diff --git a/docs/ISO-DEPLOYMENT-TARGET-ZFS.md b/docs/ISO-DEPLOYMENT-TARGET-ZFS.md new file mode 100644 index 00000000..81f5c619 --- /dev/null +++ b/docs/ISO-DEPLOYMENT-TARGET-ZFS.md @@ -0,0 +1,151 @@ +# ISO Deployment Target — ZFS Disk Install + +> Internal document. IPs use 10.0.0.0/8 placeholder range; real addresses +> are in the live USB's ARP table at build time. + +**Date:** 4 Jun 2026 +**Milestone:** v1.0.0 — USB live → ZFS disk deploy +**Repo:** `clawdie-iso` + +--- + +## Target machine + +| Detail | Value | +|---|---| +| **Make / Model** | HPE ProLiant ML350p Gen8 tower | +| **Serial** | `CZ22160QQY` | +| **Product ID** | `646676-421` | +| **Management** | iLO 4 (firmware 2.76 → needs 2.82 update) | +| **iLO License** | Advanced (remote console + virtual media) | +| **iLO IP** | `10.0.0.2` (dedicated iLO management port) | +| **Server NICs** | 4× onboard GbE (MAC 9c:8e:99:4c:43:e6–e9) | +| **Server IP** | DHCP from LAN port 1 (currently no OS booted) | +| **iLO password** | Physical pull-tab tag on chassis (factory default) | + +## Network layout (sanitised) + +``` + 10.0.0.1 — gateway / DHCP server + 10.0.0.2 — iLO 4 management (dedicated port) + 10.0.0.7 — operator USB laptop (ue0, FreeBSD 15) + 10.0.0.? — server LAN port 1 (DHCP, TBD once OS boots) +``` + +## Current state + +- Server powered on, iLO reachable at `https://10.0.0.2/` +- No host OS installed or booted — no server NIC has an IP +- iLO 4 firmware 2.76 (CVEs fixed in 2.82 — upgrade required) +- iLO Advanced license installed (remote console active) +- Disks unknown (requires iLO login or OS boot) + +## Deployment plan + +### Phase 1 — pre-flight (on USB live) + +```sh +# Verify iLO access +curl -sk -u Administrator: https://10.0.0.2/xmldata?item=all + +# Check server health +ipmitool -H 10.0.0.2 -U Administrator -P sdr list +ipmitool -H 10.0.0.2 -U Administrator -P power status + +# Mount ISO via iLO virtual media +# → iLO web UI → Remote Console → Virtual Drives → Mount clawdie-iso + +# Boot from virtual ISO +ipmitool -H 10.0.0.2 -U Administrator -P chassis bootdev cdrom +ipmitool -H 10.0.0.2 -U Administrator -P chassis power reset +``` + +### Phase 2 — USB live boots on server + +Once the ISO boots on the server hardware: +1. Server gets DHCP on its LAN port (visible in ARP) +2. `colibri-daemon` starts, skills catalog loaded +3. `service clawdie health` passes +4. `tailscale up` for mesh access (if auth key available) + +### Phase 3 — disk survey + ZFS pool create + +```sh +# List disks +camcontrol devlist +geom disk list + +# Create ZFS pool (single disk or mirror, TBD after survey) +zpool create -o ashift=12 zroot /dev/ada0 +zfs create -o mountpoint=/ zroot/ROOT/default +``` + +### Phase 4 — install FreeBSD to ZFS + clawdie + +```sh +# Bootstrap FreeBSD base system onto ZFS +# Install clawdie service + colibri-daemon +# Copy config, skills DB, pi sessions from USB +# Set boot environment +``` + +### Phase 5 — reboot to disk + validate + +```sh +# On reboot, server boots from local ZFS +service clawdie health # daemon ✓, skills ✓, glasspane ✓ +service clawdie inventory # runtime manifest +colibri list-skills # catalog intact +# Tailscale mesh active, operator can SSH in +``` + +## iLO firmware upgrade + +Current: 2.76 (Dec 2019) +Target: 2.82 (Aug 2023) +Download: https://support.hpe.com/ → ProLiant ML350p Gen8 → Firmware → iLO 4 + +**Method A (from USB live):** +```sh +# Upload firmware via iLO REST API +curl -sk -u Administrator: -X POST \ + -F "file=@ilo4_282.bin" \ + https://10.0.0.2/json/upload_firmware +``` + +**Method B (via iLO web UI):** +1. Log into `https://10.0.0.2/` +2. Administration → Firmware → Upload +3. Select `ilo4_282.bin`, apply, iLO reboots (~2 min) + +## System ROM / BIOS + +Check version after iLO login: +```sh +curl -sk -u Administrator: https://10.0.0.2/xmldata?item=all | grep -i rom +``` + +Likely needs update — Gen8 latest is 2019.05.00 (P79). Check HPE support. + +## Required packages on ISO + +| Package | Purpose | +|---|---| +| `ipmitool` | IPMI/BMC management (power, sensors, boot order) | +| `freeipmi` | Alternative IPMI toolset (optional, heavier) | +| `curl` | iLO REST API calls ✅ already included | +| `openssl` | Certificate handling ✅ already included | +| `python3` | Scripting + JSON ✅ already included | + +## Notes + +- iLO 4 password is on a **physical pull-tab tag** on the chassis. + - Front panel: pull the plastic tab below the optical drive. + - Behind bezel: remove the plastic front bezel, check metal. + - Rear: sticker near the dedicated iLO RJ45 port. + - Inside: top lid off → sticker on motherboard near iLO chip. +- If tag is truly lost: physical "iLO Security Override" jumper (SW1 position 1) + on motherboard resets iLO to factory defaults (requires monitor + keyboard). +- The server has an iLO Advanced license — remote console (.NET/Java) and + virtual media work. HTML5 console may not be available on iLO 4; use the + standalone IRC client or `ipmitool sol` for Serial-over-LAN. diff --git a/packages/pkg-list-live-operator.txt b/packages/pkg-list-live-operator.txt index 264a4dda..b35dc689 100644 --- a/packages/pkg-list-live-operator.txt +++ b/packages/pkg-list-live-operator.txt @@ -71,6 +71,10 @@ usbutils hw-probe p5-libwww smartmontools +# IPMI / BMC management for HPE iLO, Dell iDRAC, etc. +# Needed for disk-deploy workflow: power control, sensor readout, +# boot device selection, Serial-over-LAN console. +ipmitool lscpu lsblk hwstat