IPMI Console Setup
I have 3 computers from Supermicro with BMC and IPMI. The Supermicro provided utility program IPMIView is good, but the iKVM console redirection facility is woefully unreliable and also seems to be poorly documented! (Probably because it is based upon Java.) Interestingly this utility program is provided for Windows and Linux, and is even available in Manjaro AUR repositories. (This probably actually makes sense as many Supermicro computers with BMC are used on servers that are more Linux focused than Windoz.) I have actually been having these IPMIView Java console blues for many year now on Windows and one solution was to use an earlier version of IPMIView (2.14)that seem to allow more reliable Console redirection
So I tried to see about serial console redirection. Basically most BMC have old RS232 serial port includes and include serial to BMC network redirection. Linux Unix history means good historical serial port and serial terminal support.
Key parts to this are:
- Setting up Linux to redirect main boot terminal tty interface to use the serial port
- Setup the console redirection in the Grub boot loader of Linux, so the main console window is directed to the serial port. (The serial port is redirected by the BMC to its network.)
- Setup and start the Linux serial terminal service upon boot
- BMC IPMI Client Setup (Using the BMC IPMI interface to redirect the computer serial tty to the BMC network)
- tty terminal controls (e.g. size)
An important reference to setting this up is my on notes on use of ipmitools and imptitools manual die.net ipmitool(1) - Linux man page
The key functions if the ipmitool command, ipmitool -I lanplus -H 192.168.1.40 -U baumkp -f /etc/ipmitool sol info
are:
- -I : Selects IPMI interface to use; options seem to be: lan for IPMI 1.5 and lanplus for IPMI 2.0. (All my interfaces are IPMI 2.0)
- -H : remote server address IP or hostname; to specify the IPMI BMC connect and use
- -U : remote user name to use to connect to IPMI BMC for command
- -a : prompt for remote server password (for CLI, not batch files)
- -P : input the password in command, not recommended as is in command line history there after, not secure
- -f </path/password_file> : specify use of file for remote server password (need for batch files and to prevent constant prompting for password). This is more secure than actually placing the password on the command line. The file literally just has the password in it. I usually store in file
sudo vim /etc/ipmi
and set to root only read/writesudo chown root:root /etc/ipmi
andsudo chmod 600 /etc/ipmi
Linux Console Redirection Setup
One of the first things to do is confirm which terminal the BMC is actually using for redirection! use the following command to find out, ipmitool -I lanplus -H 192.168.1.40 -U baumkp -f /etc/ipmitool sol info
. This gives the following output:
Set in progress : set-complete
Enabled : true
Force Encryption : false
Force Authentication : false
Privilege Level : OPERATOR
Character Accumulate Level (ms) : 50
Character Send Threshold : 80
Retry Count : 7
Retry Interval (ms) : 1000
Volatile Bit Rate (kbps) : 115.2
Non-Volatile Bit Rate (kbps) : 115.2
Payload Channel : 1 (0x01)
Payload Port : 623
The Payload Channel
give the tty number used, in the above example, 1.
Grub Bootloader Setup
After this Linux must be setup to redirect the terminal the the serial port. All my servers are running Ubuntu. The following description is for Ubuntu terminal serial redirection. The main resource used was Ubuntu Documentation's SerialConsoleHowto, which is unfortunately a bit old as it does not give any systemd setup information.
I adjusted my grub boot loader configuration as follows sudo vim /etc/default/grub
:
# If you change this file, run 'update-grub' afterwards to update # /boot/grub/grub.cfg. # For full documentation of the options in this file, see: # info -f grub -n 'Simple configuration' GRUB_DEFAULT=0 #GRUB_TIMEOUT_STYLE=hidden GRUB_TIMEOUT_STYLE=menu GRUB_TIMEOUT=8 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="console=tty1 console=ttyS1,115200n8" # Uncomment to enable BadRAM filtering, modify to suit your needs # This works with Linux (no patch required) and with any kernel that obtains # the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) #GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" # Uncomment to disable graphical terminal (grub-pc only) #GRUB_TERMINAL=console GRUB_TERMINAL=serial GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1" # The resolution used on graphical terminal # note that you can use only modes which your graphic card supports via VBE # you can see them in real GRUB with the command `vbeinfo' #GRUB_GFXMODE=640x480 # Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux #GRUB_DISABLE_LINUX_UUID=true # Uncomment to disable generation of recovery mode menu entries #GRUB_DISABLE_RECOVERY="true" # Uncomment to get a beep at grub start #GRUB_INIT_TUNE="480 440 1"
The key lines being:
GRUB_CMDLINE_LINUX="console=tty1 console=ttyS1,115200n8" GRUB_TERMINAL=serial GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
The unit number and tty / ttys numbers need to match the payload number of the BMC / IMPI setup for redirection noted above.
After this run the command sudo update-grub
to update the grub boot loader based upon the updated configuration file.
The main computer then needs to be rebooted for this change to take effect sudo reboot
.
Linux Serial Terminal Setup
Net we need to ensure the serial terminal is running. Current Ubuntu uses systemd, a reference to setup ttys on systemd is Pid Eins systemd for Administrators, Part XVI which discusses Gettys on Serial Consoles (and Elsewhere). (This is also an older reference, but seems to be a good one for systemd…)
The key command is sudo systemctl enable serial-getty@ttyS1.service
. This will start the ttys1 serial tty service on machine boot. This service can be immediately started with sudo systemctl start serial-getty@ttyS1.service
.
The Ubuntu Documentation SerialConsoleHowto instruction on server setup of stty are not optimal for systems running systemd, but still ok for Grub boot loader setup. (The client setup is based upon BMC IPMI so the client software setup description is also not relevant.) The BMC IPMI client setup is described below.
On Debian 10 Buster I had some issued with getting ipmi console to work after grub login. To resolve I modified the systemd configuration fill as follows:
sudo vim /lib/systemd/system/serial-getty@.service
I then modified the line:
#ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM ExecStart=-/sbin/agetty -o '-p -- \\u' 115200 %I $TERM
Then sudo systemctl daemon-reload
followed by sudo systemctl restart serial-getty@ttyS1.service
BMC IPMI SOL Client Setup
To connect to the BMC sol within a terminal use the following ipmitools command: ipmitool -I lanplus -H 192.168.1.40 -U baumkp -f /etc/ipmitool sol activate
, where:
- -I : Selects IPMI interface to use; options seem to be: lan for IPMI 1.5 and lanplus for IPMI 2.0. (All my interfaces are IPMI 2.0)
- -H : remote server address IP or hostname; to specify the IPMI BMC connect and use
- -U : remote user name to use to connect to IPMI BMC for command
- -a : prompt for remote server password (for CLI, not batch files)
- -P : input the password in command, not recommended as is in command line history there after, not secure
- -f </path/password_file> : specify use of file for remote server password
- sol : Configure and connect IPMIv2.0 Serial-over-LAN
- activate : to activate the terminal connection
Once inside the BMC sol terminal the following commands can be used to control the sol connection:
- ~? : help
- ~. : to terminate connection
- ~~ : send the escape character by typing it twice
- Note that escapes are only recognised immediately after new line.
tty terminal controls
The tty serial of IPMI connection is not as functional as a full modern Linux terminal and some terminal programs will not fucntion well or at all. That being said it allows basic full headless remote functionality of machine in control.
IPMI is know for not having strong security. Hence it should only be operated in a restricted LAN, where only strict secure outside control is possible.
One problem is the terminal does not autmatically resize, a couple of tools are available to assist with this:
- The command
stty
can be used to manually set the terminal size, e.g.stty cols 132 rows 34
- The command
resize
automatically resizes the stty terminal to match the local terminal size. (Seems to require large overheads) - The command
sudo stty -F /dev/ttyS1
can be used to check the parameters of the ttyS1 serial connection. - The command
sudo stty -F /dev/ttyS1 115200
can be used to set the ttyS1 serial connection speed to 115200 baud.
The terminal number of columns and rows can be found with tput
or stty
tput cols
returns the number of columnstput rows
returns the number of rowsecho -e “lines\ncols”|tput -S
to get both using tputstty size
, is POSIX compliantstty size | cut -d“ ” -f1
andstty size | cut -d“ ” -f2
will get row and column
Check the man pages or do an internet search on these commands for further information and details.