Configuring CMC. Dell PowerEdge M1000e, Chassis Management Controller Version 6.20 For PowerEdge M1000e
Add to My manuals274 Pages
advertisement
6
Configuring CMC
CMC enables you to configure CMC properties, set up users, and set up alerts to perform remote management tasks.
Before you begin configuring the CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This
You can configure CMC using Web interface or RACADM.
NOTE: When you configure CMC for the first time, you must be logged in as root user to execute RACADM commands on a remote system. Another user can be created with privileges to configure CMC.
After setting up the CMC and performing the basic configuration, you can do the following:
• Modify the network settings if required.
• Configure interfaces to access CMC.
• Configure LED display.
• Setup Chassis Groups if required.
• Configure Servers, IOMs, or iKVM.
• Configure VLAN Settings.
• Obtain the required certificates.
• Add and configure CMC users with privileges.
• Configure and enable email alerts and SNMP traps.
• Set the power cap policy if required.
Topics:
•
Viewing and Modifying CMC Network LAN Settings
•
Configuring CMC Network and Login Security Settings
•
Configuring Virtual LAN Tag Properties for CMC
•
Federal Information Processing Standards
•
•
Configuring CMC Extended Storage Card
•
•
•
Chassis Configuration Profiles
•
Configuring Multiple CMCs through RACADM Using Chassis Configuration Profiles
•
Configuring Multiple CMCs through RACADM Using Configuration File
•
Viewing and Terminating CMC Sessions
•
Configuring Enhanced Cooling Mode for Fans
78 Configuring CMC
Related links
Viewing and Modifying CMC Network LAN Settings
Configuring CMC Network and Login Security Settings
Configuring Virtual LAN Tag Properties for CMC
Configuring LEDs to Identify Components on the Chassis
Configuring User Accounts and Privileges
Configuring CMC To Send Alerts
Configuring Multiple CMCs through RACADM Using Configuration File
Viewing and Modifying CMC Network LAN Settings
The LAN settings, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis.
If you have two CMCs (active and standby) on the chassis, and they are connected to the network, the standby CMC automatically assumes the network settings of the active CMC in the event of failover.
When IPv6 is enabled at boot time, three router solicitations are sent every four seconds. If external network switches are running the
Spanning Tree Protocol (SPT), the external switch ports may be blocked for more than twelve seconds in which the IPv6 router solicitations are sent. In such cases, there may be a period when IPv6 connectivity is limited, until router advertisements are gratuitously sent by the IPv6 routers.
NOTE: Changing the CMC network settings may disconnect your current network connection.
NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings.
Viewing and Modifying CMC Network LAN Settings Using
CMC Web Interface
To view and modify the CMC LAN network settings using CMC Web interface:
1 In the system tree, go to Chassis Overviewï€ and click Network > Network . The Network Configuration page displays the current network settings.
2 Modify the general, IPv4 or IPv6 settings as required. For more information, see the CMC Online Help .
3 Click Apply Changes for each section to apply the settings.
Viewing CMC Network LAN Settings Using RACADM
Use the command getconfig -g cfgcurrentlannetworking to view IPv4 settings.
Use the command getconfig -g cfgCurrentIPv6LanNetworking to view IPv6 settings.
To view IPv4 and IPv6 addressing information for the chassis, use getsysinfo subcommand.
Configuring CMC 79
For more information about the subcommands and objects, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM
Command Line Reference Guide .
Enabling the CMC Network Interface
To enable/disable the CMC Network Interface for both IPv4 and IPv6, type: racadm config -g cfgLanNetworking -o cfgNicEnable 1 racadm config -g cfgLanNetworking -o cfgNicEnable 0
NOTE: If you disable CMC network interface, the disable operation performs the following actions:
• Disables the network interface access to out-of-band chassis management, including iDRAC and IOM management.
• Prevents the down link status detection.
• To disable only CMC network access, disable both CMC IPv4 and CMC IPv6.
NOTE: The CMC NIC is enabled by default.
To enable/disable the CMC IPv4 addressing, type: racadm config -g cfgLanNetworking -o cfgNicIPv4Enable
1 racadm config -g cfgLanNetworking -o cfgNicIPv4Enable
0
NOTE: The CMC IPv4 addressing is enabled by default.
To enable/disable the CMC IPv6 addressing, type: racadm config -g cfgIpv6LanNetworking -o cfgIPv6Enable
1 racadm config -g cfgIpv6LanNetworking -o cfgIPv6Enable
0
NOTE: The CMC IPv6 addressing is disabled by default.
By default, for IPv4, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. You can disable the DHCP feature and specify static CMC IP address, gateway, and subnet mask.
For an IPv4 network, to disable DHCP and specify static CMC IP address, gateway, and subnet mask, type: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgNicIpAddress <static IP address> racadm config -g cfgLanNetworking -o cfgNicGateway <static gateway> racadm config -g cfgLanNetworking -o cfgNicNetmask <static subnet mask>
By default, for IPv6, the CMC requests and obtains a CMC IP address from the IPv6 Autoconfiguration mechanism automatically.
For an IPv6 network, to disable the Autoconfiguration feature and specify a static CMC IPv6 address, gateway, and prefix length, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6AutoConfig 0 racadm config -g cfgIPv6LanNetworking -o cfgIPv6Address <IPv6 address> racadm config -g cfgIPv6LanNetworking -o cfgIPv6PrefixLength 64 racadm config -g cfgIPv6LanNetworking -o cfgIPv6Gateway <IPv6 address>
80 Configuring CMC
Enabling or Disabling DHCP for the CMC Network Interface
Address
When enabled, the CMC’s DHCP for NIC address feature requests and obtains an IP address from the Dynamic Host Configuration
Protocol (DHCP) server automatically. This feature is enabled by default.
You can disable the DHCP for NIC address feature and specify a static IP address, subnet mask, and gateway. For more information, see
Setting Up Initial Access to CMC .
Enabling or Disabling DHCP for DNS IP Addresses
By default, the CMC’s DHCP for DNS address feature is disabled. When enabled, this feature obtains the primary and secondary DNS server addresses from the DHCP server. While using this feature, you do not have to configure static DNS server IP addresses.
To disable the DHCP for DNS address feature and specify static preferred and alternate DNS server addresses, type: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0
To disable the DHCP for DNS address feature for IPv6 and specify static preferred and alternate DNS server addresses, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServersFromDHCP6 0
Setting Static DNS IP addresses
NOTE: The Static DNS IP addresses settings are not valid unless the DCHP for DNS address feature is disabled.
For IPv4, to set the preferred primary and secondary DNS IP server addresses, type: racadm config -g cfgLanNetworking -o cfgDNSServer1 <IP-address> racadm config -g cfgLanNetworking -o cfgDNSServer2 <IPv4-address>
For IPv6, to set the preferred and secondary DNS IP Server addresses, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer1 <IPv6-address> racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer2 <IPv6-address>
Configuring IPv4 and IPv6 DNS Settings
• CMC Registration — To register the CMC on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1
NOTE: Some DNS servers only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit.
NOTE: The following settings are valid only if you have registered the CMC on the DNS server by setting cfgDNSRegisterRac to 1.
• CMC Name — By default, the CMC name on the DNS server is cmc-< service tag >. To change the CMC name on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRacName <name>
Configuring CMC 81
where < name > is a string of up to 63 alphanumeric characters and hyphens. For example: cmc-1, d-345.
NOTE: If a DNS Domain name is not specified, then the maximum number of characters is 63. If a domain name is specified, then the number of characters in CMC name plus the number of characters in the DNS Domain Name must be less than or equal to 63 characters.
• DNS Domain Name — The default DNS domain name is a single blank character. To set a DNS domain name, type: racadm config -g cfgLanNetworking -o cfgDNSDomainName <name> where < name > is a string of up to 254 alphanumeric characters and hyphens. For example: p45, a-tz-1, r-id-001.
Configuring Auto Negotiation, Duplex Mode, and Network
Speed for IPv4 and IPv6
When enabled, the auto negotiation feature determines whether the CMC automatically sets the duplex mode and network speed by communicating with the nearest router or switch. Auto negotiation is enabled by default.
You can disable auto negotiation and specify the duplex mode and network speed by typing: racadm config -g cfgNetTuning -o cfgNetTuningNicAutoneg 0 racadm config -g cfgNetTuning -o cfgNetTuningNicFullDuplex <duplex mode> where:
< duplex mode > is 0 (half duplex) or 1 (full duplex, default) racadm config -g cfgNetTuning -o cfgNetTuningNicSpeed <speed> where:
< speed > is 10 or 100 (default).
Setting the Maximum Transmission Unit for IPv4 and IPv6
The Maximum Transmission Unit (MTU) property allows you to set a limit for the largest packet that can be passed through the interface.
To set the MTU, type: racadm config -g cfgNetTuning -o cfgNetTuningMtu <mtu> where < mtu > is a value between 576–1500 (inclusive; default is 1500).
NOTE: IPv6 requires a minimum MTU of 1280. If IPv6 is enabled, and cfgNetTuningMtu is set to a lower value, the CMC uses an MTU of 1280.
Configuring CMC Network and Login Security
Settings
The IP address blocking and User blocking features in CMC allow you to prevent security issues due to password guessing attempts. This feature enables you to block a range of IP addresses and users who can access CMC. By deafult, the IP address blocking feature is enabled in CMC. You can set the IP range attributes using CMC Web interface or RACADM. To use the IP address blocking and user blocking features, enable the options using CMC web interface or RACADM. Configure the login lockout policy settings to enable you to set the number of unsuccessful login attempts for a specific user or for an IP address. After exceeding this limit, the blocked user can log in only after the penalty time expires.
NOTE: Blocking by IP address is applicable only for IPV4 addresses.
82 Configuring CMC
Configuring IP Range Attributes Using CMC Web Interface
NOTE: To perform the following task, you must have Chassis Configuration Administrator privilege.
To configure the IP range attributes using CMC Web interface:
1 In the system tree, go to Chassis Overview and click Network > Network . The Network Configuration page is displayed.
2 In the IPv4 Settings section, click Advanced Settings .
The Log in Security page is displayed.
Alternatively, to access the Log in Security page, in the system tree, go to Chassis Overview , click Security > Log in .
3 To enable the IP range checking feature, in the IP Range section, select the IP Range Enabled option.
The IP Range Address and IP Range Mask fields are activated.
4 In the IP Range Address and IP Range Mask fields, type the range of IP addresses and IP range masks that you want to block from accessing CMC.
For more information, see the CMC Online Help .
5 Click Apply to save your settings.
Configuring IP Range Attributes Using RACADM
You can configure the following IP Range attributes for CMC using RACADM:
• IP range checking feature
• Range of IP addresses that you want to block from accessing CMC
• IP Range Mask that you want to block from accessing CMC
IP filtering compares the IP address of an incoming login to the IP address range that is specified. A login from the incoming IP address is allowed only if both the following are identical:
• cfgRacTuneIpRangeMask bit-wise and with incoming IP address
• cfgRacTuneIpRangeMask bit-wise and with cfgRacTuneIpRangeAddr
• To enable the IP range checking feature, use the following property under cfgRacTuning group: cfgRacTuneIpRangeEnable <0/1>
• To specify the range of IP addresses that you want to block from accessing CMC, use the following property under cfgRacTuning group: cfgRacTuneIpRangeAddr
• To specify the IP Range Mask that you want to block from accessing CMC, use the following property under cfgRacTuning group: cfgRacTuneIpRangeMask
Configuring Virtual LAN Tag Properties for CMC
VLANs are used to allow multiple virtual LANs to co-exist on the same physical network cable and to segregate the network traffic for security or load management purposes. When you enable the VLAN functionality, each network packet is assigned a VLAN tag.
Configuring CMC 83
Configuring Virtual LAN Tag Properties for CMC Using Web
Interface
To configure VLAN for CMC using the CMC Web interface:
1 Go to any of the following pages:
• In the system tree, go to Chassis Overview and click Network > VLAN .
• In the system tree, go to Chassis Overview > Server Overview and click Network > VLAN .
The VLAN Tag Settings page is displayed. VLAN tags are chassis properties. They remain with the chassis even when a component is removed.
2 In the CMC section, enable VLAN for CMC, set the priority and assign the ID. For more information about the fields, see the CMC
Online Help .
3 Click Apply . The VLAN tag settings are saved.
You can also access this page from the Chassis Overview > Servers > Setup > VLAN subtab.
Configuring Virtual LAN Tag Properties for CMC Using
RACADM
1 Enable the VLAN capabilities of the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVLanEnable 1
2 Specify the VLAN ID for the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVlanID <VLAN id>
The valid values for < VLAN id > are 1– 4000 and 4021– 4094. Default is 1.
For example: racadm config -g cfgLanNetworking -o cfgNicVlanID
1
3 Then, specify the VLAN priority for the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVLanPriority <VLAN priority>
The valid values for < VLAN priority > are 0–7. Default is 0.
For example: racadm config -g cfgLanNetworking -o cfgNicVLanPriority 7
You can also specify both the VLAN ID and the VLAN priority with a single command: racadm setniccfg -v <VLAN id> <VLAN priority>
For example: racadm setniccfg -v 1 7
4 To remove the CMC VLAN, disable the VLAN capabilities of the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVLanEnable 0
84 Configuring CMC
You can also remove the CMC VLAN using the following command: racadm setniccfg -v
Federal Information Processing Standards
The agencies and contractors of the Federal government of the United States use Federal Information Processing Standards (FIPS), a computer security standard, which is related to all applications that have communicative interfaces. The 140–2 comprises of four levels —
Level 1, Level 2, Level 3, and Level 4. The FIPS 140–2 series stipulate that all communicative interfaces must have the following security properties:
• authentication
• confidentiality
• message integrity
• non-repudiation
• availability
• access control
If any of the properties depend on cryptographic algorithms, then FIPS must approve these algorithms.
By default, the FIPS mode is disabled. When FIPS is enabled, the minimum key size for OpenSSL FIPS is SSH-2 RSA 2048 bits.
NOTE: PSU firmware update is not supported when the FIPS mode is enabled in the chassis.
For more information, see CMC Online Help .
The following features/applications support FIPS.
• Web GUI
• RACADM
• WSMan
• SSH v2
• SMTP
• Kerberos
• NTP Client
• NFS
NOTE: SNMP is not FIPS-compliant. In FIPS mode, all SNMP features except Message Digest algorithm version 5 (MD5) authentication work.
Enabling FIPS Mode Using CMC Web Interface
To enable FIPS:
1 In the left pane, click Chassis Overview .
The Chassis Health page is displayed.
2 On the menu bar, click Network .
The Network Configuration page is displayed.
3 Under the Federal Information Processing Standards (FIPS) section, from the FIPS Mode drop-down menu, select Enabled .
A message is displayed that enabling FIPS resets CMC to the default settings.
4 Click OK to proceed.
Configuring CMC 85
Enabling FIPS Mode Using RACADM
.
To enable FIPS mode, run the following command: racadm config –g cfgRacTuning –o cfgRacTuneFipsModeEnable 1
Disabling FIPS Mode
To disable FIPS mode, reset CMC to the default factory settings.
Configuring Services
You can configure and enable the following services on CMC:
• CMC Serial console — Enable access to CMC using the serial console.
• Web Server — Enable access to CMC Web interface. If you disable the option, use local RACADM to re-enable the Web Server, since disabling the Web Server also disables remote RACADM.
• SSH — Enable access to CMC through firmware RACADM.
• Telnet — Enable access to CMC through firmware RACADM
• RACADM — Enable access to CMC using RACADM.
• SNMP — Enable CMC to send SNMP traps for events.
• Remote Syslog — Enable CMC to log events to a remote server.
NOTE: When modifying CMC service port numbers for SSH, Telnet, HTTP, or HTTPS, avoid using ports commonly used by OS services such as port 111. See Internet Assigned Numbers Authority (IANA) reserved ports at http://www.iana.org/assignments/ service-names-port-numbers/service-names-port-numbers.xhtml.
CMC includes a Web server that is configured to use the industry-standard SSL security protocol to accept and transfer encrypted data from and to clients over the Internet. The Web server includes a Dell self-signed SSL digital certificate (Server ID) and is responsible for accepting and responding to secure HTTP requests from clients. This service is required by the Web interface and remote RACADM CLI tool for communicating with CMC.
If the Web server resets, wait at least one minute for the services to become available again. A Web server reset usually happens as a result of any of the following events:
• Network configuration or network security properties are changed through the CMC Web user interface or RACADM.
• Web Server port configuration is changed through the Web user interface or RACADM.
• CMC is reset.
• A new SSL server certificate is uploaded.
NOTE: To modify Service settings, you must have Chassis Configuration Administrator privilege.
Remote syslog is an additional log target for CMC. After you configure the remote syslog, each new log entry generated by CMC is forwarded to the destination(s).
NOTE: Since the network transport for the forwarded log entries is UDP, there is no guaranteed delivery of log entries, nor is there any feedback to CMC whether the log entries were received successfully.
86 Configuring CMC
Configuring Services Using CMC Web Interface
To configure CMC services using CMC Web interface:
1 In the system tree, go to Chassis Overview , and then click Network > Services . The Services page is displayed.
2 Configure the following services as required:
• CMC serial console
• Web server
• SSH
• Telnet
• Remote RACADM
• SNMP
• Remote Syslog
For information about the fields, see CMC Online Help .
3 Click Apply , and then update all default time outs and maximum time out limits.
Configuring Services Using RACADM
To enable and configure the various services, use the following RACADM objects:
• cfgRacTuning
• cfgRacTuneRemoteRacadmEnable
For more information about these objects, see Chassis Management Controller for Dell PowerEdge M1000e RACADM Command Line
Reference Guide available at dell.com/support/manuals .
If the firmware on the server does not support a feature, configuring a property related to that feature displays an error. For example, using
RACADM to enable remote syslog on an unsupported iDRAC displays an error message.
Similarly, when displaying the iDRAC properties using the RACADM getconfig command, the property values are displayed as N/A for an unsupported feature on the server.
For example:
$ racadm getconfig -g cfgSessionManagement -m server-1
# cfgSsnMgtWebServerMaxSessions=N/A
# cfgSsnMgtWebServerActiveSessions=N/A
# cfgSsnMgtWebServerTimeout=N/A
# cfgSsnMgtSSHMaxSessions=N/A
# cfgSsnMgtSSHActiveSessions=N/A
# cfgSsnMgtSSHTimeout=N/A
# cfgSsnMgtTelnetMaxSessions=N/A
# cfgSsnMgtTelnetActiveSessions=N/A
# cfgSsnMgtTelnetTimeout=N/A
Configuring CMC Extended Storage Card
You can enable or repair the optional Removable Flash Media for use as an extended non-volatile storage. Some CMC features depend on extended nonvolatile storage for their operation.
Configuring CMC 87
To enable or repair the Removable Flash Media using the CMC Web interface:
1 In the System tree, go to Chassis Overview , and then click Chassis Controller > Flash Media . The Removable Flash Media page is displayed.
2 From the drop-down menu, select one of the following as required:
• Use flash media for storing chassis data
• Repair active controller media
• Begin replicating data between media
• Stop replicating data between media
• Stop using flash media for storing chassis data
For more information about these options, see the CMC Online Help .
3 Click Apply to apply the selected option.
If two CMCs are present in the chassis, both CMCs must contain flash media. CMC features which depend on flash media (except for
Flexaddress) do not function properly until the Dell-authorized media is installed and enabled on this page.
Setting Up Chassis Group
CMC enables you to monitor multiple chassis from a single lead chassis. When a Chassis Group is enabled, CMC in the lead chassis generates a graphical display of the status of the lead chassis and all member chassis within the Chassis Group.
The Chassis group features are:
• The Chassis Group page displays images portraying the front and back of each chassis, a set for the leader and a set for each member.
• Health concerns for the leader and members of a group are recognized by red or yellow overlays and an X or an ! on the component with the symptoms. Details are visible below the chassis image when you click the chassis image or Details .
• Quick Launch links are available for opening member chassis’s or server’s web pages.
• A blade and Input/Output inventory is available for a group.
• A selectable option is available to synchronize a new member’s properties to the leader’s properties when the new member is added to the group.
A Chassis Group may contain a maximum of eight members. Also, a leader or member can only participate in one group. You cannot join a chassis, either as a leader or member, that is part of a group to another group. You can delete the chassis from a group and add it later to a different group.
To set up the Chassis Group using the CMC Web interface:
1 Log in with chassis administrator privileges to the chassis planned as the leader.
2 Click Setup > Group Administration . The Chassis Group page is displayed.
3 In the Chassis Group page, under Role , select Leader . A field to add the group name is displayed.
4 Enter the group name in the Group Name field, and then click Apply .
NOTE: The same rules that apply for a domain name apply to the group name.
When the Chassis Group is created, the GUI automatically switches to the Chassis Group page. The system tree indicates the group by the Group Name and the lead chassis and the unpopulated member chassis appear in the system tree.
NOTE: Ensure that the version of the leader chassis is always the latest.
Related links
Adding Members to Chassis Group
Removing a Member from the Leader
Disabling an Individual Member at the Member Chassis
Launching a Member Chassis’s or Server’s Web page
Propagating Leader Chassis Properties to Member Chassis
88 Configuring CMC
Adding Members to Chassis Group
After the Chassis Group is setup, you can add members to the group:
1 Login with chassis administrator privileges to the leader chassis.
2 Select the Lead chassis in the tree.
3 Click Setup > Group Administration .
4 Under Group Management , enter the member’s IP address or DNS name in the Hostname/IP Address field.
NOTE: For MCM to function properly, you must use the default HTTPS port (443) on all group members and the leader chassis.
5 Enter a user name with chassis administrator privileges on the member chassis, in the Username field.
6 Enter the corresponding password in the Password field.
7 Click Apply .
8 Repeat step 4 through step 8 to add a maximum of eight members. The new members’ Chassis Names appear in the Members dialog box.
The status of the new member is displayed by selecting the Group in the tree. Details are available by clicking on the chassis image or the details button.
NOTE: The credentials entered for a member are passed securely to the member chassis, to establish a trust relationship between the member and lead chassis. The credentials are not persisted on either chassis, and are never exchanged again after the initial trust relationship is established.
Removing a Member from the Leader
You can remove a member from the group from the lead chassis. To remove a member:
1 Login with chassis administrator privileges to the leader chassis.
2 Select the Lead chassis in the tree.
3 Click Setup > Group Administration .
4 From the Remove Members list, select the member’s name or names to be deleted, and then click Apply .
The lead chassis then communicates to the member or members, if more than one is selected, that it has been removed from the group. The member name is removed. The member chassis may not receive the message, if a network issue prevents contact between the leader and the member. In this case, disable the member from the member chassis to complete the removal.
Related link
Disabling an Individual Member at the Member Chassis
Disbanding a Chassis Group
To disband a chassis group from the lead chassis:
1 Login with administrator privileges to the leader chassis.
2 Select the Lead chassis in the tree.
3 Click Setup > Group Administration .
4 In the Chassis Group page, under Role , select None , and then click Apply .
Configuring CMC 89
The lead chassis then communicates to all the members that they have been removed from the group. Finally the lead chassis discontinues its role. It can now be assigned as a member or a leader of another group.
The member chassis may not receive the message, if a network issue prevents contact between the leader and the member. In this case, disable the member from the member chassis to complete the removal.
Disabling an Individual Member at the Member Chassis
Sometimes a member cannot be removed from a group by the lead chassis. This can happen if network connectivity to the member is lost.
To remove a member from a group at the member chassis:
1 Login with chassis administrator privileges to the member chassis.
2 Click Setup > Group Administration .
3 Select None , and then click Apply .
Launching a Member Chassis’s or Server’s Web page
Links to a member chassis’s Web page, a server’s Remote Console or the server iDRAC’s Web page within the group are available through the lead chassis’s group page. You can use the same user name and password that was used to log in to the lead chassis, to log in to the member device. If the member device has the same login credentials, then no additional login is required. Otherwise, the user is directed to the member device’s login page.
To navigate to member devices:
1 Log in to the lead chassis.
2 Select Group: name in the tree.
3 If a member CMC is the required destination, select Launch CMC for the required chassis. If you try logging in to the member chassis using Launch CMC when both the leader and chassis are FIPS enabled or disabled, you are directed to the Chassis Group Health page. Else, you are directed to the Login page of the member chassis.
If a server in a chassis is the required destination: a Select the image of the destination chassis.
b In the chassis image that is displayed under the Health and Alerts pane, select the server.
c In the box labeled Quick Links , select the destination device. A new window is displayed with the destination page or login screen.
NOTE: In MCM, all the Quick Links associated with the servers are not displayed.
Propagating Leader Chassis Properties to Member Chassis
You can apply the properties from the leader to the member chassis of a group. To synchronize a member with the leader properties:
1 Login with administrator privileges to the leader chassis.
2 Select the Lead chassis in the tree.
3 Click Setup > Group Administration .
4 In the Chassis Properties Propagation section, select one of the propagation types:
• On-Change Propagation — Select this option for automatic propagation of the selected chassis property settings. The property changes are propagated to all current group members, whenever lead properties are changed.
• Manual Propagation — Select this option for manual propagation of the chassis group leader properties with its members. The lead chassis property settings are propagated to group members only when a lead chassis administrator clicks Propagate .
5 In the Propagation Properties section, select the categories of lead configuration properties to be propagated to member chassis.
90 Configuring CMC
Select only those setting categories that you want identically configured, across all members of the chassis group. For example, select
Logging and Alerting Properties category, to enable all chassis in the group to share the logging and alerting configuration settings of the lead chassis.
6 Click Save .
If On-Change Propagation is selected, the member chassis take on the properties of the leader. If Manual Propagation is selected, click Propagate whenever you want to propagate the chosen settings to member chassis. For more information on Propagation of leader chassis properties to member chassis, see the CMC Online Help .
Server Inventory for Multi Chassis Management Group
The Chassis Group Health page displays all the member chassis and allows you to save the server inventory report to a file, using standard browser download capability. The report contains data for:
• All servers currently in all the group chassis (including the leader.)
• Empty slots and extension slots (including full height and double width servers.)
Saving Server Inventory Report
To save the server inventory report using CMC Web interface:
1 In the system tree, select the Group .
The Chassis Group Health page is displayed.
2 Click Save Inventory Report .
The File Download dialog box is displayed prompting you to open or save the file.
3 Click Save and specify the path and filename for the server inventory report.
NOTE: The Chassis Group leader, member chassis, and the servers in the associated chassis, must be On to get the most accurate server inventory report.
Exported Data
The server inventory report contains data that was most recently returned by each Chassis Group member during the Chassis Group leader’s normal polling (once every 30s.)
To get the most accurate server inventory report:
• The Chassis Group leader chassis and all Chassis Group member chassis must be in Chassis Power State On .
• All servers in the associated chassis must be powered on.
The inventory data for the associated chassis and servers may be missing in inventory report, if a subset of the Chassis Group member chassis is:
• In Chassis Power State Off
• Powered off
NOTE: If a server is inserted while the chassis is powered off, the model number is not displayed anywhere in the Web interface until the chassis is powered back.
The following table lists the specific data fields and specific requirements for fields to be reported for each server:
Data Field
Chassis Name
Example
Data Center Chassis Leader
Configuring CMC 91
Chassis IP Address 192.168.0.1
Slot Location 1
Slot Name
Host Name
SLOT-01
Corporate web server
NOTE: Requires a Server Administrator agent running on the Server; otherwise shown as blank.
Operating System Microsoft Windows Server 2012, Standard x64 Edition
NOTE: Requires a Server Administrator agent running on the Server; otherwise shown as blank.
Model
Service Tag
Total System
Memory
PowerEdgeM630
1PB8VF2
4.0 GB
NOTE: Requires CMC 5.0 (or higher).
# of CPUs
CPU Info
2
NOTE: Requires CMC 5.0 (or higher).
Intel (R) Xeon (R) CPU E5–2690 [email protected] GHz
Data Format
The inventory report is generated in a .CSV file format such that it can be imported to various tools, such as Microsoft Excel. The inventory report .CSV file can be imported into the template by selecting the Data > From Text in MS Excel. After the inventory report is imported into MS Excel, and if a message is displayed prompting for additional information, select comma-delimited to import the file into MS Excel.
Chassis Group Inventory and Firmware Version
The Chassis Group Firmware Version page displays the group inventory and firmware versions of the servers and the server components in the chassis. This page also enables you to organize the inventory information and filter the firmware versions view. The displayed view is based on the servers or any of the following chassis server components:
• BIOS
• iDRAC
• CPLD
• USC
• Diagnostics
• OS Drivers
• RAID
• NIC
NOTE: The inventory information displayed for the chassis group, member chassis, servers, and server components is updated every time a chassis is added or removed from the group.
92 Configuring CMC
Viewing Chassis Group Inventory
To view the chassis group using CMC Web interface, in the system tree, select Group . Click Properties > Firmware Version . The Chassis
Group Firmware Version page displays all the chassis in the group.
Viewing Selected Chassis Inventory Using Web Interface
To view the selected chassis inventory using CMC Web interface:
1 In the system tree, select Group . click Properties > Firmware Version .
The Chassis Group Firmware Version page displays all the chassis in the group.
2 In the Select a Chassis section, select the member chassis for which you want to view the inventory.
The Firmware View Filter section displays the server inventory for the selected chassis and the firmware versions of all the server components.
Viewing Selected Server Component Firmware Versions Using
Web Interface
To view the firmware versions of selected server components using CMC Web interface:
1 In the system tree, select Group . Click Properties > Firmware Version .
The Chassis Group Firmware Version page displays all the chassis in the group.
2 In the Select a Chassis section, select the member chassis for which you want to view the inventory.
3 In the Firmware View Filter section, select Components .
4 In the Components list, select the required component- BIOS, iDRAC, CPLD, USC, Diagnostics, OS Drive, RAID devices (up to 2), and
NIC devices (up to 6), for which you want to view the firmware version.
The firmware versions of the selected component for all the servers in the selected member chassis are displayed.
NOTE: The firmware versions of USC, Diagnostics, OS Drive, RAID devices, and NIC devices of servers are not available if:
• The server belongs to the 10th generation of PowerEdge servers. These servers do not support Lifecycle Controller.
• The server belongs to the 11th generation of PowerEdge servers, but the iDRAC firmware does not support Lifecycle
Controller.
• The CMC firmware version of a member chassis is earlier to version 4.45. In this case, the components of all the servers in this chassis are not displayed, even if the servers support Lifecycle Controller.
Obtaining Certificates
The following table lists the types of certificates based on the login type.
Table 17. Types of Login and Certificate
Login Type
Single Sign-on using
Active Directory
Certificate Type
Trusted CA certificate
Smart Card login as
Active Directory user
• User certificate
• Trusted CA certificate
How to Obtain
Generate a CSR and get it signed from a Certificate Authority.
• User Certificate — Export the smart card user certificate as Base64encoded file using the card management software provided by the smart card vendor.
Configuring CMC 93
Login Type Certificate Type
Active Directory user login
Local User login
Trusted CA certificate
SSL Certificate
How to Obtain
• Trusted CA certificate — This certificate is issued by a CA.
This certificate is issued by a CA.
Generate a CSR and get it signed from a trusted CA.
NOTE: CMC ships with a default self-signed SSL server certificate.
The CMC Web server and Virtual Console use this certificate.
Related link
Secure Sockets Layer Server Certificates
Secure Sockets Layer Server Certificates
CMC includes a Web server that is configured to use the industry-standard Secure Sockets Layer (SSL) security protocol to transfer encrypted data over the Internet. Built upon public-key and private-key encryption technology, SSL is a widely accepted technique for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
SSL allows an SSL-enabled system to perform the following tasks:
• Authenticate itself to an SSL-enabled client.
• Allow the client to authenticate itself to the server.
• Allow both systems to establish an encrypted connection.
This encryption process provides a high level of data protection. CMC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America.
The CMC Web server includes a Dell self-signed SSL digital certificate (Server ID). To ensure high security over the Internet, replace the
Web server SSL certificate by submitting a request to CMC to generate a new Certificate Signing Request (CSR).
At boot time, a new self-signed certificate is generated if:
• A custom certificate is not present
• A self-signed certificate is not present
• The self-signed certificate is corrupt
• The self-signed certificate is expired (within 30 day window)
The self-signed certificate displays the common name as <cmcname.domain-name> where cmcname is the CMC host name and domainname is the domain name. If domain name is not available it displays only the Partially Qualified Domain Name (PQDN), which is the CMC host name.
Certificate Signing Request
A Certificate Signing Request (CSR) is a digital request to a certificate authority (referred to as a CA in the Web interface) for a secure server certificate. Secure server certificates ensure the identity of a remote system and ensure that information exchanged with the remote system cannot be viewed or changed by others. To ensure the security for your CMC, it is strongly recommended that you generate a CSR, submit the CSR to a certificate authority, and upload the certificate returned from the certificate authority.
A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the certificate authority receives your CSR, they review and verify the information the CSR contains. If the applicant meets the certificate authority’s security standards, the
94 Configuring CMC
certificate authority issues a certificate to the applicant that uniquely identifies that applicant for transactions over networks and on the
Internet.
After the certificate authority approves the CSR and sends you a certificate, you must upload the certificate to the CMC firmware. The
CSR information stored on the CMC firmware must match the information contained in the certificate.
NOTE: To configure SSL settings for CMC, you must have Chassis Configuration Administrator privilege.
NOTE: Any server certificate you upload must be current (not expired) and signed by a certificate authority.
Related links
Generating a New Certificate Signing Request
Generating a New Certificate Signing Request
To ensure security, it is strongly recommended that you obtain and upload a secure server certificate to CMC. Secure server certificates ensure the identity of a remote system and that information exchanged with the remote system cannot be viewed or changed by others.
Without a secure server certificate, CMC is vulnerable to access from unauthorized users.
To obtain a secure server certificate for CMC, you must submit a Certificate Signing Request (CSR) to a certificate authority of your choice. A CSR is a digital request for a signed, secure server certificate containing information about your organization and a unique, identifying key.
After generating the CSR, you are prompted to save a copy to your management station or shared network, and the unique information used to generate the CSR is stored on CMC. This information is used later to authenticate the server certificate you receive from the certificate authority. After you receive the server certificate from the certificate authority, you must then upload it to CMC.
NOTE: For CMC to accept the server certificate returned by the certificate authority, authentication information contained in the new certificate must match the information that was stored on CMC when the CSR was generated.
CAUTION: When a new CSR is generated, it overwrites any previous CSR on CMC. If a pending CSR is overwritten before its server certificate is granted from a certificate authority, CMC does not accept the server certificate because the information it uses to authenticate the certificate has been lost. Take caution when generating a CSR to prevent overwriting any pending CSR.
Generating a New Certificate Signing Request Using Web Interface
To generate a CSR using the CMC Web interface:
1 In the system tree, go to Chassis Overview , and then click Network > SSL . The SSL Main Menu is displayed.
2 Select Generate a New Certificate Signing Request (CSR) and click Next . The Generate Certificate Signing Request (CSR) page is displayed.
3 Type a value for each CSR attribute value.
4 Click Generate . A File Download dialog box appears.
5 Save the csr.txt file to your management station or shared network. (You may also open the file at this time and save it later.) You must later submit this file to a certificate authority.
Generating CSR Using RACADM
To generate a CSR, use the objects in cfgRacSecurityData group to specify the values and use the sslcsrgen command to generate the CSR. For more information, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command Line
Reference Guide available at dell.com/support/manuals .
Configuring CMC 95
Uploading Server Certificate
After generating a CSR, you can upload the signed SSL server certificate to the CMC firmware. CMC resets after the certificate is uploaded. CMC accepts only X509, Base 64 encoded Web server certificates.
CAUTION: During the certificate upload process, CMC is not available.
NOTE: If you upload a certificate and try to view it immediately, an error message is displayed indicating that the requested operation cannot be performed. This happens because the web server is in the process of restarting with the new certificate.
After the web server restarts, the certificate is uploaded successfully and you can view the new certificate. After uploading a certificate, you may experience a delay of around one minute before being able to view the uploaded certificate.
NOTE: You can upload a self-signed certificate (generated using the CSR feature) only once. Any attempt to upload the certificate a second time is not successful, as the private key is deleted after the first certificate upload.
Uploading Server Certificate Using CMC Web Interface
To upload a server certificate using the CMC Web interface:
1 In the system tree, go to Chassis Overview , and then click Network > SSL . The SSL Main Menu is displayed.
2 Select Upload Server Certificate Based on Generated CSR option and click Next .
3 Click Choose File and specify the certificate file.
4 Click Apply . If the certificate is invalid, an error message is displayed.
NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
Uploading Server Certificate Using RACADM
To upload the SSL server certificate, use the sslcertupload command. For more information, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command Line Reference Guide available at dell.com/support/manuals .
Uploading Webserver Key and Certificate
You can upload a Web server key and a server certificate for the Web server key. The server certificate is issued by the Certificate
Authority (CA).
The Web server certificate is an essential component used by the SSL encryption process. It authenticates itself to an SSL-enabled client, and allows the client to authenticate itself to the server, thereby enabling both the systems to establish an encrypted connection.
NOTE: To upload a Web server key and server certificate, you must have Chassis Configuration Administrator privileges.
Uploading Webserver Key and Certificate Using CMC Web Interface
To upload a webserver key and certificate using the CMC Web interface:
1 In the system tree, go to Chassis Overview and click Network > SSL . The SSL Main Menu is displayed.
2 Select Upload Web Key and Certificate option and click Next .
3 Specify the Private Key File and the Certificate File by clicking Choose File .
4 After both the files are uploaded, click Apply . If the Web server key and certificate do not match, an error message is displayed.
96 Configuring CMC
NOTE: Only X509, Base-64 encoded certificates are accepted by CMC. Certificates using other encoding schemes such as
DER, are not accepted. Uploading a new certificate replaces the default certificate you received with your CMC.
CMC resets and becomes temporarily unavailable after the certificate has been uploaded successfully. To avoid disconnecting other users during a reset, notify authorized users who might log into CMC and check for active sessions in the Sessions page under the
Network tab.
Uploading Webserver Key and Certificate Using RACADM
To upload SSL key from the client to iDRAC, type the following command: racadm sslkeyupload -t <type> -f <filename>
For more information, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command Line Reference Guide available at dell.com/support/manuals .
Viewing Server Certificate
You can view the SSL server certificate that is currently being used in CMC.
Viewing Server Certificate Using Web Interface
In the CMC Web interface, go to Chassis Overview > Network > SSL . Select View Server Certificate and click Next . The View Server
Certificate page displays the SSL server certificate currently in use. For more information, see CMC Online Help .
NOTE: The server certificate displays the common name as the rack name appended with the domain name, if available. Else, only the rack name is displayed.
Viewing Server Certificate Using RACADM
To view the SSL server certificate, use the sslcertview command. For more information, see the Chassis Management Controller for
Dell PowerEdge M1000e RACADM Command Line Reference Guide available at dell.com/support/manuals .
Chassis Configuration Profiles
The Chassis Configuration Profiles feature enables you to configure the chassis with the chassis configuration profiles stored in the network share or local management station, and also restore configuration of the chassis.
To access the Chassis Configuration Profiles page in the CMC web interface, in the system tree, go to Chassis Overview and click Setup
> Profiles . The Chassis Configuration Profiles page is displayed.
You can perform the following tasks by using the Chassis Configuration Profiles feature:
• Configure a chassis using chassis configuration profiles in local management station for initial configuration.
• Save the current chassis configuration settings to an XML file on the network share or local management station.
• Restore the chassis configuration.
• Import chassis profiles (XML files) to the network share from a local management station.
• Export chassis profiles (XML files) from the network share to a local management station.
• Apply, edit, delete, or export a copy of the profiles stored on the network share.
Configuring CMC 97
Saving Chassis Configuration
You can save the current chassis configuration to an XML file on a network share or local management station. The configurations include all the chassis properties that can be modified using the CMC web interface and RACADM commands. You can also use the XML file that is saved to restore the configuration on the same chassis or to configure other chassis.
NOTE: Server and iDRAC settings are not saved or restored with the chassis configuration.
To save the current chassis configuration, perform the following tasks:
1 Go to the Chassis Configuration Profiles page. In the Save and Backup > Save Current Configuration section, enter a name for the profile in the Profile Name field.
NOTE: While saving the current chassis configuration, the standard ASCII extended character set is supported. However, the following special characters are not supported:
“, ., *, >, <, \, /, :, and |
2 Select one of the following profile types from the Profile Type option:
• Replace — Includes attributes of the entire CMC configuration except write-only attributes such as user passwords and service tags. This profile type is used as a backup configuration file to restore the complete chassis configuration including identity information such as IP addresses.
• Clone — Includes all the Replace type profile attributes. The Identity attributes such as MAC address and IP address are commented out for safety reasons. This profile type is used to clone a new chassis.
3 Select one of the following locations from the Profile Location drop-down menu to store the profile:
• Local — To save the profile in the local management station.
• Network Share — To save the profile in a shared location.
4 Click Save to save the profile to the selected location.
After the action is complete, the Operation Successful message is displayed:
NOTE: To view the settings that are saved to the XML file, in the Stored Profiles section, select the saved profile and click
View in the View Profiles column.
Restoring Chassis Configuration Profile
You can restore the configuration of a chassis by importing the backup file (.xml or .bak) on the local management station or the network share to which the chassis configurations were saved. The configurations include all the properties available through the CMC web interface, RACADM commands, and settings.
To restore the chassis configuration, perform the following tasks:
1 Go to the Chassis Configuration Profiles page. In the Restore Configuration > Restore Chassis Configuration section, click Browse and select the backup file to import the saved chassis configuration.
2 Click Restore Configuration to upload an encrypted backup file (.bak) or a .xml stored profile file to the CMC.
The CMC web interface returns to the login page after a successful restore operation.
NOTE: If the backup files (.bak) of the earlier versions of CMC, are loaded on the latest version of CMC where FIPS is enabled, reconfigure all the 16 CMC local user passwords. However, the password of the first user is reset to "calvin".
NOTE: When a chassis configuration profile is imported from a CMC, which does not support the FIPS feature, to a CMC where
FIPS is enabled, the FIPS remains enabled in the CMC.
NOTE: If you change the FIPS mode in the chassis configuration profile, the DefaultCredentialMitigation is enabled.
98 Configuring CMC
Viewing Stored Chassis Configuration Profiles
To view the chassis configuration profiles stored on the network share, go to the Chassis Configuration Profiles page. In the Chassis
Configuration Profiles > Stored Profiles section, select the profile and click View in the View Profile column. The View Settings page is displayed. For more information on the displayed settings, see the CMC Online Help .
Importing Chassis Configuration Profiles
You can import chassis configuration profiles that are stored on a network share to the local management station.
To import a stored profile on a remote file share to CMC, perform the following tasks:
1 Go to the Chassis Configuration Profiles page. In the Chassis Configuration Profiles > Stored Profiles section, click Import Profile .
The Import Profile section is displayed.
2 Click Browse to access the profile from the required location and then click Import Profile .
NOTE: You can import chassis configuration profiles using RACADM. For more information, see the
Chassis Management
Controller for Dell PowerEdge M1000e RACADM Command Line Reference Guide
.
Applying Chassis Configuration Profiles
You can apply chassis configuration to the chassis if the chassis configuration profiles are available as stored profiles on the network share.
To initiate a chassis configuration operation, you can apply a stored profile to a chassis.
To apply a profile to a chassis, perform the following tasks:
1 Go to the Chassis Configuration Profiles page. In the Stored Profiles section, select the stored profile that you want to apply.
2 Click Apply Profile .
A warning message is displayed that applying a new profile overwrites the current settings and also reboots the selected chassis. You are prompted to confirm if you want to continue the operation.
3 Click OK to apply the profile to the chassis.
Exporting Chassis Configuration Profiles
You can export chassis configuration profiles that are saved on the network share to a specified path on a management station.
To export a stored profile, perform the following tasks:
1 Go to the Chassis Configuration Profiles page. In the Chassis Configuration Profiles > Stored Profiles section, select the required profile and then click Export Copy of Profile .
A File Download message is displayed prompting you to open or save the file.
2 Click Save or Open to export the profile to the required location.
Editing Chassis Configuration Profiles
You can edit chassis configuration profile name of a chassis.
To edit a chassis configuration profile name, perform the following tasks:
1 Go to the Chassis Configuration Profiles page. In the Chassis Configuration Profiles > Stored Profiles section, select the required profile and then click Edit Profile .
Configuring CMC 99
The Edit Profile window is displayed.
2 Enter a desired profile name in the Profile Name field and click Edit Profile .
Operation Successful message is displayed.
3 Click OK .
Deleting Chassis Configuration Profiles
You can delete a chassis configuration profile that is stored on the network share.
To delete a chassis configuration profile, perform the following tasks:
1 Go to the Chassis Configuration Profiles page. In the Chassis Configuration Profiles > Stored Profiles section, select the required profile and then click Delete Profile .
A warning message is displayed indicating that deleting a profile would delete the selected profile permanently.
2 Click OK to delete the selected profile.
Configuring Multiple CMCs through RACADM Using
Chassis Configuration Profiles
By using chassis configuration profiles, you can export the chassis configuration profiles as an XML file and import it to another chassis.
Use RACADM get command for export operation and set command for import operation.You can export chassis profiles (XML files) from
CMC to the network share or to a local management station and import chassis profiles (XML files) from the network share or from a local management station.
NOTE: By default, the export is done as clone type. You can use the –—clone to get the clone type profile in XML file.
The import and export operation to and from the network share can be done through local RACADM as well as remote RACADM. Whereas, the import and export operation to and from the local management can be done only through remote RACADM interface.
Exporting Chassis Configuration profiles
You can export chassis configuration profiles to network share by using the get command.
1 To export the chassis configuration profiles as clone.xml file to CIFS network share by using get command, type the following:
racadm get –f clone.xml –t xml –l //xx.xx.xx.xx/PATH –u USERNAME –p PASSWORDCMC
2 To export the chassis configuration profiles as clone.xml file to NFS network share by using get command, type the following: racadm get –f clone.xml –t xml –l xx.xx.xx.xx:/PATH
You can export chassis configuration profiles to network share through a remote RACADM interface.
1 To export the chassis configuration profiles as clone.xml file to CIFS network share, type the following: racadm –r xx.xx.xx.xx –u USERNAMECMC –p PASSWORDCMC get –f clone.xml –t xml –l //xx.xx.xx.xx/
PATH –u USERNAME –p PASSWORD
2 To export the chassis configuration profiles as clone.xml file to NFS network share, type the following: racadm –r xx.xx.xx.xx –u USERNAMECMC –p PASSWORDCMC get –f clone.xml –t xml –l xx.xx.xx.xx:/
PATH you can export chassis configuration profiles to local management station through remote RACADM interface.
1 To export the chassis configuration profiles as clone.xml file, type the following: racadm –r xx.xx.xx.xx –u USERNAMECMC –p PASSWORDCMC get –f clone.xml –t xml
100 Configuring CMC
Importing Chassis Configuration profiles
You can import chassis configuration profiles from network share to another chassis by using the set command.
1 To import the chassis configuration profiles from CIFS network share, type the following:
racadm set –f clone.xml –t xml –l //xx.xx.xx.xx/PATH –u USERNAME –p PASSWORDCMC
2 To import the chassis configuration profiles from NFS network share, type the following: racadm set –f clone.xml –t xml –l xx.xx.xx.xx:/PATH
You can import chassis configuration profiles from network share through remote RACADM interface.
1 To import the chassis configuration profiles from CIFS network share, type the following: racadm –r xx.xx.xx.xx –u USERNAMECMC –p PASSWORDCMC set –f clone.xml –t xml –l // xx.xx.xx.xx/PATH –u USERNAME –p PASSWORD
2 To import the chassis configuration profiles from NFS network share, type the following: racadm –r xx.xx.xx.xx –u USERNAMECMC –p PASSWORDCMC set –f clone.xml –t xml –l xx.xx.xx.xx:/
PATH
You can import chassis configuration profiles from local management station through remote RACADM interface.
1 To export the chassis configuration profiles as clone.xml file, type the following: racadm –r xx.xx.xx.xx –u USERNAMECMC –p PASSWORDCMC set –f clone.xml –t xml
Parsing Rules
You can manually edit properties of an exported XML file of chassis configuration profiles.
An XML file contains the following properties:
• System Configuration, which is the parent node.
• component, which is the primary child node.
• Attributes, which contains name and value. You can edit these fields. For example, you can edit the Asset Tag value as follows:
<Attribute Name="ChassisInfo.1#AssetTag">xxxxxx</Attribute>
Example of an XML file is as follows:
<SystemConfiguration Model="PowerEdge M1000e
"ServiceTag="NOBLE13"
TimeStamp="Tue Apr 7 14:17:48 2015" ExportMode="2">
<!--Export type is Replace-->
<!--Exported configuration may contain commented attributes. Attributes may be commented due to dependency, destructive nature, preserving server identity or for security reasons.-->
<Component FQDD="CMC.Integrated.1">
<Attribute Name="ChassisInfo.1#AssetTag">00000</Attribute>
<Attribute Name="ChassisLocation.1#DataCenterName"></Attribute>
<Attribute Name="ChassisLocation.1#AisleName"></Attribute>
<Attribute Name="ChassisLocation.1#RackName"></Attribute>
….
</Component>
</SystemConfiguration>
Configuring CMC 101
Configuring Multiple CMCs through RACADM Using
Configuration File
Using configuration file, you can configure one or more CMCs with identical properties through RACADM..
When you query a specific CMC card using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information. By exporting the file to one or more CMCs, you can configure your controllers with identical properties in a minimal amount of time.
NOTE: Some configuration files contain unique CMC information (such as the static IP address) that must be modified before you export the file to other CMCs.
1 Use RACADM to query the target CMC that contains the desired configuration.
NOTE: The generated configuration file is myfile.cfg. You can rename the file. The .cfg file does not contain user passwords.
When the .cfg file is uploaded to the new CMC, you must re-add all passwords.
2 Open a remote RACADM session to CMC, log in, and type: racadm getconfig -f myfile.cfg
NOTE: Redirecting the CMC configuration to a file using getconfig -f is only supported with the remote RACADM interface.
3 Modify the configuration file using a plain-text editor (optional). Any special formatting characters in the configuration file may corrupt the RACADM database.
4 Use the newly created configuration file to modify a target CMC. At the command prompt, type: racadm config -f myfile.cfg
5 Reset the target CMC that was configured. At the command prompt, type: racadm reset
The getconfig -f myfile.cfg
subcommand (step 1) requests the CMC configuration for the active CMC and generates the myfile.cfg file. If required, you can rename the file or save it to a different location.
You can use the getconfig command to perform the following actions:
• Display all configuration properties in a group (specified by group name and index)
• Display all configuration properties for a user by user name
The config subcommand loads the information into other CMCs. The Server Administrator uses the config command to synchronize the user and password database.
Related link
Creating a CMC Configuration File
Creating a CMC Configuration File
The CMC configuration file, <filename>.cfg, is used with the racadm config -f <filename>.cfg
command to create a simple text file. The command allows you to build a configuration file (similar to a .ini file) and configure the CMC from this file.
You may use any file name, and the file does not require a .cfg extension (although it is referred to by that designation in this subsection).
NOTE: For more information about the getconfig subcommand, see the
Chassis Management Controller for Dell PowerEdge
M1000e RACADM Command Line Reference Guide
.
RACADM parses the .cfg file when it is first loaded onto the CMC to verify that valid group and object names are present and that some simple syntax rules are being followed. Errors are flagged with the line number that detected the error, and a message explains the problem.
102 Configuring CMC
The entire file is parsed for correctness, and all errors display. Write commands are not transmitted to the CMC if an error is found in the .cfg file. You must correct all errors before any configuration can take place.
To check for errors before you create the configuration file, use the -c option with the config subcommand. With the -c option, config only verifies syntax and does not write to the CMC.
Follow these guidelines when you create a .cfg file:
• If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes.
The parser reads in all of the indexes from the CMC for that group. Any objects within that group are modifications when the CMC is configured. If a modified object represents a new index, the index is created on the CMC during configuration.
• You cannot specify a desired index in a .cfg file.
Indexes may be created and deleted. Over time the group may become fragmented with used and unused indexes. If an index is present, it is modified. If an index is not present, the first available index is used.
This method allows flexibility when adding indexed entries where you do not need to make exact index matches between all the CMCs being managed. New users are added to the first available index. A .cfg file that parses and runs correctly on one CMC may not run correctly on another if all indexes are full and you must add a new user.
• Use the racresetcfg subcommand to configure both CMCs with identical properties.
Use the racresetcfg subcommand to reset the CMC to original defaults, and then run the racadm config -f
<filename>.cfg
command. Ensure that the .cfg file includes all desired objects, users, indexes, and other parameters. For a complete list of objects and groups, see the database property chapter of the Chassis Management Controller for Dell PowerEdge
M1000e RACADM Command Line Reference Guide .
CAUTION: Use the racresetcfg subcommand to reset the database and the CMC Network Interface settings to the original default settings and remove all users and user configurations. While the root user is available, other users’ settings are also reset to the default settings.
• If you type racadm getconfig -f <filename> .cfg
, the command builds a .cfg file for the current CMC configuration. This configuration file can be used as an example and as a starting point for your unique .cfg file.
Related link
Parsing Rules
• Lines that start with a hash character (#) are treated as comments.
A comment line must start in column one. A "#" character in any other column is treated as a # character.
Some modem parameters may include # characters in their strings. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f <filename> .cfg
command, and then perform a racadm config -f
<filename> .cfg
command to a different CMC, without adding escape characters.
For example:
#
# This is a comment
[cfgUserAdmin] cfgUserAdminPageModemInitString= <Modem init # not a comment>
• All group entries must be surrounded by open- and close-brackets ([ and ]).
The starting [ character that denotes a group name must be in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into
Configuring CMC 103
groups as defined in the database property chapter of the Chassis Management Controller for Dell PowerEdge M1000e RACADM
Command Line Reference Guide . The following example displays a group name, object, and the object’s property value:
[cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object name}
{object value}
• All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the = (for example, a second =, a #, [, ], and so on) is taken as-is. These characters are valid modem chat script characters.
[cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object value}
• The .cfg parser ignores an index object entry.
You cannot specify which index is used. If the index already exists, it is either used or the new entry is created in the first available index for that group.
The racadm getconfig -f <filename>.cfg
command places a comment in front of index objects, allowing you to see the included comments.
NOTE: You may create an indexed group manually using the following command: racadm config -g <groupname> -o <anchored object> -i <index 1-16> <unique anchor name>
• The line for an indexed group cannot be deleted from a .cfg file. If you do delete the line with a text editor, RACADM stops when it parses the configuration file and alert you of the error.
You must remove an indexed object manually using the following command: racadm config -g <groupname> -o <objectname> -i <index 1-16> ""
NOTE: A NULL string (identified by two " characters) directs the CMC to delete the index for the specified group.
To view the contents of an indexed group, run the following command: racadm getconfig -g <groupname> -i <index 1-16>
• For indexed groups the object anchor must be the first object after the [ ] pair. The following are examples of the current indexed groups:
[cfgUserAdmin] cfgUserAdminUserName= <USER_NAME>
• When using remote RACADM to capture the configuration groups into a file, if a key property within a group is not set, the configuration group is not saved as part of the configuration file. To replicate these configuration groups on other CMCs, set the key property before executing the getconfig -f command. Alternatively, enter the missing properties into the configuration file manually after running the getconfig -f command. This is true for all the racadm indexed groups.
This is the list of the indexed groups that exhibit this behavior and their corresponding key properties:
– cfgUserAdmin — cfgUserAdminUserName
– cfgEmailAlert — cfgEmailAlertAddress
– cfgTraps — cfgTrapsAlertDestIPAddr
– cfgStandardSchema — cfgSSADRoleGroupName
– cfgServerInfo — cfgServerBmcMacAddress
Modifying the CMC IP Address
When you modify the CMC IP address in the configuration file, remove all unnecessary <variable> = <value> entries. Only the actual variable group’s label with [ and ] remains, including the two <variable> = <value> entries pertaining to the IP address change.
Example:
#
# Object Group "cfgLanNetworking"
#
104 Configuring CMC
[cfgLanNetworking] cfgNicIpAddress=192.168.2.110
cfgNicGateway=192.168.2.1
This file is updated as follows:
#
# Object Group "cfgLanNetworking"
#
[cfgLanNetworking] cfgNicIpAddress=192.168.1.143
# comment, the rest of this line is ignored cfgNicGateway=192.168.1.1
The command racadm config -f <myfile>.cfg parses the file and identifies any errors by line number. A correct file updates the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update.
Use this file to download company-wide changes or to configure new systems over the network with the command, racadm getconfig -f <myfile> .cfg
.
NOTE:
Anchor
is a reserved word and should not be used in the .cfg file.
Viewing and Terminating CMC Sessions
You can view the number of users currently logged in to iDRAC and terminate the user sessions.
NOTE: To terminate a session, you must have Chassis Configuration Administrator privilege.
Viewing and Terminating CMC Sessions Using Web Interface
To view or terminate a session using Web interface:
1 In the system tree, go to Chassis Overview and click Network > Sessions .
The Sessions page displays the session ID, username, IP address, and session type. For more information about these properties, see the CMC Online Help .
2 To terminate the session, click Terminate for a session.
Viewing and Terminating CMC Sessions Using RACADM
You must have administrator privileges to terminate CMC sessions using RACADM.
To view the current user sessions, use the getssninfo command.
To terminate a user session, use the closessn command.
For more information about these commands, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command
Line Reference Guide available at dell.com/support/manuals .
Configuring Enhanced Cooling Mode for Fans
The Enhanced Cooling Mode (ECM) feature provides additional cooling support using the third generation M1000e fans. The Enhanced
Cooling Mode (ECM) for fans is available only when all nine fan slots are populated with the new third generation M1000e fans. The new third generation M1000e fans provide:
• Superior cooling to the installed blades compared to previous M1000e fan generations, when the ECM feature is enabled.
Configuring CMC 105
• Cooling equivalent to previous generations of M1000e fans at the same power, when the ECM feature is disabled.
ECM mode is recommended for:
,
• Blade server configurations with high Thermal Design Power (TDP) processors.
• Workloads where performance is a critical.
• Systems deployed in environments where the inlet temperature exceeds 30°C [86°F].
NOTE: In the Enhanced Cooling Mode (ECM), the new generation fans provide superior cooling features when compared to current generation fans of M1000e chassis. This increased cooling is not always needed and comes at the expense of higher acoustics (where the system can sound up to 40% louder) and increased system fan power. You can enable or disable the ECM feature on the basis of cooling required for a chassis.
By default, the ECM feature is disabled on a chassis. The ECM enabling and disabling operations are recorded in the CMC logs. The ECM mode state is maintained after CMC failovers and chassis AC power cycles.
You can enable or disable the ECM feature using the CMC Web interface or the RACADM CLI interface.
Configuring Enhanced Cooling Mode for Fans Using Web
Interface
To configure Enhanced Cooling Mode (ECM) for fans using CMC Web interface:
1 In the system tree, go to Chassis Overview , and then click Fans > Setup .
The Advanced Fan Configurations page is displayed.
NOTE: If ECM is disabled and all the fans in the chassis do not support ECM, then the Setup tab to access the Advanced
Fan Configurations page is not displayed.
2 In the Fans Configuration section, from the Enhanced Cooling Mode drop-down menu select Enable or Disable .
For more information about the field descriptions, see the CMC Online Help .
NOTE:
The Enhanced Cooling Mode option is available for selection only if:
• All the fans in the chassis support ECM feature. In this case, you can enable or disable the ECM mode.
• ECM is already enabled and the fan configuration is changed to Mixed Mode or all fans do not support ECM mode. In this case, the ECM mode can be disabled, but cannot be enabled again until all fans in the chassis support ECM.
NOTE: The Enhanced Cooling Mode and the Apply options are grayed out if:
• ECM mode is already disabled and fan configuration consists of unsupported fans along with supported fans. The information section displays a message listing the fans that are incompatible with ECM feature.
• ECM mode is already disabled and Max Power Conservation Mode (MPCM) is enabled. The information section displays a message that ECM is not supported when MPCM is enabled.
For more information see the CMC Online Help .
If the ECM feature is disabled, you cannot enable the feature again until all fans in the chassis support ECM.
3 Click Apply .
An operation successful message is displayed after the ECM option is successfully enabled or disabled. The ECM mode does not get enabled if:
• The extra power required for supported fans is not available.
• Any of the fans in the chassis does not support ECM.
106 Configuring CMC
• MPCM is already enabled.
An alert message with the reason for ECM not getting enabled is displayed .
NOTE: If you try to enable MPCM when ECM is enabled, the ECM mode changes to enabled but unsupported state.
Configuring Enhanced Cooling Mode for Fans Using RACADM
To enable and configure the Enhanced Cooling Mode for fans, use the following RACADM object under the cfgThermal group: cfgThermalEnhancedCoolingMode
For example, to enable the ECM mode, use: racadm config –g cfgThermal –o cfgThermalEnhancedCoolingMode 1
In case of errors, an error message is displayed. The default value of Enhanced Cooling Mode option is disabled (0). This value is set to disabled (0) when racresetcfg command is issued.
To view the current ECM mode, use: racadm getconfig –g cfgThermal
To view the current state of ECM mode, use: racadm getfanreqinfo
[Enhanced Cooling Mode]
Enhanced Cooling Mode(ECM) Status = Disabled
For more information, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command Line Reference Guide available at dell.com/support/manuals .
Configuring CMC 107
advertisement