Running IPMI on Linux
What is IPMI?
IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server.
The primary benefits of IPMI are:
- - View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection.
- Ability to remotely power on, power off, reboot the server and flash the identification light.
- Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5.
IPMI Revisions
There are currently 3 IPMI revisions:
- - IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc.
- IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard's specification but some vendor specific SOL implementations.
- IPMI v2.0 - Serial Over LAN enabling console redirection, access control, enhanced authentication, packet encryption using RCMP+, SMbus interface.
IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers.
Glossary
List of IPMI terms.
- - BMC : Baseboard Management Controllers. IPMI compliant micro controllers that handle system event management. These are usually available as cPCI cards.
- GPCagent : A SuperMicro proprietary “Graceful Power” control agent. This agent provides graceful power control features for both Linux and windows platform. GPC means the OS will shutdown gracefully before a power shutdown. It is available from the SuperMicro website. It run as a daemon (smagent) on a Linux based managed system. It requires openIPMI kernel modules to be installed on the managed system to interact with the IPMI device.
- i2c : A low speed (>=400khz) system management interface supported on most embedded systems. It is similar to the SMBus.
- ipmicli : A SuperMicro proprietary command line interface for Linux, similar in function to IPMIView, available from the SuperMicro website.
- IPMItool : An opensource tool for accessing the IPMI device through either local or remote access. Its a command line tool that can used to perform various commands for reading and writing to the IPMI device. It is equivalent to the ipmicli proprietary tool except for console redirection which is not available on this tool.
- IPMIView : A SuperMicro proprietary java applet available from SuperMicro website. Runs on both windows (tested on windows2k) and Linux (fc3) platforms. This runs on the remote system and can be used to interact with the IPMI interface on the managed system. This software provides sensor monitoring, secure login, LAN/IP configuration, chassis power control and console redirection terminal. It also provides a graceful power shutdown/restart option that requires a daemon running on the managed system.
- ipnmac : A SuperMicro proprietary command line tool for Linux to set the IP and mac address for the ipmi interface. This tool can be used to set the address locally on the managed system.
Managed system : system which is to be managed using IPMI. The IPMI card is installed on this machine. IPMI v2.0 supports both local and remote access to the BMC. Local access is provided through a system interface like kCS (IO port). Remote access is provided through the onboard LAN interface (on IPMI supported motherboards).
- OpenIPMI : An opensource IPMI project that maintains linux drivers for the IPMI device. These drivers run on the managed system and provide a local interface to the IPMI card. They also support a primitive command line utility, equivalent to the ipmicli. The utility is meant more as a sample than a working tool.
- Remote system : System from which the IPMI enabled server is managed. This is usually over the network.
- SMbus : System Management bus. A low speed (<100khz) system management interface supported on most PC and server motherboards. It is similar to the I2C bus. The BMC uses the SMbus to communicate with motherboard sensors and Ethernet interface.
- SuperoDoctor : A SuperMicro proprietary IPMI tool. Verision II is a command line tool for local access on the managed system to IPMI interface. Version III is a GUI based tool for local access but works only on windows platform. This requires the openIPMI kernel modules to be installed on the managed machine.
Installation
This guide covers the installation of IPMI tools on Dell 1425 servers and Supermicro servers with a PDSMi+ motherboard. The instructions will be relevant for other server models, but I make no promises. I make references in the links section to Supermicro X7DVL based hardware which comes with a different IPMI BMC but I haven't spent much time investigating the hardware.
For Supermicro servers, open up the server chassis and make a note of the MAC address on the IPMI port. You're supposed need this later when flashing the BMC with it's firmware, however I found that it wasn't necessary to tell the BMC it's MAC address as it already knew and offered it as a default when asking for it. The wise amongst you will write this down anyway and compare it to what the flashing utility says. Beware also that the Supermicro docs erroneously tell you to get the MAC address from the LAN ports, not the BMC socket, this is wrong, you need the MAC written on the BMC's socket.
In the BIOS, set the console redirection to COM2, which is the BMC console port, it doesn't physically exist). Disable BIOS redirection after POST, choose a baud rate (19200 is default on PDSMI+ motherboards, so we used it as a default on everything to keep things tidy, Supermicro X7DVL motherboards which use a SIMIPMI BMC could use a number of different baud rates, your choice is up to you), a terminal type (vt100 works ok for me) and leave the other settings as they are.
Supermicro BMCs require you to boot from a CD and use their tool to flash the BMC prior to use, refer to the FTP link below and go up a few directories to get the latest IPMI CD image (the one shipped with the server caused me problems). Burn the image to a CD and boot from it. Use the utility to install the firmware for your IPMI version and then your motherboard version. I had to guess whether to use RCMP+ (meaning it supports encryption) or RCMP (meaning no encryption). I have the Supermicro AOC-IPMI20-E and it wouldn't work with RCMP+, even though it will upload a firmware for you. It worked after I reflashed it with the RCMP version.
When the process finished, use the ipnmac utility while still booted from the CD, by typing ipnmac (if you're not in the right directory you'll have to navigate using cd and dir commands to find it). Give it a unique IP address from any other interface on the machine or on your network. The BMC needs to be network addressable in its own right. Also give it the MAC address you took from the IPMI socket on the motherboard, not the one written on the LAN ports as suggested by the official Supermicro docs. As I said before, I found that the flashing utility offered the correct MAC address as a default at this stage, but it would be wise to check it against what you wrote down earlier.
Once this step is done, hit CTRL-Alt-Del and remove the CD.
For Dell 1425 servers (and probably other Dells), hit Alt-3 when prompted to enter the BMC setup and give it some unique network settings and some user settings (make your passwords secure!).
You can boot now into Linux, or from a Linux installer CD.
Note on network configuration:
Both Dell 1425s and Supermicro PDSMi+ motherboards use the first LAN port to redirect the IPMI traffic over when using SOL. For this reason, whether you intend to use SOL or not, it is a good idea to use the first LAN ports, almost certainly eth0, as your local network interface, rather than an Internet visible interface.
Once booted into Linux, install openipmi on all machines with a BMC and ipmitool on every machine from which you wish to run IPMI commands locally or to send IPMI commands to a remote machine. Red Hat, FC and Centos users will have to install OpenIPMI and OpenIPMI-tools. SUSE and other Linux users will have figure out what to do themselves for ipmitool. There are IPMItool packages on the website if they're not in your package-shallow distros . OpenIPMI is not required to send ipmi commands to remote machines. You only need OpenIPMI where you want to run IPMI commands locally, manage the BMC locally from the OS (which you want to do if you have a BMC in the machine) or I presume to do console redirection over the BMC.
Next you need to load the kernel modules. Fedora/Red Hat/Centos people just need to run setup, open the services tool and check the ipmi box then run /etc/init.d/ipmi start. On Ubuntu I had to do the following, Red Hat and derivatives could try this if their devices aren't found when starting the service. Try modprobing ipmi_si without any options at first, then build up the options if it fails. If you're not sure which method your BMC uses, try leaving out the type= parameter as the module will figure it out.
For kernel 2.6.x:
- Code: Select all
modprobe ipmi_msghandler
modprobe ipmi_devintf
modprobe ipmi_si type=kcs ports=0xca8 regspacings=4
If ipmi_si won't load, look at the output of dmidecode for the base address of your IPMI BMC and then use that base address for the ports=<base address> module option. The default ports option is 0xca2 so if your BMC is at that address according to dmidecode, then you don't need this option. A SLES 10 user tells me that they did have to specify the ports value 0xca2 on an HP DL380 G5, so perhaps it isn't always the default.
Kernel 2.4 people will have to follow the Debian IPMI instructions, as you're living in a world I haven't encountered with IPMI. You should note that ipmi_si is called ipmi_si_drv and its regspacings option is called si_regspacings. You may also have to make your own device node if you're not using devfs, as documented in the Debian instructions. After modprobing the relevent modules successfully, ls -l /dev/ipmi0 to see if you have a device node before trying to create one.
If this works without errors then Fedora/RH/Centos people are set, Ubuntu/Debian people need to add the modules and options to /etc/modules.conf or maybe add the modprobe commands to /etc/init.d/local if you have no other way.
If you then cat /proc/devices, you should see your IPMI device listed and ls -l /dev/ipmi0 should show your device node.
Setting Up Serial Consoles
Neither of the 2 brands of BMCs I have set up have a physical serial port, they are logical and are managed by the BMC.
You should have set up your BIOS for console redirection earlier, so now we will do the bootloader and init.
To allow your bootloader to redirect over the BMC's serial port, edit /boot/grub/grub.conf, sometimes known as /boot/grub/menu.list add the following lines to grub.conf or menu.list:
- Code: Select all
serial --unit=1 --speed=19200 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console
Disable splash screens by commenting out anything starting with splash outside of the OS boot menu section and remove any splash options from your kernel lines. A text console can't display them.
To make kernel messages output over your BMC, add console=tty0 console=ttyS1,19200n8r to the end of your kernel lines, so it should look something like the following:
title kernel 2.6.15-26-amd64-server
root (hd0,0)
kernel /vmlinuz-2.6.15-26-amd64-server root=/dev/sda2 ro quiet console=tty0 console=ttyS1,19200n8r
initrd /initrd.img-2.6.15-26-amd64-server
savedefault
boot
This gives you a serial console on the second serial port, which should be your BMC's serial port, at 19200Kb per second, which should match what you chose in the BIOS. The order of the console options above is important. The last listed will be the system's default console which will display the boot messages and kernel errors. This means that after halfway through the boot process, during shutdown and when there are kernel errors, only the serial console will see the messages. As you want to work remotely, this is the way it has to be. You can't have more than one default console. You can however interrupt grub at boot time and edit the kernel line for a single boot with different parameters if you need to see the default console locally but remember that they will persist until you reboot, which means that if you reboot but still want to see them locally, you'll have to interrupt and edit grub at boot time again and also, to see them remotely again, you need to remember to reboot.
About halfway through the bootup procedure, once the kernel has booted and loaded drivers for your hardware and has mounted the hard disks and so on, the bootloader hands over to init which brings up your services and network configurations etc. To get init and therefore your booting/booted Linux system redirecting the console over the BMC's serial port, edit /etc/inittab and add the following line to the console section for Debian/Ubuntu:
S1:2345:respawn:/sbin/getty -L ttyS1 19200 vt100
For Fedora/Red Hat/CentOS:
S1:2345:respawn:/sbin/agetty -h ttyS1 19200 vt100
This gives you a serial console on the second serial port, which should be your BMC's serial port, for the BIOS as configured earlier, the bootloader and init. Again, change 19200 to whatever you chose in your BIOS.
Users of Ubuntu (and presumably Debian and it's other derivative distributions) can read https://help.ubuntu.com/community/IPMI for assistance with all of this stuff. I guess it will be useful for everybody else too, if you can recognise where it is Ubuntu specific.
IPMI Commands
You should then be able to run some IPMI commands locally (probably need to be root as root owns the device node):
- Code: Select all
ipmitool -I open chassis power status
Chassis Power is on
ipmitool -I open chassis status
System Power : on
Power Overload : false
Power Interlock : inactive
Main Power Fault : false
Power Control Fault : false
Power Restore Policy : always-off
Last Power Event :
Chassis Intrusion : inactive
Front-Panel Lockout : inactive
Drive Fault : false
Cooling/Fan Fault : false
Sleep Button Disable : allowed
Diag Button Disable : allowed
Reset Button Disable : allowed
Power Button Disable : allowed
Sleep Button Disabled: true
Diag Button Disabled : true
Reset Button Disabled: true
Power Button Disabled: true
Command dissection:
- Code: Select all
ipmitool -I open chassis power status
-I open - use the local openipmi interface. It seems that when the interface is local, it can be omitted from the command and the command will default to the local interface.
chassis - run a command from the chassis set of commands.
power - run a command relating to power.
status - show the status of the chassis power status.
Thats pretty simple.
Assuming you get a local response, then try a remote command from another machine, you won't need to be root as you are talking to the BMC directly, rather than through the OS. IPMI 2.0 BMCs support both encrypted (RCMP+) and non-encrypted (RCMP) IPMI traffic sent over the network, 1.5 BMCs only support non-encrypted traffic. Encrypted lan traffic is specified by the lanplus parameter, where as non-encrypted network traffic is specified by the lan parameter.
- Code: Select all
ipmitool -I lanplus -H 192.168.10.123 -U root -a chassis power status
Password:
Chassis Power is on
ipmitool -I lanplus -H 192.168.10.123 -U root -a chassis status
Password:
System Power : on
Power Overload : false
Power Interlock : inactive
Main Power Fault : false
Power Control Fault : false
Power Restore Policy : always-off
Last Power Event :
Chassis Intrusion : inactive
Front-Panel Lockout : inactive
Drive Fault : false
Cooling/Fan Fault : false
Sleep Button Disable : allowed
Diag Button Disable : allowed
Reset Button Disable : allowed
Power Button Disable : allowed
Sleep Button Disabled: true
Diag Button Disabled : true
Reset Button Disabled: true
Power Button Disabled: true
Command dissection:
- Code: Select all
ipmitool -I lanplus -H 192.168.10.123 -U ipmiadmin -a chassis power status
-I lanplus - Run the command over the LAN with encryption for IPMI 2.0 hosts. You can use ''-I lan'' to send commands over the lan for 1.5 hosts as they don't support the encryption used by lanplus. 2.0 hosts can also use ''-I lan'' but why would you want to when 2.0 hosts can use encryption.
-H 192.168.10.123 - -H means host followed by an IP address or hostname.
-U root - -U specifies a user, followed by the username set up on the BMC, this is not a local or remote OS user.
-a - prompt for password. You can also possible to supply the password as an environment variable instead of using -a, but I guess this is less secure.
chassis power status - as per the local command dissection.
If that all works for you then you can a woop and a holler.
IPMItool has a familiar UNIX bash shell or Cisco IOS syntax, which allows you to complete the command as you go along. If you type in an incomplete command, IPMItool will provide you with a list of options that can be used to complete your command.
Simply typing ipmitool -I open will offer the top-level sub-commands, which you can then choose from to add to your command.
- Code: Select all
ipmitool -I open
No command provided!
Commands:
raw Send a RAW IPMI request and print response
i2c Send an I2C Master Write-Read command and print response
lan Configure LAN Channels
chassis Get chassis status and set power state
event Send pre-defined events to MC
mc Management Controller status and global enables
sdr Print Sensor Data Repository entries and readings
sensor Print detailed sensor information
fru Print built-in FRU and scan SDR for FRU locators
sel Print System Event Log (SEL)
pef Configure Platform Event Filtering (PEF)
sol Configure IPMIv2.0 Serial-over-LAN
isol Configure IPMIv1.5 Serial-over-LAN
user Configure Management Controller users
channel Configure Management Controller channels
session Print session information
sunoem OEM Commands for Sun servers
shell Launch interactive IPMI shell
exec Run list of commands from file
set Set runtime variable for shell and exec
- Code: Select all
ipmitool -I open user
User Commands: summary [<channel number>]
list [<channel number>]
set name <user id> <username>
set password <user id> [<password>]
disable <user id>
enable <user id>
test <user id> <16|20> [<password]>
- Code: Select all
ipmitool -I open chassis
Chassis Commands: status, power, identify, policy, restart_cause, poh, bootdev
ipmitool -I open chassis power
chassis power Commands: status, on, off, cycle, reset, diag, soft
…And so on.
Beware, powering the server off or rebooting does not do a graceful shutdown like the OS would. They are the same as holding in the power button or pressing the reboot button. Supermicro offer a graceful shutdown daemon for Windows and Linux which will respond to the graceful showdown and reboot commands provided by Supermicro's graphical Java IPMI control application IPMIview.
Setting Up the BMC
The Supermicro BMCs send out arp requests gratuitously which can degrade performance, so we will turn them off:
- Code: Select all
ipmitool lan set 1 arp generate off
We will also set the BMC's netmask as well as it's default and backup gateways:
- Code: Select all
ipmitool lan set 1 netmask 255.255.255.0
ipmitool lan set 1 defgw ipaddr 192.168.1.1
ipmitool lan set 1 bakgw ipaddr 192.168.1.2
You can also set the gateway MAC addresses if you want to.
And now set it's SNMP community name so that we can send SNMP traps:
- Code: Select all
ipmitool lan set 1 snmp <community name>
Getting a Remote Console Using IPMI
To get a Serial Over LAN console, assuming you have set up the various BMC redirections correctly, run:
- Code: Select all
ipmitool -I lanplus -H 192.168.10.123 -U ipmiadmin -a sol activate
SOL only works on IPMI 2.0 BMCs and so only works with devices which support the encrypted lanplus interface (though my Supermicro's would do it without encryption using the graphical tool described below).
If SOL doesn't work or you simply want to quit your SOL session, you can use the key sequence:
- Code: Select all
~.
to get out. It seems that inside a SOL session, all of ipmitool's SOL session commands start with the character ~.
Alternatively you may use a graphical tool as described below.
Graphical IPMI
Graphical IPMI tools make life easier as you don't have to remember commands or syntax and as most GUI tools are provided by the IPMI device vendors, they may offer vendor specific functionality that isn't available in the generic command line tools. Of course, in all cases except regarding vendor specific (and thus not standards compliant) functionality, the command line tools should provide all necessary functionality and so GUI tools are not essential to get IPMI working.
This section describes the installation and use of Supermicro's IPMIView. I am told that Dell's OpenManage suite also offers some GUI IPMI tools but I can't vouch for that as the Dell servers I used didn't seem to come with OpenManage. There are surely other GUI IPMI tools from other vendors, I just don't know about them.
There is a Java application from Supermicro called IPMIView which allows you to graphically manage servers with IPMI BMCs. The primary advantage of this tool is that SOL works easily and you can issue graceful reboot and shutdown commands if you install Supermicro's graceful shutdown daemon. CDR-SIMIPMI_1.13_for_SIM_IPMI.
Install as a regular user using sudo from the command line (by uncommenting the following line from /etc/sudoers if need to):
- Code: Select all
%wheel ALL=(ALL) ALL
…and adding your user to the wheel group:
- Code: Select all
usermod -G wheel <username>
Make the installer executable:
- Code: Select all
chmod +x ./IPMIView-Linux_2.6.31_071005.bin
and run it as sudo:
- Code: Select all
sudo ./IPMIView-Linux_2.6.31_071005.bin
It should now run. When the install finishes you need to chmod +x the bundled JRE directory as it's root only by default:
- Code: Select all
sudo chmod -R +x /opt/SUPERMICRO/IPMIView/_jvm/
Now you should be able to run
- Code: Select all
/opt/SUPERMICRO/IPMIView/IPMIView20.bin
as a regular user and create a desktop icon for it by right-clicking the desktop, clicking Create Launcher and providing the command as above and any other meta-data you wish to add, like description, name and and a nice icon from the installation directory.
Using the IPMIView application is covered in the Supermicro documentation (seems to be the only thing covered in them too…)
Adding an IPMI User With IPMIView
You should now be able to search for the host's IPMI device address in IPMIView and log in with the username and password of ADMIN. You should add a new user, change it's user level to administrator and delete the ADMIN user.
IPMI
This is intended to help fairly knowledgeable people get IPMI working on their hosts so they can issue remote commands to their hardware. I focus on Red Hat Enterprise Linux on a Dell, but it is likely to work on other hosts, distributions, and OSes, too. This works for me on Dell PowerEdge 1850, PowerEdge 2850, Dell PowerEdge 1950, and Dell PowerEdge 2950 hardware.
Dell PowerEdge 1650, 2650, and 1750 servers have an older implementation of IPMI which will let you issue commands locally, but not to these models over the network.
Before you begin:
The Baseboard Management Controller (BMC) is the thing that implements IPMI. It piggybacks on the first built-in NIC so you have to have that attached to the network on the hosts you wish to manage. It uses its own IP address (so you need an extra one).
If you are new to this get a server that is nearby to act as your test machine. Most of the IPMI commands that shut the host down also kill the BMC. If that happens you’ll need to go power the machine on manually. Until you figure out exactly what is okay and what isn’t you’ll be pushing the power button a lot.
You will need a Linux host to send the IPMI commands from. Undoubtedly there are ways to send these commands from other operating systems, but as I am a Linux guy I’ll use that as my example. Feel free to post comments addressing other OSes.
Getting the OS prepared:
1) Install IPMItool and the startup scripts. On Red Hat Enterprise Linux install the OpenIPMI, OpenIPMI-tools, OpenIPMI-libs, and OpenIPMI-devel packages. That will get you everything you need. There are similar packages available for other distributions (SuSE, Ubuntu, CentOS, etc.). You’ll need IPMItool on any machine you want to configure, and any machine you want to send commands from.
2) Enable the IPMI service:
- Code: Select all
/sbin/chkconfig ipmi on
3) Start the IPMI service, which will load the kernel modules for you:
- Code: Select all
/sbin/service ipmi start
Configure the BMC for Remote Usage:
1) There are two ways to configure the BMC. You can configure it through the boot-time menu (Ctrl-E), where you can set the management password and IP address information. Or, you can configure it with ipmitool from the OS. Replace my sample IP address, gateway, and netmask with your own:
- Code: Select all
ipmitool -I open lan set 1 ipaddr 192.168.2.2
ipmitool -I open lan set 1 defgw ipaddr 192.168.2.1
ipmitool -I open lan set 1 netmask 255.255.255.0
ipmitool -I open lan set 1 access on
2) Secure the BMC, so unauthorized people can’t power cycle your machines. To do this you want to change the default SNMP community, the “null” user password, and the root user password. First, set the SNMP community, either to a random string or something you know:
- Code: Select all
ipmitool -I open lan set 1 snmp YOURSNMPCOMMUNITY
Then set the null user password to something random. Replace CRAPRANDOMSTRING with something random and secure:
- Code: Select all
ipmitool -I open lan set 1 password CRAPRANDOMSTRING
Last, set the root user password to something you know:
- Code: Select all
ipmitool -I open user set password 2 REMEMBERTHISIPMIPASSWORD
Double-check your settings with:
- Code: Select all
ipmitool -I open lan print 1
Trying it:
1) You can set an environment variable, IPMI_PASSWORD, with the password you used above. That will save some typing:
- Code: Select all
export IPMI_PASSWORD="REMEMBERTHISIPMIPASSWORD"
If you use this substitute the “-a” in the following commands with a “-E”.
2) From another machine issue the following command, obviously replacing the IP with the target BMC’s IP:
- Code: Select all
ipmitool -I lan -U root -H 192.168.2.2 -a chassis power status
You should get something like:
Chassis Power is on
If you get anything else, or nothing, double-check to make sure the BMC is set right, you entered the right password, and the IP it has is reachable from the machine you’re on. You can double-check your work via the Ctrl-E boot menu, too.
Beyond that, get familiar with:
- Code: Select all
ipmitool -I lan -U root -H 192.168.40.88 -a chassis power off
ipmitool -I lan -U root -H 192.168.40.88 -a chassis power cycle
ipmitool -I lan -U root -H 192.168.40.88 -a sel list
For me, a “chassis power off” command kills the box. “SEL” is the system event log.
You can issue all of these commands locally, too:
- Code: Select all
ipmitool sel list