Having got racadm working on my workstation (see my previous post), the next step is to perform initial DRAC configuration, ie. change the root password, set the SSL cert values, etc.
First I checked that all DRACs were pingable:
for h in $(seq -w 1 34); do hn=b0$h.drac.example.com if ping -q -c 1 $hn >& /dev/null ; then echo OK else echo failed fi done
Next, I created a drac config file (named drac.cfg) containing the settings that are common to all devices:
[cfgLanNetworking] cfgDNSDomainName=drac.example.com [cfgUserAdmin] # cfgUserAdminIndex=2 cfgUserAdminUserName=root cfgUserAdminPassword=secret [cfgOobSnmp] cfgOobSnmpAgentEnable=1 cfgOobSnmpAgentCommunity=my_community_name [cfgRacSecurity] cfgRacSecCsrKeySize=1024 # cfgRacSecCsrCommonName= cfgRacSecCsrOrganizationName=example.com cfgRacSecCsrOrganizationUnit=Web Services cfgRacSecCsrLocalityName=My City cfgRacSecCsrStateName=My State cfgRacSecCsrCountryCode=IE cfgRacSecCsrEmailAddr=contact@example.com
I then ran a script to apply the common configuration to all devices. I also set the device-specific settings in the same script:
for n in $(seq -w 1 34); do host=b0$hn domain=drac.example.com fullname=$host.$domain racadm -r $fullname -u root -p calvin config -g cfgLanNetworking -o cfgDNSRacName $host racadm -r $fullname -u root -p calvin config -g cfgRacSecurity -o cfgRacSecCsrCommonName $fullname racadm -r $fullname -u root -p calvin config -f drac.cfg done
Notice that I don't change the default password until last.
Now, I just need to work out how to generate the CSR, sign it, and upload the new cert…
Khang says:
How are you accessing the dracs in this script? through telnet or ssh?
August 26, 2010, 10:29 pmrobin says:
Er, neither. The example uses racadm which communicates directly with the DRACs.
August 31, 2010, 1:17 pm