-
Brian
> You've never had automation break? Combined with being unable to access it remotely? Lucky :) I haven't yet, at least as far as cert renewal automation goes. I do always check, though, just in case. I do some things from cron jobs, not just certbot deploy hooks, so I get a report when a cert has been renewed. ↺
-
Brian
For example, validating DANE for SMTP and XMPP whenever that cert changes.
-
Trung
> Why don't you automate cert validation? coz i thought i had openned ssh and can sort that out later
-
Trung
……hmmm can you horrible peopl talk abt somethin else now please
-
nuegia.net
> moparisthebest: > 2024-08-15 06:59 (CDT) > You've never had automation break? Combined with being unable to access it remotely? Lucky :) No that's what bmc is for
-
raver
What is BMC?
-
j4nk
A chip that sits on certain server motherboards that allows stuff like turning on/off the computer remotely
-
jonas-l
But this is like SSH: must be configured, patched and the access data must be available to use it; from a security point of view I would put some (other) computer in front of a BMC
-
raver
I see a similar principle as WOL ?
-
raver
But when there's a network outage this chip won't help either or am I wrong?
-
raver
If it gets to of topic I'll stop asking🙃
-
j4nk
Yep. One can imagine some horrible abomination cobbled out of a raspberry pi and some motors that has a SIM card and can receive texts and actuate parts of the computer in response to them, maybe that would be the best for this situation? Of course if the internet is down I can’t imagine it matters much if the server is up since it can’t serve anything anyways
-
ernst.on.tour
raver: > I see a similar principle as WOL ? Not realy WOL wakes up the server, but until the Operatingsystem comes up there is no ssh/rdp/vnc/telnet/.... BMC or RemoteBoard or iDrac or RMC or ILO or .... are implemented to get controll over the server *before* anything is coming up. For example you are able to make changes in the BIOS, call the Hardware-Raid-Controller to configure him to start your OS before it is up, take controll over your missconfigured networkstack *inside* your OS via virtual keyboard/mouse from your BMC, ....
-
xa0.uk
> A chip that sits on certain server motherboards that allows stuff like turning on/off the computer remotely idrac? ↺
-
xa0.uk
yes, i had not read the last message, my bad
-
ernst.on.tour
It:s not only a chip, there was a PCI-Remoteboard (from IBM ?) to use it for other servers. It simulate the keystrokes/mouse-events via PCI-injection, and as powersupplies not realy switched off, he could start it. Don:t know how, but mayby via WOL-package-simulation on PCI
-
raver
> raver: >> I see a similar principle as WOL ? > Not realy > WOL wakes up the server, but until the Operatingsystem comes up there is no ssh/rdp/vnc/telnet/.... > > BMC or RemoteBoard or iDrac or RMC or ILO or .... are implemented to get controll over the server *before* anything is coming up. > For example you are able to make changes in the BIOS, call the Hardware-Raid-Controller to configure him to start your OS before it is up, take controll over your missconfigured networkstack *inside* your OS via virtual keyboard/mouse from your BMC, .... Thanks, now I understand, so this chip has its own network protocol I guess. ↺
-
ernst.on.tour
Own stack, own IP-Subnet, own Router, ....
-
raver
ernst.on.tour: thanks for the explanation👌✌️