home tags events about login
one honk maybe more

benjojo posted 22 Sep 2023 14:11 +0000

Always love poking around the weirder functions of BMC/IPMI's, this ASRock IPMI does not have HTML5 console support. But does have the ability to record videos of the screen _to the bmc_ and have you download/play them after.

ASRock are the server hardware version StarTech, stuff that might be useful, but is fundamentally cursed.

A ASRock IPMI interface called "Video Recording" - "Below is a list of available recorded video files on the BMC"

electronic_eel@socia.. replied 22 Sep 2023 18:51 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/ftlP1yqDn7NVHGQzfr

@benjojo the BMC is just for emergencies - but when there is an emergency, a proper UI and features like a good remote console, how the virtual storage is implemented and so on decide how fast you can bring your machine back online. so even if i don't use the BMC all day, i consider a good BMC important.

Also i use it for monitoring and logging, this has helped me in the past to figure out hardware issues that would have cost me quite some time to diagnose without.

Regarding porting OpenBMC - you would definitely need to have a dedicated test board of the exact same model on your bench before attempting this.

electronic_eel@socia.. replied 22 Sep 2023 19:53 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/Msx9sfd9vSBh92bXMw

@benjojo for bgp.tools i guess you have quite a few systems in far remote colo locations. how do you deal with securing access to the BMCs on these systems?

These cheaper BMC variants tend to regularly have security issues, and if someone gets root on it, at least with the Aspeed it is game over for the server since you can DMA the whole memory of the server. So I would not dare to directly open them to the internet.

benjojo replied 22 Sep 2023 21:27 +0000
in reply to: https://social.treehouse.systems/users/electronic_eel/statuses/111110546243000744

@electronic_eel bgp.tools "core" just has a rack in London where all of the BGP sessions get terminated, and the website is served.

There are of course a growing number of IXP relay nodes, but 90% of those are VM's on existing IXP-ran infrastructure (provided by the exchange itself), there are 2 machines that are full hardware setups. One if the ASRock one (that will soon sink all of the DE-CIX ports, and some other fun exchanges), and the other one is LU-CIX, a exchange that is a Raspberry Pi 3B ziptied to the rack :P

In general remote BMC's are just ACL'd (on the switch side) to a set list of holy CIDRs that I own, and their ACL-ness is constantly monitored.

I agree BMCs are scary. But I mostly have to work with what I have, and thankfully these IXP Relay machines don't really handle sensitive data.

The London machines have a separate switch + OOB infra attached to them , because even though I live near them, I don't really want to go to the screaming computer room if I can help it!

benjojo replied 22 Sep 2023 14:15 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/TqnptJpJm8sz7qtV17

To top this system install adventure off, because it's a java only console, I booted a LiveCD (rather than trust a plaintext java webstart to my workstation) and realised I can serve the same Live CD directly to the server.

The only downside is that I am now installing from the "CD" drive to something that is 700 miles away. Minor regrets.

A virtual machine window, showing a debian live CD running a IPMI Console window, also showing a debian installer, a window on the side shows /dev/sr0 being mounted to the remote machine