RMU build Gen-1.5: IV. Best Practices - E. Enable Remote Access to Servers Console

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: D. Update Firmware on SuperMicro Nodes

E. Enable Remote Access to Servers Console (Recommended)

These processes are dependent on the Dell OpenManage Enterprise (OME) installation.

Allow iDRACs To Be Browsable Through Teleport

1. Select Devices in the top navigation bar
2. Select the Checkbox towards the middle of the screen and then check Across all pages to select all your nodes
   • 
3. Select the More Actions drop down and then select RACADM CLI
   • 
4. In the Arguments box, enter set idrac.webserver.HostHeaderCheck 0
   • 
5. Ensure that Selected devices includes all your nodes
6. Select Finish
   • 
7. Select Monitor in the top navigation bar and then select Jobs.
   • 
8. Find the Remote command line job and select it
   • 
9. Select View Details
   • 
10. You will see each of your nodes, feel free to select one and you should see more details for that specific node on the right side of the screen.
    • 
    • 

.

Add Teleport Entries For BMC/iDRAC access

1. (No longer needed for the idrac.sh script) On the MaaS server, in a shell (access via Teleport MaaS SSH access as user admin), configure the maas command:

   sudo apt install jq -Y
   
   sudo maas apikey --username dfnadmin
   stuff:stuff:stuff
   
   maas login maas http://localhost:5240/MAAS
   API key (leave empty for anonymous access):  <enter the api key above>
   

2. Rename the /etc/teleport.yaml file to /etc/teleport.yaml-base :

   sudo mv /etc/teleport.yaml /etc/teleport.yaml-base
   

3. Copy the following into a file called idrac.sh on the MaaS server:

   #! /usr/bin/env bash
   
   # Start with the base /etc/teleport.yaml file and add
   # the iDRAC device entries to it.
   
   if [ -r /etc/teleport.yaml-base ] ; then
     cp /etc/teleport.yaml-base /etc/teleport.yaml
   else
     echo "/etc/teleport.yaml-base not found.  Aborting."
     exit 1
   fi
   
   # Add a comment at the end of the base configuration to
   # indicate where the automagic script configuration starts.
   echo "### Automation added below ###" >> /etc/teleport.yaml
   
   echo "Finding iDRAC devices..."
   
   # Only pull out the DHCP Dynamic Range (from MaaS)
   grep '10.10.100.[56789][0-9]' /var/log/syslog | grep DHCPACK |
   
   while read a a a a a a a IP a a NAME stuff
   do
     echo "$NAME $IP"
   done |
   
   # Get rid of the duplicates
   sort -u |
   
   # Walk the list of NAME/IP and clean up the values
   while read NAME IP
   do
     # Sanitize the NAME variable by removing the '()' and lower casing it
     NAME="$(echo $NAME | sed -e 's/[()]//g' | tr [:upper:] [:lower:])"
     echo "$NAME $IP"
   done |
   
   # Add the host to the /etc/teleport.yaml
   while read NAME IP
   do
     echo "Adding ${NAME} to /etc/teleport.yaml ..."
     tee -a /etc/teleport.yaml <<EOF
     - name: ${NAME}-idrac
       uri: https://${IP}:443
       #public_addr: ""
       public_addr: "${NAME}-idrac.teleport.<dc>.dfinity.network"
       insecure_skip_verify: true
       rewrite:
         headers:
         - "Host: ${NAME}-idrac.teleport.<dc>.dfinity.network"
         - "Origin: https://${NAME}-idrac.teleport.<dc>.dfinity.network"
       labels:
         dc: "<dc>"
         type: "bmc"
   EOF
   done
   

4. Modify the <dc> to match your location code, save, and run via:

   chmod +x ./idrac.sh
   sudo ./idrac.sh
   

5. It may run for a few moments, and then you are ready to reload the teleport server:

   sudo systemctl reload teleport
   

6. Within a few minutes, you should see all of your iDRAC devices appear in your main teleport Web UI

Continue to next section: F. Enable GUI Access to OPNsense devices

Go to the index of the Gen-1.5 RMU build runbook.