I was recently playing around with EM7 and various Dynamic Apps around Dell hardware. I came to find that my remote server (hosting this site) had storage in a ‘nonCritical’ state. I promptly tried logging into my idrac for the system and was having issues getting in. I had forgot what I had set for the password on the root and personal accounts. (For those that leave it root/calvin, shame on you!) This set off a “fear” if you will of having to shut down several VMs and get the datacenter hosting it to attach a remote KVM so I could change the drac password. I hate this thought. I spent 30 seconds here and there trying every password I could think of but nothing worked. I finally started googling around to see if there was any other method. I struck a winner.
So first thing is you will need Dell Open manage installed on the host system. From what I can tell this wont work otherwise. I wrote up a short on installing Dell OpenManage on an Ubuntu 16.04 system previously.
I quickly found that racadm is not properly setup for x64 systems.
[email protected]:~# racadm getconfig -g cfgUserAdmin -i 2
/opt/dell/srvadmin/sbin/racadm: line 3: /opt/dell/srvadmin/lib/srvadmin-omilcore/Funcs.sh: No such file or directory
/opt/dell/srvadmin/sbin/racadm: line 5: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 6: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 8: GetSysId: command not found
/opt/dell/srvadmin/sbin/racadm: line 9: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 10: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 13: printf: 0x: invalid hex number
ERROR: Unable to communicate with RAC controller. Please make sure that a RAC
controller is present in the server and appropriate software is installed.
Thankfully it looks like it was just missing a couple of things in the lib folder that are in lib64.
ln -s ../lib64/srvadmin-deng/
ln -s ../lib64/srvadmin-idrac/
ln -s ../lib64/srvadmin-isvc/
ln -s ../lib64/srvadmin-omacore/
ln -s ../lib64/srvadmin-omilcore/
ln -s ../lib64/srvadmin-storage/
After that, racadm appears to work on the hostsystem.
After all that, it appears that racadm works locally without needing a user/pass to do anything. This will help later when I will be working on pushing out LetsEncrypt certs into the iDRACs automatically. So I ran the following as mentioned on the dell forum post to reset the root password to ‘ThisIsNewPass’. If you want to change other users, change the 2 to what ever number they are in the user list.
racadm set idrac.users.2.password ThisIsNewPass
[email protected]:~# racadm set idrac.users.3.password ThisIsNewPass
Object value modified successfully
So I have a few “hand me down” dell servers. The ones I use right now have iDRAC 7 in them. I have always been annoyed at the SSL warning that comes up. I thought about rolling my own CA and generating my own certs. I shot that down though as some times I pull up the iDRACs remotely from systems where I don’t want to install the custom root cert. I finally took the time to figure out how to take the Let’s Encrypt free SSL cert and apply it to the iDRACs. This is mainly due to they started issuing wildcard certs as of today.
So step one, reissue all my certs into one nice wildcard cert. Took a bit of effort but to make things simple for others that may find this. Install certbot-auto on a linux system and run something like:
./certbot-auto certonly --rsa-key-size=4096 -d domain.com -d *.domain.com --server https://acme-v02.api.letsencrypt.org/directory --manual
Follow the prompts and setup the verification checks as requested. If all goes well you will get a nice little dump of you have a new cert and it lives at /etc/letsencrypt/live/domain.com/.
From there I scp’ed the private key and the full chain down to my windows vm where I have racadm installed. For quick finding for those that need racadm installed on a windows system. (Download, unzip, run installer, good to go) After that all that was needed is to run 3 commands in a command prompt in the directory where the two files I scp’ed to the system.
racadm -r idrac1.domain.com -u adminuser -p adminpass sslkeyupload -t 1 -f privkey.pem
racadm -r idrac1.domain.com -u adminuser -p adminpass sslcertupload -t 1 -f fullchain.pem
After the iDRAC reset itself after those commands, I now had a shiny and valid SSL cert. There can be a small hiccup, and you may get a system that says “The Remote RACADM interface is disabled”. As long as you have trust in your firewalls, Overview->iDRAC Settings->Network->Services->Remote RACADM->Tick the enabled box and apply.
Next up to see if I can make Java not complain when loading the virtual console. Or perhaps scripting this some how to automatically check daily if new cert was issued and pull/push.
So with this new server I am setting up I wanted to install the Dell OpenManage software but got a headache from doing so. Just about everything I was finding was pointing me to CentOS based info and I am using an Ubuntu based system. Hence my headache. After hours of googling I finally found the page I did and it helped me get Dell OpenManage installed. Of course I had to mangle their instructions some but it was not to bad. Below is what I used and a link to the page that was helpful.
sudo echo 'deb http://linux.dell.com/repo/community/ubuntu trusty openmanage' | sudo tee -a /etc/apt/sources.list.d/linux.dell.com.sources.list
gpg --keyserver hkp://pool.sks-keyservers.net:80 --recv-key 1285491434D8786F ; gpg -a --export 1285491434D8786F | sudo apt-key add -
sudo apt-get update
sudo apt install srvadmin-base srvadmin-storageservices srvadmin-idrac7
# sudo apt install srvadmin-webserver
# sudo service dsm_om_connsvc start && sudo update-rc.d dsm_om_connsvc defaults