ipmitool(1) | ipmitool(1) |
NAME¶
ipmitool - utility for controlling IPMI-enabled devicesSYNOPSIS¶
ipmitool [ <options> ] <command> [ <sub-commands and sub-options> ] <options> := [ <general-options> | <conditional-opts> ]-d <N> | -p <port> | -c | -U <username> |
-L <privlvl> | -l <lun> | -m <local_address> |
-N <sec> | -R <count> | <password-option> |
<oem-option> | <bridge-options> ] <conditional-opts> := [ <lan-options> | <lanplus-options> |
<command-options> ]
[ -T <address> | -B <channel> ] ]
DESCRIPTION¶
This program lets you manage Intelligent Platform Management Interface (IPMI) functions of either the local system, via a kernel device driver, or a remote system, using IPMI v1.5 and IPMI v2.0. These functions include printing FRU information, LAN configuration, sensor readings, and remote chassis power control. IPMI management of a local system interface requires a compatible IPMI kernel driver to be installed and configured. On Linux this driver is called OpenIPMI and it is included in standard distributions. On Solaris this driver is called BMC and is included in Solaris 10. Management of a remote station requires the IPMI-over-LAN interface to be enabled and configured. Depending on the particular requirements of each system it may be possible to enable the LAN interface using ipmitool over the system interface.OPTIONS¶
- -a
- Prompt for the remote server password.
- -A <authtype>
- Specify an authentication type to use during IPMIv1.5 lan session activation. Supported types are NONE, PASSWORD, MD2, MD5, or OEM.
- -b <channel>
- Set destination channel for bridged request.
- -B <channel>
- Set transit channel for bridged request (dual bridge).
- -b <channel>
- Set destination channel for bridged request.
- -B <channel>
- Set transit channel for bridged request. (dual bridge)
- -c
- Present output in CSV (comma separated variable) format. This is not available with all commands.
- -C <ciphersuite>
- The remote server authentication, integrity, and encryption algorithms to use for IPMIv2.0 lanplus connections. See table 22-19 in the IPMIv2.0 specification. The default is 3 which specifies RAKP-HMAC-SHA1 authentication, HMAC-SHA1-96 integrity, and AES-CBC-128 encryption algorithms.
- -d N
- Use device number N to specify the /dev/ipmiN (or /dev/ipmi/N or /dev/ipmidev/N) device to use for in-band BMC communication. Used to target a specific BMC on a multi-node, multi-BMC system through the ipmi device driver interface. Default is 0.
- -e <sol_escape_char>
- Use supplied character for SOL session escape character. The default is to use ~ but this can conflict with ssh sessions.
- -E
- The remote server password is specified by the environment variable IPMI_PASSWORD or IPMITOOL_PASSWORD. The IPMITOOL_PASSWORD takes precedence.
- -f <password_file>
- Specifies a file containing the remote server password. If this option is absent, or if password_file is empty, the password will default to NULL.
- -g
- Deprecated. Use: -o intelplus
- -h
- Get basic usage help from the command line.
- -H <address>
- Remote server address, can be IP address or hostname. This option is required for lan and lanplus interfaces.
- -I <interface>
- Selects IPMI interface to use. Supported interfaces that are compiled in are visible in the usage help output.
- -k <key>
- Use supplied Kg key for IPMIv2.0 authentication. The default is not to use any Kg key.
- -K
- Read Kg key from IPMI_KGKEY environment variable.
- -l <lun>
- Set destination lun for raw commands.
- -L <privlvl>
- Force session privilege level. Can be CALLBACK, USER, OPERATOR, ADMINISTRATOR. Default is ADMINISTRATOR. This value is ignored and always set to ADMINISTRATOR when combined with -t target address.
- -m <local_address>
- Set the local IPMB address. The local address defaults to 0x20 or is auto discovered on PICMG platforms when -m is not specified. There should be no need to change the local address for normal operation.
- -N <sec>
- Specify nr. of seconds between retransmissions of lan/lanplus messages. Defaults are 2 seconds for lan and 1 second for lanplus interfaces. Command raw uses fixed value of 15 seconds. Command sol uses fixed value of 1 second.
- -o <oemtype>
- Select OEM type to support. This usually involves minor hacks in place in the code to work around quirks in various BMCs from various manufacturers. Use -o list to see a list of current supported OEM types.
- -O <sel oem>
- Open selected file and read OEM SEL event descriptions to be used during SEL listings. See examples in contrib dir for file format.
- -p <port>
- Remote server UDP port to connect to. Default is 623.
- -P <password>
- Remote server password is specified on the command line. If supported it will be obscured in the process list. Note! Specifying the password as a command line option is not recommended.
- -R <count>
- Set the number of retries for lan/lanplus interface (default=4). Command raw uses fixed value of one try (no retries). Command hpm uses fixed value of 10 retries.
- -s
- Deprecated. Use: -o supermicro
- -S <sdr_cache_file>
- Use local file for remote SDR cache. Using a local SDR cache can drastically increase performance for commands that require knowledge of the entire SDR to perform their function. Local SDR cache from a remote system can be created with the sdr dump command.
- -t <target_address>
- Bridge IPMI requests to the remote target address. Default is 32. The -L privlvl option is always ignored and value set to ADMINISTRATOR.
- -T <address>
- Set transit address for bridge request (dual bridge).
- -T <transmit_address>
- Set transit address for bridge request. (dual bridge)
- -U <username>
- Remote server username, default is NULL user.
- -v
- Increase verbose output level. This option may be specified multiple times to increase the level of debug output. If given three times you will get hexdumps of all incoming and outgoing packets. Using it five times provides details on request and expected reply procesing. The hpm commands targetcap compprop abort upgstatus rollback rollbackstatus selftestresult increases the verbosity level
- -V
- Display version information.
- -y <hex key>
- Use supplied Kg key for IPMIv2.0 authentication. The key is expected in hexadecimal format and can be used to specify keys with non-printable characters. E.g. '-k PASSWORD' and '-y 50415353574F5244' are equivalent. The default is not to use any Kg key.
- -Y
- Prompt for the Kg key for IPMIv2.0 authentication.
- -z <size>
- Change Size of Communication Channel. (OEM)
SECURITY¶
There are several security issues be be considered before enabling the IPMI LAN interface. A remote station has the ability to control a system's power state as well as being able to gather certain platform information. To reduce vulnerability it is strongly advised that the IPMI LAN interface only be enabled in 'trusted' environments where system security is not an issue or where there is a dedicated secure 'management network'. Further it is strongly advised that you should not enable IPMI for remote access without setting a password, and that that password should not be the same as any other password on that system. When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface the new password is sent across the network as clear text. This could be observed and then used to attack the remote system. It is thus recommended that IPMI password management only be done over IPMIv2.0 lanplus interface or the system interface on the local station. For IPMI v1.5, the maximum password length is 16 characters. Passwords longer than 16 characters will be truncated. For IPMI v2.0, the maximum password length is 20 characters; longer passwords are truncated.COMMANDS¶
- help
- This can be used to get command-line help on ipmitool commands. It may
also be placed at the end of commands to get option usage help.
ipmitool help
bmc Deprecated. Use mc
channel Configure Management Controller channels
chassis Get chassis status and set power state
dcmi Data Center Management Interface
delloem Manage Dell OEM Extensions.
echo Used to echo lines to stdout in scripts
ekanalyzer run FRU-Ekeying analyzer using FRU files
event Send events to MC
exec Run list of commands from file
firewall Configure Firmware Firewall
fru Print built-in FRU and scan for FRU locators
fwum Update IPMC using Kontron OEM Firmware Update Manager
gendev Read/Write Device associated with Generic Device locators sdr
hpm Update HPM components using PICMG HPM.1 file
i2c Send an I2C Master Write-Read command and print response
ime Upgrade/Query Intel ME firmware
isol Configure and connect Intel IPMIv1.5 Serial-over-LAN
kontronoem Manage Kontron OEM Extensions
lan Configure LAN Channels
mc Management Controller status and global enables
pef Configure Platform Event Filtering (PEF)
picmg Run a PICMG/ATA extended command
power Shortcut to chassis power commands
raw Send a RAW IPMI request and print response
sdr Print Sensor Data Repository entries and readings
sel Print System Event Log (SEL)
sensor Print detailed sensor information
session Print session information
set Set runtime variable for shell and exec
shell Launch interactive IPMI shell
sol Configure and connect IPMIv2.0 Serial-over-LAN
spd Print SPD info from remote I2C device
sunoem Manage Sun OEM Extensions
tsol Configure and connect Tyan IPMIv1.5 Serial-over-LAN
user Configure Management Controller users
- channel
- authcap <channel number> <max priv>
- Displays information about the authentication capabilities of the selected channel at the specified privilege level.
- Possible privilege levels are:
-
- info [channel number]
- Displays information about the selected channel. If no channel is given it will display information about the currently used channel.
> ipmitool channel info
Channel 0xf info:
Channel Medium Type : System Interface
Channel Protocol Type : KCS
Session Support : session-less
Active Session Count : 0
Protocol Vendor ID : 7154
Channel Medium Type : System Interface
Channel Protocol Type : KCS
Session Support : session-less
Active Session Count : 0
Protocol Vendor ID : 7154
- getaccess <channel number> [<userid>]
Configure the given userid as the default on the given channel number. When the
given channel is subsequently used, the user is identified implicitly by the
given userid.
- setaccess <channel number> <userid> [<callin=on|off>]
- [<ipmi=on|off>]
[<link=on|off>] [<
privilege=level>]
- getciphers <ipmi|sol> [<channel>]
-
- chassis
- status
- Status information related to power, buttons, cooling, drives and faults.
- power
- status
- on
- off
- cycle
- reset
- diag
- soft
- identify [<seconds>|force]
-
Identify interval.
- policy
- What to do when power is restored.
- list
- Show available options.
- always-on
- previous
- always-off
- restart_cause
- Last restart cause.
- poh
- Get power on hours.
- bootdev
- none
- Do not change boot device order.
- pxe
- Force PXE boot.
- disk
- Force boot from default Hard-drive.
- safe
- Force boot from default Hard-drive, request Safe Mode.
- diag
- Force boot from Diagnostic Partition.
- cdrom
- Force boot from CD/DVD.
- bios
- Force boot into BIOS Setup.
- floppy
- Force boot from Floppy/primary removable media.
- bootparam
- force_pxe
- Force PXE boot
- force_disk
- Force boot from default Hard-drive
- force_safe
- Force boot from default Hard-drive, request Safe Mode
- force_diag
- Force boot from Diagnostic Partition
- force_cdrom
- Force boot from CD/DVD
- force_bios
- Force boot into BIOS Setup
- selftest
- dcmi
- discover
-
- power <command>
-
- reading
-
- get_limit
-
- set_limit <parameter> <value>
-
- Possible parameters/values are:
- action <No Action | Hard Power Off & Log Event to SEL | Log Event to SEL>
-
- limit <number in Watts>
-
- correction <number in milliseconds>
-
- sample <number in seconds>
-
- activate
-
- deactivate
-
- sensors
-
- asset_tag
-
- set_asset_tag <string>
-
- get_mc_id_string
-
- set_mc_id_string <string>
-
- thermalpolicy [<get | set>]
-
- The commands are:
- Get <entityID> <instanceID>
-
- Set <entityID> <instanceID>
-
- get_temp_reading
-
- get_conf_param
-
- set_conf_param <parameters>
-
- The Configuration Parameters are:
- activate_dhcp
-
- dhcp_config
-
- init
-
- timeout
-
- retry
-
- oob_discover
-
- delloem
- setled {b:d.f} {state..}
online | present | hotspare | identify | rebuilding |
fault | predict | critical | failed
- lcd
- lcd set mode
- lcd set lcdqualifier
- lcd set errordisplay
- lcd info
- lcd set vkvm
{active}|{inactive}
Allows you to set the vKVM status to active or inactive. When it is active and
session is in progress, a message appears on LCD.
- lcd status
- mac
- mac list
-
- mac get
<NIC number>
Displays the selected NICs MAC address and status.
- lan
- lan set
<Mode>
Sets the NIC selection mode (dedicated, shared with lom1, shared with
lom2,shared with lom3,shared with lom4,shared with failover lom1,shared with
failover lom2,shared with failover lom3,shared with failover lom4,shared with
Failover all loms, shared with Failover None).
- lan get
-
- lan get active
-
- powermonitor
- powermonitor clear cumulativepower
- powermonitor clear peakpower
- powermonitor powerconsumption
<watt>|<btuphr>
Displays the power consumption in watt or btuphr.
- powermonitor powerconsumptionhistory
<watt>|<btuphr>
Displays the power consumption history in watt or btuphr.
- powermonitor getpowerbudget
<watt>|<btuphr>
Displays the power cap in watt or btuphr.
- powermonitor setpowerbudget
<val><watt|btuphr|percent>
Allows you to set the power cap in watt, BTU/hr or percentage.
- powermonitor enablepowercap
- powermonitor disablepowercap
- vFlash info Card
- echo
- For echoing lines to stdout in scripts.
- ekanalyzer <command> <xx=filename1> <xx=filename2> [<rc=filename3>] ...
These binary files can be generated from command:
ipmitool fru read <id> <filename>
- print [<carrier | power | all>]
- carrier (default) <oc=filename1> <oc=filename2> ...
-
Example:
> ipmitool ekanalyzer print carrier oc=fru oc=carrierfru
From Carrier file: fru
Number of AMC bays supported by Carrier: 2
AMC slot B1 topology:
Port 0 =====> On Carrier Device ID 0, Port 16
Port 1 =====> On Carrier Device ID 0, Port 12
Port 2 =====> AMC slot B2, Port 2
AMC slot B2 topology:
Port 0 =====> On Carrier Device ID 0, Port 3
Port 2 =====> AMC slot B1, Port 2
*-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
From Carrier file: carrierfru
On Carrier Device ID 0 topology:
Port 0 =====> AMC slot B1, Port 4
Port 1 =====> AMC slot B1, Port 5
Port 2 =====> AMC slot B2, Port 6
Port 3 =====> AMC slot B2, Port 7
AMC slot B1 topology:
Port 0 =====> AMC slot B2, Port 0
AMC slot B1 topology:
Port 1 =====> AMC slot B2, Port 1
Number of AMC bays supported by Carrier: 2
- power <xx=filename1> <xx=filename2> ...
-
- all <xx=filename> <xx=filename> ...
-
- frushow <xx=filename>
-
- summary [<match | unmatch | all>]
- match (default) <xx=filename> <xx=filename> ...
-
> ipmitool ekanalyzer summary match oc=fru b1=amcB1 a2=amcA2
On-Carrier Device vs AMC slot B1
AMC slot B1 port 0 ==> On-Carrier Device 0 port 16
Matching Result
- From On-Carrier Device ID 0
-Channel ID 11 || Lane 0: enable
-Link Type: AMC.2 Ethernet
-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
-Link Group ID: 0 || Link Asym. Match: exact match
- To AMC slot B1
-Channel ID 0 || Lane 0: enable
-Link Type: AMC.2 Ethernet
-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
-Link Group ID: 0 || Link Asym. Match: exact match
*-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
AMC slot B1 port 1 ==> On-Carrier Device 0 port 12
Matching Result
- From On-Carrier Device ID 0
-Channel ID 6 || Lane 0: enable
-Link Type: AMC.2 Ethernet
-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
-Link Group ID: 0 || Link Asym. Match: exact match
- To AMC slot B1
-Channel ID 1 || Lane 0: enable
-Link Type: AMC.2 Ethernet
-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
-Link Group ID: 0 || Link Asym. Match: exact match
*-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
On-Carrier Device vs AMC slot A2
AMC slot A2 port 0 ==> On-Carrier Device 0 port 3
Matching Result
- From On-Carrier Device ID 0
-Channel ID 9 || Lane 0: enable
-Link Type: AMC.2 Ethernet
-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
-Link Group ID: 0 || Link Asym. Match: exact match
- To AMC slot A2
-Channel ID 0 || Lane 0: enable
-Link Type: AMC.2 Ethernet
-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
-Link Group ID: 0 || Link Asym. Match: exact match
*-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
AMC slot B1 vs AMC slot A2
AMC slot A2 port 2 ==> AMC slot B1 port 2
Matching Result
- From AMC slot B1
-Channel ID 2 || Lane 0: enable
-Link Type: AMC.3 Storage
-Link Type extension: Serial Attached SCSI (SAS/SATA)
-Link Group ID: 0 || Link Asym. Match: FC or SAS interface {exact match}
- To AMC slot A2
-Channel ID 2 || Lane 0: enable
-Link Type: AMC.3 Storage
-Link Type extension: Serial Attached SCSI (SAS/SATA)
-Link Group ID: 0 || Link Asym. Match: FC or SAS interface {exact match}
*-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
- unmatch <xx=filename> <xx=filename> ...
-
- all <xx=filename> <xx=filename> ...
-
- event
- <predefined event number N>
-
- file <filename>
-
- <sensorid> <list>
-
> ipmitool -I open event "PS 2T Fan Fault" list
Finding sensor PS 2T Fan Fault... ok
Sensor States:
State Deasserted
State Asserted
Sensor State Shortcuts:
present absent
assert deassert
limit nolimit
fail nofail
yes no
on off
up down
State Deasserted
State Asserted
present absent
assert deassert
limit nolimit
fail nofail
yes no
on off
up down
- <sensorid> <sensor state> [<direction>]
- Generate a custom event based on existing sensor information. The optional event direction can be either assert (the default) or deassert.
> ipmitool event "PS 2T Fan Fault" "State Asserted"
Finding sensor PS 2T Fan Fault... ok
0 | Pre-Init Time-stamp | Fan PS 2T Fan Fault | State Asserted
0 | Pre-Init Time-stamp | Fan PS 2T Fan Fault | State Asserted
> ipmitool event "PS 2T Fan Fault" "State Deasserted"
Finding sensor PS 2T Fan Fault... ok
0 | Pre-Init Time-stamp | Fan PS 2T Fan Fault | State Desserted
0 | Pre-Init Time-stamp | Fan PS 2T Fan Fault | State Desserted
- exec <filename>
Execute ipmitool commands from filename. Each line
is a complete command. The syntax of the commands are defined by the COMMANDS
section in this manpage. Each line may have an optional comment at the end of
the line, delimited with a `#' symbol.
e.g., a command file with two lines:
sdr list # get a list of sdr records
sel list # get a list of sel records
- firewall
-
- info [<Parms as described above>]
-
- info [<channel H>] [<lun L>]
-
- info [<channel H>] [<lun L> [ <netfn N> ]
-
- info [<channel H>] [<lun L> [ <netfn N> [< command C] ]]
-
- info [<channel H>] [<lun L> [ <netfn N> [< command C [<subfn S>]]]]
-
- enable [<Parms as described above>]
-
- disable [<Parms as described above>] [force]
-
- reset [<Parms as described above>]
-
- fru
- read <fru id> <fru file>
-
- write <fru id> <fru file>
-
- upgEkey <fru id> <fru file>
-
- edit <fru id>
-
- edit <fru id> field <section> <index> <string>
-
- fru id is the digit ID of the FRU (see output of 'fru print').
-
- <section> is a string which refers to FRU Inventory Information
- Storage Areas and may be refer to:
- c FRU Inventory Chassis Info Area
-
- b FRU Inventory Board Info Area
-
- p FRU Inventory Product Info Area
-
- <index> specifies the field number. Field numbering starts on the first 'english text' field type. For instance in the < board> info area field '0' is < Board Manufacturer> and field '2' is < Board Serial Number>; see IPMI Platform Management FRU Information Storage Definition v1.0 R1.1 for field locations.
-
- <string> must be the same length as the string being replaced and must be 8-bit ASCII (0xCx).
-
- edit <fru id> oem iana <record> < format> [<args>]
-
- fwum
Update IPMC using Kontron OEM Firmware Update Manager.
- info
-
- status
-
- download <filename>
-
- upgrade [filename]
-
- rollback
-
- tracelog
-
- gendev
- list
- List All Generic Device Locators.
- read <sdr name> <file>
- Read to file eeprom specify by Generic Device Locators.
- write <sdr name> <file>
- Write from file eeprom specify by Generic Device Locators
- hpm
PICMG HPM.1 Upgrade Agent
- check
-
- check <filename>
-
- download <filename>
-
- upgrade <filename> [all] [component <x>] [ activate]
-
- all
-
- component <x>
-
- activate
-
- activate
-
- targetcap
-
- compprop <id> <select>
-
- abort
-
- upgstatus
-
- rollback
-
- rollbackstatus
-
- selftestresult
-
- i2c <i2caddr> <read bytes> [<write data>]
-
- ime
- help
-
- info
- Displays information about the Manageability Engine (ME)
- update <file>
-
- rollback
- Perform manual rollback of the ME firmware
- isol
- info
-
- set <parameter> <value>
-
- Valid parameters and values are:
-
- enabled
- true, false.
- privilege-level
- user, operator, admin, oem.
- bit-rate
- 9.6, 19.2, 38.4, 57.6, 115.2.
- activate
-
Special escape sequences are provided to control the SOL session:
Note that escapes are only recognized immediately after newline.
- ~. Terminate connection
- ~^Z Suspend ipmitool
- ~^X Suspend ipmitool, but don't restore tty on restart
- ~B Send break
- ~~ Send the escape character by typing it twice
- ~? Print the supported escape sequences
- kontronoem
OEM commands specific to Kontron devices.
- setsn
-
- setmfgdate
-
- nextboot <boot device>
-
- lan
These commands will allow you to configure IPMI LAN channels with network
information so they can be used with the ipmitool lan and
lanplus interfaces. NOTE: To determine on which channel the LAN
interface is located, issue the `channel info number' command until you
come across a valid 802.3 LAN channel. For example:
> ipmitool -I open channel info 1
Channel 0x1 info:
Channel Medium Type : 802.3 LAN
Channel Protocol Type : IPMB-1.0
Session Support : session-based
Active Session Count : 8
Protocol Vendor ID : 7154
Channel Medium Type : 802.3 LAN
Channel Protocol Type : IPMB-1.0
Session Support : session-based
Active Session Count : 8
Protocol Vendor ID : 7154
- print [<channel>]
-
- set <channel number> <command> <parameter>
-
- ipaddr <x.x.x.x>
-
- netmask <x.x.x.x>
-
- macaddr <xx:xx:xx:xx:xx:xx>
-
- defgw ipaddr <x.x.x.x>
-
- defgw macaddr <xx:xx:xx:xx:xx:xx>
-
- bakgw ipaddr <x.x.x.x>
-
- bakgw macaddr <xx:xx:xx:xx:xx:xx>
-
- password <pass>
-
- snmp <community string>
-
- user
-
- access <on|off>
-
- alert <on|off>
-
- ipsrc <source>
-
- arp respond <on|off>
-
- arp generate <on|off>
-
- arp interval <seconds>
-
- vlan id <off|id>
-
- vlan priority <priority>
-
- auth <level,...> <type,...>
-
- cipher_privs <privlist>
-
- alert print [<channel>] [<alert destination>]
-
- alert set <channel number> <alert destination> < command> <parameter>
-
- ipaddr <x.x.x.x>
-
- macaddr <xx:xx:xx:xx:xx:xx>
-
- gateway <default | backup>
-
- ack <on | off>
-
- type <pet | oem1 | oem2>
-
- time <seconds>
-
- retry <number>
-
- stats get [<channel number>]
-
- stats clear [<channel number>]
-
- mc | bmc
- reset <warm|cold>
-
- guid
- Display the Management Controller Globally Unique IDentifier.
- info
-
- watchdog
-
- get
-
- reset
-
- off
-
- selftest
-
- getenables
-
- setenables <option>=[on|off]
-
- recv_msg_intr
-
- event_msg_intr
-
- event_msg
-
- system_event_log
-
- oem0
-
- oem1
-
- oem2
-
- getsysinfo <argument>
- Retrieves system info from bmc for given argument.
- setsysinfo <argument> <string>
- Stores system info string to bmc for given argument
- Possible arguments are:
- primary_os_name Primary Operating System Name
- os_name Operating System Name
- system_name System Name of Server
- delloem_os_version Running version of operating system
- delloem_URL URL of BMC Webserver
- chassis
- status
-
- poh
-
- identify <interval>
- Control the front panel identify light. Default interval is 15 seconds. Use 0 to turn off. Use "force" to turn on indefinitely.
- restart_cause
-
- selftest
-
- policy
-
- list
-
- always-on
-
- previous
-
- always-off
-
- power
-
- status
-
- on
-
- off
-
- cycle
-
- reset
-
- diag
-
- soft
-
- bootdev <device> [<clear-cmos=yes|no>] [< options=help,...>]
-
- Currently supported values for <device> are:
- none
-
- pxe
-
- disk
-
- safe
-
- diag
-
- cdrom
-
- bios
-
- floppy
-
- bootparam
-
- get <param #>
-
- set <device> [<options=help,...>]
-
- Currently supported bootparam device settings are:
- force_pxe
-
- force_disk
-
- force_safe
-
- force_diag
-
- force_cdrom
-
- force_bios
-
- Currently supported bootparam options settings are associated with BMC Boot Valid Bit Clearing and are as follows: Any option can be prefixed with "no-" to invert the sense of the operation.
- PEF
-
- timeout
-
- watchdog
-
- reset
-
- power
-
- pef
- info
-
- status
-
- policy
-
- list
-
- picmg <properties>
Run a PICMG/ATA extended command. Get PICMG properties may be used to obtain and
print Extension major version information, PICMG identifier, FRU Device ID and
Max FRU Device ID.
- addrinfo
-
- frucontrol <fru id> <options>
-
- 0x00 - Cold Reset
-
- 0x01 - Warm Reset
-
- 0x02 - Graceful Reboot
-
- 0x03 - Issue Diagnostic Interrupt
-
- 0x04 - Quiesce [AMC only]
-
- 0x05-0xFF - Cold Reset
-
- activate <fru id>
-
- deactivate <fru id>
-
- policy get <fru id>
-
- policy set <fru id> <lockmask> < lock>
-
- portstate set|getall|getgranted|getdenied < parameters>
-
- power <chassis power command>
-
- raw <netfn> <cmd> [<data>]
-
- sdr
- get <id> ... [<id>]
-
- info
-
- type [<sensor type>]
-
This command will display all records from the SDR Repository of a specific
type. Run with type list (or simply with no type) to see the list
of available types. For example to query for all Temperature sensors:
> ipmitool sdr type Temperature
- list | elist [<all|full|compact|event| mcloc|fru| generic>]
-
- Valid types are:
- all
-
- full
-
- compact
-
- event
-
- mcloc
-
- fru
-
- generic
-
- entity <id>[.<instance>]
-
- dump <file>
-
- fill sensors
-
- fill file <filename>
-
- sel
-
- info
-
- clear
-
- list | elist
-
- <count> | first <count>
-
- last <count>
-
- delete <SEL Record ID> ... <SEL Record ID>
-
- add <filename ID>
-
- get <SEL Record ID>
-
- save <file>
- Save SEL records to a text file that can be fed back into the event file ipmitool command. This can be useful for testing Event generation by building an appropriate Platform Event Message file based on existing events. Please see the available help for the 'event file ...' command for a description of the format of this file.
- writeraw <file>
- Save SEL records to a file in raw, binary format. This file can be fed back to the sel readraw ipmitool command for viewing.
- readraw <file>
- Read and display SEL records from a binary file. Such a file can be created using the sel writeraw ipmitool command.
- time
- get
-
- set <time string>
-
- sensor
- list
-
- get <id> ... [<id>]
-
- thresh <id> <threshold> <setting>
-
- Valid thresholds are:
-
- thresh <id> lower <lnr> <lcr> < lnc>
- This allows you to set all lower thresholds for a sensor at the same time. The sensor is specified by name and the thresholds are listed in order of Lower Non-Recoverable, Lower Critical, and Lower Non-Critical.
- thresh <id> upper <unc> <ucr> < unr>
- This allows you to set all upper thresholds for a sensor at the same time. The sensor is specified by name and the thresholds are listed in order of Upper Non-Critical, Upper Critical, and Upper Non-Recoverable.
- session
- info <active|all|id 0xnnnnnnnn|handle 0xnn>
-
- set
- hostname <host>
- Session hostname.
- username <user>
- Session username.
- password <pass>
- Session password.
- privlvl <level>
- Session privilege level force.
- authtype <type>
- Authentication type force.
- localaddr <addr>
- Local IPMB address.
- targetaddr <addr>
- Remote target IPMB address.
- port <port>
- Remote RMCP port.
- csv [level]
- Enable output in comma separated format. Affects following commands: user, channel, isol, sunoem, sol, sensor, sdr, sel, session.
- verbose [verbose]
- Verbosity level.
- shell
This command will launch an interactive shell which you
can use to send multiple ipmitool commands to a BMC and see the responses.
This can be useful instead of running the full ipmitool command each time.
Some commands will make use of a Sensor Data Record cache and you will see
marked improvement in speed if these commands are able to reuse the same cache
in a shell session. LAN sessions will send a periodic keepalive command to
keep the IPMI session from timing out.
- sol
- info [<channel number>]
-
- payload <enable | disable | status> <channel number> <userid>
-
- set <parameter> <value> [<channel>]
-
- Valid parameters and values are:
-
- set-in-progress
- set-complete set-in-progress commit-write
- enabled
- true false
- force-encryption
- true false
- force-authentication
- true false
- privilege-level
- user operator admin oem
- character-accumulate-level
- Decimal number given in 5 milliseconds increments
- character-send-threshold
- Decimal number
- retry-count
- Decimal number. 0 indicates no retries after packet is transmitted.
- retry-interval
- Decimal number in 10 millisecond increments. 0 indicates that retries should be sent back to back.
- non-volatile-bit-rate
- serial, 19.2, 38.4, 57.6, 115.2. Setting this value to serial indicates that the BMC should use the setting used by the IPMI over serial channel.
- volatile-bit-rate
- serial, 19.2, 38.4, 57.6, 115.2. Setting this value to serial indicates that the BMC should use the setting used by the IPMI over serial channel.
- activate [usesolkeepalive | nokeepalive] [instance=<number>]
-
Special escape sequences are provided to control the SOL session:
Note that escapes are only recognized immediately after newline.
- ~. Terminate connection
- ~^Z Suspend ipmitool
- ~^X Suspend ipmitool, but don't restore tty on restart
- ~B Send break
- ~~ Send the escape character by typing it twice
- ~? Print the supported escape sequences
- deactivate [instance=<number>]
-
- spd <i2cbus> <i2caddr> [<channel>] [<axread>]
-
- sunoem
- cli [<command string> ...]
-
- led
These commands provide a way to get and set the status of LEDs on a Sun
Microsystems server. Use 'sdr list generic' to get a list of devices that are
controllable LEDs. The ledtype parameter is optional and not necessary
to provide on the command line unless it is required by hardware.
- get <sensorid> [<ledtype>]
- Get status of a particular LED described by a Generic Device Locator record in the SDR. A sensorid of all will get the status of all available LEDS.
- set <sensorid> <ledmode> [<ledtype>]
- Set status of a particular LED described by a Generic Device Locator record in the SDR. A sensorid of all will set the status of all available LEDS to the specified ledmode and ledtype.
- LED Mode is required for set operations:
-
- LED Type is optional:
-
- nacname <ipmi name>
-
- ping <count> [<q>]
-
- getval <property name>
-
- setval <property name> <property value> [< timeout>]
-
- sshkey
- set <userid> <keyfile>
- This command will allow you to specify an SSH key to use for a particular user on the Service Processor. This key will be used for CLI logins to the SP and not for IPMI sessions. View available users and their userids with the 'user list' command.
- del <userid>
- This command will delete the SSH key for a specified userid.
- version
-
- getfile <file identifier> <destination file name>
-
File identifiers:
SSH_PUBKEYS
DIAG_PASSED
DIAG_FAILED
DIAG_END_TIME
DIAG_INVENTORY
DIAG_TEST_LOG
DIAG_START_TIME
DIAG_UEFI_LOG
DIAG_TEST_LOG
DIAG_LAST_LOG
DIAG_LAST_CMD
- getbehavior <feature identifier>
-
Feature identifiers:
SUPPORTS_SIGNED_PACKAGES
REQUIRES_SIGNED_PACKAGES
- tsol
This command allows Serial-over-LAN sessions to be established with Tyan
IPMIv1.5 SMDC such as the M3289 or M3290. The default command run with no
arguments will establish default SOL session back to local IP address.
Optional arguments may be supplied in any order.
- <ipaddr>
-
- port=NUM
-
- ro|rw
-
- user
- summary
-
- list
-
- set
- name <userid> <username>
-
- password <userid> [<password>]
-
- disable <userid>
-
- enable <userid>
-
- priv <userid> <privilege level> [<channel number>]
-
- test <userid> <16|20> [<password>]
-
OPEN INTERFACE¶
The ipmitool open interface utilizes the OpenIPMI kernel device driver. This driver is present in all modern 2.4 and all 2.6 kernels and it should be present in recent Linux distribution kernels. There are also IPMI driver kernel patches for different kernel versions available from the OpenIPMI homepage. The required kernel modules is different for 2.4 and 2.6 kernels. The following kernel modules must be loaded on a 2.4-based kernel in order for ipmitool to work:- ipmi_msghandler
- Incoming and outgoing message handler for IPMI interfaces.
- ipmi_kcs_drv
- An IPMI Keyboard Controler Style (KCS) interface driver for the message handler.
- ipmi_devintf
- Linux character device interface for the message handler.
- ipmi_msghandler
- Incoming and outgoing message handler for IPMI interfaces.
- ipmi_si
- An IPMI system interface driver for the message handler. This module supports various IPMI system interfaces such as KCS, BT, SMIC, and even SMBus in 2.6 kernels.
- ipmi_devintf
- Linux character device interface for the message handler.
BMC INTERFACE¶
The ipmitool bmc interface utilizes the bmc device driver as provided by Solaris 10 and higher. In order to force ipmitool to make use of this interface you can specify it on the command line: ipmitool -I bmc <command> The following files are associated with the bmc driver:- /platform/i86pc/kernel/drv/bmc
- 32-bit ELF kernel module for the bmc driver.
- /platform/i86pc/kernel/drv/amd64/bmc
- 64-bit ELF kernel module for the bmc driver.
- /dev/bmc
- Character device node used to communicate with the bmc driver.
LIPMI INTERFACE¶
The ipmitool lipmi interface uses the Solaris 9 IPMI kernel device driver. It has been superceeded by the bmc interface on Solaris 10. You can tell ipmitool to use this interface by specifying it on the command line. ipmitool -I lipmi <expression>LAN INTERFACE¶
The ipmitool lan interface communicates with the BMC over an Ethernet LAN connection using UDP under IPv4. UDP datagrams are formatted to contain IPMI request/response messages with a IPMI session headers and RMCP headers. IPMI-over-LAN uses version 1 of the Remote Management Control Protocol (RMCP) to support pre-OS and OS-absent management. RMCP is a request-response protocol delivered using UDP datagrams to port 623. The LAN interface is an authentication multi-session connection; messages delivered to the BMC can (and should) be authenticated with a challenge/response protocol with either straight password/key or MD5 message-digest algorithm. ipmitool will attempt to connect with administrator privilege level as this is required to perform chassis power functions. You can tell ipmitool to use the lan interface with the -I lan option: ipmitool -I lan -H <hostname> [ -U <username>] [-P <password>] <command> A hostname must be given on the command line in order to use the lan interface with ipmitool. The password field is optional; if you do not provide a password on the command line, ipmitool will attempt to connect without authentication. If you specify a password it will use MD5 authentication if supported by the BMC and straight password/key otherwise, unless overridden with a command line option.LANPLUS INTERFACE¶
Like the lan interface, the lanplus interface communicates with the BMC over an Ethernet LAN connection using UDP under IPv4. The difference is that the lanplus interface uses the RMCP+ protocol as described in the IPMI v2.0 specification. RMCP+ allows for improved authentication and data integrity checks, as well as encryption and the ability to carry multiple types of payloads. Generic Serial Over LAN support requires RMCP+, so the ipmitool sol activate command requires the use of the lanplus interface. RMCP+ session establishment uses a symmetric challenge-response protocol called RAKP ( Remote Authenticated Key-Exchange Protocol) which allows the negotiation of many options. ipmitool does not yet allow the user to specify the value of every option, defaulting to the most obvious settings marked as required in the v2.0 specification. Authentication and integrity HMACS are produced with SHA1, and encryption is performed with AES-CBC-128. Role-level logins are not yet supported. ipmitool must be linked with the OpenSSL library in order to perform the encryption functions and support the lanplus interface. If the required packages are not found it will not be compiled in and supported. You can tell ipmitool to use the lanplus interface with the -I lanplus option: ipmitool -I lanplus -H <hostname> [ -U < username>] [ -P <password>] < command> A hostname must be given on the command line in order to use the lan interface with ipmitool. With the exception of the -A and -C options the rest of the command line options are identical to those available for the lan interface. The -C option allows you specify the authentication, integrity, and encryption algorithms to use for for lanplus session based on the cipher suite ID found in the IPMIv2.0 specification in table 22-19. The default cipher suite is 3 which specifies RAKP-HMAC-SHA1 authentication, HMAC-SHA1-96 integrity, and AES-CBC-128 encryption algorightms.FREE INTERFACE¶
The ipmitool free interface utilizes the FreeIPMI libfreeipmi drivers. You can tell ipmitool to use the FreeIPMI interface with the -I option: ipmitool -I free <command>IMB INTERFACE¶
The ipmitool imb interface supports the Intel IMB (Intel Inter-module Bus) Interface through the /dev/imb device. You can tell ipmitool to use the IMB interface with the -I option: ipmitool -I imb <command>EXAMPLES¶
- Example 1: Listing remote sensors
-
> ipmitool -I lan -H 1.2.3.4 -f passfile sdr list
- Example 2: Displaying status of a remote sensor
-
> ipmitool -I lan -H 1.2.3.4 -f passfile sensor get "Baseboard
1.25V"
- Example 3: Displaying the power status of a remote chassis
-
> ipmitool -I lan -H 1.2.3.4 -f passfile chassis power status
- Example 4: Controlling the power on a remote chassis
-
> ipmitool -I lan -H 1.2.3.4 -f passfile chassis power on
AUTHOR¶
Duncan Laurie <duncan@iceblink.org>SEE ALSO¶
- IPMItool Homepage
- http://ipmitool.sourceforge.net
- Intelligent Platform Management Interface Specification
- http://www.intel.com/design/servers/ipmi
- OpenIPMI Homepage
- http://openipmi.sourceforge.net
- FreeIPMI Homepage
- http://www.gnu.org/software/freeipmi/
Duncan Laurie |