Having got racadm working on my workstation (see my previous post), the next step is to perform initial DRAC configuration, ie. change the root password, set the SSL cert values, etc.

First I checked that all DRACs were pingable:

for h in $(seq -w 1 34); do
    hn=b0$h.drac.example.com
    if ping -q -c 1 $hn >& /dev/null ; then
        echo OK
    else
        echo failed
    fi
done

Next, I created a drac config file (named drac.cfg) containing the settings that are common to all devices:

[cfgLanNetworking]
cfgDNSDomainName=drac.example.com
 
[cfgUserAdmin]
# cfgUserAdminIndex=2
cfgUserAdminUserName=root
cfgUserAdminPassword=secret
 
[cfgOobSnmp]
cfgOobSnmpAgentEnable=1
cfgOobSnmpAgentCommunity=my_community_name
 
[cfgRacSecurity]
cfgRacSecCsrKeySize=1024
# cfgRacSecCsrCommonName=
cfgRacSecCsrOrganizationName=example.com
cfgRacSecCsrOrganizationUnit=Web Services
cfgRacSecCsrLocalityName=My City
cfgRacSecCsrStateName=My State
cfgRacSecCsrCountryCode=IE
cfgRacSecCsrEmailAddr=contact@example.com

I then ran a script to apply the common configuration to all devices. I also set the device-specific settings in the same script:

for n in $(seq -w 1 34); do
    host=b0$hn
    domain=drac.example.com
    fullname=$host.$domain
    racadm -r $fullname -u root -p calvin config -g cfgLanNetworking -o cfgDNSRacName $host
    racadm -r $fullname -u root -p calvin config -g cfgRacSecurity -o cfgRacSecCsrCommonName $fullname
    racadm -r $fullname -u root -p calvin config -f drac.cfg
done

Notice that I don't change the default password until last.

Now, I just need to work out how to generate the CSR, sign it, and upload the new cert…