===== Running IPMI on Linux ===== ==== What is IPMI? ==== IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server. The primary benefits of IPMI are: * View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection. * Ability to remotely power on, power off, reboot the server and flash the identification light. * Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5. Essentially, IPMI will save you from a few hundred to over a thousand GBP instead of buying a remote power control unit and SOL will save you the same amount again over buying an IP KVM. ==== IPMI Revisions ==== There are currently 3 IPMI revisions (with details taken from [[http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html]]): * IPMI v1.0 - Autonomous access, logging and control. IPMI messaging command sets, sensor data records and event messages. Access through system interfaces like memory mapped IO, I2C bus etc. * IPMI v1.5 - Ability to send IPMI messages to BMC over LAN, LAN alerting. No SOL as part of the standard's specification but some vendor specific SOL implementations. * IPMI v2.0 - Serial Over LAN enabling console redirection, access control, enhanced authentication, packet encryption using RCMP+, SMbus interface. IPMI version 2.0 is desirable as it allows you to use SOL to get a remote console on the server as though it were local in cases where the operating system locks up and SSH or (heaven forbid) telnet access are not available due to the operating system being inoperable. v2.0 also allows you to encrypt the contents of the IPMI packets sent to remote systems and so protects the BMC passwords and your commands on the network. IPMI v1.5 still allows to you to power the system on and off and view sensor output, but does not support packet encryption (and therefore sends your BMC password over the network in plain text) and does not support SOL in any standardised way. Both 2.0 and 1.5 are in common usage and are both still sold on new servers. ==== Glossary ==== List of IPMI terms. Taken wholesale from [[http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html]] * BMC : Baseboard Management Controllers. IPMI compliant micro controllers that handle system event management. These are usually available as cPCI cards. * GPCagent : A SuperMicro proprietary "Graceful Power" control agent. This agent provides graceful power control features for both Linux and windows platform. GPC means the OS will shutdown gracefully before a power shutdown. It is available from the SuperMicro website. It run as a daemon (smagent) on a Linux based managed system. It requires openIPMI kernel modules to be installed on the managed system to interact with the IPMI device. * i2c : A low speed (>=400khz) system management interface supported on most embedded systems. It is similar to the SMBus. * ipmicli : A SuperMicro proprietary command line interface for Linux, similar in function to IPMIView, available from the SuperMicro website. * IPMItool : An opensource tool for accessing the IPMI device through either local or remote access. Its a command line tool that can used to perform various commands for reading and writing to the IPMI device. It is equivalent to the ipmicli proprietary tool except for console redirection which is not available on this tool. * IPMIView : A SuperMicro proprietary java applet available from SuperMicro website. Runs on both windows (tested on windows2k) and Linux (fc3) platforms. This runs on the remote system and can be used to interact with the IPMI interface on the managed system. This software provides sensor monitoring, secure login, LAN/IP configuration, chassis power control and console redirection terminal. It also provides a graceful power shutdown/restart option that requires a daemon running on the managed system. * ipnmac : A SuperMicro proprietary command line tool for Linux to set the IP and mac address for the ipmi interface. This tool can be used to set the address locally on the managed system. * Managed system : system which is to be managed using IPMI. The IPMI card is installed on this machine. IPMI v2.0 supports both local and remote access to the BMC. Local access is provided through a system interface like kCS (IO port). Remote access is provided through the onboard LAN interface (on IPMI supported motherboards). * OpenIPMI : An opensource IPMI project that maintains linux drivers for the IPMI device. These drivers run on the managed system and provide a local interface to the IPMI card. They also support a primitive command line utility, equivalent to the ipmicli. The utility is meant more as a sample than a working tool. * Remote system : System from which the IPMI enabled server is managed. This is usually over the network. * SMbus : System Management bus. A low speed (<100khz) system management interface supported on most PC and server motherboards. It is similar to the I2C bus. The BMC uses the SMbus to communicate with motherboard sensors and Ethernet interface. * SuperoDoctor : A SuperMicro proprietary IPMI tool. Verision II is a command line tool for local access on the managed system to IPMI interface. Version III is a GUI based tool for local access but works only on windows platform. This requires the openIPMI kernel modules to be installed on the managed machine. ==== Installation ==== This guide covers the installation of IPMI tools on Dell 1425 servers and Supermicro servers with a PDSMi+ motherboard. The instructions will be relevant for other server models, but I make no promises. I make references in the links section to Supermicro X7DVL based hardware which comes with a different IPMI BMC but I haven't spent much time investigating the hardware. For Supermicro servers, open up the server chassis and make a note of the MAC address on the IPMI port. You're supposed need this later when flashing the BMC with it's firmware, however I found that it wasn't necessary to tell the BMC it's MAC address as it already knew and offered it as a default when asking for it. The wise amongst you will write this down anyway and compare it to what the flashing utility says. Beware also that the Supermicro docs erroneously tell you to get the MAC address from the LAN ports, not the BMC socket, this is wrong, you need the MAC written on the BMC's socket. In the BIOS, set the console redirection to COM2, which is the BMC console port, it doesn't physically exist). Disable BIOS redirection after POST, choose a baud rate (19200 is default on PDSMI+ motherboards, so we used it as a default on everything to keep things tidy, Supermicro X7DVL motherboards which use a SIMIPMI BMC could use a number of different baud rates, your choice is up to you), a terminal type (vt100 works ok for me) and leave the other settings as they are. Supermicro BMCs require you to boot from a CD and use their tool to flash the BMC prior to use, refer to the FTP link below and go up a few directories to get the latest IPMI CD image (the one shipped with the server caused me problems). Burn the image to a CD and boot from it. Use the utility to install the firmware for your IPMI version and then your motherboard version. I had to guess whether to use RCMP+ (meaning it supports encryption) or RCMP (meaning no encryption). I have the [[http://www.supermicro.com/products/accessories/addon/AOC-IPMI20-E.cfm|Supermicro AOC-IPMI20-E]] and it wouldn't work with RCMP+, even though it will upload a firmware for you. It worked after I reflashed it with the RCMP version. When the process finished, use the ipnmac utility while still booted from the CD, by typing ipnmac (if you're not in the right directory you'll have to navigate using cd and dir commands to find it). Give it a unique IP address from any other interface on the machine or on your network. The BMC needs to be network addressable in its own right. Also give it the MAC address you took from the IPMI socket on the motherboard, not the one written on the LAN ports as suggested by the official Supermicro docs. As I said before, I found that the flashing utility offered the correct MAC address as a default at this stage, but it would be wise to check it against what you wrote down earlier. Once this step is done, hit CTRL-Alt-Del and remove the CD. For Dell 1425 servers (and probably other Dells), hit Alt-3 when prompted to enter the BMC setup and give it some unique network settings and some user settings (make your passwords secure!). You can boot now into Linux, or from a Linux installer CD. Note on network configuration: Both Dell 1425s and Supermicro PDSMi+ motherboards use the first LAN port to redirect the IPMI traffic over when using SOL. For this reason, whether you intend to use SOL or not, it is a good idea to use the first LAN ports, almost certainly eth0, as your local network interface, rather than an Internet visible interface. Once booted into Linux, install openipmi on all machines with a BMC and ipmitool on every machine from which you wish to run IPMI commands locally or to send IPMI commands to a remote machine. Red Hat, FC and Centos users will have to install OpenIPMI and OpenIPMI-tools. SUSE and other Linux users will have figure out what to do themselves for ipmitool. There are IPMItool packages on the website if they're not in your package-shallow distros ;). OpenIPMI is not required to send ipmi commands to remote machines. You only need OpenIPMI where you want to run IPMI commands locally, manage the BMC locally from the OS (which you want to do if you have a BMC in the machine) or I presume to do console redirection over the BMC. Next you need to load the kernel modules. Fedora/Red Hat/Centos people just need to run setup, open the services tool and check the ipmi box then run /etc/init.d/ipmi start. On Ubuntu I had to do the following, Red Hat and derivatives could try this if their devices aren't found when starting the service. Try modprobing ipmi_si without any options at first, then build up the options if it fails. If you're not sure which method your BMC uses, try leaving out the ''type='' parameter as the module will figure it out. For kernel 2.6.x: modprobe ipmi_msghandler modprobe ipmi_devintf modprobe ipmi_si If ipmi_si won't load, you may need to use: modprobe ipmi_si type=kcs ports=0xca8 regspacings=4 Or look at the output of dmidecode for the base address of your IPMI BMC and then use that base address for the ''ports='' module option. The default ports option is ''0xca2'' so if your BMC is at that address according to ''dmidecode'', then you don't need this option. A SLES 10 user tells me that they did have to specify the ports value 0xca2 on an HP DL380 G5, so perhaps it isn't always the default. Kernel 2.4 people will have to follow the Debian IPMI instructions, as you're living in a world I haven't encountered with IPMI. You should note that ipmi_si is called ipmi_si_drv and its regspacings option is called si_regspacings. You may also have to make your own device node if you're not using devfs, as documented in the Debian instructions. After modprobing the relevent modules successfully, ''ls -l /dev/ipmi0'' to see if you have a device node before trying to create one. If this works without errors then Fedora/RH/Centos people are set, Ubuntu/Debian people need to add the modules and options to /etc/modules or maybe add the modprobe commands to /etc/init.d/local if you have no other way. If you then ''cat /proc/devices'', you should see your IPMI device listed and ''ls -l /dev/ipmi0'' should show your device node. ==== Setting Up Serial Consoles ==== Neither of the 2 brands of BMCs I have set up have a physical serial port, they are logical and are managed by the BMC. You should have set up your BIOS for console redirection earlier, so now we will do the bootloader and init. To allow your bootloader to redirect over the BMC's serial port, for Grub v1, edit /boot/grub/grub.conf, sometimes known as /boot/grub/menu.list add the following lines to grub.conf or menu.list: serial --unit=1 --speed=19200 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console Disable splash screens by commenting out anything starting with splash outside of the OS boot menu section and remove any splash options from your kernel lines. A text console can't display them. To make kernel messages output over your BMC, add ''console=tty0 console=ttyS1,19200n8r'' to the end of your kernel lines, so it should look something like the following: title Ubuntu, kernel 2.6.15-26-amd64-server root (hd0,0) kernel /vmlinuz-2.6.15-26-amd64-server root=/dev/sda2 ro quiet console=tty0 console=ttyS1,19200n8r initrd /initrd.img-2.6.15-26-amd64-server savedefault boot For Grub2, look [[http://linux.xvx.cz/2009/08/debian-with-grub2-and-serial-connection/|here]] This gives you a serial console on the second serial port, which should be your BMC's serial port, at 19200Kb per second, which should match what you chose in the BIOS. The order of the console options above is important. The last listed will be the system's default console which will display the boot messages and kernel errors. This means that after halfway through the boot process, during shutdown and when there are kernel errors, only the serial console will see the messages. As you want to work remotely, this is the way it has to be. You can't have more than one default console. You can however interrupt grub at boot time and edit the kernel line for a single boot with different parameters if you need to see the default console locally but remember that they will persist until you reboot, which means that if you reboot but still want to see them locally, you'll have to interrupt and edit grub at boot time again and also, to see them remotely again, you need to remember to reboot. About halfway through the bootup procedure, once the kernel has booted and loaded drivers for your hardware and has mounted the hard disks and so on, the bootloader hands over to init which brings up your services and network configurations etc. To get init and therefore your booting/booted Linux system redirecting the console over the BMC's serial port, edit /etc/inittab and add the following line to the console section for Debian/Ubuntu: S1:2345:respawn:/sbin/getty -L ttyS1 19200 vt100 For Fedora/Red Hat/CentOS: S1:2345:respawn:/sbin/agetty -h ttyS1 19200 vt100 This gives you a serial console on the second serial port, which should be your BMC's serial port, for the BIOS as configured earlier, the bootloader and init. Again, change 19200 to whatever you chose in your BIOS. Users of Ubuntu (and presumably Debian and it's other derivative distributions) can read [[https://help.ubuntu.com/community/IPMI]] for assistance with all of this stuff. I guess it will be useful for everybody else too, if you can recognise where it is Ubuntu specific. ==== IPMI Commands ==== You should then be able to run some IPMI commands locally (probably need to be root as root owns the device node): root@gw01:~# ipmitool -I open chassis power status Chassis Power is on root@gw01:~# ipmitool -I open chassis status System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-off Last Power Event : Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false Sleep Button Disable : allowed Diag Button Disable : allowed Reset Button Disable : allowed Power Button Disable : allowed Sleep Button Disabled: true Diag Button Disabled : true Reset Button Disabled: true Power Button Disabled: true Command dissection: ipmitool -I open chassis power status -I open - use the local openipmi interface. It seems that when the interface is local, it can be omitted from the command and the command will default to the local interface. chassis - run a command from the chassis set of commands. power - run a command relating to power. status - show the status of the chassis power status. Thats pretty simple. Assuming you get a local response, then try a remote command from another machine, you won't need to be root as you are talking to the BMC directly, rather than through the OS. IPMI 2.0 BMCs support both encrypted (RCMP+) and non-encrypted (RCMP) IPMI traffic sent over the network, 1.5 BMCs only support non-encrypted traffic. Encrypted lan traffic is specified by the ''lanplus'' parameter, where as non-encrypted network traffic is specified by the ''lan'' parameter. adam@ns0:~$ ipmitool -I lanplus -H 192.168.10.123 -U root -a chassis power status Password: Chassis Power is on adam@ns0:~$ ipmitool -I lanplus -H 192.168.10.123 -U root -a chassis status Password: System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-off Last Power Event : Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false Sleep Button Disable : allowed Diag Button Disable : allowed Reset Button Disable : allowed Power Button Disable : allowed Sleep Button Disabled: true Diag Button Disabled : true Reset Button Disabled: true Power Button Disabled: true Command dissection: ipmitool -I lanplus -H 192.168.10.123 -U ipmiadmin -a chassis power status -I lanplus - Run the command over the LAN with encryption for IPMI 2.0 hosts. You can use ''-I lan'' to send commands over the lan for 1.5 hosts as they don't support the encryption used by lanplus. 2.0 hosts can also use ''-I lan'' but why would you want to when 2.0 hosts can use encryption. -H 192.168.10.123 - -H means host followed by an IP address or hostname. -U root - -U specifies a user, followed by the username set up on the BMC, this is not a local or remote OS user. -a - prompt for password. You can also possible to supply the password as an environment variable instead of using -a, but I guess this is less secure. chassis power status - as per the local command dissection. If that all works for you then you can a woop and a holler. IPMItool has a familiar UNIX bash shell or Cisco IOS syntax, which allows you to complete the command as you go along. If you type in an incomplete command, IPMItool will provide you with a list of options that can be used to complete your command. Simply typing ipmitool -I open will offer the top-level sub-commands, which you can then choose from to add to your command. root@gw01:~# ipmitool -I open No command provided! Commands: raw Send a RAW IPMI request and print response i2c Send an I2C Master Write-Read command and print response lan Configure LAN Channels chassis Get chassis status and set power state event Send pre-defined events to MC mc Management Controller status and global enables sdr Print Sensor Data Repository entries and readings sensor Print detailed sensor information fru Print built-in FRU and scan SDR for FRU locators sel Print System Event Log (SEL) pef Configure Platform Event Filtering (PEF) sol Configure IPMIv2.0 Serial-over-LAN isol Configure IPMIv1.5 Serial-over-LAN user Configure Management Controller users channel Configure Management Controller channels session Print session information sunoem OEM Commands for Sun servers shell Launch interactive IPMI shell exec Run list of commands from file set Set runtime variable for shell and exec root@gw01:~# ipmitool -I open user User Commands: summary [] list [] set name set password [] disable enable test <16|20> [ root@gw01:~# ipmitool -I open chassis Chassis Commands: status, power, identify, policy, restart_cause, poh, bootdev root@gw01:~# ipmitool -I open chassis power chassis power Commands: status, on, off, cycle, reset, diag, soft ...And so on. Beware, powering the server off or rebooting does not do a graceful shutdown like the OS would. They are the same as holding in the power button or pressing the reboot button. Supermicro offer a graceful shutdown daemon for Windows and Linux which will respond to the graceful showdown and reboot commands provided by Supermicro's graphical Java IPMI control application IPMIview. ==== Setting Up the BMC ==== The Supermicro BMCs send out arp requests gratuitously which can degrade performance, so we will turn them off: ipmitool lan set 1 arp generate off We will also set the BMC's netmask as well as it's default and backup gateways: ipmitool lan set 1 netmask 255.255.255.0 ipmitool lan set 1 defgw ipaddr 192.168.1.1 ipmitool lan set 1 bakgw ipaddr 192.168.1.2 You can also set the gateway MAC addresses if you want to. And now set it's SNMP community name so that we can send SNMP traps: ipmitool lan set 1 snmp ==== Getting a Remote Console Using IPMI==== To get a Serial Over LAN console, assuming you have set up the various BMC redirections correctly, run: ipmitool -I lanplus -H 192.168.10.123 -U ipmiadmin -a sol activate SOL only works on IPMI 2.0 BMCs and so only works with devices which support the encrypted lanplus interface (though my Supermicro's would do it without encryption using the graphical tool described below). If SOL doesn't work or you simply want to quit your SOL session, you can use the key sequence: ~. to get out. It seems that inside a SOL session, all of ipmitool's SOL session commands start with the character ''~''. Alternatively you may use a graphical tool as described below. ==== Graphical IPMI ==== Graphical IPMI tools make life easier as you don't have to remember commands or syntax and as most GUI tools are provided by the IPMI device vendors, they may offer vendor specific functionality that isn't available in the generic command line tools. Of course, in all cases except regarding vendor specific (and thus not standards compliant) functionality, the command line tools should provide all necessary functionality and so GUI tools are not essential to get IPMI working. This section describes the installation and use of Supermicro's IPMIView. I am told that Dell's OpenManage suite also offers some GUI IPMI tools but I can't vouch for that as the Dell servers I used didn't seem to come with OpenManage. There are surely other GUI IPMI tools from other vendors, I just don't know about them. There is a Java application from Supermicro called IPMIView which allows you to graphically manage servers with IPMI BMCs. The primary advantage of this tool is that SOL works easily and you can issue graceful reboot and shutdown commands if you install Supermicro's graceful shutdown daemon. The version of IPMIView which is shipped on the CD (as of late 2007) doesn't work on FC6 or F7, however the latest version from the FTP site does. Another version, shipped on the Supermicro FTP site for our dual processor machines is at [[ftp://ftp.supermicro.com/CDR-SIMIPMI_1.11_for_SIM_IPMI/IPMI_Solution/Linux/Administrator]] and this appears to work with Fedora 7 also. Install as a regular user using sudo from the command line (by uncommenting the following line from /etc/sudoers if need to): %wheel ALL=(ALL) ALL ...and adding your user to the wheel group: usermod -G wheel Make the installer executable: chmod +x ./IPMIView-Linux_2.6.31_071005.bin and run it as sudo: sudo ./IPMIView-Linux_2.6.31_071005.bin It should now run. When the install finishes you need to chmod +x the bundled JRE directory as it's root only by default: sudo chmod -R +x /opt/SUPERMICRO/IPMIView/_jvm/ Now you should be able to run /opt/SUPERMICRO/IPMIView/IPMIView20.bin as a regular user and create a desktop icon for it by right-clicking the desktop, clicking Create Launcher and providing the command as above and any other meta-data you wish to add, like description, name and and a nice icon from the installation directory. Using the IPMIView application is covered in the Supermicro documentation (seems to be the only thing covered in them too...) ==== Adding an IPMI User With IPMIView ==== You should now be able to search for the host's IPMI device address in IPMIView and log in with the username and password of ADMIN. You should add a new user, change it's user level to administrator and delete the ADMIN user. ==== Links ==== === IPMI Standards === [[http://www.intel.com/design/servers/ipmi/index.htm|Intel IPMI page]] [[http://www.intel.com/design/servers/ipmi/ipmi.htm|Intel IPMI Standards Page]] === IPMI Software === [[http://ipmitool.sourceforge.net/|IPMItool]] [[http://openipmi.sourceforge.net/|OpenIPMI]] Linux IPMI kernel module support [[https://uimon.cern.ch/twiki/pub/FIOgroup/TsiIpmiPrb/ipmicli-sm|Link to Supermicro patched version of IPMItool]] [[ftp://ftp.supermicro.com/CDR-0010_2.10_IPMI_Server_Managment/IPMI_Solution/Linux/|Supermicro FTP server, Linux IPMI tools directory]] (version number in URL subject to change) [[ftp://ftp.supermicro.com/CDR-0010_2.10_IPMI_Server_Managment/IPMI_Solution/Linux/Administrator/|Newer version of IPMITool]] (version number in URL subject to change) [[ftp://ftp.supermicro.com/CDR_Images|Supermicro bootable iso images for flashing BMCs]] (get the one with IPMI_Server_Managment.iso in the name) === IPMI Software Documentation === [[http://ipmitool.sourceforge.net/manpage.html/|IPMItool Manual]] [[http://openipmi.sourceforge.net/IPMI.txt|OpenIPMI kernel module options]] [[ftp://ftp.supermicro.com/CDR-0010_2.10_IPMI_Server_Managment/Manuals/|Supermicro IPMI manuals]] (version number in URL subject to change) [[ftp://ftp.supermicro.com/CDR-SIMIPMI_1.11_for_SIM_IPMI/Manuals|Supermicro IPMI Manuals for Supermicro X7DVL motherboard with SIM IPMI devices]] (version number in URL subject to change) The April 2008 issue, number 89, of Linux Pro Magazine (aka Linux Magazine outside of Canada and the USA), contains a decent IPMI article written by Justin Penney. This doesn't appear to be web visible at the moment. === IPMI Howtos === [[https://help.ubuntu.com/community/IPMI|Ubuntu IPMI documentation]] New for Ubuntu 8.04 [[http://buttersideup.com/docs/howto/IPMI_on_Debian.html|Older Debian IPMI howto]] [[http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html|Supermicro IPMI on Linux]] Contains errata on the Supermicro Docs [[http://www.hollenback.net/index.php/LinuxServerManagementIpmi|Another Linux IPMI doc]] [[http://www.comunidelchianti.it/~max/cern/ipmi/node24.html|Yet another Linux IPMI doc]] === Vendor IPMI Documentation === [[http://www.dell.com/downloads/global/power/ps4q04-20040204-Murphy.pdf|Dell IPMI howto]] Contains useful sample commands. === Other IPMI Documentation === [[http://wiki.adamsweet.org/lib/exe/fetch.php?media=c5.pdf|Cern IPMI presentation]] PDF containing demonstration of IPMI usage, including reference to a version of IPMItool patched by Supermicro. === Related Documentation === [[http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/|Linux Remote Serial Console Howto]] ==== Todo ==== * Include relevant info instead of referring to other docs in case they disappear, such as kernel 2.4 info from Debian howto * Cover Graceful Shutdown Daemon