Difference between revisions of "Ipmitool: Basic installation and usage"

From Define Wiki
Jump to navigation Jump to search
 
(3 intermediate revisions by 2 users not shown)
Line 55: Line 55:
  
 
=== SOL session ===
 
=== SOL session ===
 +
'''From a remote system'''
 
<syntaxhighlight> ipmitool -U ADMIN -P ADMIN -H 172.28.1.91 -I lanplus sol activate </syntaxhighlight>
 
<syntaxhighlight> ipmitool -U ADMIN -P ADMIN -H 172.28.1.91 -I lanplus sol activate </syntaxhighlight>
  
 
=== Static IP for IPMI interface ===
 
=== Static IP for IPMI interface ===
To perform a chance of address remotely (*be careful!*)
+
To perform a change of address remotely (*be careful!*)
 
<syntaxhighlight>ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipsrc static  
 
<syntaxhighlight>ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipsrc static  
 
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipaddr 172.28.11.19 </syntaxhighlight>
 
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipaddr 172.28.11.19 </syntaxhighlight>
Line 106: Line 107:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
=== Change IPMI Password ===
+
== Change IPMI Password ==
 
View the current users (default password is admin):  
 
View the current users (default password is admin):  
 
<syntaxhighlight>
 
<syntaxhighlight>
Line 125: Line 126:
 
2  admin            true    false      false      ADMINISTRATOR
 
2  admin            true    false      false      ADMINISTRATOR
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
 +
== Resetting the IPMI Module ==
 +
Resets the management console without rebooting the BMC
 +
 +
  # ipmitool mc reset warm
 +
 +
Reboots the BMC
 +
 +
  # ipmitool mc reset cold
 +
 +
If this fails to restore usability of the interface, you can also attempt a cold reset from Supermicro's IPMICFG: ftp://ftp.supermicro.com/utility/IPMICFG/
 +
 +
  # ipmicfg -nm reset
 +
 +
Finally, you can reset the BMC to factory defaults with IPMICFG or ipmitool. Be aware that this will wipe any existing settings on the BMC that you may have set from the web interface, but excludes network settings.
 +
 +
  # ipmicfg -fd
 +
 +
or
 +
 +
  # ipmitool raw 0x3c 0x40
 +
 +
To reset your network settings along with the factory reset, use the following IPMICFG command:
 +
 +
  # ipmicfg -fde

Latest revision as of 10:32, 24 November 2016

Installation

ipmitool can typically be installed via normal OS repositories: 

## For Redhat based systems
yum install ipmitool

## For Debian/Ubuntu system
apt-get install ipmitool

To use ipmitool on locally installed IPMI hardware (i.e. on the same machine ipmitool is installed on) you need to ensure a number of IPMI modules are loaded and running. The three main modules required are:

  • ipmi_msghandler
  • ipmi_devintf
  • ipmi_si

To check these are running, enter the following command: 

[root@ral1 ~]# lsmod | grep ipmi
ipmi_si                79661  0 
ipmi_devintf           44753  0 
ipmi_msghandler        73369  2 ipmi_si,ipmi_devintf

If no modules are shown, modprobe the modules listed above: 

modprobe ipmi_msghandler
modprobe ipmi_devintf
modprobe ipmi_si

Usage

Ensure the ipmi service is running on the host 

[root@compute-0-0 ~]# /etc/init.d/ipmi restart 
Stopping all ipmi drivers:                                 [  OK  ]
Starting ipmi drivers:                                     [  OK  ]

All IPMI modules can be accessed locally or over the network: 

# To access the local ipmi module:
ipmitool [command]

# To access a ipmi module over the network
ipmitool -U ADMIN -P ADMIN -H 172.16.0.10 [command]

In the following examples, we assume we are querying the local module

Check the IP Address of the IPMI modules 

[root@compute-0-0 ~]# ipmitool lan print 
...
IP Address              : 172.16.0.10

SOL session

From a remote system 

 ipmitool -U ADMIN -P ADMIN -H 172.28.1.91 -I lanplus sol activate

Static IP for IPMI interface

To perform a change of address remotely (*be careful!*) 

ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipsrc static 
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipaddr 172.28.11.19

To perform a chance of IP address when logged in locally (ensure the /etc/init.d/ipmi service has been started) 

  ipmitool lan set 1 ipsrc static
  ipmitool lan set 1 ipaddr 10.1.128.1
  ipmitool lan set 1 netmask 255.255.0.0
  ipmitool lan set 1 defgw ipaddr 10.1.1.1

iptables & Firewalls

For full IPMI functionality via the built in web interface, a number of ports (both TCP and UDP) need to be openend if a firewall is to route IPMI traffic.

Supermicro IPMI ports (up to X9 generation/AMI IPMI)

The ports are as follows:

  • Port 22 (TCP) - Normal IPMI traffic
  • Port 80 (TCP) - HTTP Access
  • Port 443 (TCP) - Secure HTTP Access
  • Port 555 (TCP) - Unsure but SM say to open this port
  • Port 623 (TCP & UDP) - Normal IPMI traffic
  • Port 5120 (TCP) - USB CD Emulation (for media redirection)
  • Port 5123 (TCP) - USB Floppy Emulation (for media redirection)
  • Port 5900 (TCP) - HID Device (USB keyboard/mouse emulation)
  • Port 5901 (TCP) - Video Redirection (for KVM-over-IP)

iptables - add rules

# Port 22 may well be open for normal SSH access
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

# Remaining ports
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 555 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5120 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5123 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT

# Save rules to /etc/sysconfig/iptables
service iptables save

Change IPMI Password

View the current users (default password is admin): 

$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user list 
ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
2   admin            true    false      false      ADMINISTRATOR

Set the updated password (note the user id, in this instance is 2) 

$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user set password 2 asqp12

$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user list 
Error: Unable to establish IPMI v2 / RMCP+ session
Get User Access command failed (channel 14, user 1)
$ ipmitool -U admin -P asqp12 -H calx21-ipmi -I lanplus user list 
ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
2   admin            true    false      false      ADMINISTRATOR

Resetting the IPMI Module

Resets the management console without rebooting the BMC 

 # ipmitool mc reset warm

Reboots the BMC 

 # ipmitool mc reset cold

If this fails to restore usability of the interface, you can also attempt a cold reset from Supermicro's IPMICFG: ftp://ftp.supermicro.com/utility/IPMICFG/ 

 # ipmicfg -nm reset

Finally, you can reset the BMC to factory defaults with IPMICFG or ipmitool. Be aware that this will wipe any existing settings on the BMC that you may have set from the web interface, but excludes network settings. 

 # ipmicfg -fd

or 

 # ipmitool raw 0x3c 0x40

To reset your network settings along with the factory reset, use the following IPMICFG command: 

 # ipmicfg -fde
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Ipmitool:_Basic_installation_and_usage&oldid=18081"