Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
home_server:home_server_setup:other_services:ipmi [2020-03-22 Sun wk12 17:32] baumkphome_server:home_server_setup:other_services:ipmi [2023-12-23 Sat wk51 21:07] (current) – [Usage:] baumkp
Line 1: Line 1:
-{{tag>IPMI, IPMITOOL, CLI, BMC}} +{{tag>linux IPMI, IPMITOOL, CLI, BMC}} 
-====IPMI CLI Tools==== +======IPMI CLI Tools====== 
-Much copied from Adam Sweet's wiki on IPMI:+Much copied from Adam Sweet's wiki on IPMI
 + 
 +====What is IPMI?==== 
 + 
 +IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server. 
 + 
 +The primary benefits of IPMI are: 
 +   *View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection. 
 +   *Ability to remotely power on, power off, reboot the server and flash the identification light. 
 +   *Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5. 
 + 
 +Essentially, IPMI will save you purchasing a separate remote power control unit and SOL will save you purchasing an IP KVM, both of which would be quite expensive for the same functionality the IPMI provides. 
 + 
 +Some downside of IPMI: 
 +  *In general systems fitted with IPMI are substantially more expensive than those without 
 +  *The IPMI controller does use power, about 4-6W 
 +  *The IPMI is another security risk vector 
 + 
 +====IPMI Revisions==== 
 + 
 +There are currently 3 IPMI revisions (with details taken from http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html): 
 + 
 +    *IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc. 
 +    *IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard's specification but some vendor specific SOL implementations. 
 +    *IPMI v2.0 - Serial Over LAN enabling console redirection, access control, enhanced authentication, packet encryption using RCMP+, SMbus interface. 
 + 
 +IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers. 
  
 ====Usage:==== ====Usage:====
Line 9: Line 36:
     * List available chassis commands:''sudo ipmitool -I open chassis''     * List available chassis commands:''sudo ipmitool -I open chassis''
     * List chassis policy options ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy''     * List chassis policy options ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy''
-    * Lists currnet chassis policy state: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy list''+    * Lists current chassis policy state: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy list''
     * List all current chassis info: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis status''     * List all current chassis info: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis status''
     * List available power commands''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis power''     * List available power commands''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis power''
Line 29: Line 56:
   * -U  : remote user name to use to connect to IPMI BMC for command   * -U  : remote user name to use to connect to IPMI BMC for command
   * -a  : prompt for remote server password (for CLI, not batch files)   * -a  : prompt for remote server password (for CLI, not batch files)
-  * -f </path/password_file> : specify use of file for remote server password (need for batch files and to prevent constant prompting for password)+  * -f </path/password_file> : specify use of file for remote server password (need for batch files and to prevent constant prompting for password).  This is more secure than actually placing the password on the command line.  The file literally just has the password in it.
  
 =====IPMI BASH Scripts===== =====IPMI BASH Scripts=====
Line 36: Line 63:
  
 The script performs some basic error checking a reporting, of the ipmitool functions used. The script performs some basic error checking a reporting, of the ipmitool functions used.
-Once the ipmi start command has been issued the main computer is check using the ping command to determine if it is actually up.+Once the ipmi start command has been issued the main computer is checked using the ping command to determine if it is actually up.
 The script exits with a 0 upon successful ping attempt or other error codes as noted in the code upon failure. The script exits with a 0 upon successful ping attempt or other error codes as noted in the code upon failure.
  
 edit code: ''sudo vim Myscripts/ipmi_start_05_40.sh'' edit code: ''sudo vim Myscripts/ipmi_start_05_40.sh''
  
-to run script stand along to start the remote computer: ''bash Myscripts/ipmi_start-5_04.sh ; echo $?''+to run script stand alone to start the remote computer: ''bash Myscripts/ipmi_start_05_40.sh ; echo $?''
  
 (the ''echo $?'' will return the error code, as per typical Unix, a 0 return indicates success.) (the ''echo $?'' will return the error code, as per typical Unix, a 0 return indicates success.)
  
-<code>+<code bash>
 #!/bin/bash #!/bin/bash
  
Line 79: Line 106:
     then     then
       exit 0       exit 0
-      # Sucessful communication to machine to be started!+      # Successful communication to machine to be started!
     else     else
       sleep 10       sleep 10
Line 85: Line 112:
 done done
 exit 13 exit 13
-#exit code 13 means that the ping attempts were unsuccessfull+#exit code 13 means that the ping attempts were unsuccessful
 </code> </code>
  
 +====IPMI Stop Script====
 +This script is used to Soft Stop a remote BMC computer via ipmitool.  This negates the need to place command directly on the computer in question.
 +
 +The script performs some basic error checking and reporting, of the ipmitool functions used.
 +Once the ipmi soft stop command has been issued the main computer is check using the ipmi power status command command to determine if it is actually down.
 +The script exits with a 0 upon on successful attempt to verify actual power down or other error codes as noted in the code upon failure.
 +
 +edit code: ''sudo vim ~/Myscripts/ipmi_stop_05_40.sh''
 +
 +to run script stand alone to soft stop the remote computer: ''bash ~/Myscripts/ipmi_stop_05_40.sh ; echo $?''
 +
 +(the ''echo $?'' will return the error code, as per typical Unix, a 0 return indicates success.)
 +
 +<code bash>
 +#!/bin/bash
 +
 +BMC_IP="192.168.1.40"
 +User_Name="baumkp"
 +PW_file_location="/etc/ipmitool"
 +LAN_IP="192.168.1.5"
 +
 +#Check if on
 +status_on="Chassis Power is on"
 +status_off="Chassis Power is off"
 +power_status=$(ipmitool -I lanplus -H $BMC_IP -U $User_Name -f $PW_file_location power status 2>/dev/null)
 +if [ ${?} -ne 0 ]
 +  then exit 11
 +  #error 11 means that the impitool power status return an error
 +  #ipmitool communication to remote machine did not function for any possible reason
 +fi
 +
 +if [ "$power_status" == "$status_on" ]
 +  then
 +    ipmitool -I lanplus -H $BMC_IP -U $User_Name -f $PW_file_location power soft &>/dev/null 2>/dev/null
 +    if [ $? -ne 0 ]
 +      then exit 12
 +      #error 12 means that the ipmi tool power on command returned an error code
 +    fi
 +    sleep 40
 +fi
 +
 +for ((c=1; C<8; c++))
 +do
 +  power_status=$(ipmitool -I lanplus -H $BMC_IP -U $User_Name -f $PW_file_location power status 2>/dev/null)
 +  if [ ${?} -ne 0 ]
 +    then exit 11
 +    #error 11 means that the impitool power status return an error
 +    #ipmitool communication to remote machine did not function for any possible reason
 +  fi
 +
 +  if [ "$power_status" == "$status_off" ]
 +    then
 +    exit 0
 +    # The machine is verified as shutdown
 +  fi
 +  sleep 30
 +  #wait another 30 seconds and check again 
 +done
 +
 +exit 13
 +#exit code 13 means that the machine did not shutdown in the check time period
 +</code>
 ====Test Script==== ====Test Script====
-<code>+<code bash>
 #!/bin/bash #!/bin/bash
  
Line 116: Line 205:
   *041 010 kpts   *041 010 kpts
   *042 001 Router   *042 001 Router
-====What is IPMI?==== 
- 
-IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server. 
- 
-The primary benefits of IPMI are: 
-   *View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection. 
-   *Ability to remotely power on, power off, reboot the server and flash the identification light. 
-   *Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5. 
- 
-Essentially, IPMI will save you purchasing a separate remote power control unit and SOL will save you purchasing an IP KVM, both of which would be quite expensive for the same functionality the IPMI provides. 
- 
-Some downside of IPMI: 
-  *In general systems fitted with IPMI are substantially more expensive than those without 
-  *The IPMI controller does use power, about 4-6W 
-  *The IPMI is another security risk vector 
- 
-====IPMI Revisions==== 
- 
-There are currently 3 IPMI revisions (with details taken from http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html): 
- 
-    *IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc. 
-    *IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard's specification but some vendor specific SOL implementations. 
-    *IPMI v2.0 - Serial Over LAN enabling console redirection, access control, enhanced authentication, packet encryption using RCMP+, SMbus interface. 
- 
-IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers. 
  
 ====Glossary==== ====Glossary====
Line 174: Line 238:
 ---- ----
  
-<- home_server:home_server_setup:other_services:calibre_server|Prev ^ home_server:home_server_setup:other_services:index|Start page ^ home_server:home_server_setup:other_services:disk|Next ->+<- home_server:home_server_setup:other_services:calibre_server|Prev ^ home_server:home_server_setup:other_services:index|Start page ^ home_server:home_server_setup:other_services:ipmi_console|Next ->