Having got racadm working on my workstation (see my previous post), the next step is to perform initial DRAC configuration, ie. change the root password, set the SSL cert values, etc.
First I checked that all DRACs were pingable:
for h in $(seq -w 1 34); do
hn=b0$h.drac.example.com
if ping -q -c 1 $hn >& /dev/null ; then
echo OK
else
echo failed
fi
done |
for h in $(seq -w 1 34); do
hn=b0$h.drac.example.com
if ping -q -c 1 $hn >& /dev/null ; then
echo OK
else
echo failed
fi
done
Next, I created a drac config file (named drac.cfg) containing the settings that are common to all devices:
[cfgLanNetworking]
cfgDNSDomainName=drac.example.com
[cfgUserAdmin]
# cfgUserAdminIndex=2
cfgUserAdminUserName=root
cfgUserAdminPassword=secret
[cfgOobSnmp]
cfgOobSnmpAgentEnable=1
cfgOobSnmpAgentCommunity=my_community_name
[cfgRacSecurity]
cfgRacSecCsrKeySize=1024
# cfgRacSecCsrCommonName=
cfgRacSecCsrOrganizationName=example.com
cfgRacSecCsrOrganizationUnit=Web Services
cfgRacSecCsrLocalityName=My City
cfgRacSecCsrStateName=My State
cfgRacSecCsrCountryCode=IE
cfgRacSecCsrEmailAddr=contact@example.com |
[cfgLanNetworking]
cfgDNSDomainName=drac.example.com
[cfgUserAdmin]
# cfgUserAdminIndex=2
cfgUserAdminUserName=root
cfgUserAdminPassword=secret
[cfgOobSnmp]
cfgOobSnmpAgentEnable=1
cfgOobSnmpAgentCommunity=my_community_name
[cfgRacSecurity]
cfgRacSecCsrKeySize=1024
# cfgRacSecCsrCommonName=
cfgRacSecCsrOrganizationName=example.com
cfgRacSecCsrOrganizationUnit=Web Services
cfgRacSecCsrLocalityName=My City
cfgRacSecCsrStateName=My State
cfgRacSecCsrCountryCode=IE
cfgRacSecCsrEmailAddr=contact@example.com
I then ran a script to apply the common configuration to all devices. I also set the device-specific settings in the same script:
for n in $(seq -w 1 34); do
host=b0$hn
domain=drac.example.com
fullname=$host.$domain
racadm -r $fullname -u root -p calvin config -g cfgLanNetworking -o cfgDNSRacName $host
racadm -r $fullname -u root -p calvin config -g cfgRacSecurity -o cfgRacSecCsrCommonName $fullname
racadm -r $fullname -u root -p calvin config -f drac.cfg
done |
for n in $(seq -w 1 34); do
host=b0$hn
domain=drac.example.com
fullname=$host.$domain
racadm -r $fullname -u root -p calvin config -g cfgLanNetworking -o cfgDNSRacName $host
racadm -r $fullname -u root -p calvin config -g cfgRacSecurity -o cfgRacSecCsrCommonName $fullname
racadm -r $fullname -u root -p calvin config -f drac.cfg
done
Notice that I don't change the default password until last.
Now, I just need to work out how to generate the CSR, sign it, and upload the new cert…