Changeset View
Changeset View
Standalone View
Standalone View
sysadm/deployment/idrac.rst
- This file was added.
| .. _idrac: | |||||
| iDRAC | |||||
| ===== | |||||
| .. admonition:: Intended audience | |||||
| :class: important | |||||
| sysadm staff members | |||||
| The **integrated Dell Remote Access Controller** is the remote console that's to control | |||||
| servers (e.g DELL, ...). | |||||
| We currently have :ref:`5 iDRACs <network_configuration>`: | |||||
| * banco | |||||
| * beaubourg | |||||
| * hypervisor3 | |||||
| * orsay | |||||
| * uffizi | |||||
| These instructions are not really vendor-specific and can also be useful for generic | |||||
| IPMI access or even other kinds of out-of-band management system implementations. | |||||
| .. _connection_how_to: | |||||
| Connection how to | |||||
| ----------------- | |||||
| You will need to install the following packages on your local machine: | |||||
| * `sshuttle <https://tracker.debian.org/pkg/sshuttle>`_ | |||||
| * `icedtea-8-plugin <https://tracker.debian.org/pkg/icedtea-web>`_ | |||||
| On debian like machines: | |||||
| .. code:: | |||||
| apt install sshuttle icedtea-8-plugin | |||||
| sshuttle | |||||
| ~~~~~~~~ | |||||
| sshuttle uses firewall rules to redirect traffic to a set of ip addresses via a SSH | |||||
| tunnel. | |||||
| By default, you can run sshuttle as your own user. This will forward all TCP packets to | |||||
| any hosts through the tunnel. | |||||
| To be able to use UDP (e.g. for the IPMI SoL), you need to run sshuttle as root with the | |||||
| tproxy method. | |||||
| This needs some `specific routing setup | |||||
| <https://sshuttle.readthedocs.io/en/stable/tproxy.html>`_ to work; for instance, in | |||||
| ``/etc/network/interfaces``: | |||||
| .. code:: | |||||
| #!This!file!describes!the!network!interfaces!available!on!your!system`` | |||||
| #!and!how!to!activate!them.!For!more!information,!see!interfaces(5).`` | |||||
| source!/etc/network/interfaces.d/*`` | |||||
| #!The!loopback!network!interface`` | |||||
| auto!lo`` | |||||
| iface!lo!inet!loopback`` | |||||
| !!!!up!ip!route!add!local!default!dev!lo!table!100`` | |||||
| !!!!up!ip!rule!add!fwmark!1!lookup!100`` | |||||
| !!!!up!ip!-6!route!add!local!default!dev!lo!table!100`` | |||||
| !!!!up!ip!-6!rule!add!fwmark!1!lookup!100`` | |||||
ardumont: oops, "y a du bruit" | |||||
anlambertUnsubmitted Not Done Inline Actionslooks related to the trailings `` anlambert: looks related to the trailings `` | |||||
ardumontAuthorUnsubmitted Done Inline Actionsyes, it's not that visible in the actual local page i have. ardumont: yes, it's not that visible in the actual local page i have.
i've fixed it, i'll push an update. | |||||
| Once this is setup and the marked packets are properly routed, sshuttle's tproxy method | |||||
| can do its work: | |||||
| .. code:: | |||||
| $!ssh-add!.ssh/id_ed25519.inria!!#!or!whatever!your!ssh!key!is | |||||
| $!sudo!SSH_AUTH_SOCK="$SSH_AUTH_SOCK"!sshuttle!--python!python3!\ | |||||
| --method!tproxy \ | |||||
| -r!${username}@sesi-ssh.inria.fr!128.93.162.142!128.93.134.0/27`` | |||||
| In general | |||||
| ~~~~~~~~~~ | |||||
| Look up the hostname of the management interface you want to access in the `inventory | |||||
Not Done Inline ActionsWDYT to move this in the Management network section? vsellier: WDYT to move this in the Management network section? | |||||
Done Inline Actionsif the idea is put this doc in /network-architecture/ instead of /deployment as this ardumont: if the idea is put this doc in /network-architecture/ instead of /deployment as this
diff does. | |||||
Not Done Inline ActionsIt was more to put this around line 100. vsellier: It was more to put this around line 100.
Sorry if It was not clear :) | |||||
Done Inline Actionsoh yeah, simpler ;) Thanks for the hint. ardumont: oh yeah, simpler ;)
fine with me, i'll do that tomorrow ;)
Thanks for the hint. | |||||
| <https://inventory.internal.softwareheritage.org/ipam/prefixes/9/ip-addresses/>`_. | |||||
| Authentication | |||||
| -------------- | |||||
| Usernames and passwords for logging in are in the :ref:`credentials storage | |||||
| <how_to_manage_creds_store>`, under ``infra/HOSTNAME/idrac`` | |||||
| If not found, check the default DELL or Supermicro/IPMI credentials which are under | |||||
| ``infra/idrac/{dell,supermicro-ipmi}``. | |||||
| .. _management_network: | |||||
| Management network | |||||
| ------------------ | |||||
| The machines hosted in the main Software Heritage bay at Rocquencourt use the | |||||
| 128.93.134.0/27 network. | |||||
| The first usable IP address is **128.93.134.1** and the last one **128.93.134.29**. | |||||
| **128.93.134.30** is a gateway. | |||||
| .. _connect_to_the_serial_console: | |||||
| Connect to the serial console | |||||
| ----------------------------- | |||||
| The console can be unavailable on the webui on servers with an expired license. The | |||||
| serial console can still be used. Example: | |||||
| :: | |||||
| ipmitool -I lanplus -H swh-es3-adm.inria.fr -U root -P sol activate | |||||
| NOTE: This command is available on the ``ipmitool`` package. | |||||
oops, "y a du bruit"