Advanced Configuration of the DRAC 5
Dell™ Remote Access Controller 5 Firmware Version 1.40 User's Guide
This section provides information about advanced DRAC 5 configuration and is recommended for users with advanced knowledge of systems management and who want to customize the DRAC environment to suit their specific needs.
Before You Begin
You should have completed the basic installation and setup of your DRAC 5 hardware and software. See "Basic Installation of the DRAC 5" for more information.
Configuring DRAC 5 Properties
You can configure the DRAC 5 properties (network, users, and so on) by using either the Web-based interface or the RACADM.
The DRAC 5 provides a Web-based interface and RACADM (a command-line interface) that enables you to configure the DRAC 5 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the DRAC 5 Web-based interface. This chapter provides information about how to perform common systems management tasks with the DRAC 5 Web-based interface and provides links to related information.
All Web-based interface configuration tasks can also be performed with RACADM.
Configuring the DRAC 5 Using the Web User Interface
See your DRAC 5 online help for context sensitive information about each Web-based interface page.
Accessing the Web-Based Interface
To access the DRAC 5 Web-based interface:
For a list of supported Web browsers, see the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com.
https://<IP address>
If the default HTTPS port number (port 443) has been changed, type:
https://<IP address>:<port number>
where IP address is the IP address for the DRAC 5 and port number is the HTTPS port number.
The DRAC 5 Log in window appears.
 | NOTE: When you use Internet Explorer version 6 SP2 or version 7 to log into the DRAC 5 Web GUI and the client is on a private network, but without access to the Internet, you may experience a delay of up to 30 seconds. To resolve this issue: |
1. Disable the phishing filter.
https://phishingfilter.microsoft.com/faq.aspx.
2. Disable CRL fetching:
a. Click Tools→ Options→ Advanced tab→ Security.
b. Deselect Check for publisher's certificate revocation.
Logging In
You can log in either as a DRAC 5 user or as a Microsoft® Active Directory® user. The default user name and password are root and calvin, respectively.
Before you log in to the DRAC 5, verify that you have Log In to DRAC 5 permission. Speak to your organization's DRAC or network administrator to confirm your access privileges.
To log in:
For example, <username>
The DRAC 5 user name for local users is case sensitive
For example, <domain>\<username>, <domain>/<username>, or <user>@<domain>.
Examples of an Active Directory user name are: dell.com\john_doe or john_doe@dell.com.
The Active Directory user name is not case sensitive.
This field is case sensitive.
Logging Out
- In the upper-right corner of the DRAC 5 Web-based interface window, click Log Out to close the session.
- Close the browser window.
| | NOTE: The Log Out button does not appear until you log in. |
| | NOTE: Closing the browser without gracefully logging out causes the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session remains active until the session timeout is reached. |
| | NOTE: Closing the DRAC 5 Web-based interface within Microsoft Internet Explorer using the close button ("x") at the top right corner of the window may generate an application error. To fix this issue, download the latest Cumulative Security Update for Internet Explorer from the Microsoft Support website, at support.microsoft.com. |
Enabling and Configuring the Managed System to Use a Serial or Telnet Console
The following subsections provide information about how to enable and configure a serial/telnet/ssh console on the managed system.
Using the connect com2 Serial Command
When using the connect com2 serial command, ensure that the following are configured properly:
- The Serial Communication→ Serial Port setting in the BIOS Setup program.
- The DRAC configuration settings.
When a telnet session is established to the DRAC 5 and these settings are incorrect, connect com2 may display a blank screen.
Configuring the BIOS Setup Program for a Serial Connection on the Managed System
Perform the following steps to configure your BIOS Setup program to redirect output to a serial port.
| | NOTE: You must configure the System Setup program in conjunction with the connect com2 command. |
<F2> = System Setup
- Scroll down and select Serial Communication by pressing <Enter>.
- Set the Serial Communication screen as follows:
External Serial Connector — Remote Access Device
Redirection After Boot — Disabled
Using the Remote Access Serial Interface
When establishing a serial connection to the RAC device, the following interfaces are available:
- IPMI serial interface. See "Using the IPMI Remote Access Serial Interface."
- RAC serial interface
RAC Serial Interface
RAC also supports a serial console interface (or RAC Serial Console) that provides a RAC CLI, which is not defined by IPMI. If your system includes a RAC card with Serial Console enabled, the RAC card will override the IPMI serial settings and display the RAC CLI serial interface.
To enable the RAC serial terminal interface, set the cfgSerialConsoleEnable property to 1 (TRUE).
For example:
racadm config -g cfgSerial -o cfgSerialConsoleEnable 1
See "cfgSerialConsoleEnable (Read/Write)" for more information.
Table 4-1 provides the serial interface settings.
Table 4-1. Serial Interface Settings
| IPMI Mode | RAC Serial Console | Interface |
|---|---|---|
Configuring Linux for Serial Console Redirection During Boot
The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes would be necessary if you use a different boot loader.
| | NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled. |
Edit the /etc/grub.conf file as follows:
serial --unit=1 --speed=57600
terminal --timeout=10 serial
kernel ............. console=ttyS1,57600
Table 4-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure.
Table 4-2. Sample File: /etc/grub.conf
When you edit the /etc/grub.conf file, use the following guidelines:
- Disable GRUB's graphical interface and use the text-based interface; otherwise, the GRUB screen will not be displayed in RAC console redirection. To disable the graphical interface, comment out the line starting with splashimage.
- To enable multiple GRUB options to start console sessions through the RAC serial connection, add the following line to all options:
console=ttyS1,57600
Table 4-2 shows console=ttyS1,57600 added to only the first option.
Enabling Login to the Console After Boot
Edit the file /etc/inittab as follows:
Add a new line to configure agetty on the COM2 serial port:
co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi
Table 4-3 shows a sample file with the new line.
Table 4-3. Sample File: /etc/innitab
Edit the file /etc/securetty as follows:
Add a new line with the name of the serial tty for COM2:
ttyS1
Table 4-4 shows a sample file with the new line.
Table 4-4. Sample File: /etc/securetty
| vc/1 |
Enabling the DRAC 5 Serial/Telnet/SSH Console
The serial/telnet/ssh console can be enabled locally or remotely.
Enabling the Serial/Telnet/SSH Console Locally
| | NOTE: You (the current user) must have Configure DRAC 5 permission in order to perform the steps in this section. |
To enable the serial/telnet/ssh console from the managed system, type the following local RACADM commands from a command prompt:
racadm config -g cfgSerial -o cfgSerialConsoleEnable 1
racadm config -g cfgSerial -o cfgSerialTelnetEnable 1
racadm config -g cfgSerial -o cfgSerialSshEnable 1
Enabling the Serial/Telnet/SSH Console Remotely
To enable the serial/telnet/ssh console remotely, type the following remote RACADM commands from a command prompt:
racadm -u <username> -p <password> -r <DRAC 5 IP address> config -g cfgSerial -o cfgSerialConsoleEnable 1
racadm -u <username> -p <password> -r <DRAC 5 IP address> config -g cfgSerial -o cfgSerialTelnetEnable 1
racadm -u <username> -p <password> -r <DRAC 5 IP address> config -g cfgSerial -o cfgSerialSshEnable 1
| | NOTE: When you use Internet Explorer version 6 SP2 or version 7 to log into a managed system on a private network, but without access to the Internet, you may experience a delay of up to 30 seconds while using remote RACADM commands. |
Using the RACADM Command to Configure the Settings for the Serial and Telnet Console
This subsection provides steps to configure the default configuration settings for serial/telnet/ssh console redirection.
To configure the settings, type the RACADM config command with the appropriate group, property, and property value(s) for the setting that you want to configure.
You can type RACADM commands locally or remotely. When using RACADM commands remotely, you must include the user name, password, and managed system DRAC 5 IP address.
Using RACADM Locally
To type RACADM commands locally, type the following command from a command prompt on the managed system:
racadm config -g <group> -o <property> <value>
To view a list of properties, type the following command from a command prompt on the managed system:
racadm getconfig -g <group>
Using RACADM Remotely
To use RACADM commands remotely, type the following command from a command prompt on a management station:
racadm -u <username> -p <password> -r <DRAC 5 IP address> config -g <group> -o <property> <value>
Ensure that your web server is configured with a DRAC 5 card before you use RACADM remotely. Otherwise, RACADM times out and the following message appears:
Unable to connect to RAC at specified IP address.
To enable your web server using Secure Shell (SSH), telnet or local RACADM, type the following command from a command prompt on a management station:
racadm config -g cfgRacTuning -o cfgRacTuneWebServerEnable 1
Displaying Configuration Settings
Table 4-5 provides the actions and related commands to display your configuration settings. To run the commands, open a command prompt on the managed system, type the command, and press <Enter>.
Table 4-5. Displaying Configuration Settings
Configuring the Telnet Port Number
Type the following command to change the telnet port number on the DRAC 5.
racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort <new port number>
Using a Serial or Telnet Console
You can run the serial commands in Table 4-19 remotely using RACADM or from the serial/telnet/ssh console command prompt.
Logging in to the DRAC 5
After you have configured your management station terminal emulator software and managed node BIOS, perform the following steps to log into the DRAC 5:
- Connect to the DRAC 5 using your management station terminal emulation software.
- Type your DRAC 5 user name and press <Enter>.
You are logged into the DRAC 5.
Starting a Text Console
After you have logged into the DRAC 5 through your management station terminal software with telnet or SSH, you can redirect the managed system text console by using connect com2, which is a telnet/SSH command. Only one connect com2 client is supported at a time.
To connect to the managed system text console, open a DRAC 5 command prompt (displayed through a telnet or SSH session) and type:
connect com2
From a serial session, you can connect to the managed system's serial console by pressing <Esc><Shift><Q>, which connects the managed system's serial port directly to the servers' COM2 port and bypasses the DRAC 5. To reconnect the DRAC 5 to the serial port, press <Esc><Shift><9>. The managed node COM2 port and the DRAC 5 serial port baud rates must be identical.
The connect -h com2 command displays the contents of the serial history buffer before waiting for input from the keyboard or new characters from the serial port.
| | NOTE: When using the -h option, the client and server terminal emulation type (ANSI or VT100) must be identical; otherwise, the output may be garbled. Additionally, set the client terminal row to 25. |
The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command:
racadm config -g cfgSerial -o cfgSerialHistorySize <number>
Configuring Serial and Terminal Modes
Configuring IPMI and RAC Serial
- Expand the System tree and click Remote Access.
- Click the Configuration tab and then click Serial.
- Configure the IPMI serial settings.
See Table 4-6 for description of the IPMI serial settings.
See Table 4-7 for description of the RAC serial settings.
- Click Apply Changes.
- Click the appropriate Serial Configuration page button to continue. See Table 4-8 for description of the serial configuration page settings.
Table 4-6. IPMI Serial Settings
| Setting | Description |
|---|---|
| Sets the data speed rate. Select 9600 bps, 19.2 kbps, 57.6 kbps, or 115.2 kbps. | |
Table 4-7. RAC Serial Settings
Table 4-8. Serial Configuration Page Settings
| Button | Description |
|---|---|
Configuring Terminal Mode
- Expand the System tree and click Remote Access.
- Click the Configuration tab and then click Serial.
- In the Serial Configuration page, click Terminal Mode Settings.
- Configure the terminal mode settings.
See Table 4-9 for description of the terminal mode settings.
- Click Apply Changes.
- Click the appropriate Terminal Mode Settings page button to continue. See Table 4-10 for description of the terminal mode settings page buttons.
Table 4-9. Terminal Mode Settings
| Setting | Description |
|---|---|
Table 4-10. Terminal Mode Settings Page Buttons
| Button | Description |
|---|---|
Connecting to the Managed System Through the Local Serial Port or Telnet Management Station (Client System)
The managed system provides access between the DRAC 5 and the serial port on your system to enable you to power on, power off, or reset the managed system, and access logs.
The serial console is available on the DRAC 5 through the managed system external serial connector. Only one serial client system (management station) may be active at any given time. The telnet and SSH consoles are available on the DRAC 5 through the DRAC modes (see "DRAC Modes"). Up to four telnet client systems and four SSH clients may connect at any given time. The management station connection to the managed system serial or telnet console requires management station terminal emulation software. See "Configuring the Management Station Terminal Emulation Software" for more information.
The following subsections explain how to connect your management station to the managed system using the following methods:
- A managed system external serial port using terminal software and a DB-9 or a null modem cable
- A telnet connection using terminal software through the managed system DRAC 5 NIC or the shared, teamed NIC
Connecting the DB-9 or Null Modem Cable for the Serial Console
To access the managed system using a serial text console, connect a DB-9 null modem cable to the COM port on the managed system. Not all DB-9 cables carry the pinout/signals necessary for this connection. The DB-9 cable for this connection must conform to the specification shown in Table 4-11.
| | NOTE: The DB-9 cable can also be used for BIOS text console redirection. |
Table 4-11. Required Pinout for DB-9 Null Modem Cable
| Signal Name | DB-9 Pin (server pin) | DB-9 Pin (workstation pin) |
|---|---|---|
Configuring the Management Station Terminal Emulation Software
Your DRAC 5 supports a serial or telnet text console from a management station running one of the following types of terminal emulation software:
- Linux Minicom in an Xterm
- Hilgraeve's HyperTerminal Private Edition (version 6.3)
- Linux Telnet in an Xterm
- Microsoft® Telnet
Perform the steps in the following subsections to configure your type of terminal software. If you are using Microsoft Telnet, configuration is not required.
Configuring Linux Minicom for Serial Console Emulation
Minicom is the serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings for Serial Console Emulation" to configure other versions of Minicom.
Configuring Minicom Version 2.0 for Serial Console Emulation
| | NOTE: To ensure that the text displays properly, Dell recommends that you use an Xterm window to display the telnet console instead of the default console provided by the Linux installation. |
- To start a new Xterm session, type xterm & at the command prompt.
- In the Xterm window, move your mouse arrow to the lower right-hand corner of the window and resize the window to 80 x 25.
- If you do not have a Minicom configuration file, go to the next step.
If you have a Minicom configuration file, type minicom <Minicom config file name> and skip to step 17.
- At the Xterm command prompt, type minicom -s.
- Select Serial Port Setup and press <Enter>.
- Press <a> and select the appropriate serial device (for example, /dev/ttyS0).
- Press <e> and set the Bps/Par/Bits option to 57600 8N1.
- Press <f> and set Hardware Flow Control to Yes and set Software Flow Control to No.
- To exit the Serial Port Setup menu, press <Enter>.
- Select Modem and Dialing and press <Enter>.
- In the Modem Dialing and Parameter Setup menu, press <Backspace> to clear the init, reset, connect, and hangup settings so that they are blank.
- Press <Enter> to save each blank value.
- When all specified fields are clear, press <Enter> to exit the Modem Dialing and Parameter Setup menu.
- Select Save setup as config_name and press <Enter>.
- Select Exit From Minicom and press <Enter>.
- At the command shell prompt, type minicom <Minicom config file name>.
- To expand the Minicom window to 80 x 25, drag the corner of the window.
- Press <Ctrl+a>, <z>, <x> to exit Minicom.
| | NOTE: If you are using Minicom for serial text console redirection to configure the managed system BIOS, it is recommended to turn on color in Minicom. To turn on color, type the following command:minicom -c on |
Ensure that the Minicom window displays a command prompt such as [DRAC 5\root]#. When the command prompt appears, your connection is successful and you are ready to connect to the managed system console using the connect serial command.
Required Minicom Settings for Serial Console Emulation
Use Table 4-12 to configure any version of Minicom.
Table 4-12. Minicom Settings for Serial Console Emulation
| Setting Description | Required Setting |
|---|---|
| Clear the init, reset, connect, and hangup settings so that they are blank | |
Configuring HyperTerminal for Serial Console Redirection
HyperTerminal is the Microsoft Windows serial port access utility. To set the size of your console screen appropriately, use Hilgraeve's HyperTerminal Private Edition version 6.3.
To configure HyperTerminal for serial console redirection:
- Start the HyperTerminal program.
- Type a name for the new connection and click OK.
- Next to Connect using:, select the COM port on the management station (for example, COM2) to which you have connected the DB-9 null modem cable and click OK.
- Configure the COM port settings as shown in Table 4-13.
- Click OK.
- Click File → Properties, and then click the Settings tab.
- Set the Telnet terminal ID: to ANSI.
- Click Terminal Setup and set Screen Rows to 26.
- Set Columns to 80 and click OK.
Table 4-13. Management Station COM Port Settings
| Setting Description | Required Setting |
The HyperTerminal window displays a command prompt such as [DRAC 5\root]#. When the command prompt appears, your connection is successful and you are ready to connect to the managed system console using the connect com2 serial command.
Configuring Linux XTerm for Telnet Console Redirection
Use the following guidelines when performing the steps in this section:
- When you are using the connect com2 command through a telnet console to display the System Setup screens, set the terminal type to ANSI in System Setup and for the telnet session.
- To ensure that the text is properly displayed, Dell recommends that you use an Xterm window to display the telnet console instead of the default console provided by the Linux installation.
To run telnet with Linux:
At the command prompt, type xterm &
- Click on the lower right-hand corner of the XTerm window and resize the window to 80 x 25.
- Connect to the DRAC 5 in the managed system.
At the Xterm prompt, type telnet <DRAC 5 IP address>
Enabling Microsoft Telnet for Telnet Console Redirection
| | NOTE: Some telnet clients on Microsoft operating systems may not display the BIOS setup screen correctly when BIOS console redirection is set for VT100 emulation. If this issue occurs, update the display by changing BIOS console redirection to ANSI mode. To perform this procedure in the BIOS setup menu, select Console Redirection → Remote Terminal Type → ANSI. |
Open a command prompt, type the following, and press <Enter>:
telnet <IP address>:<port number>
where IP address is the IP address for the DRAC 5 and port number is the telnet port number (if you are using a new port).
Configuring the Backspace Key For Your Telnet Session
Depending on the telnet client, using the <Backspace> key may produce unexpected results. For example, the session may echo ^h. However, most Microsoft and Linux telnet clients can be configured to use the <Backspace> key.
To configure Microsoft telnet clients to use the <Backspace> key:
telnet
If you are running a telnet session, press <Ctrl><]>.
set bsasdel
The following message appears:
Backspace will be sent as delete.
To configure a Linux telnet session to use the <Backspace> key:
stty erase ^h
telnet
Using a Serial or Telnet Console
Serial and telnet commands, and RACADM CLI can be typed in a serial or telnet console and executed on the server locally or remotely. The local RACADM CLI is installed for use by a root user only.
Running Telnet Using Windows XP or Windows 2003
If your management station is running Windows XP or Windows 2003, you may experience an issue with the characters in a DRAC 5 telnet session.This issue may occur as a frozen login where the return key does not respond and the password prompt does not appear.
To fix this issue, download hotfix 824810 from the Microsoft Support website at support.microsoft.com. See Microsoft Knowledge Base article 824810 for more information.
Running Telnet Using Windows 2000
If your management station is running Windows 2000, you cannot access BIOS setup by pressing the <F2> key. To fix this issue, use the telnet client supplied with the Windows Services for UNIX® 3.5—a recommended free download from Microsoft. Go to www.microsoft.com/downloads/ and search for "Windows Services for UNIX 3.5."
Using the Secure Shell (SSH)
It is critical that your system's devices and device management are secure. Embedded connected devices are the core of many business processes. If these devices are compromised, your business may be at risk, which requires new security demands for command line interface (CLI) device management software.
Secure Shell (SSH) is a command line session that includes the same capabilities as a telnet session, but with improved security. The DRAC 5 supports SSH version 2 with password authentication. SSH is enabled on the DRAC 5 when you install or update your DRAC 5 firmware.
You can use either PuTTY or OpenSSH on the management station to connect to the managed system's DRAC 5. When an error occurs during the login procedure, the secure shell client issues an error message. The message text is dependent on the client and is not controlled by the DRAC 5.
| | NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command prompt does not result in full functionality (that is, some keys do not respond and no graphics are displayed). |
Only four SSH sessions are supported at any given time. The session time-out is controlled by the cfgSsnMgtSshIdleTimeout property as described in the "DRAC 5 Property Database Group and Object Definitions."
To enable the SSH on the DRAC 5, type:
racadm config -g cfgSerial -o cfgSerialSshEnable 1
To change the SSH port, type:
racadm config -g cfgRacTuning -o cfgRacTuneSshPort <port number>
For more information on cfgSerialSshEnable and cfgRacTuneSshPort properties, see "DRAC 5 Property Database Group and Object Definitions."
The DRAC 5 SSH implementation supports multiple cryptography schemes, as shown in Table 4-14.
Table 4-14. Cryptography Schemes
| Scheme Type | Scheme |
|---|---|
| Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification | |
| | NOTE: SSHv1 is not supported. |
Configuring the DRAC 5 Network Settings
 | NOTICE: Changing your DRAC 5 Network settings may disconnect your current network connection. |
Configure the DRAC 5 network settings using one of the following tools:
- Web-based Interface — See "Configuring the DRAC 5 NIC"
- RACADM CLI — See "cfgLanNetworking"
- Dell Remote Access Configuration Utility — See "Configuring Your System to Use a DRAC 5"
| | NOTE: If you are deploying the DRAC 5 in a Linux environment, see "Installing RACADM". |
Accessing the DRAC 5 Through a Network
After you configure the DRAC 5, you can remotely access the managed system using one of the following interfaces:
Table 4-15 describes each DRAC 5 interface.
| | NOTE: The DRAC 5 default user name is root and the default password is calvin. |
You can access the DRAC 5 Web-based interface through the DRAC 5 NIC by using a supported Web browser, or through Server Administrator or IT Assistant.
For a list of supported Web browsers, see the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com.
To access the DRAC 5 remote access interface using Server Administrator, launch Server Administrator. From the system tree on the left pane of the Server Administrator home page, click System→ Main System Chassis→ Remote Access Controller. For more information, see your Server Administrator User's Guide.
Configuring the DRAC 5 NIC
Configuring the Network and IPMI LAN Settings
| | NOTE: You must have Configure DRAC 5 permission to perform the following steps. |
| | NOTE: Most DHCP servers require a server to store a client identifier token in its reservations table. The client (DRAC 5, for example) must provide this token during DHCP negotiation. For RACs, the DRAC 5 supplies the client identifier option using a one-byte interface number (0) followed by a six-byte MAC address. |
| | NOTE: If your managed system DRAC is configured in Shared or Shared with Failover mode and the DRAC is connected to a switch with Spanning Tree Protocol (STP) enabled, network clients will experience a 20-30 second delay in connectivity when the management station's LOM link state changes during the STP convergence. |
- In the System tree, click Remote Access.
- Click the Configuration tab and then click Network.
- In the Network Configuration page, configure the DRAC 5 NIC settings.
Table 4-16 and Table 4-17 describes the Network Settings and IPMI Settings on the Network Configuration page.
- When completed, click Apply Changes.
- Click the appropriate Network Configuration page button to continue. See Table 4-18.
Table 4-18. Network Configuration Page Buttons
See "Configuring the Network Security Settings Using the DRAC 5 GUI" for more information.
Using RACADM Remotely
| | NOTE: Configure the IP address on your DRAC 5 before using the racadm remote capability. For more information about setting up your DRAC 5 and a list of related documents, see "Basic Installation of the DRAC 5". |
RACADM provides a remote capability option (-r) that allows you to connect to the managed system and execute racadm subcommands from a remote console or management station. To use the remote capability, you need a valid user name (-u option) and password (-p option), and the DRAC 5 IP address.
| | NOTE: If the system from where you are accessing the remote system does not have a DRAC certificate in its default certificate store, a message is displayed when you type a racadm command. |
Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name
Continuing execution. Use –S option for racadm to stop the execution on certificate-related errors.
racadm continues to execute the command. However, if you use the –S option, racadm stops executing the command and displays the following message:
Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name
Racadm not continuing execution of the command.
EORROR: Unable to connect to RAC at specified IP address
| | NOTE: The racadm remote capability is supported only on management stations. For more information, see the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com for more information. |
| | NOTE: When using the racadm remote capability, you must have write permissions on the folders where you are using the racadm subcommands involving file operations, for example: |
racadm getconfig -f <file name>
or
racadm sslcertupload -t 1 -f c:\cert\cert.txt subcommands
RACADM Synopsis
racadm -r <RAC IP Address> -u <username> -p <password> <subcommand> <subcommand options>
racadm -i -r <RAC IP Address> <subcommand> <subcommand options>
For example:
racadm -r 192.168.0.120 -u root -p calvin getsysinfo
racadm -i -r 192.168.0.120 getsysinfo
If the HTTPS port number of the RAC has been changed to a custom port other than the default port (443), the following syntax must be used:
racadm -r <RAC IP Address>:<port> -u <username> -p <password> <subcommand> <subcommand options>
racadm -i -r <RAC IP Address>:<port> <subcommand> <subcommand options>
RACADM Options
Table 4-19 lists the options for the racadm command.
Table 4-19. racadm Command Options
Enabling and Disabling the racadm Remote Capability
| | NOTE: It is recommended that you run these commands on your local system. |
The racadm remote capability is enabled by default. If disabled, type the following racadm command to enable:
racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1
To disable the remote capability, type:
racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0
RACADM Subcommands
Table 4-20 provides a description of each racadm subcommand that you can run in RACADM. For a detailed listing of racadm subcommands including syntax and valid entries, see "RACADM Subcommand Overview."
When entering a RACADM subcommand, prefix the command with racadm. For example:
racadm help
Table 4-20. RACADM Subcommands
| Command | Description |
|---|---|
| help <subcommand> | |
| Displays the contents of the ARP table. ARP table entries may not be added or deleted. | |
| Clears the DRAC 5 log. A single entry is made to indicate the user and time that the log was cleared. | |
| Verifies that the destination IP address is reachable from the DRAC 5 with the current routing-table contents. | |
| Displays the DRAC 5 trace log. If used with -i, the command displays the number of entries in the DRAC 5 trace log. | |
| Uploads a CA certificate or server certificate to the DRAC 5. | |
| Forces the DRAC 5 to send a test e-mail over the DRAC 5 NIC to check the e-mail configuration. | |
| Forces the DRAC 5 to send a test SNMP trap over the DRAC 5 NIC to check the trap configuration. | |
Frequently Asked Questions About RACADM Error Messages
After performing a DRAC 5 reset (using the racadm racreset command), I issue a command and the following message is displayed:
racadm <command name> Transport: ERROR: (RC=-1)
What does this message mean?
You must wait until the DRAC 5 completes the reset before issuing another command.
When I use the racadm commands and subcommands, I get errors that I don't understand.
You may encounter one or more of the following errors when using the racadm commands and subcommands:
- Local racadm error messages — Problems such as syntax, typographical errors, and incorrect names.
- Remote racadm error messages—Problems such as incorrect IP Address, incorrect username, or incorrect password.
When I ping the DRAC IP address from my system and then switch my DRAC 5 card between Dedicated and Shared modes during the ping response, I do not receive a response.
Clear the ARP table on your system.
Configuring Multiple DRAC 5 Cards
Using RACADM, you can configure one or more DRAC 5 cards with identical properties. When you query a specific DRAC 5 card using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information. By exporting the file to one or more DRAC 5 cards, you can configure your controllers with identical properties in a minimal amount of time.
| | NOTE: Some configuration files contain unique DRAC 5 information (such as the static IP address) that must be modified before you export the file to other DRAC 5 cards. |
To configure multiple DRAC 5 cards, perform the following procedures:
| | NOTE: The generated .cfg file does not contain user passwords. |
Open a command prompt and type:
racadm getconfig -f myfile.cfg
| | NOTE: Redirecting the RAC configuration to a file using getconfig -f is only supported with the local and remote RACADM interfaces. |
- Modify the configuration file using a simple text editor (optional).
- Use the new configuration file to modify a target RAC.
In the command prompt, type:
racadm config -f myfile.cfg
In the command prompt, type:
racadm reset
The getconfig -f racadm.cfg subcommand requests the DRAC 5 configuration and generates the racadm.cfg file. If required, you can configure the file with another name.
You can use the getconfig command to enable you to perform the following actions:
- Display all configuration properties in a group (specified by group name and index)
- Display all configuration properties for a user by user name
The config subcommand loads the information into other DRAC 5s. Use config to synchronize the user and password database with Server Administrator
The initial configuration file, racadm.cfg, is named by the user. In the following example, the configuration file is named myfile.cfg. To create this file, type the following at the command prompt:
racadm getconfig -f myfile.cfg
| | NOTICE: It is recommended that you edit this file with a simple text editor. The racadm utility uses an ASCII text parser. Any formatting confuses the parser, which may corrupt the racadm database. |
Creating a DRAC 5 Configuration File
The DRAC 5 configuration file <filename>.cfg is used with the racadm config -f <filename>.cfg command. You can use the configuration file to build a configuration file (similar to an .ini file) and configure the DRAC 5 from this file. You may use any file name, and the file does not require a .cfg extension (although it is referred to by that extension name in this subsection).
The .cfg file can be:
- Created
- Obtained from a racadm getconfig -f <filename>.cfg command
- Obtained from a racadm getconfig -f <filename>.cfg command, and then edited
| | NOTE: See "getconfig" for information about the getconfig command. |
The .cfg file is first parsed to verify that valid group and object names are present and that some simple syntax rules are being followed. Errors are flagged with the line number that detected the error, and a simple message explains the problem. The entire file is parsed for correctness, and all errors are displayed. Write commands are not transmitted to the DRAC 5 if an error is found in the .cfg file. The user must correct all errors before any configuration can take place. The -c option may be used in the config subcommand, which verifies syntax only and does not perform a write operation to the DRAC 5.
Use the following guidelines when you create a .cfg file:
- If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes.
The parser reads in all of the indexes from the DRAC 5 for that group. Any objects within that group are simple modifications when the DRAC 5 is configured. If a modified object represents a new index, the index is created on the DRAC 5 during configuration.
Indexes may be created and deleted, so over time the group may become fragmented with used and unused indexes. If an index is present, it is modified. If an index is not present, the first available index is used. This method allows flexibility when adding indexed entries where you do not need to make exact index matches between all the RACs being managed. New users are added to the first available index. A .cfg file that parses and runs correctly on one DRAC 5 may not run correctly on another if all indexes are full and you must add a new user.
Use the racresetcfg subcommand to reset the DRAC 5 to original defaults, and then run the racadm config -f <filename>.cfg command. Ensure that the .cfg file includes all required objects, users, indexes, and other parameters.
| | NOTICE: Use the racresetcfg subcommand to reset the database and the DRAC 5 NIC settings to the original default settings and remove all users and user configurations. While the root user is available, other users' settings are also reset to the default settings. |
Parsing Rules
A comment line must start in column one. A '#' character in any other column is treated as a '#' character.
Some modem parameters may include # characters in its string. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f <filename>.cfg command, and then perform a racadm config -f <filename>.cfg command to a different DRAC 5, without adding escape characters.
Example:
#
# This is a comment
[cfgUserAdmin]
cfgUserAdminPageModemInitString=<Modem init # not a comment>
The starting "[" character denoting a group name must start in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in "DRAC 5 Property Database Group and Object Definitions."
The following example displays a group name, object, and the object's property value.
Example:
[cfgLanNetworking] -{group name}
cfgNicIpAddress=143.154.133.121 {object name}
- All parameters are specified as "object=value" pairs with no white space between the object, =, or value.
White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for example, a second '=', or a '#', '[', ']', and so forth). These characters are valid modem chat script characters.
See the example in the previous bullet.
You cannot specify which index is used. If the index already exists, it is either used or the new entry is created in the first available index for that group.
The racadm getconfig -f <filename>.cfg command places a comment in front of index objects, allowing the user to see the included comments.
| | NOTE: You may create an indexed group manually using the following command: racadm config -g <groupName> -o <anchored object> -i <index 1-16> <unique anchor name> |
You must remove an indexed object manually using the following command:
racadm config -g <groupName> -o <objectName> -i <index 1-16> ""
| | NOTE: A NULL string (identified by two "" characters) directs the DRAC 5 to delete the index for the specified group. |
To view the contents of an indexed group, use the following command:
racadm getconfig -g <groupName> -i <index 1-16>
- For indexed groups the object anchor must be the first object after the "[ ]" pair. The following are examples of the current indexed groups:
[cfgUserAdmin]
cfgUserAdminUserName=<USER_NAME>
If you type racadm getconfig -f <myexample>.cfg, the command builds a .cfg file for the current DRAC 5 configuration. This configuration file can be used as an example and as a starting point for your unique .cfg file.
Modifying the DRAC 5 IP Address
When you modify the DRAC 5 IP address in the configuration file, remove all unnecessary <variable>=value entries. Only the actual variable group's label with "[" and "]" remains, including the two<variable>=value entries pertaining to the IP address change.
For example:
#
# Object Group "cfgLanNetworking"
#
[cfgLanNetworking]
cfgNicIpAddress=10.35.10.110
cfgNicGateway=10.35.10.1
This file will be updated as follows:
#
# Object Group "cfgLanNetworking"
#
[cfgLanNetworking]
cfgNicIpAddress=10.35.9.143
# comment, the rest of this line is ignored
cfgNicGateway=10.35.9.1
The command racadm config -f myfile.cfg parses the file and identifies any errors by line number. A correct file will update the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update.
Use this file to download company-wide changes or to configure new systems over the network.
| | NOTE: "Anchor" is an internal term and should not be used in the file. |
Configuring DRAC 5 Network Properties
To generate a list of available network properties, type the following:
racadm getconfig -g cfgLanNetworking
To use DHCP to obtain an IP address, use the following command to write the object cfgNicUseDhcp and enable this feature:
racadm config -g cfgLanNetworking -o cfgNicUseDHCP 1
The commands provide the same configuration functionality as the option ROM at boot-up when you are prompted to type <Ctrl><e>. For more information about configuring network properties with the option ROM, see "Configuring DRAC 5 Network Properties."
The following is an example of how the command may be used to configure desired LAN network properties.
racadm config -g cfgLanNetworking -o cfgNicEnable 1
racadm config -g cfgLanNetworking -o cfgNicIpAddress 192.168.0.120
racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0
racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120
racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5
racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.6
racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1
racadm config -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002
racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN
| | NOTE: If cfgNicEnable is set to 0, the DRAC 5 LAN is disabled even if DHCP is enabled. |
DRAC Modes
The DRAC 5 can be configured in one of three modes:
Table 4-21 provides a description of each mode.
Table 4-21. DRAC 5 NIC Configurations
Frequently Asked Questions
When accessing the DRAC 5 Web-based interface, I get a security warning stating the hostname of the SSL certificate does not match the hostname of the DRAC 5.
The DRAC 5 includes a default DRAC 5 server certificate to ensure network security for the Web-based interface and remote racadm features. When this certificate is used, the Web browser displays a security warning because the default certificate is issued to DRAC 5 default certificate which does not match the host name of the DRAC 5 (for example, the IP address).
To address this security concern, upload a DRAC 5 server certificate issued to the IP address of the DRAC 5. When generating the certificate signing request (CSR) to be used for issuing the certificate, ensure that the common name (CN) of the CSR matches the IP address of the DRAC 5 (for example, 192.168.0.120) or the registered DNS DRAC name.
To ensure that the CSR matches the registered DNS DRAC name:
- In the System tree, click Remote Access.
- Click the Configuration tab and then click Network.
- In the Network Settings page:
- Click Apply Changes.
See "Securing DRAC 5 Communications Using SSL and Digital Certificates" for more information about generating CSRs and issuing certificates.
Why are the remote racadm and Web-based services unavailable after a property change?
It may take a while for the remote RACADM services and the Web-based interface to become available after the DRAC 5 Web server resets.
The DRAC 5 Web server is reset after the following occurrences:
- When the network configuration or network security properties are changed using the DRAC 5 Web user interface
- When the cfgRacTuneHttpsPort property is changed (including when a config -f <config file> changes it)
- When racresetcfg is used
- When the DRAC 5 is reset
- When a new SSL server certificate is uploaded
Why doesn't my DNS server register my DRAC 5?
Some DNS servers only register names of 31 characters or fewer.
When accessing the DRAC 5 Web-based interface, I get a security warning stating the SSL certificate was issued by a certificate authority (CA) that is not trusted.
DRAC 5 includes a default DRAC 5 server certificate to ensure network security for the Web-based interface and remote racadm features. This certificate was not issued by a trusted CA. To address this security concern, upload a DRAC 5 server certificate issued by a trusted CA (for example, Thawte or Verisign). See "Securing DRAC 5 Communications Using SSL and Digital Certificates" for more information about issuing certificates.
扫一扫
5823
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
