Changeset View
Changeset View
Standalone View
Standalone View
sysadm/deployment/idrac.rst
- This file was added.
.. _idrac: | |||||
iDRAC | |||||
===== | |||||
.. admonition:: Intended audience | |||||
:class: important | |||||
sysadm staff members | |||||
The **integrated Dell Remote Access Controller** is the remote console that's to control | |||||
servers (e.g DELL, ...). | |||||
We currently have :ref:`5 iDRACs <network_configuration>`: | |||||
* banco | |||||
* beaubourg | |||||
* hypervisor3 | |||||
* orsay | |||||
* uffizi | |||||
These instructions are not really vendor-specific and can also be useful for generic | |||||
IPMI access or even other kinds of out-of-band management system implementations. | |||||
.. _connection_how_to: | |||||
Connection how to | |||||
----------------- | |||||
You will need to install the following packages on your local machine: | |||||
* `sshuttle <https://tracker.debian.org/pkg/sshuttle>`_ | |||||
* `icedtea-8-plugin <https://tracker.debian.org/pkg/icedtea-web>`_ | |||||
On debian like machines: | |||||
.. code:: | |||||
apt install sshuttle icedtea-8-plugin | |||||
sshuttle | |||||
~~~~~~~~ | |||||
sshuttle uses firewall rules to redirect traffic to a set of ip addresses via a SSH | |||||
tunnel. | |||||
By default, you can run sshuttle as your own user. This will forward all TCP packets to | |||||
any hosts through the tunnel. | |||||
To be able to use UDP (e.g. for the IPMI SoL), you need to run sshuttle as root with the | |||||
tproxy method. | |||||
This needs some `specific routing setup | |||||
<https://sshuttle.readthedocs.io/en/stable/tproxy.html>`_ to work; for instance, in | |||||
``/etc/network/interfaces``: | |||||
.. code:: | |||||
#!This!file!describes!the!network!interfaces!available!on!your!system`` | |||||
#!and!how!to!activate!them.!For!more!information,!see!interfaces(5).`` | |||||
source!/etc/network/interfaces.d/*`` | |||||
#!The!loopback!network!interface`` | |||||
auto!lo`` | |||||
iface!lo!inet!loopback`` | |||||
!!!!up!ip!route!add!local!default!dev!lo!table!100`` | |||||
!!!!up!ip!rule!add!fwmark!1!lookup!100`` | |||||
!!!!up!ip!-6!route!add!local!default!dev!lo!table!100`` | |||||
!!!!up!ip!-6!rule!add!fwmark!1!lookup!100`` | |||||
ardumont: oops, "y a du bruit" | |||||
anlambertUnsubmitted Not Done Inline Actionslooks related to the trailings `` anlambert: looks related to the trailings `` | |||||
ardumontAuthorUnsubmitted Done Inline Actionsyes, it's not that visible in the actual local page i have. ardumont: yes, it's not that visible in the actual local page i have.
i've fixed it, i'll push an update. | |||||
Once this is setup and the marked packets are properly routed, sshuttle's tproxy method | |||||
can do its work: | |||||
.. code:: | |||||
$!ssh-add!.ssh/id_ed25519.inria!!#!or!whatever!your!ssh!key!is | |||||
$!sudo!SSH_AUTH_SOCK="$SSH_AUTH_SOCK"!sshuttle!--python!python3!\ | |||||
--method!tproxy \ | |||||
-r!${username}@sesi-ssh.inria.fr!128.93.162.142!128.93.134.0/27`` | |||||
In general | |||||
~~~~~~~~~~ | |||||
Look up the hostname of the management interface you want to access in the `inventory | |||||
Not Done Inline ActionsWDYT to move this in the Management network section? vsellier: WDYT to move this in the Management network section? | |||||
Done Inline Actionsif the idea is put this doc in /network-architecture/ instead of /deployment as this ardumont: if the idea is put this doc in /network-architecture/ instead of /deployment as this
diff does. | |||||
Not Done Inline ActionsIt was more to put this around line 100. vsellier: It was more to put this around line 100.
Sorry if It was not clear :) | |||||
Done Inline Actionsoh yeah, simpler ;) Thanks for the hint. ardumont: oh yeah, simpler ;)
fine with me, i'll do that tomorrow ;)
Thanks for the hint. | |||||
<https://inventory.internal.softwareheritage.org/ipam/prefixes/9/ip-addresses/>`_. | |||||
Authentication | |||||
-------------- | |||||
Usernames and passwords for logging in are in the :ref:`credentials storage | |||||
<how_to_manage_creds_store>`, under ``infra/HOSTNAME/idrac`` | |||||
If not found, check the default DELL or Supermicro/IPMI credentials which are under | |||||
``infra/idrac/{dell,supermicro-ipmi}``. | |||||
.. _management_network: | |||||
Management network | |||||
------------------ | |||||
The machines hosted in the main Software Heritage bay at Rocquencourt use the | |||||
128.93.134.0/27 network. | |||||
The first usable IP address is **128.93.134.1** and the last one **128.93.134.29**. | |||||
**128.93.134.30** is a gateway. | |||||
.. _connect_to_the_serial_console: | |||||
Connect to the serial console | |||||
----------------------------- | |||||
The console can be unavailable on the webui on servers with an expired license. The | |||||
serial console can still be used. Example: | |||||
:: | |||||
ipmitool -I lanplus -H swh-es3-adm.inria.fr -U root -P sol activate | |||||
NOTE: This command is available on the ``ipmitool`` package. |
oops, "y a du bruit"