Configuring IPMI under Linux using ipmitool
http://www.thomas-krenn.com/en/wiki/Configuring_IPMI_under_Linux_using_ipmitool
Configuring IPMI under Linux using ipmitool
Under Linux, the ipmitool command (http://ipmitool.sourceforge.net/) can be used for configuring IPMI for a server.
Contents[hide] |
Hardware and Software Requirements
The following example will show how to configure IPMI on a Linux server. The /dev/ipmi0 device file must exist so that configuration can be carried out. If it does not exist, you can create it as follows:
- under SuSE, Red Hat or CentOS:
/etc/init.d/ipmi start(requires the OpenIMPI package. The OpenIPMI-tools package will be required later, as well.) - under Debian 4:
/usr/share/ipmitool/ipmi.init.basic(If the error message, ipmi_kcs_drv not found, appears, you will have to comment the corresponding if-condition out, see also [1].) - under Debian 5:
modprobe ipmi_devintf; modprobe ipmi_si
The approach described below has been tested on an Intel SR2500 under CentOS 4 using ipmitool version 1.8.7. In principle, the configuration should be configured similarly on other systems with IPMI support.
LAN Configuration
The first IPMI LAN channel will now be configured. Thereby, the configured IP address can be accessed at the first LAN port for the server. For the default gateway, both its IP address and MAC address must be configured.
[root@sr2500 ~]# ipmitool lan set 1 ipsrc static
[root@sr2500 ~]# ipmitool lan set 1 ipaddr 192.168.1.211
Setting LAN IP Address to 192.168.1.211
[root@sr2500 ~]# ipmitool lan set 1 netmask 255.255.255.0
Setting LAN Subnet Mask to 255.255.255.0
[root@sr2500 ~]# ipmitool lan set 1 defgw ipaddr 192.168.1.254
Setting LAN Default Gateway IP to 192.168.1.254
[root@sr2500 ~]# ipmitool lan set 1 defgw macaddr 00:0e:0c:aa:8e:13
Setting LAN Default Gateway MAC to 00:0e:0c:aa:8e:13
[root@sr2500 ~]# ipmitool lan set 1 arp respond on
Enabling BMC-generated ARP responses
[root@sr2500 ~]# ipmitool lan set 1 auth ADMIN MD5
[root@sr2500 ~]# ipmitool lan set 1 access on
When configuring LANs, older versions of ipmitool would not automatically reset Set in Progress to Set Complete. This can be done manually using a raw command (regarding this, see http://www.mail-archive.com/ipmitool-devel@lists.sourceforge.net/msg00095.html)
[root@sr2500 ~]# ipmitool lan print 1
Set in Progress : Set In Progress
[...]
[root@sr2500 ~]# ipmitool raw 0x0c 1 1 0 0
ipmitool lan print 1
You can check the configuration using ipmitool lan print 1.
[root@sr2500 ~]# ipmitool lan print 1
Set in Progress : Set Complete
Auth Type Support : NONE MD5 PASSWORD
Auth Type Enable : Callback :
: User :
: Operator :
: Admin : MD5
: OEM :
IP Address Source : Static Address
IP Address : 192.168.1.211
Subnet Mask : 255.255.255.0
MAC Address : 00:0e:0c:ea:92:a2
SNMP Community String :
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl : 2.0 seconds
Default Gateway IP : 192.168.1.254
Default Gateway MAC : 00:0e:0c:aa:8e:13
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
RMCP+ Cipher Suites : None
Cipher Suite Priv Max : XXXXXXXXXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
[root@sr2500 ~]#
User Configuration
A user will now be setup with admin rights.
[root@sr2500 ~]# ipmitool user set name 2 admin
[root@sr2500 ~]# ipmitool user set password 2
Password for user 2:
Password for user 2:
[root@sr2500 ~]# ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4
[root@sr2500 ~]# ipmitool user enable 2
[root@sr2500 ~]#
The server can now be controlled by this user as described in Using ipmitool for Remote Control of Servers.
Users at the USER Privilege Level
If a user should only be used for querying sensor data, a custom privilege level can be setup for that. This user does not then have any rights for activating or deactivating the server, for example. A user named monitor will be created for this in the following example:
[root@sr2500 ~]# ipmitool user set name 3 monitor
[root@sr2500 ~]# ipmitool user set password 3
Password for user 3:
Password for user 3:
[root@sr2500 ~]# ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2
[root@sr2500 ~]# ipmitool user enable 3
[root@sr2500 ~]# ipmitool channel getaccess 1 3
Maximum User IDs : 15
Enabled User IDs : 2 User ID : 3
User Name : monitor
Fixed Name : No
Access Available : call-in / callback
Link Authentication : enabled
IPMI Messaging : enabled
Privilege Level : USER
[root@sr2500 ~]#
The importance of the various privilege numbers will be displayed when ipmitool channel is called without any additional parameters:
[root@sr2500 ~]# ipmitool channel
Channel Commands: authcap <channel number> <max privilege>
getaccess <channel number> [user id]
setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]
info [channel number]
getciphers <ipmi | sol> [channel] Possible privilege levels are:
1 Callback level
2 User level
3 Operator level
4 Administrator level
5 OEM Proprietary level
15 No access
[root@sr2500 ~]#
The user just created (named 'monitor') has been assigned the USER privilege level. So that LAN access is allowed for this user, you must activate MD5 authentication for LAN access for this user group (USER privilege level):
[root@sr2500 ~]# ipmitool lan set 1 auth USER MD5
[root@sr2500 ~]#
MD5 will now also be listed as User Auth Type Enable for LAN Channel 1:
[root@sr2500 ~]# ipmitool lan print 1
Set in Progress : Set Complete
Auth Type Support : NONE MD5 PASSWORD
Auth Type Enable : Callback :
: User : MD5
: Operator :
: Admin : MD5
: OEM :
IP Address Source : Static Address
IP Address : 192.168.1.211
Subnet Mask : 255.255.255.0
MAC Address : 00:0e:0c:ea:92:a2
SNMP Community String :
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl : 2.0 seconds
Default Gateway IP : 192.168.1.254
Default Gateway MAC : 00:0e:0c:aa:8e:13
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
RMCP+ Cipher Suites : 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14
Cipher Suite Priv Max : XXXXXXXXXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
[root@sr2500 ~]#
Please specify the option "-L USER" for ipmitool when using a user with USER privilege. Otherwise you will get an error message stating:
Activate Session error: Requested privilege level exceeds limit
Author: Werner Fischer
最新文章
- Linux /dev目录详解和Linux系统各个目录的作用
- iOS页面间传值的方式(Delegate/NSNotification/Block/NSUserDefault/单例)
- SQL Server数据库(SQL Sever语言 事务)
- C++学习笔记之作用域为类的常量和作用域内的枚举
- 安装MySQL在最后的start service停住了解决方法
- 使用charles proxy for Mac来抓取手机App的网络包
- Unity3d 帧率设置 及在游戏执行时显示帧率
- systemd学习
- python3 annotations
- Android开发,Eclipse创建aidl接口时,出错
- java保留两位小数(不四舍五入)
- 使用WSL连接Docker for Windows
- 一篇文章搞懂Android组件化
- Linux之部署前后端分离项目
- Halcon Visinpro 破解版
- Java Web之Web组件之间的跳转方式
- requests 的基本用法
- IntelliJ IDEA 2017版 spring-boot 2.03 去除控制台logo;去除springboot 图标;去除springboot 图
- LeetCode 题解之 Two Sum
- Docker操作命令