboots (~2 min)
+
+## System ROM / BIOS
+
+Check version after iLO login:
+```sh
+curl -sk -u Administrator:<pw> https://10.0.0.2/xmldata?item=all | grep -i rom
+```
+
+Likely needs update — Gen8 latest is 2019.05.00 (P79). Check HPE support.
+
+## Required packages on ISO
+
+| Package | Purpose |
+|---|---|
+| `ipmitool` | IPMI/BMC management (power, sensors, boot order) |
+| `freeipmi` | Alternative IPMI toolset (optional, heavier) |
+| `curl` | iLO REST API calls ✅ already included |
+| `openssl` | Certificate handling ✅ already included |
+| `python3` | Scripting + JSON ✅ already included |
+
+## Notes
+
+- iLO 4 password is on a **physical pull-tab tag** on the chassis.
+  - Front panel: pull the plastic tab below the optical drive.
+  - Behind bezel: remove the plastic front bezel, check metal.
+  - Rear: sticker near the dedicated iLO RJ45 port.
+  - Inside: top lid off → sticker on motherboard near iLO chip.
+- If tag is truly lost: physical "iLO Security Override" jumper (SW1 position 1)
+  on motherboard resets iLO to factory defaults (requires monitor + keyboard).
+- The server has an iLO Advanced license — remote console (.NET/Java) and
+  virtual media work. HTML5 console may not be available on iLO 4; use the
+  standalone IRC client or `ipmitool sol` for Serial-over-LAN.
--- a/packages/pkg-list-live-operator.txt
+++ b/packages/pkg-list-live-operator.txt
@ -71,6 +71,10 @@ usbutils
 hw-probe
 p5-libwww
 smartmontools
+# IPMI / BMC management for HPE iLO, Dell iDRAC, etc.
+# Needed for disk-deploy workflow: power control, sensor readout,
+# boot device selection, Serial-over-LAN console.
+ipmitool
 lscpu
 lsblk
 hwstat