Friday, March 25, 2016

How to setup all of your iDrac7s for SNMP alerting

I've toyed with several ideas but finally decided that the best way to accomplish this will be to setup 1 iDrac first, then export the config, and then apply that to all the other iDracs.  This general process should work for iDrac 7 or 8 since they use the same firmware.  This post concentrates on iDrac7.  Please see this additional post on how to do the same thing with iDrac6.

Please remember when setting your SNMP Community String that it is Case Sensitive.  That means that "public" is not the same as "Public".

Let's start with logging into a single iDrac.  Open a browser window and go to the IP of your iDrac7s.  Login with your credentials or the default ones if you haven't changed them.  Which you should change the default credentials or disable them and add new accounts for security reasons.  You should also have all iDracs on a separate management network that is not accessible from the Internet.  If you need to get to them from external, I suggest you setup some machine that you can remote into and then access that management network from there, or setup a highly secure gateway or VPN that will give you access to that management network.

Go to Alerts.  The first thing you want to set is to make sure Alerts are Enabled.  Then click on the Apply button on the far right of that Alerts box.

Next, look toward the bottom of that same page for the Alerts and Remote System Log Configuration section.  This is page 1 of 19 on the iDrac7.  You can either check just the items you want under SNMP Traps, or you can put a check in the top box in the header like highlighted below.  That will check all of them on this page only.  Then click on the right arrow to go to the next page and do the same thing.  Yes, this is will take a minute or two.  Do that on all 19 pages and then click on the Apply button at the end.

Now, click on SNMP and Email Settings tab at the top.  On this page you will need to enable Alert Destination 1 with the check box and enter in the destination server IP address.  Since I am setting this up for OpsMgr, I will put in the IP of my OpsMgr server.  If you are using a different community string you need to add it here as well.  Then click on the Apply button in that same box.  Also, your SNMP Trap format should be in v1 or v2.  I know that both v1 and v2 are supposed to work but I have not tested v3.  If you need to change it, you can also do that here and then click on the Apply in that box.

There is one more place to check your community string.  Go to iDrac\Network on the left side.  Click on the Services tab at the top and scroll down to find SNMP Agent.  Make sure the check box is checked so it is enabled and enter your community string here.  Then click the Apply button at the very bottom of the page.

Now, if you have your destination server (in my case OpsMgr) setup already, you should start receiving traps.  You can test this with the SNMP Test Trap button back on the Alerts\ Trap and Email Settings page.  Click the Test button under Test SNMP Trap in the same row as the destination server you want to send to.

In OpsMgr you will see an informational alert like these.  These alerts could show up in Active Alerts and Server and Rack Workstation Alerts, RemoteAccess Alerts, or PET Traps depending on the iDrac version and firmware version.  They will all be Informational Alerts but should have the word Test in the Name.

Now that we know that 1 iDrac works, we need to copy these settings to all the others.  You will need a machine with access to the management network of all of your iDracs.  That machine will need the Dell DRAC Tools installed. The current latest version, as of 6/24/2016, is 8.3 and here are the link for the 64bit version.
64bit -

You will also need a text file with all of your iDrac6 IPs, each listed on a separate line.

The next step is to grab a copy of the config of the iDrac that you just set in the above steps.  On your machine with access to your iDrac network, and with the DRAC Tools installed, you are going to run the following command from an Administrative level command prompt.

**NOTE**: These racadm commands below are for iDrac7 running  If you are using older firmware or an earlier iDrac, you might try to use getconfig and setconfig instead of get and set in the below examples.

racadm -r IPofTheIDrac -u Username -p Password get -f LocationForTxtFile

Replace IPofTheIDrac with the IP of the iDrac you configured above.
Replace Username with your iDrac username.
Replace Password with your iDrac password.
Replace LocationForTxtFile with a path to where you want the configuration text file created.  I put the config file in the same location as my iDracs.txt file with all of my iDrac IPs just to keep them together.  In this example I put both in a folder c:\idrac.

Now we need to edit that config.txt file.  Open it with your favorite text editor.
You will see that the first section is [idrac.alert.1] and under that you can see what the alert is and the action has snmp in it.  You want to keep all of the idrac.alert sections.  So scroll on down past those.  An iDrac7 running firmware has about 151 of them.

You can use this file to make changes to all of your iDracs.  As you scroll through you may see other sections you want to make changes to if you didn't do it in the GUI.  But for this post I am only focusing on SMNP settings.  So we are going to remove everything else in the config.txt file.

The other sections we are going to keep are [iDRAC.IPMILan], [iDRAC.SNMP], [iDRAC.SNMP.Alert.1] sections.  There are 8 iDrac.SNMP.Alert.X sections, but I only set the first one so I am removing the others.  You don't have to keep every setting under each section.  Just the settings that we changed in the GUI.

Now save that file, maybe with a different name so that you can keep the original.  I'm going to save mine as idracpush.txt in the same folder.

Here is where we finally push the config to all iDracs.  You will use a PowerShell script.  Right click on the PowerShell icon on your taskbar and select Run ISE as Administrator.  When it opens copy this script into the top window.  You will need to replace Username and Password to your own.

$servers = Get-Content .\idracs.txt
$servers | foreach {
    invoke-expression "racadm.exe -r $_ -u Username -p Password set -f c:\idrac\idracpush.txt"

My green play button is greyed out because it is already running in this picture.  But when you click on the green play button that I highlighted in yellow above, the script will set the config on each iDrac one at a time.  Because of all of the idrac.alert.x sections, this can take quite a while for each iDrac.  And the more iDracs you have in your text file, the longer it will take.  Mine took right at an hour for 15 iDracs.  You can scroll back through the results pane to see if there were any errors.

No comments:

Post a Comment