iDRAC 7 – LetsEncrypt Wildcard Cert

So I have a few “hand me down” dell servers.  The ones I use right now have iDRAC 7 in them.  I have always been annoyed at the SSL warning that comes up.  I thought about rolling my own CA and generating my own certs.  I shot that down though as some times I pull up the iDRACs remotely from systems where I don’t want to install the custom root cert.  I finally took the time to figure out how to take the Let’s Encrypt free SSL cert and apply it to the iDRACs.  This is mainly due to they started issuing wildcard certs as of today.

So step one, reissue all my certs into one nice wildcard cert.  Took a bit of effort but to make things simple for others that may find this.  Install certbot-auto on a linux system and run something like:

./certbot-auto certonly --rsa-key-size=4096 -d -d * --server --manual

Follow the prompts and setup the verification checks as requested.  If all goes well you will get a nice little dump of you have a new cert and it lives at /etc/letsencrypt/live/

From there I scp’ed the private key and the full chain down to my windows vm where I have racadm installed.  For quick finding for those that need racadm installed on a windows system.  (Download, unzip, run installer, good to go)  After that all that was needed is to run 3 commands in a command prompt in the directory where the two files I scp’ed to the system.

racadm -r -u adminuser -p adminpass sslkeyupload -t 1 -f privkey.pem
racadm -r -u adminuser -p adminpass sslcertupload -t 1 -f fullchain.pem
racadm racreset

After the iDRAC reset itself after those commands, I now had a shiny and valid SSL cert.  There can be a small hiccup, and you may get a system that says “The Remote RACADM interface is disabled”.  As long as you have trust in your firewalls, Overview->iDRAC Settings->Network->Services->Remote RACADM->Tick the enabled box and apply.

Next up to see if I can make Java not complain when loading the virtual console.  Or perhaps scripting this some how to automatically check daily if new cert was issued and pull/push.

Setting up a TF2 server – Part 1

So I also host a small set of game servers for me to test plugins and maps out.  Not to mention its also a simple way for me to say to a group of friends lets go play this and have a place to go without the hassle of looking for a server.  Normally I would tell people to install LGSM when they want to setup a gameserver.  I though have run into a few issues where LGSM is a tad constricting for my needs now.  So off to setting the server up from scratch and trying to replicate a couple of features from LGSM.

So for this part, setup the server in a raw form.

Continue reading

New Category: Shitty Ideas

So I have some ideas from time to time that I tend to forget or deem to crappy to execute.  So I figure I would at least write them down as sometimes the crappy ideas will still bear a fruit of some sort.  Thus I will write them crib note style and password protect them with the password “shitty idea”.  This way they do not get indexed by search engines but still allow the random visitor to view the idea.

Install Dell OpenManage on Ubuntu 16.04 (and up?)

So with this new server I am setting up I wanted to install the Dell OpenManage software but got a headache from doing so. Just about everything I was finding was pointing me to CentOS based info and I am using an Ubuntu based system. Hence my headache. After hours of googling I finally found the page I did and it helped me get Dell OpenManage installed. Of course I had to mangle their instructions some but it was not to bad. Below is what I used and a link to the page that was helpful.

sudo echo 'deb trusty openmanage' | sudo tee -a /etc/apt/sources.list.d/
gpg --keyserver hkp:// --recv-key 1285491434D8786F ; gpg -a --export 1285491434D8786F | sudo apt-key add -
sudo apt-get update
sudo apt install srvadmin-base srvadmin-storageservices srvadmin-idrac7
# sudo apt install srvadmin-webserver
# sudo service dsm_om_connsvc start && sudo update-rc.d dsm_om_connsvc defaults

Continue reading

Reference URL: