Unsolved
This post is more than 5 years old
26 Posts
0
7787
racadm remote configuration
I would like to use a powershell generated config.txt that includes only config items I want to configure, and push it out to 300+ drac's.
Is there a way to do this?
I do not want to do a for loop that does racadm -r for each configuration item as in...
$DracList | Foreach ($_ in $DracList)
{
racadm -r some.fqdn -u account -p pwd set idrac.nic.vlan...
racadm -r some.fqdn -u account -p pwd set idrac.nic.DNSDomainFromDHCP...
}
DRAC binds are slow even using a local account. I have dozens of options to set on each system, and I want this to quick.
I'd rather have a config.txt that I can generate and then rapidly apply in a single bind on each drac.
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
April 10th, 2018 12:00
Hello
Please send a private message with your service tag to ensure we have all appropriate information on your system.
Thanks
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
April 10th, 2018 21:00
You can try racadm get -f and racadm set -f commands for this.
First you can download iDRAC configuration from one iDRAC to a file with below command
racadm -r iDRAC IP/FQDN -u root -p calvin get -f c:\iDracConfig.txt
Now "iDracConfig.txt" will have all iDRAC configuration. You can edit this file to make necessary configuration changes
Note : You can also make all required changes in one iDRAC and run the above command to get iDRAC configuration file with all required changes. This way errors while editing the file will be eliminated.
You can also remove some unwanted configuration from "iDracConfig.txt" file to reduce import time
Note : You need to be careful while doing this and ensure complete section including title are removed if you do not want any attributes in that section to be configured. If you want only selected attribute in a section to be configured ensure you are deleting only those attributes keeping title and required attributes.
Once you have the "iDracConfig.txt" file ready with all changes you can run below racadm command on all iDRAC to configure
racadm -r iDRAC IP/FQDN -u root -p calvin set -f c:\iDracConfig.txt
leejohnc
26 Posts
0
April 12th, 2018 10:00
As soon as I start removing sections I don't want I get this from racadm set -f
ERROR: The specified configuration file does not seem to contain valid data
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
April 13th, 2018 03:00
Can you share below details so that I can check the same
Note : Ensure you are editing the file using notepad. Do not use application like wordpad
leejohnc
26 Posts
0
April 15th, 2018 19:00
[cfgActiveDirectory]
cfgADEnable=$ADEnable
cfgADAuthTimeout=120
cfgADType=2
cfgADCertValidationEnable=1
cfgADSSOEnable=0
cfgADDcSRVLookupEnable=1
cfgADDcSRVLookupbyUserdomain=0
cfgADDcSRVLookupDomainName=$domain
cfgADGcSRVLookupEnable=1
cfgADGcRootDomain=$domain
[cfgLDAP]
cfgLdapEnable=$LDAPEnable
cfgLdapServer=$DUOLDAP
cfgLdapPort=$LDAPPort
cfgLdapBaseDN=$SearchDN
cfgLdapUserAttribute=samaccountname
cfgLdapGroupAttribute=member
cfgLdapGroupAttributeIsDN=1
cfgLdapBindDN=$LDAPUser
cfgLdapBindPassword=$DRACBindPwd
cfgLdapCertValidationEnable=1
[cfgLdapRoleGroup]
cfgLdapRoleGroupDN=$LDAPROLEGroup
cfgLdapRoleGroupPrivilege=0x000001ff
[cfgStandardSchema]
cfgSSADRoleGroupName=$PermGroup
cfgSSADRoleGroupDomain=$domain
cfgSSADRoleGroupPrivilege=0x000001ff
[cfgUserDomain]
cfgUserDomainName=$domain
[cfgLanNetworking]
cfgNicEnable=1
cfgNicIPv4Enable=1
cfgNicUseDhcp=1
cfgNicVLanEnable=0
cfgNicVLanID=1
cfgNicVLanPriority=0
cfgNicSelection=1
cfgDNSServersFromDHCP=Enabled
cfgDNSRacName=$hostname
cfgDNSDomainName=$newDRACFQDN
cfgDNSDomainNameFromDHCP=Disabled
cfgDNSRegisterRac=1
cfgNicFailoverNetwork=None
[cfgUserAdmin]
cfgUserAdminPassword=$newDracPwd
cfgUserAdminEnable=1
cfgUserAdminPrivilege=0x000001ff
cfgUserAdminIpmiLanPrivilege=4
cfgUserAdminIpmiSerialPrivilege=4
cfgUserAdminSolEnable=1
5. Try to configure awithout deleting any entries from the file and see whether that is successful
That works
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
April 16th, 2018 02:00
Can you try with below changes
[cfgActiveDirectory]
cfgADEnable=$ADEnable
cfgADAuthTimeout=120
cfgADType=2
cfgADCertValidationEnable=1
cfgADSSOEnable=0
cfgADDcSRVLookupEnable=1
cfgADDcSRVLookupbyUserdomain=0
cfgADDcSRVLookupDomainName=$domain
cfgADGcSRVLookupEnable=1
cfgADGcRootDomain=$domain
[cfgLDAP]
cfgLdapEnable=$LDAPEnable
cfgLdapServer=$DUOLDAP
cfgLdapPort=$LDAPPort
cfgLdapBaseDN=$SearchDN
cfgLdapUserAttribute=samaccountname
cfgLdapGroupAttribute=member
cfgLdapGroupAttributeIsDN=1
cfgLdapBindDN=$LDAPUser
cfgLdapBindPassword=$DRACBindPwd
cfgLdapCertValidationEnable=1
[cfgLdapRoleGroup]
# cfgLdapRoleGroupIndex=1
cfgLdapRoleGroupDN=$LDAPROLEGroup
cfgLdapRoleGroupPrivilege=0x000001ff
[cfgStandardSchema]
# cfgSSADRoleGroupIndex=1
cfgSSADRoleGroupName=$PermGroup
cfgSSADRoleGroupDomain=$domain
cfgSSADRoleGroupPrivilege=0x000001ff
[cfgUserDomain]
# cfgUserDomainIndex=1
cfgUserDomainName=$domain
[cfgLanNetworking]
cfgNicEnable=1
cfgNicIPv4Enable=1
cfgNicUseDhcp=1
cfgNicVLanEnable=0
cfgNicVLanID=1
cfgNicVLanPriority=0
cfgNicSelection=1
cfgDNSServersFromDHCP=Enabled
cfgDNSRacName=$hostname
cfgDNSDomainName=$newDRACFQDN
cfgDNSDomainNameFromDHCP=Disabled
cfgDNSRegisterRac=1
cfgNicFailoverNetwork=None
[cfgUserAdmin]
# cfgUserAdminIndex=2
cfgUserAdminPassword=$newDracPwd
cfgUserAdminEnable=1
cfgUserAdminPrivilege=0x000001ff
cfgUserAdminIpmiLanPrivilege=4
cfgUserAdminIpmiSerialPrivilege=4
cfgUserAdminSolEnable=1
Note : I assume all the varibales in the config file(E.g. $ADEnable) shown above is replaced with actual value before applying.
AD and LDAP can not be enabled same time. Only one will work at a time.
leejohnc
26 Posts
0
April 16th, 2018 05:00
ok I will try that, and yes those are variables input via a powershell gui I wrote. The admin setting up the drac can flip between straight AD auth or LDAP (also using AD) but using LDAP via a DUO proxy so the user login gets two factored.