Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
home_server:home_server_setup:other_services:ipmi [2020-03-22 Sun wk12 17:32] – baumkp | home_server:home_server_setup:other_services:ipmi [2023-12-23 Sat wk51 21:07] (current) – [Usage:] baumkp | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | {{tag> | + | {{tag>linux IPMI, IPMITOOL, CLI, BMC}} |
- | ====IPMI CLI Tools==== | + | ======IPMI CLI Tools====== |
- | Much copied from Adam Sweet' | + | Much copied from Adam Sweet' |
+ | |||
+ | ====What is IPMI?==== | ||
+ | |||
+ | IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server. | ||
+ | |||
+ | The primary benefits of IPMI are: | ||
+ | *View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection. | ||
+ | | ||
+ | | ||
+ | |||
+ | Essentially, | ||
+ | |||
+ | Some downside of IPMI: | ||
+ | *In general systems fitted with IPMI are substantially more expensive than those without | ||
+ | *The IPMI controller does use power, about 4-6W | ||
+ | *The IPMI is another security risk vector | ||
+ | |||
+ | ====IPMI Revisions==== | ||
+ | |||
+ | There are currently 3 IPMI revisions (with details taken from http:// | ||
+ | |||
+ | *IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc. | ||
+ | *IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard' | ||
+ | *IPMI v2.0 - Serial Over LAN enabling console redirection, | ||
+ | |||
+ | IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers. | ||
====Usage: | ====Usage: | ||
Line 9: | Line 36: | ||
* List available chassis commands:'' | * List available chassis commands:'' | ||
* List chassis policy options '' | * List chassis policy options '' | ||
- | * Lists currnet | + | * Lists current |
* List all current chassis info: '' | * List all current chassis info: '' | ||
* List available power commands'' | * List available power commands'' | ||
Line 29: | Line 56: | ||
* -U : remote user name to use to connect to IPMI BMC for command | * -U : remote user name to use to connect to IPMI BMC for command | ||
* -a : prompt for remote server password (for CLI, not batch files) | * -a : prompt for remote server password (for CLI, not batch files) | ||
- | * -f </ | + | * -f </ |
=====IPMI BASH Scripts===== | =====IPMI BASH Scripts===== | ||
Line 36: | Line 63: | ||
The script performs some basic error checking a reporting, of the ipmitool functions used. | The script performs some basic error checking a reporting, of the ipmitool functions used. | ||
- | Once the ipmi start command has been issued the main computer is check using the ping command to determine if it is actually up. | + | Once the ipmi start command has been issued the main computer is checked |
The script exits with a 0 upon successful ping attempt or other error codes as noted in the code upon failure. | The script exits with a 0 upon successful ping attempt or other error codes as noted in the code upon failure. | ||
edit code: '' | edit code: '' | ||
- | to run script stand along to start the remote computer: '' | + | to run script stand alone to start the remote computer: '' |
(the '' | (the '' | ||
- | < | + | < |
#!/bin/bash | #!/bin/bash | ||
Line 79: | Line 106: | ||
then | then | ||
exit 0 | exit 0 | ||
- | # Sucessful | + | # Successful |
else | else | ||
sleep 10 | sleep 10 | ||
Line 85: | Line 112: | ||
done | done | ||
exit 13 | exit 13 | ||
- | #exit code 13 means that the ping attempts were unsuccessfull | + | #exit code 13 means that the ping attempts were unsuccessful |
</ | </ | ||
+ | ====IPMI Stop Script==== | ||
+ | This script is used to Soft Stop a remote BMC computer via ipmitool. | ||
+ | |||
+ | The script performs some basic error checking and reporting, of the ipmitool functions used. | ||
+ | Once the ipmi soft stop command has been issued the main computer is check using the ipmi power status command command to determine if it is actually down. | ||
+ | The script exits with a 0 upon on successful attempt to verify actual power down or other error codes as noted in the code upon failure. | ||
+ | |||
+ | edit code: '' | ||
+ | |||
+ | to run script stand alone to soft stop the remote computer: '' | ||
+ | |||
+ | (the '' | ||
+ | |||
+ | <code bash> | ||
+ | #!/bin/bash | ||
+ | |||
+ | BMC_IP=" | ||
+ | User_Name=" | ||
+ | PW_file_location="/ | ||
+ | LAN_IP=" | ||
+ | |||
+ | #Check if on | ||
+ | status_on=" | ||
+ | status_off=" | ||
+ | power_status=$(ipmitool -I lanplus -H $BMC_IP -U $User_Name -f $PW_file_location power status 2>/ | ||
+ | if [ ${?} -ne 0 ] | ||
+ | then exit 11 | ||
+ | #error 11 means that the impitool power status return an error | ||
+ | #ipmitool communication to remote machine did not function for any possible reason | ||
+ | fi | ||
+ | |||
+ | if [ " | ||
+ | then | ||
+ | ipmitool -I lanplus -H $BMC_IP -U $User_Name -f $PW_file_location power soft &>/ | ||
+ | if [ $? -ne 0 ] | ||
+ | then exit 12 | ||
+ | #error 12 means that the ipmi tool power on command returned an error code | ||
+ | fi | ||
+ | sleep 40 | ||
+ | fi | ||
+ | |||
+ | for ((c=1; C<8; c++)) | ||
+ | do | ||
+ | power_status=$(ipmitool -I lanplus -H $BMC_IP -U $User_Name -f $PW_file_location power status 2>/ | ||
+ | if [ ${?} -ne 0 ] | ||
+ | then exit 11 | ||
+ | #error 11 means that the impitool power status return an error | ||
+ | #ipmitool communication to remote machine did not function for any possible reason | ||
+ | fi | ||
+ | |||
+ | if [ " | ||
+ | then | ||
+ | exit 0 | ||
+ | # The machine is verified as shutdown | ||
+ | fi | ||
+ | sleep 30 | ||
+ | #wait another 30 seconds and check again | ||
+ | done | ||
+ | |||
+ | exit 13 | ||
+ | #exit code 13 means that the machine did not shutdown in the check time period | ||
+ | </ | ||
====Test Script==== | ====Test Script==== | ||
- | < | + | < |
#!/bin/bash | #!/bin/bash | ||
Line 116: | Line 205: | ||
*041 010 kpts | *041 010 kpts | ||
*042 001 Router | *042 001 Router | ||
- | ====What is IPMI?==== | ||
- | |||
- | IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server. | ||
- | |||
- | The primary benefits of IPMI are: | ||
- | *View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection. | ||
- | | ||
- | | ||
- | |||
- | Essentially, | ||
- | |||
- | Some downside of IPMI: | ||
- | *In general systems fitted with IPMI are substantially more expensive than those without | ||
- | *The IPMI controller does use power, about 4-6W | ||
- | *The IPMI is another security risk vector | ||
- | |||
- | ====IPMI Revisions==== | ||
- | |||
- | There are currently 3 IPMI revisions (with details taken from http:// | ||
- | |||
- | *IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc. | ||
- | *IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard' | ||
- | *IPMI v2.0 - Serial Over LAN enabling console redirection, | ||
- | |||
- | IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers. | ||
====Glossary==== | ====Glossary==== | ||
Line 174: | Line 238: | ||
---- | ---- | ||
- | <- home_server: | + | <- home_server: |