IPMI ??

Home » CentOS » IPMI ??
CentOS 13 Comments

Never used IPMI in my life and while I thought it was cool when I heard about it, had no plans to.

Just built a home server (while out of town) using a SUPERMICRO
MBD-X10SLM+-F-O

I put an nVidia 405 based video card in it but it may be bad.

When I power it on, I get some beeps but they are different than the no memory beeps (I intentionally powered on w/o memory to hear those) and I
think what may be happening is normal boot process but no video simply because the card (bought used) may be bad.

Before I go and try to find a retailer that still carries VGA cables, is there a way via the boards IPMI interface (it has ethernet port just for that) to connect from my CentOS 7 laptop and see if the machine is normally powering on?

I saw some IPMI packages exist for CentOS 7 but I don’t know if this is what they are for.

And it seems there are OpenIPMI and freeimpi packages. Are those just different ways of doing same thing or do they serve different purposes?

Thanks.

13 thoughts on - IPMI ??

  • Under many different names (Sun called it LOM; I forgot IBM’s name), this has been out there for a while. And it is IMHO the best way to deal with servers. My normal server installing procedure is:

    1. slap server wherever it will reside
    2. Run the power cords
    3. Run the ethernet cords for both normal use and IPMI. I’d probably be mindful of which vlans each cable goes to.
    4. Fire computer up
    5. Connect to the IPMI ethernet port using openipmi/whatever; by default it is generally setup to do dhcp.
    6. Through ipmi, configure server’s bios/raid/whatever and then boot it, feeding an ISO with the OS of choice through ipmi. Good time to do any server bios upgrade too.
    7. Don’t forget to change IPMI PW!

    Connect both to a switch attached to your dhcp server (or make laptop provide that to ipmi) and then connect from laptop to ipmi and go do your thing.

    Video cards are for desktops.

    Personally I do not think the supermicro box cares. IPMI is a standard. Whichever you use should provide a way to send out (remote)
    commands and then have a console so you can install thingies in the server.

    With that said, I have used openipmi myself; you do want the ipmitool, which is a package.

    Sample commands (lookup to see what they do. Notice I am using default l/p):

    ipmitool -I lan -H 192.168.21.125 -U ADMIN -P ADMIN sel ipmitool -I lanplus -H 192.168.21.125 -U ADMIN -P ADMIN mc reset cold ipmitool -I lanplus -H 192.168.21.112 -U ADMIN -P ADMIN mc info

    References I have used:

    http://wiki.hetzner.de/index.php/IPMI/en http://lists.us.dell.com/pipermail/linux-poweredge/2007-January/029190.html

  • Okay if it requires DHCP this might be out, I’m currently out of town watching my brothers (various disabilities) while parents are on much needed vacation. Don’t have easy physical access to the router, would have to take out stuff in front of it. Was hoping crossover ethernet would work.

    Server room I agree, home server it really makes it easy to have several terminal windows open at same time and even launch a browser to troubleshoot something without needing to SSH in from another box.

  • the supermicro IPMI has a webserver, you can connect to it with a web browser, and can do remote console, remote media… the remote console requires java support in your web browser.

  • It probably would, but you still need some way to assign an IP address to the IPMI interface (it probably doesn’t have one out of the box). But from your laptop you can run a DHCP server which would then assign an IP to the IPMI interface.

    The IPMI might self-assign if it can’t find a DHCP server, but in my memory (which might be faulty) it doesn’t do this.

    If for some reason Java doesn’t work from your browser, Supermicro also distributes a Java GUI tool for interacting with Supermicro IPMI
    interfaces. It also supports a subnet scanner, so you don’t need to know the IP that gets assigned. Look for IPMIview here:

    http://www.supermicro.com/products/nfo/IPMI.cfm

    It’s not a great tool but it works well enough for console access.

    –keith

  • I bought a VGA capable. I don’t yet know if the video card is bad or the board just can’t use it, I’ll find that out later.

    But for now via VGA cable it is all working.

    For what’s worth, removing both flash and java capabilities from my browser was the second best thing I ever did (privacy badger the best), don’t want to re-install either.

    Once I’m back home and this server is set up where it goes, I’ll try playing with non-browser IPMI tools and see what it is all about.

  • Is there a little setup display right on the box? Just asking because I
    have seen that on some boxes.

    Cheers,

    Boris.

  • You mean for configuring the IPMI interface? I’ve never seen that but it sounds very cool. Do you have specific references for systems which you’ve seen that on?

    –keith

  • Now that you have a console, you can use the *ipmi tools to assign an IP
    address to the IPMI interface yourself, then use the Supermicro Java GUI
    to get to it from anywhere on the same network. It’s a great feature to have even if it’s not your preferred method to get to the console, because at least it’s a backup method (and might be handy for helping you test your video card).

    Make sure you do not allow the IPMI’s IP to be accessible on a public network. Either keep the IP on a private network (better), keep the IP
    firewalled to only certain IPs, or change the admin password from the default.

    –keith

  • Keith,

    I am sorry, unfortunately I don’t remember model numbers. Those were Dell boxes as far as I remember.

    Boris.

  • What I had toyed with doing was setting up a switch just for the IPMI
    with an ethernet jack above my breakfast far (this pc will be installed on other side of breakfast bar) – no connection even to it even from my LAN.

  • the SUpermicro IPMI’s I’ve used, you’d configure from linux after installing ipmitools and starting the ipmi service.

    # ipmitool mc status
    Invalid mc/bmc command: status
    MC Commands:
    reset
    guid
    info
    watchdog
    selftest
    getenables
    setenables
    recv_msg_intr Receive Message Queue Interrupt
    event_msg_intr Event Message Buffer Full Interrupt
    event_msg Event Message Buffer
    system_event_log System Event Logging
    oem0 OEM 0
    oem1 OEM 1
    oem2 OEM 2
    getsysinfo
    setsysinfo

    primary_os_name Primary operating system name
    os_name Operating system name
    system_name System Name of server(vendor dependent)
    delloem_os_version Running version of operating system
    delloem_url URL of BMC webserver

    # ipmitool lan print 1 #<< if this command gives an error, try '2' instead of 1, and use '2' on all following commands Set in Progress : Set Complete Auth Type Support : MD2 MD5 OEM Auth Type Enable : Callback : MD2 MD5 OEM : User : MD2 MD5 OEM : Operator : MD2 MD5 OEM : Admin : MD2 MD5 OEM : OEM : IP Address Source : Static Address IP Address : 10.100.16.15 Subnet Mask : 255.255.248.0 MAC Address : 00:25:xxxxxx SNMP Community String : AMI IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00 BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled Gratituous ARP Intrvl : 0.0 seconds Default Gateway IP : 10.100.16.1 Default Gateway MAC : 00:00:00:00:00:00 Backup Gateway IP : 0.0.0.0 Backup Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : Disabled 802.1q VLAN Priority : 0 RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,0 Cipher Suite Priv Max : aaaaXXaaaXXaaXX : X=Cipher Suite Unused : c

  • In order of importance:

    1. ALWAYS change the administrative account credentials from their defaults to something reasonably difficult to infer. Supermicro allows one to select the user name of the administrative account in addition to setting the password. Change both.

    2. Always restrict access to IPMI from specific source addresses. If you need to obtain access from from a different point of origin then set up one or more of the hosts having a permitted IP as an sshd/vpn service in advance and relay to the IPMI port from there.

    3. Firewall any IPMI IP addresses at the gateway for all protocols and prevent any direct access to it whatsoever from the internet.

    4. Where feasible place all IPMI IP addresses on their own private IP
    network ([192.168.X.0/24] or similar) and set up the gateway router internal interface to suit.