Remotely install OmniOS on a Dell R620

    

I rent a Dell R620 in a colo and decided I would install and run OmniOS on it. But it is hosted in a remote country and I can’t simply plug the install media in the DVD or USB port.

So let’s go for a remote installation.

The two installation options I targeted were:

Dell servers are smart enough to provide both options and my colo-master is sweet enough to provide a remote access to the iDRAC.

Communicating with iDRAC using the Web interface

Port redirection using SSH

iDRAC is (hopefully) not accessible from the Internet, I have to use a bastion host. To be able to use my local Web browser to access the remote iDRAC Web interface, I configured my local SSH client to use port redirection.

# cat ~/.ssh/config
(...)
Match host idrac
        Hostname bastion.example
        User <change_me>
        LocalForward localhost:8443 192.0.2.18:443
        LocalForward localhost:5900 192.0.2.18:5900
        RemoteCommand top
        RequestTTY yes
(...)

The ssh idrac starts a top command on the bastion host and redirects the HTTPS and VNC port from the 192.0.2.18 iDRAC IP to my localhost. Accessing https://localhost:8443/login.html opens the iDRAC login page.

Attach the ISO

Grab the OmniOS ISO installer on the local machine. It will be attached to the remote console.

# ftp https://downloads.omnios.org/media/stable/omnios-r151048.iso

Log in to the iDRAC Web interface. Browse to Overview > Server > Virtual Console. I use the "HTML5" plug-in type. This is not madatory but I don’t need JAVA to interact with the server. Click the "Launch Virtual Console" link so that the console window pops up.

Click the "Connect Virtual Media" button. In the "Map CD/DVD" section, select the OmniOS ISO file that was downloaded and click the "Map Device" button. Close the "Virtual Media" popup.

Back to the iDRAC window, browse to Overview > Server > Setup. In the "First Boot Device" section, select "Virtual CD/DVD/ISO", check "Boot Once" and click "Apply".

Restart the server and go back to the console window to proceed to installation .

Communicating with iDRAC using IPMI SOL

Configuring the console access is done both using the iDRAC Web interface and the Virtual Console.

As described previously , activate port redirection. Then, connect and authenticate to https://localhost:8443/login.html.

To start the Virtual Console, browse to Overview > Server > Virtual Console and click the "Launch Virtual Console" link.

Configure BIOS for serial connection

Have the server (re)boot. In the Virtual Console hit <F2> to Enter System Setup. Go to System BIOS > Serial Communication.

Configure the following values:

Click "Back". Click "Finish". Click "Yes" when asked to save the changes.

Configure iDRAC to Use SOL

In the iDRAC Web interface, browse to Overview > iDRAC Settings > Network. Click on the "Serial Over LAN" tab.

Configure the following values:

Click "Apply".

Enable SSH protocol

In the iDRAC Web interface, browse to Overview > iDRAC Settings > Network. Click on the "Services" tab.

In the SSH section, check the "Enabled" option and click the "Apply" button.

Browse to Overview > iDRAC Settings > User Authentication. Locate your user name in the list and click on the "User ID". In the "SSH Key Configurations" section, check the Upload SSH Key(s) option and click "Next". Check the "Text" option of a free SSH Key slot and paste your Public SSH Key. Click "Apply".

Note that Ed25519 does not seem to be supported, RSA has to be used.

Using SOL

The straightforward way to connect to SOL using SSH would be to log into the bastion host, then issue another SSH connection to the iDRAC. But I prefer configuring my workstation to use SSH ProxyCommand feature.

# cat ~/.ssh/config
(...)
Match host idrac-ssh
  Hostname <idrac-ip>
  Port <idrac-port>
  User <idrac-user>
  IdentityFile ~/.ssh/<idrac-ssh-key>
  ProxyCommand ssh -W %h:%p -l <bastion-user> <bastion-host>

Nice thing here is that the private key is kept on my workstation and not on the bastion host.

Connecting to the iDRAC using SSH is now as simple as "ssh idrac-ssh".

Issuing racadm commands goes:

/admin1-> racadm getsysinfo
RAC Information:
RAC Date/Time           = Fri Jan 26 23:56:25 2024

Firmware Version        = 2.65.65.65
Firmware Build          = 15
Last Firmware Update    = 09/18/2021 17:55:35
Hardware Version        = 0.01
(...)

/admin1-> racadm serveraction powerstatus
Server power status: ON

/admin1-> racadm serveraction powerdown
Server power operation successful

/admin1-> racadm serveraction powerup
Server power operation successful

Connecting to the serial console goes:

/admin1-> console com2
Connected to Serial Device 2. To end type: ^\
(...)
Phoenix ROM BIOS PLUS Version 1.10 2.9.0
Copyright 1985-1988 Phoenix Technologies Ltd.
Copyright 1990-2015 Dell Inc.
All Rights Reserved

Dell System PowerEdge R620
www.dell.com
(...)

The default keystroke to quit the console is <Ctrl>+<\>. This is the "Escape Key" configured above .

Installation

The official installation process is described here .

using the iDRAC Web interface

Since the ISO installer has been attached to the Virtual Console , using the iDRAC Web interface to install OmniOS has no specifics.

As usual with such connections, using a localized keyboard layout is not hassle free. The simplest thing is to activate the US keyboard layout on the workstation and keep the default keyboard layout in the installer.

During booting process, accessing the local ISO from the remote server required a bandwith of between 2 and 4 Mbps. Copying the (local) ZFS image required an average 5 Mbps. It took about 5 minutes to complete.

When the installation is finished, click the “Virtual Media” button, “Un-Map Device” and “Disconnect Virtual Media”.

using the SOL

Connecting an ISO file via SOL is possible using a remote HTTP server. But there seem to be specific things happening during the HTTP session. I couldn’t have it working with OpenBSD httpd(8) or relayd(8). But it works with apache-httpd-2.4.58p0. Strangely (or not), it didn’t work on free public mirrors I found that were running Apache.

Connect to SOL, attach the ISO image and have the server boot on it. Then connect to the console to proceed to installation.

/admin1-> racadm remoteimage -c -u root -p calvin -l http://192.0.2.34/omnios-r151048.iso
Remote Image is now Configured

/admin1-> racadm set iDRAC.VirtualMedia.BootOnce 1
[Key=iDRAC.Embedded.1#VirtualMedia.1]
Object value modified successfully

/admin1-> racadm set iDRAC.ServerBoot.FirstBootDevice VCD-DVD
[Key=iDRAC.Embedded.1#ServerBoot.1]
Object value modified successfully

/admin1-> racadm serveraction powercycle
Server power operation successful

/admin1-> console com2

The default OmniOS setting for "OsConsole" is “text”. This is ok for a Web install but will not allow console installation.

In the "Welcome to the OmniOS installer" greeting, hit 5 to go to "Configure Boot Options". Then hit 2 to switch the "OsConsole" value to "ttya". Finally hit 1 twice to go “Back to Main Menu” and "Boot Multi User".

When the system boots using the SOL output, the Web window is kept black. Keep using the default “US-English” keyboard layout ; in console, that doesn’t interfere with non-US keyboard layout.

In the “OmniOS configuration menu”, enable “(S)erial Console”. In the “OmniOS serial console configuration menu”, configure:

In my case, the installer had a few rendering issues when using a bright colorscheme and tmux panes. It had less worse behaviour when used in a 80x35 dark colored xterm. The recommended Dell 25 lines x 80 columns had vertical sync issues.

When installation is done and the OS reboots, disconnect the ISO file.

/admin1-> racadm remoteimage -d

When the server boots, grub is only visible from the console. Not the Web any more. I tried a few settings from the Setting up a serial console documentation but I ultimately ended with an empty black Web window and a void console output.

After a few trial & errors, I decided to only use the “simple” Web access.

Firewall

Because the server has a public IP address, I quickly configured and enabled the IP packet filter. The OmniOS documentation for using IPFilter is a must-read.

For a bare-minimum, I went:

# svcadm enable network/ipfilter

# vi /etc/ipf/ipf.conf
block in log all
pass  in quick on lo0
pass out quick on lo0
pass  in quick on igb0 proto icmp from any to 192.0.2.100 keep state
pass  in quick on igb0 proto tcp from 192.0.2.230 to 192.0.2.100 port = ssh keep state
pass  in quick on igb0 proto tcp from 192.0.2.231 to 192.0.2.100 port = ssh keep state
pass out quick on igb0 keep state
#EOF

# ipf -Fa -f /etc/ipf/ipf.conf 

# ipfstat -io
pass out quick on lo0 all
pass out quick on igb0 all keep state
block in log all
pass in quick on lo0 all
pass in quick on igb0 proto icmp from any to 192.0.2.100/32 keep state
pass in quick on igb0 proto tcp from 192.0.2.230/32 to 192.0.2.100/32 port = ssh keep state
pass in quick on igb0 proto tcp from 192.0.2.231/32 to 192.0.2.100/32 port = ssh keep state

And That’s All Folks!