Reset lost iDRAC pass from OMSA

I was recently playing around with EM7 and various Dynamic Apps around Dell hardware.  I came to find that my remote server (hosting this site) had storage in a ‘nonCritical’ state.  I promptly tried logging into my idrac for the system and was having issues getting in.  I had forgot what I had set for the password on the root and personal accounts.  (For those that leave it root/calvin, shame on you!)  This set off a “fear” if you will of having to shut down several VMs and get the datacenter hosting it to attach a remote KVM so I could change the drac password.  I hate this thought.  I spent 30 seconds here and there trying every password I could think of but nothing worked.  I finally started googling around to see if there was any other method.  I struck a winner.

So first thing is you will need Dell Open manage installed on the host system.  From what I can tell this wont work otherwise.  I wrote up a short on installing Dell OpenManage on an Ubuntu 16.04 system previously.

I quickly found that racadm is not properly setup for x64 systems.

[email protected]:~# racadm getconfig -g cfgUserAdmin -i 2
/opt/dell/srvadmin/sbin/racadm: line 3: /opt/dell/srvadmin/lib/srvadmin-omilcore/Funcs.sh: No such file or directory
/opt/dell/srvadmin/sbin/racadm: line 5: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 6: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 8: GetSysId: command not found
/opt/dell/srvadmin/sbin/racadm: line 9: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 10: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 13: printf: 0x: invalid hex number
ERROR: Unable to communicate with RAC controller. Please make sure that a RAC
controller is present in the server and appropriate software is installed.

Thankfully it looks like it was just missing a couple of things in the lib folder that are in lib64.

cd /opt/dell/srvadmin/lib
ln -s ../lib64/srvadmin-deng/
ln -s ../lib64/srvadmin-idrac/
ln -s ../lib64/srvadmin-isvc/
ln -s ../lib64/srvadmin-omacore/
ln -s ../lib64/srvadmin-omilcore/
ln -s ../lib64/srvadmin-storage/

After that, racadm appears to work on the hostsystem.

After all that, it appears that racadm works locally without needing a user/pass to do anything.  This will help later when I will be working on pushing out LetsEncrypt certs into the iDRACs automatically.  So I ran the following as mentioned on the dell forum post to reset the root password to ‘ThisIsNewPass’.  If you want to change other users, change the 2 to what ever number they are in the user list.

racadm set idrac.users.2.password ThisIsNewPass
[email protected]:~# racadm set idrac.users.3.password ThisIsNewPass
[Key=idrac.Embedded.1#Users.3]
Object value modified successfully

[email protected]:~#
Reference URL: https://www.dell.com/community/PowerEdge-Hardware-General/Unluckly-I-forgot-my-dell-server-R720-IDRAC-password-now-I-can-t/td-p/4458788
Reference URL: https://mindlesstux.com/2018/01/08/install-dell-openmanage-on-ubuntu-16-04-and-up/

iDRAC 7 – LetsEncrypt Wildcard Cert

So I have a few “hand me down” dell servers.  The ones I use right now have iDRAC 7 in them.  I have always been annoyed at the SSL warning that comes up.  I thought about rolling my own CA and generating my own certs.  I shot that down though as some times I pull up the iDRACs remotely from systems where I don’t want to install the custom root cert.  I finally took the time to figure out how to take the Let’s Encrypt free SSL cert and apply it to the iDRACs.  This is mainly due to they started issuing wildcard certs as of today.

So step one, reissue all my certs into one nice wildcard cert.  Took a bit of effort but to make things simple for others that may find this.  Install certbot-auto on a linux system and run something like:

./certbot-auto certonly --rsa-key-size=4096 -d domain.com -d *.domain.com --server https://acme-v02.api.letsencrypt.org/directory --manual

Follow the prompts and setup the verification checks as requested.  If all goes well you will get a nice little dump of you have a new cert and it lives at /etc/letsencrypt/live/domain.com/.

From there I scp’ed the private key and the full chain down to my windows vm where I have racadm installed.  For quick finding for those that need racadm installed on a windows system.  (Download, unzip, run installer, good to go)  After that all that was needed is to run 3 commands in a command prompt in the directory where the two files I scp’ed to the system.

racadm -r idrac1.domain.com -u adminuser -p adminpass sslkeyupload -t 1 -f privkey.pem
racadm -r idrac1.domain.com -u adminuser -p adminpass sslcertupload -t 1 -f fullchain.pem
racadm racreset

After the iDRAC reset itself after those commands, I now had a shiny and valid SSL cert.  There can be a small hiccup, and you may get a system that says “The Remote RACADM interface is disabled”.  As long as you have trust in your firewalls, Overview->iDRAC Settings->Network->Services->Remote RACADM->Tick the enabled box and apply.

Next up to see if I can make Java not complain when loading the virtual console.  Or perhaps scripting this some how to automatically check daily if new cert was issued and pull/push.

Reference URL: https://serverfault.com/questions/485426/install-existing-ssl-certificate-on-dell-idrac7
Reference URL: https://lonesysadmin.net/2015/08/13/interesting-dell-idrac-tricks/
Reference URL: http://www.itwalkthru.com/2014/01/how-to-install-wildcard-certificate-on.html

Setting up a TF2 server – Part 1

So I also host a small set of game servers for me to test plugins and maps out.  Not to mention its also a simple way for me to say to a group of friends lets go play this and have a place to go without the hassle of looking for a server.  Normally I would tell people to install LGSM when they want to setup a gameserver.  I though have run into a few issues where LGSM is a tad constricting for my needs now.  So off to setting the server up from scratch and trying to replicate a couple of features from LGSM.

So for this part, setup the server in a raw form.

Continue reading

New Category: Shitty Ideas

So I have some ideas from time to time that I tend to forget or deem to crappy to execute.  So I figure I would at least write them down as sometimes the crappy ideas will still bear a fruit of some sort.  Thus I will write them crib note style and password protect them with the password “shitty idea”.  This way they do not get indexed by search engines but still allow the random visitor to view the idea.