Adam MacLeodIts pretty shweet to see an entire subnet bound to a network interface of a server. Yup, it shows 29 usable IPv4 addresses! But now its time to bite fingernails, and once they're all sufficiently bleeding, cross said fingers, endure the pain, and whitenuckle the keyboard as we hope the server comes back up talking to the network, as the network bridge is about to be configured, and only one IP will be bound to the server's interface, leaving the other 28 IPs for virtual machines, which will attach to the bridge.
Robin Kipp has moved@adam Well, good luck getting that br0 up and running, changing network config over ssh is always a fun thing to do. Not sure if your server has an IPMI interface, but if it does I’d highly suggest configuring that first, especially Serial Over LAN. This way you’ll still have access to the server even if your NIC fails to come up after your changes.
@robin_kipp Definitely a good point there. They claim it has a dedicated IPMI interface, but the only access I'm finding so far is a stupid, inaccessible, useless web-based console interface. But I think your point is just so true and valid, that I probably should put in a support ticket and get the serial over LAN configured, if they'll let me do that, prior to rebooting with the bridge config.
@adam And as for setting up SOL, that’s something you would need to do on the server. I unfortunately can’t remember the exact steps, but it comes down to figuring out which TTY device the IPMI controller is bound to, and then setting up console redirection to that device.
@robin_kipp Looks like the BMC is bound to a 10.1.x.x internal network, but of course, I don't have any remote access to this. So I've put in a support ticket. Thanks for the tips and suggestions.
@adam Sure thing, glad I could help! That BMC should have a different MAC address than your NIC, so routing a public IP to that shouldn’t be a problem for your hoster. Once done, you should be able to create an allow list of IP addresses that can connect to it, and I’d highly suggest doing that and blocking all other IPs. BMC firmwares can have security bugs, but locking down the allowed IPs besides enabling authentication should be solid.
@robin_kipp Oh yeah, ACLs all the way for sure. I just hope these guys will route it out their public network. I have a feeling its on a completely isolated and separate physical switch. I know that some BMCs will allow you to set it up in shared NIC mode, so lots to look into for sure. My HPE server's ILO can be set up in this way, although I chose to keep it dedicated, since I control everything about that server and its physical and network environment. I just have a bad feeling that these guys are going to say its our web console, or nothing.
@adam Well, I’ll keep my fingers crossed for you and hope they’ll be willing to come up with a good solution. With those specs you’re probably paying quite a bit for that server, hopefully they’ll take that into account as well as it actually being an accessibility issue for you given their web console is inaccessible.
@robin_kipp Yeah, for sure. Thanks. Its not cheap.