Sometimes when you’re making changes to systems it feels wrong. Insecure, hacky, manual and frustrating. But then you move on, hoping you don’t have to do it again. Well, here’s how I got to use the IPMI (iLO, BMC, iDRAC, etc) web interface of some old servers from my Centos 7 server:
Access the IPMI web interface
ws $ ssh -X server server $ firefox $some_ip
Login, browse to the ‘remote control’ section (they’re all pretty similar), click launch. It pops up a prompt asking me what I would like to use, to launch jviewer.jnlp.
Install and configure Java
I found a guide which says to install and configure Java; java-1.8.0-openjdk was already installed out of the box, so it was just a matter of configuring it:
server # update-alternatives --config java There are 2 programs which provide 'java'. Selection Command ----------------------------------------------- * 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-188.8.131.52-0.b13.el7_3.x86_64/jre/bin/java) + 2 /usr/java/jre1.8.0_121/bin/java Enter to keep the current selection[+], or type selection number: 2
Configure Firefox to launch .jnlp files with javaws
Firefox doesn’t know how to run javaws, so it needs to be told, via these instructions.
server $ vim .mozilla/firefox/vgenq8rj.default/mimeTypes.rdf
Mangle Java security settings
Java (rightly) complains about security settings. It’s only for internal boxes on a particular network, but BeyondCorp thinking still makes me cringe. Open the Java Control Panel:
ws $ ssh -X server server $ /usr/java/jre1.8.0_121/bin/ControlPanel
In Security, Exception Site List, I added the URLs of the servers I need to manage. It works. I feel dirty. I suspect I could install an older version of Java to skip this step, and feel just a bit dirtier.