honk

one honk maybe more

benjojo posted 22 Sep 2023 14:11 +0000

Always love poking around the weirder functions of BMC/IPMI's, this ASRock IPMI does not have HTML5 console support. But does have the ability to record videos of the screen _to the bmc_ and have you download/play them after.

ASRock are the server hardware version StarTech, stuff that might be useful, but is fundamentally cursed.

A ASRock IPMI interface called "Video Recording" - "Below is a list of available recorded video files on the BMC"

benjojo replied 22 Sep 2023 14:15 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/TqnptJpJm8sz7qtV17

To top this system install adventure off, because it's a java only console, I booted a LiveCD (rather than trust a plaintext java webstart to my workstation) and realised I can serve the same Live CD directly to the server.

The only downside is that I am now installing from the "CD" drive to something that is 700 miles away. Minor regrets.

A virtual machine window, showing a debian live CD running a IPMI Console window, also showing a debian installer, a window on the side shows /dev/sr0 being mounted to the remote machine

grimmware@hellsite.s.. replied 22 Sep 2023 14:20 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/TqnptJpJm8sz7qtV17

@benjojo

> _to the bmc_

:thonk:

benjojo replied 22 Sep 2023 14:28 +0000
in reply to: https://hellsite.site/users/grimmware/statuses/111109239047076884

@grimmware I mean, I guess they have a decent amount of storage around, but still...

grimmware@hellsite.s.. replied 22 Sep 2023 14:30 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/x169FfJsJlN78S3565

@benjojo Yeah I mean I'm the last person to criticize someone doing something that sounds weird but works, but it *does* sound weird.

kura@noc.social replied 22 Sep 2023 14:36 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/TqnptJpJm8sz7qtV17

@benjojo ASRock make some really weird and interesting stuff. I present to you the ASRock P4 Combo - https://www.asrock.com/mb/Intel/P4%20Combo/

electronic_eel@socia.. replied 22 Sep 2023 18:09 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/TqnptJpJm8sz7qtV17

@benjojo did you consider trying to port OpenBMC to this board?

I currently stick to HPE hardware at work, just to get a somewhat nice BMC and continuous support&updates for it. But I'm considering to try cheaper boards, like Asrock or Supermicro, and porting OpenBMC to them.

benjojo replied 22 Sep 2023 18:45 +0000
in reply to: https://social.treehouse.systems/users/electronic_eel/statuses/111110137401151877

@electronic_eel I don't really have hands on access to this machine, so I would not really dare to attempt such a port, I just need this BMC to work for emergencies :), even if the UI/UX is crap

electronic_eel@socia.. replied 22 Sep 2023 18:51 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/ftlP1yqDn7NVHGQzfr

@benjojo the BMC is just for emergencies - but when there is an emergency, a proper UI and features like a good remote console, how the virtual storage is implemented and so on decide how fast you can bring your machine back online. so even if i don't use the BMC all day, i consider a good BMC important.

Also i use it for monitoring and logging, this has helped me in the past to figure out hardware issues that would have cost me quite some time to diagnose without.

Regarding porting OpenBMC - you would definitely need to have a dedicated test board of the exact same model on your bench before attempting this.

zev@honk.bewilderbee.. replied 22 Sep 2023 19:00 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/ftlP1yqDn7NVHGQzfr

@benjojo @electronic_eel Entirely fair, though if you do ever change your mind and want to pursue that, I've done a number of ASRock OpenBMC ports (and maintain the meta-asrock layer in the OpenBMC tree) and would be happy to offer assistance!

benjojo replied 22 Sep 2023 19:46 +0000
in reply to: https://social.treehouse.systems/users/electronic_eel/statuses/111110304377017636

@electronic_eel Yeah, this board is more of a accidental acquirement after the Supermicro board that I bought was DoA after arriving in a country I do not live :)

Given that i'm likely only ever to interact with this once or twice in the whole lifespan of the device, I'm pretty okay with a little bit of jank

electronic_eel@socia.. replied 22 Sep 2023 19:53 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/Msx9sfd9vSBh92bXMw

@benjojo for bgp.tools i guess you have quite a few systems in far remote colo locations. how do you deal with securing access to the BMCs on these systems?

These cheaper BMC variants tend to regularly have security issues, and if someone gets root on it, at least with the Aspeed it is game over for the server since you can DMA the whole memory of the server. So I would not dare to directly open them to the internet.

benjojo replied 22 Sep 2023 21:27 +0000
in reply to: https://social.treehouse.systems/users/electronic_eel/statuses/111110546243000744

@electronic_eel bgp.tools "core" just has a rack in London where all of the BGP sessions get terminated, and the website is served.

There are of course a growing number of IXP relay nodes, but 90% of those are VM's on existing IXP-ran infrastructure (provided by the exchange itself), there are 2 machines that are full hardware setups. One if the ASRock one (that will soon sink all of the DE-CIX ports, and some other fun exchanges), and the other one is LU-CIX, a exchange that is a Raspberry Pi 3B ziptied to the rack :P

In general remote BMC's are just ACL'd (on the switch side) to a set list of holy CIDRs that I own, and their ACL-ness is constantly monitored.

I agree BMCs are scary. But I mostly have to work with what I have, and thankfully these IXP Relay machines don't really handle sensitive data.

The London machines have a separate switch + OOB infra attached to them , because even though I live near them, I don't really want to go to the screaming computer room if I can help it!