Discussion:
[Ipmitool-devel] IBM gear
Szabo, Steve G
2011-01-17 19:58:51 UTC
Permalink
Has anyone successfully enabled remote ipmi on the following IBM hardware?

IBM eServer BladeCenter HS21 (8853G6U)

The UDP port for remote connections is closed and I don't know how to open via web admin gui:

PORT STATE SERVICE
69/udp open|filtered tftp
161/udp open|filtered snmp
427/udp open|filtered svrloc


# ipmitool -I lanplus -U someguy -H somehost -P somepass chassis status
Error: Unable to establish IPMI v2 / RMCP+ session
Error sending Chassis Status command

# strace ipmitool -I lanplus -U someguy -H somehost -P somepass chassis status
recv(3, 0x8135221, 1024, 0) = -1 ECONNREFUSED (Connection refused)



Cheers
-------------------------------------------------------------------------


NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
Andy Cress
2011-01-17 20:23:59 UTC
Permalink
You would first need to configure the target lan channel for IPMI LAN.

Can you provide the output of the IPMI LAN configuration?

# ipmitool lan print 1 (assuming its lan channel is 1?)

Or

# ipmiutil lan


Andy



From: Szabo, Steve G [mailto:***@tdsecurities.com]
Sent: Monday, January 17, 2011 2:59 PM
To: ipmitool-***@lists.sourceforge.net
Subject: Re: [Ipmitool-devel] IBM gear



Has anyone successfully enabled remote ipmi on the following IBM hardware?



IBM eServer BladeCenter HS21 (8853G6U)



The UDP port for remote connections is closed and I don't know how to open via web admin gui:



PORT STATE SERVICE
69/udp open|filtered tftp
161/udp open|filtered snmp
427/udp open|filtered svrloc





# ipmitool -I lanplus -U someguy -H somehost -P somepass chassis status

Error: Unable to establish IPMI v2 / RMCP+ session
Error sending Chassis Status command



# strace ipmitool -I lanplus -U someguy -H somehost -P somepass chassis status

recv(3, 0x8135221, 1024, 0) = -1 ECONNREFUSED (Connection refused)







Cheers

-------------------------------------------------------------------------




NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
Szabo, Steve G
2011-01-17 20:28:52 UTC
Permalink
This post might be inappropriate. Click to display it.
Garrett Cooper
2011-01-17 20:59:50 UTC
Permalink
On Mon, Jan 17, 2011 at 12:28 PM, Szabo, Steve G
Post by Andy Cress
# ipmitool lan print
Set in Progress         : Set Complete
Auth Type Support       : NONE MD2 MD5 PASSWORD
                        : User     : NONE MD2 MD5 PASSWORD
                        : Operator : NONE MD2 MD5 PASSWORD
                        : Admin    : NONE MD2 MD5 PASSWORD
IP Address Source       : Static Address
IP Address              : 0.0.0.0
Subnet Mask             : 0.0.0.0
MAC Address             : 00:00:00:00:00:00
SNMP Community String   : public
IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
Default Gateway IP      : 0.0.0.0
Default Gateway MAC     : 00:00:00:00:00:00
Backup Gateway IP       : 0.0.0.0
Backup Gateway MAC      : 00:00:00:00:00:00
Cipher Suite Priv Max   : Not Available
I suppose I should configure the LAN on each blade and not on the blade chassis itself?
You have to configure on the chassis in the OS, or in the vendor
supplied BMC image frontend -- i.e. ^E after post on the Dell machine
-- if such a thing exists, but that's limited, incomplete, and
usability can vary over a wide spectrum, whereas issuing the commands
via ipmitool work if the firmware functions and is IPMI 2.0 compatible
(ipmitool mc info helps here).

That being said, what we use internally at my $JOB is similar to the
following for setting up IPMI:

ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr $IPMI_IP
ipmitool lan set 1 netmask $IPMI_NETMASK
ipmitool lan set 1 defgw ipaddr $IPMI_GATEWAY
ipmitool lan set 1 access on ; sleep 1
ipmitool lan set 1 access on
ipmitool lan set 1 auth USER "MD2,MD5"
ipmitool lan set 1 auth OPERATOR "MD2,MD5"
ipmitool lan set 1 auth ADMIN "MD2,MD5"
ipmitool lan set 1 auth CALLBACK "MD2,MD5"
ipmitool lan set 1 arp respond on
ipmitool lan set 1 arp generate on
ipmitool user set name 2 $IPMI_USER
ipmitool user set password 2 "$IPMI_PASSWORD"
ipmitool user enable 2
ipmitool sol set enabled true
ipmitool user set payload 2 enable 1 1

Some of this logic may or may not work on certain machines from
what I've seen (ipmitool will barf about not being able to set a flag
to "In-Progress" or some such... it's a bug either in the tool or the
firmware, but I haven't taken the time to figure out where it is). You
might be able to use dhcp in the above example in place of a few
steps, but folks at my $JOB didn't have to for other infrastructure
reasons.
You will have to issue the following commands off the box to
optionally fix the serial baud rate settings:

ipmitool -I lanplus -U $IPMI_USER -P $IPMI_PASSWORD -H $IPMI_IP sol
set non-volatile-bit-rate 9.6
ipmitool -I lanplus -U $IPMI_USER -P $IPMI_PASSWORD -H $IPMI_IP sol
set volatile-bit-rate 9.6

I really wish you could issue these on the box >_> -- again, I
haven't determined why it's not possible.
This works like a champ with Dell Poweredge 2950s and r710s at least.
Cheers,
-Garrett

Jarrod B Johnson
2011-01-17 20:39:43 UTC
Permalink
Unfortunately, the IBM Bladecenter does not expose IPMI over LAN. This
comes from effort to maintain backwards compatibility with the days before
IPMI existed and trying to make the POWER and x86 systems all act the same
when in a chassis. Implementing remote management for CLI/scripting use
can be done either by:
-Scripting the cli (not bad if you set up ssh keys). Example:

# ssh ***@amm1 power -T blade[1] -state

system> power -T blade[1] -state
On

-Using SNMP. If you are very familiar with SNMP, you may find the blade
mib helpful. I can provide more details on this off-list if you like.
xCAT's implementation may be a helpful reference guide or starting point if
you want to go this route and don't mind perl:
http://xcat.svn.sourceforge.net/svnroot/xcat/xcat-core/trunk/xCAT-server/lib/xcat/plugins/blade.pm

-Using some higher level software that knows how to speak IPMI and IBM
Blade (requires extra setup). For example with xCAT:
Power state of a KVM guest:
# rpower vmgt stat
vmgt: on
Of a blade:
# rpower h01 stat
h01: on
Of an IPMI server:
# rpower r31u30 stat
r31u30: on
Others include Director and various management applications/appliances.

If these solutions cannot work, I can try to help you figure out something
off-list, since it isn't particularly directly related to ipmitool's world.




From: "Szabo, Steve G" <***@tdsecurities.com>
To: "ipmitool-***@lists.sourceforge.net"
<ipmitool-***@lists.sourceforge.net>
Date: 01/17/2011 03:19 PM
Subject: Re: [Ipmitool-devel] IBM gear
# rpower vmgt stat


Has anyone successfully enabled remote ipmi on the following IBM hardware?

IBM eServer BladeCenter HS21 (8853G6U)

The UDP port for remote connections is closed and I don't know how to open
via web admin gui:

PORT STATE SERVICE
69/udp open|filtered tftp
161/udp open|filtered snmp
427/udp open|filtered svrloc


# ipmitool -I lanplus -U someguy -H somehost -P somepass chassis status
Error: Unable to establish IPMI v2 / RMCP+ session
Error sending Chassis Status command

# strace ipmitool -I lanplus -U someguy -H somehost -P somepass chassis
status
recv(3, 0x8135221, 1024, 0) = -1 ECONNREFUSED (Connection
refused)



Cheers
-------------------------------------------------------------------------




NOTICE: Confidential message which may be privileged. Unauthorized
use/disclosure prohibited. If received in error, please go to
www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié.
Utilisation/divulgation interdites sans permission. Si reçu par erreur,
prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
Loading...