Having got racadm working on my workstation (see my previous post), the next step is to perform initial DRAC configuration, ie. change the root password, set the SSL cert values, etc.
First I checked that all DRACs were pingable:
for h in $(seq -w 1 34); do hn=b0$h.drac.example.com if ping -q -c 1 $hn >& /dev/null ; then echo OK else echo failed fi done |
Next, I created a drac config file (named drac.cfg) containing the settings that are common to all devices:
[cfgLanNetworking] cfgDNSDomainName=drac.example.com [cfgUserAdmin] # cfgUserAdminIndex=2 cfgUserAdminUserName=root cfgUserAdminPassword=secret [cfgOobSnmp] cfgOobSnmpAgentEnable=1 cfgOobSnmpAgentCommunity=my_community_name [cfgRacSecurity] cfgRacSecCsrKeySize=1024 # cfgRacSecCsrCommonName= cfgRacSecCsrOrganizationName=example.com cfgRacSecCsrOrganizationUnit=Web Services cfgRacSecCsrLocalityName=My City cfgRacSecCsrStateName=My State cfgRacSecCsrCountryCode=IE cfgRacSecCsrEmailAddr=contact@example.com |
I then ran a script to apply the common configuration to all devices. I also set the device-specific settings in the same script:
for n in $(seq -w 1 34); do host=b0$hn domain=drac.example.com fullname=$host.$domain racadm -r $fullname -u root -p calvin config -g cfgLanNetworking -o cfgDNSRacName $host racadm -r $fullname -u root -p calvin config -g cfgRacSecurity -o cfgRacSecCsrCommonName $fullname racadm -r $fullname -u root -p calvin config -f drac.cfg done |
Notice that I don't change the default password until last.
Now, I just need to work out how to generate the CSR, sign it, and upload the new cert…