Dell Drac 5 User Manual

							Advanced Configuration of the DRAC 581
3Use the new configuration file to modify a target RAC.
In the command prompt, type:
racadm config -f myfile.cfg
4
Reset the target RAC that was configured.
In the command prompt, type:
racadm reset
The getconfig -f racadm.cfg subcommand requests the DRAC 5 
configuration and generates the racadm.cfg file. If required, you can 
configure the file with another name. 
You can use the getconfig command to enable you to perform the following 
actions:
 Display all configuration properties in a group (specified by group name 
and index)
 Display all configuration properties for a user by user name
The config subcommand loads the information into other DRAC 5s. Use config 
to synchronize the user and password database with Server Administrator
The initial configuration file, racadm.cfg, is named by the user. In the 
following example, the configuration file is named myfile.cfg. To create this 
file, type the following at the command prompt:
racadm getconfig -f myfile.cfg
 NOTICE: It is recommended that you edit this file with a simple text editor. The 
racadm utility uses an ASCII text parser. Any formatting confuses the parser, which 
may corrupt the racadm database.
Creating a DRAC 5 Configuration File
The DRAC 5 configuration file .cfg is used with the racadm 
config -f 
.cfg command. You can use the configuration 
file to build a configuration file (similar to an .ini file) and configure the 
DRAC 5 from this file. You may use any file name, and the file does not 
require a .cfg extension (although it is referred to by that extension name in 
this subsection).  
						

							82Advanced Configuration of the DRAC 5
The .cfg file can be:

 Obtained from a 
racadm getconfig -f .cfg 
command
 Obtained from a r
acadm getconfig -f .cfg 
command, and then edited
 NOTE: See getconfig for information about the getconfig command.
The .cfg file is first parsed to verify that valid group and object names are 
present and that some simple syntax rules are being followed. Errors are 
flagged with the line number that detected the error, and a simple message 
explains the problem. The entire file is parsed for correctness, and all errors 
are displayed. Write commands are not transmitted to the DRAC 5 if an error 
is found in the .cfg file. The user must correct all errors before any 
configuration can take place. The 
-c option may be used in the config 
subcommand, which verifies syntax only and does not perform a write 
operation to the DRAC 5.
Use the following guidelines when you create a .cfg file:
 If the parser encounters an indexed group, it is the value of the anchored 
object that differentiates the various indexes. 
The parser reads in all of the indexes from the DRAC 5 for that group. 
Any objects within that group are simple modifications when the DRAC 5 
is configured. If a modified object represents a new index, the index is 
created on the DRAC 5 during configuration.
 You cannot specify an index of your choice in a 
.cfg file.
Indexes may be created and deleted, so over time the group may become 
fragmented with used and unused indexes. If an index is present, it is 
modified. If an index is not present, the first available index is used. This 
method allows flexibility when adding indexed entries where you do not 
need to make exact index matches between all the RACs being managed. 
New users are added to the first available index. A 
.cfg file that parses and 
runs correctly on one DRAC 5 may not run correctly on another if all 
indexes are full and you must add a new user. 
						

							Advanced Configuration of the DRAC 583
 Use the racresetcfg subcommand to configure all DRAC 5 cards with 
identical properties.
Use the 
racresetcfg subcommand to reset the DRAC 5 to original defaults, 
and then run the 
racadm config -f .cfg 
command. Ensure that the .cfg file includes all required objects, users, 
indexes, and other parameters.
 NOTICE: Use the racresetcfg subcommand to reset the database and the DRAC 5 
NIC settings to the original default settings and remove all users and user 
configurations. While the root user is available, other users’ settings are also reset 
to the default settings.
Parsing Rules
 All lines that start with # are treated as comments. 
A comment line 
must start in column one. A # character in any other 
column is treated as a # character.
Some modem parameters may include # characters in its string. An escape 
character is not required. You may want to generate a 
.cfg from a racadm 
getconfig -f 
.cfg command, and then perform a 
racadm config -f .cfg command to a different 
DRAC 5, without adding escape characters.
Example:
#
# This is a comment
[cfgUserAdmin]
cfgUserAdminPageModemInitString=
 All group entries must be surrounded by [ and ] characters. 
The starting 
[ character denoting a group name must start in column one. 
This group name 
must be specified before any of the objects in that group. 
Objects that do not include an associated group name generate an error. The 
configuration data is organized into groups as defined in DRAC 5 Property 
Database Group and Object Definitions.  
						

							84Advanced Configuration of the DRAC 5
The following example displays a group name, object, and the object’s 
property value.
Example:
[cfgLanNetworking] -{group name}
cfgNicIpAddress=143.154.133.121 {
object name}
 All parameters are specified as object=value pairs with no white space 
between the object, =, or value. 
White spaces that are included after the value are ignored. A white space 
inside a value string remains unmodified. Any character to the right of the 
= is taken as is (for example, a second =, or a #, [, ], and so forth). 
These characters are valid modem chat script characters. 
See the example in the previous bullet.

.cfg parser ignores an index object entry.
Yo u  
cannot specify which index is used. If the index already exists, it is 
either used or the new entry is created in the first available index for that 
group.
The 
racadm getconfig -f .cfg command places a 
comment in front of index objects, allowing the user to see the included 
comments.
 NOTE: You may create an indexed group manually using the following command: 
racadm config -g  -o  
-i  
 The line for an indexed group cannot be deleted from a .cfg file. 
You must remove an indexed object manually using the following 
command:
racadm config -g  -o  -i 
<
index 1-16>  
 NOTE: A NULL string (identified by two  characters) directs the DRAC 5 to delete 
the index for the specified group.
To view the contents of an indexed group, use the following command:
racadm getconfig -g  -i  
						

							Advanced Configuration of the DRAC 585
 For indexed groups the object anchor must be the first object after the [ ] 
pair. The following are examples of the current indexed groups:
[cfgUserAdmin]
cfgUserAdminUserName=<
USER_NAME>
If you type racadm getconfig -f .cfg, the 
command builds a 
.cfg file for the current DRAC 5 configuration. This 
configuration file can be used as an example and as a starting point for 
your unique 
.cfg file.
Modifying the DRAC 5 IP Address
When you modify the DRAC 5 IP address in the configuration file, remove 
all unnecessary =value entries. Only the actual variable group’s 
label with [ and ] remains, including the two =value entries 
pertaining to the IP address change.
For example:
#
#   Object Group cfgLanNetworking
#
[cfgLanNetworking]
cfgNicIpAddress=10.35.10.110
cfgNicGateway=10.35.10.1
This file will be updated as follows:
#
#   Object Group cfgLanNetworking
#
[cfgLanNetworking]
cfgNicIpAddress=10.35.9.143
# comment, the rest of this line is ignored
cfgNicGateway=10.35.9.1 
						

							86Advanced Configuration of the DRAC 5
The command racadm config -f myfile.cfg parses the file and identifies any 
errors by line number. A correct file will update the proper entries. 
Additionally, you can use the same getconfig command from the previous 
example to confirm the update.
Use this file to download company-wide changes or to configure new systems 
over the network.
 NOTE: Anchor is an internal term and should not be used in the file. 
Configuring DRAC 5 Network Properties
To generate a list of available network properties, type the following: 
racadm getconfig -g cfgLanNetworking
To use DHCP to obtain an IP address, use the following command to write 
the object cfgNicUseDhcp and enable this feature:
racadm config -g cfgLanNetworking -o cfgNicUseDHCP 1
The commands provide the same configuration functionality as the option 
ROM at boot-up when you are prompted to type . For more 
information about configuring network properties with the option ROM, 
see Configuring DRAC 5 Network Properties.
The following is an example of how the command may be used to configure 
desired LAN network properties.
racadm config -g cfgLanNetworking -o cfgNicEnable 1
racadm config -g cfgLanNetworking -o cfgNicIpAddress 
192.168.0.120
racadm config -g cfgLanNetworking -o cfgNicNetmask 
255.255.255.0
racadm config -g cfgLanNetworking -o cfgNicGateway 
192.168.0.120
racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0
racadm config -g cfgLanNetworking -o 
cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1 
192.168.0.5 
						

							Advanced Configuration of the DRAC 587
racadm config -g cfgLanNetworking -o cfgDNSServer2 
192.168.0.6
racadm config -g cfgLanNetworking -o 
cfgDNSRegisterRac 1
racadm config -g cfgLanNetworking -o cfgDNSRacName 
RAC-EK00002
racadm config -g cfgLanNetworking -o 
cfgDNSDomainNameFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSDomainName 
MYDOMAIN
 NOTE: If cfgNicEnable is set to 0, the DRAC 5 LAN is disabled even if DHCP is 
enabled.
DRAC Modes
The DRAC 5 can be configured in one of three modes:
 Dedicated
 Shared
 Shared with failover
Table 4-21 provides a description of each mode.
Table 4-21. DRAC 5 NIC Configurations
Mode Description
Dedicated The DRAC uses its own NIC (RJ-45 connector) and the BMC 
MAC address for network traffic.
Shared The DRAC uses Broadcom LOM1 on the planar.
Shared with 
failoverThe DRAC uses Broadcom LOM1 and LOM2 as a team for 
failover. The team uses the BMC MAC address. 
						

							88Advanced Configuration of the DRAC 5
Frequently Asked Questions
When accessing the DRAC 5 Web-based interface, I get a security warning 
stating the hostname of the SSL certificate does not match the hostname of 
the DRAC 5.
The DRAC 5 includes a default DRAC 5 server certificate to ensure network 
security for the Web-based interface and remote racadm features. When this 
certificate is used, the Web browser displays a security warning because the 
default certificate is issued to DRAC 5 default certificate which does not 
match the host name of the DRAC 5 (for example, the IP address). 
To address this security concern, upload a DRAC 5 server certificate issued to 
the IP address of the DRAC 5. When generating the certificate signing 
request (CSR) to be used for issuing the certificate, ensure that the common 
name (CN) of the CSR matches the IP address of the DRAC 5 (for example, 
192.168.0.120) or the registered DNS DRAC name.
To ensure that the CSR matches the registered DNS DRAC name:
1
In the System tree, click Remote Access.
2Click the Configuration tab and then click Network.
3In the Network Settings page:
aSelect the Register DRAC on DNS check box.
bIn the DNS DRAC Name field, enter the DRAC name.
4Click Apply Changes.
See Securing DRAC 5 Communications Using SSL and Digital Certificates 
for more information about generating CSRs and issuing certificates.
Why are the remote racadm and Web-based services unavailable after a 
property change?
It may take a while for the remote RACADM services and the Web-based 
interface to become available after the DRAC 5 Web server resets.
The DRAC 5 Web server is reset after the following occurrences:
 When the network configuration or network security properties are 
changed using the DRAC 5 Web user interface
 When the 
cfgRacTuneHttpsPort property is changed (including when a 
config 
-f  changes it) 
						

							Advanced Configuration of the DRAC 589
racresetcfg is used
 When the DRAC 5 is reset
 When a new SSL server certificate is uploaded
Why doesn’t my DNS server register my DRAC 5?
Some DNS servers only register names of 31 characters or fewer.
When accessing the DRAC 5 Web-based interface, I get a security warning 
stating the SSL certificate was issued by a certificate authority (CA) that is 
not trusted.
DRAC 5 includes a default DRAC 5 server certificate to ensure network 
security for the Web-based interface and remote racadm features. This 
certificate was not issued by a trusted CA. To address this security concern, 
upload a DRAC 5 server certificate issued by a trusted CA (for example, 
Thawte or Verisign). See Securing DRAC 5 Communications Using SSL and 
Digital Certificates for more information about issuing certificates. 
						

							90Advanced Configuration of the DRAC 5