Ipmitool: Basic installation and usage
Installation
ipmitool can typically be installed via normal OS repositories:
## For Redhat based systems
yum install ipmitool
## For Debian/Ubuntu system
apt-get install ipmitoolTo use ipmitool on locally installed IPMI hardware (i.e. on the same machine ipmitool is installed on) you need to ensure a number of IPMI modules are loaded and running. The three main modules required are:
- ipmi_msghandler
- ipmi_devintf
- ipmi_si
To check these are running, enter the following command:
[root@ral1 ~]# lsmod | grep ipmi
ipmi_si 79661 0
ipmi_devintf 44753 0
ipmi_msghandler 73369 2 ipmi_si,ipmi_devintfIf no modules are shown, modprobe the modules listed above:
modprobe ipmi_msghandler
modprobe ipmi_devintf
modprobe ipmi_siUsage
Ensure the ipmi service is running on the host
[root@compute-0-0 ~]# /etc/init.d/ipmi restart
Stopping all ipmi drivers: [ OK ]
Starting ipmi drivers: [ OK ]All IPMI modules can be accessed locally or over the network:
# To access the local ipmi module:
ipmitool [command]
# To access a ipmi module over the network
ipmitool -U ADMIN -P ADMIN -H 172.16.0.10 [command]In the following examples, we assume we are querying the local module
Check the IP Address of the IPMI modules
[root@compute-0-0 ~]# ipmitool lan print
...
IP Address : 172.16.0.10SOL session
ipmitool -U ADMIN -P ADMIN -H 172.28.1.91 -I lanplus sol activateStatic IP for IPMI interface
To perform a chance of address remotely (*be careful!*)
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipsrc static
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipaddr 172.28.11.19To perform a chance of IP address when logged in locally (ensure the /etc/init.d/ipmi service has been started)
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 10.1.128.1
ipmitool lan set 1 netmask 255.255.0.0
ipmitool lan set 1 defgw ipaddr 10.1.1.1iptables & Firewalls
For full IPMI functionality via the built in web interface, a number of ports (both TCP and UDP) need to be openend if a firewall is to route IPMI traffic.
Supermicro IPMI ports (up to X9 generation/AMI IPMI)
The ports are as follows:
- Port 22 (TCP) - Normal IPMI traffic
- Port 80 (TCP) - HTTP Access
- Port 443 (TCP) - Secure HTTP Access
- Port 555 (TCP) - Unsure but SM say to open this port
- Port 623 (TCP & UDP) - Normal IPMI traffic
- Port 5120 (TCP) - USB CD Emulation (for media redirection)
- Port 5123 (TCP) - USB Floppy Emulation (for media redirection)
- Port 5900 (TCP) - HID Device (USB keyboard/mouse emulation)
- Port 5901 (TCP) - Video Redirection (for KVM-over-IP)
iptables - add rules
# Port 22 may well be open for normal SSH access
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# Remaining ports
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 555 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5120 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5123 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
# Save rules to /etc/sysconfig/iptables
service iptables save