home_server:home_server_setup:other_services:ipmi_console

Prev  
 Next

IPMI Console Setup

I have 3 computers from Supermicro with BMC and IPMI. The Supermicro provided utility program IPMIView is good, but the iKVM console redirection facility is woefully unreliable and also seems to be poorly documented! (Probably because it is based upon Java.) Interestingly this utility program is provided for Windows and Linux, and is even available in Manjaro AUR repositories. (This probably actually makes sense as many Supermicro computers with BMC are used on servers that are more Linux focused than Windoz.) I have actually been having these IPMIView Java console blues for many year now on Windows and one solution was to use an earlier version of IPMIView (2.14)that seem to allow more reliable Console redirection

So I tried to see about serial console redirection. Basically most BMC have old RS232 serial port includes and include serial to BMC network redirection. Linux Unix history means good historical serial port and serial terminal support.

Key parts to this are:

  1. Setting up Linux to redirect main boot terminal tty interface to use the serial port
    1. Setup the console redirection in the Grub boot loader of Linux, so the main console window is directed to the serial port. (The serial port is redirected by the BMC to its network.)
    2. Setup and start the Linux serial terminal service upon boot
  2. BMC IPMI Client Setup (Using the BMC IPMI interface to redirect the computer serial tty to the BMC network)
  3. tty terminal controls (e.g. size)

An important reference to setting this up is my on notes on use of ipmitools and imptitools manual die.net ipmitool(1) - Linux man page

The key functions if the ipmitool command, ipmitool -I lanplus -H 192.168.1.40 -U baumkp -f /etc/ipmitool sol info are:

  • -I : Selects IPMI interface to use; options seem to be: lan for IPMI 1.5 and lanplus for IPMI 2.0. (All my interfaces are IPMI 2.0)
  • -H : remote server address IP or hostname; to specify the IPMI BMC connect and use
  • -U : remote user name to use to connect to IPMI BMC for command
  • -a : prompt for remote server password (for CLI, not batch files)
  • -P : input the password in command, not recommended as is in command line history there after, not secure
  • -f </path/password_file> : specify use of file for remote server password (need for batch files and to prevent constant prompting for password). This is more secure than actually placing the password on the command line. The file literally just has the password in it. I usually store in file sudo vim /etc/ipmi and set to root only read/write sudo chown root:root /etc/ipmi and sudo chmod 600 /etc/ipmi

One of the first things to do is confirm which terminal the BMC is actually using for redirection! use the following command to find out, ipmitool -I lanplus -H 192.168.1.40 -U baumkp -f /etc/ipmitool sol info. This gives the following output:

Set in progress                 : set-complete
Enabled                         : true
Force Encryption                : false
Force Authentication            : false
Privilege Level                 : OPERATOR
Character Accumulate Level (ms) : 50
Character Send Threshold        : 80
Retry Count                     : 7
Retry Interval (ms)             : 1000
Volatile Bit Rate (kbps)        : 115.2
Non-Volatile Bit Rate (kbps)    : 115.2
Payload Channel                 : 1 (0x01)
Payload Port                    : 623

The Payload Channel give the tty number used, in the above example, 1.

After this Linux must be setup to redirect the terminal the the serial port. All my servers are running Ubuntu. The following description is for Ubuntu terminal serial redirection. The main resource used was Ubuntu Documentation's SerialConsoleHowto, which is unfortunately a bit old as it does not give any systemd setup information.

I adjusted my grub boot loader configuration as follows sudo vim /etc/default/grub:

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'
 
GRUB_DEFAULT=0
#GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT_STYLE=menu
GRUB_TIMEOUT=8
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="console=tty1 console=ttyS1,115200n8"
 
# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
 
# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
 
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480
 
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true
 
# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"
 
# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

The key lines being:

GRUB_CMDLINE_LINUX="console=tty1 console=ttyS1,115200n8"
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"

The unit number and tty / ttys numbers need to match the payload number of the BMC / IMPI setup for redirection noted above.

After this run the command sudo update-grub to update the grub boot loader based upon the updated configuration file.

The main computer then needs to be rebooted for this change to take effect sudo reboot.

Net we need to ensure the serial terminal is running. Current Ubuntu uses systemd, a reference to setup ttys on systemd is Pid Eins systemd for Administrators, Part XVI which discusses Gettys on Serial Consoles (and Elsewhere). (This is also an older reference, but seems to be a good one for systemd…)

The key command is sudo systemctl enable serial-getty@ttyS1.service. This will start the ttys1 serial tty service on machine boot. This service can be immediately started with sudo systemctl start serial-getty@ttyS1.service.

The Ubuntu Documentation SerialConsoleHowto instruction on server setup of stty are not optimal for systems running systemd, but still ok for Grub boot loader setup. (The client setup is based upon BMC IPMI so the client software setup description is also not relevant.) The BMC IPMI client setup is described below.

On Debian 10 Buster I had some issued with getting ipmi console to work after grub login. To resolve I modified the systemd configuration fill as follows: sudo vim /lib/systemd/system/serial-getty@.service I then modified the line:

#ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM
ExecStart=-/sbin/agetty -o '-p -- \\u' 115200 %I $TERM

Then sudo systemctl daemon-reload followed by sudo systemctl restart serial-getty@ttyS1.service

To connect to the BMC sol within a terminal use the following ipmitools command: ipmitool -I lanplus -H 192.168.1.40 -U baumkp -f /etc/ipmitool sol activate, where:

  • -I : Selects IPMI interface to use; options seem to be: lan for IPMI 1.5 and lanplus for IPMI 2.0. (All my interfaces are IPMI 2.0)
  • -H : remote server address IP or hostname; to specify the IPMI BMC connect and use
  • -U : remote user name to use to connect to IPMI BMC for command
  • -a : prompt for remote server password (for CLI, not batch files)
  • -P : input the password in command, not recommended as is in command line history there after, not secure
  • -f </path/password_file> : specify use of file for remote server password
  • sol : Configure and connect IPMIv2.0 Serial-over-LAN
  • activate : to activate the terminal connection

Once inside the BMC sol terminal the following commands can be used to control the sol connection:

  • ~? : help
  • ~. : to terminate connection
  • ~~ : send the escape character by typing it twice
  • Note that escapes are only recognised immediately after new line.

The tty serial of IPMI connection is not as functional as a full modern Linux terminal and some terminal programs will not fucntion well or at all. That being said it allows basic full headless remote functionality of machine in control.

IPMI is know for not having strong security. Hence it should only be operated in a restricted LAN, where only strict secure outside control is possible.

One problem is the terminal does not autmatically resize, a couple of tools are available to assist with this:

  • The command stty can be used to manually set the terminal size, e.g. stty cols 132 rows 34
  • The command resize automatically resizes the stty terminal to match the local terminal size.
  • The command sudo stty -F /dev/ttyS1 can be used to check the parameters of the ttyS1 serial connection.
  • The command sudo stty -F /dev/ttyS1 115200 can be used to set the ttyS1 serial connection speed to 115200 baud.

Check the man pages or do an internet search on these commands for further information and details.

  • /mnt/shared/www/dokuwiki/data/pages/home_server/home_server_setup/other_services/ipmi_console.txt
  • Last modified: 2022-01-16 Sun wk02 11:20
  • by baumkp