Difference between revisions of "Ipmitool: Basic installation and usage"
| Line 126: | Line 126: | ||
2 admin true false false ADMINISTRATOR | 2 admin true false false ADMINISTRATOR | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | == Resetting the IPMI Module == | ||
| + | Resets the management console without rebooting the BMC | ||
| + | |||
| + | # ipmitool mc reset warm | ||
| + | |||
| + | Reboots the BMC | ||
| + | |||
| + | # ipmitool mc reset cold | ||
| + | |||
| + | If this fails to restore usability of the interface, you can also attempt a cold reset from Supermicro's IPMICFG: ftp://ftp.supermicro.com/utility/IPMICFG/ | ||
| + | |||
| + | # ipmicfg -nm reset | ||
| + | |||
| + | Finally, you can reset the BMC to factory defaults with IPMICFG or ipmitool. Be aware that this will wipe any existing settings on the BMC that you may have set from the web interface, but excludes network settings. | ||
| + | |||
| + | # ipmicfg -fd | ||
| + | |||
| + | or | ||
| + | |||
| + | # ipmitool raw 0x3c 0x40 | ||
| + | |||
| + | To reset your network settings along with the factory reset, use the following IPMICFG command: | ||
| + | |||
| + | # ipmicfg -fde | ||
Latest revision as of 10:32, 24 November 2016
Installation
ipmitool can typically be installed via normal OS repositories:
## For Redhat based systems
yum install ipmitool
## For Debian/Ubuntu system
apt-get install ipmitoolTo use ipmitool on locally installed IPMI hardware (i.e. on the same machine ipmitool is installed on) you need to ensure a number of IPMI modules are loaded and running. The three main modules required are:
- ipmi_msghandler
- ipmi_devintf
- ipmi_si
To check these are running, enter the following command:
[root@ral1 ~]# lsmod | grep ipmi
ipmi_si 79661 0
ipmi_devintf 44753 0
ipmi_msghandler 73369 2 ipmi_si,ipmi_devintfIf no modules are shown, modprobe the modules listed above:
modprobe ipmi_msghandler
modprobe ipmi_devintf
modprobe ipmi_siUsage
Ensure the ipmi service is running on the host
[root@compute-0-0 ~]# /etc/init.d/ipmi restart
Stopping all ipmi drivers: [ OK ]
Starting ipmi drivers: [ OK ]All IPMI modules can be accessed locally or over the network:
# To access the local ipmi module:
ipmitool [command]
# To access a ipmi module over the network
ipmitool -U ADMIN -P ADMIN -H 172.16.0.10 [command]In the following examples, we assume we are querying the local module
Check the IP Address of the IPMI modules
[root@compute-0-0 ~]# ipmitool lan print
...
IP Address : 172.16.0.10SOL session
From a remote system
ipmitool -U ADMIN -P ADMIN -H 172.28.1.91 -I lanplus sol activateStatic IP for IPMI interface
To perform a change of address remotely (*be careful!*)
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipsrc static
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipaddr 172.28.11.19To perform a chance of IP address when logged in locally (ensure the /etc/init.d/ipmi service has been started)
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 10.1.128.1
ipmitool lan set 1 netmask 255.255.0.0
ipmitool lan set 1 defgw ipaddr 10.1.1.1iptables & Firewalls
For full IPMI functionality via the built in web interface, a number of ports (both TCP and UDP) need to be openend if a firewall is to route IPMI traffic.
Supermicro IPMI ports (up to X9 generation/AMI IPMI)
The ports are as follows:
- Port 22 (TCP) - Normal IPMI traffic
- Port 80 (TCP) - HTTP Access
- Port 443 (TCP) - Secure HTTP Access
- Port 555 (TCP) - Unsure but SM say to open this port
- Port 623 (TCP & UDP) - Normal IPMI traffic
- Port 5120 (TCP) - USB CD Emulation (for media redirection)
- Port 5123 (TCP) - USB Floppy Emulation (for media redirection)
- Port 5900 (TCP) - HID Device (USB keyboard/mouse emulation)
- Port 5901 (TCP) - Video Redirection (for KVM-over-IP)
iptables - add rules
# Port 22 may well be open for normal SSH access
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# Remaining ports
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 555 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5120 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5123 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
# Save rules to /etc/sysconfig/iptables
service iptables saveChange IPMI Password
View the current users (default password is admin):
$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user list
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
2 admin true false false ADMINISTRATORSet the updated password (note the user id, in this instance is 2)
$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user set password 2 asqp12
$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user list
Error: Unable to establish IPMI v2 / RMCP+ session
Get User Access command failed (channel 14, user 1)
$ ipmitool -U admin -P asqp12 -H calx21-ipmi -I lanplus user list
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
2 admin true false false ADMINISTRATORResetting the IPMI Module
Resets the management console without rebooting the BMC
# ipmitool mc reset warm
Reboots the BMC
# ipmitool mc reset cold
If this fails to restore usability of the interface, you can also attempt a cold reset from Supermicro's IPMICFG: ftp://ftp.supermicro.com/utility/IPMICFG/
# ipmicfg -nm reset
Finally, you can reset the BMC to factory defaults with IPMICFG or ipmitool. Be aware that this will wipe any existing settings on the BMC that you may have set from the web interface, but excludes network settings.
# ipmicfg -fd
or
# ipmitool raw 0x3c 0x40
To reset your network settings along with the factory reset, use the following IPMICFG command:
# ipmicfg -fde