Thursday, October 24, 2013

Fun with iDRAC

Feb 26th 2015: UPDATE: https://github.com/PaulMaddox/drac-kvm has all you need!

So I was busy over at the DellXL conference for the last few days with our new friends at GWU HPC. We were all chatting about the issues with iDRAC and access to console in a true "DevOps" way. i.e. via scripts and automation and no sad pointy clicky webby nonsense. We all agreed that the current, load OBM website, click "launch console", download java jnlp file was not in any way optimal.

After a fair amount of bitching and moaning, I took to PHP and CURL during the meeting to attempt to write a script to automate things... Have to admit - it's the first PHP I've written in years - it was fun. We have 1000's of machines that are using iDRAC for access to KVM so fixing this was important as my boys and girls complain about it on a pretty much daily basis. When ever we need access to KVM it is normally because some epic system crash has happened and we are all pretty stressed and animated, the last thing we need is foophy website / java nonsense to deal with!

For the TL;DR crowd, I totally invented the wrong wheel! The boys and girls at GWU had a *much* better idea... but more about that later!

Ok so here's the script I knocked up:
[James-Cuffs-MacBook-Pro]$ cat RemoteConsole.php 
$u              = "root";
$p              = "calvin";

$host           = $argv[1];
$ha             = explode('.',$host);
$loginUrl       = "https://$host/data/login";
$logoutUrl      = "https://$host/data/logout";
$consoleUrl     = "https://$host/viewer.jnlp($host@0@$ha[0],+Dell+RemoteConsole,+User+root";
$ustring        = "user=".$u."&password=$p";

$ch = curl_init();

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt ($ch, CURLOPT_URL, $loginUrl);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $ustring);
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

$store           = curl_exec ($ch);
$xml             = simplexml_load_string($store);
$forwardUrl      = $xml->forwardUrl;
list($junk, $ST) = split('\?',$forwardUrl);
$index           = "https://$host/$forwardUrl";
curl_setopt($ch, CURLOPT_URL, $index);

$content         = curl_exec ($ch);
$mili            = round(microtime(true)*1000);
$consoleUrl      = "$consoleUrl@$mili@$ST)";

curl_setopt($ch, CURLOPT_URL, $consoleUrl);

$content         = curl_exec ($ch);
file_put_contents('console.jnlp', $content);
system("open console.jnlp");
sleep(20);

curl_setopt($ch, CURLOPT_URL, $logoutUrl);
$content         = curl_exec ($ch);
curl_close ($ch); 

I was *extremely* excited about this, and demoed it to the whole group at DellXL, folks were suitably impressed, until Tim Wickberg at GWU said - "oh you don't need to do any of that at all!". I was slightly taken aback, but listened on as he explained how you need to simply do one thing to make all of this php obsolete...

Turns out that while the careful use of this millisecond time generation for the URL is important, you really don't need it at all. All that scripting above (while an interesting and fun study, is mostly useless.
$mili            = round(microtime(true)*1000);
$consoleUrl      = "$consoleUrl@$mili@$ST)";

All I actually needed to do was edit those darn .jnlp files:
[James-Cuffs-MacBook-Pro]$ egrep "user|pass" console.jnlp 
   user=2114738097
   passwd=2007905771

And replace those "one time" numeric integer password/username combinations! You only need to hard code those to be root/calvin!! Doh! Now you can quickly edit the .jnlp to swap the hostname, and username/pw combination and you are golden.
[James-Cuffs-MacBook-Pro]$ egrep "user|pass" console.jnlp 
   user=root
   passwd=calvin

You have an eternally working file to always launch access to any OBM/iDRAC in your environment - so simple.

Well done team GWU - this discovery is pretty awesome and will help us script remote console/kvm access to 1000's of machines over in western mass! Many thanks!

p.s. disclaimer - please don't put your iDRAC systems on a network that folks outside of your admin team can access, or your machines will no longer belong to you. We have ours on a "dark network", that only admin staff in RC can access with 2fA via a special VPN network that only has access to the OBM and admin portions of the network! This is why we can use root/calvin with abandon!

Wednesday, October 9, 2013

Of Nobel Prizes...


Wonderful news today, fabulous day to support great science with great colleagues!


Reminds me of my first few days here at Harvard, (email below) and my rather epic faux pas with messing up how to refer to CHARMM ;-) This was also the first Infiniband cluster we put in when I arrived. Things sure have grown since those early days when we were scrambling for resource. Martin was right, we did need a whole lot more compute and now RC has over 55,000 CPU, we almost have enough horsepower to run some halfway decent molecular dynamics! We are so proud to in our small way have been able to support Martin's group and his achievements - a good news day all round!

From:    Martin Karplus 
Date:    Fri, Jun 30, 2006 at 6:04 PM
Subject: Re: dellblades.
To:      James Cuff 


It was good to meet with you.  Once the Dell benchmarking is complete
(perhaps some experts from them or you can do some optimization of
CHARMM on the Dell blades beyond what we have done ourselves),
we should discuss the future.  

In the longer run, there is a need for more computer power and
I am sure we all hope that the FAS will provide some funding.

PS  The CHARMM program refers to the academic version which is
distributed by Harvard University; CHARMm refers to the
commercial version distributed by Accelrys.  Rather than
calling it "charmm", it is important to make this distinction
and for the program we use as CHARMM.


[any opinions here are all mine, and have absolutely nothing to do with my employer]
(c) 2011 James Cuff