Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
home_server:home_server_setup:other_services:ipmi [2020-05-06 Wed wk19 21:38] – [IPMI Stop Script] baumkphome_server:home_server_setup:other_services:ipmi [2023-12-23 Sat wk51 21:07] (current) – [Usage:] baumkp
Line 1: Line 1:
-{{tag>IPMI, IPMITOOL, CLI, BMC}} +{{tag>linux IPMI, IPMITOOL, CLI, BMC}} 
-====IPMI CLI Tools==== +======IPMI CLI Tools====== 
-Much copied from Adam Sweet's wiki on IPMI:+Much copied from Adam Sweet's wiki on IPMI
 + 
 +====What is IPMI?==== 
 + 
 +IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server. 
 + 
 +The primary benefits of IPMI are: 
 +   *View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection. 
 +   *Ability to remotely power on, power off, reboot the server and flash the identification light. 
 +   *Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5. 
 + 
 +Essentially, IPMI will save you purchasing a separate remote power control unit and SOL will save you purchasing an IP KVM, both of which would be quite expensive for the same functionality the IPMI provides. 
 + 
 +Some downside of IPMI: 
 +  *In general systems fitted with IPMI are substantially more expensive than those without 
 +  *The IPMI controller does use power, about 4-6W 
 +  *The IPMI is another security risk vector 
 + 
 +====IPMI Revisions==== 
 + 
 +There are currently 3 IPMI revisions (with details taken from http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html): 
 + 
 +    *IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc. 
 +    *IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard's specification but some vendor specific SOL implementations. 
 +    *IPMI v2.0 - Serial Over LAN enabling console redirection, access control, enhanced authentication, packet encryption using RCMP+, SMbus interface. 
 + 
 +IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers. 
  
 ====Usage:==== ====Usage:====
Line 9: Line 36:
     * List available chassis commands:''sudo ipmitool -I open chassis''     * List available chassis commands:''sudo ipmitool -I open chassis''
     * List chassis policy options ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy''     * List chassis policy options ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy''
-    * Lists currnet chassis policy state: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy list''+    * Lists current chassis policy state: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis policy list''
     * List all current chassis info: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis status''     * List all current chassis info: ''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis status''
     * List available power commands''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis power''     * List available power commands''ipmitool -I lanplus -H 192.168.1.42 -U baumkp chassis power''
Line 29: Line 56:
   * -U  : remote user name to use to connect to IPMI BMC for command   * -U  : remote user name to use to connect to IPMI BMC for command
   * -a  : prompt for remote server password (for CLI, not batch files)   * -a  : prompt for remote server password (for CLI, not batch files)
-  * -f </path/password_file> : specify use of file for remote server password (need for batch files and to prevent constant prompting for password)+  * -f </path/password_file> : specify use of file for remote server password (need for batch files and to prevent constant prompting for password).  This is more secure than actually placing the password on the command line.  The file literally just has the password in it.
  
 =====IPMI BASH Scripts===== =====IPMI BASH Scripts=====
Line 41: Line 68:
 edit code: ''sudo vim Myscripts/ipmi_start_05_40.sh'' edit code: ''sudo vim Myscripts/ipmi_start_05_40.sh''
  
-to run script stand alone to start the remote computer: ''bash Myscripts/ipmi_start-5_04.sh ; echo $?''+to run script stand alone to start the remote computer: ''bash Myscripts/ipmi_start_05_40.sh ; echo $?''
  
 (the ''echo $?'' will return the error code, as per typical Unix, a 0 return indicates success.) (the ''echo $?'' will return the error code, as per typical Unix, a 0 return indicates success.)
  
-<code>+<code bash>
 #!/bin/bash #!/bin/bash
  
Line 97: Line 124:
 edit code: ''sudo vim ~/Myscripts/ipmi_stop_05_40.sh'' edit code: ''sudo vim ~/Myscripts/ipmi_stop_05_40.sh''
  
-to run script stand alone to soft stop the remote computer: ''bash ~/Myscripts/ipmi_stop-5_04.sh ; echo $?''+to run script stand alone to soft stop the remote computer: ''bash ~/Myscripts/ipmi_stop_05_40.sh ; echo $?''
  
 (the ''echo $?'' will return the error code, as per typical Unix, a 0 return indicates success.) (the ''echo $?'' will return the error code, as per typical Unix, a 0 return indicates success.)
  
-<code>+<code bash>
 #!/bin/bash #!/bin/bash
  
Line 151: Line 178:
 </code> </code>
 ====Test Script==== ====Test Script====
-<code>+<code bash>
 #!/bin/bash #!/bin/bash
  
Line 178: Line 205:
   *041 010 kpts   *041 010 kpts
   *042 001 Router   *042 001 Router
-====What is IPMI?==== 
- 
-IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server. 
- 
-The primary benefits of IPMI are: 
-   *View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection. 
-   *Ability to remotely power on, power off, reboot the server and flash the identification light. 
-   *Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5. 
- 
-Essentially, IPMI will save you purchasing a separate remote power control unit and SOL will save you purchasing an IP KVM, both of which would be quite expensive for the same functionality the IPMI provides. 
- 
-Some downside of IPMI: 
-  *In general systems fitted with IPMI are substantially more expensive than those without 
-  *The IPMI controller does use power, about 4-6W 
-  *The IPMI is another security risk vector 
- 
-====IPMI Revisions==== 
- 
-There are currently 3 IPMI revisions (with details taken from http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html): 
- 
-    *IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc. 
-    *IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard's specification but some vendor specific SOL implementations. 
-    *IPMI v2.0 - Serial Over LAN enabling console redirection, access control, enhanced authentication, packet encryption using RCMP+, SMbus interface. 
- 
-IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers. 
  
 ====Glossary==== ====Glossary====
Line 236: Line 238:
 ---- ----
  
-<- home_server:home_server_setup:other_services:calibre_server|Prev ^ home_server:home_server_setup:other_services:index|Start page ^ home_server:home_server_setup:other_services:disk|Next ->+<- home_server:home_server_setup:other_services:calibre_server|Prev ^ home_server:home_server_setup:other_services:index|Start page ^ home_server:home_server_setup:other_services:ipmi_console|Next ->