Ipmitool: Basic installation and usage

From Define Wiki
Jump to navigation Jump to search

Installation

ipmitool can typically be installed via normal OS repositories: 

## For Redhat based systems
yum install ipmitool

## For Debian/Ubuntu system
apt-get install ipmitool

To use ipmitool on locally installed IPMI hardware (i.e. on the same machine ipmitool is installed on) you need to ensure a number of IPMI modules are loaded and running. The three main modules required are:

  • ipmi_msghandler
  • ipmi_devintf
  • ipmi_si

To check these are running, enter the following command: 

[root@ral1 ~]# lsmod | grep ipmi
ipmi_si                79661  0 
ipmi_devintf           44753  0 
ipmi_msghandler        73369  2 ipmi_si,ipmi_devintf

If no modules are shown, modprobe the modules listed above: 

modprobe ipmi_msghandler
modprobe ipmi_devintf
modprobe ipmi_si

Usage

Ensure the ipmi service is running on the host 

[root@compute-0-0 ~]# /etc/init.d/ipmi restart 
Stopping all ipmi drivers:                                 [  OK  ]
Starting ipmi drivers:                                     [  OK  ]

All IPMI modules can be accessed locally or over the network: 

# To access the local ipmi module:
ipmitool [command]

# To access a ipmi module over the network
ipmitool -U ADMIN -P ADMIN -H 172.16.0.10 [command]

In the following examples, we assume we are querying the local module

Check the IP Address of the IPMI modules 

[root@compute-0-0 ~]# ipmitool lan print 
...
IP Address              : 172.16.0.10

SOL session

 ipmitool -U ADMIN -P ADMIN -H 172.28.1.91 -I lanplus sol activate

Static IP for IPMI interface

To perform a chance of address remotely (*be careful!*) 

ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipsrc static 
ipmitool -U admin -P admin -H 172.28.1.51 lan set 1 ipaddr 172.28.11.19

To perform a chance of IP address when logged in locally (ensure the /etc/init.d/ipmi service has been started) 

  ipmitool lan set 1 ipsrc static
  ipmitool lan set 1 ipaddr 10.1.128.1
  ipmitool lan set 1 netmask 255.255.0.0
  ipmitool lan set 1 defgw ipaddr 10.1.1.1

iptables & Firewalls

For full IPMI functionality via the built in web interface, a number of ports (both TCP and UDP) need to be openend if a firewall is to route IPMI traffic.

Supermicro IPMI ports (up to X9 generation/AMI IPMI)

The ports are as follows:

  • Port 22 (TCP) - Normal IPMI traffic
  • Port 80 (TCP) - HTTP Access
  • Port 443 (TCP) - Secure HTTP Access
  • Port 555 (TCP) - Unsure but SM say to open this port
  • Port 623 (TCP & UDP) - Normal IPMI traffic
  • Port 5120 (TCP) - USB CD Emulation (for media redirection)
  • Port 5123 (TCP) - USB Floppy Emulation (for media redirection)
  • Port 5900 (TCP) - HID Device (USB keyboard/mouse emulation)
  • Port 5901 (TCP) - Video Redirection (for KVM-over-IP)

iptables - add rules

# Port 22 may well be open for normal SSH access
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

# Remaining ports
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 555 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 623 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5120 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5123 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT

# Save rules to /etc/sysconfig/iptables
service iptables save

Change IPMI Password

View the current users (default password is admin): 

$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user list 
ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
2   admin            true    false      false      ADMINISTRATOR

Set the updated password (note the user id, in this instance is 2) 

$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user set password 2 asqp12

$ ipmitool -U admin -P admin -H calx21-ipmi -I lanplus user list 
Error: Unable to establish IPMI v2 / RMCP+ session
Get User Access command failed (channel 14, user 1)
$ ipmitool -U admin -P asqp12 -H calx21-ipmi -I lanplus user list 
ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
2   admin            true    false      false      ADMINISTRATOR
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Ipmitool:_Basic_installation_and_usage&oldid=2982"