UPS: NMC upgraded
I was stuck with a bit of a dilemma, as I didn’t want to move the rack over to where the new UPS was wired up, as I’m hopefully going to have the solar installer come out in the next month or so and I don’t want it in his way, but the cord on the UPS is not long enough to reach where the rack is now. Fuck it, I went and bought a 15A extension cord to stretch it over, and hooked everything up. As expected, the network gear barely registers on the load or runtime at all, this should last quite some time in the event of a power outage!
Unable to leave well enough alone, I started to mess with the Network Management Card, and wound up enabling SSL. That was a mistake, for two reasons: first, when they say SSL, they really mean SSL. No TLS1.1 or higher here, which meant that none of my browsers would speak to it. Try as I might to follow the instructions to re-enable TLS1/SSLv2 on Firefox, nothing worked. Second, enabling SSL disables SSH for reasons unknown.
As I moved the UPS into the bottom of the rack, it’s no longer close enough to my time server to stretch an RS232C cable across either. So how can I fix this? Nginx to the rescue, I set up a reverse proxy, used proxy_ssl_protocols TLSv1;
and I was able to finagle my way to turn SSL off again.
Between this and the aforementioned OpenSSH fuckery, I wondered if there was a later firmware for this card? I wasn’t expecting much, as it’s very much supersceded by the eye-wateringly expensive gigabit network card, but it turns out that there are firmware updates for it, and how far I can go depends on what revision of the hardware it is. There are two issues, whether it’s a 66102 (NMC) or a 66013 (Network-MS), and it turned out I was reasonably sure it was the latter!
According to SNMP, and verified by the control panel on the front cover, it was at firmware JH, which could be limited to JK, or could be fine to go all the way to recent. I spent some time trying to figure out the “technical level” of my card, to no avail, then said “fuck it” and installed firmware JK to see how that’d go. No worries, it came back fine. I later realized that the “technical level” of 21 is shown in the serial console output I logged when I had to reset it. So I tried firmware JL, and it installed fine, which made me think I can go all the way through.
So I checked the release notes, and learned that I need to install firmware KB in order to update the boot loader to support the L series firmwares, so I did that, and it came up fine… no issues there either. Finally, installed firmware LE, which is the latest one, and late enough to solve CVEs granted in 2020 which is actually way more support for the card than I expected. Good on them.
Enabled SSL again, and this time a modern browser speaks to it without issues… and finally I’m able to SSH in while SSL is enabled!
But whew, what a mess.