sudo without password

Add the following line at the end of /etc/sudoers (just after “#includedir /etc/sudoers.d”):

username ALL=(ALL) NOPASSWD: ALL

In my case:

#includedir /etc/sudoers.d
jonas ALL=(ALL) NOPASSWD: ALL

Check swap on Ubuntu

jonas@yggdrasil:~$ sudo swapon --show
NAME      TYPE       SIZE USED PRIO
/dev/dm-2 partition 11.9G   0B   -1
jonas@yggdrasil:~$

jonas@yggdrasil:~$ sudo free -m
              total        used        free      shared  buff/cache   available
Mem:          11925        9240         911         305        1773        2110
Swap:         12195           0       12195
jonas@yggdrasil:~$ 

Wipe USB drive in Linux by overwriting with random data

Handy way to wipe a USB drive in Linux using dd and /dev/urandom:

jonas@yggdrasil:~$ sudo dd if=/dev/urandom of=/dev/sdc bs=4k
dd: error writing '/dev/sdc': No space left on device
15163393+0 records in
15163392+0 records out
62109253632 bytes (62 GB, 58 GiB) copied, 2227.1 s, 27.9 MB/s

Of course, make sure /dev/sdX is the USB device you want to wipe. DD isn’t being referred to as the “Disk Destroyer” for nothing 🙂

iDRAC password-less login – iDRAC certificate login

Summary

Enabling certificate login on iDRAC makes it possible to run commands quickly and across many servers. It can be extremely useful in many cases. This post will show how to enable certificate based login on iDRAC and how to run commands against multiple servers in sequence.

First check the users on a remote server with SSH:

 jonas@hydra:~$ ssh root@192.168.1.120
 root@192.168.1.120's password:
 /admin1-> racadm
 racadm>>get idrac.users
racadm get idrac.users
iDRAC.Users.1 [Key=iDRAC.Embedded.1#Users.1]
iDRAC.Users.2 [Key=iDRAC.Embedded.1#Users.2]
iDRAC.Users.3 [Key=iDRAC.Embedded.1#Users.3]
iDRAC.Users.4 [Key=iDRAC.Embedded.1#Users.4]
iDRAC.Users.5 [Key=iDRAC.Embedded.1#Users.5]
iDRAC.Users.6 [Key=iDRAC.Embedded.1#Users.6]
iDRAC.Users.7 [Key=iDRAC.Embedded.1#Users.7]
iDRAC.Users.8 [Key=iDRAC.Embedded.1#Users.8]
iDRAC.Users.9 [Key=iDRAC.Embedded.1#Users.9]
iDRAC.Users.10 [Key=iDRAC.Embedded.1#Users.10]
iDRAC.Users.11 [Key=iDRAC.Embedded.1#Users.11]
iDRAC.Users.12 [Key=iDRAC.Embedded.1#Users.12]
iDRAC.Users.13 [Key=iDRAC.Embedded.1#Users.13]
iDRAC.Users.14 [Key=iDRAC.Embedded.1#Users.14]
iDRAC.Users.15 [Key=iDRAC.Embedded.1#Users.15]
iDRAC.Users.16 [Key=iDRAC.Embedded.1#Users.16]

Let’s use “User10” for this example:

 racadm>>get iDRAC.Users.10
 racadm get iDRAC.Users.10
 [Key=iDRAC.Embedded.1#Users.10]
 Enable=Disabled
 IpmiLanPrivilege=15
 MD5v3Key=
 !!Password=******** (Write-Only)
 Privilege=0x0
 SHA1v3Key=
 SHA256Password=
 SHA256PasswordSalt=
 SNMPv3AuthenticationType=SHA
 SNMPv3Enable=Disabled
 SNMPv3PrivacyType=AES
 SolEnable=Disabled
 UserName=

Update the username, password and privilege:

 racadm>>set iDRAC.Users.10.UserName jonas
 racadm set iDRAC.Users.10.UserName jonas
 [Key=iDRAC.Embedded.1#Users.10]
 Object value modified successfully

racadm>>set iDRAC.Users.10.Password calvin
 racadm set iDRAC.Users.10.Password calvin
 [Key=iDRAC.Embedded.1#Users.10]
 Object value modified successfully

racadm>>set iDRAC.Users.10.Privilege 0x1ff
 racadm set iDRAC.Users.10.Privilege 0x1ff
 [Key=iDRAC.Embedded.1#Users.10]
 Object value modified successfully

racadm>>set iDRAC.Users.10.IpmiLanPrivilege 4
 racadm set iDRAC.Users.10.IpmiLanPrivilege 4
 [Key=iDRAC.Embedded.1#Users.10]
 Object value modified successfully

racadm>>set iDRAC.Users.10.Enable enabled
 racadm set iDRAC.Users.10.Enable enabled
 [Key=iDRAC.Embedded.1#Users.10]
 Object value modified successfully

racadm>>exit

/admin1-> exit
 CLP Session terminated
 Connection to 192.168.1.120 closed.
 jonas@hydra:~$

If no key is available, generate it:

 jonas@hydra:~$ ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/jonas/.ssh/id_rsa):
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /home/jonas/.ssh/id_rsa.
 Your public key has been saved in /home/jonas/.ssh/id_rsa.pub.
 The key fingerprint is:
 43:15:av:24:2f:55:c5:5c:y5:v2:75:3e:ad:fa:f0:eb jonas@hydra
 The key's randomart image is:
 +--[ RSA 2048]----+
 | |
 | |
 | |
 | o . |
 | + S . |
 | o + o |
 | . o o + . |
 |+.o .o . |
 |=o ..=B. |
 +-----------------+
 jonas@hydra:~$

Check the key:

jonas@hydra:~$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAASBAASdfjsgdfnsryserhbnsfgjkdTFXNFTSDtjdRTYjsdrwsrthjsTGJsdRJGKdRTjsrtjksidHMdFgjdNsfgbCFjkdfghikdMddndRTYjdmdyikdr+EYFFTM8et+UH7uHPlC6PwWNJWn147gmN16o6JJBXzEt1MSI5Tz659lOhVO8sNomP7aV3onCS59ioED3ctdD7N4YYomVnkqHxu2SpI7B1SrXXmCi3iwY3Q3TXaYBgRc7IOG7j3P9UgNHcJ3OgFn+qcps9Dq1pXIeWDSEFwCI19T8nOjsZxLCN/DmphuwEG7J6f+q+xqhQ9t0rLwZGCmcCEi9eSnvQSjOtLwHUIJJu7RzS95PAW3qmTwem2YbtHT jonas@hydra
jonas@hydra:~$

Push the key to the iDRAC:

 jonas@hydra:~$ ssh jonas@192.168.1.120 "racadm sshpkauth -i 10 -k 1 -t 'ssh-rsa AAASBAASdfjsgdfnsryserhbnsfgjkdTFXNFTSDtjdRTYjsdrwsrthjsTGJsdRJGKdRTjsrtjksidHMdFgjdNsfgbCFjkdfghikdMddndRTYjdmdyikdr+EYFFTM8et+UH7uHPlC6PwWNJWn147gmN16o6JJBXzEt1MSI5Tz659lOhVO8sNomP7aV3onCS59ioED3ctdD7N4YYomVnkqHxu2SpI7B1SrXXmCi3iwY3Q3TXaYBgRc7IOG7j3P9UgNHcJ3OgFn+qcps9Dq1pXIeWDSEFwCI19T8nOjsZxLCN/DmphuwEG7J6f+q+xqhQ9t0rLwZGCmcCEi9eSnvQSjOtLwHUIJJu7RzS95PAW3qmTwem2YbtHT jonas@hydra'"
 jonas@192.168.1.120's password:
 PK SSH Authentication operation completed successfully.
 jonas@hydra:~$
 jonas@hydra:~$

Verify that the key is installed correctly on the iDRAC:

 jonas@hydra:~$ ssh jonas@192.168.1.120 "racadm sshpkauth -v -i 10 -k all"
 --- User 10 ---

Key 1 : ssh-rsa AAASBAASdfjsgdfnsryserhbnsfgjkdTFXNFTSDtjdRTYjsdrwsrthjsTGJsdRJGKdRTjsrtjksidHMdFgjdNsfgbCFjkdfghikdMddndRTYjdmdyikdr+EYFFTM8et+UH7uHPlC6PwWNJWn147gmN16o6JJBXzEt1MSI5Tz659lOhVO8sNomP7aV3onCS59ioED3ctdD7N4YYomVnkqHxu2SpI7B1SrXXmCi3iwY3Q3TXaYBgRc7IOG7j3P9UgNHcJ3OgFn+qcps9Dq1pXIeWDSEFwCI19T8nOjsZxLCN/DmphuwEG7J6f+q+xqhQ9t0rLwZGCmcCEi9eSnvQSjOtLwHUIJJu7RzS95PAW3qmTwem2YbtHT jonas@hydra

Key 2 :

Key 3 :

Key 4 :

That’s all

Let’s try running a few commands against servers with our key installed:

jonas@hydra:~$ for i in {131..134}; do echo -n "Server number: $i: "; ssh 192.168.1.$i "racadm serveraction powerstatus"; done
 Server number: 131: Server power status: ON
 Server number: 132: Server power status: ON
 Server number: 133: Server power status: ON
 Server number: 134: Server power status: ON
 jonas@hydra:~$
 jonas@hydra:~$ for i in {1..4}; do echo -n "Server number: $i: "; ssh 192.168.1.17$i "racadm storage get vdisks"; done
 Server number: 1: Disk.Virtual.0:RAID.Integrated.1-1
 Server number: 2: Disk.Virtual.0:RAID.Integrated.1-1
 Server number: 3: Disk.Virtual.0:RAID.Integrated.1-1
 Server number: 4: Disk.Virtual.0:RAID.Integrated.1-1
 jonas@hydra:~$

All works well. Enjoy your iDRAC automation powers!

Redfish tutorial videos for beginners

I recently made a collection of videos for people to get started with Redfish on iDRAC using either PowerShell or Python. Hopefully they’ll be helpful for those starting out with the Redfish API on Dell EMC servers (or in general).

For scripts, please refer to the Dell EMC Github page here:

https://github.com/dell/iDRAC-Redfish-Scripting

 

Redfish with Python: Getting started with the environment

Redfish with Python: Basic scripts

Redfish with Python: Modifying server settings with SCP (Server Configuration Profiles)

 

Redfish with PowerShell: Setting up the environment

Redfish with PowerShell: Modifying server settings

Redfish with PowerShell: Modifying server settings with SCP (Server Configuration Profiles)