271 lines
7.8 KiB
Markdown
271 lines
7.8 KiB
Markdown
# Howto IPMI
|
||
|
||
* <https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface>
|
||
* <http://buttersideup.com/docs/howto/IPMI_on_Debian.html>
|
||
|
||
## TL;DR
|
||
|
||
Diagnostic matériel :
|
||
|
||
~~~
|
||
$ apt install openipmi ipmitool
|
||
ipmitool sel list
|
||
ipmitool sensor list
|
||
~~~
|
||
|
||
Vérifions que les modules kernel sont activés:
|
||
|
||
~~~
|
||
modprobe ipmi_si
|
||
modprobe ipmi_devintf
|
||
~~~
|
||
|
||
Assurons-nous qu'elles le sont au démarrage de la machine:
|
||
|
||
~~~
|
||
cat /etc/modules
|
||
ipmi_devintf
|
||
ipmi_si
|
||
~~~
|
||
|
||
## Serial Over LAN (SOL)
|
||
|
||
Il est possible d'accéder au port série d'un serveur via sa connexion ethernet IPMI. Pour ce faire, il suffit d'activer cette fonctionnalité dans l'interface IPMI.
|
||
|
||
Pour un serveur avec iDRAC9, via l'interface web, cette option se trouve dans ces menus :
|
||
```
|
||
iDRAC Settings -> IPMI Settings -> Connectivity -> Network -> IPMI Settings -> Enable IPMI Over LAN : Enabled
|
||
```
|
||
|
||
Il faut aussi s'assurer que le port UDP 623 est ouvert en sortie, si ce n'est pas le cas voici un exemple d'ouverture avec `iptables` :
|
||
```
|
||
/sbin/iptables -I OUTPUT -p udp --dport 623 --sport 1024:65535 -s 10.42.226.0/24 -j ACCEPT
|
||
/sbin/iptables -I INPUT -p udp --sport 623 --dport 1024:65535 -s 10.42.226.0/24 -j ACCEPT
|
||
```
|
||
|
||
Avant de tenter d'accéder au port série, on peut tester la connexion à l'IPMI du serveur (ici 192.0.2.1) via le port 631 avec les identifiants utilisé pour accéder à l'interface web :
|
||
|
||
```
|
||
$ ipmitool -C 3 -I lanplus -H 192.0.2.1 -U root power status
|
||
Password:
|
||
Chassis Power is on
|
||
```
|
||
|
||
On peut maintenant essayer de se connecter au port Serial Over LAN avec la commande suivante :
|
||
|
||
```
|
||
$ ipmitool -C 3 -I lanplus -H 192.0.2.1 -U root sol activate
|
||
```
|
||
|
||
Notez que par ce moyen, il est possible d'accéder au BIOS de la machine, puis son bootloader et finalement à l'OS ; mais pour avoir accès à chacun de ces composants, vous avez probalement besoin de les configurer respectivement pour qu'ils interagissent sur le port série choisi.
|
||
|
||
|
||
## En travaux
|
||
|
||
**La suite de cette page a été importée automatiquement de notre ancien wiki mais n'a pas encore été révisée.**
|
||
|
||
~~~
|
||
|
||
aptitude install openipmi
|
||
aptitude install ipmitool
|
||
|
||
cat /proc/devices | grep ipmi
|
||
NNN ipmidev
|
||
|
||
mknod -m 0600 /dev/ipmi0 c NNN 0
|
||
|
||
ipmitool lan print
|
||
ipmitool sensor
|
||
ipmitool sdr
|
||
|
||
|
||
over LAN :
|
||
|
||
usage: lan set <channel> <command> [option]
|
||
|
||
LAN set commands:
|
||
ipaddr <x.x.x.x> Set channel IP address
|
||
netmask <x.x.x.x> Set channel IP netmask
|
||
macaddr <x:x:x:x:x:x> Set channel MAC address
|
||
defgw ipaddr <x.x.x.x> Set default gateway IP address
|
||
defgw macaddr <x:x:x:x:x:x> Set default gateway MAC address
|
||
bakgw ipaddr <x.x.x.x> Set backup gateway IP address
|
||
bakgw macaddr <x:x:x:x:x:x> Set backup gateway MAC address
|
||
password <password> Set session password for this channel
|
||
snmp <community string> Set SNMP public community string
|
||
user Enable default user for this channel
|
||
access <on|off> Enable or disable access to this channel
|
||
arp response <on|off> Enable or disable BMC ARP responding
|
||
arp generate <on|off> Enable or disable BMC gratuitous ARP generation
|
||
arp interval <seconds> Set gratuitous ARP generation interval
|
||
auth <level> <type,..> Set channel authentication types
|
||
level = CALLBACK, USER, OPERATOR, ADMIN
|
||
type = NONE, MD2, MD5, PASSWORD, OEM
|
||
ipsrc <source> Set IP Address source
|
||
none = unspecified source
|
||
static = address manually configured to be static
|
||
dhcp = address obtained by BMC running DHCP
|
||
bios = address loaded by BIOS or system software
|
||
cipher_privs XXXXXXXXXXXXXXX Set RMCP+ cipher suite privilege levels
|
||
X = Cipher Suite Unused
|
||
c = CALLBACK
|
||
u = USER
|
||
o = OPERATOR
|
||
a = ADMIN
|
||
O = OEM
|
||
|
||
# ipmitool -I open lan set 1 "ipsrc" "static"
|
||
|
||
# ipmitool lan print 1
|
||
Set in Progress : Set In Progress
|
||
Auth Type Support : NONE MD2 MD5 PASSWORD
|
||
Auth Type Enable : Callback : MD2 MD5
|
||
: User : MD2 MD5
|
||
: Operator : MD2 MD5
|
||
: Admin : MD2 MD5
|
||
: OEM : MD2 MD5
|
||
IP Address Source : Static Address
|
||
IP Address : 0.0.0.0
|
||
Subnet Mask : 0.0.0.0
|
||
MAC Address : 00:13:72:50:42:42
|
||
SNMP Community String : public
|
||
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
|
||
|
||
=> interface Ethernet spécifique
|
||
|
||
<http://lonesysadmin.net/2007/06/21/how-to-configure-ipmi-on-a-dell-poweredge-running-red-hat-enterprise-linux/>
|
||
|
||
% ipmitool -I lan -H 1.2.3.169 -U root shell
|
||
|
||
|
||
bootdev <device> [clear-cmos=yes|no]
|
||
none : Do not change boot device order
|
||
pxe : Force PXE boot
|
||
disk : Force boot from default Hard-drive
|
||
safe : Force boot from default Hard-drive, request Safe Mode
|
||
diag : Force boot from Diagnostic Partition
|
||
cdrom : Force boot from CD/DVD
|
||
bios : Force boot into BIOS Setup
|
||
|
||
power :
|
||
cycle,reset = reboot
|
||
off,soft = extinction
|
||
on = demarrage
|
||
|
||
ipmitool shell
|
||
|
||
ipmitool> power status
|
||
Chassis Power is on
|
||
ipmitool> power cycle
|
||
Chassis Power Control: Cycle
|
||
|
||
ipmitool> user list
|
||
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
|
||
2 root true true true ADMINISTRATOR
|
||
|
||
ipmitool> session info all
|
||
session handle : 32
|
||
slot count : 5
|
||
active sessions : 1
|
||
user id : 2
|
||
privilege level : ADMINISTRATOR
|
||
session type : IPMIv1.5
|
||
channel number : 0x01
|
||
console ip : 1.2.3.4
|
||
console mac : 00:16:17:52:fa:87
|
||
console port : 33594
|
||
|
||
ipmitool> sel list
|
||
|
||
7 | Pre-Init Time-stamp | Power Supply #0x65 | Power Supply AC lost | Asserted
|
||
8 | Pre-Init Time-stamp | Power Supply #0x74 | Redundancy Lost
|
||
9 | 08/17/2007 | 15:46:15 | Power Supply #0x65 | Failure detected | Deasserted
|
||
a | 08/17/2007 | 15:46:16 | Power Supply #0x65 | Power Supply AC lost | Deasserted
|
||
b | 08/17/2007 | 15:46:16 | Power Supply #0x74 | Fully Redundant
|
||
c | 08/17/2007 | 15:46:35 | Memory #0x53 | Correctable ECC | Asserted
|
||
d | 08/17/2007 | 15:46:42 | Temperature #0x30 | Upper Critical going high
|
||
e | 08/17/2007 | 15:46:46 | Temperature #0x30 | Upper Critical going high
|
||
f | 08/17/2007 | 15:46:49 | Voltage #0x60 | Lower Critical going low
|
||
|
||
|
||
modprobe ipmi_watchdog
|
||
|
||
IPMI Watchdog: driver initialized
|
||
Copyright (C) 2004 MontaVista Software - IPMI Powerdown via sys_reboot.
|
||
|
||
modprobe ipmi_poweroff
|
||
|
||
IPMI poweroff: ATCA Detect mfg 0x2A2 prod 0x100
|
||
IPMI poweroff: Found a chassis style poweroff function
|
||
|
||
IP :
|
||
----
|
||
|
||
ipmitool> lan set 1 ipaddr 1.2.3.33
|
||
Setting LAN IP Address to 1.2.3.33
|
||
ipmitool> lan set 1 netmask 255.255.255.0
|
||
Setting LAN Subnet Mask to 255.255.255.0
|
||
|
||
ipmitool> lan print 1
|
||
|
||
ipmitool> lan set 1 access on
|
||
|
||
Users :
|
||
-------
|
||
|
||
ipmitool> user set password 2 <password>
|
||
ipmitool> user test 2 16 <good-pass>
|
||
Success
|
||
ipmitool> user test 2 16 <bad-pass>
|
||
Set User Password command failed (user 2): Unknown (0x80)
|
||
Failure: password incorrect
|
||
|
||
En réseau :
|
||
===========
|
||
|
||
|
||
% ipmitool -I lan -H 1.2.3.169 -U root shell
|
||
|
||
OpenBSD :
|
||
=========
|
||
|
||
# sysctl hw.sensors
|
||
~~~
|
||
|
||
### Exemples d'utilisation
|
||
|
||
* Voir le status général :
|
||
|
||
~~~
|
||
# ipmitool chassis status
|
||
~~~
|
||
|
||
* Voir le status des sondes :
|
||
|
||
~~~
|
||
# ipmitool sensor list
|
||
~~~
|
||
|
||
* Status de l'alimentation :
|
||
|
||
~~~
|
||
# ipmitool sensor list |egrep -i '(ps|power|pwr)'
|
||
# ipmitool sdr |grep -i PS
|
||
~~~
|
||
|
||
* Configurer le réseau :
|
||
|
||
~~~
|
||
# ipmitool lan print
|
||
# ipmitool -I open lan set 1 ipsrc static
|
||
# ipmitool -I open lan set 1 ipaddr X.X.X.X
|
||
# ipmitool -I open lan set 1 netmask 255.255.255.0
|
||
# ipmitool -I open lan set 1 defgw ipaddr Y.Y.Y.Y
|
||
~~~
|
||
|
||
* Redémarrer l'interface IPMI (nécessaire après avoir configuré l'IP ILO pour qu'elle soit prise en compte) :
|
||
|
||
~~~
|
||
# ipmitool mc reset warm # Pour recharger
|
||
# ipmitool mc reset cold # Pour redémarrer
|
||
~~~ |